SaaS Network Communications and Ports

The following ports must be reachable from a network perspective for Palette SaaS to function correctly.

SaaS Network Diagram with ports


SaaS Managed

SaaS network diagram displaying the network paths for edge

The following ports must be reachable from a network perspective for Palette to operate properly.

Management Platform

PortDirectionPurpose
HTTPS (tcp/443)INBOUNDBrowser/API access to management platform
NATS (tcp/4222)INBOUNDAgent running inside connecting to management platform

Workload Cluster

PortDirectionPurpose
HTTPS (tcp/443)OUTBOUNDAPI access to management platform
NATS (tcp/4222)OUTBOUNDRegistry (packs, integrations), Pack containers, Application Updates
NATS (tcp/4222)OUTBOUNDRegistry (packs, integrations), Pack containers, Application Updates

You can expose inbound port 22 for SSH if you would like to access your cluster nodes for troubleshooting remotely. This is entirely optional and not required for Palette to operate appropriately.

Self-Hosted Network Communications and Ports

The following ports must be reachable from a network perspective for Palette Sefl-Hosted to function correctly.

On-prem network diagram

Management Platform

PortDirectionPurpose
HTTPS (tcp/443)INBOUNDBrowser/API access to management platform
NATS (tcp/4222)INBOUNDMessage Bus for workload clusters
HTTPS (tcp/443)OUTBOUNDvSphere vCenter API, Registry (packs, integrations), Pack containers, app updates.
HTTPS (tcp/6443)OUTBOUNDWorkload K8s cluster API Server

Workload Cluster

PortDirectionPurpose
HTTPS (tcp/443)OUTBOUNDAPI access to management platform
NATS (tcp/4222)OUTBOUNDAgent communication via message bus
HTTPS (tcp/443)OUTBOUNDvSphere vCenter API, Registry (packs, integrations), Pack containers, Application updates.

You can expose inbound port 22 for SSH if you would like to access your cluster nodes for troubleshooting remotely. This is entirely optional and not required for Palette to operate appropriately.