Setup Anypoint Flex Gateway on the Kubernetes as an Ingress Controller in Connected Mode — Part III
Introduction
In my last blog, we have a walkthrough on how to set up Flex Gateway on MiniKube as an Ingress controller in the Connected Mode and how to publish the APIs to the Flex Gateway and access those APIs via Ingress on HTTP. In this blog, we will walkthrough how to implement TLS on the ingress and enable ingress to receive only HTTPS traffic.
Before we start implementing the TLS on the ingress, we will be requiring the private key and public key in base64 format. Either we can use a Self Signed certificate or CA signed certificate.
Step 1 — Configure TLS Context for Flex Gateway as a Kubernetes Ingress Controller
To configure the TLS context for Flex Gateway, create a new resource using a YAML configuration file with your TLS context details.
Note — You need to replace your certificates with your own private key and public certificate in base64.
We need to save the above configuration in yaml (i.e., ingress-tls.yaml) and execute the below command to apply TLS.
kubectl apply -f ingress-tls.yaml --namespace gateway
This command will give below output
Now, we have successfully applied TLS on the ingress
Step 2 — Publish the APIs to the Flex Gateway
In this case, we will be selecting “mule-flex-gw” that has been created during tutorial 1 and clicking “Next”. Now, we can Select API from Exchange or Create new API. In this case, we will be selecting Create new API and provide a few details like Name and select Asset types as an HTTP API and clicking Next.
After clicking the Next, it will open new window and there few important details needs to provide like Implementation URI (i.e. URL of our API implementation).
Note — Make sure the Implementation URL must be accessible from MiniKube where we have installed Flex Gateway. We need to take care of appropriate firewall rules and ensure that there is connectivity to implementation URLs from MiniKube.
In the Advanced options, provide the port number 443 and will be using HTTPS protocol.
After clicking Next, it will navigate to the review console. We can review all the information and click on the Save & Deploy button.
After the API successfully published to Flex Gateway, we can see API status to Active in the API Manager console.
This means API is successfully published to the Flex Gateway.
Step 3 — Accessing APIs published to Flex Gateway on MiniKube on HTTPS
As we have already installed the ingress in the part 1 tutorial and will be using ingress for accessing the API. We can execute the below command for getting the ingress URL.
minikube service list --namespace gateway
This command will give below output with http and https url. In our case, we have published an API to the port 443 and protocol https.
So we will be using a URL that is mapped with https — https://192.168.49.2:30679.
This is a private URL and cannot be accessed outside. In our case, the complete URL will be https://192.168.49.2:30679/Asia/Kolkata
To access the above private URL, we will open MiniKube container cli. To do so, just go to docker desktop and open cli for MiniKube container.
We have curl above URL and we have got some response back from our API. This means we have sent a request to ingress on HTTPS and ingress have forwarded the request to the implementation and received a successful response.
If we want to access the URL outside the MiniKube, we need to execute the below command and that will provide the URL which can be used to access ingress.
minikube service ingress --url --namespace gateway
This command will generate the below output with multiple URLs for accessing the ingress.
Now, we can use any one of the URLs for accessing the ingress on TLS. So we need to use a second URL from the above output for sending traffic on HTTPS.
https://127.0.0.1:64843/Asia/Kolkata
This URL can be used in the browser for accessing the APIs. We can see responses from our APIs.
Note — This URL and port number will be different for everyone and everyone’s URL may look different.
References
In this tutorial we have learned how to implement the TLS on Ingress and start receiving traffic on HTTPS for application publish to Flex Gateway.
