Installing Runtime Fabric on Self-Managed Kubernetes Using Helm

Installing Runtime Fabric on Self-Managed Kubernetes requires tasks that must be performed by both IT administrators and MuleSoft organization administrators.

You can use Helm to install Anypoint Runtime Fabric on an Amazon Elastic Kubernetes Service (Amazon EKS), Azure Kubernetes Service (AKS), or Google Kubernetes Engine (GKE) installation that you manage.

Steps to Install Runtime Fabric Using Helm

When you use Helm to install Runtime Fabric, you:

Create a Runtime Fabric using Runtime Manager
Create the rtf namespace for Runtime Fabric
Create a Docker pull secret for pulling the Runtime Fabric component images
Add the Runtime Fabric Helm repository
Download the values.yml file and install Runtime Fabric
Complete install steps

Before you Begin

Before installing Anypoint Runtime Fabric in a self-managed Kubernetes environment, ensure that you have:

Reviewed the architecture and requirements outlined in Runtime Fabric on Self-Managed Kubernetes.
Configured your network to support Runtime Fabric on Self-Managed Kubernetes.
Installed and configured your Kubernetes environment as follows:
- Running an EKS, AKS, or GKE Kubernetes environment. Other Kubernetes environments are not supported.
- Running a supported Kubernetes version.
- Running an ingress controller to send external requests to applications.
Installed Helm 3 or later and have privileged user permissions.

If you use Helm to manage your Runtime Fabric installation, you can use the rtfctl command line utility later to manage Mule license keys and proxies. However, you’ll need to track any post-installation changes you make, as explained in the upgrade documentation.

Helm Support

Runtime Fabric supports installations, upgrades, and rollbacks using Helm for versions 1.13 and later.

Create a Runtime Fabric Using Runtime Manager

To install Runtime Fabric on Self-Managed Kubernetes with Helm, first create a Runtime Fabric using Runtime Manager. This is required to obtain the activation data that is needed during installation.

From Anypoint Platform, select Runtime Manager.
Click Runtime Fabrics.
Click Create Runtime Fabric.
Enter the name of the new Runtime Fabric, then select one of the following options:
- Amazon Elastic Kubernetes Service
- Azure Kubernetes Service
- Google Kubernetes Engine
Review the Support responsibility disclaimer, and if you agree, click Accept.
Click Helm.

The remaining steps in the Helm-install process reference placeholder values. You can retrieve the actual values from Runtime Manager when you create the Runtime Fabric instance.

Create A Namespace for Runtime Fabric

You must create a namespace named rtf in your Kubernetes cluster. This namespace is where you install Runtime Fabric components.

To create the namespace, run:

kubectl create ns rtf

Create A Docker Pull Secret

After you create the namespace, create a pull secret so you can retrieve the Docker images needed to install and run Runtime Fabric.

The default registry URL is rtf-runtime-registry.kprod.msap.io. If you’re using a local registry, specify those values here.

To create the pull secret, run:

kubectl create secret docker-registry <pull_secret> --namespace rtf --docker-server=<docker_registry_url> --docker-username=<docker_registry_username> --docker-password=<docker_ registry_password>

Add the Runtime Fabric Helm Repository

You need to add the Runtime Fabric Helm repo to the namespace you created. The Runtime Fabric Helm repo contains the chart needed to install Runtime Fabric.

To add the Helm repo, run:

helm repo add <name> <helm_repo_url> --username <your_username> --password <your_password>

If you already added the Helm repo, and you get a result that Runtime Fabric skipped adding the repo, run helm repo update before installing, or upgrading to, a new Runtime Fabric version.

Install Runtime Fabric

To install Runtime Fabric, use the values.yml file supplied by Runtime Manager.

Download the values.yml file.
Add any optional parameters needed.

Run the following command:

helm install runtime-fabric rtf/rtf-agent --version <VERSION_FROM_UI> -f values.yaml -n <namespace>

Values.yml Reference

The following is an example values.yml file.

activationData: <activation data>
  proxy:
    http_proxy:
    http_no_proxy:
    monitoring_proxy:
customLog4jEnabled: true
muleLicense: <mule license key>
global:
  image:
    rtfRegistry: rtf-runtime-registry.kprod.msap.io
    pullSecretName: rtf-pull-secret
  containerLogPaths:
  - /var/lib/docker/containers
  - /var/log/containers
  - /var/log/pods

Required Parameters

These required values are created and added to values.yml when you create the Runtime Fabric in Runtime Manager:

Key Value Example

Key	Value	Example
`activationData`	Activation Data	YW55cG9pbnQubXVsZXNvZnQuY29tOjBmODdmYzYzLTM3MWUtNDU2Yy1iODg5LTU5NTkyNjYyZjUxZQ==
`rtfRegistry`	Registry URL	`rtf-runtime-registry.kprod.msap.io`
`pullSecretName`	Registry Secret	`<pull_secret>`
`muleLicense`	Mule license for applications	`<mule_license_key>`. Must be Base64 encoded.

activationData

Activation Data

YW55cG9pbnQubXVsZXNvZnQuY29tOjBmODdmYzYzLTM3MWUtNDU2Yy1iODg5LTU5NTkyNjYyZjUxZQ==

rtfRegistry

Registry URL

rtf-runtime-registry.kprod.msap.io

pullSecretName

Registry Secret

<pull_secret>

muleLicense

Mule license for applications

<mule_license_key>. Must be Base64 encoded.

Optional Parameters

Set these optional parameters in values.yml as needed before installing Runtime Fabric.

Key Value Example

Key	Value	Example
`customLog4jEnabled`	Enables or disables custom Log4j configurations	`customLog4jEnabled: false`
`proxy.http_proxy` `proxy.http_no_proxy`	Proxy and no_proxy values	`http://<user>:<pass>@<10.0.0.1>:<8080>;` `<1.1.1.1:8888,2.2.2.2:9999>`
`proxy.monitoring_proxy`	Anypoint Monitoring proxy values	`socks5://<user>:<pass>@<10.0.0.2>:<8080>`
`global.containerLogPaths`	The Filebeat read path	`/var/lib/docker/` `/var/log/containers` `/var/log/pods`

customLog4jEnabled

Enables or disables custom Log4j configurations

customLog4jEnabled: false

proxy.http_proxy
proxy.http_no_proxy

Proxy and no_proxy values

http://<user>:<pass>@<10.0.0.1>:<8080>;
<1.1.1.1:8888,2.2.2.2:9999>

proxy.monitoring_proxy

Anypoint Monitoring proxy values

socks5://<user>:<pass>@<10.0.0.2>:<8080>

global.containerLogPaths

The Filebeat read path

/var/lib/docker/
/var/log/containers
/var/log/pods

Insert the Mule License Key

The procedures in the section must be performed by an IT administrator.

After the installation has completed succesfully, insert the Mule license key.

Base64 encode the new Mule .lic license file provided by MuleSoft:
- On MacOS, run the following command:
  BASE64_ENCODED_LICENSE=$(base64 -b0 license.lic)
- On Unix, run the following command:
  BASE64_ENCODED_LICENSE=$(base64 -w0 license.lic)
- On Windows, choose one of the following:
  - Use a WSL or Cygwin shell that includes the base64 tool and use the above Unix command.
  - Use the base64.exe program included with Windows git (C:\Program Files\Git\usr\bin).
  - Use the following Powershell command:
    
    $BASE64_ENCODED_LICENSE=[convert]::ToBase64String((Get-Content -path "license.lic" -Encoding byte))
On the controller node acting as the leader during installation (the installer node), use the rtfctl utility with the Base64 value of your license key:
```
rtfctl apply mule-license $BASE64_ENCODED_LICENSE
```
To verify the Mule license key has applied correctly, run:
```
rtfctl get mule-license
```

Configure the Ingress Resource Template

The procedures in this section should be performed by an IT administrator.

If your ingress controller requires custom annotations and ingress class definition, follow the instructions in Defining a Custom Ingress Configuration.

For GKE customers, the ingress controller included with GKE will provision a separate HTTP load balancer per application by default. Please read this KB article for more details.

Validate Your Runtime Fabric