Endpoint FAQs

📘

Orka 2.4.x content

This page has not been updated to reflect the changes introduced in Orka 3.0. Some of the information might be outdated or incorrect. Use 2.4.x to 3.0.0: API Mapping and 2.4.x to 3.0.0: CLI Mapping to figure out the correct endpoints and commands.

General

What's the Orka service endpoint?

The default Orka service endpoint is http://10.221.188.100 OR http://10.10.10.100. If configured, you might have a custom domain endpoint as well.

📘

What's your Orka endpoint?

You can get the IP for your Orka endpoint from your IP Plan.
For clusters initially deployed with Orka 2.1+, it's the .20 address for your Private-1 network.
For clusters initially deployed before Orka 2.1, it's the .100 address for your Private-1 network.
Usually, 10.221.188.20 or 10.221.188.100. You need to use http with the IP.

To get the custom domain for your Orka cluster, if enabled:

1. Log into your MacStadium account.
2. Go to Subscriptions (from the top right corner) and select your Orka cluster.
3. In the Subscription & Plan details, find your custom domain at the bottom. If you don't see a custom domain field, it's not enabled for your environment yet.
   You need to use https with your custom domain.

Note that you can use both http://<orka-IP> and https://<orka-custom-domain> in your workflows.

This endpoint is also known as the API URL that you need to configure in the Orka CLI.

You can run CLI commands and API calls to the Orka service endpoint only after you have connected via VPN to your Orka environment.

How do I test the Orka service endpoint?

1. Verify that you are connected via VPN to your Orka environment.
2. In a command-line tool, ping one of your Orka nodes.

curl <node-IP>

If your Orka endpoint is http://10.221.188.100, send a ping to 10.221.188.4.

If your Orka endpoint is http://10.10.10.100, send a ping to 10.10.10.4.

Endpoint security

Are the Orka endpoints secure?

Yes.

Kubernetes requires and uses PKI certificates for authentication over TLS to encrypt traffic between resources in the cluster. All Orka users use unique tokens for authentication that are validated against the certificate. This ensures secure instructions and traffic.

Additionally, the recommended VPN connection provides secure in-flight encryption, as do other communication methods. So, while the endpoint is an HTTP, it adheres to all MacStadium security standards.

For added security, you can use a custom Orka domain. Custom domains are TLS-enabled and require access via HTTPS.

Can I use HTTPS to access my Orka service endpoint?

Yes. Starting with Orka 1.5.4, built-in Orka domains are available to all users by default. Built-in Orka domains are TLS-enabled and require access via HTTPS.

You can also use external custom domains.

Orka domains

Can I have a custom domain as my Orka service endpoint?

Yes.

Built-in Orka domains are available to all users by default.

You can also use external custom domains.

What's my Orka domain?

If you don't know what your Orka domain is, contact the MacStadium team.

How do I access my environment via my built-in Orka domain?

1. Add the Orka domain to your hosts file.
2. Connect to your cluster via VPN.
3. Configure your Orka tools to target the Orka domain.
4. If you're using the Orka API, download and trust the Orka domain certificate.

Can I use the Orka domain and the service endpoint IP interchangeably?

Yes. Based on your preference, you can use https://<orka-domain> (https://company.orka.app) or http://<orka-service-endpoint> (http://10.221.188.20 or http://10.221.188.100) to access and interact with your environment.

Does my Orka domain change how I access my Orka VMs via VNC/SSH/Screen Sharing?

No. You still need to access the VM through its IP and the respective port, as listed by orka vm status or GET /resources/vm/status/<vm-name>.