我的书签
添加书签
移除书签This page documents the networking communication between components in the Longhorn system. Using this information, users can write Kubernetes NetworkPolicy to control the inbound/outbound traffic to/from Longhorn components. This helps to reduce the damage when a malicious pod breaks into the in-cluster network.
We have provided some NetworkPolicy example yamls at . Note that depending on the deployed CNI, not all Kubernetes clusters support NetworkPolicy. See for more detail.
Longhorn Manager
Ingress:
Egress:
| To | Port | Protocol |
|---|---|---|
Other Longhorn Manager | 9500 | TCP |
Instance Manager | 8500; 10000-30000 | TCP |
Backing Image Manager | 8000; 8001 | TCP |
External Backupstore | User defined | TCP |
Kubernetes API server | Kubernetes API server port | TCP |
UI
ingress:
Users defined
egress:
| To | Port | Protocol |
|---|---|---|
Longhorn Manager | 9500 | TCP |
Instance Manager
ingress
| From | Port | Protocol |
|---|---|---|
Longhorn Manager | 8500; 10000-30000 | TCP |
Other Instance Manager | 10000-30000 | TCP |
| 3260 | TCP | |
Backing Image Manager | 10000-30000 | TCP |
egress:
| To | Port | Protocol |
|---|---|---|
Other Instance Manager | 10000-30000 | TCP |
Backing Image Manager | 8002 | TCP |
External Backupstore | User defined | TCP |
ingress
None
egress:
Additional Info
CSI sidecar (csi-attacher, csi-provisioner, csi-resizer, csi-snapshotter)
ingress:
None
egress:
| To | Port | Protocol |
|---|---|---|
Kubernetes API server | Kubernetes API server port | TCP |
Additional Info
CSI sidecar pods communitate with Longhorn CSI plugin pods over the Unix Domain Socket at <Kuberlet-Directory>/plugins/driver.longhorn.io/csi.sock
Driver deployer
ingress:
None
egress:
| To | Port | Protocol |
|---|---|---|
| 9500 | TCP | |
Kubernetes API server | Kubernetes API server port | TCP |
Engine Image
ingress:
None
egress:
None
ingress:
| From | Port | Protocol |
|---|---|---|
Longhorn Manager | 8000 | TCP |
Other Backing Image Manager | 30001-31000 | TCP |
egress:
| To | Port | Protocol |
|---|---|---|
Instance Manager | 10000-30000 | TCP |
Other Backing Image Manager | 30001-31000 | TCP |
Backing Image Data Source
ingress:
egress:
| To | Port | Protocol |
|---|---|---|
Instance Manager | 10000-30000 | TCP |
User provided server IP to download the images from | user defined | TCP |
Share Manager
ingress
| From | Port | Protocol |
|---|---|---|
Node in the cluster | 2049 | TCP |
egress:
Backup/Snapshot Recurring Job Pod
ingress:
None
egress:
| To | Port | Protocol |
|---|---|---|
Longhorn Manager | 9500 | TCP |
ingress:
None
egress:
| To | Port | Protocol |
|---|---|---|
Kubernetes API server | TCP |
Discover Proc Kubelet Cmdline
ingress:
None
egress:
None
Origional GitHub issue: https://github.com/longhorn/longhorn/issues/1805
