Open in app

Sign in

Write

Sign in

MuleSoft Anypoint Flex Gateway

Shyam Raj Prasad
6 min readMay 20, 2022

--

Anypoint Flex Gateway

An API gateway allows you to add a dedicated orchestration layer on top of your backend APIs and services to help you separate orchestration from implementation concerns. You can then leverage the governance capabilities of API Manager to apply, among other capabilities, throttling, security, caching, and logging to your APIs.

Anypoint Platform offers three different gateway options for managing and securing your APIs.

Flex Gateway

Flex Gateway is a performant API gateway that can secure both Mule and non-Mule APIs. It is easily integrated into CI/CD workflows while offering enterprise security and manageability. It can be run on a public cloud or on-prem.

You can run Flex Gateway in two different modes:

  • Connected Mode: Run Flex Gateway in Connected Mode if you want it fully connected to the Anypoint control plane for centralized management, observability, and security.
  • Local Mode: Run Flex Gateway in Local Mode if you want to run it mostly disconnected from the Anypoint control plane, and manage it with locally stored declarative configuration files.

Add a Flex Gateway

In this article, we will be using docker to create Flex Gateway. There are three options to create flex gateway.

  • Linux
  • Docker
  • Kubernetes

Flex Gateway Setup using Docker

  1. Installation : Download and install the Flex Gateway container image by running below command. After docker pull, you will be able to see flex-gateway in docker.
docker pull mulesoft/flex-gateway:1.0.0

2. Registration: Create a folder flex-gateway and run below command replacing <gateway-name> by your own value for registration ofFlex Gateway to Anypoint Platform.

docker run --entrypoint flexctl -w /registration \  -v "$(pwd)":/registration mulesoft/flex-gateway:1.0.0 \  register <gateway-name> \  --token=56404f19-dcab-4e24-af06-a1152ff18a8c \  --organization=139e1148-d888-487c-b041-6b6d9f38625f \  --connected=true

After registration, you will see the above message, you can verify the new flex gateway created in runtime manager. Also in above image, you can see configuration files are created in the directory.

3. Configuration Folder: Create a folder with name as UUID shown as above and move all above configuration files to this folder.

4. Start the Flex Gateway: Run the following command to start Flex Gthe gateway replacing <absolute-path-to-directory-with-conf-file> with the path and the UUID in the name of the .conf file with the one created in the previous step.

docker run --rm \ -v <absolute-path-to-directory-with-conf-file>/:/etc/flex-gateway/rtm \ -p 8081:8081 \ -e FLEX_RTM_ARM_AGENT_CONFIG=/etc/flex-gateway/rtm/<UUID-of-your-file>.conf \ mulesoft/flex-gateway:1.0.0

Once Flex gateway is started, you will be able to see the flex gateway running in docker container.

5. Verify the flex gateway : Verify the new gateway created in runtime manager. It has 1 replica for flex-medium gateway.

6. Add Replica: To add another replica on the same host, define its name using the environment variable FLEX_NAME, and change its port (the number on the left side of the colon) as in the following example:

docker run --rm \       -v <absolute-path-to-directory-with-conf-file>/:/etc/flex-gateway/rtm \       -p <new-port-number8082>:<port-to-map-to-8082> \       -e FLEX_NAME=replica-name \       -e FLEX_RTM_ARM_AGENT_CONFIG=/etc/flex-gateway/rtm/<UUID-of-your-file>.conf \       mulesoft/flex-gateway:1.0.0

In above image, you can see flex-medium has 2 replicas. Also same you can verify in docker container, another container is running on port 8082.

Adding API to Flex Gateway

  1. Add API: Go to api manager and click on add api.

2. Add Runtime: Select runtime as Flex Gateway and select the newly created flex gateway and click on next.

3. Add API to Flex Gateway: I have already published the american-flights-api in the exchange. Select this api and click on next.

4. Add Endpoint: I have already created an application using american-flights-api and deployed to anypoint platform. Add that endpoint as URL implementation. You have to provide the URL till base path only.

5. Review and deploy :

Testing Flex Gateway from Local

Our flex gateway is running in local machine as container with port 8081.

  1. Apply Policy: Go to api manager and select american-flights-api. Let’s add one Client ID Enforcement policy to this api. After adding policy you can see this screen. We have one more automated policy message logging applied on this API.

2. Access the Endpoint: Try to access the endpoint from local flex gateway without client id configuration. We will get the below error Client ID is not present.

http://localhost:8081/flights?destination=SFO

3. Create Client Id credentials: Create client id and client secrets access from anypoint exchange.

It will create client id and client secret to access this api.

4. Invoke endpoint with client id credentials. Hit the same endpoint after providing the client id and client secret, you will be able to get the response.

5. Validate the logs in docker container: You will be able to see the logs of messaging policy in docker container. I have applied messaging policy for this api as automated policy.

[flex-gateway-envoy][info] wasm log 17831973-message-logging-flex-2.default.american-flights-api-17831973.091f7c52-e27e-45e7-a920-c7b71f782a5c.svc main: [req: 6bad705e-9224-4e86-b08d-2c1c8a92b3d4] [accessLog] {"headers":{":authority":"localhost:8081",":method":"GET",":path":"/flights?destination=SFO",":scheme":"http","accept":"*/*","accept-encoding":"gzip, deflate, br","client_id":"cc2dd7b0ec1248e38a9d9f19a596b115","client_secret":"6E7C4c74133C4CA8a9Bbf7EB4451b8F4","content-length":"320","content-type":"application/json","postman-token":"a7988597-c493-4c79-9125-2580b41bcbb5","user-agent":"PostmanRuntime/7.29.0","x-forwarded-proto":"http","x-request-id":"6bad705e-9224-4e86-b08d-2c1c8a92b3d4"},"localAddress":"172.17.0.2:8081","method":"GET","queryParams":{"destination":"SFO"},"queryString":null,"remoteAddress":"172.17.0.1:62280","requestPath":"/flights","requestUri":"/flights?destination=SFO","scheme":"http","version":"HTTP/1.1"}[flex-gateway-envoy][info] wasm log 17831973-message-logging-flex-2.default.american-flights-api-17831973.091f7c52-e27e-45e7-a920-c7b71f782a5c.svc main: [req: 6bad705e-9224-4e86-b08d-2c1c8a92b3d4] [accessLog] {"headers":{":status":"200","connection":"keep-alive","content-length":"482","content-type":"application/json; charset=UTF-8","date":"Sun, 15 May 2022 05:23:19 GMT","server":"nginx","x-envoy-upstream-service-time":"245"},"statusCode":"200"}

6. Verify the metrics: Go to anypoint api manager and check the metrics for american-flights-api.

7. API configuration details: In american-flights-api, you can click on view configuration details to check the configuration details.

Flex Gateway deployed in Docker runs on the port 8081, so all the API request goes via 8081, Gateway will apply the policies.

You can access Anypoint american-flights-api endpoint without any client credentials, because we have not applied any policy to our deployed application. Our policy was applied to API gateway.

In this article, how we have learnt how to create the flex gateway and test it with docker container

Happy Learning!

References:

https://blogs.mulesoft.com/news/anypoint-flex-gateway/

https://docs.mulesoft.com/gateway/flex-gateway-overview

Mulesoft
Api Gateway
Anypoint Platform
API
Mule

--

--

Shyam Raj Prasad
Shyam Raj Prasad

Written by Shyam Raj Prasad

197 Followers
5 Following

Engineering Leader at Tricon Infotech Private Limited | Mulesoft Certified Developer and Architect

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams