Step 2: Install cert-manager and ASM

This step explains how to download and install cert-manager and Anthos Service Mesh (ASM). These services are required for Apigee hybrid to operate.

Install cert-manager

Use one of the following two commands to install cert-manager v0.14.2 from GitHub. To find your kubectl version use the kubectl version command.

If you have Kubernetes 1.15 or newer:

kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.14.2/cert-manager.yaml

Kubernetes versions older than 1.15:

kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.14.2/cert-manager-legacy.yaml

You will see a response that the cert-manager namespace was created and several cert-manager resources were created in that namespace.

Prerequisites

Check your Cloud SDK configuration settings using the following command:

gcloud config list
[compute]
region = us-central1
[core]
account = user@acme.com
disable_usage_reporting = False
project = my-hybrid-project

Your active configuration is: [default]

Make sure the compute region or zone is set to the region or zone you used when you created your cluster. If you created a regional cluster, use unset to clear the compute/zone property if it is set. If you created a zonal cluster, use unset to clear the compute/region property if it is set. Your config must have either the compute region or zone set, but not both. For example, to clear the compute/zone property using unset, use the following command:
```
gcloud config unset compute/zone
```
Set a variable with your KDUBECONFIG file path using the following command. This file was created on the admin machine when you created your cluster.
```
export KUBECONFIG=KUBECONFIG_PATH
```
For example:
```
export KUBECONFIG=~/.kube/my-config
```

Set up and download ASM

Next, use the ASM documentation to set up your environment and download ASM.

Read the following steps carefully before you begin. We will ask you to perform some of the steps listed in the ASM documentation, then return here to complete the installation.

Go to the ASM installation instructions and install the appropriate ASM version for your hybrid setup:
- For new hybrid installations, install ASM version 1.6.x:
  Go to Installing Anthos Service Mesh on AWS and perform all of the ASM steps up to and including Create the istio-system namespace, then stop and go to the next section Apply the manifest below.
Important: After completing the steps in the section "Create the istio-system namespace" (if installing ASM 1.6) or "Preparing resource configuration files" (if installing ASM 1.5), stop and continue with the steps listed in the next section. We recommend that you wait to apply the manifest file until instructed below.

Apply the manifest

When you have downloaded and unzipped the ASM installation file, continue with the following steps:

Make sure you are in the Istio directory that you downloaded and unzipped. For example: 1.6.11-asm.1.

Execute the following command for the version of Istio you installed:

If you installed ASM version 1.6 or newer (1.7 recommended), execute the following command:

./bin/istioctl install --set profile=asm-multicloud \
 --set meshConfig.enableAutoMtls=false \
 --set meshConfig.accessLogFile=/dev/stdout \
 --set meshConfig.accessLogEncoding=1 \
 --set meshConfig.accessLogFormat='{"start_time":"%START_TIME%","remote_address":"%DOWNSTREAM_DIRECT_REMOTE_ADDRESS%","user_agent":"%REQ(USER-AGENT)%","host":"%REQ(:AUTHORITY)%","request":"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%","request_time":"%DURATION%","status":"%RESPONSE_CODE%","status_details":"%RESPONSE_CODE_DETAILS%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","upstream_address":"%UPSTREAM_HOST%","upstream_response_flags":"%RESPONSE_FLAGS%","upstream_response_time":"%RESPONSE_DURATION%","upstream_service_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","upstream_cluster":"%UPSTREAM_CLUSTER%","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%","request_method":"%REQ(:METHOD)%","request_path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","request_protocol":"%PROTOCOL%","tls_protocol":"%DOWNSTREAM_TLS_VERSION%","request_id":"%REQ(X-REQUEST-ID)%","sni_host":"%REQUESTED_SERVER_NAME%","apigee_dynamic_data":"%DYNAMIC_METADATA(envoy.lua)%"}'

Finally, return to the ASM documentation to Check the control plane components to validate your installation.

Customizing the ASM installation

The ASM installation you just performed is a minimal installation, sufficient to test and use Apigee hybrid for basic use cases. For information on addressing more advanced use cases, such as adding, removing, or modifying load balancer port numbers, see Enabling optional features.

Summary

You now have cert-manager and ASM installed, and you are ready to install the Apigee hybrid command line tool on your local machine.

1 2 (NEXT) Step 3: Install apigeectl 4 5