Bind Your Service to an API Using a CRD
When you create the binding, Anypoint Service Mesh creates a three-way association of the service in Kubernetes, the API that you created in Anypoint Platform to represent the service, and the adapter that you created for the service.
The adapter uses the unique API ID to fetch policies and apply them to your services that are running in the cluster.
If you created the API using Anypoint Platform, you use the API ID to bind the service. However, if you used the CRD to create the API, you must use the Kubernetes API resource name to bind the service.
After the binding is created, Anypoint Service Mesh takes a few seconds to complete the binding procedure and update the status. After the binding is completed, you can view the status using the
list command. The status values include:
Ready: The binding is now ready to be used.
Failed: The binding was not created successfully. An error occurred.
Binding: The binding is in the process of being associated with specific application.
In the following example, a binding called
customers is created to bind the
anypoint-service-mesh-adapter adapter with the
customers service. This binding is created in the
nto-payments namespace, which is the same namespace where the adapter was previously created, and is associated with the API that has the ID as 1234.
NAMESPACE NAME ADAPTER API ID SERVICE NAME STATUS nto-payments customers anypoint-service-mesh-adapter 1234 customers Ready
You can bind an API to a service using Anypoint Platform or Anypoint Service Mesh, based on your preference:
Before you bind the service, from the API Administration tab of API Manager, obtain the API ID.
To bind the service with an API, perform the following steps:
Go to Anypoint Platform > API administration and expand the API version name to display the instances.
Click an instance name and copy the API ID that is displayed. Ensure that you save this API ID somewhere that you can access readily.Figure 1. The diagram shows the location where the API ID is displayed on the API version window.
1 API name and API instance version. 2 API ID.
Retrieve from Kubernetes the name of the service with which you want to bind the API:
kubectl get svc -n <namespace>
Verify that your microservice port is named based on Istio requirements.
If you created your API using Anypoint Platform, use the
spec.parameters.apiIdparameter in your
apiVersion: servicecatalog.k8s.io/v1beta1 kind: ServiceBinding metadata: name: _binding name_ # example: orders-api-binding namespace: _namespace name_ # example: default labels: service-mesh.mulesoft.com/kind: adapter-binding spec: instanceRef: name: _Kubernetes adapter resource name_ # example: bookinfo-service-mesh-adapter parameters: apiId: _api ID_ # example: 15722113 service: _Kubernetes service resource name_ # example: orders-service
The binding is activated within a few seconds and the API is successfully registered to the proxy.
Verify the binding status using the following command:
asmctl adapter binding list
After you bind your API, the API in API Manager is marked as Active. You are now ready to apply policies to protect your APIs.Figure 2. The diagram shows the location where the status of the service is displayed.
1 API name and API instance version. 2 Service status.
To bind an API created using Anypoint Service Mesh Autocreate:
Create your binding definition file and save it with a
.yamlfile extension, for example,
If you created your API using Anypoint Service Mesh, use
apiVersion: servicecatalog.k8s.io/v1beta1 kind: ServiceBinding metadata: # name is used as resulting secret name if no secretName is specified under the spec section. name: _binding name_ # example: orders-api-binding namespace: _namespace name_ # example: default labels: service-mesh.mulesoft.com/kind: api-binding spec: instanceRef: name: _Kubernetes API resource name_ # example: orders-api parameters: adapter: _Kubernetes adapter resource name_ # example: bookinfo-service-mesh-adapter service: _Kubernetes service resource name_ # example: orders-service
Apply the CRD using the following command:
kubectl apply -f bind-api.yaml
Verify the binding status:
asmctl api binding list
Verify the Istio sidecar status:
asmctl management check sidecar --namespace=namespace
The API in API Manager is marked
Activeand you can now apply policies to protect your APIs.