Network and Firewall Requirements for Kubernetes Access Nodes

Verify that your environment meets the network and firewall requirements.

Network Interface

1GbE network interface for backup data.

Port That Must Be Open

If a firewall exists between the access nodes and the Kubernetes API server endpoint, the following port must be open:

TCP: API_server_port_number incoming to your Kubernetes master server from the access nodes


The default port of kube-apiserver is 443. To validate your cluster, run the following command on your API server:kubectl cluster-info


The Commvault software requires a Layer 3 network connection between the access node and the Kubernetes API server endpoint on port 443 (or equivalent TLS-SSL port in the /etc/kubernetes/admin.conf file on the admin server).

External Connectivity

The Commvault software requires access to the Docker Hub ( to perform backup and restore operations.

To enable backups and restores of air-gapped Kubernetes clusters, see Enabling Backups and Restores of Air-Gapped Clusters for Kubernetes.


Commvault downloads and uses the centos:8 image to create a temporary container during backups.