Connectivity
Orchestrator IPs
Public IPs
The public IPs of the Orchestrator endpoints are:
34.128.156.4(with the DNS mappingsconsole.humanitec.devandapi.humanitec.dev)
Public source IPs
The public source IPs of the Orchestrator are:
35.198.140.11435.246.198.96
Runner connectivity
Any runner requires network connectivity to whichever endpoints it needs to call to execute the deployment. E.g. if the runner needs to upload a file to a storage bucket, it needs network access to that bucket.
Any runner also requires egress access on TCP port 443 to the image registry hosting the runner image for pulling that image. See runner image for details.
For each runner type, the Orchestrator will either launch runners itself or make use of an agent component to do so.
Direct: If the target compute for the runner execution is reachable for the Orchestrator, it can create a runner itself. This is true e.g. for runner types using a cloud-based service where the cloud API is publicly accessible, and shown as scenario (1) in the diagram below.
Agent: If the target compute for the runner execution is not reachable for the Orchestrator, the runner type comes with an agent which you install in your infrastructure. The agent creates an outbound, encrypted channel to the Orchestrator and continuously polls for deployment events. For each event, the agent launches a runner and relays the results back to the Orchestrator. This is shown as scenario (2) in the diagram below.
Direct
For a direct runner, ingress from the Orchestrator public source IPs to the system hosting the runner must be configured. For example, a kubernetes-gke runner requires ingress to the cluster API server.
Agent
For an agent runner, egress from the system hosting the runner to the Orchestrator public IPs on TCP port 443 must be configured. For example, a kubernetes-agent runner requires egress from the cluster nodes.