Madrid MuleSoft Meetup #11.pptx

June 2022
Madrid MuleSoft Meetup #11
API Governance & Flex Gateway

2
● Introducciones
● API Governance
● Demo
● Anypoint Flex Gateway
● Demo
● Sorteo
● Mesa redonda
Agenda

Evolution of MuleSoft’s APIM offering
Accelerate
application
delivery
Implement
modern
architectures
Update Update
New
API Governance
Ensure consistent quality & conformance
API Manager
Manage any service consistently
Gain
consistent
security &
quality
Flex Gateway
Ultrafast gateway for APIs running anywhere
API Design Center
Diverse protocol support
Anypoint Platform CLI
Discover and use non-Mule APIs
Anypoint Exchange
Consolidate all APIs into a single place
API Community Manager
Build and engage your API communities
API Experience Hub
Build developer portals in minutes
Create vibrant
API
ecosystems
New Update
H2, ‘22
Developer
API owner
Architect
API PM

What is the need to govern APIs?

Maintaining quality, security and development speed at the same time is challenging
Unmanaged and ungoverned APIs are on the
rise
Mary
Architect
* Gartner report on API management and security, 2022
I want to:
move away from manually maintaining and enforcing governance
standards
Continuously evolving standards
>50%
APIs would go
unmanaged by 2025*
I don’t want to:
add new review steps and add friction to development lifecycle
Development overheads
I want to:
know which APIs are not adhering to quality, compliance and
security requirements
Ungoverned APIs
Gain consistent
security &
quality

Operating in hybrid/multi cloud environments
is inconsistent, complex and tough to secure
API developer
Siloed rules & standards
Different rules across
teams, maintained in text
docs or source code
Friction in adopting
governance standards
Additional review cycles
slowing development,
adding process overheads
Security and compliance
vulnerabilities
Unmanaged and
unsecured APIs sprawling
across diverse platforms
API specification

Architect / C4E
Design Best Practices
and Standards
Good practices in API
design are reflected in
static documents
Friction with API
developers in adopting
new governance
standards
Since they remain in
documents, the
evangelisation of them is
often hard.
Security and compliance
vulnerabilities
Unmanaged and
unsecured APIs sprawling
across diverse platforms
API specification Best
Practices

Security team
API sprawl across
platforms
Limited visibility into
existing APIs produced
and adopted
Manual processes that
do not scale
Compliance is dependent
on manual validations
Multiple environments &
management consoles
Inconsistent security and
potential risk exposure with
unprotected APIs
Governance rules

How API Governance benefits each
person?

Operationalize API governance
Govern every API to comply with industry regulations
and internal standards without friction
Improve API conformance continuously
Identify APIs not conforming to quality standards in a
glance and notify owners seamlessly
Enable developers to maintain speed
Self-serve governance rules and automate
validations in API Designer or through CI/CD
10
Anypoint API Governance
Gain consistent security and quality without sacrificing development speed

API developer
Empower developers to maintain compliance and speed
Self-serve & access rules
from Exchange
Apply standards on any
API definition
Identify & resolve
conformance issues
Automate validations by
integrating with CI/CD
pipelines
Extensible rules based on
open standards (W3C,
OPA)

Architect / C4E
Empower developers to maintain compliance and speed
Create and maintain good
practices in the rulesets
Apply standards on any
API definition
automatically
Easy enablement of the
new standards
Improved communication
between all API
stakeholders through the
notification system
Ensure the application of
quality controls

Security team
Empower security teams to operationalize governance
Gain consistent quality &
security
Ensure conformance to
industry & internal
regulations
Observe overall
conformance from a single
place
Notify & remediate issues
seamlessly
Automatically govern new
APIs

RuleSets
Out of the Box and with customization capabilities
Profiles
Allows API design rules to be adapted to the API Owner's
requirements
Tagging
Allows API design rules to be adapted to the API type
Notification System
Allows API stakeholders to be kept up to date
Stepwise process
The implementation of this API governance system should be
applied progressively
15
Key points

The best way to maintaining quality, security and development speed
Out of the box Rulesets
Mary
Architect
Gain consistent
security &
quality

The best way to stakeholders API design customizations
Custom Rulesets
Mary
Architect
Gain consistent
security &
quality
Create
Validate
Publish
Apply
Review
Custom
Rulesets

19
● Meetup Madrid - Novedades MuleSoft - 29 de abril de 2022
○ https://www.youtube.com/watch?v=juW4yDAI_m
● Documentación oficial MuleSoft
○ https://www.mulesoft.com/platform/api/governance-anypoint
○ https://docs.mulesoft.com/anypoint-cli/3.x/api-governance
● Otros:
○ http://standards.rest/
○ https://a.ml/docs/amf/what_is_amf/
○ https://aml-org.github.io/aml-spec/vocabularies/
○ https://github.com/aml-org/amf-custom-validator/blob/develop/docs/validation_tutorial/validation.md
○ https://amf-model-playground.herokuapp.com/
○ https://www.npmjs.com/package/amf-client-js
○ https://github.com/aml-org/amf-custom-validator
Referencias:

API Governance - Initial SetUp

Comandos para la publicación de Custom
rulesets
• PREMISAS:
a. El fichero meetup_custom_ruleset.yaml contiene el conjunto de reglas Custom a publicar para su uso en el
Exchange.
b. Tenemos creado un profile Anypoint en nuestro fichero de profiles (carpeta .anypoint archivo credentials)
c. Estamos ubicados en la carpeta que contiene el archivo meetup_custom_ruleset.yaml
d. Estamos en una consola Unix con zip y anypoint-cli instalado.
• COMANDOS (ubicados en el fichero de link de github, RULESETS/Comandos publicacion Rulesets en Exchange.txt
a. export ANYPOINT_PROFILE="Meetup Madrid"
b. anypoint-cli governance ruleset validate ./meetup_custom_ruleset.yaml
c. anypoint-cli governance document ./meetup_custom_ruleset.yaml ./meetup_custom_ruleset.doc.zip
d. zip -u –b . meetup_custom_ruleset.zip ./meetup_custom_ruleset.yaml
e. anypoint-cli exchange asset uploadv2 --name ‘Meetup Custom rulesets’--description ‘Meetup Custom rulesets
Example’ --properties.mainFile meetup_custom_ruleset.yaml --files.ruleset.zip ./meetup_custom_ruleset.zip
9a8fb867-3710-41b1-8fed-bb6dd20a794b/meetup-custom-ruleset-asset/1.0.0 --files.docs.zip
./meetup_custom_ruleset.doc.zip
Link: https://github.com/josegardu/MuleSoft-Meetup-Madrid

Ejemplo aplicación API governance en flujo
CI/CD
• PREMISAS:
a. Prueba en GitHub actions y api de ejemplo orders-api.zip.
b. Disponemos de un workflow de validación de API Spec – 1 – CI API governance validation
c. El resto de workflows están encadenados y condicionados en su disparo.
d. Tenemos creados unos secretos en GitHub secrets, al menos los siguientes:

Ejemplo aplicación API governance en flujo
CI/CD
• CONTENIDO fichero asociado a Workflow “1 – CI-API governance validation”:

36
● Introduction
● Anypoint Governance
● Anypoint Flex Gateway
● Questions
Agenda

37
●Acerca del organizador:
○ Barcelona MuleSoft Meetup Leader
○ Solutions Architect
○ MuleSoft Certified Developer
○ MuleSoft Certified Platform Architect
Introduction Flavio Natale

39
●About the organizer:
○ MuleSoft Ambassador
○ MuleSoft Meetup Leader Barcelona
○ Architect @Cognizant
○ 3xMule Certifications
○ Delivery Champion
○ GoToMarket Champion
●About Cognizant:
○ Cognizant is a global system integrator
○ Founded in 1994. It has 340.000 employees
○ More than 250 Mule projects
○ More than 1.000 MuleSoft certified consultants
Introductions

40
● Designed to manage and
secure any API, built
anywhere
● Ultrafast. Delivers the
performance required for the
most demanding applications
● Built to integrate seamlessly
with DevOps and CI/CD
workflows,
● Manage any service across
any architecture —
microservices to monolith
● Gateway that can be
deployed anywhere, including
cloud-native and
containerized environments.
What is Anypoint Flex Gateway

41
Flex Gateway
• Anypoint Flex Gateway is an ultrafast API gateway
designed to manage and secure APIs running
anywhere. Built to seamlessly integrate with
DevOps and CI/CD workflows, Anypoint Flex
Gateway delivers the performance required for the
most demanding applications and microservices
while providing enterprise security and
manageability across any environment.
Mule Gateway
• Mule Runtime includes an embedded API Gateway.
Using this gateway, any user can, for example,
apply a basic authentication policy on top of a Mule
application or enrich an incoming/outgoing
message, without having to write any code.
Anypoint Service Mesh
• Anypoint Service Mesh enables you to extend
Anypoint Platform API Management capabilities to
your Istio service mesh through the deployment of
a Mule Adapter. Once installed, you can manage
and secure your distributed applications running
within your Istio service mesh seamlessly from a
single pane.
MuleSoft Gateways offering

42
MuleSoft Runtime vs Flex
 MuleSoft Runtime license is based on
vCores and Flex in API calls (i.e. packages
of 100 M)
 In MuleSoft Runtime, typically a container
executes just one API. In Flex, the same
Gateway hosts lots of APIs.
 Flex is designed to talk to back-ends that
already expose HTTP traffic.
 Flex is not designed to do transformations,
proprietary connections to backends like
SAP, send files to FTP servers, etc.
 Not all the policies of MuleSoft Runtime
already work today in Flex
 MuleSoft Runtime polices are written as
Mule flows. Flex policies are written in
languages like Rust.

43
Deployment patterns - Modes

44
Kubectl
• kubectl is a client for the Kubernetes API.
• kubectl is your cockpit to control Kubernetes.
• It allows you to perform every possible Kubernetes
operation.
Helm
• Helm helps you manage Kubernetes applications
• Helm Charts help you define, install, and upgrade
even the most complex Kubernetes application.
• Charts are easy to create, version, share, and publish.
Kubernetes setup (Token, Connected) - Tools

45
Create a cluster Register flex gateway
Create K8S
namespace
Create K8S secret
using UUIDs
Add Flex Helm
repository
Update Helm
repository
Install helm chart in
gateway namespace
Kubernetes setup (Token, Connected) - Steps
k3d cluster create flex-gateway-1 …
docker run --entrypoint flexctl -w /registration …
kubectl create namespace gateway
kubectl -n gateway create secret generic …
helm repo add flex-gateway …
helm -n gateway
upgrade …
helm repo up

46
● At the heart of Anypoint Flex / Envoy proxy lies a variety of filters that provide features such as
network routing, observability and security:
Flex custom policies
● Those filters can be written in C++, Lua, or WASM (Web Assembly). WASM filters can be written
in languages like Rust.

47
● An Envoy Wasm filter is a C++ filter that “translates” Envoy internal C++ API to a Wasm engine
via the Wasm ABI (Abstract Binary Interface ). Envoy supports Wasm filters for both the network
pipeline as well as the HTTP pipeline (HTTP filters).
Flex custom policies – Wasm filters

48
● SDK provided base classes:
Flex custom policies – Proxy Wasm SDK

49
Flex custom policies – Example of policy
?

Madrid MuleSoft Meetup #11.pptx

More Related Content

Similar to Madrid MuleSoft Meetup #11.pptx (20)

More from jorgelebrato (6)

Recently uploaded (20)

Madrid MuleSoft Meetup #11.pptx