Contact Us 1-800-596-4880

Configuring Shared Storage for Flex Gateway in Connected Mode

Where possible, we changed noninclusive terms to align with our company value of Equality. We maintained certain terms to avoid any effect on customer implementations.

Anypoint Flex Gateway enables you to configure shared storage for distributed caching and rate limiting policies. Redis also provides extra memory for caching.

Production workflows should use Redis. If Redis is not defined, shared storage services at port 4000 are still available but use an in-memory implementation. You must configure Redis for distributed policies to share data. All other policies use replica memory for storage.

You configure shared storage via a custom YAML file.

The following steps demonstrate Redis-based storage support for Flex Gateway running in a Docker container, as a Linux Service, or as a Kubernetes cluster.

To configure Redis Sentinel or a TLS connection to your Redis shared storage, refer to:

20%

25%

20%

Before You Begin

Before configuring shared storage for Flex Gateway, complete the following tasks:

Configure Shared Storage for Flex Gateway as a Linux Service

  1. Create a folder in the /etc/mulesoft/flex-gateway/conf.d directory and name it custom:

    sudo mkdir /etc/mulesoft/flex-gateway/conf.d/custom
  2. Create a YAML configuration file in the custom folder:

    sudo touch /etc/mulesoft/flex-gateway/conf.d/custom/shared-storage-config.yaml
  3. Update the file with your Redis storage configuration details. For example:

    sudo vi /etc/mulesoft/flex-gateway/conf.d/custom/shared-storage-config.yaml

    Sample configuration for adding Redis-based shared storage:

    apiVersion: gateway.mulesoft.com/v1alpha1
    kind: Configuration
    metadata:
     name: shared-storage-redis
    spec:
     sharedStorage:
       redis:
         address: redis.e-commerce.svc:6379
         username: ecomm-user
         password: ecomm-pwd-123
         DB: 7

Configure Shared Storage for Flex Gateway in a Docker Container

If you have already added a volume for a folder with your Flex Gateway configuration files, skip to the last step.
  1. Stop your Flex Gateway and any replicas.

  2. Create a folder named app in the directory with your Flex Gateway configuration files.

  3. Restart your Flex Gateway with an additional volume for the new app directory:

    docker run --rm \
    -v "$(pwd)":/usr/local/share/mulesoft/flex-gateway/conf.d \
    -p 8080:8080 \
    mulesoft/flex-gateway
    Specify an optional name you want to assign to your Flex Replica by including the following: -e FLEX_NAME=<name-for-flex-replica> \.
  4. Create and save a YAML configuration file in your app folder with your shared storage details.

    Sample configuration for adding Redis-based shared storage:

    apiVersion: gateway.mulesoft.com/v1alpha1
    kind: Configuration
    metadata:
     name: shared-storage-redis
    spec:
     sharedStorage:
       redis:
         address: redis.e-commerce.svc:6379
         username: ecomm-user
         password: ecomm-pwd-123
         DB: 7

Configure Shared Storage for Flex Gateway in a Kubernetes Cluster

To configure shared storage for Flex Gateway, create a new resource using a YAML configuration file with your storage details.

Sample configuration for adding Redis-based shared storage:

apiVersion: gateway.mulesoft.com/v1alpha1
kind: Configuration
metadata:
 name: shared-storage-redis
spec:
 sharedStorage:
   redis:
     address: redis.e-commerce.svc:6379
     username: ecomm-user
     password: ecomm-pwd-123
     DB: 7

Configure Redis Sentinel

Redis Sentinel provides high availability for Redis shared storage. For more information about Redis Sentinel, refer to Redi Sentinel.

Configure Redis Sentinel using the steps described in the previous sections.

Sample configuration for adding Redis Sentinel:

apiVersion: gateway.mulesoft.com/v1alpha1
kind: Configuration
metadata:
  name: shared-storage
  namespace: test-ns
spec:
  sharedStorage:
    redis:
      username: "user"
      password: "pass"
      sentinel:
        addresses:
          - internal.redis.com:6379
        masterName: "name"
        password: "pass"
      db: 0

Configure TLS for Redis-Based Shared Storage

Use TLS with Redis to ensure data security between Flex Gateway and the Redis instance. Configuring TLS enables you to protect sensitive data, prevent unauthorized access, and maintain the reliability of your services. Additionally, configuring TLS helps organizations meet compliance requirements and build trust with users.

TLS works with both Redis and Redis Sentinel.

Configure TLS for Redis-based shared storage using the steps described in the previous sections.

Sample configuration for adding Redis-based shared storage with TLS:

apiVersion: gateway.mulesoft.com/v1alpha1
kind: Configuration
metadata:
  name: shared-storage-redis
spec:
  sharedStorage:
    redis:
      address: internal.redis.com:6379
      tls:
        skipValidation: false
        minVersion: "1.1"
        maxVersion: "1.3"
        alpn:
          - h2
          - http/1.1
        ciphers:
          - TLS_AES_128_GCM_SHA256
          - TLS_AES_256_GCM_SHA384
          - TLS_CHACHA20_POLY1305_SHA256
          - TLS_RSA_WITH_3DES_EDE_CBC_SHA
          - TLS_RSA_WITH_AES_128_CBC_SHA
          - TLS_RSA_WITH_AES_256_CBC_SHA
          - TLS_RSA_WITH_AES_128_CBC_SHA256
          - TLS_RSA_WITH_AES_128_GCM_SHA256
          - TLS_RSA_WITH_AES_256_GCM_SHA384
          - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
          - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
          - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
          - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
          - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
          - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
          - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
          - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
          - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
          - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
        trustedCA: |
          -----BEGIN CERTIFICATE-----
          ...
          -----END CERTIFICATE-----

        certificate:
          keyPassphrase: "****"
          key: |
            -----BEGIN RSA PRIVATE KEY-----
            ...
            -----END RSA PRIVATE KEY-----

          crt: |
            -----BEGIN CERTIFICATE-----
            ...
            -----END CERTIFICATE-----

For information about configuration parameters, see the Declarative Configuration Reference (Shared Storage).