NOTE: Some aspects of this product are in Beta. The hybrid installation options are GA. To join the Beta program, reach out to your Apigee representative.

Step 2: Install cert-manager and ASM

This step explains how to download and install cert-manager and Anthos Service Mesh (ASM). These services are required for Apigee hybrid to operate.

Install cert-manager

Use one of the following two commands to install cert-manager v0.14.2 from GitHub. To find your kubectl version use the kubectl version command.

  • If you have Kubernetes 1.15 or newer:
    kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.14.2/cert-manager.yaml
  • Kubernetes versions older than 1.15:
    kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.14.2/cert-manager-legacy.yaml

You will see a response that the cert-manager namespace was created and several cert-manager resources were created in that namespace.

Prerequisites

  1. Check your Cloud SDK configuration settings using the following command:
    gcloud config list
    [compute]
    region = us-central1
    [core]
    account = user@acme.com
    disable_usage_reporting = False
    project = my-hybrid-project
    
    Your active configuration is: [default]
  2. Make sure the compute region or zone is set to the region or zone you used when you created your cluster. If you created a regional cluster, use unset to clear the compute/zone property if it is set. If you created a zonal cluster, use unset to clear the compute/region property if it is set. Your config must have either the compute region or zone set, but not both. For example, to clear the compute/zone property using unset, use the following command:
    gcloud config unset compute/zone
  3. Set a variable with your KDUBECONFIG file path using the following command. This file was created on the admin machine when you created your cluster.
    export KUBECONFIG=KUBECONFIG_PATH

    For example:

    export KUBECONFIG=~/.kube/my-config

Set up and download ASM

Next, use the ASM documentation to set up your environment and download ASM.

  1. Read the following steps carefully before you begin. We will ask you to perform some of the steps listed in the ASM documentation, then return here to complete the installation.
  2. Go to Introduction to the installation and do all of the ASM steps up to and including Downloading the installation file, then stop and go to the next section Apply the manifest below.

Apply the manifest

When you have downloaded and unzipped the ASM installation file, continue with the following steps:

  1. Make sure you are in the Istio directory that you downloaded and unzipped. For example: istio-1.6.11-asm.1.
  2. Execute the following command for the version of Istio you installed:
    • If you installed ASM 1.6.x (recommended), execute the following command, , where your_static_ip is the static IP address you reserved previously in Reserve a static IP:
      ./bin/istioctl install --set profile=asm-multicloud \
       --set values.gateways.istio-ingressgateway.loadBalancerIP=your_static_IP \
       --set meshConfig.enableAutoMtls=false \
       --set meshConfig.accessLogFile=/dev/stdout \
       --set meshConfig.accessLogEncoding=1 \
       --set meshConfig.accessLogFormat='{"start_time":"%START_TIME%","remote_address":"%DOWNSTREAM_DIRECT_REMOTE_ADDRESS%","user_agent":"%REQ(USER-AGENT)%","host":"%REQ(:AUTHORITY)%","request":"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%","request_time":"%DURATION%","status":"%RESPONSE_CODE%","status_details":"%RESPONSE_CODE_DETAILS%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","upstream_address":"%UPSTREAM_HOST%","upstream_response_flags":"%RESPONSE_FLAGS%","upstream_response_time":"%RESPONSE_DURATION%","upstream_service_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","upstream_cluster":"%UPSTREAM_CLUSTER%","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%","request_method":"%REQ(:METHOD)%","request_path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","request_protocol":"%PROTOCOL%","tls_protocol":"%DOWNSTREAM_TLS_VERSION%","request_id":"%REQ(X-REQUEST-ID)%","sni_host":"%REQUESTED_SERVER_NAME%","apigee_dynamic_data":"%DYNAMIC_METADATA(envoy.lua)%"}'
    • If you installed ASM 1.5.x, execute the following command, where your_static_ip is the static IP address you reserved previously in Reserve a static IP:
      ./bin/istioctl manifest apply --set profile=asm-onprem \
       --set values.gateways.istio-ingressgateway.loadBalancerIP=your_static_IP \
       --set meshConfig.enableAutoMtls=false \
       --set meshConfig.accessLogFile=/dev/stdout \
       --set meshConfig.accessLogEncoding=1 \
       --set meshConfig.accessLogFormat='{"start_time":"%START_TIME%","remote_address":"%DOWNSTREAM_DIRECT_REMOTE_ADDRESS%","user_agent":"%REQ(USER-AGENT)%","host":"%REQ(:AUTHORITY)%","request":"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%","request_time":"%DURATION%","status":"%RESPONSE_CODE%","status_details":"%RESPONSE_CODE_DETAILS%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","upstream_address":"%UPSTREAM_HOST%","upstream_response_flags":"%RESPONSE_FLAGS%","upstream_response_time":"%RESPONSE_DURATION%","upstream_service_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","upstream_cluster":"%UPSTREAM_CLUSTER%","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%","request_method":"%REQ(:METHOD)%","request_path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","request_protocol":"%PROTOCOL%","tls_protocol":"%DOWNSTREAM_TLS_VERSION%","request_id":"%REQ(X-REQUEST-ID)%","sni_host":"%REQUESTED_SERVER_NAME%","apigee_dynamic_data":"%DYNAMIC_METADATA(envoy.lua)%"}'
  3. Finally, return to the ASM documentation to validate the installation.

Customizing the ASM installation

The ASM installation you just performed is a minimal installation, sufficient to test and use Apigee hybrid for basic use cases. For information on addressing more advanced use cases, such as adding, removing, or modifying load balancer port numbers, see Enabling optional features.

Summary

You now have cert-manager and ASM installed, and you are ready to install the Apigee hybrid command line tool on your local machine.

Next step

1 2 (NEXT) Step 3: Install apigeectl 4 5