dmoellenbeck / asmongcp Goto Github PK

Update: September 29, 2020

This cookbook will walk you through the process of installing Anypoint Service Mesh on Google Cloud Platform. You will deploy a demo application and secure using Anypoint Service Mesh.

To log issues, click here to go to the github repository issue submission form.

• Create Kubernetes Google Kubernetes Engine (GKE)

  • STEP 1: Create Google VPC
  • STEP 2: Create Kubernetes Cluster
  • STEP 3: Verify Cluster and Connect

• Install Istio

  • STEP 4: Download and Install Istio CLI
  • STEP 5: Install Istio using CLI

• Deploy Demo Application

  • STEP 6: Clone Demo Application
  • STEP 7: Deploy Demo Application

• Install Anypoint Service Mesh

  • STEP 8: Install Anypoint Service Mesh
  • STEP 9: Install Anypoint Service Mesh Adapter
  • STEP 10: Create API's
  • STEP 11: Binding API's with Services

• Apply API Management Policies

  • STEP 12: Apply Rate Limiting Policy to Customer API
  • STEP 13: Apply Client ID enforcement Policy to Payment API

• Report & Monitor API Analytics

  • STEP 14: View Analytics of Customer API & Payment API
  • STEP 15: View Dashboards of Customer API & Payment API

• The following lab requires a Google Cloud Platform account.
• Access to Anypoint Platform

For complete instructions please visit MuleSoft Documentation

• From any browser, go to the URL to access Google Cloud Console:

  https://console.cloud.google.com/

• Click on the upper left navigation bar. Select VPC networks

  

• Click Create a VPC network

• Enter name for network and select Automatic for Subnet creation.

  

• Click Create. Wait for network to be created.

  

• Click on the upper left navigation bar. Select Clusters

  

• Click Create cluster

• Enter Name for your cluster

  

• Select Master Version of 1.16.x or higher

  

• Expand default-pool and select Nodes. Per documentation change Machine type to e2-standard-4

  

• Click Networking and select your network created in previous step.

  

• Click CREATE and wait of cluster to be created.

  

• From the Kubernetes Cluster page click Connect. From the Connect to the cluster popup copy the Command-line access command.

  

• Open Terminal window. If you don't already have the gcloud cli installed following the Google Docs to first install gcloud cli.

• Paste gcloud connect to cluster command from previous step.

• Next running the following command to verify that you cluster is running.

kubectl get namespaces

• To install Istio we will be using the Istio CLI. For completed instructions Istio Docs

• Use the following command to download Istio CLI into your directory of choice. In this example I am using directory /Users/dennis.foley/ASM

curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.7.2 sh -

• Change into newly downloaded directory

cd istio-1.7.2/

• Add current directly to path

export PATH=$PWD/bin:$PATH

• To install Istio we will be using the Istio CLI. From the istio directory run the following command. At the prompt Proceed? (y/N) enter y

istioctl install

• Verify that Istio has been installed. You should now see the istio-system namespace

kubectl get namespaces

• For our demo application will will be using Mythical Retail shopping cart application. This web based UI will call several services to complete the order.

• Clone the demo application git repository onto your local machine.

git clone https://github.com/mulesoft-consulting/ServiceMeshDemo

• Change to the ServiceMeshDemo directory and list out the contents to verify that the repository has been created correctly

cd ServiceMeshDemo/
ls

• We will now deploy the demo application to your kubernetes cluster. The deployment script takes the namespace as a parameter. We will be using mythical-payment for namespace

./deployAll.sh mythical-payment

• You can monitory the deployment with the following commands

kubectl get pods -n mythical-payment
kubectl get services -n mythical-payment

• Once all services are running you can test out the application. To access the application open you browser and go to the following URL

http://<EXTERNAL-IP>:3000

• To test out the application follow these steps:

  • Select Item to purchase
  • Click Add to Cart
  • Click Checkout
  • Leave default email and click CONTINUE
  • Click AUTHORIZE PAYMENT
  • Last click PLACE ORDER

For complete instructions and documentation please visit MuleSoft Docs

• Download the latest Anypoint Service Mesh CLI and make it executable

curl -Ls http://anypoint.mulesoft.com/servicemesh/xapi/v1/install > asmctl && chmod +x asmctl

• Now we are ready to install Anypoint Service Mesh. To do this we will call asmctl install. This command requires 3 parameters

  • Client Id
  • Client Secret
  • Service Mesh license

• If you are not familiar with how to get environment Client Id and Secret, navigate to API Manager and click on the Environment Information button.

• If you are not familiar with how to get environment Client Id and Secret, navigate to API Manager and click on the Environment Information button.

./asmctl install

• Verify that Anypoint Service Mesh has been installed correctly with the following command

kubectl get pods -n service-mesh

• Next we want to deploy the Anypoint Service Mesh adapter in each namespace that we want to monitor API's. For this example we will just be doing the nto-payment namespace that contains the demo application.

• To deploy the ASM Adapter we will be using a Kubernetes custom resource definition (CRD). In the ServiceMeshDemo repository we have create the file nto-payment-asm-adapter.yaml that can modified.

  

• Replace <CLIENT ID> and <CLIENT SECRET> with values for your environment. Save file and run the following command

kubectl apply -f mythical-payment-asm-adapter.yaml

• Use the following command to monitor the progress. Wait for status to change to Ready

asmctl adapter list

• We will now use now use Anypoint Service Mesh auto discovery to create API's in Anypoint Platform. We will create API's for Customer, Inventory, Order and Payments services that are used by the demo application.

• Before creating the APIs, ensure the Anypoint Platform user has API Manager Environment Administrator permission, in addition to Manage APIs Configuration. This can be done by your organization admin in *Access Management.

• Modify the Kubernetes custom resource definition (CRD) file demo-apis.yaml.

• For each API, replace <ENV ID>, <USER> and <PASSWORD> with the values for your environment. If you are unsure how to get the environment Id check out this article. Save the file and run the following command

***NOTE: *** If you run this multiple times you might need to change the version number since Anypoint Platform will keep it around for 7 days.

kubectl apply -f demo-apis.yaml

• Use the following command to monitor the progress. Wait for status to change to Ready

asmctl api list

• You can also verify that the API's have been created in Anypoint Platform. Go to Anypoint Platform and navigate to API Manager

  

• The last step is to bind the Kubernetes Services with the Anypoint Platform API's. To do this you will use the binding definition file demo-bind-apis.yaml. Execute the following command

kubectl apply -f demo-bind-apis.yaml

• Use the following command to monitor the progress. Wait for status to change to Ready

asmctl api binding list

• If you go may to API Management in Anypoint Platform and refresh the page you will see that the API's are now Active.

• You have completed the installation of Anypoint Service Mesh. In the next section we will walk through applying some policies against the kubernetes services.

• From the API Management Screen in Anypoint Platform click on the version number for customer-api

  

• Click Policies and then click Apply New Policy. Expand Rate Limiting select newest version and click Configure Policy.

  

• We will configure the rate limit to be 1 call per minute. Click Apply

  

• You should now see your new Rate limiting policy. To test this out run through the order process in the demo application. Try to run through it 2 times within a minute. The second time through you will get Account Retrieval Failed error.

  

• Before moving onto the next step remove the Rate Limiting policy.

• Click Policies and then click Apply New Policy. Expand Client ID enforcement select newest version and click Configure Policy.

  

• Leave all defaults and click APPLY

• You should now see your new Client ID enforcement policy. Once again run through the demo application but this time you should see Payment Authorization Failed when you click AUTHORIZE PAYMENT

  

• From API Manager, click on Analytics on the left.

• At the top, select the desired date range, filter by the APIs, and check Include Policy Violations

• You can also build a report for API Analytics collected from service-service communication. The API Analytics provides insights into health of managed APIs - status code, policy violations, response time and such.
  Follow MuleSoft API Analytics Documentation to create an API Analytics report for all APIs and review if APIs are working as expected.

• Click on Run of the report, you could download the report in the browser or view the report usring curl with the report URL to look at more details.

Violated Policy Name.csv

• Navigate to the Anypoint Monitoring from either Anypoint Platform home page, or the hamburger menu at the top left corner.

• You can click on Built-in dashboards on the left to check out what's populated for the Customer & Payment APIs. In the drop-down, choose the environment, resource name, and the API version / Instance, and click on View.

• At the top right corner of the dashboard, adjust the time period and turn on Auto-Refresh for Customer API.

• Repeat the above and choose Payment API this time and check out its Analytics as well.

CONGRATULATIONS!!! You have completed installing Anypoint Service Mesh, applying policies to kubernetes services, reporting and monitoring the analytics of these non-Mule services via Anypoint Platform.