Question about network rules


I need an explanation of Rancher’s requirements.
On this page :

My cluster is built as follows:

  • 1 Rancher server
  • 3 servers with etcd and controlplane roles
  • 3 workers

My rancher server is exposed to internet on port 443.
My workers are exposed to internet on port 80 and 443 to access my application.
My servers with etcd and controleplane roles are not exposed to internet, they are just available in the private network of my servers.

Need I to open 80 and 443 on the controlplane nodes for others services (Monitoring maybe?)

thank you for your help in my understanding