Install Anypoint Flex Gateway on the Kubernetes as an Ingress Controller in Connected Mode - Part 1

MuleSoft launched Universal API Management in 2022 and released or improved various components.

• Flex Gateway
• API Governance
• API Community Manager
• API Experience Hub (coming soon)
• Anypoint DataGraph
• API Designer
• API cataloging with the updated Anypoint Platform CLI (coming soon)
• API Manager

In this particular tutorial, we will be focusing on setting up Flex Gateway on Minikube as an Ingress controller and how to publish APIs to Flex Gateway. Before we start with the tutorial, let's understand what Flex Gateway is and what are the benefits that can be extracted out of Flex gateway.

Flex Gateway is a lightweight, super-fast, and envoy-based API Gateway. Envoy is the CNCF project and it is one of the fastest and most high-performance services now. Flex Gateway can be deployed anywhere (Cloud, Customer Hosted, Kubernetes, Docker, etc.), doesn’t matter where your APIs exist and its technology agnostic.

Benefits of the Flex Gateway

Below is the list of benefits that you can get out of the Flex Gateway.

• Flex gateway is an ultra-fast gateway that can be used for any APIs (MuleSoft or Non-MuleSoft APIs), deployed anywhere (Cloud, Docker, Kubernetes, Customer Hosted, etc.).
• Easily manage all the APIs within your organization from a single platform and under a single umbrella.
• Extend the Anypoint Platform Capabilities to Mule and non-Mule APIs.
• Secure, discover, govern, or engage the APIs (Mule and non-Mule APIs).
• Set up the Flex Gateway easily in 2 modes (Local and Connected).
• Adapt any architecture with a lightweight and flexible API Gateway to manage and secure the APIs.

In Connected Mode, Flex Gateway configuration and API Metrics are managed by the Anypoint Platform and you don’t require any third-party tools whereas in Local Mode, Flex Gateway is managed locally using YAML descriptors and you may require the third-party monitoring tools like Grafana, Prometheus, Splunk, etc., for pushing the metrics.

Now, let's walk through how to install Flex Gateway on Minikube as an Ingress Controller in Connected Mode...

For installing the Flex Gateway on Minikube, make sure we have to fulfill the below prerequisites

• Docker Engine or Docker Desktop
• Minikube Install Minikube - Kubernetes (k8s-docs.netlify.app)
• Minimum Helm version of 3.0.0

Installing Flex Gateway on Minikube as an Ingress Controller

To install Flex Gateway on Minikube, first, we need to pull the Flex Gateway container image. We can use the below command.

docker pull mulesoft/flex-gateway

After downloading the Flex Gateway container image, we need to register the Flex Gateway either in Local or Connected Mode. But we will be using the Connected Mode for this particular tutorial.

For registering the Flex Gateway in the Connected Mode, we can use one of the three Authentication Mechanisms listed below.

• Auth Token
• Connected App
• Anypoint Username and Password

Now, you can log in to your Anypoint Platform and Navigate to the Runtime Manager  → Flex Gateways. Click on the Add Gateway button on the console. This will provide us with three options where we want to set up Flex Gateway.

In our case, we will be using the Kubernetes environment and it will tell the list of commands that you need to execute on the Kubernetes for setting up Flex Gateway in Connected Mode. We will be going to run the below command for registering the Flex Gateway on the Anypoint Platform. We need to replace <gateway-name> with an appropriate name.

In this case, we will be using the gateway name as “demo-mule-flex”.

docker run --entrypoint flexctl -w /registration \
 -v "$(pwd)":/registration mulesoft/flex-gateway:1.0.1 \
 register <gateway-name> \
 --token=61f90255-74bc-430c-abb6-e76ba4c3cf0f \
 --organization=er34e370-ee77-5e53-586f-9eb43fee01af \
 --connected=true

This is using Auth Token as an Authentication mechanism for registering the Flex Gateway.  Once the above command is executed, it will generate three files and provide the below output on the command prompt.

• 383bfd2a-1eb0-493b-9261-b07199773045.conf
• 383bfd2a-1eb0-493b-9261-b07199773045.pem
• 383bfd2a-1eb0-493b-9261-b07199773045.key

The UUID of the file is important and it will be unique for everyone this will require further installation of Flex Gateway. These files will be generated on the path where we have executed the command or if we have specified any other path in the command. In this case UUID is 383bfd2a-1eb0-493b-9261-b07199773045.

At the same time, we can see the Flex Gateway registered on the Anypoint Platform as we have passed --connected=true in the command. This means we are setting up Flex Gateway in the connected mode.

We will be creating a separate namespace “gateway” on the minikube for installing the Flex Gateway.

kubectl create namespace gateway

Also, we can execute the below command to open a web-based Minikube dashboard.

minikube dashboard

After executing the above command, it will open the Minikube console on the browser and you can see the list of namespaces that exists in the drop-down list as shown below screenshot.

There is another way to get the list of namespaces that exist on Minikube. We can execute the command below and it will provide a list of namespaces that exist on Minikube.

kubectl get namespace

Once we have created the namespace, we need to create a Kubernetes secret for the three files that have been created during Flex Gateway registration.

kubectl -n gateway create secret generic 383bfd2a-1eb0-493b-9261-b07199773045 \
--from-file=platform.conf=383bfd2a-1eb0-493b-9261-b07199773045.conf \
--from-file=platform.key=383bfd2a-1eb0-493b-9261-b07199773045.key \
--from-file=platform.pem=383bfd2a-1eb0-493b-9261-b07199773045.pem

Replace the <UUID-of-your-file> with the actual UUID that has been generated during the registration of Flex Gateway. In our case, it is “383bfd2a-1eb0-493b-9261-b07199773045”

After executing the above command, we will see the below output on the command prompt.

To fetch the list of secrets in the namespace gateway, we can execute the below command. This command will show the secret that we have created using the above command with the name “383bfd2a-1eb0-493b-9261-b07199773045”

kubectl get secret --namespace gateway

We need to add and update the Flex Gateway helm repository and to do so we have to execute the below command.

helm repo add flex-gateway https://flex-packages.anypoint.mulesoft.com/helm
helm repo up

Once executing the above command on the command prompt, it will generate the below output.

Note - Make sure the helm is available on the machine from where you are installing the Flex Gateway. Helm helps you manage Kubernetes applications — Helm Charts helps you define, install, and upgrade even the most complex Kubernetes application.

Using Ingress, install the Flex Gateway Helm Chart into the gateway namespace. Specify the UUID from the file names that have been created during registration.

helm -n gateway upgrade -i --wait ingress flex-gateway/flex-gateway \
--set registerSecretName=383bfd2a-1eb0-493b-9261-b07199773045

After executing the above command, we will see a replica created under Flex Gateway on the Anypoint Platform, and Flex Gateway will be in a connected state.

We will verify API Instances that were created during the installation using the below command.

kubectl -n gateway get apiinstances

This command will be generated below output.

We can also execute the command below and it will open the Kubernetes console on the browser and provide more details under the namespace gateway.

minikube dashboard

To see the service list that is running under the namespace gateway, we can execute the below command.

minikube service list --n gateway

This command will provide ingress service details with a private URL for accessing the ingress.

Here is the video tutorial explaining how to set up Flex Gateway on the Minikube

In this tutorial, we have seen how to install Flex Gateway on the Minikube as an Ingress Controller in the Connected Mode and various Minikube and kubectl commands for fetching service details, accessing the Kubernetes dashboard, creating secrets, etc.