Skip to main content

Operator Networking Requirements

In order to operate properly, the Speedscale operator requires network access to the following services:

hostprotocoldirection
app.speedscale.comHTTPSOutbound
firehose.us-east-1.amazonaws.comHTTPSOutbound
sqs.us-east-1.amazonaws.comHTTPSOutbound
*.s3.us-east-1.amazonaws.comHTTPSOutbound
gcr.ioHTTPSOutbound

Note that these hosts may change and security via TLS is recommended as opposed to IP whitelisting. If you require a list of IPs, they can be programmatically accessed as shown here for AWS and here for GCR.

Cluster Webhook Access

Within your Kubernetes cluster, the Speedscale Operator relies on using Kubernetes webhooks to interact with workloads. Speedscale's webhooks run within the Operator's pod over TCP on port 9443. Traffic must be able to reach the pod and port in order for the Speedscale Operator to capture traffic.

Some environments, such as Google Kubernetes Engine Private Clusters, block webhook traffic by default. To allow webhook traffic within your GKE Private Cluster, please consult the GKE Private Cluster documentation on firewall rules.