Reviewing Prerequisites
Before you download and install Anypoint Flex Gateway, ensure that you review and fulfill the following prerequisites.
Permission Requirements
Running Flex Gateway requires the following permissions:
-
Manage Servers and Read Servers permissions in Runtime Manager
Your Anypoint Platform Admin can add these permissions in Access Management. See Manage Team Permissions for more information.
Your Anypoint Platform Admin can also add a Connected App with the appropriate permissions. See Connected Apps for more information.
If you are using a Connected App to register Flex Gateway, it will need the following scopes:
-
Manage Servers
-
Read Servers
-
View Organization
Software Requirements
Software Requirements for Kubernetes Deployments
Running Flex Gateway on Kubernetes requires:
-
Ingress v1 (stable), which requires specifying
apiVersion: networking.k8s.io/v1as the API version in your configuration resources. -
A private cloud or data center.
Or, a cloud provider such as the following:
-
Google Kubernetes Engine (GKE)
-
Amazon Elastic Kubernetes Service (Amazon EKS)
-
Azure Kubernetes Service (AKS)
-
-
A minimum Helm version of 3.0.0.
Software Requirements for Linux Deployments
Flex Gateway runs on the following Long Term Support (LTS) versions of Linux:
-
Ubuntu Bionic
-
Ubuntu Focal
-
Debian 9 Stretch
|
Red Hat Enterprise Linux (RHEL) is not supported. |
Flex Gateway is designed to run in cloud-native architectures. You can therefore only install one gateway instance per Linux VM. Multiple installations on a single VM are not supported.
Hardware Requirements
Flex Gateway requires the following minimum hardware configuration:
-
CPU: 0.2 vCPU
-
Processor: Intel and AMD-64
-
Memory: 200 MB
Ports, IPs, and Hostnames Allow list Requirements
For Flex Gateway to communicate with MuleSoft-managed online Anypoint Platform APIs and services, you must add the following hostnames and ports of external resources to the allowlist:
| Plane | Host | Port | Mode | Description | Protocol |
|---|---|---|---|---|---|
US |
anypoint.mulesoft.com |
443 |
Both |
Required to connect with the control plane, push internal metrics, and download custom policy binaries |
HTTPS |
US |
arm-mcm2-service.kprod.msap.io |
443 |
Both |
Required to communicate with the transport layer |
mTLS |
US |
logging.ingestion.us-east-1.prod.cloudhub.io |
443 |
Both |
Required to send analytics data to the control plane |
HTTPS |
US |
metering.ingestion.us-east-1.prod.cloudhub.io |
443 |
Both |
Required to send analytics data to the control plane |
HTTPS |
US |
monitoring.ingestion.us-east-1.prod.cloudhub.io |
443 |
Both |
Required to send analytics data to the control plane |
HTTPS |
US |
exchange-files.anypoint.mulesoft.com |
443 |
Connected |
Required to download policies |
HTTPS |
US |
exchange2-asset-manager-kprod.s3.amazonaws.com |
443 |
Connected |
Required to download policies |
HTTPS |
US |
configuration-resolver.prod.cloudhub.io |
443 |
Connected |
Required to download policies |
HTTPS |
EU |
eu1.anypoint.mulesoft.com |
443 |
Both |
Required to connect with the control plane, push internal metrics, and download custom policy binaries |
HTTPS |
EU |
arm-mcm2-service.kprod-eu.msap.io |
443 |
Both |
Required to communicate with the transport layer |
mTLS |
EU |
logging.ingestion.eu-central-1.prod-eu.msap.io |
443 |
Both |
Required to send analytics data to the control plane |
HTTPS |
EU |
metering.ingestion.eu-central-1.prod-eu.msap.io |
443 |
Both |
Required to send analytics data to the control plane |
HTTPS |
EU |
monitoring.ingestion.eu-central-1.prod-eu.msap.io |
443 |
Both |
Required to send analytics data to the control plane |
HTTPS |
EU |
configuration-resolver.prod-eu.msap.io |
443 |
Connected |
Required to download policies |
HTTPS |
EU |
exchange-files.eu1.anypoint.mulesoft.com |
443 |
Connected |
Required to download policies |
HTTPS |
EU |
exchange2-asset-manager-kprod-eu.s3.eu-central-1.amazonaws.com |
443 |
Connected |
Required to download policies |
HTTPS |
|
Ports 4000, 9999, 15000, and 15100 are reserved for internal processes, and should not be used in |