Review Prerequisites for Downloading and Installing Anypoint Service Mesh
Before you download and install Anypoint Service Mesh, ensure that you review and fulfill the software, licensing, and permissions and roles requirements.
Audience Requirements
Anypoint Service Mesh is developed using Istio and Kubernetes. Therefore, you must have a working knowledge of Istio and Kubernetes to install and use Anypoint Service Mesh.
Software Requirements
Your Anypoint Service Mesh installation requires you to:
-
Install one of the following environments on which to run Kubernetes:
-
Google Kubernetes Engine (GKE)
-
Amazon EKS
-
Azure Kubernetes Service (AKS)
-
Red Hat OpenShift
-
-
If installing Anypoint Service Mesh 1.2.0:
-
Install Kubernetes (versions 1.12 through 1.20) or Red Hat OpenShift (version 4.x)
-
Install Istio (versions 1.7.x through 1.11.x)
-
-
If installing Anypoint Service Mesh 1.2.1 or above:
-
Install Kubernetes (versions 1.22 through 1.26)
-
Install Istio (versions 1.11.x through 1.17.x)
-
-
Not install Service Catalog in the target cluster
Because Service Catalog is installed with Anypoint Service Mesh as part of the install process, uninstall Service Catalog if previously installed.
Hardware Requirements
Your Anypoint Service Mesh installation requires the following hardware configuration at a minimum:
-
CPU: 4 cores
-
Memory: 8 GBs
Production Licensing and Trial Licensing Requirements
You require an Anypoint Service Mesh license to perform the installation in your production environment. The license that you obtain must contain the following entitlements:
-
API Gateway: api-gateway
-
Cluster: clustering
For evaluation purposes, you can request a trial version of Anypoint Service Mesh. The trial version limits the use of the product and is best suited for only exploring and learning the product. The trial version is not recommended for production use.
To obtain a trial or regular license key, contact your MuleSoft account representative or the MuleSoft sales team.
Permissions and Roles Requirements
Before you can use Anypoint Service Mesh, you must:
-
Obtain the Organization Administrators role to access the client ID and client secret credentials.
-
From API Manager > Environment Information, obtain the client ID and client secret credentials to provision the adapter:
-
Provisioning the adapter with organization-level credentials enables you to manage all the APIs in every environment of your organization.
-
Provisioning the adapter with environment-level credentials enables you to manage APIs of only that specific environment of your organization. MuleSoft recommends that you use the environment credentials instead of the organization credentials.
For more information about which permissions to use, see obtaining credentials.
-
-
Obtain the Cluster Administrator role to access the Kubernetes cluster (only required for installation process).
-
If you have configured an external identity provider for your organization, create a Connected App in Anypoint Platform with Exchange Contributors and Manage APIs Configuration roles. Anypoint Service Mesh does not support users residing on an external identity provider for tasks, such as creating and discovering APIs.
Ports, IPs, and Hostnames Allow list Requirements
To enable Anypoint Service Mesh to communicate with the MuleSoft-managed online Anypoint Platform APIs and services, you must add the following hostnames and ports of external resources to the allow list:
Plane | Host | Port | Description |
---|---|---|---|
US |
anypoint.mulesoft.com |
443 |
Required to connect with the control plane |
US |
analytics-ingest.anypoint.mulesoft.com |
443 |
Required to send analytics data to the control plane |
US |
*.dkr.ecr.us-east-1.amazonaws.com |
443 |
Required to download the docker images that constitute the Anypoint Service Mesh product |
US |
exchange-files.anypoint.mulesoft.com |
443 |
Required to download policies |
US |
exchange2-asset-manager-kprod.s3.amazonaws.com |
443 |
Required to download policies |
EU |
eu1.anypoint.mulesoft.com |
443 |
Required to connect with the control plane |
EU |
analytics-ingest.eu1.anypoint.mulesoft.com |
443 |
Required to send analytics data to the control plane |
EU |
*.dkr.ecr.eu-central-1.amazonaws.com |
443 |
Required to download the docker images that constitute the Anypoint Service Mesh product |
EU |
exchange-files.eu1.anypoint.mulesoft.com |
443 |
Required to download policies |
EU |
exchange2-asset-manager-kprod-eu.s3.eu-central-1.amazonaws.com |
443 |
Required to download policies |
ALL |
get.helm.sh |
443 |
Required to retrieve and install Helm on the computer from where you are installing the product |
ALL |
storage.googleapis.com |
443 |
Required to retrieve and install Kubectl on the computer from where you are installing the product |
Download, Install, and Configure Istio
Anypoint Service Mesh supports specific Istio versions. You can install any of these Istio versions in your environment within your Kubernetes or OpenShift cluster.
Prerequisites
Before you begin, ensure that you download Istio using the Istio Documentation.
Install and Configure Istio
To install and configure Istio for Anypoint Service Mesh, run the command most appropriate for the container platform that you have installed in your environment:
-
Kubernetes
$ istioctl install
-
OpenShift
$ oc adm policy add-scc-to-group anyuid system:serviceaccounts:istio-system
$ istioctl install --set components.cni.enabled=true --set components.cni.namespace=kube-system --set values.cni.cniBinDir=/opt/multus/bin --set values.cni.cniConfDir=/etc/cni/multus/net.d --set values.cni.chained=false --set values.cni.cniConfFileName="istio-cni.conf" --set values.sidecarInjectorWebhook.injectedAnnotations."k8s\.v1\.cni\.cncf\.io/networks"=istio-cni