From 2bc7ed0ed9df709921717d77beb265f91a5013dc Mon Sep 17 00:00:00 2001
From: Eashwar Ranganathan <eashwar@eashwar.com>
Date: Sat, 5 Dec 2020 09:29:52 -0800
Subject: [PATCH] docs: add docs for network connectivity

Adds documentation on the ports used by various components of Talos
Signed-off-by: Eashwar Ranganathan <eashwar@eashwar.com>
---
 .../configuring-network-connectivity.md       | 71 +++++++++++++++++++
 1 file changed, 71 insertions(+)
 create mode 100644 website/content/docs/v0.8/Guides/configuring-network-connectivity.md

diff --git a/website/content/docs/v0.8/Guides/configuring-network-connectivity.md b/website/content/docs/v0.8/Guides/configuring-network-connectivity.md
new file mode 100644
index 000000000..4794e52b2
--- /dev/null
+++ b/website/content/docs/v0.8/Guides/configuring-network-connectivity.md
@@ -0,0 +1,71 @@
+---
+title: "Configuring Network Connectivity"
+description: ""
+---
+
+## Configuring Network Connectivity
+
+The simplest way to deploy Talos is by ensuring that all the remote components of the system (`talosctl`, the control plane nodes, and worker nodes) all have layer 2 connectivity.
+This is not always possible, however, so this page lays out the minimal network access that is required to configure and operate a talos cluster.
+
+ > Note: These are the ports required for Talos specifically, and should be configured _in addition_ to the ports required by kuberenetes.
+ See the [kubernetes docs](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#check-required-ports) for information on the ports used by kubernetes itself.
+
+### Control plane node(s)
+
+<table class="table-auto">
+  <thead>
+    <tr>
+      <th class="px-4 py-2">Protocol</th>
+      <th class="px-4 py-2">Direction</th>
+      <th class="px-4 py-2">Port Range</th>
+    <th class="px-4 py-2">Purpose</th>
+    <th class="px-4 py-2">Used By</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td class="border px-4 py-2">TCP</td>
+      <td class="border px-4 py-2">Inbound</td>
+      <td class="border px-4 py-2">50000*</td>
+    <td class="border px-4 py-2"><a href="https://talos.dev/docs/v0.8/learn-more/components/#apid">apid</a></td>
+    <td class="border px-4 py-2">talosctl</td>
+    </tr>
+    <tr>
+      <td class="border px-4 py-2">TCP</td>
+      <td class="border px-4 py-2">Inbound</td>
+      <td class="border px-4 py-2">50001*</td>
+    <td class="border px-4 py-2"><a href="https://talos.dev/docs/v0.8/learn-more/components/#trustd">trustd</a></td>
+    <td class="border px-4 py-2">Control plane nodes, worker nodes</td>
+    </tr>
+  </tbody>
+</table>
+
+> Ports marked with a `*` are not currently configurable, but that may change in the future.
+[Follow along here](https://github.com/talos-systems/talos/issues/1836).
+
+### Worker node(s)
+
+<table class="table-auto">
+  <thead>
+    <tr>
+      <th class="px-4 py-2">Protocol</th>
+      <th class="px-4 py-2">Direction</th>
+      <th class="px-4 py-2">Port Range</th>
+    <th class="px-4 py-2">Purpose</th>
+    <th class="px-4 py-2">Used By</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td class="border px-4 py-2">TCP</td>
+      <td class="border px-4 py-2">Inbound</td>
+      <td class="border px-4 py-2">50001*</td>
+    <td class="border px-4 py-2"><a href="https://talos.dev/docs/v0.8/learn-more/components/#trustd">trustd</a></td>
+    <td class="border px-4 py-2">Control plane nodes</td>
+    </tr>
+  </tbody>
+</table>
+
+> Ports marked with a `*` are not currently configurable, but that may change in the future.
+[Follow along here](https://github.com/talos-systems/talos/issues/1836).