Configuring Shared Storage for Flex Gateway in Connected Mode
Where possible, we changed noninclusive terms to align with our company value of Equality. We maintained certain terms to avoid any effect on customer implementations. |
Anypoint Flex Gateway enables you to configure shared storage for distributed caching and rate limiting policies. Redis also provides extra memory for caching.
Production workflows should use Redis. If Redis is not defined, shared storage services at port 4000 are still available but use an in-memory implementation. You must configure Redis for distributed policies to share data. All other policies use replica memory for storage.
You configure shared storage via a custom YAML file.
The following steps demonstrate Redis-based storage support for Flex Gateway running in a Docker container, as a Linux Service, or as a Kubernetes cluster.
To configure Redis Sentinel or a TLS connection to your Redis shared storage, refer to:
Configure Shared Storage for Flex Gateway as a Linux Service
-
Create a folder in the
/etc/mulesoft/flex-gateway/conf.d
directory and name itcustom
:sudo mkdir /etc/mulesoft/flex-gateway/conf.d/custom
-
Create a YAML configuration file in the
custom
folder:sudo touch /etc/mulesoft/flex-gateway/conf.d/custom/shared-storage-config.yaml
-
Update the file with your Redis storage configuration details. For example:
sudo vi /etc/mulesoft/flex-gateway/conf.d/custom/shared-storage-config.yaml
Sample configuration for adding Redis-based shared storage:
apiVersion: gateway.mulesoft.com/v1alpha1 kind: Configuration metadata: name: shared-storage-redis spec: sharedStorage: redis: address: redis.e-commerce.svc:6379 username: ecomm-user password: ecomm-pwd-123 DB: 7
Configure Shared Storage for Flex Gateway in a Docker Container
If you have already added a volume for a folder with your Flex Gateway configuration files, skip to the last step. |
-
Stop your Flex Gateway and any replicas.
-
Create a folder named
app
in the directory with your Flex Gateway configuration files. -
Restart your Flex Gateway with an additional volume for the new
app
directory:docker run --rm \ -v "$(pwd)":/usr/local/share/mulesoft/flex-gateway/conf.d \ -p 8080:8080 \ mulesoft/flex-gateway
Specify an optional name you want to assign to your Flex Replica by including the following: -e FLEX_NAME=<name-for-flex-replica> \
. -
Create and save a YAML configuration file in your
app
folder with your shared storage details.Sample configuration for adding Redis-based shared storage:
apiVersion: gateway.mulesoft.com/v1alpha1 kind: Configuration metadata: name: shared-storage-redis spec: sharedStorage: redis: address: redis.e-commerce.svc:6379 username: ecomm-user password: ecomm-pwd-123 DB: 7
Configure Shared Storage for Flex Gateway in a Kubernetes Cluster
To configure shared storage for Flex Gateway, create a new resource using a YAML configuration file with your storage details.
Sample configuration for adding Redis-based shared storage:
apiVersion: gateway.mulesoft.com/v1alpha1
kind: Configuration
metadata:
name: shared-storage-redis
spec:
sharedStorage:
redis:
address: redis.e-commerce.svc:6379
username: ecomm-user
password: ecomm-pwd-123
DB: 7
Configure Redis Sentinel
Redis Sentinel provides high availability for Redis shared storage. For more information about Redis Sentinel, refer to Redi Sentinel.
Configure Redis Sentinel using the steps described in the previous sections.
Sample configuration for adding Redis Sentinel:
apiVersion: gateway.mulesoft.com/v1alpha1
kind: Configuration
metadata:
name: shared-storage
namespace: test-ns
spec:
sharedStorage:
redis:
username: "user"
password: "pass"
sentinel:
addresses:
- internal.redis.com:6379
masterName: "name"
password: "pass"
db: 0
Configure TLS for Redis-Based Shared Storage
Use TLS with Redis to ensure data security between Flex Gateway and the Redis instance. Configuring TLS enables you to protect sensitive data, prevent unauthorized access, and maintain the reliability of your services. Additionally, configuring TLS helps organizations meet compliance requirements and build trust with users.
TLS works with both Redis and Redis Sentinel.
Configure TLS for Redis-based shared storage using the steps described in the previous sections.
Sample configuration for adding Redis-based shared storage with TLS:
apiVersion: gateway.mulesoft.com/v1alpha1
kind: Configuration
metadata:
name: shared-storage-redis
spec:
sharedStorage:
redis:
address: internal.redis.com:6379
tls:
skipValidation: false
minVersion: "1.1"
maxVersion: "1.3"
alpn:
- h2
- http/1.1
ciphers:
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
trustedCA: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
certificate:
keyPassphrase: "****"
key: |
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
crt: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
For information about configuration parameters, see the Declarative Configuration Reference (Shared Storage).