Step 3: Install ASM

Install ASM

Apigee hybrid uses the Istio distribution provided with Anthos Service Mesh (ASM). Follow these steps to install ASM in your cluster.

Supported ASM versions

  • For new hybrid version 1.4.4 installations, install ASM version 1.7.x.
  • For upgrades from previous versions of hybrid, install ASM version 1.6.x.

Perform ASM setup and configuration steps

To complete the ASM installation, you must first follow ASM-specific setup and configuration steps in the ASM documentation. Then, you must return here to complete the hybrid-specific configuration before applying the configuration to the cluster.

The instructions to install and configure ASM are different depending on your platform. Choose the steps your platform below.

GKE

  1. Follow the ASM setup and configuration steps:
  2. When you have completed the ASM setup and config steps, go to the next section to complete the hybrid configuration and ASM installation steps.

Perform final hybrid configuration and install ASM

Finally, add hybrid-specific configurations to the istio-operator.yaml file and install ASM.

  1. Ensure that you're in the ASM installation's root directory. For example: 1.7.3-asm.6.
  2. Open the istio-operator.yaml file in an editor.
    • In ASM 1.7.x: ./asm/istio/istio-operator.yaml
    • In ASM 1.6.x: ./asm/cluster/istio-operator.yaml
  3. Add (or update) the spec:components stanza in the istio-operator.yaml file below the meshConfig: section and immediately above values:, where reserved_static_ip is an IP address your runtime ingress gateway can use. If you do not have a reserved static IP address, for this Quick Start, you can leave the LoadBalancerIP property out.

    Text to copy

      components:
        ingressGateways:
        - name: istio-ingressgateway
          enabled: true
          k8s:
            service:
              type: LoadBalancer
              loadBalancerIP: static_ip # If you do not have a reserved static IP, leave this out.
              ports:
              - name: status-port
                port: 15021 # for ASM 1.7.x and above, else 15020
                targetPort: 15021 # for ASM 1.7.x and above, else 15020
              - name: http2
                port: 80
                targetPort: 8080
              - name: https
                port: 443
                targetPort: 8443
    

    Example showing placement

    Line breaks inserted for readability

    apiVersion: install.istio.io/v1alpha1
    kind: IstioOperator
    metadata:
      clusterName: "hybrid-example/us-central1/example-cluster" # {"$ref":"#/definitions/io.k8s.cli.substitutions.cluster-name"}
    spec:
      profile: asm
      hub: gcr.io/gke-release/asm # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.hub"}
      tag: 1.5.7-asm.0 # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.tag"}
      meshConfig:
        defaultConfig:
          proxyMetadata:
            GCP_METADATA: "hybrid-example|123456789123|example-cluster|us-central1" #
              {"$ref":"#/definitions/io.k8s.cli.substitutions.gke-metadata"}
    
      components:
        pilot:
          k8s:
            hpaSpec:
              maxReplicas: 2
        ingressGateways:
        - name: istio-ingressgateway
          enabled: true
          k8s:
            service:
              type: LoadBalancer
              loadBalancerIP: 123.234.56.78
              ports:
              - name: status-port
                port: 15021 # for ASM 1.7.x and above, else 15020
                targetPort: 15021 # for ASM 1.7.x and above, else 15020
              - name: http2
                port: 80
                targetPort: 8080
              - name: https
                port: 443
                targetPort: 8443
            hpaSpec:
              maxReplicas: 2
      values:
        .
        .
        .
    
  4. Return now to the ASM documentation you used previously, and complete ASM installation (install or apply the istio-operator.yaml file to the cluster). If you are on ASM 1.6 and given a choice, choose PERMISSIVE mTLS.

GKE on-prem

Set up and download ASM

Use the ASM documentation to set up your environment and download ASM.

  1. Read the following steps carefully before you begin. We will ask you to perform some of the steps listed in the ASM documentation, then return here to complete the installation.
  2. Go to Installing Anthos Service Mesh on premises and perform all of the ASM steps up to and including Create the istio-system namespace, then stop and go to the next section Apply the manifest below.

Apply the manifest

When you have downloaded and unzipped the ASM installation file, continue with the following steps:

  1. Make sure you are in the Istio directory that you downloaded and unzipped. For example: 1.7.3-asm.6.
  2. Execute the following command, where your_static_ip is a static IP address that the istio ingress component can use. If you do not have a static IP address reserved, leave the --set values.gateways.istio-ingressgateway.loadBalancerIP line out:
    ./bin/istioctl install --set profile=asm-multicloud \
     --set values.gateways.istio-ingressgateway.loadBalancerIP=your_static_IP
  3. Finally, return to the ASM documentation to Check the control plane components to validate your installation.

Customizing the ASM installation

The ASM installation you just performed is a minimal installation, sufficient to test and use Apigee hybrid for basic use cases. For information on addressing more advanced use cases, such as adding, removing, or modifying load balancer port numbers, see Enabling optional features.

Summary

You now have cert-manager and ASM installed, and you are ready to install the Apigee hybrid command line tool on your local machine.

AKS

Set up and download ASM

Use the ASM documentation to set up your environment and download ASM.

  1. Read the following steps carefully before you begin. We will ask you to perform some of the steps listed in the ASM documentation, then return here to complete the installation.
  2. Go to Installing Anthos Service Mesh on attached clusters and perform all of the ASM steps up to and including Create the istio-system namespace, then stop and go to the next section Apply the manifest below.

Apply the manifest

When you have downloaded and unzipped the ASM installation file, continue with the following steps:

  1. Make sure you are in the Istio directory that you downloaded and unzipped. For example: 1.7.3-asm.6.
  2. Execute the following command, where your_static_ip is a static IP address that the istio ingress component can use. If you do not have a static IP address reserved, leave the --set values.gateways.istio-ingressgateway.loadBalancerIP line out:
    ./bin/istioctl install --set profile=asm-multicloud \
     --set values.gateways.istio-ingressgateway.loadBalancerIP=your_static_IP
  3. Finally, return to the ASM documentation to Check the control plane components to validate your installation.

Customizing the ASM installation

The ASM installation you just performed is a minimal installation, sufficient to test and use Apigee hybrid for basic use cases. For information on addressing more advanced use cases, such as adding, removing, or modifying load balancer port numbers, see Enabling optional features.

Summary

You now have cert-manager and ASM installed, and you are ready to install the Apigee hybrid command line tool on your local machine.

GKE on AWS

Set up and download ASM

Use the ASM documentation to set up your environment and download ASM.

  1. Read the following steps carefully before you begin. We will ask you to perform some of the steps listed in the ASM documentation, then return here to complete the installation.
  2. Go to Installing Anthos Service Mesh on GKE on AWS and perform all of the ASM steps up to and including Download the installation file, then stop and go to the next section Apply the manifest below.

Apply the manifest

When you have downloaded and unzipped the ASM installation file, continue with the following steps:

  1. Make sure you are in the Istio directory that you downloaded and unzipped. For example: 1.7.3-asm.6.
  2. Execute the following command, where your_static_ip is a static IP address that the istio ingress component can use. If you do not have a static IP address reserved, leave the --set values.gateways.istio-ingressgateway.loadBalancerIP line out:
    ./bin/istioctl install --set profile=asm-multicloud \
     --set values.gateways.istio-ingressgateway.loadBalancerIP=your_static_IP
  3. Finally, return to the ASM documentation to Check the control plane components to validate your installation.

Customizing the ASM installation

The ASM installation you just performed is a minimal installation, sufficient to test and use Apigee hybrid for basic use cases. For information on addressing more advanced use cases, such as adding, removing, or modifying load balancer port numbers, see Enabling optional features.

Summary

You now have cert-manager and ASM installed, and you are ready to install the Apigee hybrid command line tool on your local machine.

EKS

Set up and download ASM

Use the ASM documentation to set up your environment and download ASM.

  1. Read the following steps carefully before you begin. We will ask you to perform some of the steps listed in the ASM documentation, then return here to complete the installation.
  2. Go to Installing Anthos Service Mesh on attached clusters and perform all of the ASM steps up to and including Create the istio-system namespace, then stop and go to the next section Apply the manifest below.

Apply the manifest

When you have downloaded and unzipped the ASM installation file, continue with the following steps:

  1. Make sure you are in the Istio directory that you downloaded and unzipped. For example: 1.7.3-asm.6.
  2. Execute the following command, where your_static_ip is a static IP address that the istio ingress component can use. If you do not have a static IP address reserved, leave the --set values.gateways.istio-ingressgateway.loadBalancerIP line out:
    ./bin/istioctl install --set profile=asm-multicloud \
     --set values.gateways.istio-ingressgateway.loadBalancerIP=your_static_IP
  3. Finally, return to the ASM documentation to Check the control plane components to validate your installation.

Customizing the ASM installation

The ASM installation you just performed is a minimal installation, sufficient to test and use Apigee hybrid for basic use cases. For information on addressing more advanced use cases, such as adding, removing, or modifying load balancer port numbers, see Enabling optional features.

Summary

You now have cert-manager and ASM installed, and you are ready to install the Apigee hybrid command line tool on your local machine.

Summary

You now have cert-manager and ASM installed, and you are ready to install the Apigee hybrid command line tool on your local machine.

Next step

1 2 3 (NEXT) Step 4: Install apigeectl 5 6 7