Registering and Running in Connected Mode with a Username and Password
Before You Begin
Migrate Registration from a Previous Version of Flex Gateway
Before you begin, ensure that you have installed the latest version of Flex Gateway.
If you have already registered a previous version of Flex Gateway, you do not need to re-register. You can migrate your registration files by executing the following command:
flexctl migrate <uuid-of-previous-registration-file>.confssh
The new registration file is created in the directory in which you executed the command.
Append the --split=true flag if you want to output two registration files: registration.yaml and certificate.yaml. Otherwise, by default all registration information is output to registration.yaml.
|
| The generated registration files are credentials for you to connect your Flex Gateway. If you lose them, you can no longer connect your Flex Gateway. |
Register a New Flex Gateway
If you have never registered a previous version of Flex Gateway, you must complete the following tasks:
-
Request Manage Servers and Read Servers permissions in Runtime Manager from your Anypoint Platform admin
-
Collect the following information from your Anypoint Platform instance:
-
The Organization ID for the organization where you want to run Flex Gateway
See Find your Organization ID
for more information on how to find your Organization ID. -
The Environment ID for the environment where you want to run Flex Gateway
See What API Manager Looks Like
for more information on how to find your Environment ID. -
The Username and Password of a user with Read Servers and Manage Servers permissions for Runtime Manager
-
Register and Run with a Username and Password as a Linux Service
You do not need to enter the registration command if you have already registered a previous version of Flex Gateway with Anypoint Platform. See Before You Begin for information on migrating registration. Once migration is complete, skip the following registration steps and enter the start command.
To register a new Flex Gateway with Anypoint Platform, you must enter the registration command and then the start command. Each command includes information specific to your Anypoint Platform instance and must be updated before executing. See Before You Begin for more information on how to find the information you will need.
-
--username= the username for an Anypoint Platform user with Read Servers and Manage Servers permissions for Runtime Manager -
--password= the password for an Anypoint Platform user with Read Servers and Manage Servers permissions for Runtime Manager -
--environment= the Environment Id for the environment in Anypoint Platform where you want the Flex Gateway to run -
--organization= your Organization ID in Anypoint Platform -
--split(optional) = the flag that determines whether registration information should split into multiple files. The default value isfalse.If
splitis set totrue, registration information is split into two files:registration.yamlandcertificate.yaml. Iffalse, all registration information is contained in one file:registration.yaml. -
--output-directory(optional) = the directory in which registration information is output -
my-gateway= the name you want to assign the gateway cluster
Registration Command
After replacing the sample content, register your Flex Gateway by executing the following command:
flexctl register \ --username=<your-username> \ --password=<your-password> \ --environment=<your-environment-id> \ --connected=true \ --organization=<your-org-id> \ --output-directory=/usr/local/share/mulesoft/flex-gateway/conf.d \ my-gatewayssh
Use sudo if you encounter file permission issues when running this command.
|
If you are in Europe you will need to add the --anypoint-url=https://eu1.anypoint.mulesoft.com flag
to your command.
|
In the output directory, you should see the following new registration file(s):
-
registration.yaml -
certificate.yaml(generated only if thesplitregistration parameter is set totrue, otherwise certificate information will be contained inregistration.yaml)
| These generated files are credentials for you to connect your Flex Gateway. If you lose them you can no longer connect your Flex Gateway. |
You should also see your new Flex Gateway in Runtime Manager after clicking Flex Gateway in the left navigation. The gateway’s status is disconnected for now. You need to start the gateway to connect it.
Start Commands
Start Flex Gateway with the following command:
sudo systemctl start flex-gatewayssh
Verify that the Flex Gateway service is running successfully:
systemctl list-units flex-gateway*ssh
You should see a list of services. Flex Gateway is successfully running if each service has a status of active.
UNIT LOAD ACTIVE SUB DESCRIPTION flex-gateway-fluent-reloader.path loaded active waiting flex-gateway-fluent-reloader.path flex-gateway-agent.service loaded active running flex-gateway-agent.service flex-gateway-envoy.service loaded active running flex-gateway-envoy.service flex-gateway-fluent.service loaded active running flex-gateway-fluent.service flex-gateway.service loaded active exited Applicationtext
Now if you check in Runtime Manager after clicking Flex Gateway in the left navigation, your gateway’s status is connected. You may need to refresh the page.
If a Flex Replica in Connected Mode is stopped it will be removed from the UI in Runtime Manager after 30 days. Otherwise, it will appear in the Runtime Manager UI even if it is no longer running.
Register and Run with a Username and Password in a Docker Container
You do not need to enter the registration command if you have already registered a previous version of Flex Gateway with Anypoint Platform. See Before You Begin for information on migrating registration. Once migration is complete, skip the following registration steps and enter the start command.
To register a new Flex Gateway with Anypoint Platform, you must enter the registration command and then the start command. Each command includes information specific to your Anypoint Platform instance and must be updated before executing. See Before You Begin for more information on how to find the information you will need.
Substitute Collected Information
Before executing the registration command, replace the following sample information with the information you collected:
-
--username= the username for an Anypoint Platform user with Read Servers and Manage Servers permissions for Runtime Manager -
--password= the password for an Anypoint Platform user with Read Servers and Manage Servers permissions for Runtime Manager -
--environment= the Environment Id for the environment in Anypoint Platform where you want the Flex Gateway to run -
--organization= your Organization ID in Anypoint Platform -
--split(optional) = the flag that determines whether registration information should split into multiple files. The default value isfalse.If
splitis set totrue, registration information is split into two files:registration.yamlandcertificate.yaml. Iffalse, all registration information is contained in one file:registration.yaml. -
--output-directory(optional) = the directory in which registration information is output -
my-gateway= the name you want to assign the gateway cluster
Registration Command
After replacing the sample content, register your Flex Gateway by executing the following command:
docker run --entrypoint flexctl \ -v "$(pwd)":/registration mulesoft/flex-gateway \ register \ --username=<your-username> \ --password=<your-password> \ --environment=<your-environment-id> \ --connected=true \ --organization=<your-org-id> \ --output-directory=/registration \ my-gatewayssh
Use sudo if you encounter file permission issues when running this command.
|
If you are in Europe you will need to add the --anypoint-url=https://eu1.anypoint.mulesoft.com flag
to your command.
|
In the output directory, you should see the following new registration file(s):
-
registration.yaml -
certificate.yaml(generated only if thesplitregistration parameter is set totrue, otherwise certificate information will be contained inregistration.yaml)
| These generated files are credentials for you to connect your Flex Gateway. If you lose them you can no longer connect your Flex Gateway. |
You should also see your new Flex Gateway in Runtime Manager after clicking Flex Gateway in the left navigation. The gateway’s status is disconnected for now. You need to start the gateway to connect it.
Start Command
Before executing the start command below, update the absolute path to the directory where your Flex Gateway registration files reside.
docker run --rm \ -p 8080:8080 \ -v <absolute-path-to-directory-with-gateway-registration-files>/:/usr/local/share/mulesoft/flex-gateway/conf.d \ mulesoft/flex-gatewayssh
Specify an optional name you want to assign to your Flex Replica by including the following: -e FLEX_NAME=<name-for-flex-replica> \.
|
Now if you check in Runtime Manager after clicking Flex Gateway in the left navigation, your gateway’s status is connected. You may need to refresh the page.
If a Flex Replica in Connected Mode is stopped it will be removed from the UI in Runtime Manager after 30 days. Otherwise, it will appear in the Runtime Manager UI even if it is no longer running.
Register and Run with a Username and Password as a Kubernetes Ingress Controller
You do not need to enter the registration command if you have already registered a previous version of Flex Gateway with Anypoint Platform. See Before You Begin for information on migrating registration. Once migration is complete, skip the following registration steps and Install Helm Chart into the Namespace.
To register a new Flex Gateway with Anypoint Platform as a Kubernetes ingress controller, you must enter the registration command and then install the flex-gateway Helm chart. Each command includes information specific to your Anypoint Platform instance and must be updated before executing. See Before You Begin for more information on how to find the information you will need.
Substitute Collected Information
Before executing the registration command, replace the following sample information with the information you collected:
-
--username= the username for an Anypoint Platform user with Read Servers and Manage Servers permissions for Runtime Manager -
--password= the password for an Anypoint Platform user with Read Servers and Manage Servers permissions for Runtime Manager -
--environment= the Environment Id for the environment in Anypoint Platform where you want the Flex Gateway to run -
--organization= your Organization ID in Anypoint Platform -
--split(optional) = the flag that determines whether registration information should split into multiple files. The default value isfalse.If
splitis set totrue, registration information is split into two files:registration.yamlandcertificate.yaml. Iffalse, all registration information is contained in one file:registration.yaml. -
--output-directory(optional) = the directory in which registration information is output -
my-gateway= the name you want to assign the gateway cluster
Registration Command
After replacing the sample content, register your Flex Gateway by executing the following command:
docker run --entrypoint flexctl \ -v "$(pwd)":/registration mulesoft/flex-gateway \ register \ --username=<your-username> \ --password=<your-password> \ --environment=<your-environment-id> \ --connected=true \ --organization=<your-org-id> \ --output-directory=/registration \ my-gatewayssh
Use sudo if you encounter file permission issues when running this command.
|
If you are in Europe you will need to add the --anypoint-url=https://eu1.anypoint.mulesoft.com flag
to your command.
|
In the output directory, you should see the following new registration file(s):
-
registration.yaml -
certificate.yaml(generated only if thesplitregistration parameter is set totrue, otherwise certificate information will be contained inregistration.yaml)
| These generated files are credentials for you to connect your Flex Gateway. If you lose them you can no longer connect your Flex Gateway. |
You should also see your new Flex Gateway in Runtime Manager after clicking Flex Gateway in the left navigation. The gateway’s status is disconnected for now. You need to start the gateway to connect it.
Install Helm Chart into the Namespace
Before installing, ensure that you have:
-
Helm
, a tool used to install Flex Gateway, monitoring tools, and applications. A minimum Helm version of 3.0.0 is required.Refer to the Helm Chart Configuration Options for information about customizing the chart.
-
Add the Flex Gateway Helm repository:
helm repo add flex-gateway https://flex-packages.anypoint.mulesoft.com/helmkubernetes -
Update the Helm repository using the following command:
helm repo upkubernetes -
Using Ingress, install the flex-gateway Helm chart into the gateway namespace.
helm -n gateway upgrade -i --create-namespace --wait ingress flex-gateway/flex-gateway \ --set-file registration.content=registration.yamlkubernetesThe command returns something similar to the following:
NAME: ingress LAST DEPLOYED: Tue Oct 19 13:08:07 2021 NAMESPACE: gateway STATUS: deployed REVISION: 1 TEST SUITE: Nonetext
-
Now if you check in Runtime Manager after clicking Flex Gateway in the left navigation, your gateway’s status is connected. You may need to refresh the page.
If a Flex Replica in Connected Mode is stopped it will be removed from the UI in Runtime Manager after 30 days. Otherwise, it will appear in the Runtime Manager UI even if it is no longer running.
Helm Chart Configuration Options
The following table describes the configurable options of the Flex Gateway Ingress Controller Helm chart.
| Parameter | Default Value | Description |
|---|---|---|
|
ifNotPresent |
The pull policy Possible values: |
|
"" |
The name of the secret that contains Docker registry credentials. The secret must exist in the same namespace as the helm release. |
|
1 |
The number of Ingress Controller deployment replicas |
|
false |
Boolean indicating if the Horizontal Pod Autoscaler (HPA) is enabled |
|
2 |
The minimum number of replicas that the scaler is allowed to create |
|
11 |
The maximum number of replicas that the scaler is allowed to create |
|
50 |
The average CPU usage percentage of all deployed pods |
|
null |
The average memory usage percentage of all deployed pods |
|
null |
Deprecated - see |
|
null |
If this field is provided, installation creates a Kubernetes secret resource that contains the contents of the registration files. |
|
null |
If this field is provided, registration requires that a Kubernetes secret with the given name exists. The secret must contain the content of the registration files. |
|
500m |
CPU resource limits in millicores |
|
256Mi |
Memory resource limits |
|
true |
Boolean indicating if a service to expose Ingress Controller pods is created |
|
LoadBalancer |
The type Possible values: |
|
true |
Boolean indicating if the HTTP port should be enabled for the Ingress Controller service |
|
80 |
The Ingress Controller service HTTP port |
|
true |
Boolean indicating if the HTTPS port should be enabled for the Ingress Controller service |
|
443 |
The Ingress Controller service HTTPS port |