Akuity Platform Agent Networking Requirements in the workload cluster
Egress Traffic Rules
- Allow port
443(TCP) for secure HTTPS and TCP communication.
Domain Access
The following domains need to be configured and whitelisted for access :
US Region
akuity.cloud*.cd.akuity.cloud*.cdsvcs.akuity.cloud*.kargo.akuity.cloud*.kargosvcs.akuity.cloud
EU Region
eu.akuity.cloud*.cd.eu.akuity.cloud*.cdsvcs.eu.akuity.cloud*.kargo.eu.akuity.cloud*.kargosvcs.eu.akuity.cloud
IP Whitelisting
Akuity Platform IPs
When using Declarative Management, if the source for an ApplicationSet or "App of Apps" Application is behind an IP allow list (e.g., a private Git server), add the following addresses to permit access for the Akuity Platform:
US Region :
35.83.167.172
35.164.149.26
44.227.111.216
13.248.239.50
166.117.206.69
EU Region :
63.180.120.65
3.74.238.191
63.180.42.11
166.117.35.43
99.83.186.100
Cloudflare IPs
The Akuity Platform uses Cloudflare as a sub-processor to provide CDN and security services. Cloudflare only processes limited network-level metadata (IP addresses and HTTP request data) and does not access or retain customer application data, credentials, or stored content. Cloudflare is compliant with ISO 27001, SOC 2 Type II, PCI-DSS, GDPR, and other leading security standards.
When accessing resources behind IP allowlists (such as private Git repositories or artifact registries), you must add Cloudflare's IP ranges to your allowlist. This ensures that traffic from the Akuity Platform, which routes through Cloudflare, can successfully reach your protected resources.
For more information about Akuity's sub-processors, see the Sub-Processor list.