Contact Us 1-800-596-4880
  1. Homepage
  2. Service Mesh (1.0)

  3. Review Prerequisites

Review Prerequisites for Downloading and Installing Anypoint Service Mesh

prepare to install breadcrumb

Before you download and install Anypoint Service Mesh, ensure that you review and fulfill the software, licensing, and permissions and roles requirements.

Audience Requirements

Anypoint Service Mesh is developed using Istio and Kubernetes. Therefore, you must have a working knowledge of Istio and Kubernetes to install and use Anypoint Service Mesh.

Software Requirements

Your Anypoint Service Mesh installation requires the following applications and Kubernetes environments:

  • One of the following environments on which to run Kubernetes:

    • Google Kubernetes Engine (GKE)

    • Amazon EKS

    • Azure Kubernetes Service (AKS)

  • Kubernetes (version 1.12, 1.13, 1.14, 1.15, or 1.16)

  • Istio (currently supported versions include 1.5x or 1.6x)

Hardware Requirements

Your Anypoint Service Mesh installation requires the following hardware configuration at a minimum:

  • CPU: 4 cores

  • Memory: 8 GBs

Production Licensing and Trial Licensing Requirements

You require an Anypoint Service Mesh license to perform the installation in your production environment. The license that you obtain must contain the following entitlements:

  • API Gateway: api-gateway

  • Cluster: clustering

For evaluation purposes, you can request a trial version of Anypoint Service Mesh. The trial version limits the use of the product and is best suited for only exploring and learning the product. The trial version is not recommended for production use.

To obtain a trial or regular license key, contact your MuleSoft account representative or the MuleSoft sales team.

Permissions and Roles Requirements

Before you can use Anypoint Service Mesh, you must:

  • Obtain the Organization Administrators role to access the client ID and client secret credentials.

  • From API Manager > Environment Information, obtain the client ID and client secret credentials to provision the adapter:

    • Provisioning the adapter with organization-level credentials enables you to manage all the APIs in every environment of your organization.

    • Provisioning the adapter with environment-level credentials enables you to manage APIs of only that specific environment of your organization. MuleSoft recommends that you use the environment credentials instead of the organization credentials.

      For more information about which permissions to use, see obtaining credentials.

  • Obtain the Cluster Administrator role to access the Kubernetes cluster (only required for installation process).

  • If you have configured an external identity provider for your organization, create a user in Anypoint Platform with Exchange Contributors and Manage APIs Configuration roles. Anypoint Service Mesh does not support users residing on an external identity provider for tasks such as creating and discovering APIs.

Ports, IPs, and Hostname Allow List Requirements

To enable Anypoint Service Mesh to communicate with the MuleSoft-managed online Anypoint Platform APIs and services, you must add the following hostnames and ports of external resources to the allow list:

Plane Host Port Description

US

anypoint.mulesoft.com

443

Required to connect with the control plane

US

analytics-ingest.anypoint.mulesoft.com

443

Required to send analytics data to the control plane

US

*.dkr.ecr.us-east-1.amazonaws.com

443

Required to download the docker images that constitute the Anypoint Service Mesh product

US

exchange-files.anypoint.mulesoft.com

443

Required to download policies

US

exchange2-asset-manager-kprod.s3.amazonaws.com

443

Required to download policies

EU

eu1.anypoint.mulesoft.com

443

Required to connect with the control plane

EU

analytics-ingest.eu1.anypoint.mulesoft.com

443

Required to send analytics data to the control plane

EU

*.dkr.ecr.eu-central-1.amazonaws.com

443

Required to download the docker images that constitute the Anypoint Service Mesh product

EU

exchange-files.eu1.anypoint.mulesoft.com

443

Required to download policies

EU

exchange2-asset-manager-kprod-eu.s3.eu-central-1.amazonaws.com

443

Required to download policies

ALL

get.helm.sh

443

Required to retrieve and install Helm on the computer from where you are installing the product

ALL

storage.googleapis.com

443

Required to retrieve and install Kubectl on the computer from where you are installing the product

Download, Install, and Configure Istio

You can install Istio 1.6.x, 1.5.x, or 1.4.x in your environment to support Anypoint Service Mesh. However, the Istio configuration for Anypoint Service Mesh differs based on the Istio version that you installed.

Prerequisites

Before you begin, ensure that you download Istio using the Istio Documentation.

Install and Configure Istio 1.6.x

Anypoint Service Mesh supports Istio 1.6.x versions 1.6.0 through 1.6.8. To install and configure Istio 1.6.x for Anypoint Service Mesh:

  1. Install Istio with the following flags enabled:

    1. Enable the policy control flag:

      values:
  meshConfig:
    disablePolicyChecks: false
  components:
    policy:
      enabled: true

    2. Enable the telemetry flag:

      values:
  telemetry:
    v1:
      enabled: true
    v2:
      enabled: false
components:
  citadel:
    enabled: true
  telemetry:
    enabled: true

      The following example illustrates a full manifest:

      apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  profile: default
  components:
    policy:
      enabled: true
    telemetry:
      enabled: true
    ingressGateways:
    - enabled: false
  meshConfig:
    disablePolicyChecks: false
  values:
    telemetry:
      v1:
        enabled: true
      v2:
        enabled: false

      When using the full manifest, ensure that you choose the correct profile. In the example, the default profile is used.

To install the manifest, run:

+ istioctl manifest apply -f <manifest-file.yaml>

Install and Configure Istio 1.5.x

Anypoint Service Mesh supports Istio 1.5.x versions 1.5.0 through 1.5.9. To install and configure Istio 1.5.x for Anypoint Service Mesh:

  1. Install Istio with the following flags enabled:

    1. Enable the policy control flag:

      values:
  global:
    disablePolicyChecks: false
  components:
    policy:
      enabled: true
    sidecarInjector:
      enabled: true

    2. Enable the telemetry flag:

      values:
  prometheus:
    enabled: true
  telemetry:
    v1:
      enabled: true
    v2:
      enabled: false
components:
  citadel:
    enabled: true
  telemetry:
    enabled: true

      The following example illustrates a full manifest:

      apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  profile: default
  components:
    policy:
      enabled: true
    sidecarInjector:
      enabled: true
    citadel:
      enabled: true
    telemetry:
      enabled: true
  addonComponents:
    prometheus:
      enabled: false
  values:
    global:
      disablePolicyChecks: false
    telemetry:
      v1:
        enabled: true
      v2:
        enabled: false

      When using the full manifest, ensure that you choose the correct profile. In the example, the default profile is used. To install the manifest, run:

      istioctl manifest apply -f <manifest-file.yaml>

Install and Configure Istio 1.4.x

Anypoint Service Mesh supports Istio 1.4.x versions 1.4.0 through 1.4.10. To install and configure Istio 1.4.x for Anypoint Service Mesh:

  1. Install Istio with the policy control flag enabled:

    --set values.global.disablePolicyChecks=false

    For more information about this flag, see Policy Enforcement.

See Also