Prepare Network
Once we have a set of remote hosts (and/or a Kubernetes cluster) we need to make sure that we have appropriate firewall rules for the ioFog components that we will start deploying on those remote hosts.
The following is an exhaustive list of the ingress firewall rules required for any ioFog Edge Compute Network.
| Component | Protocol/Port | Description |
|---|---|---|
| Controller | tcp:51121 | Controller API to be accessible from Agents and potctl. |
| Controller | http:80 | ECN Viewer to be accessible by ECN admins or users. |
| Router | tcp:5671 | Router Messaging Port |
| Router | tcp:45671 | Router Edge Router Connection Port. |
| Router | tcp:55671 | Inter Router Connection Port. |
| *NATs | tcp:4222 | NATs Server Port |
| NATs | tcp:7422 | NATs Leaf Port |
| NATs | tcp:6222 | NATs Cluster Port |
| NATs | tcp:8883 | NATs MQTT Port |
| *NATs | http:8222 | NATs Monitoring Port |
| Agent-Controller | tcp:22 | potctl SSH access to install PoT Controller and Agent on remote hosts. |
By default all Router ports and NATs Cluster, Leaf, MQTT ports are tls protected. NATs Server and Monitoring ports are for internal connections. Therefore it is highly recommended that do not open those ports to the public for Remote Agents and Remote Controllers, for Kubernetes ControlPlane YAML set nats-server service type as Cluster IP, or assign internal IP via annotations even if type is LoadBalancer.
Regardless of the type of deployment we need, next we have to prepare remote hosts for Controller and Agents (in case of remote deployment), or just for Agents (in case of Kubernetes deployment).