+
+

Reviewing Prerequisites

Before you download and install Anypoint Flex Gateway, ensure that you review and fulfill the following prerequisites.

Permission Requirements

Running Flex Gateway requires the following permissions:

  • Manage Servers and Read Servers permissions in Runtime Manager

Your Anypoint Platform Admin can add these permissions in Access Management. See Manage Team Permissions for more information.

Your Anypoint Platform Admin can also add a Connected App with the appropriate permissions. See Connected Apps for more information.

If you are using a Connected App to register Flex Gateway, it will need the following scopes:

  • Manage Servers

  • Read Servers

  • View Organization

Software Requirements

Software Requirements for Kubernetes Deployments

Running Flex Gateway on Kubernetes requires:

  • An active version of Kubernetes.

  • Ingress v1 (stable), which requires specifying apiVersion: networking.k8s.io/v1 as the API version in your configuration resources.

  • A cloud provider, for example:

    • Google Kubernetes Engine (GKE)

    • Amazon Elastic Kubernetes Service (Amazon EKS)

    • Azure Kubernetes Service (AKS)

  • A minimum Helm version of 3.0.0.

Software Requirements for Linux Deployments

Running Flex Gateway on Linux requires:

  • Any standard Long Term Support (LTS) version of Ubuntu and Debian, for example:

    • Ubuntu Bionic

    • Ubuntu Focal

    • Debian 9 Stretch

Red Hat Enterprise Linux (RHEL) is not supported.

Flex Gateway is designed to run in cloud-native architectures. You can therefore only install one gateway instance per Linux VM. Multiple installations on a single VM are not supported.

Hardware Requirements

Flex Gateway requires the following minimum hardware configuration:

  • CPU: 0.2 vCPU

  • Processor: Intel and AMD-64

  • Memory: 200 MB

Ports, IPs, and Hostnames Allow list Requirements

For Flex Gateway to communicate with MuleSoft-managed online Anypoint Platform APIs and services, you must add the following hostnames and ports of external resources to the allowlist:

Plane Host Port Mode Description Protocol

US

anypoint.mulesoft.com

443

Both

Required to connect with the control plane, push internal metrics, and download custom policy binaries

HTTPS

US

us-east-1.prod.msap.io

443

Both

Required to send analytics data to the control plane

mTLS

US

exchange-files.anypoint.mulesoft.com

443

Connected

Required to download policies

HTTPS

US

exchange2-asset-manager-kprod.s3.amazonaws.com

443

Connected

Required to download policies

HTTPS

US

arm-mcm2-service.kprod.msap.io

443

Connected

Required to communicate with the Transport Layer

mTLS

EU

eu1.anypoint.mulesoft.com

443

Both

Required to connect with the control plane, push internal metrics, and download custom policy binaries

HTTPS

EU

eu-central-1.prod-eu.msap.io

443

Both

Required to send analytics data to the control plane

HTTPS

EU

exchange-files.eu1.anypoint.mulesoft.com

443

Connected

Required to download policies

HTTPS

EU

arm-mcm2-service.kprod-eu.msap.io

443

Both

Required to communicate with the Transport Layer

mTLS

Was this article helpful?

💙 Thanks for your feedback!

Submit your feedback!
Share your thoughts to help us build the best documentation experience for you!
Take our latest survey!