1. Home
  2. Guides
  3. Full-Site Delivery
  4. Caching

Fastly Anywhere

This information is part of a beta release. For additional details, read our product and feature lifecycle descriptions.

Fastly Anywhere makes it possible to deploy Fastly's software in public cloud environments. By installing Fastly Anywhere in Kubernetes clusters that you supply and manage, you can deploy your own point of presence (POP) and extend the Fastly platform.

Prerequisites and limitations

This product requires a paid Fastly user account and is designed to be installed in public cloud environments. You are responsible for maintaining your Kubernetes installation.

Fastly Anywhere currently only supports Compute services.

Distribution

A supported Kubernetes (k8s) distribution is required to run Fastly Anywhere. We support the following distributions:

Cloud providerSupported versions
Alicloud Container Service for Kubernetes (ACK)
  • 1.30
  • 1.28
Google Kubernetes Engine (GKE)
  • 1.30
  • 1.29
  • 1.28

Resources

The recommended minimum resources for cluster worker nodes is 4 vCPUs and 8 GB of RAM.

Kubernetes environment

Your Kubernetes environment must meet the following requirements.

Dedicated cluster

To minimize issues from noisy neighbors, we require a standalone cluster and a dedicated namespace to run Fastly Anywhere.

Storage Class

Either a default Storage Class or an overridden storage class name must be provided. As minimum volume sizes differ between cloud providers and storage classes, volume sizes must also be defined as Helm values.

Egress

We require network egress to be open for bootstrapping, operation, and observability. There are agents running in the Anywhere installation that assist with shipping application metrics and logs back to Fastly to be visualized internally and externally, as well as fetching Fastly configurations from our control planes.

Cert Manager

Fastly requires Cert Manager v1.14 to be installed and available for use within the cluster. The Fastly Anywhere product uses Cert Manager to manage mTLS credentials used for secure communications between Fastly services.

TLS Ingress

We expose the Anywhere installation via an internal Service, allowing you to use an Ingress or any other public or private load balancing solution to deliver traffic to the cluster. Delivery is the responsibility of the customer.

The Fastly TLS products are not supported. TLS should be terminated at the Ingress fronting the Anywhere installation.

# nginx-ingress-example.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: cafe-ingress
  annotations:
    nginx.ingress.kubernetes.io/upstream-vhost: cafe.example.com # This must match the domain configured for the service in Fastly.
spec:
  tls:
  - hosts:
    - cafe.example.com
    secretName: cafe-secret
  rules:
  - host: cafe.example.com # This must match the DNS name that clients reach the Ingress over.
    http:
      paths:
      - path: / # You can change this to whatever works for your use case.
        pathType: Exact
        backend:
          service:
            name: h2o # The service name will technically be prefixed with the Helm chart name to minimize collisions, but it will include "h2o" in the name.
            port:
              number: 80 # Make sure this is port 80.

Helm

Fastly requires Helm version 3.x, for installation and ongoing operation.

The cluster must have valid Fastly Anywhere Registry credentials installed into a Kubernetes secret in order to install the Helm chart.

The Helm chart requires a valid Fastly API Token for the account whose services you want to load into the cluster. Additionally, Fastly will provide a bootstrap token to identify your cluster to Fastly's API.

Installation

Use the following steps to install Fastly Anywhere:

  1. Create a Fastly API automation token.

  2. Use the Fastly Anywhere bootstrap token and registry credentials provided by Fastly.

    The username and password used for the docker registry and the Helm registry should be the same.

  3. Create a Kubernetes namespace.

    kubectl create namespace fastly-anywhere

  4. Add a Docker registry secret to the Kubernetes cluster.

    # access to container images
    kubectl create secret docker-registry regcred \
      --namespace fastly-anywhere \
      --docker-server=us-docker.pkg.dev \
      --docker-username=_json_key_base64 \
      --docker-email="${EMAIL}" \
      --docker-password="${CREDENTIAL_B64}"

  5. Add the Helm registry credentials.

    # access to Helm chart
    helm registry login https://us-docker.pkg.dev \
      --username _json_key_base64 \
      --password "${CREDENTIAL_B64}"

  6. Configure the Anywhere Helm chart with storage, automation, and bootstrap token values.

    Use the following storage class names based on the cloud environment:

    Cloud providerRecommended storage class
    Alibaba Cloudalicloud-disk-topology-alltype
    Google Cloudpremium-rwo
    # your-values.yaml
    edgeStack:
      cpuFootprint: 4
      memoryFootprint: 8Gi
      replicas: 3
    

    cached:
      volumeClaim:
        requests:
          storage: 32Gi
      storageClassName: <STORAGE CLASS>
    

    xqd:
      volumeClaim:
        requests:
          storage: 32Gi
      storageClassName: <STORAGE CLASS>
    

    bootstrap:
      token: <BOOTSTRAP TOKEN>
      fastly_key: <AUTOMATION TOKEN>

  7. Install the latest chart version.

    # installs the fastly-anywhere chart into the namespace
    helm install fastly-anywhere oci://us-docker.pkg.dev/fastly-anywhere-dev-41d5/anywhere-production/charts/fastly-anywhere \
      --version 0.1.0 \
      --namespace fastly-anywhere \
      --values your-values.yaml

  8. Validate that the installation initializes and runs correctly.

    # status of the StatefulSet can be validated here
    kubectl get statefulset \
     --namespace fastly-anywhere \
     -l app.kubernetes.io/name=fastly-anywhere
    

    # status of the pods in the StatefulSet can be validated here
    kubectl get pods \
     --namespace fastly-anywhere

  9. Configure ingress:

    • Ingress should point at the service named: h2o.
    • Must preserve HTTP host header from client.
    • Target port is 80.

  10. Validate that service hosting works via the chosen delivery mechanism.

Upgrading

Use the following steps to upgrade Fastly Anywhere:

  1. Upgrade the installed releases via Helm upgrade.

    # upgrades a deployed release to a specified version via Helm
    helm upgrade fastly-anywhere \
      --namespace fastly-anywhere \
      --version $LATEST_VERSION

  2. Restart the Fastly Anywhere StatefulSet.

    # restarts Fastly Anywhere pods in sequence
    kubectl rollout restart statefulset/fastly-anywhere \
      --namespace fastly-anywhere

Data flows

The following architecture diagram shows data flowing between components of the Fastly Anywhere solution: Helm tooling, the Kubernetes API server, Kubernetes nodes, the Fastly API, and your log stores.

Fastly Anywhere data flows diagram

  1. Required values are provided by the customer and sent to the customer's Kubernetes API via Helm.
  2. The secrets loader exchanges the bootstrap token and Fastly automation token for credentials used by other processes.
  3. The Anywhere agent queries the customer's Kubernetes API for information necessary to produce clustering configurations.
  4. Loader containers fetch customer service configurations from the Fastly API.
  5. HTTP traffic from the customer-provided Ingress is routed to platform containers.
  6. Platform containers send observability metrics to the Fastly API.
  7. Service management data is sent to the Fastly API for internal debugging and alerting.
  8. Real-time logs are streamed to customer-defined log storage endpoints.
Fastly
© Fastly 2025