Port 10357: The Unassigned Port — Kubernetes Talking to Itself

What Range Is This Port In?

Port 10357 falls in the registered ports range (1024–49151). These are ports assigned by IANA to requesting entities for specific services. Unlike the well-known ports (0–1023) that carry email, web traffic, and DNS, registered ports are quieter. They're assigned to specific applications, vendors, and projects, but many never break into public consciousness.

What's Actually on Port 10357?

Port 10357 has no official IANA service assignment. But it does have an unofficial home: Kubernetes and OpenShift.¹

Specifically, it's used by the cluster-policy-controller, a component that runs inside the kube-controller-manager pod in Kubernetes clusters.² The port serves a single purpose: health checks. The controller-manager uses port 10357 for startup probes, liveness probes, and readiness probes—ways for the Kubernetes system to verify that the controller itself is still alive and functioning.³

This is infrastructure-to-infrastructure communication. External traffic never reaches it. The port is sealed inside the cluster, carrying signals from Kubernetes to Kubernetes.

Why Unassigned Ports Matter

Port 10357 represents something important about how the Internet actually works: not all communication flows through famous, registered channels. A port doesn't need an official IANA assignment to be real or useful. It just needs applications that agree to use it.

Kubernetes, running on millions of servers worldwide, created its own port ecosystem. Port 10357 is one tiny node in that ecosystem—unknown to most of the world, essential to the clusters that use it.

How to Check What's Listening on Port 10357

If you're running a Kubernetes cluster or OpenShift installation, you can verify what's using the port:

On Linux/macOS:

sudo lsof -i :10357
sudo netstat -tlnp | grep 10357
sudo ss -tlnp | grep 10357

On Windows:

Get-Process -Id (Get-NetTCPConnection -LocalPort 10357).OwningProcess
netstat -ano | findstr 10357

Inside a Kubernetes cluster:

kubectl describe pod <kube-controller-manager-pod> -n kube-system

If nothing is listening, you're not running a Kubernetes control plane. The port will remain silent on most networks.

The Broader Picture

Port 10357 is a reminder that the Internet's infrastructure is vast and mostly invisible. Thousands of unassigned ports carry proprietary protocols, custom applications, and internal system signals that never touch the public Internet. The ports that matter most—to the systems that depend on them—are often the ones nobody has heard of.