Akamai Deployment

Introduction

Darwinium can be configured to proxy web traffic at any Akamai Core Data Site. This enables you to perform decisioning at the edge from within the Akamai network.

Configuring Akamai requires an administrator with access to the Akamai Control Center and the ability to:

• Use Property Manager for your site.
• Create an Akamai Connected Cloud (Linode) personal Access token.

This guide assumes familiarity with your organization's Akamai configuration.

1. Enable Akamai Connected Cloud (Linode)

If you are not using this service already, contact your Akamai account manager in order to set up a Linode account with integrated billing with your existing account.

2. Generate a Linode Personal Access Token

Darwinium requires a single Linode Personal Access Token (PAT) which will be used to configure Linode Kubernetes Engine (LKE) clusters and associated resources. Your PAT needs the following permissions:

Go to Profile -> API Tokens Create a Personal Access Token

Please note that the PAT needs permissions for Linodes, Firewalls and NodeBalancers as Darwinium will configure recommended firewall rules for your installation.

Permissions

• Read/Write: Kubernetes
• Read/Write: Linodes
• Read/Write: Firewalls
• Read/Write: NodeBalancers

Expiry

All configuration actions performed on your Linode account by Darwinium use the PAT (including access to clusters, as we do not store your LKE clusters' kubeconfig files). This includes installing, reconfiguring and deleting clusters, as well as upgrades to Darwinium software.

However, it does not include updates to journeys deployed to your Darwinium installation, which are automatically delivered securely to your clusters.

You may wish to set an expiry on the Linode PAT provided to Darwinium, but you need to ensure that the PAT provided is valid when you perform any action such as those above that needs access to your Linode account.

For more information about Akamai Linode token, please check their docs.

Resources managed by Darwinium

Darwinium will create LKE clusters with the defined minimum and maximum autoscaling configuration corresponding to your cluster definitions. All Darwinium clusters have labels prefixed with dwn- and a tag prefixed with dwn-managed- . The LKE platform automatically manages Linodes that are part of each cluster.

Darwinium will also create a single NodeBalancer for traffic flowing to each LKE cluster, also with a tag prefixed with dwn-managed- .

Two Cloud Firewalls will be created. One will be assigned to the Linodes comprising your LKE clusters. This is configured with Linode recommended rules for LKE nodes and should not be changed. The second will be assigned to the NodeBalancers for your LKE clusters. You can configure inbound rules on this second firewall to restrict inbound traffic to your Darwinium installation.

When a cluster is deleted, the corresponding NodeBalancer will also be deleted. When all clusters are deleted, the Cloud Firewalls will also be deleted.

Please do not edit the labels or any existing tags on Darwinium managed resources in Linode.

3. Configure Akamai Deployment Target in Darwinium

In Darwinium portal, go to Setting and then Edge Deployment.

Add a Target

Click + Add Target and we can set the Target Name (please note, you cannot rename Akamai targets once created) and Choose Akamai for the CDN vendor. Linode Personal Access Token is mandatory to let Aphex can operate with Akamai Linode API.

Set Linode Personal Access Token

Enter Linode Personal Access Token into the labelled box

Click “Update user secrets”, it’ll create basic information that is necessary for next steps as following.

Please confirm the creation of the new target by clicking the "Update" on the bottom right of the window.

Configure Valid origins - linode

There are various domain names used in Akamai Linode

• Edge domain: This is the domain name of your website as visible to an end-user's website, which is served through Akamai edge.
• Origin domain: this is your origin domain that Akamai currently forwards requests to, Darwinium will forward requests to this domain.
• Cluster Load Balancer Hostname: where there is a request that that needs to be processed via Darwinium, it should be forwarded to this address.

Please “Save changes” after you add or remove any origins.

Configure Manage Clusters - linode

You can create or remove Akamai Linode clusters in the “Manage Clusters” section.

To create a cluster, we can “Add Cluster” and fill some basic information.

• It is possible to create multiple clusters across different region, with each cluster, we suggest minimal nodes >= 3 to take full advantage of High Availability
• Darwinium will configure auto-scale according to current load till the max nodes be used, so set a relative big enough Max nodes will make sure service.
• The standard node type Darwinium supporting g6-standard-1 have 1 CPU and 2G memory

To remove a cluster, simply click the remove button next to the clusters.

The clusters you created or removed are not reflected on your Akamai yet. You need to click “Sync Cluster Changes” to sync the changes to your Akamai. If you change your mind, you can close the window now to discard the changes.

Once you start syncing, we will:

Create/Delete Linode clusters on your Akamai

Install Darwinium services to your Linodes

You will see messages on the screen or pop-up notifications about the current progress. You can leave the entire page anytime and come back later, the progress will resume.

You may encounter errors. To protect your privacy, we don’t show the entire stack trace of the error, instead, we show you an error message with a UUID. Please contact support with that UUID so we can look into the details and help you out.

Once the Linode cluster created and Darwinium service deployment are both completed, you’ll see a success notification. Once the “Load balancer” of the cluster has value, the cluster will now be running and ready to process requests.

At this point, we recommend you set up a simple journey and step with a trigger configured on a URL within your website in order to test the later configuration.
See Creating and Editing Steps for information.

4. Deployment

Update journeys.yaml

Go to the Workflows tab, add the information of the new target to the journeys.yaml of the node, and configure the journeys. Once you’re done with the editing, commit and push. (Phoenix: this is a general step for all vendor types, perhaps we could create a separate doc for this)

Node Deployment

Go back to the Admin - Nodes page, enter node deployment:

You should see a build you just pushed, hit Deploy to start deploying your node with the latest journeys.ymal. Once the deployment is completed with the message “Deployment Succeeded”, your mission on the Darwinium side is all completed and the node is ready to use.

5. Configure Akamai Edge

Open Property Manager in Akamai Control Centre (Go to CDN -> Properties, select appropriate Property Group and Property for your edge hostname then select an appropriate version).

Origin Redirect Rule

Create a new Blank Rule Template

You may name this rule whatever you want.

Inside this template add a condition to route appropriate paths to Darwinium. These paths should match the "Trigger" section of the proxy steps in your Darwinium Journey (see Creating and Editing Steps).

Next configure your new Cluster Load Balancer Hostname as the origin for these paths.
Select + Behavior -> Standard Property Behaviour -> Origin to add an origin behaviour.

For certificate matching, you must use your Node Subdomain from Darwinium Portal Admin -> Nodes as the Common Name to match against.
Assuming Step 3 is complete, you may use Add Certificate -> Retrieve from Hostname and enter your Cluster Load Balancer Hostname to automatically pin against the correct certificate.

Finally, add a behaviour to disable caching for these paths.
Select + Behavior -> Standard Property Behaviour -> Caching.
Then select Bypass Cache.

Testing

Deploy your new properties to Akamai's Staging network.
Follow these these instrucitons to test your site in a staging environment.
After visiting a link with both a Darwinium Step and an entry in your rule's Criteria, visit Investigations -> Query in the Darwinium portal. Press "search" without a condition to show all events. You should see your new event displayed.

Congratulations

If your event displays correctly and your site runs as expected, consider deploying your edge properties to production.

Congratulations, you have successfully set up Darwinium on your Akamai website.