12/12/2022, 9:57 AM
Hello k3s-community I have a single node k3s installation and noticed that ports 6443 and 10250 are open from the outside. How can I add iptables rules in order to close these ports from the outside? When I run iptables -L I see a plethora of rules but have no idea where and how these are configured and thus how to add a couple of them. I am using k3s-selinux-1.2-2.el8.noarch Regards Hans


12/13/2022, 6:11 PM
The 6443 is a required open port for K3s to function. Its how K3s nodes communicate with the k8s apiserver. 10250 is open for Kubelet metrics. See for info on possible open ports used by K3s and other K8s components.


12/15/2022, 6:03 AM
Hi Derek, Thanks for your reply. I am aware of the fact that 6443 and 10250 need to be open in a cluster. But in my case I have a single node. So these ports do not need to be open from the "outside". I would argue that also in a multiple node cluster environment it would be good practice to limit access to these ports to the nodes that make up the cluster. I am now looking at network policies.