SlideShare a Scribd company logo
June 2022
Madrid MuleSoft Meetup #11
API Governance & Flex Gateway
2
● Introducciones
● API Governance
● Demo
● Anypoint Flex Gateway
● Demo
● Sorteo
● Mesa redonda
Agenda
Evolution of MuleSoft’s APIM offering
Accelerate
application
delivery
Implement
modern
architectures
Update Update
New
API Governance
Ensure consistent quality & conformance
API Manager
Manage any service consistently
Gain
consistent
security &
quality
Flex Gateway
Ultrafast gateway for APIs running anywhere
API Design Center
Diverse protocol support
Anypoint Platform CLI
Discover and use non-Mule APIs
Anypoint Exchange
Consolidate all APIs into a single place
API Community Manager
Build and engage your API communities
API Experience Hub
Build developer portals in minutes
Create vibrant
API
ecosystems
New Update
H2, ‘22
Developer
API owner
Architect
API PM
What is the need to govern APIs?
Maintaining quality, security and development speed at the same time is challenging
Unmanaged and ungoverned APIs are on the
rise
Mary
Architect
* Gartner report on API management and security, 2022
I want to:
move away from manually maintaining and enforcing governance
standards
Continuously evolving standards
>50%
APIs would go
unmanaged by 2025*
I don’t want to:
add new review steps and add friction to development lifecycle
Development overheads
I want to:
know which APIs are not adhering to quality, compliance and
security requirements
Ungoverned APIs
Gain consistent
security &
quality
Operating in hybrid/multi cloud environments
is inconsistent, complex and tough to secure
API developer
Siloed rules & standards
Different rules across
teams, maintained in text
docs or source code
Friction in adopting
governance standards
Additional review cycles
slowing development,
adding process overheads
Security and compliance
vulnerabilities
Unmanaged and
unsecured APIs sprawling
across diverse platforms
API specification
Operating in hybrid/multi cloud environments
is inconsistent, complex and tough to secure
Architect / C4E
Design Best Practices
and Standards
Good practices in API
design are reflected in
static documents
Friction with API
developers in adopting
new governance
standards
Since they remain in
documents, the
evangelisation of them is
often hard.
Security and compliance
vulnerabilities
Unmanaged and
unsecured APIs sprawling
across diverse platforms
API specification Best
Practices
Operating in hybrid/multi cloud environments
is inconsistent, complex and tough to secure
Security team
API sprawl across
platforms
Limited visibility into
existing APIs produced
and adopted
Manual processes that
do not scale
Compliance is dependent
on manual validations
Multiple environments &
management consoles
Inconsistent security and
potential risk exposure with
unprotected APIs
Governance rules
How API Governance benefits each
person?
Operationalize API governance
Govern every API to comply with industry regulations
and internal standards without friction
Improve API conformance continuously
Identify APIs not conforming to quality standards in a
glance and notify owners seamlessly
Enable developers to maintain speed
Self-serve governance rules and automate
validations in API Designer or through CI/CD
10
Anypoint API Governance
Gain consistent security and quality without sacrificing development speed
API developer
Anypoint API Governance
Empower developers to maintain compliance and speed
Self-serve & access rules
from Exchange
Apply standards on any
API definition
Identify & resolve
conformance issues
Automate validations by
integrating with CI/CD
pipelines
Extensible rules based on
open standards (W3C,
OPA)
Architect / C4E
Anypoint API Governance
Empower developers to maintain compliance and speed
Create and maintain good
practices in the rulesets
Apply standards on any
API definition
automatically
Easy enablement of the
new standards
Improved communication
between all API
stakeholders through the
notification system
Ensure the application of
quality controls
Security team
Anypoint API Governance
Empower security teams to operationalize governance
Gain consistent quality &
security
Ensure conformance to
industry & internal
regulations
Observe overall
conformance from a single
place
Notify & remediate issues
seamlessly
Automatically govern new
APIs
API Governance Key points
RuleSets
Out of the Box and with customization capabilities
Profiles
Allows API design rules to be adapted to the API Owner's
requirements
Tagging
Allows API design rules to be adapted to the API type
Notification System
Allows API stakeholders to be kept up to date
Stepwise process
The implementation of this API governance system should be
applied progressively
15
Anypoint API Governance
Key points
The best way to maintaining quality, security and development speed
Out of the box Rulesets
Mary
Architect
Gain consistent
security &
quality
The best way to stakeholders API design customizations
Custom Rulesets
Mary
Architect
Gain consistent
security &
quality
Create
Validate
Publish
Apply
Review
Custom
Rulesets
Live demo
19
● Meetup Madrid - Novedades MuleSoft - 29 de abril de 2022
○ https://www.youtube.com/watch?v=juW4yDAI_m
● Documentación oficial MuleSoft
○ https://www.mulesoft.com/platform/api/governance-anypoint
○ https://docs.mulesoft.com/anypoint-cli/3.x/api-governance
● Otros:
○ http://standards.rest/
○ https://a.ml/docs/amf/what_is_amf/
○ https://aml-org.github.io/aml-spec/vocabularies/
○ https://github.com/aml-org/amf-custom-validator/blob/develop/docs/validation_tutorial/validation.md
○ https://amf-model-playground.herokuapp.com/
○ https://www.npmjs.com/package/amf-client-js
○ https://github.com/aml-org/amf-custom-validator
Referencias:
Thank you
API Governance - Initial SetUp
Initial SetUp
Initial SetUp
Initial SetUp
Initial SetUp
Initial SetUp
Initial SetUp
Initial SetUp
Initial SetUp
Initial SetUp
Initial SetUp
Initial SetUp
Comandos para la publicación de Custom
rulesets
• PREMISAS:
a. El fichero meetup_custom_ruleset.yaml contiene el conjunto de reglas Custom a publicar para su uso en el
Exchange.
b. Tenemos creado un profile Anypoint en nuestro fichero de profiles (carpeta .anypoint archivo credentials)
c. Estamos ubicados en la carpeta que contiene el archivo meetup_custom_ruleset.yaml
d. Estamos en una consola Unix con zip y anypoint-cli instalado.
• COMANDOS (ubicados en el fichero de link de github, RULESETS/Comandos publicacion Rulesets en Exchange.txt
a. export ANYPOINT_PROFILE="Meetup Madrid"
b. anypoint-cli governance ruleset validate ./meetup_custom_ruleset.yaml
c. anypoint-cli governance document ./meetup_custom_ruleset.yaml ./meetup_custom_ruleset.doc.zip
d. zip -u –b . meetup_custom_ruleset.zip ./meetup_custom_ruleset.yaml
e. anypoint-cli exchange asset uploadv2 --name ‘Meetup Custom rulesets’--description ‘Meetup Custom rulesets
Example’ --properties.mainFile meetup_custom_ruleset.yaml --files.ruleset.zip ./meetup_custom_ruleset.zip
9a8fb867-3710-41b1-8fed-bb6dd20a794b/meetup-custom-ruleset-asset/1.0.0 --files.docs.zip
./meetup_custom_ruleset.doc.zip
Link: https://github.com/josegardu/MuleSoft-Meetup-Madrid
Ejemplo aplicación API governance en flujo
CI/CD
• PREMISAS:
a. Prueba en GitHub actions y api de ejemplo orders-api.zip.
b. Disponemos de un workflow de validación de API Spec – 1 – CI API governance validation
c. El resto de workflows están encadenados y condicionados en su disparo.
d. Tenemos creados unos secretos en GitHub secrets, al menos los siguientes:
Link: https://github.com/josegardu/MuleSoft-Meetup-Madrid
Ejemplo aplicación API governance en flujo
CI/CD
• CONTENIDO fichero asociado a Workflow “1 – CI-API governance validation”:
Link: https://github.com/josegardu/MuleSoft-Meetup-Madrid
36
● Introduction
● Anypoint Governance
● Anypoint Flex Gateway
● Questions
Agenda
37
●Acerca del organizador:
○ Barcelona MuleSoft Meetup Leader
○ Solutions Architect
○ MuleSoft Certified Developer
○ MuleSoft Certified Platform Architect
Introduction Flavio Natale
Flex Gateway
39
●About the organizer:
○ MuleSoft Ambassador
○ MuleSoft Meetup Leader Barcelona
○ Architect @Cognizant
○ 3xMule Certifications
○ Delivery Champion
○ GoToMarket Champion
●About Cognizant:
○ Cognizant is a global system integrator
○ Founded in 1994. It has 340.000 employees
○ More than 250 Mule projects
○ More than 1.000 MuleSoft certified consultants
Introductions
40
● Designed to manage and
secure any API, built
anywhere
● Ultrafast. Delivers the
performance required for the
most demanding applications
● Built to integrate seamlessly
with DevOps and CI/CD
workflows,
● Manage any service across
any architecture —
microservices to monolith
● Gateway that can be
deployed anywhere, including
cloud-native and
containerized environments.
What is Anypoint Flex Gateway
41
Flex Gateway
• Anypoint Flex Gateway is an ultrafast API gateway
designed to manage and secure APIs running
anywhere. Built to seamlessly integrate with
DevOps and CI/CD workflows, Anypoint Flex
Gateway delivers the performance required for the
most demanding applications and microservices
while providing enterprise security and
manageability across any environment.
Mule Gateway
• Mule Runtime includes an embedded API Gateway.
Using this gateway, any user can, for example,
apply a basic authentication policy on top of a Mule
application or enrich an incoming/outgoing
message, without having to write any code.
Anypoint Service Mesh
• Anypoint Service Mesh enables you to extend
Anypoint Platform API Management capabilities to
your Istio service mesh through the deployment of
a Mule Adapter. Once installed, you can manage
and secure your distributed applications running
within your Istio service mesh seamlessly from a
single pane.
MuleSoft Gateways offering
42
MuleSoft Runtime vs Flex
 MuleSoft Runtime license is based on
vCores and Flex in API calls (i.e. packages
of 100 M)
 In MuleSoft Runtime, typically a container
executes just one API. In Flex, the same
Gateway hosts lots of APIs.
 Flex is designed to talk to back-ends that
already expose HTTP traffic.
 Flex is not designed to do transformations,
proprietary connections to backends like
SAP, send files to FTP servers, etc.
 Not all the policies of MuleSoft Runtime
already work today in Flex
 MuleSoft Runtime polices are written as
Mule flows. Flex policies are written in
languages like Rust.
43
Deployment patterns - Modes
44
Kubectl
• kubectl is a client for the Kubernetes API.
• kubectl is your cockpit to control Kubernetes.
• It allows you to perform every possible Kubernetes
operation.
Helm
• Helm helps you manage Kubernetes applications
• Helm Charts help you define, install, and upgrade
even the most complex Kubernetes application.
• Charts are easy to create, version, share, and publish.
Kubernetes setup (Token, Connected) - Tools
45
Create a cluster Register flex gateway
Create K8S
namespace
Create K8S secret
using UUIDs
Add Flex Helm
repository
Update Helm
repository
Install helm chart in
gateway namespace
Kubernetes setup (Token, Connected) - Steps
k3d cluster create flex-gateway-1 …
docker run --entrypoint flexctl -w /registration …
kubectl create namespace gateway
kubectl -n gateway create secret generic …
helm repo add flex-gateway …
helm -n gateway
upgrade …
helm repo up
46
● At the heart of Anypoint Flex / Envoy proxy lies a variety of filters that provide features such as
network routing, observability and security:
Flex custom policies
● Those filters can be written in C++, Lua, or WASM (Web Assembly). WASM filters can be written
in languages like Rust.
47
● An Envoy Wasm filter is a C++ filter that “translates” Envoy internal C++ API to a Wasm engine
via the Wasm ABI (Abstract Binary Interface ). Envoy supports Wasm filters for both the network
pipeline as well as the HTTP pipeline (HTTP filters).
Flex custom policies – Wasm filters
48
● SDK provided base classes:
Flex custom policies – Proxy Wasm SDK
49
Flex custom policies – Example of policy
?
Flex demo
Q&A
Toss-up
Discussion Table
Thank you

More Related Content

PPTX
MuleSoft Meetup June 2022 - Munich, Germany
MulesoftMunichMeetup
 
PPTX
Manchester MuleSoft Meetup #8 - 28 Sept.pptx
Akshata Sawant
 
PDF
WSO2 User Group Bangalore Meetup
WSO2
 
PDF
Practical Data Mesh: Building Decentralized Data Architectures with Event Str...
Harshana Martin
 
PDF
Practical Data Mesh: Building Decentralized Data Architectures with Event Stream
Eva Mave Ng
 
PDF
Melbourne Virtual MuleSoft Meetup June 2022
Daniel Soffner
 
PDF
MuleSoft Surat Meetup#41 - Universal API Management, Anypoint Flex Gateway an...
Jitendra Bafna
 
PPTX
London-MuleSoft-Meetup-April-19-2023
AnuragSharma900
 
MuleSoft Meetup June 2022 - Munich, Germany
MulesoftMunichMeetup
 
Manchester MuleSoft Meetup #8 - 28 Sept.pptx
Akshata Sawant
 
WSO2 User Group Bangalore Meetup
WSO2
 
Practical Data Mesh: Building Decentralized Data Architectures with Event Str...
Harshana Martin
 
Practical Data Mesh: Building Decentralized Data Architectures with Event Stream
Eva Mave Ng
 
Melbourne Virtual MuleSoft Meetup June 2022
Daniel Soffner
 
MuleSoft Surat Meetup#41 - Universal API Management, Anypoint Flex Gateway an...
Jitendra Bafna
 
London-MuleSoft-Meetup-April-19-2023
AnuragSharma900
 

Similar to Madrid MuleSoft Meetup #11.pptx (20)

PPTX
27th Hyderabad MuleSoft Meetup
MuleSoft Meetups
 
PPTX
API LifeCycle Management
MuleSoft Meetups
 
PPTX
London MuleSoft Meetup
Akshata Sawant
 
PDF
API Management within a Microservice Architecture
WSO2
 
PPTX
API Management Within a Microservices Architecture
Nadeesha Gamage
 
PDF
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
WSO2
 
PPTX
First Caracas MuleSoft Meetup Slides
Fernando Silva
 
PDF
[Workshop] Managing the API lifecycle with Open Source Technologies
WSO2
 
PPTX
Azure DevOps Pipeline setup for Mule APIs #36
MysoreMuleSoftMeetup
 
PDF
Perth MeetUp June 2023
Michael Price
 
PDF
MuleSoft Surat Meetup#45 - Anypoint Flex Gateway as a Kubernetes Ingress Cont...
Jitendra Bafna
 
PDF
Day 1 axway apim-training
Nextel Telecomunicações
 
PDF
5 Pillars of Building Enterprise0grade APIs
WSO2
 
PDF
Singapore MuleSoft Meetup - 24 Aug 2022
Royston Lobo
 
PDF
The Ultimate Guide_ 15 Best Continuous Testing Tools in 2024.pdf
flufftailshop
 
PDF
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Weaveworks
 
PPTX
Exploring Universal API Management And Flex Gateway
shyamraj55
 
PPTX
Bhopal Mulesoft Meetup 5 -Universal-API-Management
Preetam Deshmukh
 
PPTX
Bhopal Mulesoft Meetup 5 -Universal-API-Management (4).pptx
Shekh Muenuddeen
 
PPTX
13th Manila MuleSoft Meetup Sept 2022
Ryan Anthony Andal
 
27th Hyderabad MuleSoft Meetup
MuleSoft Meetups
 
API LifeCycle Management
MuleSoft Meetups
 
London MuleSoft Meetup
Akshata Sawant
 
API Management within a Microservice Architecture
WSO2
 
API Management Within a Microservices Architecture
Nadeesha Gamage
 
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
WSO2
 
First Caracas MuleSoft Meetup Slides
Fernando Silva
 
[Workshop] Managing the API lifecycle with Open Source Technologies
WSO2
 
Azure DevOps Pipeline setup for Mule APIs #36
MysoreMuleSoftMeetup
 
Perth MeetUp June 2023
Michael Price
 
MuleSoft Surat Meetup#45 - Anypoint Flex Gateway as a Kubernetes Ingress Cont...
Jitendra Bafna
 
Day 1 axway apim-training
Nextel Telecomunicações
 
5 Pillars of Building Enterprise0grade APIs
WSO2
 
Singapore MuleSoft Meetup - 24 Aug 2022
Royston Lobo
 
The Ultimate Guide_ 15 Best Continuous Testing Tools in 2024.pdf
flufftailshop
 
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Weaveworks
 
Exploring Universal API Management And Flex Gateway
shyamraj55
 
Bhopal Mulesoft Meetup 5 -Universal-API-Management
Preetam Deshmukh
 
Bhopal Mulesoft Meetup 5 -Universal-API-Management (4).pptx
Shekh Muenuddeen
 
13th Manila MuleSoft Meetup Sept 2022
Ryan Anthony Andal
 
Ad

More from jorgelebrato (6)

PPTX
Exchange, Entra ID, Conectores, RAML: Todo, a la vez, en todas partes
jorgelebrato
 
PPTX
Meetup Madrid 6 Marzo 2024 - MuleSoft en el mundo real: ejemplos de casos de ...
jorgelebrato
 
PPTX
Level Up your API Comunity #15.pptx
jorgelebrato
 
PDF
Entiende y mejora tu estrategia B2B con Partner Manager - MuleSoft Madrid Mee...
jorgelebrato
 
PPTX
[Madrid-Meetup Octubre 22] Seguridad fuerte como el vinagre de Jerez. Políti...
jorgelebrato
 
PPTX
[Madrid-Meetup April 22] UAPIM.pptx
jorgelebrato
 
Exchange, Entra ID, Conectores, RAML: Todo, a la vez, en todas partes
jorgelebrato
 
Meetup Madrid 6 Marzo 2024 - MuleSoft en el mundo real: ejemplos de casos de ...
jorgelebrato
 
Level Up your API Comunity #15.pptx
jorgelebrato
 
Entiende y mejora tu estrategia B2B con Partner Manager - MuleSoft Madrid Mee...
jorgelebrato
 
[Madrid-Meetup Octubre 22] Seguridad fuerte como el vinagre de Jerez. Políti...
jorgelebrato
 
[Madrid-Meetup April 22] UAPIM.pptx
jorgelebrato
 
Ad

Recently uploaded (20)

DOCX
Top AI API Alternatives to OpenAI: A Side-by-Side Breakdown
vilush
 
PDF
How Onsite IT Support Drives Business Efficiency, Security, and Growth.pdf
Captain IT
 
PDF
Enable Enterprise-Ready Security on IBM i Systems.pdf
Precisely
 
PDF
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
PDF
Make GenAI investments go further with the Dell AI Factory - Infographic
Principled Technologies
 
PDF
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
PDF
Cloud-Migration-Best-Practices-A-Practical-Guide-to-AWS-Azure-and-Google-Clou...
Artjoker Software Development Company
 
PDF
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
PDF
Building High-Performance Oracle Teams: Strategic Staffing for Database Manag...
SMACT Works
 
PDF
REPORT: Heating appliances market in Poland 2024
SPIUG
 
PPTX
Comunidade Salesforce São Paulo - Desmistificando o Omnistudio (Vlocity)
Francisco Vieira Júnior
 
PDF
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
PDF
CIFDAQ's Token Spotlight: SKY - A Forgotten Giant's Comeback?
CIFDAQ
 
PDF
This slide provides an overview Technology
mineshkharadi333
 
PDF
Advances in Ultra High Voltage (UHV) Transmission and Distribution Systems.pdf
Nabajyoti Banik
 
PDF
A Day in the Life of Location Data - Turning Where into How.pdf
Precisely
 
PDF
Accelerating Oracle Database 23ai Troubleshooting with Oracle AHF Fleet Insig...
Sandesh Rao
 
PDF
Doc9.....................................
SofiaCollazos
 
PPTX
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
PDF
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
Top AI API Alternatives to OpenAI: A Side-by-Side Breakdown
vilush
 
How Onsite IT Support Drives Business Efficiency, Security, and Growth.pdf
Captain IT
 
Enable Enterprise-Ready Security on IBM i Systems.pdf
Precisely
 
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
Make GenAI investments go further with the Dell AI Factory - Infographic
Principled Technologies
 
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
Cloud-Migration-Best-Practices-A-Practical-Guide-to-AWS-Azure-and-Google-Clou...
Artjoker Software Development Company
 
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
Building High-Performance Oracle Teams: Strategic Staffing for Database Manag...
SMACT Works
 
REPORT: Heating appliances market in Poland 2024
SPIUG
 
Comunidade Salesforce São Paulo - Desmistificando o Omnistudio (Vlocity)
Francisco Vieira Júnior
 
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
CIFDAQ's Token Spotlight: SKY - A Forgotten Giant's Comeback?
CIFDAQ
 
This slide provides an overview Technology
mineshkharadi333
 
Advances in Ultra High Voltage (UHV) Transmission and Distribution Systems.pdf
Nabajyoti Banik
 
A Day in the Life of Location Data - Turning Where into How.pdf
Precisely
 
Accelerating Oracle Database 23ai Troubleshooting with Oracle AHF Fleet Insig...
Sandesh Rao
 
Doc9.....................................
SofiaCollazos
 
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 

Madrid MuleSoft Meetup #11.pptx

  • 1. June 2022 Madrid MuleSoft Meetup #11 API Governance & Flex Gateway
  • 2. 2 ● Introducciones ● API Governance ● Demo ● Anypoint Flex Gateway ● Demo ● Sorteo ● Mesa redonda Agenda
  • 3. Evolution of MuleSoft’s APIM offering Accelerate application delivery Implement modern architectures Update Update New API Governance Ensure consistent quality & conformance API Manager Manage any service consistently Gain consistent security & quality Flex Gateway Ultrafast gateway for APIs running anywhere API Design Center Diverse protocol support Anypoint Platform CLI Discover and use non-Mule APIs Anypoint Exchange Consolidate all APIs into a single place API Community Manager Build and engage your API communities API Experience Hub Build developer portals in minutes Create vibrant API ecosystems New Update H2, ‘22 Developer API owner Architect API PM
  • 4. What is the need to govern APIs?
  • 5. Maintaining quality, security and development speed at the same time is challenging Unmanaged and ungoverned APIs are on the rise Mary Architect * Gartner report on API management and security, 2022 I want to: move away from manually maintaining and enforcing governance standards Continuously evolving standards >50% APIs would go unmanaged by 2025* I don’t want to: add new review steps and add friction to development lifecycle Development overheads I want to: know which APIs are not adhering to quality, compliance and security requirements Ungoverned APIs Gain consistent security & quality
  • 6. Operating in hybrid/multi cloud environments is inconsistent, complex and tough to secure API developer Siloed rules & standards Different rules across teams, maintained in text docs or source code Friction in adopting governance standards Additional review cycles slowing development, adding process overheads Security and compliance vulnerabilities Unmanaged and unsecured APIs sprawling across diverse platforms API specification
  • 7. Operating in hybrid/multi cloud environments is inconsistent, complex and tough to secure Architect / C4E Design Best Practices and Standards Good practices in API design are reflected in static documents Friction with API developers in adopting new governance standards Since they remain in documents, the evangelisation of them is often hard. Security and compliance vulnerabilities Unmanaged and unsecured APIs sprawling across diverse platforms API specification Best Practices
  • 8. Operating in hybrid/multi cloud environments is inconsistent, complex and tough to secure Security team API sprawl across platforms Limited visibility into existing APIs produced and adopted Manual processes that do not scale Compliance is dependent on manual validations Multiple environments & management consoles Inconsistent security and potential risk exposure with unprotected APIs Governance rules
  • 9. How API Governance benefits each person?
  • 10. Operationalize API governance Govern every API to comply with industry regulations and internal standards without friction Improve API conformance continuously Identify APIs not conforming to quality standards in a glance and notify owners seamlessly Enable developers to maintain speed Self-serve governance rules and automate validations in API Designer or through CI/CD 10 Anypoint API Governance Gain consistent security and quality without sacrificing development speed
  • 11. API developer Anypoint API Governance Empower developers to maintain compliance and speed Self-serve & access rules from Exchange Apply standards on any API definition Identify & resolve conformance issues Automate validations by integrating with CI/CD pipelines Extensible rules based on open standards (W3C, OPA)
  • 12. Architect / C4E Anypoint API Governance Empower developers to maintain compliance and speed Create and maintain good practices in the rulesets Apply standards on any API definition automatically Easy enablement of the new standards Improved communication between all API stakeholders through the notification system Ensure the application of quality controls
  • 13. Security team Anypoint API Governance Empower security teams to operationalize governance Gain consistent quality & security Ensure conformance to industry & internal regulations Observe overall conformance from a single place Notify & remediate issues seamlessly Automatically govern new APIs
  • 15. RuleSets Out of the Box and with customization capabilities Profiles Allows API design rules to be adapted to the API Owner's requirements Tagging Allows API design rules to be adapted to the API type Notification System Allows API stakeholders to be kept up to date Stepwise process The implementation of this API governance system should be applied progressively 15 Anypoint API Governance Key points
  • 16. The best way to maintaining quality, security and development speed Out of the box Rulesets Mary Architect Gain consistent security & quality
  • 17. The best way to stakeholders API design customizations Custom Rulesets Mary Architect Gain consistent security & quality Create Validate Publish Apply Review Custom Rulesets
  • 19. 19 ● Meetup Madrid - Novedades MuleSoft - 29 de abril de 2022 ○ https://www.youtube.com/watch?v=juW4yDAI_m ● Documentación oficial MuleSoft ○ https://www.mulesoft.com/platform/api/governance-anypoint ○ https://docs.mulesoft.com/anypoint-cli/3.x/api-governance ● Otros: ○ http://standards.rest/ ○ https://a.ml/docs/amf/what_is_amf/ ○ https://aml-org.github.io/aml-spec/vocabularies/ ○ https://github.com/aml-org/amf-custom-validator/blob/develop/docs/validation_tutorial/validation.md ○ https://amf-model-playground.herokuapp.com/ ○ https://www.npmjs.com/package/amf-client-js ○ https://github.com/aml-org/amf-custom-validator Referencias:
  • 21. API Governance - Initial SetUp
  • 33. Comandos para la publicación de Custom rulesets • PREMISAS: a. El fichero meetup_custom_ruleset.yaml contiene el conjunto de reglas Custom a publicar para su uso en el Exchange. b. Tenemos creado un profile Anypoint en nuestro fichero de profiles (carpeta .anypoint archivo credentials) c. Estamos ubicados en la carpeta que contiene el archivo meetup_custom_ruleset.yaml d. Estamos en una consola Unix con zip y anypoint-cli instalado. • COMANDOS (ubicados en el fichero de link de github, RULESETS/Comandos publicacion Rulesets en Exchange.txt a. export ANYPOINT_PROFILE="Meetup Madrid" b. anypoint-cli governance ruleset validate ./meetup_custom_ruleset.yaml c. anypoint-cli governance document ./meetup_custom_ruleset.yaml ./meetup_custom_ruleset.doc.zip d. zip -u –b . meetup_custom_ruleset.zip ./meetup_custom_ruleset.yaml e. anypoint-cli exchange asset uploadv2 --name ‘Meetup Custom rulesets’--description ‘Meetup Custom rulesets Example’ --properties.mainFile meetup_custom_ruleset.yaml --files.ruleset.zip ./meetup_custom_ruleset.zip 9a8fb867-3710-41b1-8fed-bb6dd20a794b/meetup-custom-ruleset-asset/1.0.0 --files.docs.zip ./meetup_custom_ruleset.doc.zip Link: https://github.com/josegardu/MuleSoft-Meetup-Madrid
  • 34. Ejemplo aplicación API governance en flujo CI/CD • PREMISAS: a. Prueba en GitHub actions y api de ejemplo orders-api.zip. b. Disponemos de un workflow de validación de API Spec – 1 – CI API governance validation c. El resto de workflows están encadenados y condicionados en su disparo. d. Tenemos creados unos secretos en GitHub secrets, al menos los siguientes: Link: https://github.com/josegardu/MuleSoft-Meetup-Madrid
  • 35. Ejemplo aplicación API governance en flujo CI/CD • CONTENIDO fichero asociado a Workflow “1 – CI-API governance validation”: Link: https://github.com/josegardu/MuleSoft-Meetup-Madrid
  • 36. 36 ● Introduction ● Anypoint Governance ● Anypoint Flex Gateway ● Questions Agenda
  • 37. 37 ●Acerca del organizador: ○ Barcelona MuleSoft Meetup Leader ○ Solutions Architect ○ MuleSoft Certified Developer ○ MuleSoft Certified Platform Architect Introduction Flavio Natale
  • 39. 39 ●About the organizer: ○ MuleSoft Ambassador ○ MuleSoft Meetup Leader Barcelona ○ Architect @Cognizant ○ 3xMule Certifications ○ Delivery Champion ○ GoToMarket Champion ●About Cognizant: ○ Cognizant is a global system integrator ○ Founded in 1994. It has 340.000 employees ○ More than 250 Mule projects ○ More than 1.000 MuleSoft certified consultants Introductions
  • 40. 40 ● Designed to manage and secure any API, built anywhere ● Ultrafast. Delivers the performance required for the most demanding applications ● Built to integrate seamlessly with DevOps and CI/CD workflows, ● Manage any service across any architecture — microservices to monolith ● Gateway that can be deployed anywhere, including cloud-native and containerized environments. What is Anypoint Flex Gateway
  • 41. 41 Flex Gateway • Anypoint Flex Gateway is an ultrafast API gateway designed to manage and secure APIs running anywhere. Built to seamlessly integrate with DevOps and CI/CD workflows, Anypoint Flex Gateway delivers the performance required for the most demanding applications and microservices while providing enterprise security and manageability across any environment. Mule Gateway • Mule Runtime includes an embedded API Gateway. Using this gateway, any user can, for example, apply a basic authentication policy on top of a Mule application or enrich an incoming/outgoing message, without having to write any code. Anypoint Service Mesh • Anypoint Service Mesh enables you to extend Anypoint Platform API Management capabilities to your Istio service mesh through the deployment of a Mule Adapter. Once installed, you can manage and secure your distributed applications running within your Istio service mesh seamlessly from a single pane. MuleSoft Gateways offering
  • 42. 42 MuleSoft Runtime vs Flex  MuleSoft Runtime license is based on vCores and Flex in API calls (i.e. packages of 100 M)  In MuleSoft Runtime, typically a container executes just one API. In Flex, the same Gateway hosts lots of APIs.  Flex is designed to talk to back-ends that already expose HTTP traffic.  Flex is not designed to do transformations, proprietary connections to backends like SAP, send files to FTP servers, etc.  Not all the policies of MuleSoft Runtime already work today in Flex  MuleSoft Runtime polices are written as Mule flows. Flex policies are written in languages like Rust.
  • 44. 44 Kubectl • kubectl is a client for the Kubernetes API. • kubectl is your cockpit to control Kubernetes. • It allows you to perform every possible Kubernetes operation. Helm • Helm helps you manage Kubernetes applications • Helm Charts help you define, install, and upgrade even the most complex Kubernetes application. • Charts are easy to create, version, share, and publish. Kubernetes setup (Token, Connected) - Tools
  • 45. 45 Create a cluster Register flex gateway Create K8S namespace Create K8S secret using UUIDs Add Flex Helm repository Update Helm repository Install helm chart in gateway namespace Kubernetes setup (Token, Connected) - Steps k3d cluster create flex-gateway-1 … docker run --entrypoint flexctl -w /registration … kubectl create namespace gateway kubectl -n gateway create secret generic … helm repo add flex-gateway … helm -n gateway upgrade … helm repo up
  • 46. 46 ● At the heart of Anypoint Flex / Envoy proxy lies a variety of filters that provide features such as network routing, observability and security: Flex custom policies ● Those filters can be written in C++, Lua, or WASM (Web Assembly). WASM filters can be written in languages like Rust.
  • 47. 47 ● An Envoy Wasm filter is a C++ filter that “translates” Envoy internal C++ API to a Wasm engine via the Wasm ABI (Abstract Binary Interface ). Envoy supports Wasm filters for both the network pipeline as well as the HTTP pipeline (HTTP filters). Flex custom policies – Wasm filters
  • 48. 48 ● SDK provided base classes: Flex custom policies – Proxy Wasm SDK
  • 49. 49 Flex custom policies – Example of policy ?
  • 51. Q&A