Skip to main content

Allowlist Harness Platform IPs and CIDR

Harness supports allowlisting of its SaaS infrastructure IPs to enable secure access to private networks. This is helpful when you want to connect Harness to internal systems such as Kubernetes clusters, artifact repositories, SCMs, or other internal services.

We recommend contacting Harness Support to receive the correct list of IPs and guidance based on your use case, region, and Harness modules in use.

Outbound Access Requirements

Harness Delegates typically only require outbound access to the following domains:

  • app.harness.io – Primary Harness platform endpoint.

  • logging.googleapis.com – (Optional) Used to send logs to Harness Support. This can be disabled using the STACK_DRIVER_LOGGING_ENABLED environment variable. Learn more.

Allowlisting Harness IPs

To connect securely from Harness to your internal infrastructure — such as for:

  • Pipeline execution using Harness Cloud

  • Deployments via GitOps agents

  • Feature Flags

  • Hosted builds (Linux/macOS)

  • Internal APIs or SCM access

You may need to allowlist specific IP ranges based on the Harness services you're using.

note

Harness provides region- and service-specific IPs for allowlisting. These are not publicly listed to avoid misuse. Please reach out to Harness Support to obtain the accurate IPs required for your setup.

Configure clusters

To ensure proper functionality, configure your clusters with API access to the authorized Harness IP addresses.

If you have not yet configured your clusters with the required IP addresses, use the links provided below to complete the configuration for the listed clusters.

Using Secure Connect for Harness Cloud (Optional Alternative)

If allowlisting IPs is not feasible due to security policies or firewall constraints, you can use Secure Connect to establish a secure tunnel between Harness Cloud and your private infrastructure — without exposing any public endpoints.