You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/partials/install/_firewall-openings.mdx
+77-11Lines changed: 77 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,17 +4,83 @@ For services hosted at domains owned by Replicated, the table below includes a l
4
4
5
5
For third-party services hosted at domains not owned by Replicated, the table below lists the required domains. Consult the third-party's documentation for the IP address range for each domain, as needed.
| Docker Hub | Not Required | Required | Required | Some dependencies of KOTS are hosted as public images in Docker Hub. The required domains for this service are `index.docker.io`, `cdn.auth0.com`, `*.docker.io`, and `*.docker.com.`|
10
-
|`replicated.app`| Required | Required | Required | <p>Upstream application YAML and metadata is pulled from `replicated.app`. The current running version of the application (if any), as well as a license ID and application ID to authenticate, are all sent to `replicated.app`. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.</p> <p>For the range of IP addresses for `replicated.app`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L60-L65) in GitHub.</p> |
11
-
|`proxy.replicated.com`| Required | Required*| Required*| <p>Private Docker images are proxied through `proxy.replicated.com`. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.</p> <p>For the range of IP addresses for `proxy.replicated.com`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L52-L57) in GitHub.</p> |
12
-
| `registry.replicated.com` | Required** | Required** | Required** | <p>Some applications host private images in the Replicated registry at this domain. The on-prem docker client uses a license ID to authenticate to `registry.replicated.com`. This domain is owned by Replicated, Inc which is headquartered in Los Angeles, CA.</p><p> For the range of IP addresses for `registry.replicated.com`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L20-L25) in GitHub.</p>
13
-
|`kots.io`| Not Required | Required | Not Required | Requests are made to this domain when installing the Replicated KOTS CLI. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.|
14
-
|`github.com `| Not Required | Required | Not Required | Requests are made to this domain when installing the Replicated KOTS CLI. For information about retrieving GitHub IP addresses, see [About GitHub's IP addresses](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses) in the GitHub documentation. |
15
-
|`k8s.kurl.sh`<br/>`s3.kurl.sh`| Not Required | Not Required | Required | <p>kURL installation scripts and artifacts are served from [kurl.sh](https://kurl.sh). An application identifier is sent in a URL path, and bash scripts and binary executables are served from kurl.sh. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.</p><p> For the range of IP addresses for `k8s.kurl.sh`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L34-L39) in GitHub.</p><p> The range of IP addresses for `s3.kurl.sh` are the same as IP addresses for the `kurl.sh` domain. For the range of IP address for `kurl.sh`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L28-L31) in GitHub.</p> |
16
-
|`amazonaws.com`| Not Required | Not Required | Required |`tar.gz` packages are downloaded from Amazon S3 during installations with kURL. For information about dynamically scraping the IP ranges to allowlist for accessing these packages, see [AWS IP address ranges](https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html#aws-ip-download) in the AWS documentation.|
7
+
<table>
8
+
<tr>
9
+
<thwidth="10%">Host</th>
10
+
<thwidth="20%">Embedded Cluster</th>
11
+
<thwidth="20%">Helm</th>
12
+
<thwidth="20%">KOTS Existing Cluster</th>
13
+
<thwidth="20%">kURL</th>
14
+
<thwidth="10%">Description</th>
15
+
</tr>
16
+
<tr>
17
+
<td>Docker Hub</td>
18
+
<td>Not Required</td>
19
+
<td>Not Required</td>
20
+
<td>Required</td>
21
+
<td>Required</td>
22
+
<td>Some dependencies of KOTS are hosted as public images in Docker Hub. The required domains for this service are `index.docker.io`, `cdn.auth0.com`, `*.docker.io`, and `*.docker.com.`</td>
23
+
</tr>
24
+
<tr>
25
+
<td>`replicated.app`</td>
26
+
<td>Required</td>
27
+
<td>Required***</td>
28
+
<td>Required</td>
29
+
<td>Required</td>
30
+
<td><p>Upstream application YAML and metadata is pulled from `replicated.app`. The current running version of the application (if any), as well as a license ID and application ID to authenticate, are all sent to `replicated.app`. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.</p><p>For the range of IP addresses for `replicated.app`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L60-L65) in GitHub.</p></td>
31
+
</tr>
32
+
<tr>
33
+
<td>`proxy.replicated.com`</td>
34
+
<td>Required</td>
35
+
<td>Required</td>
36
+
<td>Required*</td>
37
+
<td>Required*</td>
38
+
<td><p>Private Docker images are proxied through `proxy.replicated.com`. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.</p><p>For the range of IP addresses for `proxy.replicated.com`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L52-L57) in GitHub.</p></td>
39
+
</tr>
40
+
<tr>
41
+
<td>`registry.replicated.com`</td>
42
+
<td>Required**</td>
43
+
<td>Required</td>
44
+
<td>Required**</td>
45
+
<td>Required**</td>
46
+
<td><p>Some applications host private images in the Replicated registry at this domain. The on-prem docker client uses a license ID to authenticate to `registry.replicated.com`. This domain is owned by Replicated, Inc which is headquartered in Los Angeles, CA.</p><p> For the range of IP addresses for `registry.replicated.com`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L20-L25) in GitHub.</p></td>
47
+
</tr>
48
+
<tr>
49
+
<td>`kots.io`</td>
50
+
<td>Not Required</td>
51
+
<td>Not Required</td>
52
+
<td>Required</td>
53
+
<td>Not Required</td>
54
+
<td>Requests are made to this domain when installing the Replicated KOTS CLI. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.</td>
55
+
</tr>
56
+
<tr>
57
+
<td>`github.com `</td>
58
+
<td>Not Required</td>
59
+
<td>Not Required</td>
60
+
<td>Required</td>
61
+
<td>Not Required</td>
62
+
<td>Requests are made to this domain when installing the Replicated KOTS CLI. For information about retrieving GitHub IP addresses, see [About GitHub's IP addresses](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses) in the GitHub documentation.</td>
63
+
</tr>
64
+
<tr>
65
+
<td><p>`k8s.kurl.sh`</p><p>`s3.kurl.sh`</p></td>
66
+
<td>Not Required</td>
67
+
<td>Not Required</td>
68
+
<td>Not Required</td>
69
+
<td>Required</td>
70
+
<td><p>kURL installation scripts and artifacts are served from [kurl.sh](https://kurl.sh). An application identifier is sent in a URL path, and bash scripts and binary executables are served from kurl.sh. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.</p><p> For the range of IP addresses for `k8s.kurl.sh`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L34-L39) in GitHub.</p><p> The range of IP addresses for `s3.kurl.sh` are the same as IP addresses for the `kurl.sh` domain. For the range of IP address for `kurl.sh`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L28-L31) in GitHub.</p></td>
71
+
</tr>
72
+
<tr>
73
+
<td>`amazonaws.com`</td>
74
+
<td>Not Required</td>
75
+
<td>Not Required</td>
76
+
<td>Not Required</td>
77
+
<td>Required</td>
78
+
<td>`tar.gz` packages are downloaded from Amazon S3 during installations with kURL. For information about dynamically scraping the IP ranges to allowlist for accessing these packages, see [AWS IP address ranges](https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html#aws-ip-download) in the AWS documentation.</td>
79
+
</tr>
80
+
</table>
17
81
18
82
* Required only if the application uses the Replicated proxy registry. Contact your software vendor for more information.
19
83
20
-
** Required only if the application uses the Replicated registry. Contact your software vendor for more information.
84
+
** Required only if the application uses the Replicated registry. Contact your software vendor for more information.
85
+
86
+
*** Required only if the Replicated SDK if included as a dependency of the application Helm chart. For more information, see [About the Replicated SDK](/vendor/replicated-sdk-overview).
0 commit comments