Shipa Networking Requirements

Shipa has a control plane to node relationship. Installing Shipa Self-Managed will have more networking requirements since you are installing the control plane. If Connecting Clusters to a Shipa Cloud or Shipa Self-Managed instance, the connectivity requirements to the control plane will be similar minus the address.

1392

Shipa Cloud e.g SaaS

Leveraging Shipa Cloud/SaaS to connect to your Workload Clusters.

Shipa Cloud to your Workload Clusters

ConnectionPortsNotes
Kubernetes Endpoint API6443 by defaultThis will be dependent on the Kubernetes installation/configuration. Connecting Clusters has instructions for how to pull this information.

From your Workload Clusters to Shipa Cloud Control Plane

ConnectionPortsNotes
apps.shipa.cloud8081The managed cluster will have busybody and exporter containers deployed that will report metrics to Shipa Cloud. If this connection is not allowed then the dashboard will not show Transactions or Resources data.
Container Registries443For Shipa to manage and monitor the workloads, there are containers pulled from a few public image registries. The cluster also needs access to the registry or registries where your images that you want to deploy are located.

Shipa Self-Managed e.g On-Prem

Installing Shipa Self-Managed on your own infrastructure and connecting your Workload Clusters to Shipa Self-Managed.

Shipa Self-Managed to your Workload Clusters

ConnectionPortNotes
Kubernetes Endpoint API6443 by defaultThis will be dependent on the Kubernetes installation/configuration. Connecting Clusters has instructions for how to pull this information.

From your Workload Clusters to Shipa Self-Managed Control Plane

ConnectionPortNotes
Shipa API Endpoint e.g Shipa Target8080 (HTTP) or 8081 (HTTPS)The managed cluster will have busybody and exporter containers deployed that will report metrics to the Shipa control plane. If this connection is not allowed then the dashboard will not show Transactions or Resources data. The Shipa API endpoint is exposed through the shipa-ingress-nginx service in the shipa-system namespace.
Container Registries443For Shipa to manage and monitor the workloads, there are containers pulled from a few public image registries. The cluster also needs access to the registry or registries where your images that you want to deploy are located.

Ingress to the Shipa Self-Managed Control Plane (CLI, APIs, Browser)

ConnectionPortNotes
Shipa API Endpoint e.g Shipa Target8080 (HTTP) or 8081 (HTTPS)The Shipa API endpoint is exposed through the shipa-ingress-nginx service in the shipa-system namespace.
Shipa Dashboard80 (HTTP) or 443 (HTTPS)The Shipa Dashboard is exposed through the shipa-ingress-nginx service in the shipa-system namespace.

Additional Shipa Self-Managed Control Plane Connectivity

ConnectionPortNotes
MongoDB Endpoint27107An internal MongoDB can be installed with the Shipa Helm chart, which will have connectivity automatically, but this should only be used for testing purposes.
Postgres Endpoint5432An internal PostgreSQL can be installed with the Shipa Helm chart, which will have connectivity automatically, but this should only be used for testing purposes.
Container Registries443For Shipa to be installed there are containers pulled from a few public image registries.
Clair Container Scanner80/443Shipa ships with Clair. There are a few domains that need to be whitelisted.

nvd.nist.gov, security-tracker.debian.org

Automatic DNS

When deploying a Shipa managed application, by default there will be a CNAME associated with the application. The DNS address of the CNAME will be of the form http://<app_name>.<ingress_ip>.shipa.cloud and are completely optional. For these DNS names to work, the client connecting to your application, e.g. your browser, will need to be able to resolve DNS from ns1.shipa.cloud and ns2.shipa.cloud, as well as info.shipa.cloud for the authoritative answer. If you cannot use or do not wish to use the automatic shipa.cloud CNAME, you can simply add a different CNAME, as detailed at Application CNAME.


What’s Next