apiVersion: servicecatalog.k8s.io/v1beta1
kind: ServiceInstance
metadata:
name: _Kubernetes API resource name_ # example: orders-api
namespace: _namespace name_ # example: default
labels:
service-mesh.mulesoft.com/kind: api
spec:
clusterServiceClassExternalName: anypoint-platform-api-instance
clusterServicePlanExternalName: service-mesh
parameters:
environmentId: _environment ID_ # example: 7cea45c6-3237-464d-bd34-3122c4abde29
groupId: _group ID_ # Optional - example: 350b8164-e809-4091-91f5-079fb30e5a1e
assetId: _asset ID_ # example: orders-api
version: _version_ # example: 0.0.1
instanceLabel: _instance label_ # example: public
classifier: _classifier_ # Optional - example: oas
mainFile: _main file_ # Optional - example: api.yaml
specFile: _base64 encoded spec file content_ # Optional - example: dGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVkIHRleHQsIEkgc2VlIHlvdSBhcmUgY3VyaW91cyEK
tags:
apiSpec:
- _tag in Exchange asset_ # example: orders
apiInstance:
- _tag in API Manager instance_ # example: orders
user: _Username of the Anypoint Platform user_
password: _Password of the Anypoint Platform user_
Create an API Using a CRD
After you provision the adapter, you must create an API to bind to the service. You can create an API using Anypoint Platform or Anypoint Service Mesh:
-
Create an API using Anypoint Platform
Create APIs using Anypoint Platform when your API specification files are larger than 550 KB. If you want to upload a REST API or an OAS asset type, use a
.json
,.raml
,.zip
or.yaml
file. If you want to upload a SOAP API or WSDL asset type, use a.wsdl
or.xml
file. -
Create an API using the Anypoint Service Mesh autocreate feature
You can configure Anypoint Service Mesh to automatically create an API in Anypoint Platform (no manual logging required). When creating APIs that require specification files, such as REST and SOAP APIs, ensure that the specification file is not larger than 550 KB and is available in your file system for the CLI to upload.
Create an API by Using Anypoint Platform
To create an API using Anypoint Platform, perform the following steps:
-
Go to Anypoint Platform > API Manager and select the Manage API drop-down list.
-
Select Create new API.
The Creating an asset page is displayed.
-
Specify the Name, and Asset types details for the API.
Your Asset is now created in Exchange for reuse. After you create the Asset, you are now ready to perform Endpoint configuration.
The Endpoint Configuration window is displayed.
-
In the Managing type field, select the Basic Endpoint radio button.
-
In the Application type field, select the Non-Mule application radio button.
-
Optionally, specify the Implementation URI, and click Save.
Your API is now created.
Create an API Using the Anypoint Service Mesh Autocreate Feature
You can use any of the following options for authentication when creating an API using the Anypoint Service Mesh autocreate feature:
-
Using user credentials (username and password).
This option supports only those users who:
-
Are managed by Anypoint Platform
-
Have not enabled multi-factor authentication
-
-
Using Connected Apps credentials
(Recommended) This option supports users:
-
Managed by Anypoint Platform or an external IdP
-
Whether or not they have enabled multi-factor authentication
-
Autocreate APIs by Using Your User Credentials
Before you configure the Anypoint Service Mesh autocreate feature, ensure that you obtain the:
-
Environment ID and organization ID information
To obtain these details, go to API Manager > Environment Information.
-
Manage APIs Configuration permission for the environment where you are creating the API instance
-
Exchange Contributor permission for the business group in which you are creating the asset
To autocreate APIs using user credentials, perform the following steps:
-
Create your API definition file and save it with a
.yaml
file extension: -
Apply the CRD file:
kubectl apply -f test-api.yaml
-
Verify that the API was successfully created:
asmctl api list
The new API is displayed.
-
Optionally, verify that an asset is created on Exchange and an API is created on API Manager.
Reference Kubernetes Secret
Anypoint Service Mesh supports the use of Kubernetes secrets to store and manage sensitive information, such as your user credentials. Before you configure your Kubernetes secrets, ensure that you have the required permissions.
To store your user credentials in Kubernetes secrets:
-
In a YAML file, create a secret in which to store the sensitive information, for example,
orders-api-config.yaml
:apiVersion: v1 kind: Secret metadata: name: _secret name_ # example: orders-api-config namespace: _namespace name_ # example: default type: Opaque stringData: config: | { "user": "_replace-with-anypoint-username_", "password": "_replace-with-anypoint-password_" }
-
Apply the secret:
kubectl apply -f orders-api-config.yaml
If the secret is correctly applied, a 'secret/orders-api-config created' message is displayed.
-
Reference the secret in your API CRD (instead of the user and password parameter), as illustrated in the following example:
apiVersion: servicecatalog.k8s.io/v1beta1 kind: ServiceInstance metadata: name: _Kubernetes API resource name_ # example: orders-api namespace: _namespace name_ # example: default labels: service-mesh.mulesoft.com/kind: api spec: clusterServiceClassExternalName: anypoint-platform-api-instance clusterServicePlanExternalName: service-mesh parameters: environmentId: _environment ID_ # example: 7cea45c6-3237-464d-bd34-3122c4abde29 groupId: _group ID_ # Optional - example: 350b8164-e809-4091-91f5-079fb30e5a1e assetId: _asset ID_ # example: orders-api version: _version_ # example: 0.0.1 instanceLabel: _instance label_ # example: public tags: apiSpec: - _tag in Exchange asset_ # example: orders apiInstance: - _tag in API Manager instance_ # example: orders parametersFrom: # The element specifies the secret name and configuration required for retrieving the parameters. - secretKeyRef: name: _secret name_ # example: orders-api-config key: config
Autocreate APIs by Using Your Connected Apps Credentials
Before you configure the Anypoint Service Mesh autocreate feature, ensure that:
-
You obtain the:
-
Client ID and client secret from Connected Apps
-
ID of the group of assets on Exchange, for example, the organization ID
-
-
Verify that these client credentials include:
-
Exchange Contributor permission for publishing the API to Exchange
-
Manage API Configuration permission for managing the API in API Manager
-
To autocreate APIs using Connected Apps, perform the following steps:
-
Create your API definition file and save it with a '.yaml' file extension, for example
test-api.yaml
:apiVersion: servicecatalog.k8s.io/v1beta1 kind: ServiceInstance metadata: name: _Kubernetes API resource name_ # example: orders-api namespace: _namespace name_ # example: default labels: service-mesh.mulesoft.com/kind: api spec: clusterServiceClassExternalName: anypoint-platform-api-instance clusterServicePlanExternalName: service-mesh parameters: environmentId: _environment ID_ # example: 7cea45c6-3237-464d-bd34-3122c4abde29 groupId: _group ID_ # Optional - example: 350b8164-e809-4091-91f5-079fb30e5a1e assetId: _asset ID_ # example: orders-api version: _version_ # example: 0.0.1 instanceLabel: _instance label_ # example: public tags: apiSpec: - _tag in Exchange asset_ # example: orders apiInstance: - _tag in API Manager instance_ # example: orders clientId: _ID of the Anypoint Platform connected app_ clientSecret: _Secret of the Anypoint Platform connected app_
-
Apply the CRD file:
kubectl apply -f test-api.yaml
-
Verify that the API was successfully created:
asmctl api list
-
Optionally, verify that an Exchange asset is created on Exchange and an API is created on API Manager.
Reference Kubernetes Secrets
Anypoint Service Mesh supports the use of Kubernetes secrets to store and manage sensitive information, such as your Connected App credentials. With Kubernetes secrets, you do not have to specify the username and password credentials every time you create an API.
Before you configure your Kubernetes secrets, ensure that you have the required permissions.
To store your user credentials in Kubernetes secrets:
-
In a YAML file, create a secret in which to store the sensitive information, for example,
orders-api-config.yaml
:apiVersion: v1 kind: Secret metadata: name: _secret name_ # example: orders-api-config namespace: _namespace name_ # example: default type: Opaque stringData: config: | { "clientId": "_replace-with-connected-app-id_", "clientSecret": "_replace-with-connected-app-secret_" }
-
Apply the secret:
kubectl apply -f orders-api-config.yaml
If the secret is correctly applied, a 'secret/orders-api-config created' message is displayed.
-
Reference the secrets in your API CRD (instead of the user and password parameter), as illustrated in the following example:
apiVersion: servicecatalog.k8s.io/v1beta1 kind: ServiceInstance metadata: name: _Kubernetes API resource name_ # example: orders-api namespace: _namespace name_ # example: default labels: service-mesh.mulesoft.com/kind: api spec: clusterServiceClassExternalName: anypoint-platform-api-instance clusterServicePlanExternalName: service-mesh parameters: environmentId: _environment ID_ # example: 7cea45c6-3237-464d-bd34-3122c4abde29 groupId: _group ID_ # Optional - example: 350b8164-e809-4091-91f5-079fb30e5a1e assetId: _asset ID_ # example: orders-api version: _version_ # example: 0.0.1 instanceLabel: _instance label_ # example: public tags: apiSpec: - _tag in Exchange asset_ # example: orders apiInstance: - _tag in API Manager instance_ # example: orders parametersFrom: # The element specifies the secret name and configuration required for retrieving the parameters. - secretKeyRef: name: _secret name_ # example: orders-api-config key: config