This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

What are the firewall requirements for the hybrid deployment with non-gke cluster?

Posted on 08-06-2019 10:39 PM
jimlin
New Member
Reply posted on --/--/---- --:-- AM

I am evaluating the "apigee hybrid"[1], and my "runtime plane"[1] will be a non-gke cluster in the data center.

Our data center security team need review the firewall ports (both ingress and egress) which are required for the "management plane"[1] and "google cloud platform services"[1].

I can't find the document about the required firewall ports for the hybrid deployment with non-gke cluster.

Does anyone know about the ports (both ingress and egress)?

1. https://docs.apigee.com/hybrid/beta2/what-is-hybrid

Solved Solved
1 2 412
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
gregkuelgen
Staff
Reply posted on --/--/---- --:-- AM

Hi @Jim Lin - There are going to be some doc updates coming soon on this exact topic. For the current beta release you need to allow the following.

  • Outgoing access on port 443
    • This is used by components like Synchronizer to fetch configuration data about an API environment from the management plane to the runtime plane and the Universal Data Collection Agent (UDCA) to extract analytics and deployment status data and send it to the management plane
    • Inbound access on port 443
      • This needed for the Management API for Runtime Data (MART). This MART endpoint must be exposed to the internet using a DNS entry and publicly signed certificate

    View solution in original post

    Jump to Solution
    0 Likes
    2 REPLIES 2

    Posted on --/--/---- --:-- AM
    jimlin
    New Member
    Reply posted on --/--/---- --:-- AM

    I found doc[1].

    Can I conclude this: "Only inbound port 443 and outbound port 443 are required"?

    Document

    1. https://docs.apigee.com/hybrid/beta2/service-config

    Jump to Solution
    0 Likes

    Posted on --/--/---- --:-- AM
    gregkuelgen
    Staff
    Reply posted on --/--/---- --:-- AM

    Hi @Jim Lin - There are going to be some doc updates coming soon on this exact topic. For the current beta release you need to allow the following.

    • Outgoing access on port 443
      • This is used by components like Synchronizer to fetch configuration data about an API environment from the management plane to the runtime plane and the Universal Data Collection Agent (UDCA) to extract analytics and deployment status data and send it to the management plane
      • Inbound access on port 443
        • This needed for the Management API for Runtime Data (MART). This MART endpoint must be exposed to the internet using a DNS entry and publicly signed certificate
      Jump to Solution
      0 Likes
      Top Solution Authors
      View all