# List of Platform9 Public IPs and Repos to Whitelist in Firewall. ## Problem In environments having very restrictive firewall on both ingress/egress network traffic it is required to whitelist the list of Platform9 repos or public ips and to restrict other unnecessary traffic. Otherwise the requirement is to allow the pf9ctl client to pull the correct packages from repos to successfully onboard the nodes. ## Environment * Platform9 Managed Kubernetes - v-5.4 and Higher. ## Answer List of Platform9 repos and \[Endpoints] IP addresses: | Item | IP | Type | Port | Domain | OS Flavor | Comments/Notes | | ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ---- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | | SSH | Your Host IP to SSH VM | Inbound | 22 | | | | | Customer DNS resolve nameserver IP to resolve DU fqdn | | Outbound | 443 | FQDN | | | | Curl to install pf9ctl\_setup, pf9ctl from s3 | 3.5.160.117, 52.219.120.209 | Outbound | 443 | [pmkft-assets.s3-us-west-1.amazonaws.com](https://github.com/platform9/pcd-docs-gitbook/blob/main/kb/managed-kubernetes/pmkft-assets.s3-us-west-1.amazonaws.com) | | bash <(curl -sL ), | | Net-tools install, prep-node | 185.125.190.39, 91.189.91.38, 91.189.91.39, 185.125.190.36 | Outbound | 80 | [archive.ubuntu.com:80](https://archive.ubuntu.com:80) | Ubuntu | pf9ctl prep-node; packages installation () | | Ntp install - prep-node | 35.180.43.213, 67.219.148.138, 85.236.43.108, 18.225.36.18 | Outbound | | mirrorlist.centos.org | Centos | pf9ctl prepnode; ntp install | | Ntp install - prep-node | 108.170.47.61 | Outbound | | centos-distro.cavecreek.net | Centos | pf9ctl prepnode; ntp install | | Ntp install - prep-node | 199.193.113.164 | Outbound | | centos.hivelocity.net | Centos | pf9ctl prepnode; ntp install | | Ntp install - prep-node | 204.157.3.70 | Outbound | | mirror.cogentco.com | Centos | pf9ctl prepnode; ntp install | | Ntp install - prep-node | 131.210.12.35 | Outbound | | mirror.cs.uwp.edu | Centos | pf9ctl prepnode; ntp install | | download.docker.com - Container runtime configure. | 108.139.1.114,108.139.1.115, 108.139.1.117, 108.139.1.19 | Outbound | 443 | download.docker.com | | During cluster creation (bootstrap) | | gcr.io port - Start etcd | 142.251.2.82 | Outbound | 443 | gcr.io | | Start etcd step during cluster bootstraping | | Storage google apis accessing | 142.250.189.176, 142.251.214.144, 142.250.189.240, 142.250.191.48, 142.251.46.208, 142.250.72.208, 142.250.189.208, 142.251.32.48, 142.251.46.240 | Outbound | 443 | storage.googleapis.com | | | | k8s gcr accessing- Configure and start kube-proxy | 74.125.137.82 | Outbound | 443 | k8s.gcr.io | | Configure and start kube proxy (\[) | ## Additional Information Most of the IPs can be dynamic, so can be fetched/whitelisted from the **host domain.** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://platform9.com/kb/pmk/frequently-asked-questions/list-of-platform9-public-ips-and-repos-to-whitelist-in-firewall.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.