Shipa Networking Requirements

Shipa has a control plane to node relationship. Installing Shipa Self-Managed will have more networking requirements since you are installing the control plane. If Connecting Clusters to a Shipa Cloud or Shipa Self-Managed instance, the connectivity requirements to the control plane will be similar minus the address.

13921392

Shipa Cloud e.g SaaS

Leveraging Shipa Cloud/SaaS to connect to your Workload Clusters.

Shipa Cloud to your Workload Clusters

Connection

Ports

Notes

Kubernetes Endpoint API

6443 by default

This will be dependent on the Kubernetes installation/configuration. Connecting Clusters has instructions for how to pull this information.

From your Workload Clusters to Shipa Cloud Control Plane

Connection

Ports

Notes

apps.shipa.cloud

8081

The managed cluster will have busybody and exporter containers deployed that will report metrics to Shipa Cloud. If this connection is not allowed then the dashboard will not show Transactions or Resources data.

Container Registries

443

For Shipa to manage and monitor the workloads, there are containers pulled from a few public image registries. The cluster also needs access to the registry or registries where your images that you want to deploy are located.

Shipa Self-Managed e.g On-Prem

Installing Shipa Self-Managed on your own infrastructure and connecting your Workload Clusters to Shipa Self-Managed.

Shipa Self-Managed to your Workload Clusters

Connection

Port

Notes

Kubernetes Endpoint API

6443 by default

This will be dependent on the Kubernetes installation/configuration. Connecting Clusters has instructions for how to pull this information.

From your Workload Clusters to Shipa Self-Managed Control Plane

Connection

Port

Notes

Shipa API Endpoint e.g Shipa Target

8080 (HTTP) or 8081 (HTTPS)

The managed cluster will have busybody and exporter containers deployed that will report metrics to the Shipa control plane. If this connection is not allowed then the dashboard will not show Transactions or Resources data. The Shipa API endpoint is exposed through the shipa-ingress-nginx service in the shipa-system namespace.

Container Registries

443

For Shipa to manage and monitor the workloads, there are containers pulled from a few public image registries. The cluster also needs access to the registry or registries where your images that you want to deploy are located.

Ingress to the Shipa Self-Managed Control Plane (CLI, APIs, Browser)

Connection

Port

Notes

Shipa API Endpoint e.g Shipa Target

8080 (HTTP) or 8081 (HTTPS)

The Shipa API endpoint is exposed through the shipa-ingress-nginx service in the shipa-system namespace.

Shipa Dashboard

80 (HTTP) or 443 (HTTPS)

The Shipa Dashboard is exposed through the shipa-ingress-nginx service in the shipa-system namespace.

Additional Shipa Self-Managed Control Plane Connectivity

Connection

Port

Notes

MongoDB Endpoint

27107

An internal MongoDB can be installed with the Shipa Helm chart, which will have connectivity automatically, but this should only be used for testing purposes.

Postgres Endpoint

5432

An internal PostgreSQL can be installed with the Shipa Helm chart, which will have connectivity automatically, but this should only be used for testing purposes.

Container Registries

443

For Shipa to be installed there are containers pulled from a few public image registries.

Clair Container Scanner

80/443

Shipa ships with Clair. There are a few domains that need to be whitelisted.

nvd.nist.gov, security-tracker.debian.org

Automatic DNS

When deploying a Shipa managed application, by default there will be a CNAME associated with the application. The DNS address of the CNAME will be of the form http://<app_name>.<ingress_ip>.shipa.cloud and are completely optional. For these DNS names to work, the client connecting to your application, e.g. your browser, will need to be able to resolve DNS from ns1.shipa.cloud and ns2.shipa.cloud, as well as info.shipa.cloud for the authoritative answer. If you cannot use or do not wish to use the automatic shipa.cloud CNAME, you can simply add a different CNAME, as detailed at Application CNAME.


Did this page help you?