Skip to content

Configuring Ingress for Flex Gateway

This guide walks through the process of setting up an Ingress resource for MuleSoft Flex Gateway in a Kubernetes environment. Proper Ingress configuration allows external traffic to reach your APIs through the Flex Gateway.

Understanding Flex Gateway Ingress

An Ingress resource defines rules for routing external HTTP/HTTPS traffic to services within your Kubernetes cluster. When using Flex Gateway as your Ingress controller, you can leverage both Kubernetes-native Ingress resources and MuleSoft-specific custom resources.

Flex Gateway serves as an Ingress controller that translates Ingress rules into API configurations, allowing external clients to access your services securely.

Prerequisites

Before configuring Ingress for Flex Gateway, ensure you have:

  • Flex Gateway installed in your Kubernetes cluster
  • Kubectl configured to access your cluster
  • Services deployed that you want to expose
  • (Optional) TLS certificates if you need HTTPS

These components form the foundation for your Ingress configuration. Having them ready will streamline the setup process.

Creating a Basic Ingress Resource

Create a file named flex-gateway-ingress.yaml with the following content:

api-ingress.yaml
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: api-ingress
  namespace: your-api-namespace
  annotations:
    kubernetes.io/ingress.class: "flex-gateway"
spec:
  rules:
  - host: api.example.com
    http:
      paths:
      - path: /api/v1
        pathType: Prefix
        backend:
          service:
            name: api-service
            port:
              number: 8080

Apply the Ingress resource to your cluster:

kubectl apply -f flex-gateway-ingress.yaml

This basic Ingress configuration routes requests for api.example.com/api/v1 to a service named api-service on port 8080. The annotation kubernetes.io/ingress.class: "flex-gateway" ensures this Ingress is processed by Flex Gateway.

Adding TLS/HTTPS Support

To enable HTTPS for your Ingress, update your Ingress configuration with TLS settings:

api-ingress.yaml
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: api-ingress
  namespace: your-api-namespace
  annotations:
    kubernetes.io/ingress.class: "flex-gateway"
spec:
  tls:
  - hosts:
    - api.example.com
    secretName: api-tls-secret
  rules:
  - host: api.example.com
    http:
      paths:
      - path: /api/v1
        pathType: Prefix
        backend:
          service:
            name: api-service
            port:
              number: 8080

The tls section references a Kubernetes Secret named api-tls-secret that contains your TLS certificate and private key. This enables HTTPS for the specified host.

Configuring Advanced Routing

For more complex routing scenarios, you can configure multiple paths and hosts:

multi-service-ingress.yaml
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: multi-service-ingress
  namespace: your-api-namespace
  annotations:
    kubernetes.io/ingress.class: "flex-gateway"
spec:
  rules:
  - host: api.example.com
    http:
      paths:
      - path: /customers
        pathType: Prefix
        backend:
          service:
            name: customers-service
            port:
              number: 8080
      - path: /orders
        pathType: Prefix
        backend:
          service:
            name: orders-service
            port:
              number: 8081
  - host: admin.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: admin-service
            port:
              number: 8082

This configuration routes traffic based on both the hostname and path. Requests to /customers and /orders on api.example.com go to different services, while admin.example.com routes to a separate admin service.

Adding Flex Gateway-Specific Annotations

Flex Gateway supports additional functionality through Ingress annotations:

api-ingress.yaml
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: api-ingress
  namespace: your-api-namespace
  annotations:
    kubernetes.io/ingress.class: "flex-gateway"
    flex.mulesoft.com/client-timeout: "30s"
    flex.mulesoft.com/cors-enabled: "true"
    flex.mulesoft.com/rate-limit: "100"
    flex.mulesoft.com/rate-limit-window: "1m"
spec:
  rules:
  - host: api.example.com
    http:
      paths:
      - path: /api/v1
        pathType: Prefix
        backend:
          service:
            name: api-service
            port:
              number: 8080

These Flex Gateway-specific annotations enable additional features like: - Setting client timeouts - Enabling Cross-Origin Resource Sharing (CORS) - Configuring rate limiting for API protection

Verifying Ingress Configuration

After applying your Ingress resource, verify it was created correctly:

kubectl get ingress -n your-api-namespace

Check the Flex Gateway logs for any issues:

kubectl logs -n gateway -l app.kubernetes.io/name=flex-gateway

Test your API endpoint to confirm traffic is routed correctly:

curl -H "Host: api.example.com" http://<flex-gateway-ip>/api/v1

These commands help you confirm that your Ingress is correctly configured and functioning as expected.

Troubleshooting Common Issues

If your Ingress isn't working as expected, check these common issues:

  1. Incorrect Ingress Class: Ensure the kubernetes.io/ingress.class annotation is set to "flex-gateway"
  2. Service Availability: Verify the backend service exists and is running
  3. Port Configuration: Confirm the service port in the Ingress matches the actual service port
  4. DNS Configuration: Make sure the hostname resolves to your Flex Gateway's external IP
  5. TLS Issues: Check that the TLS secret exists and contains valid certificate files

Most Ingress issues stem from misconfiguration in either the Ingress resource itself or the underlying services it routes to.

Next Steps

After successfully configuring your Ingress, consider:

  1. Setting up monitoring for your API traffic
  2. Implementing additional security policies
  3. Configuring API rate limiting and other protections
  4. Setting up logging and analytics for your APIs

These additional steps will help you secure and optimize your API gateway implementation for production use.