Built-In Orka Domains
MacStadium provides built-in TLS-enabled domains (Orka domains). Learn how to work with your own built-in Orka domain.
Quick navigation
Jump to: 1. Configure your connection | 2. Use the Orka domain in your day-to-day work | 3. (Orka API-only) Download and trust the Orka domain certificate
You can use an Orka domain (such as company.orka.app
) to access your Orka environment instead of the default Orka endpoints (10.221.188.100
or 10.221.188.20
). Starting with Orka 1.5.4, Orka domains are available to all users by default.
Built-in Orka domains provide improved security. They are TLS-enabled and require access via HTTPS.
1. Configure your connection
To be able to reach your Orka domain, you need to add the cluster Ingress IP and the Orka domain name to your hosts
file.
What's your Ingress IP?
If you reach your Orka endpoint at
*.*.*.20
, the Ingress IP is*.*.*.22
.
For example:10.221.188.22
.If you reach your Orka endpoint at
*.*.*.100
, the Ingress IP is*.*.*.241
.
For example:10.221.188.241
.
macOS and Linux
- In the Terminal, run the following command:
sudo nano /etc/hosts
- When prompted, provide your password.
- At the bottom of the file, on a new line, add the Ingress IP and the Orka domain, separated by a space.
<INGRESS-IP> <ORKA-DOMAIN>
For example:
10.221.188.22 company.orka.app
- Press
Ctrl+0
and then pressEnter
to save your changes. - Press
Ctrl+X
to exitnano
. - (Optional, macOS) If you cannot reach your Orka domain, try flushing the DNS cache.
dscacheutil -flushcache
Windows
- Press the
Windows
key and type Notepad in the search text box. - Right-click the Notepad icon and select Run as administrator.
- In Notepad, select File > Open.
- In the File name text box, type
C:\Windows\System32\drivers\etc\hosts
. - At the bottom of the file, on a new line, add the Ingress IP and the Orka domain, separated by a space.
<INGRESS-IP> <ORKA-DOMAIN>
For example:
10.221.188.22 company.orka.app
- Save your changes and close the file.
2. Use the Orka domain in your day-to-day work
Known limitation
Due to Node.js limitations, the Orka CLI cannot work with Orka domains. You need to use your Orka API endpoint (
http://10.221.188.20
orhttp://10.221.188.100
) with the Orka CLI, or switch to another Orka tool.
TIP
You can use your Orka API endpoint (
http://10.221.188.20
orhttp://10.221.188.100
) and your Orka domain (https://company.orka.app
) interchangeably in your workflows.
-
If you don't know what your Orka domain is, contact the MacStadium team.
-
Configure your Orka tools to target the Orka domain. Note that you need to use
https
with your Orka domain.- For the Orka API, change your API requests to target
https://<orka-domain>
. - For the Orka Web UI, open
https://<orka-domain>
in your browser. - For CI/CD integrations, switch to
https://<orka-domain>
in the respective plugin configuration.
- For the Orka API, change your API requests to target
3. (Orka API-only) Download and trust the Orka domain certificate
To be able to run API calls against your Orka domain, you need to download the certificate for the Orka domain locally and add it to your trusted certificates.
To download the certificate, complete the following steps:
- Open Firefox and navigate to
https://<orka-domain>
. - Click the padlock icon in the address bar. In the pop-up, click Connection secure and then More information.
- In the Page Info dialog, click View Certificate.
- Scroll down and locate the PEM download section. Download the
PEM (cert)
file.
macOS
- Open Keychain Access.
- Drag and drop the downloaded certificate to the login keychain.
- Double-click the newly added certificate.
- Expand the Trust section and for the When using this certificate setting, select Always Trust.
- Close the certificate info window and when prompted, provide your password.
Linux
Run the following commands:
sudo mkdir /usr/local/share/ca-certificates/extra
sudo cp mycertificate.pem /usr/local/share/ca-certificates/extra/mycertificate.crt
sudo update-ca-certificates
Windows
- Rename the downloaded certificate and change its extension to
.crt
. - Double-click the file and confirm that you want to open it.
- On the General tab, click Install Certificate.
- For Store Location, select Local Machine and click Next.
- When prompted, confirm that you want
Windows host process
to make changes to your device. - Select Place all certificates in the following store, click Browse and from the list, select Trusted Root Certification Authorities and click OK.
- Click Next, review the settings, and click Finish.
See also
Updated almost 2 years ago