+

We are no longer updating this version of the documentation. You can switch to the latest version, or use the version selector in the left navigation.

Install Runtime Fabric on Self-Managed Kubernetes

Installing Runtime Fabric on Self-Managed Kubernetes requires tasks that must be performed by both IT administrators and MuleSoft organization administrators.

Anypoint Runtime Fabric can be installed and operated on an Amazon Elastic Kubernetes Service (Amazon EKS), Azure Kubernetes Service (AKS) or Google Kubernetes Engine (GKE) installation that you manage.

Before you Begin

Before installing Anypoint Runtime Fabric in a self-managed Kubernetes environment, ensure the following:

  • You have read and understand the architecture and requirements outlined in Runtime Fabric on Self-Managed Kubernetes

  • You have installed and configured your Kubernetes environment as follows:

    • Running an EKS, AKS, or GKE Kubernetes environment. Other Kubernetes environments are not supported.

    • Running Kubernetes version 1.17.x to 1.19.x.

    • Running an ingress controller to send external requests to applications.

Step 1: Configure your Network to Support Runtime Fabric on Self-Managed Kubernetes

Network configuration must be performed by an IT administrator.

Before installing or using Runtime Fabric on Self-Managed Kubernetes, ensure that the following ports and hostnames are configured correctly.

Port Configuration

To install or run Runtime Fabric, ensure that you have configured the following ports on your Kubernetes installation:

Port Layer 4 Protocol Layer 5 Protocol Source Destination Description

443

TCP

HTTPS

Internet

All nodes

Allow inbound requests to Mule runtime servers

443

TCP

AMQP over WebSockets

All nodes

Internet

Anypoint Platform management services

443

TCP

HTTPS

All nodes

Internet

API Manager policy updates, API Analytics Ingestion, and Resource retrieval (application files, container images).

443 (v1.8.50, or later)

TCP

Lumberjack

All nodes

Internet

Anypoint Monitoring, Anypoint Visualizer

5044 (deprecated)

TCP

Lumberjack

All nodes

Internet

Anypoint Monitoring, Anypoint Visualizer

This port and hostname are deprecated in Anypoint Runtime Fabric, version 1.8.50 and later.

If you are using a previous version of Anypoint Runtime Fabric you must add this port your allow list. If you are using a newer version, use the port and hostname specified above.

Port Used by the Persistence Gateway

The Persistent Gateway requires a Postgres-compliant database to store persistent data across Mule application replicas. Ensure that your Kubernetes cluster has access to this database and port. See Persistence Gateway.

Hostname Configuration

To function correctly, Runtime Fabric on Self-Managed Kubernetes requires the following hostname configurations:

Port Protocol Hostnames Description

443

AMQP over WebSockets

  • US control plane: transport-layer.prod.cloudhub.io

  • EU control plane: transport-layer.prod-eu.msap.io

Runtime Fabric message broker for interaction with the control plane.

443 (v1.8.50, or later)

TCP (Lumberjack)

  • US control plane: dias-ingestor-router.us-east-1.prod.cloudhub.io

  • EU control plane: dias-ingestor-nginx.prod-eu.msap.io

Anypoint Monitoring agent for Runtime Fabric.

5044 (deprecated)

TCP (Lumberjack)

  • US control plane: dias-ingestor-nginx.prod.cloudhub.io

  • EU control plane: dias-ingestor-nginx.prod-eu.msap.io

Anypoint Monitoring agent for Runtime Fabric.

This port and hostname are deprecated in Anypoint Runtime Fabric, version 1.8.50 and later.

If you are using a previous version of Anypoint Runtime Fabric you must add this port and hostname to your allow list. If you are using a newer version, use the port and hostname specified below. This is applicable to endpoints in both the US and EU clouds.

443

HTTPS

anypoint.mulesoft.com

Anypoint Platform for pulling assets.

443

HTTPS

kubernetes-charts.storage.googleapis.com

Kubernetes base charts repository.

443

HTTPS

docker-images-prod.s3.amazonaws.com

Kubernetes base charts repository.

443

HTTPS

  • US control plane: worker-cloud-helm-prod.s3.amazonaws.com

  • EU control plane: worker-cloud-helm-prod-eu-rt.s3.amazonaws.com worker-cloud-helm-prod-eu-rt.s3.eu-central-1.amazonaws.com

Runtime Fabric version repository. The Runtime Fabric installation uses software from this repository during installation and upgrades.

443

HTTPS

  • US control plane: exchange2-asset-manager-kprod.s3.amazonaws.com

  • EU control plane: exchange2-asset-manager-kprod-eu.s3.amazonaws.com exchange2-asset-manager-kprod-eu.s3.eu-central-1.amazonaws.com

Anypoint Exchange for application assets.

443

HTTPS

  • US control plane: rtf-runtime-registry.kprod.msap.io

  • EU control plane: rtf-runtime-registry.kprod-eu.msap.io

Runtime Fabric Docker repository.

443

HTTPS

  • US control plane: prod-us-east-1-starport-layer-bucket.s3.amazonaws.com prod-us-east-1-starport-layer-bucket.s3.us-east-1.amazonaws.com

  • EU control plane: prod-eu-central-1-starport-layer-bucket.s3.amazonaws.com prod-eu-central-1-starport-layer-bucket.s3.eu-central-1.amazonaws.com

Runtime Fabric Docker image delivery.

443

HTTPS

  • US control plane: runtime-fabric.s3.amazonaws.com

  • EU control plane: runtime-fabric-eu.s3.amazonaws.com

Runtime Fabric Docker repository.

443

HTTPS

  • US control plane: configuration-resolver.prod.cloudhub.io

  • EU control plane: configuration-resolver.prod-eu.msap.io

Anypoint Configuration Resolver.

Certificate Configuration

To allow different endpoints to use mutual TLS authentication to establish a connection, you must configure SSL passthrough to allow the following certificates:

Control Plane Certificates

US control plane

transport-layer.prod.cloudhub.io
configuration-resolver.prod.cloudhub.io

EU control plane

transport-layer.prod-eu.msap.io
configuration-resolver.prod-eu.msap.io

Step 2: Create a Runtime Fabric using Runtime Manager

The procedures in this section should be performed by a MuleSoft organization administrator.

To install Runtime Fabric on Self-Managed Kubernetes, first create a Runtime Fabric using Runtime Manager. This is required to obtain the activation data which is needed during installation.

  1. From Anypoint Platform, select Runtime Manager.

  2. Click Runtime Fabrics.

  3. Click Create Runtime Fabric.

  4. Enter the name of the new Runtime Fabric, then select one of the following options:

    • Amazon Elastic Kubernetes Service

    • Azure Kubernetes Service

  5. Click Next.

  6. Review the Support responsibility disclaimer, then if you agree click Accept.

    Runtime Manager creates the Runtime Fabric and displays the Activation State page. This page displays the activation data used to install Runtime Fabric on a Kubernetes service. Copy this data to the clipboard for use in the next section.

Step 3: Download the rtfctl Utility

The tasks in the section must be performed by an IT administrator.

Runtime Fabric on Self-Managed Kubernetes uses the rtfctl command-line utility for installation and management tasks. See Install the Runtime Fabric Command Line Tool.

  1. Download the rtfctl command-line utility:

    rtfctl is supported on Windows, MacOS (Darwin), and Linux. Download this utility using the URLs below:

    Windows:

    curl -L https://anypoint.mulesoft.com/runtimefabric/api/download/rtfctl-windows/latest -o rtfctl.exe

    MacOS (Darwin):

    curl -L https://anypoint.mulesoft.com/runtimefabric/api/download/rtfctl-darwin/latest -o rtfctl

    Linux:

    curl -L https://anypoint.mulesoft.com/runtimefabric/api/download/rtfctl/latest -o rtfctl
  2. Change file permissions for the rtfctl command-line utility:

    sudo chmod +x rtfctl

Step 4: Install Runtime Fabric

The procedures in the section must be performed by an IT administrator.

After creating a Runtime Fabric in Runtime Manager and obtaining the activation data, install Runtime Fabric into your Kubernetes service using the rtfctl command-line utility.

If your Kubernetes configuration is not located in the \~/.kube/config directory, set the KUBECONFIG environment variable before running rtfctl:

export KUBECONFIG=<path-to-kubeconfig>
  1. Validate that your Kubernetes environment is read for installation:

    rtfctl validate <activation_data>

    The validate option verifies that:

    • The Kubernetes environment is running.

    • All required components exist.

    • All required services are available.

      The rtfctl command-line utility outputs any incompatibilities with the Kubernetes environment.

  2. Install Runtime Fabric:

    rtfctl install <activation_data>

    <activation_data> is the activation data obtained after creating the Runtime Fabric using Runtime Manager. During installation, the rtfctl utility displays any errors encountered.

Step 5: Insert the Mule License Key

The procedures in the section must be performed by an IT administrator.

After the installation has completed succesfully, insert the Mule license key.

  1. Base64 encode the new Mule .lic license file provided by MuleSoft:

    • On MacOS, run the following command:

      base64 -b0 license.lic
    • On Unix, run the following command:

      base64 -w0 license.lic
    • On Windows, a shell terminal emulator (such as cygwin) or access to a Unix-based computer is required.

      1. Transfer to your Unix environment if necessary.

      2. Run the following command to Base64 encode the license key:

        base64 -w0 license.lic
  2. Insert the Mule license key:

    rtfctl apply mule-license BASE64_ENCODED_LICENSE
  3. To verify the Mule license key has applied correctly, run:

    rtfctl get mule-license

Step 6: Configure the Ingress Resource Template

The procedures in this section should be performed by an IT administrator.

If your ingress controller requires custom annotations and ingress class definition, follow the instructions in Defining a Custom Ingress Configuration.

For GKE customers, the ingress controller included with GKE will provision a separate HTTP load balancer per application by default. Please read this KB article for more details.

Step 7: Validate Your Runtime Fabric

The procedures in this section should be performed by an IT administrator.

After completing the installation, your Runtime Fabric should be activated within your Anypoint organization. To validate your installation, go to Anypoint Runtime Manager and confirm that the status of the Runtime Fabric is Active.

Before deploying an application to your Runtime Fabric:

  1. Associate the Runtime Fabric with at least one Anypoint environment.

  2. Review and update the Inbound Traffic settings based upon your Kubernetes environment.

  3. Deploy an application to verify that Runtime Fabric is installed and configured correctly.

Was this article helpful? Thanks for your feedback!
View on GitHub