Documentation Portal

Light theme Dark theme

StackLight¶

The tables below contain the details about ports and protocols used by different StackLight components.

Warning

This section does not describe communications within the cluster network.

User interfaces¶

Component	Network	Direction	Port/Protocol	Consumer	Comments
Alerta UI	External network (LB service)	Inbound	443/TCP/HTTPS	Cluster users	Add the assigned external IP to the `allowlist`.
Alertmanager UI	External network (LB service)	Inbound	443/TCP/HTTPS	Cluster users	Add the assigned external IP to the `allowlist`.
Grafana UI	External network (LB service)	Inbound	443/TCP/HTTPS	Cluster users	Add the assigned external IP to the `allowlist`.
OpenSearch Dashboards UI	External network (LB service)	Inbound	443/TCP/HTTPS	Cluster users	Only when the StackLight logging stack is enabled. Add the assigned external IP to the `allowlist`.
Prometheus UI	External network (LB service)	Inbound	443/TCP/HTTPS	Cluster users	Add the assigned external IP to the `allowlist`.

Alertmanager notifications receivers¶

Component	Network	Direction	Port/Protocol	Destination	Comments
Alertmanager Email notifications integration	Cluster network	Outbound	TCP/SMTP	Depends on the configuration, see the comment.	Only when email notifications are enabled. Add an SMTP host URL to the `allowlist`.
Alertmanager Microsoft Teams notifications integration	Cluster network	Outbound	TCP/HTTPS	Depends on the configuration, see the comment.	Only when Microsoft Teams notifications are enabled. Add a webhook URL to the `allowlist`.
Alertmanager Salesforce notifications integration	Cluster network	Outbound	TCP/HTTPS	For Mirantis support mirantis.my.salesforce.com and login.salesforce.com. Depends on the configuration, see the comment.	Only when Salesforce notifications are enabled. Add an SF instance URL and an SF login URL to the `allowlist`. See Requirements for a baremetal-based cluster for details.
Alertmanager ServiceNow notifications integration	Cluster network	Outbound	TCP/HTTPS	Depends on the configuration, see the comment.	Only when notifications to ServiceNow are enabled. Add a configured ServiceNow URL to the `allowlist`.
Alertmanager Slack notifications integration	Cluster network	Outbound	TCP/HTTPS	Depends on the configuration, see the comment.	Only when notifications to Slack are enabled. Add a configured Slack URL to the `allowlist`.
Notification integration of Alertmanager generic receivers	Cluster network	Outbound	Customizable, see the comment	Depends on the configuration, see the comment.	Only when any custom Alertmanager integration is enabled. Depending on the integration type, add the corresponding URL to the `allowlist`.

External integrations¶

Component	Network	Direction	Port/Protocol	Destination	Comments
Salesforce reporter	Cluster network	Outbound	TCP/HTTPS	For Mirantis support mirantis.my.salesforce.com and login.salesforce.com. Depends on the configuration, see the comment.	Only when the Salesforce reporter is enabled. Add a SF instance URL and SF login URL to the `allowlist`. See Requirements for a baremetal-based cluster for details.
Prometheus Remote Write	Cluster network	Outbound	TCP	Depends on the configuration, see the comment.	Only when the Prometheus Remote Write feature is enabled. Add a configured remote write destination URL to the `allowlist`.
Prometheus custom scrapes	Cluster network	Outbound	TCP	Depends on the configuration, see the comment.	Only when the Custom Prometheus scrapes feature is enabled. Add configured scrape targets to the `allowlist`.
Fluentd remote syslog output	Cluster network	Outbound	TCP or UDP (protocol and port are configurable)	Depends on the configuration, see the comment.	Only when the Logging to remote Syslog feature is enabled. Add a configured remote syslog URL to the `allowlist`.
Metric Collector	Cluster network	Outbound	9093/443/TCP	mcc-metrics-prod-ns.servicebus.windows.net	Applicable to management clusters only. Add a specific URL from Microsoft Azure to the `allowlist`. See Requirements for a baremetal-based cluster for details.
External Endpoint monitoring	Cluster network	Outbound	TCP/HTTP(S)	Depends on the configuration, see the comment.	Only when the External endpoint monitoring feature is enabled. Add configured monitored URLs to the `allowlist`.
SSL certificate monitoring	Cluster network	Outbound	TCP/HTTP(S)	Depends on the configuration, see the comment.	Only when SSL certificates monitoring feature is enabled. Add configured monitored URLs to the allowlist.

Metrics exporters¶

Component	Network	Direction	Port/Protocol	Consumer	Comments
Prometheus Node Exporter	Host network	Inbound (from cluster network)	19100/TCP ^{Since 23.3} 9100/TCP ^{Before 23.3}	Prometheus from the `stacklight` namespace	Prometheus from Cluster network scrape metrics from all nodes.
Fluentd (Prometheus metrics endpoint)	Host network	Inbound (from cluster network)	24231/TCP	Prometheus from the `stacklight` namespace	Only when the StackLight logging stack is enabled. Prometheus from the cluster network scrapes metrics from all nodes.
Calico node	Host network	Inbound (from cluster network)	9091/TCP	Prometheus from the `stacklight` namespace	Prometheus from cluster network scrape metrics from all nodes.
Telegraf SMART plugin	Host network	Inbound (from cluster network)	9126/TCP	Prometheus from the `stacklight` namespace	Prometheus from cluster network scrapes metrics from all nodes.
MKE Manager API	Host network	Inbound (from cluster network)	4443/TCP	Blackbox exporter from the `stacklight` namespace	Applicable to Master node only. Blackbox exporter from cluster network probes all master nodes.
MKE Metrics Engine	Host network	Inbound (from cluster network)	12376/TCP	Prometheus from the `stacklight` namespace	Prometheus from cluster network scrape metrics from all nodes.
Kubernetes Master API	Host network	Inbound (from cluster network)	5443/TCP	Blackbox exporter from the `stacklight` namespace	Applicable to Master node only. Blackbox exporter from cluster network probes all master nodes.
Libvirt Exporter	Host network	Inbound (from cluster network)	9177/TCP	Blackbox exporter from the `stacklight` namespace	Prometheus from cluster network scrapes metrics from all compute nodes.
TF Controller Exporter	Host network	Inbound (from cluster network)	9779/TCP	Blackbox exporter from the `stacklight` namespace	Applicable to MOSK with Tungsten Fabric deployments only. Prometheus from Cluster network scrapes metrics from all Tungsten Fabric control nodes.
TF vRouter Exporter	Host network	Inbound (from cluster network)	9779/TCP	Blackbox exporter from the `stacklight` namespace	Applicable to MOSK with Tungsten Fabric deployment only. Prometheus from Cluster network scrapes metrics from all compute nodes.

Container Cloud telemetry¶

Component	Network	Direction	Port/Protocol	Destination	Comments
Telemeter client	Cluster network	Outbound (to management cluster External LB)	443/TCP	Telemeter server on a management cluster (`telemeter-server` External IP from the `stacklight` namespace of the management cluster)	The Telemeter client on the MOSK cluster pushes metrics to the `telemeter-server` on the management cluster