CONGRATULATIONS!!! You have completed installing Anypoint Service Mesh, applying policies to kubernetes services, reporting and monitoring the analytics of these non-Mule services via Anypoint Platform.
Getting started with Anypoint Service Mesh: AWS
35 min read
Introduction to Anypoint Service Mesh on AWS
Welcome to the Anypoint Service Mesh AWS tutorial. In this tutorial, we will walk you through the process of installing Anypoint Service Mesh on AWS. You will deploy a demo application and secure using Anypoint Service Mesh. To log issues, click here to go to the Github repository issue submission form. In order to successfully install Anypoint Service Mesh on AWS, you will need to create an AWS Cloud Platform account and also have an Anypoint Platform Account. Click the button below to sign up for an Anypoint Platform account or log into your existing account.
Start free trial
Already have an account? Sign in.
Configure your workstation for AWS
Amazon EKS uses IAM to provide authentication to your Kubernetes cluster through the AWS IAM Authenticator for Kubernetes. You can configure the stock kubectl client to work with Amazon EKS by installing the AWS IAM Authenticator for Kubernetes and modifying your kubectl configuration file to use it for authentication. The next steps will take you through the process.
Install the AWS CLI
Follow the steps in this document.
Install the AWS IAM Authenticator
Follow the steps in this document.
Configure Kubectl
Configure Kubectl to be able to connect to your AWS EKS Cluster.
Create a dedicated AWS Kubernetes Cluster
Install eksctl
Follow the following guide to get eksctl installed.
Step 1: Create an AWS EKS Cluster
From any browser, navigate to the AWS Cloud Console and select the Elastic Kubernetes Service.
Next, click on Create Cluster and enter a name for the cluster and select the appropriate Cluster Service Role.
Click Create. Wait for the cluster to be created.
Step 2: Create a Node Group
Click on the compute tab in your newly created EKS Cluster. Select Add Node Group
Complete the Name field, and select the appropriate Node IAM Role for your node group.
Next, select your SSH key pair and click Next.
Expand the Instance type and select m5.xlarge. Reference the documentation if you have further questions and then click Next.
Scroll to the bottom and click Create and wait for the Node Group to be created.
STEP 3: Verify Cluster and Connect
Open up a terminal and type aws configure. Complete the AWS Access Key ID and the AWS Secret Access Key. Make sure you specify the correct default region name and leave the default output format to None.
Make sure you are setting the correct context and update your AWS kube config.
aws eks --region us-west-2 update-kubeconfig --name {yournamespace}
Next running the following command to verify that your cluster is running.
kubectl get pods --all-namespaces
Step 4: Download and install Istio CLI
To install Istio we will be using the Istio CLI. For completed instructions Istio Docs. Use the following command to download Istio CLI into your directory of choice. In this example I am using directory /Users/dennis.foley/ASM
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.7.2 sh -
Change into newly downloaded directory then add the current directory to your path variables.
cd istio-1.7.2/
export PATH=$PWD/bin:$PATH
Step 5: Install Istio using CLI
To install Istio we will be using the Istio CLI. From the istio directory run the following command. At the prompt Proceed? (y/N) enter y
istioctl install
Verify that Istio has been installed. You should now see the istio-system namespace.
kubectl get namespaces
Step 6: Clone Demo Application
For our demo application will be using the Mythical Retail shopping cart application. This web-based UI will call several services to complete the order. First, clone the demo application git repository onto your local machine.
git clone https://github.com/mulesoft-consulting/ServiceMeshDemo
Change to the ServiceMeshDemo directory and list out the contents to verify that the repository has been created correctly.
cd ServiceMeshDemo/
ls
Step 7: Deploy Demo Application
We will now deploy the demo application to your kubernetes cluster. The deployment script takes the namespace as a parameter. We will be using mythical-payment for namespace
./deployAll.sh mythical-payment
You can monitory the deployment with the following commands
kubectl get pods -n mythical-payment
kubectl get services -n mythical-payment
Once all services are running you can test out the application. To access the application open you browser and go to the following URL
http://{external-ip}:3000
To test out the application follow these steps: Select Item to purchase, Click Add to Cart, Click Checkout, Leave default email and click CONTINUE, Click AUTHORIZE PAYMENT, Last click PLACE ORDER
STEP 8: Install Anypoint Service Mesh
For complete instructions and documentation please visit MuleSoft Docs. First download the lastest Anypoint Service Mesh CLI and make it executable.
curl -Ls http://anypoint.mulesoft.com/servicemesh/xapi/v1/install > asmctl && chmod +x asmctl
Now we are ready to install Anypoint Service Mesh. To do this we will call asmctl install. This command requires 3 parameters
- Client Id
- Client Secret
- Service Mesh license
If you are not familiar with how to get environment Client Id and Secret, navigate to API Manager and click on the Environment Information button.
./asmctl install
Verify that Anypoint Service Mesh has been installed correctly with the following command.
kubectl get pods -n service-mesh
STEP 9: Install Anypoint Service Mesh Adapter
Next we want to deploy the Anypoint Service Mesh adapter in each namespace that we want to monitor API's. For this example, we will just be doing the nto-payment namespace that contains the demo application. To deploy the ASM Adapter we will be using a Kubernetes custom resource definition (CRD). In the ServiceMeshDemo repository, we have to create the file nto-payment-asm-adapter.yaml that can be modified.
Replace CLIENT ID and CLIENT SECRET with values for your environment. Save file and run the following command
kubectl apply -f mythical-payment-asm-adapter.yaml
Use the following command to monitor the progress. Wait for status to change to Ready.
asmctl adapter list
STEP 10: Create API's
We will now use Anypoint Service Mesh auto-discovery to create API's in Anypoint Platform. We will create API's for Customer, Inventory, Order and Payments services that are used by the demo application. Before creating the APIs, ensure the Anypoint Platform user has API Manager Environment Administrator permission, in addition, to Manage APIs Configuration. This can be done by your organization admin in *Access Management.
Modify the Kubernetes custom resource definition (CRD) file demo-apis.yaml. For each API, replace ENV ID, USER, and PASSWORD with the values for your environment. If you are unsure how to get the environment I'd check out this article. NOTE: If you run this multiple times you might need to change the version number since Anypoint Platform will keep it around for 7 days. Save the file and run the following command
kubectl apply -f demo-apis.yaml
You can also verify that the API's have been created in Anypoint Platform. Go to Anypoint Platform and navigate to API Manager
STEP 11: Binding API's with Services
The last step is to bind the Kubernetes Services with the Anypoint Platform API's. To do this you will use the binding definition file demo-bind-apis.yaml. Execute the following command
kubectl apply -f demo-bind-apis.yaml
Use the following command to monitor the progress. Wait for status to change to Ready
asmctl api binding list
If you go may to API Management in Anypoint Platform and refresh the page you will see that the API's are now Active. You have completed the installation of Anypoint Service Mesh. To view some more examples of how to apply API Management Polices, you can view this AWS guide on the MuleSoft GitHub by clicking here.