| Jan Schär | 0f8ce4c | 2025-09-04 13:27:50 +0200 | [diff] [blame] | 1 | // Copyright The Monogon Project Authors. |
| 2 | // SPDX-License-Identifier: Apache-2.0 |
| 3 | |
| 4 | package allocs |
| 5 | |
| 6 | import ( |
| 7 | "strconv" |
| 8 | ) |
| 9 | |
| 10 | // Port is a TCP and/or UDP port number reserved for and used by Metropolis |
| 11 | // node code. |
| 12 | type Port uint16 |
| 13 | |
| 14 | const ( |
| 15 | // PortCuratorService is the TCP port on which the Curator listens for gRPC |
| 16 | // calls and services Management/AAA/Curator RPCs. |
| 17 | PortCuratorService Port = 7835 |
| 18 | // PortConsensus is the TCP port on which etcd listens for peer traffic. |
| 19 | PortConsensus Port = 7834 |
| 20 | // PortDebugService is the TCP port on which the debug service serves gRPC |
| 21 | // traffic. This is only available in debug builds. |
| 22 | PortDebugService Port = 7837 |
| 23 | // PortWireGuard is the UDP port on which the Wireguard Kubernetes network |
| 24 | // overlay listens for incoming peer traffic. |
| 25 | PortWireGuard Port = 7838 |
| 26 | // PortNodeManagement is the TCP port on which the node-local management service |
| 27 | // serves gRPC traffic for NodeManagement. |
| 28 | PortNodeManagement Port = 7839 |
| 29 | // PortMetrics is the TCP port on which the Metrics Service exports |
| 30 | // Prometheus-compatible metrics for this node, secured using TLS and the |
| 31 | // Cluster/Node certificates. |
| 32 | PortMetrics Port = 7840 |
| 33 | // PortMetricsNodeListener is the TCP port on which the Prometheus node_exporter |
| 34 | // runs, bound to 127.0.0.1. The Metrics Service proxies traffic to it from the |
| 35 | // public PortMetrics. |
| 36 | PortMetricsNodeListener Port = 7841 |
| 37 | // PortMetricsEtcdListener is the TCP port on which the etcd exporter |
| 38 | // runs, bound to 127.0.0.1. The metrics service proxies traffic to it from the |
| 39 | // public PortMetrics. |
| 40 | PortMetricsEtcdListener Port = 7842 |
| 41 | // PortMetricsKubeSchedulerListener is the TCP port on which the proxy for |
| 42 | // the kube-scheduler runs, bound to 127.0.0.1. The metrics service proxies |
| 43 | // traffic to it from the public PortMetrics. |
| 44 | PortMetricsKubeSchedulerListener Port = 7843 |
| 45 | // PortMetricsKubeControllerManagerListener is the TCP port on which the |
| 46 | // proxy for the controller-manager runs, bound to 127.0.0.1. The metrics |
| 47 | // service proxies traffic to it from the public PortMetrics. |
| 48 | PortMetricsKubeControllerManagerListener Port = 7844 |
| 49 | // PortMetricsKubeAPIServerListener is the TCP port on which the |
| 50 | // proxy for the api-server runs, bound to 127.0.0.1. The metrics |
| 51 | // service proxies traffic to it from the public PortMetrics. |
| 52 | PortMetricsKubeAPIServerListener Port = 7845 |
| 53 | // PortMetricsContainerdListener is the TCP port on which the |
| 54 | // containerd metrics endpoint, bound to 127.0.0.1, is exposed. |
| 55 | PortMetricsContainerdListener Port = 7846 |
| 56 | // PortKubernetesAPI is the TCP port on which the Kubernetes API is |
| 57 | // exposed. |
| 58 | PortKubernetesAPI Port = 6443 |
| 59 | // PortKubernetesAPIWrapped is the TCP port on which the Metropolis |
| 60 | // authenticating proxy for the Kubernetes API is exposed. |
| 61 | PortKubernetesAPIWrapped Port = 6444 |
| 62 | // PortKubernetesWorkerLocalAPI is the TCP port on which Kubernetes worker nodes |
| 63 | // run a loadbalancer to access the cluster's API servers before cluster |
| 64 | // networking is available. This port is only bound to 127.0.0.1. |
| 65 | PortKubernetesWorkerLocalAPI Port = 6445 |
| 66 | // PortDebugger is the port on which the delve debugger runs (on debug |
| 67 | // builds only). Not to be confused with PortDebugService. |
| 68 | PortDebugger Port = 2345 |
| 69 | ) |
| 70 | |
| 71 | var SystemPorts = []Port{ |
| 72 | PortCuratorService, |
| 73 | PortConsensus, |
| 74 | PortDebugService, |
| 75 | PortWireGuard, |
| 76 | PortNodeManagement, |
| 77 | PortMetrics, |
| 78 | PortMetricsNodeListener, |
| 79 | PortMetricsEtcdListener, |
| 80 | PortMetricsKubeSchedulerListener, |
| 81 | PortMetricsKubeControllerManagerListener, |
| 82 | PortMetricsKubeAPIServerListener, |
| 83 | PortMetricsContainerdListener, |
| 84 | PortKubernetesAPI, |
| 85 | PortKubernetesAPIWrapped, |
| 86 | PortKubernetesWorkerLocalAPI, |
| 87 | PortDebugger, |
| 88 | } |
| 89 | |
| 90 | func (p Port) String() string { |
| 91 | switch p { |
| 92 | case PortCuratorService: |
| 93 | return "curator" |
| 94 | case PortConsensus: |
| 95 | return "consensus" |
| 96 | case PortDebugService: |
| 97 | return "debug" |
| 98 | case PortWireGuard: |
| 99 | return "wireguard" |
| 100 | case PortNodeManagement: |
| 101 | return "node-mgmt" |
| 102 | case PortMetrics: |
| 103 | return "metrics" |
| 104 | case PortMetricsNodeListener: |
| 105 | return "metrics-node-exporter" |
| 106 | case PortMetricsEtcdListener: |
| 107 | return "metrics-etcd" |
| 108 | case PortMetricsKubeSchedulerListener: |
| 109 | return "metrics-kubernetes-scheduler" |
| 110 | case PortMetricsKubeControllerManagerListener: |
| 111 | return "metrics-kubernetes-controller-manager" |
| 112 | case PortMetricsKubeAPIServerListener: |
| 113 | return "metrics-kubernetes-api-server" |
| 114 | case PortMetricsContainerdListener: |
| 115 | return "metrics-containerd" |
| 116 | case PortKubernetesAPI: |
| 117 | return "kubernetes-api" |
| 118 | case PortKubernetesAPIWrapped: |
| 119 | return "kubernetes-api-wrapped" |
| 120 | case PortKubernetesWorkerLocalAPI: |
| 121 | return "kubernetes-worker-local-api" |
| 122 | case PortDebugger: |
| 123 | return "delve" |
| 124 | } |
| 125 | return "unknown" |
| 126 | } |
| 127 | |
| 128 | func (p Port) PortString() string { |
| 129 | return strconv.Itoa(int(p)) |
| 130 | } |