Networking & Firewall Rules
Configure networking and firewall rules to enable communication between KubeSense components and external services.
Server-Sensor Ports
The following ports must be open between the KubeSense server and sensor components:
| Component | Port | Purpose | Firewall Rule |
|---|---|---|---|
| Kubecol Controller | 32033 | Kubernetes info and infrastructure attributes | Allow inbound from kubesensors |
| Kubecol Ingestor | 32133 | Trace processing and database ingestion | Allow inbound from kubesensors |
| Metrics Collector | 30060 | Infrastructure metrics (CPU, memory, etc.) | Allow inbound from otel-agent |
| Events Port | 30051 | Kubernetes event information | Allow inbound from otel-agent |
| Log Aggregator | 30052 | Log processing and transformation | Allow inbound from logsensors |
External Services
The following outbound connections are required:
| Service | Endpoint | Port | Purpose |
|---|---|---|---|
| ECR Registry | 365639915496.dkr.ecr.us-east-1.amazonaws.com | 443 | Pull container images |
| Amazon SES | email.ap-south-1.amazonaws.com | 443 | Email notifications |
| AWS STS | sts.amazonaws.com | 443 | Secure token management |
| AWS Sign-in | signin.aws.amazon.com | 443 | Authentication |
Summary
Ensure the following are configured:
- Internal ports (
32033,32133,30060,30051,30052) are open between server and sensor nodes - Outbound HTTPS (port
443) is allowed to the ECR registry and AWS services listed above