How to install Flex Gateway in a Docker Container (Connected Mode)

byGonzalo Marcos -


MuleSoft Flex Gateway is a high-performance, lightweight API gateway designed to secure, manage, and monitor APIs (mule and non-mule) across any environment, including cloud, on-premises, and Kubernetes. 

Historically, Mule Gateways protected mostly Mule APIs but now, with Flex Gateway, we can extend the capabilities of API Manager to non-mule APIs.


There are a few ways of deploying a Flex Gateway. In this post, we’ll have a look at how to install Flex Gateway on Docker on Connected Mode.


Prerequisites

To follow this tutorial we’ll need:

  • A Docker host - For testing you can use Docker desktop for Mac or Windows. In this tutorial we’ll use an Ubuntu Server 24.04 LTS installed on an AWS EC2 virtual machine. Check out this post to see how to install Docker on Ubuntu


Installation

Go to your Anypoint Platform and select the Business Group and the environment where you’d like to create your Flex Gateway. Go to Runtime Manager and click Flex Gateway. Then click on the Add Gateway option



Next, we will see the different deployment options for Flex Gateway. We’ll choose Container. Notice that you can also use Podman for this type of deployment. In this tutorial we’ll use Docker. With that, we’ll see some instructions to follow to deploy Flex Gateway in our Docker host.

Download the Flex Gateway image

Now, let’s head over to our Docker host. The first thing we need to do is to pull the Flex Gateway Docker image. For that run the following command:

docker pull mulesoft/flex-gateway:latest


Notice we’re specifying the tag label for our image, to make sure we pull the last version available. But if you need a previous version you could specify it here.
Check out the image is available in your Docker host:

docker images



Register the Flex Gateway in the Control Plane

Next, we’ll register our Flex Gateway. For that, we’ll run a container from the previous image and specify the registration command with the parameter values to connect to our anypoint org and environment. The output of the command will be a registration file so, before you run the command, create a new directory called flex-registration (or similar) and run the command from there.

docker run --entrypoint flexctl -u $UID \
  -v "$(pwd)":/registration mulesoft/flex-gateway \
  registration create --organization=[YOUR_BUSINESS_GROUP_ID] \
  --token=[YOUR_TOKEN] \
  --output-directory=/registration \
  --connected=true \
  <gateway-name>


Where:

  • --entrypoint flexctl -u $UID - This flag allows us to override the default entrypoint defined in the docker image and run the flexctl command with the image.
  • -v "$(pwd)":/registration - This options creates a bind mount mapping the directory from which we run the command to the /registration directory in the container
  • mulesoft/flex-gateway - This is the image we’ve just downloaded in the previous step
  • --organization - Specifies the BG ID where your Flex GW will be deployed
  • token=[YOUR_TOKEN] - Specifies the access token to connect to your Anypoint org. You can generate the token using the Platform APIs or, much quicker, you can use the token generated in the Flex Gateway setup instructions we got in the first step. This is the quickest way to authenticate this operation but you can also use a Connected App or a Local Anypoint username and password.
  • --output-directory=/registration - This option specifies the folder for the registration file of the output which is mapped to the current directory in the host via the bind mount.
  • --connected=true - Specifies the mode for Flex Gateway (connected or local)
  • [YOUR-GATEWAY-NAME] - A descriptive name for you flex gateway. 

If everything went well you should see a new file called registration.yaml with the details for our new flex gateway to connect to the control plane.


Get back to Runtime Manager in our Anypoint Platform, we should now see in the Flex Gateways our new gateway in Disconnected status with 0 replicas.




Start the Flex Gateway

Once our Flex Gateway is registered in the control plane we will start it running the following command:

docker run -d --name [YOUR-CONTAINER-NAME] \
--rm \
-v "$(pwd)":/usr/local/share/mulesoft/flex-gateway/conf.d \
-p [HOST_PORT]:[CONTAINER_PORT] \
mulesoft/flex-gateway


Where:

  • -d - Indicates to run the container in detached mode, this way we don’t need to keep our ssh session open
  • --name [YOUR-CONTAINER-NAME] - Descriptive name for the container
  • --rm - With this flag once the container stops it will be automatically removed.
  • -v "$(pwd)":/usr/local/share/mulesoft/flex-gateway/conf.d - This will create a bind mount volume, mapping the current directory in the host with the conf.d path in the container. This is how we make available the registration.yaml file with the connection details generated during the registration to the container.
  • -p [HOST_PORT]:[CONTAINER_PORT] - Maps a port in the host with a port in the container. The host port will be the port where all requests will get to the flex gateway, so make sure you choose a free port in the host and available in your security/firewall rules.

If everything went well you should see the ID of the container generated. Run the following command to verify our new flex gateway container is running.

docker ps


Get back to Runtime Manager in our Anypoint Platform, we should now see in the Flex Gateways our new gateway in Connected status with one replica



Test - Set up a Rate Limiting policy for a test API

Now let’s see if our new Flex Gateway works and can apply the policies we setup from API manager. For testing purposes, we’ll try to create an API instance to forward the incoming requests to our Flex Gateway to the Cat Facts free API (https://catfact.ninja/fact). We’ll try to set up a Rate Limiting policy so that we can control the number of requests sent in a period of time.

From our Anypoint Platform, let’s go to API Manager and click on Add API > Add New API


Next, select Flex Gateway as runtime and pick up our new Flex Gateway from the list below and click Next



Then, Select an API from Exchange if you already have the asset in Exchange or Create new API. In our example, we’ll create a new API for a Random User API (it’s a public free app for testing).



In the Downstream section, we need to provide the details of our Flex Gateway endpoint. Specify if your Flex GW is exposed with HTTP or HTTPS. Use the port you defined for your Flex Gateway during the creation and use a Base Path for this API. Every API we add to our Flex Gateway will need to have a unique combination of base path and port (this is how our flew gateway will identify what API we’re referring to). Click Next



In the Upstream section, we provide the details of the API we’re protecting and the rules to apply. In this post, we’ll keep it simple and forward all the traffic to the same URL. In our case, we’ll use the upstream URL

https://catfact.ninja



Click Next and then Save & Deploy. In a few seconds our API gateway would be ready. Now, to test it send a GET request to our Flex GW. In our case, it would be the public DNS of our EC2 instance where our Flex GW is running, on port 8081 (which is the one our Flex GW container is running) and the relative path we want to access:

http://[FLEX_GW_PUBLIC_DNS]:8081/fact


Lastly, let’s try to apply a Rate Limiting policy to verify the policies engine works in our Flex Gateway. From API manager:

  • click on the API instance we’ve just created
  • click on Policies on the left panel
  • Click on Add Policy

From the Quality of Service policies select Rate Limiting and click Next

Then, in the configuration of the policy set up 3 Requests per minute, just for the purpose of testing. Click Apply


Lastly, test the API instance again and send 4 requests. If the policy is working we should get a 429 error - too many requests.


Tags

You may like these posts

Previous Post Next Post