This step explains how to download and install cert-manager and Anthos Service Mesh (ASM). These services are required for Apigee hybrid to operate.
Install cert-manager
Use one of the following two commands to install cert-manager v0.14.2 from GitHub.
To find your kubectl
version use the kubectl version
command.
- If you have Kubernetes 1.15 or newer:
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.14.2/cert-manager.yaml
- Kubernetes versions older than 1.15:
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.14.2/cert-manager-legacy.yaml
You will see a response that the cert-manager
namespace was created and several cert-manager
resources were created in that namespace.
Prerequisites
- Check your Cloud SDK configuration settings using the following command:
gcloud config list [compute] region = us-central1 [core] account = [email protected] disable_usage_reporting = False project = my-hybrid-project Your active configuration is: [default]
- Make sure the compute region or zone is set to the region or zone you
used when you created your cluster. If you
created a regional cluster, use
unset
to clear the compute/zone property if it is set. If you created a zonal cluster, useunset
to clear the compute/region property if it is set. Your config must have either the compute region or zone set, but not both. For example, to clear thecompute/zone property
usingunset
, use the following command:gcloud config unset compute/zone
- Set a variable with your
KDUBECONFIG
file path using the following command. This file was created on the admin machine when you created your cluster.export KUBECONFIG=KUBECONFIG_PATH
For example:
export KUBECONFIG=~/.kube/my-config
Set up and download ASM
Next, use the ASM documentation to set up your environment and download ASM.
Read the following steps carefully before you begin. We will ask you to perform some of the steps listed in the ASM documentation, then return here to complete the installation.
- Go to the ASM installation instructions and install the appropriate ASM version for your hybrid
setup:
- For new hybrid installations, install ASM version 1.6.x:
Go to Installing Anthos Service Mesh on AWS and perform all of the ASM steps up to and including Create the
istio-system
namespace, then stop and go to the next section Apply the manifest below.
- For new hybrid installations, install ASM version 1.6.x:
Apply the manifest
When you have downloaded and unzipped the ASM installation file, continue with the following steps:
- Make sure you are in the Istio directory that you downloaded and unzipped. For example:
1.6.11-asm.1
. - Execute the following command for the version of Istio you installed:
- If you installed ASM version 1.6 or newer (1.7 recommended), execute the
following command:
./bin/istioctl install --set profile=asm-multicloud \ --set meshConfig.enableAutoMtls=false \ --set meshConfig.accessLogFile=/dev/stdout \ --set meshConfig.accessLogEncoding=1 \ --set meshConfig.accessLogFormat='{"start_time":"%START_TIME%","remote_address":"%DOWNSTREAM_DIRECT_REMOTE_ADDRESS%","user_agent":"%REQ(USER-AGENT)%","host":"%REQ(:AUTHORITY)%","request":"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%","request_time":"%DURATION%","status":"%RESPONSE_CODE%","status_details":"%RESPONSE_CODE_DETAILS%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","upstream_address":"%UPSTREAM_HOST%","upstream_response_flags":"%RESPONSE_FLAGS%","upstream_response_time":"%RESPONSE_DURATION%","upstream_service_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","upstream_cluster":"%UPSTREAM_CLUSTER%","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%","request_method":"%REQ(:METHOD)%","request_path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","request_protocol":"%PROTOCOL%","tls_protocol":"%DOWNSTREAM_TLS_VERSION%","request_id":"%REQ(X-REQUEST-ID)%","sni_host":"%REQUESTED_SERVER_NAME%","apigee_dynamic_data":"%DYNAMIC_METADATA(envoy.lua)%"}'
- If you installed ASM version 1.6 or newer (1.7 recommended), execute the
following command:
- Finally, return to the ASM documentation to Check the control plane components to validate your installation.
Customizing the ASM installation
The ASM installation you just performed is a minimal installation, sufficient to test and use Apigee hybrid for basic use cases. For information on addressing more advanced use cases, such as adding, removing, or modifying load balancer port numbers, see Enabling optional features.
Summary
You now have cert-manager and ASM installed, and you are ready to install the Apigee hybrid command line tool on your local machine.
1 2 (NEXT) Step 3: Install apigeectl 4 5