Skip to main content

Network Communication and Ports

Palette communicates with workload clusters using gRPC, a modern, high-performance remote procedure protocol framework built on HTTP/2 for sending and receiving data securely and quickly. With gRPC, communication between Palette's central management platform and your workload clusters remains efficient, secure, and reliable, even as your environment scales.

SaaS Network Communications and Ports

The following ports must be reachable from a network perspective for Palette SaaS to function correctly.

SaaS Managed Without a PCG

SaaS Network Diagram with ports without a PCG

SaaS Managed With a PCG

SaaS Network Diagram with ports using a PCG

SaaS Managed With Edge

SaaS network diagram displaying the network paths for edge

Network Ports

The following ports must be reachable from a network perspective for Palette to operate properly.

Management Platform

PortDirectionPurpose
HTTPS (tcp/443)INBOUNDBrowser/API access to management platform .
HTTPS (tcp/443)INBOUNDgRPC communication between Palette and the workload cluster.
HTTPS (tcp/6443)OUTBOUNDWorkload K8s cluster API Server

Workload Cluster

PortDirectionPurpose
HTTPS (tcp/443)OUTBOUNDAPI access to management platform and gRPC
HTTPS (tcp/443)OUTBOUNDgRPC, Registry (packs, integrations), Pack containers, Application Updates
info

You can expose inbound port 22 for SSH if you would like to access your cluster nodes for troubleshooting remotely. This is entirely optional and not required for Palette to operate appropriately.

Self-Hosted Network Communications and Ports

On-prem network diagram

The following ports must be reachable from a network perspective for Palette self-hosted to function correctly.

Management Platform

PortDirectionPurpose
HTTPS (tcp/443)INBOUNDBrowser/API access to management platform, gRPC
HTTPS (tcp/443)OUTBOUNDvSphere vCenter API, Registry (packs, integrations), Pack containers, app updates, gRPC
HTTPS (tcp/6443)OUTBOUNDWorkload K8s cluster API Server

Workload Cluster

PortDirectionPurpose
HTTPS (tcp/443)OUTBOUNDAPI access to management platform
HTTPS (tcp/443)OUTBOUNDvSphere vCenter API, gRPC, Registry (packs, integrations), Pack containers, Application updates
info

You can expose inbound port 22 for SSH if you would like to access your cluster nodes for troubleshooting remotely. This is entirely optional and not required for Palette to operate appropriately.