Reading Time: 11 minutes

Anypoint Flex Gateway by MuleSoft is a key component of Anypoint Platform supporting Universal API Management, and it can be easily installed as a Linux Service, Docker container, or Kubernetes Ingress Controller. 

One of the lesser known installation patterns is deploying Flex Gateway as a sidecar within a Kubernetes Pod. We’ll dive into how to achieve this process by leveraging Flex Gateway in Connected Mode. The following diagram depicts an example simple pod architecture:

In this case there will be a single application replica, and a single Flex Gateway replica in a pod. There are a number of prerequisites that must be installed before starting, so explore what those are. 

Prerequisites for deploying Anypoint Flex Gateway as a sidecar

This document assumes the following prerequisites: 

  • Have or create an Anypoint Platform Account with Flex Gateway Permissions
  • Install Kubernetes (K3S or K3D can be used) 
  • Install Docker 
  • Install kubectl 

Once all the prerequisites are installed, you can begin the installation.

How to install Anypoint Flex Gateway 

In short, these are the steps you need to take to prepare to deploy Flex Gateway as a sidecar: 

  1. Download Flex Gateway 
  2. Register Flex Gateway 
  3. Create pod deployment 
  4. Add API(s) to Flex Gateway 
  5. Bring it all together 

Let’s discuss each in more detail. 

1. Download Flex Gateway

To download Flex Gateway, issue the following command: docker pull mulesoft/flex-gateway 

  • Please note that this blog leverages version 1.3.0. 

2. Register Flex Gateway

Now that you’ve downloaded Flex Gateway, it needs to be registered. To complete the registration process, register it as a Docker container, not a Kubernetes container. 

  • Navigate to Management Center → Runtime Manager → Flex Gateways → Add Gateway 
  • Select Docker as the environment:
  • Copy and paste the registration command as shown below: Be sure to change <Org ID>, <Token>, and <gateway-name> to valid values 
docker run --entrypoint flexctl \ -v "$(pwd)":/registration mulesoft/flex-gateway:1.2.0 \ register --organization=<Org ID> \ --token=<Token> \ --output-directory=/registration \ --connected=true \ <gateway-name>

3. Create pod deployment

The pod will contain two containers:

The following will create the deployment: 

  • Create the test namespace: kubectl create namespace test 
  • Create a Kubernetes Secret. This will link the registration data to the Flex Gateway. Be sure to change <gateway-name> to the value used in step three of the registration process:
kubectl -n test create secret generic <gateway-name> --from-file=registration.yaml=registration.yaml 
  • Create a pod.yaml file, and be sure to change <gateway-name> to the value used in step two above: 
apiVersion: apps/v1

kind: Deployment

metadata:

 name: test-sidecar

 namespace: test

 labels:

   app: test-sidecar

spec:

 replicas: 1

 selector:

   matchLabels:

     app: test-sidecar

 strategy:

   rollingUpdate:

     maxSurge: 25%

     maxUnavailable: 25%

   type: RollingUpdate

 template:

   metadata:

     labels:

       app: test-sidecar

       version: "2"

   spec:

     containers:

     - name: app

       image: mulethunder/payments:1.0

       imagePullPolicy: IfNotPresent

       ports:

       - containerPort: 3000

         name: http

         protocol: TCP

       resources:

         limits:

           cpu: 100m

           memory: 160Mi

         requests:

           cpu: 100m

           memory: 160Mi

     - name: gw

       env:

       - name: FLEX_NAME

         valueFrom:

           fieldRef:

             apiVersion: v1

             fieldPath: metadata.name

       - name: FLEX_NAMESPACE

         valueFrom:

           fieldRef:

             apiVersion: v1

             fieldPath: metadata.namespace

       image: mulesoft/flex-gateway:latest

       imagePullPolicy: Always

       ports:

       - containerPort: 8080

         name: http

         protocol: TCP

       resources:

         limits:

           cpu: 250m

           memory: 512Mi

       volumeMounts:

       - name: anypoint-certs

         mountPath: /etc/mulesoft/flex-gateway/conf.d/register

         readOnly: true

     volumes:

     - name: anypoint-certs

       secret:

         secretName: <Gateway-Name>

     restartPolicy: Always

---

apiVersion: v1

kind: Service

metadata:

 name: test-sidecar

 namespace: test

spec:

 ports:

 - name: http

   port: 8080

 selector:

   app: test-sidecar

 type: ClusterIP
  • Create the deployment: kubectl create -f pod.yaml 
  • Verify the pods are created and running: kubectl get pods -n test 

If the pods have been created, the following output should be generated:

NAME                            READY   STATUS    RESTARTS   AGE

test-sidecar-5ddf6c97c6-dc8s5   2/2     Running   0          2m

  • Then, verify the Flex Gateway is connected in Anypoint Platform. 

4. Add API to Flex Gateway

Now, the API is added to Anypoint Flex Gateway. This is a simple HTTP request which doesn’t require any RAML or OAS specification. Any REST or HTTP asset in exchange can be leveraged with Flex Gateway 

  • Navigate to Management Center → API Manager → Add API → Add new API
  • Ensure Flex Gateway and the appropriate Flex Gateway is selected; then, click Next:
  • Make sure that “Create a New API” is selected and that the Asset type is HTTP API. Then give it a name, as shown below: 
  • Ensure the endpoint configuration is configured as follows:
    • API Instance Label: any value in this example sidecar-test is used
    • Implementation URI: http://localhost:80. This is due to the app listening on port 80.
    • Consumer endpoint: http://test-sidecar.test.svc:8080 . This is what the Flex Gateway is listening to in order to proxy to the app listening on port 80.
    • Base Path: /
    • Scheme: HTTP
    • Port: 8080
  • Click Save and Deploy. The deployment should show as successful.

Once the API has been deployed, the next step will be to test the deployment by bringing it all together. 

5. Bring it all together

Once the deployment has been completed, it is time to test the deployment. Since an ingress controller was not installed or configured, a container with CURL installed within the Kubernetes cluster will be used to test the service. 

  • Issue the following command to download and run the container: kubectl run curl –image=curlimages/curl –rm -i –tty — sh 
  • Test the service by issuing the following command: curl -v http://test-sidecar.test.svc:8080

The following or similar should be returned:

$ curl -v http://test-sidecar.test.svc:8080

*   Trying 10.43.105.133:8080...

* Connected to test-sidecar.test.svc (10.43.105.133) port 8080 (#0)

> GET / HTTP/1.1

> Host: test-sidecar.test.svc:8080

> User-Agent: curl/7.85.0-DEV

> Accept: */*

>

* Mark bundle as not supporting multiuse

< HTTP/1.1 200 OK

< date: Fri, 07 Oct 2022 23:24:06 GMT

< content-length: 354

< content-type: text/plain; charset=utf-8

< x-envoy-upstream-service-time: 0

< server: Anypoint Flex Gateway

<

Hostname: test-sidecar-5ddf6c97c6-dc8s5

IP: 127.0.0.1

IP: ::1

IP: 10.42.0.14

IP: fe80::1037:6cff:feb0:a652

RemoteAddr: 127.0.0.1:45728

GET / HTTP/1.1

Host: localhost

User-Agent: curl/7.85.0-DEV

Accept: */*

X-Envoy-Expected-Rq-Timeout-Ms: 15000

X-Envoy-Original-Path: /

X-Forwarded-Proto: http

X-Request-Id: 33956192-385e-4092-bf20-4bd669e63574
latest report
Learn why we are the Leaders in API management and iPaaS

The container with the Flex Gateway accepts the request and forwards it to the app running in another container on the same pod. Notice the server header returns Anypoint Flex Gateway, ensuring the request is hitting the Flex Gateway. Due to the nature of a sidecar deployment, there should only be one API per Flex Gateway in this configuration.