The following ports must be reachable from a network perspective for Palette SaaS to function correctly.
SaaS Managed
The following ports must be reachable from a network perspective for Palette to operate properly.
| Port | Direction | Purpose |
|---|---|---|
| HTTPS (tcp/443) | INBOUND | Browser/API access to management platform |
| NATS (tcp/4222) | INBOUND | Agent running inside connecting to management platform |
| Port | Direction | Purpose |
|---|---|---|
| HTTPS (tcp/443) | OUTBOUND | API access to management platform |
| NATS (tcp/4222) | OUTBOUND | Registry (packs, integrations), Pack containers, Application Updates |
| NATS (tcp/4222) | OUTBOUND | Registry (packs, integrations), Pack containers, Application Updates |
You can expose inbound port 22 for SSH if you would like to access your cluster nodes for troubleshooting remotely. This is entirely optional and not required for Palette to operate appropriately.
The following ports must be reachable from a network perspective for Palette Sefl-Hosted to function correctly.
| Port | Direction | Purpose |
|---|---|---|
| HTTPS (tcp/443) | INBOUND | Browser/API access to management platform |
| NATS (tcp/4222) | INBOUND | Message Bus for workload clusters |
| HTTPS (tcp/443) | OUTBOUND | vSphere vCenter API, Registry (packs, integrations), Pack containers, app updates. |
| HTTPS (tcp/6443) | OUTBOUND | Workload K8s cluster API Server |
| Port | Direction | Purpose |
|---|---|---|
| HTTPS (tcp/443) | OUTBOUND | API access to management platform |
| NATS (tcp/4222) | OUTBOUND | Agent communication via message bus |
| HTTPS (tcp/443) | OUTBOUND | vSphere vCenter API, Registry (packs, integrations), Pack containers, Application updates. |
You can expose inbound port 22 for SSH if you would like to access your cluster nodes for troubleshooting remotely. This is entirely optional and not required for Palette to operate appropriately.