DigitalOcean

Report this

What is the reason for this report?
Question

How to open external FW for a DO Kubernetes cluster (IP ranges)?

Posted on February 21, 2020
DigitalOcean Managed Kubernetes
Erik S

By Erik S

I do not currently run anything in DO, but considering starting a Kubernetes cluster. From the app running on the cluster I need to access an external service behind a firewall that needs to be opened up with specific IPs or IP subnets.

How would I do that?



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Bobby
Bobby
June 28, 2023

Hi there,

DigitalOcean’s Kubernetes service uses a load balancer to expose your applications to the internet. The Load Balancer has an external IP address that you can use to access your application. If your application needs to access an external service that is behind a firewall, you can use this IP address to configure the firewall rules.

However, it’s important to know that the outbound connections from your Kubernetes pods don’t originate from the Load Balancer IP. They use the node’s IP where the pod is currently running. And because Kubernetes can schedule pods to different nodes, the source IP of outbound connections can change.

If you need to whitelist a specific IP range in an external firewall, DigitalOcean currently doesn’t provide dedicated IP ranges for DOKS or other services. A common workaround for this is to set up a server (like a Droplet or a dedicated Kubernetes node) with a static public IP, and route your traffic to the external service through that server.

Here is a discussion about this for more information:

https://github.com/digitalocean/DOKS/issues/9

If you want to give it a try then you can follow the URL: https://github.com/digitalocean/k8s-staticroute-operator/

Best,

Bobby

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and AI-native businesses

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2026 DigitalOcean, LLC.Sitemap.