Illumio IP addresses accessed by the Kubernetes Cloud Operator
The Kubernetes Cloud Operator deployed into each Kubernetes cluster uses TCP port 443 to connect to Illumio Segmentation for the Cloud. The operator uses this port to report Kubernetes resources and flow logs, and to retrieve configuration. You must allow access to that port for the IP addresses listed for the control plane and the Illumio Regions where each cluster is onboarded. For an overview of Agentless Containers, see Agentless Containers overview. For the Illumio Cloud Operator code, which is open source under Apache License 2.0, see GitHub.
Illumio control plane (for all Kubernetes clusters)
All customers must permit the following public IP addresses to successfully onboard clusters. These IPs are required for the Kubernetes Cloud Operator to authenticate and communicate with Illumio Segmentation for the Cloud. Ensure that you add these IPs to your firewall’s outbound allow list.
35.80.225.104
100.20.246.114
52.42.243.65
Illumio AWS US West 2 Region (data plane)
The Kubernetes Cloud Operators onboarded into this Illumio Region access the following public IP addresses to report Kubernetes resources and flow logs, and to retrieve the configuration. Add them to your firewall outbound allowed list for each cluster onboarded into this Illumio Region.
k8sclustersync.aws.us-west-2.prod.cloud.illum.io
35.82.131.82
52.89.200.143
54.214.36.211
Illumio AWS AP Southeast 2 Region (data plane)
The Kubernetes Cloud Operators onboarded into this Illumio Region access the following public IP addresses to report Kubernetes resources and flow logs, and to retrieve the configuration. Add them to your firewall outbound allowed list for each cluster onboarded into this Illumio Region.
k8sclustersync.aws.ap-southeast-2.prod.cloud.illum.io
54.79.89.106
3.24.74.41
13.211.119.109
Illumio AWS US West 1 Region (data plane)
The Kubernetes Cloud Operators onboarded into this Illumio Region access the following public IP addresses to report Kubernetes resources and flow logs, and to retrieve the configuration. Add them to your firewall outbound allowed list for each cluster onboarded into this Illumio Region.
k8sclustersync.aws.us-west-1.prod.cloud.illum.io
54.153.101.43
52.52.76.163
Illumio AWS EU West 2 Region (data plane)
The Kubernetes Cloud Operators onboarded into this Illumio Region access the following public IP addresses to report Kubernetes resources and flow logs, and to retrieve the configuration. Add them to your firewall outbound allowed list for each cluster onboarded into this Illumio Region.
k8sclustersync.aws.eu-west-2.prod.cloud.illum.io
13.43.35.249
52.56.199.135
35.177.86.66
Illumio Azure US East 2 Region (data plane)
The Kubernetes Cloud Operators onboarded into this Illumio Region access the following public IP addresses to report Kubernetes resources and flow logs, and to retrieve the configuration. Add them to your firewall outbound allowed list for each cluster onboarded into this Illumio Region.
k8sclustersync.azure.eastus.prod.cloud.illum.io
172.190.182.192
Illumio Azure Germany West Central Region (data plane)
The Kubernetes Cloud Operators onboarded into this Illumio Region access the following public IP addresses to report Kubernetes resources and flow logs, and to retrieve the configuration. Add them to your firewall outbound allowed list for each cluster onboarded into this Illumio Region.
k8sclustersync.azure.gwc.prod.cloud.illum.io
9.141.21.191
Illumio Azure West US 2 Region (data plane)
The Kubernetes Cloud Operators onboarded into this Illumio Region access the following public IP addresses to report Kubernetes resources and flow logs, and to retrieve the configuration. Add them to your firewall outbound allowed list for each cluster onboarded into this Illumio Region.
k8sclustersync.azure.westus2.prod.cloud.illum.io
52.175.211.226