Illumio IP addresses accessed by the Kubernetes Cloud Operator
The Kubernetes Cloud Operator deployed into each Kubernetes cluster uses TCP port 443 to connect to Illumio Segmentation for the Cloud. The operator uses this port to report Kubernetes resources and flow logs, and to retrieve configuration. You must allow access to that port for the IP addresses listed for the control plane and the Illumio Region where each cluster is onboarded. For an overview of Agentless Containers, see Agentless Containers overview. For the Illumio Cloud Operator code, which is open source under Apache License 2.0, see GitHub.
Illumio control plane (for all Kubernetes clusters)
All customers must allow connection to the following public IP addresses to successfully onboard each cluster. These IP addresses are required for the Kubernetes Cloud Operator to authenticate and communicate with Illumio Segmentation for the Cloud. Ensure that you add these IP addresses to your firewall’s outbound allow list.
35.80.225.104
100.20.246.114
52.42.243.65
Illumio AWS US West 1 Region (data plane)
The Kubernetes Cloud Operators onboarded into this Illumio Region access the following FQDN and its resolved IP addresses to report Kubernetes resources and flow logs, and to retrieve the configuration. Add them to your firewall outbound allowed list for each cluster onboarded into this Illumio Region.
k8sclustersync.aws.us-west-1.prod.cloud.illum.io
54.153.101.43
52.52.76.163
Illumio AWS US West 2 Region (data plane)
The Kubernetes Cloud Operators onboarded into this Illumio Region access the following FQDN and its resolved IP addresses to report Kubernetes resources and flow logs, and to retrieve the configuration. Add them to your firewall outbound allowed list for each cluster onboarded into this Illumio Region.
k8sclustersync.aws.us-west-2.prod.cloud.illum.io
35.82.131.82
52.89.200.143
54.214.36.211
Illumio AWS AP Southeast 2 Region (data plane)
The Kubernetes Cloud Operators onboarded into this Illumio Region access the following FQDN and its resolved IP addresses to report Kubernetes resources and flow logs, and to retrieve the configuration. Add them to your firewall outbound allowed list for each cluster onboarded into this Illumio Region.
k8sclustersync.aws.ap-southeast-2.prod.cloud.illum.io
54.79.89.106
3.24.74.41
13.211.119.109
Illumio AWS EU West 2 Region (data plane)
The Kubernetes Cloud Operators onboarded into this Illumio Region access the following FQDN and its resolved IP addresses to report Kubernetes resources and flow logs, and to retrieve the configuration. Add them to your firewall outbound allowed list for each cluster onboarded into this Illumio Region.
k8sclustersync.aws.eu-west-2.prod.cloud.illum.io
13.43.35.249
52.56.199.135
35.177.86.66
Illumio Azure US East 2 Region (data plane)
The Kubernetes Cloud Operators onboarded into this Illumio Region access the following FQDN and its resolved IP addresses to report Kubernetes resources and flow logs, and to retrieve the configuration. Add them to your firewall outbound allowed list for each cluster onboarded into this Illumio Region.
k8sclustersync.azure.eastus.prod.cloud.illum.io
172.190.182.192
Illumio Azure Germany West Central Region (data plane)
The Kubernetes Cloud Operators onboarded into this Illumio Region access the following FQDN and its resolved IP addresses to report Kubernetes resources and flow logs, and to retrieve the configuration. Add them to your firewall outbound allowed list for each cluster onboarded into this Illumio Region.
k8sclustersync.azure.gwc.prod.cloud.illum.io
9.141.21.191
Illumio Azure West US 2 Region (data plane)
The Kubernetes Cloud Operators onboarded into this Illumio Region access the following FQDN and its resolved IP addresses to report Kubernetes resources and flow logs, and to retrieve the configuration. Add them to your firewall outbound allowed list for each cluster onboarded into this Illumio Region.
k8sclustersync.azure.westus2.prod.cloud.illum.io
52.175.211.226
Illumio Azure Northern Europe Region (data plane)
The Kubernetes Cloud Operators onboarded into this Illumio Region access the following FQDN and its resolved IP addresses to report Kubernetes resources and flow logs, and to retrieve the configuration. Add them to your firewall outbound allowed list for each cluster onboarded into this Illumio Region.
k8sclustersync.azure.northeurope.prod.cloud.illum.io
52.169.232.123
Illumio Azure Australia East Region (data plane)
The Kubernetes Cloud Operators onboarded into this Illumio Region access the following FQDN and its resolved IP addresses to report Kubernetes resources and flow logs, and to retrieve the configuration. Add them to your firewall outbound allowed list for each cluster onboarded into this Illumio Region.
k8sclustersync.azure.australiaeast.prod.cloud.illum.io
104.21.106.55
Illumio Azure West US 3 Region (data plane)
The Kubernetes Cloud Operators onboarded into this Illumio Region access the following FQDN and its resolved IP addresses to report Kubernetes resources and flow logs, and to retrieve the configuration. Add them to your firewall outbound allowed list for each cluster onboarded into this Illumio Region.
k8sclustersync.azure.westus3.prod.cloud.illum.io
4.227.90.231
Illumio Azure Japan East Region (data plane)
The Kubernetes Cloud Operators onboarded into this Illumio Region access the following FQDN and its resolved IP addresses to report Kubernetes resources and flow logs, and to retrieve the configuration. Add them to your firewall outbound allowed list for each cluster onboarded into this Illumio Region.
k8sclustersync.azure.japaneast.prod.cloud.illum.io
130.33.75.158
Illumio Azure Middle East Central Region (data plane)
The Kubernetes Cloud Operators onboarded into this Illumio Region access the following FQDN and its resolved IP addresses to report Kubernetes resources and flow logs, and to retrieve the configuration. Add them to your firewall outbound allowed list for each cluster onboarded into this Illumio Region.
k8sclustersync.azure.me-central-1.prod.cloud.illum.io
54.68.217.146
54.191.197.206
Illumio Azure UAE North Region (data plane)
The Kubernetes Cloud Operators onboarded into this Illumio Region access the following FQDN and its resolved IP addresses to report Kubernetes resources and flow logs, and to retrieve the configuration. Add them to your firewall outbound allowed list for each cluster onboarded into this Illumio Region.
k8sclustersync.azure.uaenorth.prod.cloud.illum.io
40.120.107.178