Declarative Configuration Reference Guide
Anypoint Flex Gateway running in Local Mode supports two configuration models:
-
The resource-based model, common in Kubernetes, is ideal for granular definitions. Resources each contain one of the following values for configuration
kind:-
ApiInstance -
Service -
PolicyBinding -
Configuration
-
-
The inline model is ideal for concise definitions, but is less versatile (for example, automated policies can only be applied in resource-based definitions.)
Inline definitions contain a single
ApiInstancevalue for configurationkind, under which services and policies are both defined.
Refer to the Examples section for examples of both.
This reference guide describes the available resources that are applicable to either resource-based configurations or inline configurations.
API Instance
apiVersion: gateway.mulesoft.com/v1alpha1
kind: ApiInstance
metadata:
name: <api instance name>
namespace: # optional namespace name
spec:
address: <proxy address including port and path>
services: # optional map of upstream services
<name>:
address: <service address>
routes: # optional array of routes to service
- config: # optional route configuration
destinationPath: <optional base path to upstream service>
rules: # optional route rules
policies: # optional array of policies
- policyRef:
name: <name of the policy>
namespace: <optional namespace of the policy>
config: # optional policy configuration
rules: # optional policy rules
| Parameter | Required or Optional | Default Value | Description |
|---|---|---|---|
|
Required |
N/A |
The API instance identifier that is used as a target reference for other resources, such as policy bindings. |
|
Optional |
|
|
|
Required |
N/A |
The proxy address URL, including protocol, host, port and optional path. If the base path is specified, it must be absent in any |
|
Optional |
Empty |
A map of named services and their routes. |
|
Required |
N/A |
The service address (and port). Supported format: |
|
Optional |
Empty |
An array of routes configured for this API instance towards the service. If left empty, a default route will be established to the service that will route all traffic. |
|
Optional |
Empty |
The configuration for this route. If left empty, a default configuration will be applied with an empty |
|
Optional |
Empty |
The path to prepend to forwarded requests to the upstream service. For example, if "destinationPath: /api/v1", requests to this API instance with a path like "/orders" will be routed upstream to "/api/v1/orders". |
|
Optional |
Empty |
An array of rules for this route. Refer to spec.rules in Policy Binding. |
|
Optional |
Empty |
An array of policies to apply to this API Instance. |
|
Required |
N/A |
The policy name. |
|
Optional |
The value of |
The namespace where the policy is defined. For provided policies, the value of this field should be |
|
Optional |
Empty |
The policy’s configuration. Refer to spec.config in Policy Binding. |
|
Optional |
Empty |
An array of rules for applying this policy to the API Instance. spec.rules in Policy Binding. |
API Instance Example
The following resource specifies an ApiInstance with metadata that describes the instance identifier. The metadata.name value is used as the target reference for other resources, such as policy bindings. The spec.services.routes.config.destinationPath value prepends /v1/apps to the specified paths under rules, acting in a similar manner as a base path.
apiVersion: gateway.mulesoft.com/v1alpha1
kind: ApiInstance
metadata:
name: hello-flex-gateway-instance
spec:
address: http://0.0.0.0:8080
services:
jsonplaceholder:
address: https://jsonplaceholder.typicode.com:443/
routes:
- rules:
- path: /api(/users/.*)
- path: /api(/comments/.*)
config:
destinationPath: /v1/apps
Policy Binding
apiVersion: gateway.mulesoft.com/v1alpha1
kind: PolicyBinding
metadata:
name: <policy binding name>
namespace: <namespace name>
spec:
targetRef:
name: <api instance name>
namespace: <optional api instance namespace>
policyRef:
name: <policy name>
namespace: <optional policy namespace>
config: # optional policy configuration
rules: # optional policy rules
- path: <path regular expression>
methods: <methods regular expression>
host: <host regular expression>
headers: <headers map>
<header-name>: <header value regular expression>
| Parameter | Required or Optional | Default Value | Description |
|---|---|---|---|
|
Required |
N/A |
The identifier of the policy binding. |
|
Optional |
|
|
|
Required |
N/A |
The API instance identifier to which the policy is bound to. |
|
Optional |
The value of |
The namespace where the target is defined. |
|
Required |
N/A |
The policy name. See the list of available policies. |
|
Optional |
The value of |
The namespace where the policy is defined. For provided policies, the value of this field should be |
|
Optional |
Empty |
The policy configuration. The content of this field depends on the specified policy. See the list of available policies. |
|
Optional |
Empty |
An array of rules that will determine if the policy applies to a given request. These rules are checked in an OR fashion. The first one to hold will enable applying the policy to the request. The attributes in each rule object apply in an AND fashion. If path and host are defined, both must match for that rule to hold true. |
|
Optional |
|
A regular expression to match the request path. Capture groups in this regular expression will be used to define path rewriting when routing the request upstream. If "path: /api(/.*)", requests with the path /api/orders will be routed upstream as /orders. Multiple capture groups can be specified, and the replacement will be the concatenation of all captured substrings. |
|
Optional |
|
A regular expression to match the request host. |
|
Optional |
|
A regular expression to match the request method. |
|
Optional |
Empty |
A map of header names and value regular expressions that must be present in the request. Each entry’s key is the expected header name and the value is a regular expression to match the header value. |
Policy Binding Examples
The following resource binds a route policy to the API instance, routing traffic specified by the rules to the proxy address specified in the Service configuration snippet:
apiVersion: gateway.mulesoft.com/v1alpha1
kind: PolicyBinding
metadata:
name: hello-flex-gateway-route
namespace: e-commerce
spec:
targetRef:
name: hello-flex-gateway-instance
policyRef:
name: route
namespace: default
config:
destinationRef:
name: jsonplaceholder
namespace: e-commerce
rules:
- path: /api/jsonplaceholder(/.*)
The following resource binds a http-basic-authentication-flex policy to the API instance - requiring requests to include the basic credentials defined in config.username and config.password:
apiVersion: gateway.mulesoft.com/v1alpha1 kind: PolicyBinding metadata: name: hello-flex-gateway-auth namespace: e-commerce spec: targetRef: name: hello-flex-gateway-instance namespace: e-commerce policyRef: name: http-basic-authentication-flex namespace: default config: username: chris password: admin
Service
apiVersion: gateway.mulesoft.com/v1alpha1 kind: Service metadata: name: <service name> namespace: <namespace name> spec: address: <service address including port>
| Parameter | Required or Optional | Default Value | Description |
|---|---|---|---|
|
Required |
N/A |
The service identifier. |
|
Optional |
|
|
|
Required |
N/A |
The service address URL, including protocol, host and port. Supported format: |
Service Example
The following resource defines a Service with metadata that describes the service identifier. The metadata.namespace value matches the namespace specified in the ApiInstance configuration. The spec.address is the address of the API implementation:
apiVersion: gateway.mulesoft.com/v1alpha1 kind: Service metadata: name: jsonplaceholder namespace: e-commerce spec: address: https://jsonplaceholder.typicode.com:443/
Configuration
Define a desired gateway state by creating a Configuration entity. Configuration entities specify several runtime configuration aspects for Flex Gateway itself, such as logging. The definition includes the following:
apiVersion: gateway.mulesoft.com/v1alpha1 kind: Configuration metadata: name: <value> namespace: <namespace name> spec: logging: # logging configuration
| Parameter | Required or Optional | Default Value | Description |
|---|---|---|---|
|
Required |
N/A |
The Configuration entity. |
|
Optional |
|
The namespace value used to isolate Configuration entities. |
|
Required |
N/A |
The configuration object that defines gateway characteristics. Objects include: |
Logging
The logging object configures the delivery of runtime/access logs enabled via the message logging policy. Logs are delivered to any supported Fluentbit 1.7.9 output.
apiVersion: config.mulesoft.com/v1alpha1
kind: Configuration
metadata:
name: <value>
namespace: <namespace name>
spec:
logging:
outputs:
- name:
type:
[type_parameters]:
runtimeLog:
logLevel:
outputs: <value>
accessLog:
outputs: <value>
| Parameter | Required or Optional | Default Value | Description |
|---|---|---|---|
|
Required |
N/A |
The name of this output to later refer to in runtime and access logs configurations. |
|
Required |
N/A |
A Fluentbit-supported output type. |
|
Required |
N/A |
A map of parameters for the specific Fluentbit output type |
|
Optional |
Empty |
A list of output names to redirect access logs to. |
|
Optional |
Empty |
A list of output names to redirect runtime logs to. |
Logging Example
apiVersion: config.mulesoft.com/v1alpha1
kind: Configuration
metadata:
name: logging
spec:
logging:
outputs:
- name: log-to-file
type: file
parameters:
path: /var/log
file: log.txt
format: template
template: |
[{runtime}][{loglevel}][{kind}] {message}
runtimeLogs:
logLevel: info
outputs:
- log-to-file
accessLogs:
outputs:
- log-to-file
Examples
Inline Configuration Example
apiVersion: gateway.mulesoft.com/v1alpha1
kind: ApiInstance
metadata:
name: jsonplaceholder-api
spec:
address: http://0.0.0.0:8080
services:
jsonplaceholder:
address: https://<your url>:443/
routes:
- rules:
- path: /api(/users/.*)
- path: /api(/comments/.*)
config:
destinationPath: /v1/apps
policies:
- policyRef:
name: http-basic-authentication-flex
config:
username: chris
password: admin
Resource-Based Configuration Example
---
apiVersion: gateway.mulesoft.com/v1alpha1
kind: ApiInstance
metadata:
name: ingress-http
spec:
address: http://0.0.0.0:8080
---
apiVersion: gateway.mulesoft.com/v1alpha1
kind: Service
metadata:
name: jsonplaceholder
spec:
address: https://<your url>:443/
---
apiVersion: gateway.mulesoft.com/v1alpha1
kind: PolicyBinding
metadata:
name: ingress-http-route
spec:
targetRef:
name: ingress-http
policyRef:
name: route
config:
destinationRef:
name: jsonplaceholder
rules:
- path: /api(/users/.*)
- path: /api(/comments/.*)
---
apiVersion: gateway.mulesoft.com/v1alpha1
kind: PolicyBinding
metadata:
name: ingress-http-authentication
spec:
targetRef:
name: ingress-http
policyRef:
name: http-basic-authentication-flex
config:
username: chris
password: admin