Skip to main content

Akuity Platform Agent Networking Requirements in the workload cluster

Egress Traffic Rules

  • Allow port 443 (TCP) for secure HTTPS and TCP communication.

Domain Access

  • Permit access to the akuity.cloud domain and all its subdomains:
    • *.cd.akuity.cloud
    • *.cdsvcs.akuity.cloud
    • *.kargo.akuity.cloud
    • *.kargosvcs.akuity.cloud

IP Whitelisting

- Akuity Platform IPs

When using Declarative Management, if the source for an ApplicationSet or "App of Apps" Application is behind an IP allow list (e.g., a private Git server), add the following addresses to permit access for the Akuity Platform:

35.83.167.172
35.164.149.26
44.227.111.216

- Cloudflare IPs

The Akuity Platform uses Cloudflare as a sub-processor to provide CDN and security services. Cloudflare only processes limited network-level metadata (IP addresses and HTTP request data) and does not access or retain customer application data, credentials, or stored content. Cloudflare is compliant with ISO 27001, SOC 2 Type II, PCI-DSS, GDPR, and other leading security standards.

When accessing resources behind IP allowlists (such as private Git repositories or artifact registries), you must add Cloudflare's IP ranges to your allowlist. This ensures that traffic from the Akuity Platform, which routes through Cloudflare, can successfully reach your protected resources.

Cloudflare IP Ranges

For more information about Akuity's sub-processors, see the Sub-Processor list.