Registering and Running in Local Mode with a Connected App
Before You Begin
Before registering Flex Gateway, you must complete the following tasks:
-
-
Include the following scopes:
-
Read Servers
-
Manage Servers
-
View Organization
-
-
Save the Id and Secret of the Connected app you configure.
-
-
Request Manage Servers and Read Servers permissions in Runtime Manager from your Anypoint Platform admin
-
Collect the following information from your Anypoint Platform instance:
-
The Organization ID for the organization where you want to run Flex Gateway
See Find your Organization ID for more information on how to find your Organization ID.
-
The Environment ID for the environment where you want to run Flex Gateway
See What API Manager Looks Like for more information on how to find your Environment ID.
-
Register and Run with a Connected App as a Linux Service
Flex Gateway runs on the following Long Term Support (LTS) versions of Linux:
-
Amazon Linux 2023
-
CentOS 8
-
Debian (Bullseye, Bookworm)
-
Red Hat Enterprise Linux (9)
-
Red Hat Enterprise Linux (9) on IBM Power (ppc64le)
-
SUSE Linux Enterprise (SLES 15 SP3)
-
SUSE Linux Enterprise (SLES 15 SP3) on IBM Power (ppc64le)
-
Ubuntu (Focal, Jammy)
To register a Flex Gateway with Anypoint Platform, you must enter the registration command and then the start command. Each command includes information specific to your Anypoint Platform instance and must be updated before executing. See Before You Begin for more information on how to find the information you will need.
Collect Your Registration Data
Before registering your Flex Gateway instance, collect information for the following registration command options:
-
--client-id
= the Id for the Connected App you configured in Access Management -
--client-secret
= the Secret for the Connected App you configured in Access Management -
--environment
= the Environment Id for the environment in Anypoint Platform where you want the Flex Gateway to run -
--organization
= your Organization ID in Anypoint Platform -
--split
(optional) = the flag that determines whether registration information should split into multiple files. The default value isfalse
.If
split
is set totrue
, registration information is split into two files:registration.yaml
andcertificate.yaml
. Iffalse
, all registration information is contained in one file:registration.yaml
. -
--output-directory
(optional) = the directory in which registration information is output -
my-gateway
= the name you want to assign the gateway cluster
Register Flex Gateway
Register your Flex Gateway instance using the data that you gathered for the command options.
flexctl registration create \
--client-id=<your-connected-app-client-id> \
--client-secret=<your-connected-app-client-secret> \
--environment=<your-environment-id> \
--organization=<your-org-id> \
--output-directory=/usr/local/share/mulesoft/flex-gateway/conf.d \
my-gateway
Use sudo
if you encounter file permission issues when running this command.
If you are in Europe you will need to add the --anypoint-url=https://eu1.anypoint.mulesoft.com flag
to your command.
|
In the output directory, you should see the following new registration file(s):
-
registration.yaml
-
certificate.yaml
(generated only if thesplit
registration parameter is set totrue
, otherwise certificate information will be contained inregistration.yaml
)
These generated files are credentials for you to connect your Flex Gateway. If you lose them you can no longer connect your Flex Gateway. |
Start Commands
Start Flex Gateway with the following command:
sudo systemctl start flex-gateway
Verify that the Flex Gateway service is running successfully:
systemctl list-units flex-gateway*
If flex-gateway.service
has a status of active
, Flex Gateway is successfully running.
UNIT LOAD ACTIVE SUB DESCRIPTION
flex-gateway.service loaded active running Application
Register and Run with a Connected App in a Container
You can register and run Flex Gateway for use in one of the following containers:
Register and Run with a Connected App in a Docker Container
To register a Flex Gateway with Anypoint Platform, you must enter the registration command and then the start command. Each command includes information specific to your Anypoint Platform instance and must be updated before executing. See Before You Begin for more information on how to find the information you will need.
Collect Your Registration Data
Before registering your Flex Gateway instance, collect information for the following registration command options:
-
--client-id
= the Id for the Connected App you configured in Access Management -
--client-secret
= the Secret for the Connected App you configured in Access Management -
--environment
= the Environment Id for the environment in Anypoint Platform where you want the Flex Gateway to run -
--organization
= your Organization ID in Anypoint Platform -
--split
(optional) = the flag that determines whether registration information should split into multiple files. The default value isfalse
.If
split
is set totrue
, registration information is split into two files:registration.yaml
andcertificate.yaml
. Iffalse
, all registration information is contained in one file:registration.yaml
. -
--output-directory
(optional) = the directory in which registration information is output -
my-gateway
= the name you want to assign the gateway cluster
Register Flex Gateway
Register your Flex Gateway instance using the data that you gathered for the command options.
Create a new directory called flex-registration (or similar) and then run the registration command in this new directory. The command creates registration files in this location.
|
docker run --entrypoint flexctl \
-v "$(pwd)":/registration -u $UID mulesoft/flex-gateway \
registration create \
--client-id=<your-connected-app-client-id> \
--client-secret=<your-connected-app-client-secret> \
--environment=<your-environment-id> \
--organization=<your-org-id> \
--output-directory=/registration \
my-gateway
Use sudo
if you encounter file permission issues when running this command.
If you are in Europe you will need to add the --anypoint-url=https://eu1.anypoint.mulesoft.com flag
to your command.
|
In the output directory, you should see the following new registration file(s):
-
registration.yaml
-
certificate.yaml
(generated only if thesplit
registration parameter is set totrue
, otherwise certificate information will be contained inregistration.yaml
)
These generated files are credentials for you to connect your Flex Gateway. If you lose them you can no longer connect your Flex Gateway. |
Start Command
Run the following start command in the same directory where you ran the registration command:
docker run --rm \
-v "$(pwd)":/usr/local/share/mulesoft/flex-gateway/conf.d \
-p 8080:8080 \
mulesoft/flex-gateway
Specify an optional name you want to assign to your Flex Replica by including the following: -e FLEX_NAME=<name-for-flex-replica> \ .
|
The output logs should include this line:
[flex-gateway-envoy][info] all dependencies initialized. starting workers
Register and Run with a Connected App in a Podman Container
To register a Flex Gateway with Anypoint Platform, you must enter the registration command and then the start command. Each command includes information specific to your Anypoint Platform instance and must be updated before executing. See Before You Begin for more information on how to find the information you will need.
Collect Your Registration Data
Before registering your Flex Gateway instance, collect information for the following registration command options:
-
--client-id
= the Id for the Connected App you configured in Access Management -
--client-secret
= the Secret for the Connected App you configured in Access Management -
--environment
= the Environment Id for the environment in Anypoint Platform where you want the Flex Gateway to run -
--organization
= your Organization ID in Anypoint Platform -
--split
(optional) = the flag that determines whether registration information should split into multiple files. The default value isfalse
.If
split
is set totrue
, registration information is split into two files:registration.yaml
andcertificate.yaml
. Iffalse
, all registration information is contained in one file:registration.yaml
. -
--output-directory
(optional) = the directory in which registration information is output -
my-gateway
= the name you want to assign the gateway cluster
Register Flex Gateway
Register your Flex Gateway instance using the data that you gathered for the command options.
Create a new directory called flex-registration (or similar) and then run the registration command in this new directory. The command creates registration files in this location.
|
podman run --entrypoint flexctl --userns=keep-id \
-v "$(pwd)":/registration:Z -u $UID docker.io/mulesoft/flex-gateway \
registration create \
--client-id=<your-connected-app-client-id> \
--client-secret=<your-connected-app-client-secret> \
--environment=<your-environment-id> \
--organization=<your-org-id> \
--output-directory=/registration \
my-gateway
Use sudo
if you encounter file permission issues when running this command.
If you are in Europe you will need to add the --anypoint-url=https://eu1.anypoint.mulesoft.com flag
to your command.
|
In the output directory, you should see the following new registration file(s):
-
registration.yaml
-
certificate.yaml
(generated only if thesplit
registration parameter is set totrue
, otherwise certificate information will be contained inregistration.yaml
)
These generated files are credentials for you to connect your Flex Gateway. If you lose them you can no longer connect your Flex Gateway. |
Start Command
Run the following start command in the same directory where you ran the registration command:
podman run --rm \
-v "$(pwd)":/usr/local/share/mulesoft/flex-gateway/conf.d \
-p 8080:8080 \
docker.io/mulesoft/flex-gateway
Specify an optional name you want to assign to your Flex Replica by including the following: -e FLEX_NAME=<name-for-flex-replica> \ .
|
The output logs should include this line:
[flex-gateway-envoy][info] all dependencies initialized. starting workers
Register and Run with a Connected App in a Kubernetes Cluster
Register Flex Gateway, and then use Helm to deploy Flex Gateway to a node in your cluster.
When deploying Flex Gateway to a Kubernetes cluster that enables role-based access control (RBAC), you must have cluster-level permissions to permit installation of custom resource definitions (CRDs) used by Flex Gateway.
Complete the following steps:
In Local Mode, Flex Gateway typically acts as an ingress controller that manages external access to your cluster. Flex Gateway can also act as a standalone gateway for internal (east-west) traffic.
When using this mode, you must know what resources to create and apply, and use kubectl apply
to deploy Kubernetes targets and resources such as APIs, policies, or Flex Gateway-related resources to your gateway.
Flex Gateway acts as an ingress controller when you apply an Ingress
resource to configure gateway routing rules. You provide this configuration through a YAML file. The file supports other properties, such as apiVersion
, kind
, metadata
, spec
to configure a load balancer or proxy server, and rules
for directing HTTP and HTTPS traffic. For more information about how Flex Gateway manages Ingress
resources, see Configure Flex Gateway as an Ingress Controller in Local Mode.
Collect Your Registration Data
Before registering your Flex Gateway instance, collect information for the following registration command options:
-
--client-id
= the Id for the Connected App you configured in Access Management -
--client-secret
= the Secret for the Connected App you configured in Access Management -
--environment
= the Environment Id for the environment in Anypoint Platform where you want the Flex Gateway to run -
--organization
= your Organization ID in Anypoint Platform -
--split
(optional) = the flag that determines whether registration information should split into multiple files. The default value isfalse
.If
split
is set totrue
, registration information is split into two files:registration.yaml
andcertificate.yaml
. Iffalse
, all registration information is contained in one file:registration.yaml
. -
--output-directory
(optional) = the directory in which registration information is output -
my-gateway
= the name you want to assign the gateway cluster
Register Flex Gateway
Register your Flex Gateway instance using the data that you gathered for the command options.
You can register using one of the following container runtimes:
Docker
Run the following command to register using Docker:
docker run --entrypoint flexctl \
-v "$(pwd)":/registration -u $UID mulesoft/flex-gateway \
registration create \
--client-id=<your-connected-app-client-id> \
--client-secret=<your-connected-app-client-secret> \
--environment=<your-environment-id> \
--organization=<your-org-id> \
--output-directory=/registration \
my-gateway
Use sudo
if you encounter file permission issues when running this command.
If you are in Europe you will need to add the --anypoint-url=https://eu1.anypoint.mulesoft.com flag
to your command.
|
In the output directory, you should see the following new registration file(s):
-
registration.yaml
-
certificate.yaml
(generated only if thesplit
registration parameter is set totrue
, otherwise certificate information will be contained inregistration.yaml
)
These generated files are credentials for you to connect your Flex Gateway. If you lose them you can no longer connect your Flex Gateway. |
Podman
Run the following command to register using Podman:
podman run --entrypoint flexctl --userns=keep-id \
-v "$(pwd)":/registration:Z -u $UID docker.io/mulesoft/flex-gateway \
registration create \
--client-id=<your-connected-app-client-id> \
--client-secret=<your-connected-app-client-secret> \
--environment=<your-environment-id> \
--organization=<your-org-id> \
--output-directory=/registration \
my-gateway
Use sudo
if you encounter file permission issues when running this command.
If you are in Europe you will need to add the --anypoint-url=https://eu1.anypoint.mulesoft.com flag
to your command.
|
In the output directory, you should see the following new registration file(s):
-
registration.yaml
-
certificate.yaml
(generated only if thesplit
registration parameter is set totrue
, otherwise certificate information will be contained inregistration.yaml
)
These generated files are credentials for you to connect your Flex Gateway. If you lose them you can no longer connect your Flex Gateway. |
Install Helm Chart into the Namespace
A Helm chart installs Flex Gateway, monitoring tools, and applications. A minimum Helm version of 3.0.0 is required. Refer to Helm Chart Settings for configuration options.
-
Add a Helm repository named
flex-gateway
for your chart:helm repo add flex-gateway https://flex-packages.anypoint.mulesoft.com/helm
The command either adds the repository or skips this process if a Helm repository with that name already exists on your machine:
-
If the repository is new, the command returns the following message:
"flex-gateway" has been added to your repositories
-
If the repository already exists, the command returns the following message:
"flex-gateway" already exists with the same configuration, skipping
-
-
Run
helm repo up
.The command returns the following message:
Hang tight while we grab the latest from your chart repositories... ...Successfully got an update from the "flex-gateway" chart repository Update Complete. ⎈Happy Helming!⎈
If you have more than one Helm repository on your machine, the message in your terminal window lists all of the repositories.
-
Run the Helm command for deploying your gateway in Local Mode:
helm -n gateway upgrade -i --create-namespace \ ingress flex-gateway/flex-gateway \ --set-file registration.content=registration.yaml
This command creates the
gateway
namespace and a release namedingress
if they do not exist. You can use names of your choice for your namespace and release. The command syntax for the Helm repository and chart names is<helm-repo-name>/<helm-chart-name>
.When you install Flex Gateway, a Service type
LoadBalancer
is created by default. You must have the appropriate permissions to create a load balancer in your cloud. If the load balancer is not provisioned or has issues with the provisioning process, you must choose another type by changing theservice.type
property during the installation.By default, Flex Gateways running in Kubernetes or Openshift use a readiness probe. If there’s no API deployed to your Flex Gateway instance, the readiness state is false
. This isn’t an issue with custom readiness probe configurations.When successful, the command prints a message indicating an upgrade to your
ingress
release:Release "ingress" does not exist. Installing it now. NAME: ingress LAST DEPLOYED: Mon Mar 20 21:36:19 2023 NAMESPACE: gateway STATUS: deployed REVISION: 1 TEST SUITE: None
The
REVISION
value increments theingress
release by1
each time you run this command with the same namespace, repository, and chart names. For example, if you run the command a second time, you find a new revision number (REVISION: 2
). TheLAST DEPLOYED
date reflects the date of that revision.
Helm Chart Settings
To modify the default Helm settings with new values, such as resource
values for CPU and memory settings, see Update Pod Settings for a Flex Gateway Deployment Through a Helm Chart. For additional Helm chart configurations, see Manage Kubernetes Deployments.
Before modifying a Helm chart for a Flex Gateway deployment, review the default Helm chart settings:
-
Open the flex-gateway page in ArtifactHUB
-
Run
helm show values <repository-name>/<chart-name>
from a terminal window.Example:helm show values flex-gateway/flex-gateway
The example returns default values of a repository and chart with the same name.
To view the Helm chart README
, run helm show readme <repository-name>/<chart-name>
from a terminal window.
helm show readme flex-gateway/flex-gateway
Register and Run with a Connected App in an OpenShift Cluster
Register Flex Gateway, and then use Helm to deploy Flex Gateway to a node in your cluster.
When deploying Flex Gateway to a Kubernetes cluster that enables role-based access control (RBAC), you must have cluster-level permissions to permit installation of custom resource definitions (CRDs) used by Flex Gateway.
In OpenShift, the cluster-admin
role provides this level of access.
From the command line, OpenShift procedures match Kubernetes procedures. Complete the following steps:
In Local Mode, Flex Gateway typically acts as an ingress controller that manages external access to your cluster. Flex Gateway can also act as a standalone gateway for internal (east-west) traffic.
When using this mode, you must know what resources to create and apply, and use kubectl apply
to deploy Kubernetes targets and resources such as APIs, policies, or Flex Gateway-related resources to your gateway.
Flex Gateway acts as an ingress controller when you apply an Ingress
resource to configure gateway routing rules. You provide this configuration through a YAML file. The file supports other properties, such as apiVersion
, kind
, metadata
, spec
to configure a load balancer or proxy server, and rules
for directing HTTP and HTTPS traffic. For more information about how Flex Gateway manages Ingress
resources, see Configure Flex Gateway as an Ingress Controller in Local Mode.
Collect Your Registration Data
Before registering your Flex Gateway instance, collect information for the following registration command options:
-
--client-id
= the Id for the Connected App you configured in Access Management -
--client-secret
= the Secret for the Connected App you configured in Access Management -
--environment
= the Environment Id for the environment in Anypoint Platform where you want the Flex Gateway to run -
--organization
= your Organization ID in Anypoint Platform -
--split
(optional) = the flag that determines whether registration information should split into multiple files. The default value isfalse
.If
split
is set totrue
, registration information is split into two files:registration.yaml
andcertificate.yaml
. Iffalse
, all registration information is contained in one file:registration.yaml
. -
--output-directory
(optional) = the directory in which registration information is output -
my-gateway
= the name you want to assign the gateway cluster
Register Flex Gateway
Register your Flex Gateway instance using the data that you gathered for the command options.
You can register using one of the following container runtimes:
Docker
Run the following command to register using Docker:
docker run --entrypoint flexctl \
-v "$(pwd)":/registration -u $UID mulesoft/flex-gateway \
registration create \
--client-id=<your-connected-app-client-id> \
--client-secret=<your-connected-app-client-secret> \
--environment=<your-environment-id> \
--organization=<your-org-id> \
--output-directory=/registration \
my-gateway
Use sudo
if you encounter file permission issues when running this command.
If you are in Europe you will need to add the --anypoint-url=https://eu1.anypoint.mulesoft.com flag
to your command.
|
In the output directory, you should see the following new registration file(s):
-
registration.yaml
-
certificate.yaml
(generated only if thesplit
registration parameter is set totrue
, otherwise certificate information will be contained inregistration.yaml
)
These generated files are credentials for you to connect your Flex Gateway. If you lose them you can no longer connect your Flex Gateway. |
Podman
Run the following command to register using Podman:
podman run --entrypoint flexctl --userns=keep-id \
-v "$(pwd)":/registration:Z -u $UID docker.io/mulesoft/flex-gateway \
registration create \
--client-id=<your-connected-app-client-id> \
--client-secret=<your-connected-app-client-secret> \
--environment=<your-environment-id> \
--organization=<your-org-id> \
--output-directory=/registration \
my-gateway
Use sudo
if you encounter file permission issues when running this command.
If you are in Europe you will need to add the --anypoint-url=https://eu1.anypoint.mulesoft.com flag
to your command.
|
In the output directory, you should see the following new registration file(s):
-
registration.yaml
-
certificate.yaml
(generated only if thesplit
registration parameter is set totrue
, otherwise certificate information will be contained inregistration.yaml
)
These generated files are credentials for you to connect your Flex Gateway. If you lose them you can no longer connect your Flex Gateway. |
Install Helm Chart into the Namespace
A Helm chart installs Flex Gateway, monitoring tools, and applications. A minimum Helm version of 3.0.0 is required. Refer to Helm Chart Settings for configuration options.
-
Add a Helm repository named
flex-gateway
for your chart:helm repo add flex-gateway https://flex-packages.anypoint.mulesoft.com/helm
The command either adds the repository or skips this process if a Helm repository with that name already exists on your machine:
-
If the repository is new, the command returns the following message:
"flex-gateway" has been added to your repositories
-
If the repository already exists, the command returns the following message:
"flex-gateway" already exists with the same configuration, skipping
-
-
Run
helm repo up
.The command returns the following message:
Hang tight while we grab the latest from your chart repositories... ...Successfully got an update from the "flex-gateway" chart repository Update Complete. ⎈Happy Helming!⎈
If you have more than one Helm repository on your machine, the message in your terminal window lists all of the repositories.
-
Run the Helm command for deploying your gateway in Local Mode:
helm -n gateway upgrade -i --create-namespace \ ingress flex-gateway/flex-gateway \ --set-file registration.content=registration.yaml
This command creates the
gateway
namespace and a release namedingress
if they do not exist. You can use names of your choice for your namespace and release. The command syntax for the Helm repository and chart names is<helm-repo-name>/<helm-chart-name>
.When you install Flex Gateway, a Service type
LoadBalancer
is created by default. You must have the appropriate permissions to create a load balancer in your cloud. If the load balancer is not provisioned or has issues with the provisioning process, you must choose another type by changing theservice.type
property during the installation.By default, Flex Gateways running in Kubernetes or Openshift use a readiness probe. If there’s no API deployed to your Flex Gateway instance, the readiness state is false
. This isn’t an issue with custom readiness probe configurations.When successful, the command prints a message indicating an upgrade to your
ingress
release:Release "ingress" does not exist. Installing it now. NAME: ingress LAST DEPLOYED: Mon Mar 20 21:36:19 2023 NAMESPACE: gateway STATUS: deployed REVISION: 1 TEST SUITE: None
The
REVISION
value increments theingress
release by1
each time you run this command with the same namespace, repository, and chart names. For example, if you run the command a second time, you find a new revision number (REVISION: 2
). TheLAST DEPLOYED
date reflects the date of that revision.
Helm Chart Settings
To modify the default Helm settings with new values, such as resource
values for CPU and memory settings, see Update Pod Settings for a Flex Gateway Deployment Through a Helm Chart. For additional Helm chart configurations, see Manage Kubernetes Deployments.
Before modifying a Helm chart for a Flex Gateway deployment, review the default Helm chart settings:
-
Open the flex-gateway page in ArtifactHUB
-
Run
helm show values <repository-name>/<chart-name>
from a terminal window.Example:helm show values flex-gateway/flex-gateway
The example returns default values of a repository and chart with the same name.
To view the Helm chart README
, run helm show readme <repository-name>/<chart-name>
from a terminal window.
helm show readme flex-gateway/flex-gateway