Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / a0684409400aa22f39b44a125dc07729e98c4908 / . / metropolis / node / ports.go
blob: 014eb90c81b2de54dba2f3767e282871d08bbe7c [file] [log] [blame]
Tim Windelschmidt6d33a432025-02-04 14:34:25 +0100[diff] [blame]1// Copyright The Monogon Project Authors.
Lorenz Brundd8c80e2019-10-07 16:19:49 +0200[diff] [blame]2// SPDX-License-Identifier: Apache-2.0
Lorenz Brundd8c80e2019-10-07 16:19:49 +0200[diff] [blame]3
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]4package node
Hendrik Hofstadt0d7c91e2019-10-23 21:44:47 +0200[diff] [blame]5
Tim Windelschmidt03000772023-07-03 02:19:28 +0200[diff] [blame]6import (
7 "strconv"
8)
Lorenz Brun9e7961b2021-12-15 18:47:31 +0100[diff] [blame]9
Serge Bazanski52304a82021-10-29 16:56:18 +0200[diff] [blame]10// Port is a TCP and/or UDP port number reserved for and used by Metropolis
11// node code.
12type Port uint16
13
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]14const (
Serge Bazanski52304a82021-10-29 16:56:18 +0200[diff] [blame]15 // CuratorServicePort is the TCP port on which the Curator listens for gRPC
16 // calls and services Management/AAA/Curator RPCs.
17 CuratorServicePort Port = 7835
18 // ConsensusPort is the TCP port on which etcd listens for peer traffic.
19 ConsensusPort Port = 7834
20 // DebugServicePort is the TCP port on which the debug service serves gRPC
21 // traffic. This is only available in debug builds.
22 DebugServicePort Port = 7837
23 // WireGuardPort is the UDP port on which the Wireguard Kubernetes network
24 // overlay listens for incoming peer traffic.
25 WireGuardPort Port = 7838
Tim Windelschmidtec2906a2024-03-27 01:36:43 +0100[diff] [blame]26 // NodeManagementPort is the TCP port on which the node-local management service
Serge Bazanskib40c0082023-03-29 14:28:04 +0200[diff] [blame]27 // serves gRPC traffic for NodeManagement.
Tim Windelschmidtec2906a2024-03-27 01:36:43 +0100[diff] [blame]28 NodeManagementPort Port = 7839
Serge Bazanski54e212a2023-06-14 13:45:11 +0200[diff] [blame]29 // MetricsPort is the TCP port on which the Metrics Service exports
30 // Prometheus-compatible metrics for this node, secured using TLS and the
31 // Cluster/Node certificates.
32 MetricsPort Port = 7840
33 // MetricsNodeListenerPort is the TCP port on which the Prometheus node_exporter
34 // runs, bound to 127.0.0.1. The Metrics Service proxies traffic to it from the
35 // public MetricsPort.
36 MetricsNodeListenerPort Port = 7841
Tim Windelschmidtc37a8862023-07-19 16:33:21 +0200[diff] [blame]37 // MetricsEtcdListenerPort is the TCP port on which the etcd exporter
Tim Windelschmidtf64f1972023-07-28 00:00:50 +0000[diff] [blame]38 // runs, bound to 127.0.0.1. The metrics service proxies traffic to it from the
Tim Windelschmidtc37a8862023-07-19 16:33:21 +0200[diff] [blame]39 // public MetricsPort.
40 MetricsEtcdListenerPort Port = 7842
Tim Windelschmidtf64f1972023-07-28 00:00:50 +0000[diff] [blame]41 // MetricsKubeSchedulerListenerPort is the TCP port on which the proxy for
42 // the kube-scheduler runs, bound to 127.0.0.1. The metrics service proxies
43 // traffic to it from the public MetricsPort.
44 MetricsKubeSchedulerListenerPort Port = 7843
45 // MetricsKubeControllerManagerListenerPort is the TCP port on which the
46 // proxy for the controller-manager runs, bound to 127.0.0.1. The metrics
47 // service proxies traffic to it from the public MetricsPort.
48 MetricsKubeControllerManagerListenerPort Port = 7844
Tim Windelschmidt600e2eb2023-11-21 05:29:14 +0100[diff] [blame]49 // MetricsKubeAPIServerListenerPort is the TCP port on which the
50 // proxy for the api-server runs, bound to 127.0.0.1. The metrics
Lorenz Brun4b42c8a2023-11-19 07:02:51 +0100[diff] [blame]51 // service proxies traffic to it from the public MetricsPort.
52 MetricsKubeAPIServerListenerPort Port = 7845
Tim Windelschmidt3bdb5fc2024-03-14 18:47:35 +0100[diff] [blame]53 // MetricsContainerdListenerPort is the TCP port on which the
54 // containerd metrics endpoint, bound to 127.0.0.1, is exposed.
55 MetricsContainerdListenerPort Port = 7846
Serge Bazanski52304a82021-10-29 16:56:18 +0200[diff] [blame]56 // KubernetesAPIPort is the TCP port on which the Kubernetes API is
57 // exposed.
58 KubernetesAPIPort Port = 6443
Lorenz Bruncc078df2021-12-23 11:51:55 +0100[diff] [blame]59 // KubernetesAPIWrappedPort is the TCP port on which the Metropolis
60 // authenticating proxy for the Kubernetes API is exposed.
61 KubernetesAPIWrappedPort Port = 6444
Serge Bazanski6fdca3f2023-03-20 17:47:07 +0100[diff] [blame]62 // KubernetesWorkerLocalAPIPort is the TCP port on which Kubernetes worker nodes
63 // run a loadbalancer to access the cluster's API servers before cluster
64 // networking is available. This port is only bound to 127.0.0.1.
65 KubernetesWorkerLocalAPIPort Port = 6445
Serge Bazanski52304a82021-10-29 16:56:18 +0200[diff] [blame]66 // DebuggerPort is the port on which the delve debugger runs (on debug
67 // builds only). Not to be confused with DebugServicePort.
68 DebuggerPort Port = 2345
Serge Bazanski77cb6c52020-12-19 00:09:22 +0100[diff] [blame]69)
Serge Bazanski52304a82021-10-29 16:56:18 +0200[diff] [blame]70
Tim Windelschmidt03000772023-07-03 02:19:28 +0200[diff] [blame]71var SystemPorts = []Port{
72 CuratorServicePort,
73 ConsensusPort,
74 DebugServicePort,
75 WireGuardPort,
Tim Windelschmidtec2906a2024-03-27 01:36:43 +0100[diff] [blame]76 NodeManagementPort,
Tim Windelschmidt03000772023-07-03 02:19:28 +0200[diff] [blame]77 MetricsPort,
78 MetricsNodeListenerPort,
Tim Windelschmidtc37a8862023-07-19 16:33:21 +0200[diff] [blame]79 MetricsEtcdListenerPort,
Tim Windelschmidta6fe4ef2024-04-03 04:06:57 +0200[diff] [blame]80 MetricsKubeSchedulerListenerPort,
81 MetricsKubeControllerManagerListenerPort,
82 MetricsKubeAPIServerListenerPort,
83 MetricsContainerdListenerPort,
Tim Windelschmidt03000772023-07-03 02:19:28 +0200[diff] [blame]84 KubernetesAPIPort,
85 KubernetesAPIWrappedPort,
86 KubernetesWorkerLocalAPIPort,
87 DebuggerPort,
88}
89
Serge Bazanski52304a82021-10-29 16:56:18 +0200[diff] [blame]90func (p Port) String() string {
91 switch p {
92 case CuratorServicePort:
93 return "curator"
94 case ConsensusPort:
95 return "consensus"
96 case DebugServicePort:
97 return "debug"
98 case WireGuardPort:
99 return "wireguard"
Tim Windelschmidtec2906a2024-03-27 01:36:43 +0100[diff] [blame]100 case NodeManagementPort:
Serge Bazanskib40c0082023-03-29 14:28:04 +0200[diff] [blame]101 return "node-mgmt"
Tim Windelschmidta6fe4ef2024-04-03 04:06:57 +0200[diff] [blame]102 case MetricsPort:
103 return "metrics"
104 case MetricsNodeListenerPort:
105 return "metrics-node-exporter"
106 case MetricsEtcdListenerPort:
107 return "metrics-etcd"
108 case MetricsKubeSchedulerListenerPort:
109 return "metrics-kubernetes-scheduler"
110 case MetricsKubeControllerManagerListenerPort:
111 return "metrics-kubernetes-controller-manager"
112 case MetricsKubeAPIServerListenerPort:
113 return "metrics-kubernetes-api-server"
114 case MetricsContainerdListenerPort:
115 return "metrics-containerd"
Serge Bazanski52304a82021-10-29 16:56:18 +0200[diff] [blame]116 case KubernetesAPIPort:
117 return "kubernetes-api"
Lorenz Bruncc078df2021-12-23 11:51:55 +0100[diff] [blame]118 case KubernetesAPIWrappedPort:
119 return "kubernetes-api-wrapped"
Tim Windelschmidta6fe4ef2024-04-03 04:06:57 +0200[diff] [blame]120 case KubernetesWorkerLocalAPIPort:
121 return "kubernetes-worker-local-api"
Serge Bazanski52304a82021-10-29 16:56:18 +0200[diff] [blame]122 case DebuggerPort:
123 return "delve"
124 }
125 return "unknown"
126}
Lorenz Brun9e7961b2021-12-15 18:47:31 +0100[diff] [blame]127
128func (p Port) PortString() string {
129 return strconv.Itoa(int(p))
130}