Port Overrides

Last modified on June 20, 2023

When a resource is created in StrongDM, it is assigned a default port (this typically corresponds to the default for the resource type, such as port 3306 for MySQL). The resource is also assigned a port override value. A port override is a port that will be used locally to access the resource that is different than the default. Port overrides must be unique and not already assigned to another resource. You have the option to set your own port override value if you prefer not to use the one assigned by the system, which allocates port numbers incrementally starting at 10000 (skipping known default ports). This page provides more details on port overrides and how to manage them in StrongDM.

Some resources—such as the MySQL datasource types MySQL, Aurora MySQL, Azure Database for MySQL, and so forth—may share the same port by default. If, for some reason, your organization’s users want to connect to all of those at the same time, they need each one to have a different port assignment. If you explicitly set a port override value that conflicts with the default port of a resource, you are overriding the default port and causing the resource to use the port override value instead.

Port overrides ensure that users automatically have ports assigned for each resource and can connect to multiple resources of the same type (or different resource types with conflicting default ports) concurrently.

Port Overrides Page of the Admin UI

Port overrides are enabled by default. If they were disabled by your organization, you can turn them on from the Admin UI > Settings > Port Overrides page.

The Port Overrides page displays details about all resource types, including SSH servers and Kubernetes clusters, that are configured in your organization. These details include the resource name, type, tags, default port, and port override. The only field that may be edited on this page is Port Override. If you change it, you must specify a value; the port override field cannot be left empty.

Limitations

If you specify a different port override for a resource, port override values 49152 to 65535 are not allowed to be used.

How to Override a Port

In the Admin UI, you can set your own port for a resource in several ways:

  • When adding a new resource, enter your desired port number in the Port Override field. If you don’t, the resource is assigned a port override value.
  • For an existing resource, go to the resource’s Settings tab and change the Port Override field’s value to the desired port number.
  • Go to the Port Overrides settings page and edit the value of a resource’s Port Override field (for example, change 36640 to 36641).

In the CLI, use the sdm admin ports set command to define a port override for a resource. For more information, see sdm admin ports.

Port Overrides for Kubernetes

Port overrides on Kubernetes clusters require updating the kubectl configuration in order to access the clusters successfully.

Please do the following:

  1. In the Admin UI, go to Settings > Port Overrides and specify the port override number for your Kubernetes cluster.
  2. Check that your cluster is connected.
  3. Update the kubectl configuration.
    1. If using the desktop app, go to the Account menu and select Update kubectl configuration.

    2. If using the CLI, run the following command with the force option:

      sdm kubernetes update-config --force
      

Now you can successfully access the resource again.