Contact Us 1-800-596-4880

Configuring Shared Storage for Flex Gateway in Connected Mode

Anypoint Flex Gateway enables you to configure shared storage for distributed caching and rate limiting policies.

Production workflows should use Redis, though defining it is optional. If Redis is not defined, shared storage services at port 4000 are still available but use an in-memory implementation.

You configure shared storage via a custom YAML file.

The following steps demonstrate Redis-based storage support for Flex Gateway running in a Docker container, as a Linux Service, or as a Kubernetes cluster.

20%

25%

20%

Before You Begin

Before configuring shared storage for Flex Gateway, complete the following tasks:

Configure Shared Storage for Flex Gateway as a Linux Service

  1. Create a folder in the /etc/mulesoft/flex-gateway/conf.d directory and name it custom:

    sudo mkdir /etc/mulesoft/flex-gateway/conf.d/custom
  2. Create a YAML configuration file in the custom folder:

    sudo touch /etc/mulesoft/flex-gateway/conf.d/custom/shared-storage-config.yaml
  3. Update the file with your Redis storage configuration details. For example:

    sudo vi /etc/mulesoft/flex-gateway/conf.d/custom/shared-storage-config.yaml

    Sample configuration for adding Redis-based shared storage:

    apiVersion: gateway.mulesoft.com/v1alpha1
    kind: Configuration
    metadata:
     name: shared-storage-redis
    spec:
     sharedStorage:
       redis:
         address: redis.e-commerce.svc:6379
         username: ecomm-user
         password: ecomm-pwd-123
         DB: 7

Configure Shared Storage for Flex Gateway in a Docker Container

If you have already added a volume for a folder with your Flex Gateway configuration files, skip to the last step.
  1. Stop your Flex Gateway and any replicas.

  2. Create a folder named app in the directory with your Flex Gateway configuration files.

  3. Restart your Flex Gateway with an additional volume for the new app directory:

    docker run --rm \
    -v "$(pwd)":/usr/local/share/mulesoft/flex-gateway/conf.d \
    -p 8080:8080 \
    mulesoft/flex-gateway
    Specify an optional name you want to assign to your Flex Replica by including the following: -e FLEX_NAME=<name-for-flex-replica> \.
  4. Create and save a YAML configuration file in your app folder with your shared storage details.

    Sample configuration for adding Redis-based shared storage:

    apiVersion: gateway.mulesoft.com/v1alpha1
    kind: Configuration
    metadata:
     name: shared-storage-redis
    spec:
     sharedStorage:
       redis:
         address: redis.e-commerce.svc:6379
         username: ecomm-user
         password: ecomm-pwd-123
         DB: 7

Configure Shared Storage for Flex Gateway in a Kubernetes Cluster

To configure shared storage for Flex Gateway, create a new resource using a YAML configuration file with your storage details.

Sample configuration for adding Redis-based shared storage:

apiVersion: gateway.mulesoft.com/v1alpha1
kind: Configuration
metadata:
 name: shared-storage-redis
spec:
 sharedStorage:
   redis:
     address: redis.e-commerce.svc:6379
     username: ecomm-user
     password: ecomm-pwd-123
     DB: 7

Configure TLS for Redis-Based Shared Storage

You can use Redis with TLS to ensure data security between Flex Gateway and the Redis instance. Configuring TLS enables you to protect sensitive data, prevent unauthorized access, and maintain the reliability of your services. Additionally, configuring TLS helps organizations meet compliance requirements and build trust with users.

Configure TLS for Redis-based shared storage using the steps described in the previous sections.

Sample configuration for adding Redis-based shared storage with TLS:

apiVersion: gateway.mulesoft.com/v1alpha1
kind: Configuration
metadata:
  name: shared-storage-redis
spec:
  sharedStorage:
    redis:
      address: internal.redis.com:6379
      tls:
        skipValidation: false
        minVersion: "1.1"
        maxVersion: "1.3"
        alpn:
          - h2
          - http/1.1
        ciphers:
          - TLS_AES_128_GCM_SHA256
          - TLS_AES_256_GCM_SHA384
          - TLS_CHACHA20_POLY1305_SHA256
          - TLS_RSA_WITH_3DES_EDE_CBC_SHA
          - TLS_RSA_WITH_AES_128_CBC_SHA
          - TLS_RSA_WITH_AES_256_CBC_SHA
          - TLS_RSA_WITH_AES_128_CBC_SHA256
          - TLS_RSA_WITH_AES_128_GCM_SHA256
          - TLS_RSA_WITH_AES_256_GCM_SHA384
          - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
          - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
          - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
          - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
          - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
          - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
          - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
          - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
          - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
          - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
        trustedCA: |
          -----BEGIN CERTIFICATE-----
          ...
          -----END CERTIFICATE-----

        certificate:
          keyPassphrase: "****"
          key: |
            -----BEGIN RSA PRIVATE KEY-----
            ...
            -----END RSA PRIVATE KEY-----

          crt: |
            -----BEGIN CERTIFICATE-----
            ...
            -----END CERTIFICATE-----

For information about configuration parameters, see the Declarative Configuration Reference (Shared Storage).