salesforce Dreamforce On-Demand
Contact Us 1-800-596-4880
  1. Homepage
  2. Anypoint Flex Gateway (1.1)

  3. With a Connected App

Registering and Running in Connected Mode with a Connected App

Before You Begin

Migrate Registration from a Previous Version of Flex Gateway

Before you begin, ensure that you have installed the latest version of Flex Gateway.

If you have already registered a previous version of Flex Gateway, you do not need to re-register. You can migrate your registration files by executing the following command:

flexctl migrate <uuid-of-previous-registration-file>.conf

The new registration file is created in the directory in which you executed the command.

Append the --split=true flag if you want to output two registration files: registration.yaml and certificate.yaml. Otherwise, by default all registration information is output to registration.yaml.
The generated registration files are credentials for you to connect your Flex Gateway. If you lose them, you can no longer connect your Flex Gateway.

Register a New Flex Gateway

If you have never registered a previous version of Flex Gateway, you must complete the following tasks:

  • Configure a Connected App

    • Include the following scopes:

      • Read Servers

      • Manage Servers

      • View Organization

    • Save the Id and Secret of the Connected app you configure.

  • Install a Flex Gateway

  • Request Manage Servers and Read Servers permissions in Runtime Manager from your Anypoint Platform admin

  • Collect the following information from your Anypoint Platform instance:

    • The Organization ID for the organization where you want to run Flex Gateway

      See Find your Organization ID for more information on how to find your Organization ID.

    • The Environment ID for the environment where you want to run Flex Gateway

      See What API Manager Looks Like for more information on how to find your Environment ID.

Register and Run with a Connected App as a Linux Service

You do not need to enter the registration command if you have already registered a previous version of Flex Gateway with Anypoint Platform. See Before You Begin for information on migrating registration. Once migration is complete, skip the following registration steps and enter the start command.

To register a new Flex Gateway with Anypoint Platform, you must enter the registration command and then the start command. Each command includes information specific to your Anypoint Platform instance and must be updated before executing. See Before You Begin for more information on how to find the information you will need.

  • --client-id = the Id for the Connected App you configured in Access Management

  • --client-secret = the Secret for the Connected App you configured in Access Management

  • --environment = the Environment Id for the environment in Anypoint Platform where you want the Flex Gateway to run

  • --organization = your Organization ID in Anypoint Platform

  • --split (optional) = the flag that determines whether registration information should split into multiple files. The default value is false.

    If split is set to true, registration information is split into two files: registration.yaml and certificate.yaml. If false, all registration information is contained in one file: registration.yaml.

  • --output-directory (optional) = the directory in which registration information is output

  • my-gateway = the name you want to assign the gateway cluster

Registration Command

After replacing the sample content, register your Flex Gateway by executing the following command:

flexctl register \
--client-id=<your-connected-app-client-id> \
--client-secret=<your-connected-app-client-secret> \
--environment=<your-environment-id> \
--connected=true \
--organization=<your-org-id> \
--output-directory=/usr/local/share/mulesoft/flex-gateway/conf.d \
my-gateway
Use sudo if you encounter file permission issues when running this command.
If you are in Europe you will need to add the --anypoint-url=https://eu1.anypoint.mulesoft.com flag to your command.

In the output directory, you should see the following new registration file(s):

  • registration.yaml

  • certificate.yaml (generated only if the split registration parameter is set to true, otherwise certificate information will be contained in registration.yaml)

These generated files are credentials for you to connect your Flex Gateway. If you lose them you can no longer connect your Flex Gateway.

You should also see your new Flex Gateway in Runtime Manager after clicking Flex Gateway in the left navigation. The gateway’s status is disconnected for now. You need to start the gateway to connect it.

Start Commands

Start Flex Gateway with the following command:

sudo systemctl start flex-gateway

Verify that the Flex Gateway service is running successfully:

systemctl list-units flex-gateway*

You should see a list of services. Flex Gateway is successfully running if each service has a status of active.

  UNIT                              LOAD   ACTIVE SUB     DESCRIPTION
  flex-gateway-fluent-reloader.path loaded active waiting flex-gateway-fluent-reloader.path
  flex-gateway-agent.service        loaded active running flex-gateway-agent.service
  flex-gateway-envoy.service        loaded active running flex-gateway-envoy.service
  flex-gateway-fluent.service       loaded active running flex-gateway-fluent.service
  flex-gateway.service              loaded active exited  Application

Now if you check in Runtime Manager after clicking Flex Gateway in the left navigation, your gateway’s status is connected. You may need to refresh the page.

If a Flex Replica in Connected Mode is stopped it will be removed from the UI in Runtime Manager after 30 days. Otherwise, it will appear in the Runtime Manager UI even if it is no longer running.

Register and Run with a Connected App in a Docker Container

You do not need to enter the registration command if you have already registered a previous version of Flex Gateway with Anypoint Platform. See Before You Begin for information on migrating registration. Once migration is complete, skip the following registration steps and enter the start command.

To register a new Flex Gateway with Anypoint Platform, you must enter the registration command and then the start command. Each command includes information specific to your Anypoint Platform instance and must be updated before executing. See Before You Begin for more information on how to find the information you will need.

Substitute Collected Information

Before executing the registration command, replace the following sample information with the information you collected:

  • --client-id = the Id for the Connected App you configured in Access Management

  • --client-secret = the Secret for the Connected App you configured in Access Management

  • --environment = the Environment Id for the environment in Anypoint Platform where you want the Flex Gateway to run

  • --organization = your Organization ID in Anypoint Platform

  • --split (optional) = the flag that determines whether registration information should split into multiple files. The default value is false.

    If split is set to true, registration information is split into two files: registration.yaml and certificate.yaml. If false, all registration information is contained in one file: registration.yaml.

  • --output-directory (optional) = the directory in which registration information is output

  • my-gateway = the name you want to assign the gateway cluster

Registration Command

After replacing the sample content, register your Flex Gateway by executing the following command:

docker run --entrypoint flexctl \
-v "$(pwd)":/registration mulesoft/flex-gateway \
register \
--client-id=<your-connected-app-client-id> \
--client-secret=<your-connected-app-client-secret> \
--environment=<your-environment-id> \
--connected=true \
--organization=<your-org-id> \
--output-directory=/registration \
my-gateway
Use sudo if you encounter file permission issues when running this command.
If you are in Europe you will need to add the --anypoint-url=https://eu1.anypoint.mulesoft.com flag to your command.

In the output directory, you should see the following new registration file(s):

  • registration.yaml

  • certificate.yaml (generated only if the split registration parameter is set to true, otherwise certificate information will be contained in registration.yaml)

These generated files are credentials for you to connect your Flex Gateway. If you lose them you can no longer connect your Flex Gateway.

You should also see your new Flex Gateway in Runtime Manager after clicking Flex Gateway in the left navigation. The gateway’s status is disconnected for now. You need to start the gateway to connect it.

Start Command

Before executing the start command below, update the absolute path to the directory where your Flex Gateway registration files reside.

docker run --rm \
-p 8080:8080 \
-v <absolute-path-to-directory-with-gateway-registration-files>/:/usr/local/share/mulesoft/flex-gateway/conf.d \
mulesoft/flex-gateway
Specify an optional name you want to assign to your Flex Replica by including the following: -e FLEX_NAME=<name-for-flex-replica> \.

Now if you check in Runtime Manager after clicking Flex Gateway in the left navigation, your gateway’s status is connected. You may need to refresh the page.

If a Flex Replica in Connected Mode is stopped it will be removed from the UI in Runtime Manager after 30 days. Otherwise, it will appear in the Runtime Manager UI even if it is no longer running.

Register and Run with a Connected App as a Kubernetes Ingress Controller

You do not need to enter the registration command if you have already registered a previous version of Flex Gateway with Anypoint Platform. See Before You Begin for information on migrating registration. Once migration is complete, skip the following registration steps and Install Helm Chart into the Namespace.

To register a new Flex Gateway with Anypoint Platform as a Kubernetes ingress controller, you must enter the registration command and then install the flex-gateway Helm chart. Each command includes information specific to your Anypoint Platform instance and must be updated before executing. See Before You Begin for more information on how to find the information you will need.

Substitute Collected Information

Before executing the registration command, replace the following sample information with the information you collected:

  • --client-id = the Id for the Connected App you configured in Access Management

  • --client-secret = the Secret for the Connected App you configured in Access Management

  • --environment = the Environment Id for the environment in Anypoint Platform where you want the Flex Gateway to run

  • --organization = your Organization ID in Anypoint Platform

  • --split (optional) = the flag that determines whether registration information should split into multiple files. The default value is false.

    If split is set to true, registration information is split into two files: registration.yaml and certificate.yaml. If false, all registration information is contained in one file: registration.yaml.

  • --output-directory (optional) = the directory in which registration information is output

  • my-gateway = the name you want to assign the gateway cluster

Registration Command

After replacing the sample content, register your Flex Gateway by executing the following command:

docker run --entrypoint flexctl \
-v "$(pwd)":/registration mulesoft/flex-gateway \
register \
--client-id=<your-connected-app-client-id> \
--client-secret=<your-connected-app-client-secret> \
--environment=<your-environment-id> \
--connected=true \
--organization=<your-org-id> \
--output-directory=/registration \
my-gateway
Use sudo if you encounter file permission issues when running this command.
If you are in Europe you will need to add the --anypoint-url=https://eu1.anypoint.mulesoft.com flag to your command.

In the output directory, you should see the following new registration file(s):

  • registration.yaml

  • certificate.yaml (generated only if the split registration parameter is set to true, otherwise certificate information will be contained in registration.yaml)

These generated files are credentials for you to connect your Flex Gateway. If you lose them you can no longer connect your Flex Gateway.

You should also see your new Flex Gateway in Runtime Manager after clicking Flex Gateway in the left navigation. The gateway’s status is disconnected for now. You need to start the gateway to connect it.

Install Helm Chart into the Namespace

Before installing, ensure that you have:

  • Helm, a tool used to install Flex Gateway, monitoring tools, and applications. A minimum Helm version of 3.0.0 is required.

    Refer to the Helm Chart Configuration Options for information about customizing the chart.

    1. Add the Flex Gateway Helm repository:

      helm repo add flex-gateway https://flex-packages.anypoint.mulesoft.com/helm

    2. Update the Helm repository using the following command:

      helm repo up

    3. Using Ingress, install the flex-gateway Helm chart into the gateway namespace.

      helm -n gateway upgrade -i --create-namespace --wait ingress flex-gateway/flex-gateway \
--set-file registration.content=registration.yaml

      The command returns something similar to the following:

      NAME: ingress
LAST DEPLOYED: Tue Oct 19 13:08:07 2021
NAMESPACE: gateway
STATUS: deployed
REVISION: 1
TEST SUITE: None

Now if you check in Runtime Manager after clicking Flex Gateway in the left navigation, your gateway’s status is connected. You may need to refresh the page.

If a Flex Replica in Connected Mode is stopped it will be removed from the UI in Runtime Manager after 30 days. Otherwise, it will appear in the Runtime Manager UI even if it is no longer running.

Helm Chart Configuration Options

The following table describes the configurable options of the Flex Gateway Ingress Controller Helm chart.

Parameter Default Value Description

image.pullPolicy

ifNotPresent

The pull policy for the Ingress Controller image.

Possible values: ifNotPresent, Always, Never

image.pullSecretName

""

The name of the secret that contains Docker registry credentials. The secret must exist in the same namespace as the helm release.

replicaCount

1

The number of Ingress Controller deployment replicas

autoscaling.enabled

false

Boolean indicating if the Horizontal Pod Autoscaler (HPA) is enabled

autoscaling.minReplicas

2

The minimum number of replicas that the scaler is allowed to create

autoscaling.maxReplicas

11

The maximum number of replicas that the scaler is allowed to create

autoscaling.targetCPUUtilizationPercentage

50

The average CPU usage percentage of all deployed pods

autoscaling.targetMemoryUtilizationPercentage

null

The average memory usage percentage of all deployed pods

registerSecretName

null

Deprecated - see registration.secretName

registration.content

null

If this field is provided, installation creates a Kubernetes secret resource that contains the contents of the registration files.

registration.secretName

null

If this field is provided, registration requires that a Kubernetes secret with the given name exists. The secret must contain the content of the registration files.

resources.limits.cpu

500m

CPU resource limits in millicores

resources.limits.memory

256Mi

Memory resource limits

service.enabled

true

Boolean indicating if a service to expose Ingress Controller pods is created

service.type

LoadBalancer

The type of Ingress Controller service to create.

Possible values: ClusterIP, NodePort, LoadBalancer, ExternalName

service.http.enabled

true

Boolean indicating if the HTTP port should be enabled for the Ingress Controller service

service.http.port

80

The Ingress Controller service HTTP port

service.https.enabled

true

Boolean indicating if the HTTPS port should be enabled for the Ingress Controller service

service.https.port

443

The Ingress Controller service HTTPS port

See Also