Network Communication and Ports
Palette communicates with workload clusters using gRPC, a modern, high-performance remote procedure protocol framework built on HTTP/2 for sending and receiving data securely and quickly. With gRPC, communication between Palette's central management platform and your workload clusters remains efficient, secure, and reliable, even as your environment scales.
SaaS Network Communications and Ports
The following ports must be reachable from a network perspective for Palette SaaS to function correctly.
SaaS Managed Without a PCG
SaaS Managed With a PCG
SaaS Managed With Edge
Network Ports
The following ports must be reachable from a network perspective for Palette to operate properly.
Management Platform
| Port | Direction | Purpose |
|---|---|---|
| HTTPS (tcp/443) | INBOUND | Browser/API access to management platform . |
| HTTPS (tcp/443) | INBOUND | gRPC communication between Palette and the workload cluster. |
Workload Cluster
| Port | Direction | Purpose |
|---|---|---|
| HTTPS (tcp/443) | OUTBOUND | API access to management platform and gRPC |
| HTTPS (tcp/443) | OUTBOUND | gRPC, Registry (packs, integrations), Pack containers, Application Updates |
You can expose inbound port 22 for SSH if you would like to access your cluster nodes for troubleshooting remotely. This is entirely optional and not required for Palette to operate appropriately.
Self-Hosted Network Communications and Ports
The following ports must be reachable from a network perspective for Palette self-hosted to function correctly.
Management Platform
| Port | Direction | Purpose |
|---|---|---|
| HTTPS (tcp/443) | INBOUND | Browser/API access to management platform, gRPC |
| HTTPS (tcp/443) | OUTBOUND | vSphere vCenter API, Registry (packs, integrations), Pack containers, app updates, gRPC |
| HTTPS (tcp/6443) | OUTBOUND | Workload K8s cluster API Server |
Workload Cluster
| Port | Direction | Purpose |
|---|---|---|
| HTTPS (tcp/443) | OUTBOUND | API access to management platform |
| HTTPS (tcp/443) | OUTBOUND | vSphere vCenter API, gRPC, Registry (packs, integrations), Pack containers, Application updates |
You can expose inbound port 22 for SSH if you would like to access your cluster nodes for troubleshooting remotely. This is entirely optional and not required for Palette to operate appropriately.