Supported Environments
Please review the information listed below to understand the supported environments and operational requirements.
Operating Systems¶
Here is the list of supported operating systems for the nodes.
- Bottlerocket
- Ubuntu
Note
Rafay Managed Amazon EKS Anywhere is currently only supported on Bare Metal.
Kubernetes Versions¶
The following versions of Kubernetes are currently supported.
New Clusters¶
New clusters can be provisioned using the following Kubernetes versions.
| Kubernetes Version | Official EOL Date | Support added with Controller release version |
|---|---|---|
| v1.27 | Sep 2024 | v1.27 |
| v1.26 | July 2024 | v1.27 |
| v1.25 | April 2024 | v1.27 |
| v1.24 | Jan 2024 | v1.27 |
| v1.23 | Oct 2023 | v1.27 |
Ports and protocols¶
Amazon EKS Anywhere needs certain ports to be open on the control plane, and worker nodes.
Network Rules: Control Plane¶
Ensure that network rules on the control plane (aka. master) nodes are configured for the ports and direction described below.
| Purpose | Port Range | Protocol | Direction |
|---|---|---|---|
| Kubernetes API Server | 6443 | TCP | Inbound |
| Kubelet API | 10250 | TCP | Inbound |
| kube-scheduler | 10259 | TCP | Inbound |
| kube-controller-manager | 10257 | TCP | Inbound |
| Purpose | Port Range | Protocol | Direction |
|---|---|---|---|
| etcd client | 2379-2380 | TCP | Inbound |
Network Rules: Worker Node¶
Ensure that the network rules on the nodes (aka. worker) are configured for the ports and direction described below.
| Purpose | Port Range | Protocol | Direction |
|---|---|---|---|
| Kubelet API | 6443 | TCP | Inbound |
| NodePort Services | 30000-32767 | TCP | Inbound |
Network rule : SSH Access¶
To enable SSH access on any node, you need to allow the following SSH port.
| Purpose | Port Range | Protocol | Direction |
|---|---|---|---|
| sshd | 22 | TCP | Inbound |
Note
To install the gateway agent, allow inbound port 22 on the admin machine. Once the installation is complete, the inbound port 22 for the admin machine can be closed.
Bare Metal Provider¶
For initial network booting, the following ports on the Admin machine for a Bare Metal provider must be accessible to all nodes on the same level 2 network in the cluster:
| Purpose | Port Range | Protocol | Direction |
|---|---|---|---|
| Boots DHCP | 67 | TCP | Inbound |
| Boots TFTP | 69 | TCP | Inbound |
| Boots HTTP | 80 | TCP | Inbound |
| Tink-server | 42113 | TCP | Inbound |
| Hegel HTTP | 50061 | TCP | Inbound |
| Rufio IPMI | 623 | TCP | Outbound |
| Rufio Redfish | 80, 443 | TCP | Outbound |