Configuring Shared Storage for Flex Gateway in Connected Mode

Anypoint Flex Gateway enables you to configure shared storage for distributed caching and rate limiting policies.

Production workflows should use Redis, though defining it is optional. If Redis is not defined, shared storage services at port 4000 are still available but use an in-memory implementation.

You configure shared storage via a custom YAML file.

The following steps demonstrate Redis-based storage support for Flex Gateway running in a Docker container, as a Linux Service, or as a Kubernetes cluster.

Configure Shared Storage for Flex Gateway as a Linux Service

Configure Shared Storage for Flex Gateway in a Docker Container

Configure Shared Storage for Flex Gateway in a Kubernetes Cluster

Before You Begin

Before configuring shared storage for Flex Gateway, complete the following tasks:

Configure Shared Storage for Flex Gateway as a Linux Service

Create a folder in the /etc/mulesoft/flex-gateway/conf.d directory and name it custom:
```
sudo mkdir /etc/mulesoft/flex-gateway/conf.d/custom
```

Create a YAML configuration file in the custom folder:

sudo touch /etc/mulesoft/flex-gateway/conf.d/custom/shared-storage-config.yaml

Update the file with your Redis storage configuration details. For example:

sudo vi /etc/mulesoft/flex-gateway/conf.d/custom/shared-storage-config.yaml

Sample configuration for adding Redis-based shared storage:

apiVersion: gateway.mulesoft.com/v1alpha1
kind: Configuration
metadata:
 name: shared-storage-redis
spec:
 sharedStorage:
   redis:
     address: redis.e-commerce.svc:6379
     username: ecomm-user
     password: ecomm-pwd-123
     DB: 7

Configure Shared Storage for Flex Gateway in a Docker Container

If you have already added a volume for a folder with your Flex Gateway configuration files, skip to the last step.

Stop your Flex Gateway and any replicas.
Create a folder named app in the directory with your Flex Gateway configuration files.
Restart your Flex Gateway with an additional volume for the new app directory:
```
docker run --rm \
-v "$(pwd)":/usr/local/share/mulesoft/flex-gateway/conf.d \
-p 8080:8080 \
mulesoft/flex-gateway
```
Specify an optional name you want to assign to your Flex Replica by including the following: -e FLEX_NAME=<name-for-flex-replica> \.

Create and save a YAML configuration file in your app folder with your shared storage details.

Sample configuration for adding Redis-based shared storage:

apiVersion: gateway.mulesoft.com/v1alpha1
kind: Configuration
metadata:
 name: shared-storage-redis
spec:
 sharedStorage:
   redis:
     address: redis.e-commerce.svc:6379
     username: ecomm-user
     password: ecomm-pwd-123
     DB: 7

Configure Shared Storage for Flex Gateway in a Kubernetes Cluster

To configure shared storage for Flex Gateway, create a new resource using a YAML configuration file with your storage details.

Sample configuration for adding Redis-based shared storage:

apiVersion: gateway.mulesoft.com/v1alpha1
kind: Configuration
metadata:
 name: shared-storage-redis
spec:
 sharedStorage:
   redis:
     address: redis.e-commerce.svc:6379
     username: ecomm-user
     password: ecomm-pwd-123
     DB: 7

Configure TLS for Redis-Based Shared Storage

You can use Redis with TLS to ensure data security between Flex Gateway and the Redis instance. Configuring TLS enables you to protect sensitive data, prevent unauthorized access, and maintain the reliability of your services. Additionally, configuring TLS helps organizations meet compliance requirements and build trust with users.

Configure TLS for Redis-based shared storage using the steps described in the previous sections.

Sample configuration for adding Redis-based shared storage with TLS:

apiVersion: gateway.mulesoft.com/v1alpha1
kind: Configuration
metadata:
  name: shared-storage-redis
spec:
  sharedStorage:
    redis:
      address: internal.redis.com:6379
      tls:
        skipValidation: false
        minVersion: "1.1"
        maxVersion: "1.3"
        alpn:
          - h2
          - http/1.1
        ciphers:
          - TLS_AES_128_GCM_SHA256
          - TLS_AES_256_GCM_SHA384
          - TLS_CHACHA20_POLY1305_SHA256
          - TLS_RSA_WITH_3DES_EDE_CBC_SHA
          - TLS_RSA_WITH_AES_128_CBC_SHA
          - TLS_RSA_WITH_AES_256_CBC_SHA
          - TLS_RSA_WITH_AES_128_CBC_SHA256
          - TLS_RSA_WITH_AES_128_GCM_SHA256
          - TLS_RSA_WITH_AES_256_GCM_SHA384
          - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
          - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
          - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
          - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
          - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
          - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
          - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
          - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
          - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
          - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
        trustedCA: |
          -----BEGIN CERTIFICATE-----
          ...
          -----END CERTIFICATE-----

        certificate:
          keyPassphrase: "****"
          key: |
            -----BEGIN RSA PRIVATE KEY-----
            ...
            -----END RSA PRIVATE KEY-----

          crt: |
            -----BEGIN CERTIFICATE-----
            ...
            -----END CERTIFICATE-----

For information about configuration parameters, see the Declarative Configuration Reference (Shared Storage).

Gartner names MuleSoft a Leader

Create connected experiences with AI

Future of connected AI agents

The world of AI is a world of APIs

Gartner names MuleSoft a Leader

Create connected experiences with AI

Future of connected AI agents

The world of AI is a world of APIs

Configuring Shared Storage for Flex Gateway in Connected Mode

Before You Begin

Configure Shared Storage for Flex Gateway as a Linux Service

Configure Shared Storage for Flex Gateway in a Docker Container

Configure Shared Storage for Flex Gateway in a Kubernetes Cluster

Configure TLS for Redis-Based Shared Storage

See Also