Requirements for a baremetal-based cluster

If you use a firewall or proxy, make sure that the bootstrap, management, and regional clusters have access to the following IP ranges and domain names:

  • IP ranges:

  • Domain names:

    • and for packages

    • for binaries and Helm charts

    • and * for Docker images

    • for Telemetry (port 443 if proxy is enabled)

    • and for Salesforce alerts


  • Access to Salesforce is required from any Container Cloud cluster type.

  • If any additional Alertmanager notification receiver is enabled, for example, Slack, its endpoint must also be accessible from the cluster.