Contact Us 1-800-596-4880

Declarative Configuration Reference Guide

Anypoint Flex Gateway running in Local Mode supports two configuration models:

  • The resource-based model, common in Kubernetes, is ideal for granular definitions. Resources each contain one of the following values for configuration kind:

    • ApiInstance

    • Service

    • PolicyBinding

    • Configuration

  • The inline model is ideal for concise definitions, but is less versatile (for example, automated policies can only be applied in resource-based definitions.)

    Inline definitions contain a single ApiInstance value for configuration kind, under which services and policies are both defined.

gateway configuration models

Refer to the Examples section for examples of both.

This reference guide describes the available resources that are applicable to either resource-based configurations or inline configurations.

API Instance

apiVersion: gateway.mulesoft.com/v1alpha1
kind: ApiInstance
metadata:
  name: <api instance name>
  namespace: # optional namespace name
spec:
  address: <proxy address including port and path>
  services: # optional map of upstream services
    <name>:
      address: <service address>
      routes: # optional array of routes to service
        - config: # optional route configuration
            destinationPath: <optional base path to upstream service>
          rules: # optional route rules
  policies: # optional array of policies
    - policyRef:
        name: <name of the policy>
        namespace: <optional namespace of the policy>
      config: # optional policy configuration
      rules: # optional policy rules
Parameter Required or Optional Default Value Description

metadata.name

Required

N/A

The API instance identifier that is used as a target reference for other resources, such as policy bindings.

metadata.namespace

Optional

default

spec.address

Required

N/A

The proxy address URL, including protocol, host, port and optional path. If the base path is specified, it must be absent in any rules.path attribute. Supported format: protocol://host:port/path, where path is optional, and protocol is either http or https.

spec.services

Optional

Empty

A map of named services and their routes.

spec.services[name].address

Required

N/A

The service address (and port). Supported format: protocol://host:port, where protocol is either http or https.

spec.services[name].routes

Optional

Empty

An array of routes configured for this API instance towards the service. If left empty, a default route will be established to the service that will route all traffic.

spec.services[name].routes[#].config

Optional

Empty

The configuration for this route. If left empty, a default configuration will be applied with an empty destinationPath.

spec.services[name].routes[#].config.destinationPath

Optional

Empty

The path to prepend to forwarded requests to the upstream service. For example, if "destinationPath: /api/v1", requests to this API instance with a path like "/orders" will be routed upstream to "/api/v1/orders".

spec.services[name].routes[#].rules

Optional

Empty

An array of rules for this route. Refer to spec.rules in Policy Binding.

spec.policies

Optional

Empty

An array of policies to apply to this API Instance.

spec.policies[#].policyRef.name

Required

N/A

The policy name.

spec.policies[#].policyRef.namespace

Optional

The value of metadata.namespace

The namespace where the policy is defined. For provided policies, the value of this field should be default.

spec.policies[#].config

Optional

Empty

The policy’s configuration. Refer to spec.config in Policy Binding.

spec.policies[#].rules

Optional

Empty

An array of rules for applying this policy to the API Instance. spec.rules in Policy Binding.

API Instance Examples

The following resource specifies an ApiInstance with metadata that describes the instance identifier. The metadata.name value is used as the target reference for other resources, such as policy bindings. The spec.services.routes.config.destinationPath value prepends /v1/apps to the specified paths under rules, acting in a similar manner as a base path.

apiVersion: gateway.mulesoft.com/v1alpha1
kind: ApiInstance
metadata:
  name: hello-flex-gateway-instance
spec:
  address: http://0.0.0.0:8080
  services:
    json:
      address: https://<upstream address>:443/
      routes:
        - rules:
            - path: /api(/users/.*)
            - path: /api(/comments/.*)
          config:
            destinationPath: /v1/apps

Port Sharing

The following ApiInstance resources demonstrate API port sharing, with two distinct API instances listening on port 8080.

---
apiVersion: gateway.mulesoft.com/v1alpha1
kind: ApiInstance
metadata:
  name: httpbin-example
spec:
  address: http://0.0.0.0:8080/api/httpbin/
  services:
    upstream:
      address: https://<upstream address>:443
---
apiVersion: gateway.mulesoft.com/v1alpha1
kind: ApiInstance
metadata:
  name: json-example
spec:
  address: http://0.0.0.0:8080/api/json/
  services:
    upstream:
      address: https://<upstream address>:443

Both services listen on port 8080, for example:

curl http://localhost:8080/api/httpbin/get -v
curl http://localhost:8080/api/json/users/1 -v

The base path of APIs sharing a port must not clash. For example, the following path combination is not allowed:

http://0.0.0.0:8080/cats
http://0.0.0.0:8080/cats/dogs

TLS applies to the port. Therefore, the same TLS policy applies to all API instances sharing the port.

Policy Binding

apiVersion: gateway.mulesoft.com/v1alpha1
kind: PolicyBinding
metadata:
  name: <policy binding name>
  namespace: <namespace name>
spec:
  targetRef:
    name: <api instance name>
    namespace: <optional api instance namespace>
  policyRef:
    name: <policy name>
    namespace: <optional policy namespace>
  config: # optional policy configuration
  rules: # optional policy rules
  - path: <path regular expression>
    methods: <methods regular expression>
    host: <host regular expression>
    headers: <headers map>
      <header-name>: <header value regular expression>
Parameter Required or Optional Default Value Description

metadata.name

Required

N/A

The identifier of the policy binding.

metadata.namespace

Optional

default

spec.targetRef.name

Required

N/A

The API instance identifier to which the policy is bound to.

spec.targetRef.namespace

Optional

The value of metadata.namespace

The namespace where the target is defined.

spec.policyRef.name

Required

N/A

The policy name. See the list of available policies.

spec.policyRef.namespace

Optional

The value of metadata.namespace

The namespace where the policy is defined. For provided policies, the value of this field should be default.

spec.config

Optional

Empty

The policy configuration. The content of this field depends on the specified policy. See the list of available policies.

spec.rules

Optional

Empty

An array of rules that will determine if the policy applies to a given request. These rules are checked in an OR fashion. The first one to hold will enable applying the policy to the request. The attributes in each rule object apply in an AND fashion. If path and host are defined, both must match for that rule to hold true.

spec.rules[#].path

Optional

.*

A regular expression to match the request path.

Capture groups in this regular expression will be used to define path rewriting when routing the request upstream.

If "path: /api(/.*)", requests with the path /api/orders will be routed upstream as /orders.

Multiple capture groups can be specified, and the replacement will be the concatenation of all captured substrings.

spec.rules[#].host

Optional

.*

A regular expression to match the request host.

spec.rules[#].methods

Optional

.*

A regular expression to match the request method.

spec.rules[#].headers

Optional

Empty

A map of header names and value regular expressions that must be present in the request.

Each entry’s key is the expected header name and the value is a regular expression to match the header value.

Policy Binding Examples

The following resource binds a route policy to the API instance, routing traffic specified by the rules to the proxy address specified in the Service configuration snippet:

apiVersion: gateway.mulesoft.com/v1alpha1
kind: PolicyBinding
metadata:
  name: hello-flex-gateway-route
  namespace: e-commerce
spec:
  targetRef:
    name: hello-flex-gateway-instance
  policyRef:
    name: route
    namespace: default
  config:
    destinationRef:
      name: json
      namespace: e-commerce
  rules:
  - path: /api/json(/.*)

The following resource binds a http-basic-authentication-flex policy to the API instance - requiring requests to include the basic credentials defined in config.username and config.password:

apiVersion: gateway.mulesoft.com/v1alpha1
kind: PolicyBinding
metadata:
 name: hello-flex-gateway-auth
 namespace: e-commerce
spec:
 targetRef:
   name: hello-flex-gateway-instance
   namespace: e-commerce
 policyRef:
   name: http-basic-authentication-flex
   namespace: default
 config:
   username: chris
   password: admin

Service

apiVersion: gateway.mulesoft.com/v1alpha1
kind: Service
metadata:
  name: <service name>
  namespace: <namespace name>
spec:
  address: <service address including port>
Parameter Required or Optional Default Value Description

metadata.name

Required

N/A

The service identifier.

metadata.namespace

Optional

default

spec.address

Required

N/A

The service address URL, including protocol, host and port. Supported format: protocol://host:port, where protocol is either http or https.

Service Example

The following resource defines a Service with metadata that describes the service identifier. The metadata.namespace value matches the namespace specified in the ApiInstance configuration. The spec.address is the address of the API implementation:

apiVersion: gateway.mulesoft.com/v1alpha1
kind: Service
metadata:
  name: json-example
  namespace: e-commerce
spec:
  address: https://<upstream address>:443/

Configuration

Define a desired gateway state by creating a Configuration entity. Configuration entities specify several runtime configuration aspects for Flex Gateway itself, such as logging and shared storage. The definition includes the following:

apiVersion: gateway.mulesoft.com/v1alpha1
kind: Configuration
metadata:
  name: <value>
  namespace: <namespace name>
spec:
  logging: # logging configuration
  sharedStorage: # shared storage configuration
Parameter Required or Optional Default Value Description

metadata.name

Required

N/A

The Configuration entity.

metadata.namespace

Optional

default

The namespace value used to isolate Configuration entities.

spec

Required

N/A

The configuration object that defines gateway characteristics. Objects include: logging, sharedStorage, tls.

Logging

The logging object configures the delivery of runtime/access logs enabled via the message logging policy. Logs are delivered to any supported Fluentbit 1.7.9 output.

apiVersion: gateway.mulesoft.com/v1alpha1
kind: Configuration
metadata:
  name: <value>
  namespace: <namespace name>
spec:
  logging:
    outputs:
    - name:
      type:
      [type_parameters]:
  runtimeLog:
    logLevel:
    outputs: <value>
  accessLog:
    outputs: <value>
Parameter Required or Optional Default Value Description

logging.outputs[#].name

Required

N/A

The name of this output to later refer to in runtime and access logs configurations.

logging.outputs[#].type

Required

N/A

A Fluentbit-supported output type.

logging.outputs[#].parameters

Required

N/A

A map of parameters for the specific Fluentbit output type

logging.accessLogs.outputs

Optional

Empty

A list of output names to redirect access logs to.

logging.runtimeLogs.outputs

Optional

Empty

A list of output names to redirect runtime logs to.

Logging Example

apiVersion: gateway.mulesoft.com/v1alpha1
kind: Configuration
metadata:
  name: logging
spec:
  logging:
    outputs:
    - name: log-to-file
      type: file
      parameters:
        path: /var/log
        file: log.txt
        format: template
        template: |
          [{runtime}][{loglevel}][{kind}] {message}
    runtimeLogs:
      logLevel: info
      outputs:
      - log-to-file
    accessLogs:
      outputs:
      - log-to-file

Shared Storage

The sharedStorage object configures the gateway for shared storage. Production workflows should use Redis (minimum version 4.0.0), though defining it is optional. If Redis is not defined, shared storage services at port 4000 are still available but will use an in-memory implementation.

apiVersion: gateway.mulesoft.com/v1alpha1
kind: Configuration
metadata:
 name: shared-storage-redis
spec:
 sharedStorage:
   redis:
     address: <redis instance host:port>
     username: <redis user username>
     password: <redis user password>
     db: <redis database name>
Parameter Required or Optional Default Value Description

sharedStorage.redis.address

Required

N/A

The redis instance address in host:port format.

sharedStorage.redis.username

Optional

Empty

The redis user name.

sharedStorage.redis.password

Optional

Empty

The redis user password.

sharedStorage.redis.db

Optional

0

The redis database number to use.

Redis Shared Storage Example

The Redis storage service is an implementation of a REST API object store that functions as a bridge between the object store interface and a Redis backend.

apiVersion: gateway.mulesoft.com/v1alpha1
kind: Configuration
metadata:
 name: shared-storage-redis
spec:
 sharedStorage:
   redis:
     address: redis.e-commerce.svc:6379
     username: ecomm-user
     password: ecomm-pwd-123
     DB: 7

Local Shared Storage Example

The local storage service is an implementation of a REST API object store that saves data in memory. All data is lost when Flex Gateway is stopped or restarted.

apiVersion: gateway.mulesoft.com/v1alpha1
kind: Configuration
metadata:
 name: rtm-config
 namespace: sales
spec:
 sharedStorage:
   local:
     enabled: true

Examples

Inline Configuration Example

apiVersion: gateway.mulesoft.com/v1alpha1
kind: ApiInstance
metadata:
  name: api-example
spec:
  address: http://0.0.0.0:8080
  services:
    api-example:
      address: https://<your url>:443/
      routes:
        - rules:
            - path: /api(/users/.*)
            - path: /api(/comments/.*)
          config:
            destinationPath: /v1/apps
  policies:
    - policyRef:
        name: http-basic-authentication-flex
      config:
        username: chris
        password: admin

Resource-Based Configuration Example

---
apiVersion: gateway.mulesoft.com/v1alpha1
kind: ApiInstance
metadata:
  name: ingress-http
spec:
  address: http://0.0.0.0:8080
---
apiVersion: gateway.mulesoft.com/v1alpha1
kind: Service
metadata:
  name: json
spec:
  address: https://<your url>:443/
---
apiVersion: gateway.mulesoft.com/v1alpha1
kind: PolicyBinding
metadata:
  name: ingress-http-route
spec:
  targetRef:
    name: ingress-http
  policyRef:
    name: route
  config:
    destinationRef:
      name: json
  rules:
  - path: /api(/users/.*)
  - path: /api(/comments/.*)
---
apiVersion: gateway.mulesoft.com/v1alpha1
kind: PolicyBinding
metadata:
  name: ingress-http-authentication
spec:
  targetRef:
    name: ingress-http
  policyRef:
    name: http-basic-authentication-flex
  config:
    username: chris
    password: admin