How to Install MuleSoft Flex Gateway on Docker Container Running on a Cloud Virtual Machine (Amazon EC2 Linux)

MuleSoft Flex Gateway is a lightweight and high-performance API gateway designed to manage and secure APIs effectively. Deploying Flex Gateway on a Docker container running on a cloud virtual machine, such as Amazon EC2 Linux, is a flexible approach to ensuring scalability and ease of management. This guide outlines the advantages and disadvantages of using Docker, pre-installation requirements, installation steps, and post-installation checks.

Advantages of Installing Flex Gateway on Docker Container

1. Portability: Docker containers encapsulate all dependencies, making it easy to move your Flex Gateway setup across environments.
2. Scalability: Docker containers integrate seamlessly with container orchestration tools like Kubernetes, simplifying horizontal scaling.
3. Isolation: Containers ensure that the Flex Gateway operates in a self-contained environment, reducing conflicts with other applications on the host.
4. Ease of Updates: Docker simplifies the process of updating or rolling back versions of Flex Gateway.

Disadvantages of Installing Flex Gateway on Docker Container

1. Resource Overhead: Running Docker introduces an additional layer, which might slightly impact performance compared to direct installation on the host machine.
2. Networking Complexity: Configuring container networking and ensuring connectivity with external systems can be more complex.
3. Dependency on Docker: Any issues with Docker, such as version incompatibilities, could impact Flex Gateway’s performance. It requires team to have Docker expertise to troubleshoot the issues.

Pre-Installation Requirements

1. Amazon EC2 Setup:
   • Launch an EC2 instance with Amazon Linux 2.
   • Ensure sufficient resources for Docker and Flex Gateway. For testing purpose, a t2.micro instance is enough to do the job
   • Open necessary ports in the instance’s security group. For instance, in the follow example we need to expose ports 8081 and 8082 in the inbound security rules.
2. Docker Installation:
   • Update the package repository:
     sudo yum update -y
   • Install Docker:
     sudo yum install -y docker
   • Start Docker Service
     sudo service docker start
   • (Optional) The following steps are to add user into Docker group, so we don’t need to use “sudo” when running “docker” command
     1. Add user (ec2-user) into docker group
        sudo usermod -a -G docker ec2-user
     2. Restart by exiting ssh, then log back in to activate the access.
     3. After that, we can run the subsequent command without “sudo”
3. Flex Gateway Prerequisites:
   • A MuleSoft Anypoint Platform account with Runtime Manager access.
   • A valid API Manager license (if using API management features).
   • Docker must be installed and running.

Installation Steps

Step 1: Register Flex Gateway in Anypoint Platform

1. Log in to the Anypoint Platform and navigate to Runtime Manager.
2. Select Flex Gateway and click Add Gateway.
3. Choose Container and Docker as the deployment target.
4. Note the generated registration command (it will be used in the container setup).

Step 2: Pull Flex Gateway Image from Docker Hub

1. Pull the Flex Gateway Docker image:

docker pull mulesoft/flex-gateway

2. Verify the image is downloaded:

docker image ls

Step 3: Register Flex Gateway

1. Create a folder named “flex-gateway” under current user folder

mkdir flex-gateway

2. Navigate into the new folder

cd flex-gateway

3. Run registration command provided by the Runtime Manager. The default command uses token to register for the Flex Gateway, you can use other methods including Connected App or Basic Authentication. Change <gateway-name> to name of your flex-gateway as your choice

docker run --entrypoint flexctl -u $UID \  
-v "$(pwd)":/registration mulesoft/flex-gateway \  
registration create --organization=<organisation-id> \  
--token=<installation-token> \  
--output-directory=/registration \  
--connected=true \  
<gateway-name>

Step 3: Run Flex Gateway Container

1. Use the “docker run” command to run the container. In the below command, I have added -d flag as well as –name flag for easier container management. If you know docker, it makes sense why we should use them.
   1. “-d” : run container in detached mode
   2. “–name” : set a name for the container otherwise docker will assign a random name for your container. It’s easier to manage if later you run couple of containers on the same machine. For example, you can name it as “flex-gateway-1”
   3. “–rm” : remove the container when it is stopped
   4. “-p 8081:8081”: map 8081 port of the host machine with the 8081 port of the container. As a result, we need to set inbound rules to allow access to port 8081 of the host machine, which will give access to port 8081 in the container. If instead of 8081, you set as “-p 8082:8081”, then you will need to set inbound rules to allow access to 8082, which will give access to port 8081 in the flex-gateway.

docker run -d --rm --name <container-name> \  
-v "$(pwd)":/usr/local/share/mulesoft/flex-gateway/conf.d \  
-p 8081:8081 \  
mulesoft/flex-gateway

2. Verify that the container is running correctly with below command. In the output, you would expect to see the container with the name you assigned in the last column (“flex-gateway-1” and “flex-gateway-2” in my screenshot as I have 2 replicas) and the status of “(healthy)”. If the status is “unhealthy” there must be some issue with the installation.

docker ps

3. Additionally, if the container runs correctly, there should be expected logs when using the below command. Replace <container-name> with the container name from “docker ps” command.

docker logs <container-name>

Step 4: Confirm Flex Gateway Status from Anypoint Platform’s Runtime Manager

1. Go back to the Anypoint Platform and check that the Flex Gateway’s status is Connected in RunTime Manager

Post-Installation Checks

1. Verify Container Logs:
   • Check the Flex Gateway logs for errors or warnings:

docker logs <container-name>

2. Test API Endpoint:
   • Deploy an API in API Manager, set the implementation URL, and configure it to use the Flex Gateway. In the below example, I use “https://jsonplaceholder.typicode.com” as implementationURL.
     1. Choose the available Flex Gateway
     2. Choose HTTP API as asset
     3. Set port, base path for the API. For example, set port as 8081, base path as typicode
     4. Set implementation URL. For example, set implementation URL as https://jsonplaceholder.typicode.com
     5. Save and deploy the API
   • Test the API using the Flex Gateway’s public endpoint via postman or terminal or directly from the ec2 instance terminal: curl -X GET http://<ec2-public-ip>:<port>/<base-path>/users.
3. Flex Gateway Self-Check:
   • Execute a self-check within the container. If the result is “OK”, it means the flex-gateway can connect to target URL.

docker exec -it <container-name>flexctl check http <implementation-URL>

Troubleshooting Tips

1. Connection Issues:
   • Ensure the EC2 security group allows inbound traffic on the required ports. In my example below, the security group allow all traffic to port 8081.

docker inspect <container-name>

• Verify the Docker container is exposing the ports correctly. 

2. Status Discrepancies:
   • If the Anypoint Platform shows the gateway as disconnected, restart the container and verify logs.

docker restart <container-name>
docker logs <container-name>

3. Networking Problems:
   • Test connectivity from within the container using flexctl:

docker exec -it flex-gateway flexctl check http <implementation-url>

Conclusion

Installing MuleSoft Flex Gateway on a Docker container running on Amazon EC2 Linux combines the power of containerisation with the scalability of cloud infrastructure. While Docker adds flexibility, it also introduces some complexity, particularly in networking and resource management. By following the steps and best practices outlined above, you can deploy and manage Flex Gateway effectively, ensuring your APIs are secure and performant.