Skip to main content
Contact Us 1-800-596-4880

Getting started with Anypoint Service Mesh: Azure

35 min read

Introduction to Anypoint Service Mesh on Azure

Welcome to the Anypoint Service Mesh Azure tutorial. In this tutorial, we will walk you through the process of installing Anypoint Service Mesh on Azure. You will deploy a demo application and secure using Anypoint Service Mesh. To log issues, click here to go to the Github repository issue submission form. In order to successfully install Anypoint Service Mesh on Azure, you will need to create an Azure Cloud Platform account and also have an Anypoint Platform Account. Click the button below to sign up for an Anypoint Platform account or log into your existing account.

Start free trial

Already have an account? Sign in.

Step 1: Create Azure Virtual Network

From any browser, go to the URL to access Azure Portal, and under Azure services, select Virtual networks.


Click on + Add at the left top corner or Create virtual network if there isn’t any already.


Next, create a new Resource Group.


Select Resource Group. Enter a unique Name for instance and select Region for Virtual Network creation

azure resource

Select and remove the default subnet. Add a new subnet with more available IP addresses.

virtual network

The lower the subnet number is like /16, the more IP addresses are available.


Click Next to Review + create. Ensure the validation passed & click on Create.

virtual network validation passed

Step 2: Create Kubernetes Cluster

Back to the Azure Portal home page. Select Kubernetes services


Click on + Add at the left top corner of Kubernetes services, or Create Kubernetes service if there isn’t any already. Select Resource group, enter a unique Kubernetes cluster name, select Region, and click on Change size for Node size.


Select B4ms, per documentation


Keep everything default till the Networking step. Switch Network configuration from Basic to Advanced. Select the Virtual network created in STEP 1. Enter Kubernetes service address range and Kubernetes DNS service IP address allowed in the selected Virtual network.

azure cni

At the Tags step at some tags that help identify the resources you’re creating, like owner -> Email.

tags mulesoft

Move on to the last step, Review + create. Ensure the validation passed & click on Create. Then wait until the deployment is complete.


Step 3: Verify Cluster and Connect

From the Kubernetes Services page, launch the az command line from the newly created AKS cluster using either Bash or Powershell. Make sure your account’s initialized successfully from the Cloud Shell.


Open Terminal window. If you don’t already have the Azure CLI installed following the Install Azure CLI to first install Azure CLI. Next running the following command to verify that you cluster is running.

kubectl get namespaces

microsoft azure

Step 4: Download and Install Istio CLI

To install Istio we will be using the Istio CLI. For completed instructions Istio Docs. Use the following command to download Istio CLI into your directory of choice and supported by Anypoint Service Mesh (1.6.x or 1.7.x at this time).

curl -L | ISTIO_VERSION= sh -


Change into newly downloaded directory (the Istio version downloaded and to be installed)

cd istio-x.x.x/

Add current directory directly to path

export PATH=$PWD/bin:$PATH


Step 5: Install Istio using CLI

To install Istio we will be using the Istio CLI. From the istio directory run the following command. At the prompt Proceed? (Y/N) enter Y.

istioctl install

istioctl install

Verify that Istio has been installed. You should now see the istio-system namespace

kubectl get namespaces

Step 6: Clone Demo Application

For our demo application will be using Northern Trail Outfitters shopping cart application. This web based UI will call several services to complete the order. Clone the demo application git repository onto your local machine.

git clone -b 1PlatformDemo

Change to the ServiceMeshDemo directory and list out the contents to verify that the repository has been created correctly.


Step 7: Deploy Demo Application

We will now deploy the demo application to your kubernetes cluster. The deployment script takes the namespace as a parameter. We will be using nto-payment for namespace

./ nto-payment

nto payment

You can monitor the deployment with the following commands

kubectl get pods -n nto-payment

kubectl get services -n nto-payment


Once all services are running you can test out the application. To access the application open you browser and go to the following URL


nto ecommerce

To test out the application follow these steps:

  • Select Item to purchase
  • Click ADD TO CART
  • Click CHECKOUT
  • Leave default email and click CONTINUE
  • Last click PLACE ORDER

Step 8: Install Anypoint Service Mesh

For complete instructions and documentation please visit the MuleSoft Docs

First lets enable API Analytics by setting the disableMixerHttpReports flag to false:

kubectl -n istio-system get cm istio -o yaml | sed -e 's/disableMixerHttpReports: true/disableMixerHttpReports: false/g' | kubectl replace -f -

Download the latest Anypoint Service Mesh CLI and make it executable

mkdir -p $HOME/.asm && curl -Ls > $HOME/.asm/asmctl && chmod +x $HOME/.asm/asmctl && export PATH=$PATH:$HOME/.asm

Now we are ready to install Anypoint Service Mesh. To do this we will call asmctl install. This command requires 3 parameters:

  • Client Id
  • Client Secret
  • Service Mesh license

If you are not familiar with how to get environment Client Id and Secret, navigate to API Manager and click on the Environment Information button.

environment information

environment information credentials

asmctl install


Verify that Anypoint Service Mesh has been installed correctly with the following command

kubectl get pods -n service-mesh

get pods

Step 9: Install Anypoint Service mesh Adapter

Next, we want to deploy the Anypoint Service Mesh adapter in each namespace that we want to monitor APIs. For this example, we will just be doing the nto-payment namespace that contains the demo application. To deploy the ASM Adapter we will be using a Kubernetes custom resource definition (CRD). In the ServiceMeshDemo repository, we have created the file nto-payment-asm-adapter.yaml that we can modify.

service mesh

Replace CLIENT ID and CLIENT SECRET with values for your environment. Save the file and run the following command

kubectl apply -f nto-payment-asm-adapter.yaml

Use the following command to monitor the progress. Wait for the status to change to Ready.

asmctl adapter list


After you provision the adapter, you must set the istio-injection=enabled label on the namespace by running the following command

kubectl label ns nto-payment istio-injection=enabled

Deploy all the existing applications in the namespace.

kubectl get deployments -n nto-payment

kubectl -n nto-payment patch deploy customer-app --type=json -p='[{"op": "replace", "path": "/spec/template/metadata/labels/","value":"enable"}]'
kubectl -n nto-payment patch deploy inventory-app --type=json -p='[{"op": "replace", "path": "/spec/template/metadata/labels/","value":"enable"}]'
kubectl -n nto-payment patch deploy order-app --type=json -p='[{"op": "replace", "path": "/spec/template/metadata/labels/","value":"enable"}]'
kubectl -n nto-payment patch deploy payment-app --type=json -p='[{"op": "replace", "path": "/spec/template/metadata/labels/","value":"enable"}]'
kubectl -n nto-payment patch deploy service-mesh-ui --type=json -p='[{"op": "replace", "path": "/spec/template/metadata/labels/","value":"enable"}]'

kubectl get pods -n nto-payment

nto payment

Verify the Envoy sidecar is injected within each pod in the Kubernetes Cluster by running the following command

asmctl management check sidecar --namespace=nto-payment


Step 10: Create APIs

We will now use Anypoint Service Mesh auto-discovery to create API’s in Anypoint Platform. We will create API’s for Customer, Inventory, Order, and Payments services that are used by the demo application. Before creating the APIs, ensure the Anypoint Platform user has API Manager Environment Administrator permission, in addition, to Manage APIs Configuration. This can be done by your organization admin in *Access Management.

select access

Modify the Kubernetes custom resource definition (CRD) file demo-apis.yaml. For each API, replace environmentId, clientId, and clientSecret with the values for your environment. You’ll need to Configure Connected Apps to get the client credentials into your CRD file. NOTE: If you run this multiple times you might need to change the version number in demo-apis.yaml, since Anypoint Platform will keep it around for 7 days.


kubectl apply -f demo-apis.yaml

demo apis

Use the following command to monitor the progress. Wait for the status to change to Ready.

asmctl api list


You can also verify that the API’s have been created in Anypoint Platform. Go to Anypoint Platform and navigate to API Manager.

Step 11: Binding APIs with Services

The last step is to bind the Kubernetes Services with the Anypoint Platform API’s. To do this you will use the binding definition file demo-bind-apis.yaml. Execute the following command.

kubectl apply -f demo-bind-apis.yaml

blend apis

Use the following command to monitor the progress. Wait for status to change to Ready

asmctl api binding list

binding list

If you go to API Management in Anypoint Platform and refresh the page you will see that the API’s are now Active. You have completed the installation of Anypoint Service Mesh. If you would like to continue to learn about applying some policies against the Kubernetes services, visit this GitHub file.

Try Anypoint Platform for free

Start your 30-day free trial of the #1 platform for integration, APIs, and automation. No credit card required. No software to install.

Try for free

anypoint product trial zigzag