Configuring Shared Storage for Flex Gateway in Connected Mode
Anypoint Flex Gateway enables you to configure shared storage for distributed caching and rate limiting policies.
Production workflows should use Redis, though defining it is optional. If Redis is not defined, shared storage services at port 4000 are still available but use an in-memory implementation.
You configure shared storage via a custom YAML file.
The following steps demonstrate Redis-based storage support for Flex Gateway running in a Docker container, as a Linux Service, or as a Kubernetes cluster.
Configure Shared Storage for Flex Gateway as a Linux Service
-
Create a folder in the
/etc/mulesoft/flex-gateway/conf.d
directory and name itcustom
:sudo mkdir /etc/mulesoft/flex-gateway/conf.d/custom
-
Create a YAML configuration file in the
custom
folder:sudo touch /etc/mulesoft/flex-gateway/conf.d/custom/shared-storage-config.yaml
-
Update the file with your Redis storage configuration details. For example:
sudo vi /etc/mulesoft/flex-gateway/conf.d/custom/shared-storage-config.yaml
Sample configuration for adding Redis-based shared storage:
apiVersion: gateway.mulesoft.com/v1alpha1 kind: Configuration metadata: name: shared-storage-redis spec: sharedStorage: redis: address: redis.e-commerce.svc:6379 username: ecomm-user password: ecomm-pwd-123 DB: 7
Configure Shared Storage for Flex Gateway in a Docker Container
If you have already added a volume for a folder with your Flex Gateway configuration files, skip to the last step. |
-
Stop your Flex Gateway and any replicas.
-
Create a folder named
app
in the directory with your Flex Gateway configuration files. -
Restart your Flex Gateway with an additional volume for the new
app
directory:docker run --rm \ -v "$(pwd)":/usr/local/share/mulesoft/flex-gateway/conf.d \ -p 8080:8080 \ mulesoft/flex-gateway
Specify an optional name you want to assign to your Flex Replica by including the following: -e FLEX_NAME=<name-for-flex-replica> \
. -
Create and save a YAML configuration file in your
app
folder with your shared storage details.Sample configuration for adding Redis-based shared storage:
apiVersion: gateway.mulesoft.com/v1alpha1 kind: Configuration metadata: name: shared-storage-redis spec: sharedStorage: redis: address: redis.e-commerce.svc:6379 username: ecomm-user password: ecomm-pwd-123 DB: 7
Configure Shared Storage for Flex Gateway in a Kubernetes Cluster
To configure shared storage for Flex Gateway, create a new resource using a YAML configuration file with your storage details.
Sample configuration for adding Redis-based shared storage:
apiVersion: gateway.mulesoft.com/v1alpha1
kind: Configuration
metadata:
name: shared-storage-redis
spec:
sharedStorage:
redis:
address: redis.e-commerce.svc:6379
username: ecomm-user
password: ecomm-pwd-123
DB: 7
Configure TLS for Redis-Based Shared Storage
You can use Redis with TLS to ensure data security between Flex Gateway and the Redis instance. Configuring TLS enables you to protect sensitive data, prevent unauthorized access, and maintain the reliability of your services. Additionally, configuring TLS helps organizations meet compliance requirements and build trust with users.
Configure TLS for Redis-based shared storage using the steps described in the previous sections.
Sample configuration for adding Redis-based shared storage with TLS:
apiVersion: gateway.mulesoft.com/v1alpha1
kind: Configuration
metadata:
name: shared-storage-redis
spec:
sharedStorage:
redis:
address: internal.redis.com:6379
tls:
skipValidation: false
minVersion: "1.1"
maxVersion: "1.3"
alpn:
- h2
- http/1.1
ciphers:
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
trustedCA: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
certificate:
keyPassphrase: "****"
key: |
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
crt: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
For information about configuration parameters, see the Declarative Configuration Reference (Shared Storage).