From / To	Rancher Nodes	etcd Plane Nodes	Control Plane Nodes	Worker Plane Nodes	External Rancher Load Balancer	Internet
Rancher Nodes (1)						git.rancher.io
etcd Plane Nodes	443 TCP (3)	2379 TCP			443 TCP
		2380 TCP
			6443 TCP
		8472 UDP
		4789 UDP (6)
		9099 TCP (4)
Control Plane Nodes	443 TCP (3)	2379 TCP			443 TCP
		2380 TCP
			6443 TCP
		8472 UDP
		4789 UDP (6)
		10250 TCP
			9099 TCP (4)
			10254 TCP (4)
Worker Plane Nodes	443 TCP (3)		6443 TCP		443 TCP
		8472 UDP
		4789 UDP (6)
				9099 TCP (4)
				10254 TCP (4)
Kubernetes API Clients			6443 TCP (5)
Workload Clients or Load Balancer				30000-32767 TCP / UDP (nodeport)
				80 TCP (Ingress)
				443 TCP (Ingress)
Notes: 1. Nodes running standalone server or Rancher HA deployment. 2. Required to fetch Rancher chart library. 3. Only without external load balancer in front of Rancher. 4. Local traffic to the node itself (not across nodes). 5. Only if Authorized Cluster Endpoints are activated. 6. Only if using Overlay mode on Windows cluster.