# Flex Gateway Anypoint Flex Gateway is an ultrafast API gateway designed to manage and secure APIs running anywhere. Built to seamlessly integrate with DevOps and CI/CD workflows, Anypoint Flex Gateway delivers the performance required for the most demanding applications and microservices while providing enterprise security and manageability across any environment. ## Get repository ```shell helm repo add flex-gateway https://flex-packages.anypoint.mulesoft.com/helm helm repo update ``` ## Deploy ```shell helm upgrade ingress flex-gateway/flex-gateway \ -i --wait -n gateway --create-namespace \ --set-file registration.content=registration.yaml ``` ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | <pre>```{}```</pre> | | | autoscaling.behavior | object | <pre>```{}```</pre> | | | autoscaling.enabled | bool | <pre>```false```</pre> | Boolean indicating if the Horizontal Pod Autoscaler (HPA) is enabled. | | autoscaling.extraMetrics | list | <pre>```[]```</pre> | | | autoscaling.maxReplicas | int | <pre>```11```</pre> | The maximum number of replicas that the scaler is allowed to create. | | autoscaling.minReplicas | int | <pre>```2```</pre> | The minimum number of replicas that the scaler is allowed to create. | | autoscaling.targetCPUUtilizationPercentage | int | <pre>```50```</pre> | The average CPU usage percentage of all deployed pods. | | autoscaling.targetMemoryUtilizationPercentage | string | <pre>```null```</pre> | The average memory usage percentage of all deployed pods. | | dnsConfig | object | <pre>```{}```</pre> | Optionally customize the pod dnsConfig. | | dnsPolicy | string | <pre>```"ClusterFirst"```</pre> | Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'. By default, while using host network, name resolution uses the host's DNS. If you wish flex-gateway to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. | | extraAnnotations | object | <pre>```{}```</pre> | Annotations to be added to the Deployment | | extraLabels | object | <pre>```{}```</pre> | Labels to be added to the Deployment | | extraVolumeMounts | list | <pre>```[]```</pre> | Additional volumeMounts. | | extraVolumes | list | <pre>```[]```</pre> | Additional volumes to the pod. | | gateway.connectionIdleTimeout | string | <pre>```null```</pre> | Defines the connection idle timeout of all apis. | | gateway.dataSources.kubernetes.enabled | bool | <pre>```true```</pre> | This configuration defines if the gateway will read resources from kubernetes. | | gateway.dataSources.kubernetes.selector | string | <pre>```null```</pre> | This configuration defines a selector (label query) that the gateway will use to filter the resources when generating the configuration. E.g. "label1=value1,label2=value2" will apply only the resources that have both labels "label1=value1" and "label2=value2". | | gateway.mode | string | <pre>```"local"```</pre> | Mode of operation of the gateway, can be local or connected | | gateway.scope | string | <pre>```"Cluster"```</pre> | Scope of the installation, can be Cluster or Namespace | | gateway.streamIdleTimeout | string | <pre>```null```</pre> | Defines the stream idle timeout of all apis. | | image.name | string | <pre>```"mulesoft/flex-gateway:1.5.4"```</pre> | | | image.pullPolicy | string | <pre>```"IfNotPresent"```</pre> | The pull policy for the image. Possible values: ifNotPresent, Always, Never. Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy | | image.pullSecretName | string | <pre>```null```</pre> | The name of the secret that contains Docker registry credentials. The secret must exist in the same namespace as the helm release. | | ingressClass | object | <pre>```{```<br>&nbsp;``` "enabled": true,```<br>&nbsp;``` "name": null,```<br>&nbsp;``` "setAsDefault": false```<br>&nbsp;```}```</pre> | This section refers to the creation of the IngressClass resource Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class | | ingressClass.enabled | bool | <pre>```true```</pre> | Is this ingressClass enabled or not | | ingressClass.name | string | <pre>```null```</pre> | Name of the ingressClass. <releaseName>-<namespace> by default | | ingressClass.setAsDefault | bool | <pre>```false```</pre> | Is this the default ingressClass for the cluster | | livenessProbe | object | <pre>```{```<br>&nbsp;``` "exec": {```<br>&nbsp;``` "command": [```<br>&nbsp;``` "flexctl",```<br>&nbsp;``` "probe",```<br>&nbsp;``` "--check=liveness"```<br>&nbsp;``` ]```<br>&nbsp;``` },```<br>&nbsp;``` "failureThreshold": 5,```<br>&nbsp;``` "initialDelaySeconds": 10,```<br>&nbsp;``` "periodSeconds": 10,```<br>&nbsp;``` "timeoutSeconds": 10```<br>&nbsp;```}```</pre> | Liveness, readiness and startup probe values Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes | | minReadySeconds | int | <pre>```0```</pre> | `minReadySeconds` to avoid killing pods before we are ready | | nodeSelector | object | <pre>```{}```</pre> | Node labels for controller pod assignment Ref: https://kubernetes.io/docs/user-guide/node-selection/ | | podSecurityContext | object | <pre>```{```<br>&nbsp;``` "runAsNonRoot": true,```<br>&nbsp;``` "runAsUser": 65534,```<br>&nbsp;``` "seccompProfile": {```<br>&nbsp;``` "type": "RuntimeDefault"```<br>&nbsp;``` },```<br>&nbsp;``` "sysctls": [```<br>&nbsp;``` {```<br>&nbsp;``` "name": "net.ipv4.ip_unprivileged_port_start",```<br>&nbsp;``` "value": "0"```<br>&nbsp;``` }```<br>&nbsp;``` ]```<br>&nbsp;```}```</pre> | Security Context policies for controller pods See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for notes on enabling and using sysctls | | priorityClassName | string | <pre>```""```</pre> | | | readinessProbe | object | <pre>```{}```</pre> | | | registerSecretName | string | <pre>```null```</pre> | Deprecated - use registration.secretName. | | registration.content | string | <pre>```null```</pre> | If this field is provided, installation creates a Kubernetes secret resource that contains the contents of the registration files. | | registration.secretName | string | <pre>```null```</pre> | If this field is provided, registration requires that a Kubernetes secret with the given name exists. The secret must contain the content of the registration files. | | replicaCount | int | <pre>```1```</pre> | The number of deployment replicas. | | resources.limits.cpu | string | <pre>```"1000m"```</pre> | CPU resource limits in millicores. | | resources.limits.memory | string | <pre>```"1024Mi"```</pre> | Memory resource limits. | | resources.requests.cpu | string | <pre>```"250m"```</pre> | | | resources.requests.memory | string | <pre>```"512Mi"```</pre> | | | revisionHistoryLimit | int | <pre>```10```</pre> | Rollback limit | | service.allocateLoadBalancerNodePorts | bool | <pre>```true```</pre> | You can optionally disable node port allocation for a Service of type=LoadBalancer, by setting the field allocateLoadBalancerNodePorts to false. Will be ignored for Kubernetes versions older than 1.24 Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation | | service.clusterIP | string | <pre>```""```</pre> | | | service.enabled | bool | <pre>```true```</pre> | Boolean indicating if a service to expose the deployment is created. | | service.externalIPs | list | <pre>```[]```</pre> | List of IP addresses at which the service is available Ref: https://kubernetes.io/docs/user-guide/services/#external-ips | | service.externalTrafficPolicy | string | <pre>```""```</pre> | Set external traffic policy to: "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer | | service.extraAnnotations | object | <pre>```{}```</pre> | | | service.extraLabels | object | <pre>```{}```</pre> | | | service.extraPorts | list | <pre>```[]```</pre> | Additional ports to expose. | | service.healthCheckNodePort | int | <pre>```0```</pre> | Specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified, the service controller allocates a port from your cluster’s NodePort range. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip | | service.http.appProtocol | bool | <pre>```false```</pre> | | | service.http.enabled | bool | <pre>```true```</pre> | Boolean indicating if the HTTP port should be enabled for the service | | service.http.nodePort | int | <pre>```0```</pre> | | | service.http.port | int | <pre>```80```</pre> | The service HTTP port | | service.http.targetPort | string | <pre>```null```</pre> | | | service.https.appProtocol | bool | <pre>```false```</pre> | | | service.https.enabled | bool | <pre>```true```</pre> | Boolean indicating if the HTTPS port should be enabled for the service | | service.https.nodePort | int | <pre>```0```</pre> | | | service.https.port | int | <pre>```443```</pre> | The service HTTPS port | | service.https.targetPort | string | <pre>```null```</pre> | | | service.ipFamilies | list | <pre>```[]```</pre> | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | | service.ipFamilyPolicy | string | <pre>```""```</pre> | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | | service.loadBalancerSourceRanges | list | <pre>```[]```</pre> | Used by cloud providers to connect the resulting `LoadBalancer` to a pre-existing static IP Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer | | service.sessionAffinity | string | <pre>```""```</pre> | Must be either "None" or "ClientIP" if set. Kubernetes will default to "None". Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies | | service.type | string | <pre>```"LoadBalancer"```</pre> | The type of service to create. Possible values: ClusterIP, NodePort, LoadBalancer, ExternalName. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | | startupProbe | object | <pre>```{}```</pre> | | | tolerations | list | <pre>```[]```</pre> | Node tolerations for server scheduling to nodes with taints Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | | topologySpreadConstraints | list | <pre>```[]```</pre> | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ | | updateStrategy | object | <pre>```{}```</pre> | The update strategy to apply to the Deployment |