MuleSoft’s Anypoint Flex Gateway was designed to manage and secure APIs running anywhere. It is the newest component in the quest of Universal API Management across non-Mule APIs.
Typically, organizations have data across multiple systems and technologies, which results in a diverse set of APIs that can be challenging to manage. Before the introduction of Anypoint Flex Gateway, non-Mule APIs had to be managed differently from Mule applications — while you could discover, manage, and monitor any API there was a requirement to run a proxy Mule application in order to accomplish this. With the introduction of Flex Gateway, these proxies are no longer necessary. Non-Mule APIs can be managed via configuration with no additional deployments and existing Mule APIs can still leverage Autodiscovery for registration and management.
Management, security, and monitoring are performed in the same place without the need to differentiate between Mule and non-Mule APIs.
In the blog, I will cover Anypoint Flex Gateway installation options and walk through a configuration in a Docker container.
Overview and Options
Anypoint Flex Gateway will allow the protection and management of all APIs – Mule and non-Mule. Flex Gateway can be installed, managed and deployed in multiple modes to help support a variety of architectures.
Management Mode
Flex Gateway can be configured in either Local or Connected mode.
Local mode provides the following:
- Disconnected from control plane
- No runtime or management dependency on Anypoint platform services
- Local YAML configuration files
- Configuration can be updated via CI/CD pipelines
Connected mode provides the following:
- Connected to the Anypoint control plane
- Centralized management of Flex Gateways, deployed APIs, and applied policies
- Centralized security and observability of your gateways
Installation Options
Flex can be installed in four different ways.
| AS A LINUX SERVICE | IN A DOCKER CONTAINER | AS A KUBERNETES INGRESS CONTROLLER | AS AN OPENSHIFT CONTROLLER |
| If you want to run it inside a VM | If you want to get up and running fast | If you want to use it as a load balancer on a Kubernetes Cluster | If you want to use it as a load balancer on an OpenShift cluster |
More information about each option and its prerequisites can be found here.
Routing Options
Basepath
Provides a context path based routing to your APIs so that multiple APIs can be exposed on the same incoming port of the Flex Gateway
Port
You can choose to run APIs on individual incoming ports or combined on a single port. If using a single port unique base paths are required.
Example URLs
- http://localhost:8887/users/2
- http://localhost:8887/org/users/2
Configure Flex Gateway on a Docker Container in Connected Mode
- Log in to your Anypoint console, go to Runtime Manager and click on Flex Gateways then Add Gateway
- Select Docker, copy and run the commands as described
- If you are running on Windows, the commands need to be changed as below in order to register and start the gateway successfully
- Register: docker run –entrypoint flexctl -v C:ProjectsAnypointFlexFlex-Gatewaytrial:/registration mulesoft/flex-gateway register –organization=<YOUR-ORGANIZATION ID> –token=<ORG-AUTH-TOKEN> –output-directory=/registration –connected=true <GATEWAY-NAME>
- Start: docker run –rm -p 8888:8080 -v C:ProjectsAnypointFlexFlex-Gatewaytrial/:/usr/local/share/mulesoft/flex-gateway/conf.d mulesoft/flex-gateway
Note: Make sure registration.yaml has been created and your ports are open and available. You should see the gateway connected on Anypoint.
- Go to API Manager and add an API instance. Select Flex Gateway and choose the gateway installed in the previous step
- Add URL and other details on the next screen, click save and the APIs should now be listed on API Manager with a status of active, Runtime as flex, and an instance number assigned
Configure Security and Update Options
You can modify the API basepath or port, in addition to adding security policies, SLAs, or create alerts. Similar to Mule APIs, you can add a security policy on top of the non-Mule API.
- Click on the API and select Policies
- Click Add Policy and select one from the options (basic auth in this case)
- Fill in the details and click Save
- Go back to the API and click on Runtime & Endpoint Configuration
- You have the option to update scheme, port, URI and base path. For the purpose of this example, update the base path to /v2 and click save and apply
- You have the option to update scheme, port, URI and base path. For the purpose of this example, update the base path to /v2 and click save and apply
Test Your Application
If you are running your docker container locally, the base path will be localhost and the port should be what you entered during the configuration. On postman create a request to invoke a method on your API. Notice the base path and authorization credentials must be updated to reflect the changes done on API Manager.
Limitations and Notes
Flex Gateway does not support SOAP APIs. You will need to use the Mule Gateway instead. Only HTTP and REST are supported.
Alerts for Flex Gateway differ from API alerts and contract alerts. Flex Gateway includes alert logic options and the ability to customize the subject and message of email notifications.
You can register multiple Anypoint Flex Gateways depending on the number of environments you have
- –token = the registration token for your environment in Anypoint Platform
- –environment = the Environment Id for the environment in Anypoint Platform where you want the Flex Gateway to run if you are using the connected app approach
If you need help or have any questions about installing Anypoint Flex Gateway, contact sales@avioconsulting.com.