salesforce Dreamforce On-Demand
Contact Us 1-800-596-4880
  1. Homepage
  2. Flex Gateway (1.6)
  3. Register and Run in Connected Mode

  4. With a Connected App

Registering and Running in Connected Mode with a Connected App

Before You Begin

Before registering Flex Gateway, you must complete the following tasks:

  • Configure a Connected App

    • Include the following scopes:

      • Read Servers

      • Manage Servers

      • View Organization

    • Save the Id and Secret of the Connected app you configure.

  • Install a Flex Gateway

  • Request Manage Servers and Read Servers permissions in Runtime Manager from your Anypoint Platform admin

  • Collect the following information from your Anypoint Platform instance:

    • The Organization ID for the organization where you want to run Flex Gateway

      See Find your Organization ID for more information on how to find your Organization ID.

    • The Environment ID for the environment where you want to run Flex Gateway

      See What API Manager Looks Like for more information on how to find your Environment ID.

Register and Run with a Connected App as a Linux Service

To register a Flex Gateway with Anypoint Platform, you must enter the registration command and then the start command. Each command includes information specific to your Anypoint Platform instance and must be updated before executing. See Before You Begin for more information on how to find the information you will need.

  • --client-id = the Id for the Connected App you configured in Access Management

  • --client-secret = the Secret for the Connected App you configured in Access Management

  • --environment = the Environment Id for the environment in Anypoint Platform where you want the Flex Gateway to run

  • --organization = your Organization ID in Anypoint Platform

  • --split (optional) = the flag that determines whether registration information should split into multiple files. The default value is false.

    If split is set to true, registration information is split into two files: registration.yaml and certificate.yaml. If false, all registration information is contained in one file: registration.yaml.

  • --output-directory (optional) = the directory in which registration information is output

  • my-gateway = the name you want to assign the gateway cluster

Register Flex Gateway

Register your Flex Gateway instance using the data that you gathered for the command options.

flexctl register \
--client-id=<your-connected-app-client-id> \
--client-secret=<your-connected-app-client-secret> \
--environment=<your-environment-id> \
--connected=true \
--organization=<your-org-id> \
--output-directory=/usr/local/share/mulesoft/flex-gateway/conf.d \
my-gateway

Use sudo if you encounter file permission issues when running this command.

If you are in Europe you will need to add the --anypoint-url=https://eu1.anypoint.mulesoft.com flag to your command.

In the output directory, you should see the following new registration file(s):

  • registration.yaml

  • certificate.yaml (generated only if the split registration parameter is set to true, otherwise certificate information will be contained in registration.yaml)

These generated files are credentials for you to connect your Flex Gateway. If you lose them you can no longer connect your Flex Gateway.

In Runtime Manager, click ← Flex Gateway in the left navigation to find your gateway in the UI. Notice that your gateway’s status is Disconnected. Refresh the page, if necessary.

Start Commands

Start Flex Gateway with the following command:

sudo systemctl start flex-gateway

Verify that the Flex Gateway service is running successfully:

systemctl list-units flex-gateway*

If flex-gateway.service has a status of active, Flex Gateway is successfully running.

  UNIT                              LOAD   ACTIVE SUB     DESCRIPTION
  flex-gateway.service              loaded active running Application

In Runtime Manager, click ← Flex Gateway in the left navigation to find your new gateway in the UI. Notice that your gateway’s current status is Connected. Refresh the page, if necessary.

After 30 days, a stopped or deleted gateway is removed from the Runtime Manager UI. Otherwise, the UI continues to list the gateway even if it is no longer running or connected.

Register and Run with a Connected App in a Container

You can register and run Flex Gateway for use in one of the following containers:

15%

12%

Docker

Podman

Register and Run with a Connected App in a Docker Container

To register a Flex Gateway with Anypoint Platform, you must enter the registration command and then the start command. Each command includes information specific to your Anypoint Platform instance and must be updated before executing. See Before You Begin for more information on how to find the information you will need.

Collect Your Registration Data

Before registering your Flex Gateway instance, collect information for the following registration command options:

  • --client-id = the Id for the Connected App you configured in Access Management

  • --client-secret = the Secret for the Connected App you configured in Access Management

  • --environment = the Environment Id for the environment in Anypoint Platform where you want the Flex Gateway to run

  • --organization = your Organization ID in Anypoint Platform

  • --split (optional) = the flag that determines whether registration information should split into multiple files. The default value is false.

    If split is set to true, registration information is split into two files: registration.yaml and certificate.yaml. If false, all registration information is contained in one file: registration.yaml.

  • --output-directory (optional) = the directory in which registration information is output

  • my-gateway = the name you want to assign the gateway cluster

Register Flex Gateway

Register your Flex Gateway instance using the data that you gathered for the command options.

Create a new directory called flex-registration (or similar) and then run the registration command in this new directory. The command creates registration files in this location. 
docker run --entrypoint flexctl \
-v "$(pwd)":/registration -u $UID mulesoft/flex-gateway \
register \
--client-id=<your-connected-app-client-id> \
--client-secret=<your-connected-app-client-secret> \
--environment=<your-environment-id> \
--connected=true \
--organization=<your-org-id> \
--output-directory=/registration \
my-gateway

Use sudo if you encounter file permission issues when running this command.

If you are in Europe you will need to add the --anypoint-url=https://eu1.anypoint.mulesoft.com flag to your command.

In the output directory, you should see the following new registration file(s):

  • registration.yaml

  • certificate.yaml (generated only if the split registration parameter is set to true, otherwise certificate information will be contained in registration.yaml)

These generated files are credentials for you to connect your Flex Gateway. If you lose them you can no longer connect your Flex Gateway.

In Runtime Manager, click ← Flex Gateway in the left navigation to find your gateway in the UI. Notice that your gateway’s status is Disconnected. Refresh the page, if necessary.

Start Command

Run the following start command in the same directory where you ran the registration command:

docker run --rm \
-v "$(pwd)":/usr/local/share/mulesoft/flex-gateway/conf.d \
-p 8080:8080 \
mulesoft/flex-gateway
Specify an optional name you want to assign to your Flex Replica by including the following: -e FLEX_NAME=<name-for-flex-replica> \.

In Runtime Manager, click ← Flex Gateway in the left navigation to find your new gateway in the UI. Notice that your gateway’s current status is Connected. Refresh the page, if necessary.

After 30 days, a stopped or deleted gateway is removed from the Runtime Manager UI. Otherwise, the UI continues to list the gateway even if it is no longer running or connected.

Register and Run with a Connected App in a Podman Container

To register a Flex Gateway with Anypoint Platform, you must enter the registration command and then the start command. Each command includes information specific to your Anypoint Platform instance and must be updated before executing. See Before You Begin for more information on how to find the information you will need.

Collect Your Registration Data

Before registering your Flex Gateway instance, collect information for the following registration command options:

  • --client-id = the Id for the Connected App you configured in Access Management

  • --client-secret = the Secret for the Connected App you configured in Access Management

  • --environment = the Environment Id for the environment in Anypoint Platform where you want the Flex Gateway to run

  • --organization = your Organization ID in Anypoint Platform

  • --split (optional) = the flag that determines whether registration information should split into multiple files. The default value is false.

    If split is set to true, registration information is split into two files: registration.yaml and certificate.yaml. If false, all registration information is contained in one file: registration.yaml.

  • --output-directory (optional) = the directory in which registration information is output

  • my-gateway = the name you want to assign the gateway cluster

Register Flex Gateway

Register your Flex Gateway instance using the data that you gathered for the command options.

Create a new directory called flex-registration (or similar) and then run the registration command in this new directory. The command creates registration files in this location. 
podman run --entrypoint flexctl --userns=keep-id \
-v "$(pwd)":/registration:Z -u $UID docker.io/mulesoft/flex-gateway \
register \
--client-id=<your-connected-app-client-id> \
--client-secret=<your-connected-app-client-secret> \
--environment=<your-environment-id> \
--connected=true \
--organization=<your-org-id> \
--output-directory=/registration \
my-gateway

Use sudo if you encounter file permission issues when running this command.

If you are in Europe you will need to add the --anypoint-url=https://eu1.anypoint.mulesoft.com flag to your command.

In the output directory, you should see the following new registration file(s):

  • registration.yaml

  • certificate.yaml (generated only if the split registration parameter is set to true, otherwise certificate information will be contained in registration.yaml)

These generated files are credentials for you to connect your Flex Gateway. If you lose them you can no longer connect your Flex Gateway.

In Runtime Manager, click ← Flex Gateway in the left navigation to find your gateway in the UI. Notice that your gateway’s status is Disconnected. Refresh the page, if necessary.

Start Command

Run the following start command in the same directory where you ran the registration command:

podman run --rm \
-v "$(pwd)":/usr/local/share/mulesoft/flex-gateway/conf.d \
-p 8080:8080 \
docker.io/mulesoft/flex-gateway
Specify an optional name you want to assign to your Flex Replica by including the following: -e FLEX_NAME=<name-for-flex-replica> \.

In Runtime Manager, click ← Flex Gateway in the left navigation to find your new gateway in the UI. Notice that your gateway’s current status is Connected. Refresh the page, if necessary.

After 30 days, a stopped or deleted gateway is removed from the Runtime Manager UI. Otherwise, the UI continues to list the gateway even if it is no longer running or connected.

Register and Run with a Connected App in a Kubernetes Cluster

Register Flex Gateway, and then use Helm to deploy Flex Gateway to a node in your cluster and connect to Anypoint Platform. After deploying, use Runtime Manager to verify that the gateway is present and connected to Anypoint Platform.

When deploying Flex Gateway to a Kubernetes cluster that enables role-based access control (RBAC), you must have cluster-level permissions to permit installation of custom resource definitions (CRDs) used by Flex Gateway.

Complete the following steps:

  1. Collect Your Registration Data

  2. Register Flex Gateway

  3. Install Helm Chart into the Namespace

In Connected Mode, Flex Gateway typically serves as an ingress or Edge API gateway that receives traffic from outside of the cluster. Flex Gateway can also act as a standalone gateway for internal (east-west) services.

Most management takes place within Anypoint Platform:

  • Deploy APIs to your cluster.

  • Apply policies and other configurations.

  • Create resources (with the exception of Configuration and Service resources).

In Connected Mode, resource creation through kubectl apply is possible but restricted to the following resource types: Configuration, Service, Extension, and PolicyBinding of types tls, tls-inbound, and tls-outbound. For more info about resources, see Declarative Configuration Reference Guide.

Collect Your Registration Data

Before registering your Flex Gateway instance, collect information for the following registration command options:

  • --client-id = the Id for the Connected App you configured in Access Management

  • --client-secret = the Secret for the Connected App you configured in Access Management

  • --environment = the Environment Id for the environment in Anypoint Platform where you want the Flex Gateway to run

  • --organization = your Organization ID in Anypoint Platform

  • --split (optional) = the flag that determines whether registration information should split into multiple files. The default value is false.

    If split is set to true, registration information is split into two files: registration.yaml and certificate.yaml. If false, all registration information is contained in one file: registration.yaml.

  • --output-directory (optional) = the directory in which registration information is output

  • my-gateway = the name you want to assign the gateway cluster

Register Flex Gateway

Register your Flex Gateway instance using the data that you gathered for the command options.

You can register using one of the following container runtimes:

Docker

Run the following command to register using Docker:

docker run --entrypoint flexctl \
-v "$(pwd)":/registration -u $UID mulesoft/flex-gateway \
register \
--client-id=<your-connected-app-client-id> \
--client-secret=<your-connected-app-client-secret> \
--environment=<your-environment-id> \
--connected=true \
--organization=<your-org-id> \
--output-directory=/registration \
my-gateway

Use sudo if you encounter file permission issues when running this command.

If you are in Europe you will need to add the --anypoint-url=https://eu1.anypoint.mulesoft.com flag to your command.

In the output directory, you should see the following new registration file(s):

  • registration.yaml

  • certificate.yaml (generated only if the split registration parameter is set to true, otherwise certificate information will be contained in registration.yaml)

These generated files are credentials for you to connect your Flex Gateway. If you lose them you can no longer connect your Flex Gateway.

In Runtime Manager, click ← Flex Gateway in the left navigation to find your gateway in the UI. Notice that your gateway’s status is Disconnected. Refresh the page, if necessary.

Podman

Run the following command to register using Podman:

podman run --entrypoint flexctl --userns=keep-id \
-v "$(pwd)":/registration:Z -u $UID docker.io/mulesoft/flex-gateway \
register \
--client-id=<your-connected-app-client-id> \
--client-secret=<your-connected-app-client-secret> \
--environment=<your-environment-id> \
--connected=true \
--organization=<your-org-id> \
--output-directory=/registration \
my-gateway

Use sudo if you encounter file permission issues when running this command.

If you are in Europe you will need to add the --anypoint-url=https://eu1.anypoint.mulesoft.com flag to your command.

In the output directory, you should see the following new registration file(s):

  • registration.yaml

  • certificate.yaml (generated only if the split registration parameter is set to true, otherwise certificate information will be contained in registration.yaml)

These generated files are credentials for you to connect your Flex Gateway. If you lose them you can no longer connect your Flex Gateway.

In Runtime Manager, click ← Flex Gateway in the left navigation to find your gateway in the UI. Notice that your gateway’s status is Disconnected. Refresh the page, if necessary.

Install Helm Chart into the Namespace

A Helm chart installs Flex Gateway, monitoring tools, and applications. A minimum Helm version of 3.0.0 is required. Refer to Helm Chart Settings for configuration options.

  1. Add a Helm repository named flex-gateway for your chart:

    helm repo add flex-gateway https://flex-packages.anypoint.mulesoft.com/helm

    The command either adds the repository or skips this process if a Helm repository with that name already exists on your machine:

    • If the repository is new, the command returns the following message:

      "flex-gateway" has been added to your repositories

    • If the repository already exists, the command returns the following message:

      "flex-gateway" already exists with the same configuration, skipping

  2. Run helm repo up.

    The command returns the following message:

    Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "flex-gateway" chart repository
Update Complete. ⎈Happy Helming!⎈

    If you have more than one Helm repository on your machine, the message in your terminal window lists all of the repositories.

  3. Run the Helm command for deploying your gateway in Connected Mode:

    helm -n gateway upgrade -i --create-namespace \
--wait ingress flex-gateway/flex-gateway \
--set gateway.mode=connected \
--set-file registration.content=registration.yaml

    This command creates the gateway namespace and a release named ingress if they do not exist. You can use names of your choice for your namespace and release. The command syntax for the Helm repository and chart names is <helm-repo-name>/<helm-chart-name>.

    The command uses --set gateway.mode=connected because the default for the Helm chart is Local Mode.

    When you install Flex Gateway, a Service type LoadBalancer is created by default. You must have the appropriate permissions to create a load balancer in your cloud. If the load balancer is not provisioned or has issues with the provisioning process, you must choose another type by changing the service.type property during the installation.

    When successful, the command prints a message indicating an upgrade to your ingress release:

    Release "ingress" does not exist. Installing it now.
NAME: ingress
LAST DEPLOYED: Mon Mar 20 21:36:19 2023
NAMESPACE: gateway
STATUS: deployed
REVISION: 1
TEST SUITE: None

    The REVISION value increments the ingress release by 1 each time you run this command with the same namespace, repository, and chart names. For example, if you run the command a second time, you find a new revision number (REVISION: 2). The LAST DEPLOYED date reflects the date of that revision.

In Runtime Manager, click ← Flex Gateway in the left navigation to find your new gateway in the UI. Notice that your gateway’s current status is Connected. Refresh the page, if necessary.

After 30 days, a stopped or deleted gateway is removed from the Runtime Manager UI. Otherwise, the UI continues to list the gateway even if it is no longer running or connected.

Helm Chart Settings

To modify the default Helm settings with new values, such as resource values for CPU and memory settings, see Update Pod Settings for a Flex Gateway Deployment Through a Helm Chart. For additional Helm chart configurations, see Manage Kubernetes Deployments.

Before modifying a Helm chart for a Flex Gateway deployment, review the default Helm chart settings:

  • Open the flex-gateway page in ArtifactHUB

  • Run helm show values <repository-name>/<chart-name> from a terminal window.

    Example:
    helm show values flex-gateway/flex-gateway

    The example returns default values of a repository and chart with the same name.

To view the Helm chart README, run helm show readme <repository-name>/<chart-name> from a terminal window.

Example:
helm show readme flex-gateway/flex-gateway

Register and Run with a Connected App in an OpenShift Cluster

Register Flex Gateway, and then use Helm to deploy Flex Gateway to a node in your cluster and connect to Anypoint Platform. After deploying, use Runtime Manager to verify that the gateway is present and connected to Anypoint Platform.

When deploying Flex Gateway to a Kubernetes cluster that enables role-based access control (RBAC), you must have cluster-level permissions to permit installation of custom resource definitions (CRDs) used by Flex Gateway. In OpenShift, the cluster-admin role provides this level of access.

From the command line, OpenShift procedures match Kubernetes procedures. Complete the following steps:

  1. Collect Your Registration Data

  2. Register Flex Gateway

  3. Install Helm Chart into the Namespace

In Connected Mode, Flex Gateway typically serves as an ingress or Edge API gateway that receives traffic from outside of the cluster. Flex Gateway can also act as a standalone gateway for internal (east-west) services.

Most management takes place within Anypoint Platform:

  • Deploy APIs to your cluster.

  • Apply policies and other configurations.

  • Create resources (with the exception of Configuration and Service resources).

In Connected Mode, resource creation through kubectl apply is possible but restricted to the following resource types: Configuration, Service, Extension, and PolicyBinding of types tls, tls-inbound, and tls-outbound. For more info about resources, see Declarative Configuration Reference Guide.

Collect Your Registration Data

Before registering your Flex Gateway instance, collect information for the following registration command options:

  • --client-id = the Id for the Connected App you configured in Access Management

  • --client-secret = the Secret for the Connected App you configured in Access Management

  • --environment = the Environment Id for the environment in Anypoint Platform where you want the Flex Gateway to run

  • --organization = your Organization ID in Anypoint Platform

  • --split (optional) = the flag that determines whether registration information should split into multiple files. The default value is false.

    If split is set to true, registration information is split into two files: registration.yaml and certificate.yaml. If false, all registration information is contained in one file: registration.yaml.

  • --output-directory (optional) = the directory in which registration information is output

  • my-gateway = the name you want to assign the gateway cluster

Register Flex Gateway

Register your Flex Gateway instance using the data that you gathered for the command options.

You can register using one of the following container runtimes:

Docker

Run the following command to register using Docker:

docker run --entrypoint flexctl \
-v "$(pwd)":/registration -u $UID mulesoft/flex-gateway \
register \
--client-id=<your-connected-app-client-id> \
--client-secret=<your-connected-app-client-secret> \
--environment=<your-environment-id> \
--connected=true \
--organization=<your-org-id> \
--output-directory=/registration \
my-gateway

Use sudo if you encounter file permission issues when running this command.

If you are in Europe you will need to add the --anypoint-url=https://eu1.anypoint.mulesoft.com flag to your command.

In the output directory, you should see the following new registration file(s):

  • registration.yaml

  • certificate.yaml (generated only if the split registration parameter is set to true, otherwise certificate information will be contained in registration.yaml)

These generated files are credentials for you to connect your Flex Gateway. If you lose them you can no longer connect your Flex Gateway.

In Runtime Manager, click ← Flex Gateway in the left navigation to find your gateway in the UI. Notice that your gateway’s status is Disconnected. Refresh the page, if necessary.

Podman

Run the following command to register using Podman:

podman run --entrypoint flexctl --userns=keep-id \
-v "$(pwd)":/registration:Z -u $UID docker.io/mulesoft/flex-gateway \
register \
--client-id=<your-connected-app-client-id> \
--client-secret=<your-connected-app-client-secret> \
--environment=<your-environment-id> \
--connected=true \
--organization=<your-org-id> \
--output-directory=/registration \
my-gateway

Use sudo if you encounter file permission issues when running this command.

If you are in Europe you will need to add the --anypoint-url=https://eu1.anypoint.mulesoft.com flag to your command.

In the output directory, you should see the following new registration file(s):

  • registration.yaml

  • certificate.yaml (generated only if the split registration parameter is set to true, otherwise certificate information will be contained in registration.yaml)

These generated files are credentials for you to connect your Flex Gateway. If you lose them you can no longer connect your Flex Gateway.

In Runtime Manager, click ← Flex Gateway in the left navigation to find your gateway in the UI. Notice that your gateway’s status is Disconnected. Refresh the page, if necessary.

Install Helm Chart into the Namespace

A Helm chart installs Flex Gateway, monitoring tools, and applications. A minimum Helm version of 3.0.0 is required. Refer to Helm Chart Settings for configuration options.

  1. Add a Helm repository named flex-gateway for your chart:

    helm repo add flex-gateway https://flex-packages.anypoint.mulesoft.com/helm

    The command either adds the repository or skips this process if a Helm repository with that name already exists on your machine:

    • If the repository is new, the command returns the following message:

      "flex-gateway" has been added to your repositories

    • If the repository already exists, the command returns the following message:

      "flex-gateway" already exists with the same configuration, skipping

  2. Run helm repo up.

    The command returns the following message:

    Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "flex-gateway" chart repository
Update Complete. ⎈Happy Helming!⎈

    If you have more than one Helm repository on your machine, the message in your terminal window lists all of the repositories.

  3. Run the Helm command for deploying your gateway in Connected Mode:

    helm -n gateway upgrade -i --create-namespace \
--wait ingress flex-gateway/flex-gateway \
--set gateway.mode=connected \
--set-file registration.content=registration.yaml

    This command creates the gateway namespace and a release named ingress if they do not exist. You can use names of your choice for your namespace and release. The command syntax for the Helm repository and chart names is <helm-repo-name>/<helm-chart-name>.

    The command uses --set gateway.mode=connected because the default for the Helm chart is Local Mode.

    When you install Flex Gateway, a Service type LoadBalancer is created by default. You must have the appropriate permissions to create a load balancer in your cloud. If the load balancer is not provisioned or has issues with the provisioning process, you must choose another type by changing the service.type property during the installation.

    When successful, the command prints a message indicating an upgrade to your ingress release:

    Release "ingress" does not exist. Installing it now.
NAME: ingress
LAST DEPLOYED: Mon Mar 20 21:36:19 2023
NAMESPACE: gateway
STATUS: deployed
REVISION: 1
TEST SUITE: None

    The REVISION value increments the ingress release by 1 each time you run this command with the same namespace, repository, and chart names. For example, if you run the command a second time, you find a new revision number (REVISION: 2). The LAST DEPLOYED date reflects the date of that revision.

In Runtime Manager, click ← Flex Gateway in the left navigation to find your new gateway in the UI. Notice that your gateway’s current status is Connected. Refresh the page, if necessary.

After 30 days, a stopped or deleted gateway is removed from the Runtime Manager UI. Otherwise, the UI continues to list the gateway even if it is no longer running or connected.

Helm Chart Settings

To modify the default Helm settings with new values, such as resource values for CPU and memory settings, see Update Pod Settings for a Flex Gateway Deployment Through a Helm Chart. For additional Helm chart configurations, see Manage Kubernetes Deployments.

Before modifying a Helm chart for a Flex Gateway deployment, review the default Helm chart settings:

  • Open the flex-gateway page in ArtifactHUB

  • Run helm show values <repository-name>/<chart-name> from a terminal window.

    Example:
    helm show values flex-gateway/flex-gateway

    The example returns default values of a repository and chart with the same name.

To view the Helm chart README, run helm show readme <repository-name>/<chart-name> from a terminal window.

Example:
helm show readme flex-gateway/flex-gateway

See Also