List of Platform9 Public IPs and Repos to Whitelist in Firewall.

Problem

In environments having very restrictive firewall on both ingress/egress network traffic it is required to whitelist the list of Platform9 repos or public ips and to restrict other unnecessary traffic.

Otherwise the requirement is to allow the pf9ctl client to pull the correct packages from repos to successfully onboard the nodes.

Environment

  • Platform9 Managed Kubernetes - v-5.4 and Higher.

Answer

List of Platform9 repos and [Endpoints] IP addresses:

ItemIPTypePortDomainOS FlavorComments/Notes
SSHYour Host IP to SSH VMInbound22
Customer DNS resolve nameserver IP to resolve DU fqdnOutbound443FQDN
Curl to install pf9ctl_setup, pf9ctl from s33.5.160.117, 52.219.120.209Outbound443pmkft-assets.s3-us-west-1.amazonaws.combash <(curl -sL https://pmkft-assets.s3-us-west-1.amazonaws.com/pf9ctl_setup), https://pmkft-assets.s3-us-west-1.amazonaws.com/pf9ctl
Net-tools install, prep-node185.125.190.39, 91.189.91.38, 91.189.91.39, 185.125.190.36Outbound80archive.ubuntu.com:80Ubuntupf9ctl prep-node; packages installation (http://archive.ubuntu.com/ubuntu/pool/main/n/net-tools/net-tools_1.60+git20180626.aebd88e-1ubuntu1_amd64.deb)
Ntp install - prep-node35.180.43.213, 67.219.148.138, 85.236.43.108, 18.225.36.18Outboundmirrorlist.centos.orgCentospf9ctl prepnode; ntp install
Ntp install - prep-node108.170.47.61Outboundcentos-distro.cavecreek.netCentospf9ctl prepnode; ntp install
Ntp install - prep-node199.193.113.164Outboundcentos.hivelocity.netCentospf9ctl prepnode; ntp install
Ntp install - prep-node204.157.3.70Outboundmirror.cogentco.comCentospf9ctl prepnode; ntp install
Ntp install - prep-node131.210.12.35Outboundmirror.cs.uwp.eduCentospf9ctl prepnode; ntp install
download.docker.com - Container runtime configure.108.139.1.114,108.139.1.115, 108.139.1.117, 108.139.1.19Outbound443download.docker.comDuring cluster creation (bootstrap)
gcr.io port - Start etcd142.251.2.82Outbound443gcr.ioStart etcd step during cluster bootstraping
Storage google apis accessing142.250.189.176, 142.251.214.144, 142.250.189.240, 142.250.191.48, 142.251.46.208, 142.250.72.208, 142.250.189.208, 142.251.32.48, 142.251.46.240Outbound443storage.googleapis.comhttps://storage.googleapis.com/artifacts.etcd-development.appspot.com/containers/images/sha
k8s gcr accessing- Configure and start kube-proxy74.125.137.82Outbound443k8s.gcr.ioConfigure and start kube proxy (https://k8s.gcr.io/v2/kube-proxy/manifests/v1.24.7\)

Additional Information

Most of the IPs can be dynamic, so can be fetched/whitelisted from the host domain.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard