Endpoint FAQs
Frequently asked questions about the Orka service endpoint, also known as the API URL.
General
What's the Orka service endpoint?
The default Orka service endpoint is http://10.221.188.100
OR http://10.10.10.100
. If configured, you might have a custom domain endpoint as well.
What's your Orka endpoint?
You can get the IP for your Orka endpoint from your IP Plan. It's the
.100
address for yourPrivate-1
network. Usually,10.221.188.100
or10.10.10.100
. You need to usehttp
with the IP.To get the custom domain for your Orka cluster, if enabled:
- Log into your MacStadium account.
- Go to Subscriptions (from the top right corner) and select your Orka cluster.
- In the Subscription & Plan details, find your custom domain at the bottom. If you don't see a custom domain field, it's not enabled for your environment yet.
You need to usehttps
with your custom domain.Note that you can use both
http://<orka-IP>
andhttps://<orka-custom-domain>
in your workflows.
This endpoint is also known as the API URL that you need to configure in the Orka CLI.
You can run CLI commands and API calls to the Orka service endpoint only after you have connected via VPN to your Orka environment.
How do I test the Orka service endpoint?
- Verify that you are connected via VPN to your Orka environment.
- In a command-line tool, ping one of your Orka nodes.
curl <node-IP>
If your Orka endpoint is http://10.221.188.100
, send a ping to 10.221.188.4
.
If your Orka endpoint is http://10.10.10.100
, send a ping to 10.10.10.4
.
Endpoint security
Are the Orka endpoints secure?
Yes.
Kubernetes requires and uses PKI certificates for authentication over TLS to encrypt traffic between resources in the cluster. All Orka users use unique tokens for authentication that are validated against the certificate. This ensures secure instructions and traffic.
Additionally, the recommended VPN connection provides secure in-flight encryption, as do other communication methods. So, while the endpoint is an HTTP
, it adheres to all MacStadium security standards.
For added security, you can use a custom Orka domain. Custom domains are TLS-enabled and require access via HTTPS.
Can I use HTTPS to access my Orka service endpoint?
Yes. To be able to use HTTPS, you need to have a custom Orka domain. Contact the MacStadium team to request that HTTPS access is enabled.
Custom domains
Can I have a custom domain as my Orka service endpoint?
Yes. Contact the MacStadium team to request a custom domain endpoint for your cluster.
Which VPN client are you using?
If you're using OpenConnect to access your Orka cluster via VPN, you need to add a DNS server to your network configuration.
If you're using Cisco AnyConnect on macOS or Linux, you're already set and you don't need to make any changes. If you're using Cisco AnyConnect on Windows, you need to add a DNS server.
What's my custom domain?
To get the custom domain endpoint for your Orka cluster, if enabled:
- Log into your MacStadium account.
- Go to Subscriptions (from the top right corner) and select your Orka cluster.
- In the Subscription & Plan details, find your custom domain at the bottom. If you don't see a custom domain field, it's not enabled for your environment yet.
You need to usehttps
with your custom domain.
How do I access my environment via custom domain?
After MacStadium configures the custom domain for your environment, you need to switch to using it manually.
- In the Orka CLI, run
orka config
and change the API URL tohttps://<orka-custom-domain>
. - In your Orka API calls, target
https://<orka-custom-domain>
.
Which VPN client are you using?
If you're using OpenConnect to access your Orka cluster via VPN, you need to add a DNS server to your network configuration.
If you're using Cisco AnyConnect on macOS or Linux, you're already set and you don't need to make any changes. If you're using Cisco AnyConnect on Windows, you need to add a DNS server.
Can I use the custom domain and the service endpoint IP interchangeably?
Yes. Based on your preference, you can use https://<orka-custom-domain>
(https://company.orka.app
) or http://<orka-service-endpoint
(http://10.10.10.100
or http://10.221.188.100
) to access and interact with your environment.
Does my custom domain change how I access my Orka VMs via VNC/SSH/Screen Sharing?
No. You still need to access the VM through it's IP and the respective port, as listed by orka vm status
or GET /resources/vm/status/<vm-name>
.
Updated about 3 years ago