For Kots, a smaller set of IPs will be required:
Installation of KOTS
When Replicated is installed, it can be downloaded from the Internet or packaged up and delivered in an airgap pacakge. IP addresses for these services can be found in replicatedhq/ips
No outbound internet access is required for airgapped installations.
| Host | Existing Cluster Installation | Embedded Cluster Installation | Description |
|---|---|---|---|
| Docker Hub | Required | Required | Some dependencies of Replicated are hosted as public images in Docker Hub. |
| proxy.replicated.com | Required | Required | Upstream Docker images are proxied via proxy.replicated.com. The on-prem docker client uses a license ID to authenticate to proxy.replicated.com. This domain is owned by Replicated, Inc which is headquartered in Los Angeles, CA |
| replicated.app | Required | Required | Upstream application YAML and metadata is pulled from replicated.app. The current running version of the application (if any) will be sent, in addition to a license ID and an application IDs are sent to replicated.app to authenticate and receive these YAML files. This domain is owned by Replicated, Inc which is headquartered in Los Angeles, CA |
| k8s.kurl.sh | Not Required | Required | Kubernetes cluster installation scripts and artifacts are served from kurl.sh. An application identifier is sent in a URL path, and bash scripts and binary executables are served from kurl.sh. This domain is owned by Replicated, Inc which is headquartered in Los Angeles, CA |
| amazonaws.com | Not Required | Required | tar.gz packages are downloaded from Amazon S3 during embedded cluster installations. The IP ranges to whitelist for accessing these can be scraped dynamically from the AWS IP Address Ranges documentation. |