Guides
GuidesAPI ReferenceJoin the Mailing ListMake a Suggestion

Endpoint FAQs

Frequently asked questions about the Orka service endpoint, also known as the API URL.

General

What's the Orka service endpoint?

The default Orka service endpoint is http://10.221.188.100 OR http://10.10.10.100. If configured, you might have a custom domain endpoint as well.

πŸ“˜

What's your Orka endpoint?

You can get the IP for your Orka endpoint from your IP Plan.
For clusters initially deployed with Orka 2.1+, it's the .20 address for your Private-1 network.
For clusters initially deployed before Orka 2.1, it's the .100 address for your Private-1 network.
Usually, 10.221.188.20 or 10.221.188.100. You need to use http with the IP.

To get the custom domain for your Orka cluster, if enabled:

  1. Log into your MacStadium account.
  2. Go to Subscriptions (from the top right corner) and select your Orka cluster.
  3. In the Subscription & Plan details, find your custom domain at the bottom. If you don't see a custom domain field, it's not enabled for your environment yet.
    You need to use https with your custom domain.

Note that you can use both http://<orka-IP> and https://<orka-custom-domain> in your workflows.

This endpoint is also known as the API URL that you need to configure in the Orka CLI.

You can run CLI commands and API calls to the Orka service endpoint only after you have connected via VPN to your Orka environment.

How do I test the Orka service endpoint?

  1. Verify that you are connected via VPN to your Orka environment.
  2. In a command-line tool, ping one of your Orka nodes.
curl <node-IP>

If your Orka endpoint is http://10.221.188.100, send a ping to 10.221.188.4.

If your Orka endpoint is http://10.10.10.100, send a ping to 10.10.10.4.

Endpoint security

Are the Orka endpoints secure?

Yes.

Kubernetes requires and uses PKI certificates for authentication over TLS to encrypt traffic between resources in the cluster. All Orka users use unique tokens for authentication that are validated against the certificate. This ensures secure instructions and traffic.

Additionally, the recommended VPN connection provides secure in-flight encryption, as do other communication methods. So, while the endpoint is an HTTP, it adheres to all MacStadium security standards.

For added security, you can use a custom Orka domain. Custom domains are TLS-enabled and require access via HTTPS.

Can I use HTTPS to access my Orka service endpoint?

Yes. To be able to use HTTPS, you need to have a custom Orka domain. Contact the MacStadium team to request that HTTPS access is enabled.

Custom domains

Can I have a custom domain as my Orka service endpoint?

Yes. Contact the MacStadium team to request a custom domain endpoint for your cluster.

πŸ“˜

Which VPN client are you using?

If you're using OpenConnect to access your Orka cluster via VPN, you need to add a DNS server to your network configuration.

If you're using Cisco AnyConnect on macOS or Linux, you're already set and you don't need to make any changes. If you're using Cisco AnyConnect on Windows, you need to add a DNS server.

What's my custom domain?

To get the custom domain endpoint for your Orka cluster, if enabled:

  1. Log into your MacStadium account.
  2. Go to Subscriptions (from the top right corner) and select your Orka cluster.
  3. In the Subscription & Plan details, find your custom domain at the bottom. If you don't see a custom domain field, it's not enabled for your environment yet.
    You need to use https with your custom domain.

How do I access my environment via custom domain?

After MacStadium configures the custom domain for your environment, you need to switch to using it manually.

  • In the Orka CLI, run orka config and change the API URL to https://<orka-custom-domain>.
  • In your Orka API calls, target https://<orka-custom-domain>.

πŸ“˜

Which VPN client are you using?

If you're using OpenConnect to access your Orka cluster via VPN, you need to add a DNS server to your network configuration.

If you're using Cisco AnyConnect on macOS or Linux, you're already set and you don't need to make any changes. If you're using Cisco AnyConnect on Windows, you need to add a DNS server.

Can I use the custom domain and the service endpoint IP interchangeably?

Yes. Based on your preference, you can use https://<orka-custom-domain> (https://company.orka.app) or http://<orka-service-endpoint> (http://10.221.188.20 or http://10.221.188.100) to access and interact with your environment.

Does my custom domain change how I access my Orka VMs via VNC/SSH/Screen Sharing?

No. You still need to access the VM through it's IP and the respective port, as listed by orka vm status or GET /resources/vm/status/<vm-name>.


Did this page help you?

Β© 2019-2022 Copyright MacStadium, Inc. – Documentation built with readme.io. Orka is a registered trademark of MacStadium, Inc.