+
+

Registering and Running in Connected Mode with a Username and Password

Before You Begin

Before registering Flex Gateway, you must complete the following tasks:

  • Install a Flex Gateway

  • Request Manage Servers and Read Servers permissions in Runtime Manager from your Anypoint Platform admin

  • Collect the following information from your Anypoint Platform instance:

    • The Organization ID for the organization where you want to run Flex Gateway

      See Find your Organization ID for more information on how to find your Organization ID.

    • The Environment ID for the environment where you want to run Flex Gateway

      See What API Manager Looks Like for more information on how to find your Environment ID.

    • The Username and Password of a user with Read Servers and Manage Servers permissions for Runtime Manager

Register and Run with a Username and Password as a Linux Service

To register a Flex Gateway with Anypoint Platform you must enter the registration command and then the start command. Each command includes information specific to your Anypoint Platform instance and must be updated before executing. See Before You Begin for more information on how to find the information you will need.

  • --username = the username for an Anypoint Platform user with Read Servers and Manage Servers permissions for Runtime Manager

  • --password = the password for an Anypoint Platform user with Read Servers and Manage Servers permissions for Runtime Manager

  • --environment = the Environment Id for the environment in Anypoint Platform where you want the Flex Gateway to run

  • --organization = your Organization ID in Anypoint Platform

  • my-gateway = the name you want to assign to this Flex Gateway instance or replica

Registration Command

After replacing the sample content, register your Flex Gateway by executing the following command:

flexctl register \
--username=<your-username> \
--password=<your-password> \
--environment=<your-environment-id> \
--connected=true \
--organization=<your-org-id> \
my-gateway
If you are in Europe you will need to add the --anypoint-url=https://eu1.anypoint.mulesoft.com flag to your command.

You should also see three new files where you executed the command, similar to the following:

  • 6eb79785-c2f0-4e06-b574-8a030a321d74.conf

  • 6eb79785-c2f0-4e06-b574-8a030a321d74.key

  • 6eb79785-c2f0-4e06-b574-8a030a321d74.pem

These generated files are credentials for you to connect your Flex Gateway. If you lose them you can no longer connect your Flex Gateway.

Determine the path for these files, then save the path and the UUID, or name, of the files. For example, /Users/jane/flex-gateway/6eb79785-c2f0-4e06-b574-8a030a321d74.

Then update the permissions of the files:

chmod 644 <path-and-uuid-of-registration-files>.*

You should also see your new Flex Gateway in Runtime Manager after clicking Flex Gateway in the left navigation. The gateway’s status is disconnected for now. You need to start the gateway to connect it.

Create Configuration Folder and File

Before executing the start command, you must create a configuration directory and file and edit the contents of that file.

First create the configuration directory using the following command:

sudo mkdir /etc/systemd/system/flex-gateway-agent.service.d/

Afterwards, create a configuration file within that directory and name it env.conf.

Finally, edit the file with vim using the following command:

sudo vi env.conf

Add Configuration Content

Add the content below to the env.conf file, after replacing the following sample content with your own:

  • <path-and-uuid-of-conf-file>.conf = the path and UUID of the .conf file that was created when you registered the gateway

  • <name-for-flex-replica> = a name for your Flex Replica

[Service]

Environment=FLEX_RTM_ARM_AGENT_CONFIG=<path-and-uuid-of-conf-file>.conf
Environment=FLEX_NAME=<name-for-flex-replica>

After you have added the content to the env.conf file, save the file with ESC + :wq.

Start Commands

Reload the env.conf configuration with the following command:

sudo systemctl daemon-reload

Start Flex Gateway with the following command:

sudo systemctl start flex-gateway

Verify that the Flex Gateway service is running successfully:

systemctl list-units flex-gateway*

You should see a list of services. Flex Gateway is successfully running if each service has a status of active.

  UNIT                              LOAD   ACTIVE SUB     DESCRIPTION
  flex-gateway-fluent-reloader.path loaded active waiting flex-gateway-fluent-reloader.path
  flex-gateway-agent.service        loaded active running flex-gateway-agent.service
  flex-gateway-envoy.service        loaded active running flex-gateway-envoy.service
  flex-gateway-fluent.service       loaded active running flex-gateway-fluent.service
  flex-gateway.service              loaded active exited  Application

Now if you check in Runtime Manager after clicking Flex Gateway in the left navigation, your gateway’s status is connected. You may need to refresh the page.

Currently, you cannot unregister or delete Flex Replicas from the Runtime Manager UI. If a Flex Replica in Connected Mode is stopped it will be removed from the UI in Runtime Manager after 30 days. Otherwise, it will appear in the Runtime Manager UI even if it is no longer running.

Register and Run with a Username and Password in a Docker Container

To register a Flex Gateway with Anypoint Platform you must enter the registration command and then the start command. Each command includes information specific to your Anypoint Platform instance and must be updated before executing. See Before You Begin for more information on how to find the information you will need.

Substitute Collected Information

Before executing the registration command, replace the following sample information with the information you collected:

  • --username = the username for an Anypoint Platform user with Read Servers and Manage Servers permissions for Runtime Manager

  • --password = the password for an Anypoint Platform user with Read Servers and Manage Servers permissions for Runtime Manager

  • --environment = the Environment Id for the environment in Anypoint Platform where you want the Flex Gateway to run

  • --organization = your Organization ID in Anypoint Platform

  • my-gateway = the name you want to assign to this Flex Gateway instance or replica

Registration Command

After replacing the sample content, register your Flex Gateway by executing the following command:

docker run --entrypoint flexctl -w /registration -v $(pwd):/registration mulesoft/flex-gateway \
register \
--username=<your-username> \
--password=<your-password> \
--environment=<your-environment-id> \
--connected=true \
--organization=<your-org-id> \
my-gateway
If you are in Europe you will need to add the --anypoint-url=https://eu1.anypoint.mulesoft.com flag to your command.

You should also see three new files where you executed the command, similar to the following:

  • 6eb79785-c2f0-4e06-b574-8a030a321d74.conf

  • 6eb79785-c2f0-4e06-b574-8a030a321d74.key

  • 6eb79785-c2f0-4e06-b574-8a030a321d74.pem

These generated files are credentials for you to connect your Flex Gateway. If you lose them you can no longer connect your Flex Gateway.

Determine the path where these files live by using the command, pwd, then save the path and the UUID, or name, of the .conf file for later use. For example, /Users/jane/flex-gateway/6eb79785-c2f0-4e06-b574-8a030a321d74.conf.

You should also see your new Flex Gateway in Runtime Manager after clicking Flex Gateway in the left navigation. The gateway’s status is disconnected for now. You need to start the gateway to connect it.

Start Command

Before executing the start command below, update the placeholder text with the absolute path to the directory with the .conf file, and the UUID of the .conf file. Additionally, update the FLEX_NAME to the name you want to assign to your Flex Replica.

docker run --rm \
-v <absolute-path-to-directory-with-conf-file>/:/etc/flex-gateway/rtm \
-p 8080:8080 \
-e FLEX_RTM_ARM_AGENT_CONFIG=/etc/flex-gateway/rtm/<UUID-of-your-file>.conf \
-e FLEX_NAME=<name-for-flex-replica> \
mulesoft/flex-gateway

Now if you check in Runtime Manager after clicking Flex Gateway in the left navigation, your gateway’s status is connected. You may need to refresh the page.

Currently, you cannot unregister or delete Flex Replicas from the Runtime Manager UI. If a Flex Replica in Connected Mode is stopped it will be removed from the UI in Runtime Manager after 30 days. Otherwise, it will appear in the Runtime Manager UI even if it is no longer running.

Register and Run with a Username and Password as a Kubernetes Ingress Controller

To register a Flex Gateway with Anypoint Platform as a Kubernetes ingress controller you must enter the registration command and then install the flex-gateway Helm chart into the gateway namespace. Each command includes information specific to your Anypoint Platform instance and must be updated before executing. See Before You Begin for more information on how to find the information you will need.

Substitute Collected Information

Before executing the registration command, replace the following sample information with the information you collected:

  • --username = the username for an Anypoint Platform user with Read Servers and Manage Servers permissions for Runtime Manager

  • --password = the password for an Anypoint Platform user with Read Servers and Manage Servers permissions for Runtime Manager

  • --environment = the Environment Id for the environment in Anypoint Platform where you want the Flex Gateway to run

  • --organization = your Organization ID in Anypoint Platform

  • my-gateway = the name you want to assign to this Flex Gateway instance or replica

Registration Command

After replacing the sample content, register your Flex Gateway by executing the following command:

docker run --entrypoint flexctl -w /registration -v $(pwd):/registration mulesoft/flex-gateway \
register \
--username=<your-username> \
--password=<your-password> \
--environment=<your-environment-id> \
--connected=true \
--organization=<your-org-id> \
my-gateway
If you are in Europe you will need to add the --anypoint-url=https://eu1.anypoint.mulesoft.com flag to your command.

You should also see three new files where you executed the command, similar to the following:

  • 6eb79785-c2f0-4e06-b574-8a030a321d74.conf

  • 6eb79785-c2f0-4e06-b574-8a030a321d74.key

  • 6eb79785-c2f0-4e06-b574-8a030a321d74.pem

These generated files are credentials for you to connect your Flex Gateway. If you lose them you can no longer connect your Flex Gateway.

You will need the UUIDs, or the filenames without the file type, of these files to create your Kubernetes secret later.

You should also see your new Flex Gateway in Runtime Manager after clicking Flex Gateway in the left navigation. The gateway’s status is disconnected for now. You need to start the gateway to connect it.

Install Helm Chart into the Namespace

  1. Create the namespace in which Flex Gateway will be installed:

    kubectl create namespace gateway
  2. Create a Kubernetes secret using the UUIDs from the files generated during registration:

    kubectl -n gateway create secret generic <UUID-of-your-file> \
    --from-file=platform.conf=<UUID-of-your-file>.conf \
    --from-file=platform.key=<UUID-of-your-file>.key \
    --from-file=platform.pem=<UUID-of-your-file>.pem
  3. Add the Flex Gateway Helm repository:

    helm repo add flex-gateway https://flex-packages.anypoint.mulesoft.com/helm
  4. Update the Helm repository using the following command:

    helm repo up
  5. Using Ingress, install the flex-gateway Helm chart into the gateway namespace. Specify the UUID from the filenames created for creating the Kubernetes secret.

    helm -n gateway upgrade -i --wait ingress flex-gateway/flex-gateway \
    --set registerSecretName=<UUID-of-your-file>

    The command returns something similar to the following:

    NAME: ingress
    LAST DEPLOYED: Tue Oct 19 13:08:07 2021
    NAMESPACE: gateway
    STATUS: deployed
    REVISION: 1
    TEST SUITE: None
  6. Verify apiinstances was created during installation:

    kubectl -n gateway get apiinstances

    The command returns output similar to the following:

    NAME            ADDRESS
    ingress-http    http://0.0.0.0:80
    ingress-https   http://0.0.0.0:443

Now if you check in Runtime Manager after clicking Flex Gateway in the left navigation, your gateway’s status is connected. You may need to refresh the page.

Currently, you cannot unregister or delete Flex Replicas from the Runtime Manager UI. If a Flex Replica in Connected Mode is stopped it will be removed from the UI in Runtime Manager after 30 days. Otherwise, it will appear in the Runtime Manager UI even if it is no longer running.

Helm Chart Configuration Options

The following table describes the configurable options of the Flex Gateway Ingress Controller Helm chart.

Parameter Default Value Description

image.pullPolicy

ifNotPresent

The pull policy for the Ingress Controller image.

Possible values: ifNotPresent, Always, Never

image.pullSecretName

The name of the secret that contains Docker registry credentials. The secret must exist in the same namespace as the helm release.

replicaCount

1

The number of Ingress Controller deployment replicas

autoscaling.enabled

false

Boolean indicating if the Horizontal Pod Autoscaler (HPA) is enabled

autoscaling.minReplicas

2

The minimum number of replicas that the scaler is allowed to create

autoscaling.maxReplicas

11

The maximum number of replicas that the scaler is allowed to create

autoscaling.targetCPUUtilizationPercentage

50

The average CPU usage percentage of all deployed pods

autoscaling.targetMemoryUtilizationPercentage

null

The average memory usage percentage of all deployed pods

resources.limits.cpu

500m

CPU resource limits in millicores

resources.limits.memory

256mi

Memory resource limits

service.enabled

true

Boolean indicating if a service to expose Ingress Controller pods is created

service.type

LoadBalancer

The type of Ingress Controller service to create.

Possible values: ClusterIP, NodePort, LoadBalancer, ExternalName

service.http.enabled

true

Boolean indicating if the HTTP port should be enabled for the Ingress Controller service

service.http.port

80

The Ingress Controller service HTTP port

service.https.enabled

true

Boolean indicating if the HTTPS port should be enabled for the Ingress Controller service

service.http.port

443

The Ingress Controller service HTTPS port

registerSecretName

null

The name of the secret containing the registration files

Was this article helpful?

💙 Thanks for your feedback!

Submit your feedback!
Share your thoughts to help us build the best documentation experience for you!
Take our latest survey!