Akamai Deployment

Introduction

Darwinium can be configured to proxy web traffic at any Akamai Core Data Site. This enables you to perform decisioning at the edge from within the Akamai network.

Configuring Akamai requires an administrator with access to the Akamai Control Center and the ability to:

• Use Property Manager for your site.
• Create an Akamai Connected Cloud (Linode) personal Access token.

This guide assumes familiarity with your organization's Akamai configuration.

1. Enable Akamai Connected Cloud (Linode)

If you are not using this service already, contact your Akamai account manager in order to set up a Linode account with integrated billing with your existing account.

2. Generate a Linode Personal Access Token

Darwinium requires a single Linode Personal Access Token (PAT) which will be used to configure Linode Kubernetes Engine (LKE) clusters and associated resources. Your PAT needs the following permissions:

Go to Profile -> API Tokens Create a Personal Access Token

Please note that the PAT needs permissions for Linodes, Firewalls and NodeBalancers as Darwinium will configure recommended firewall rules for your installation.

Permissions

• Read/Write: Kubernetes
• Read/Write: Linodes
• Read/Write: Firewalls
• Read/Write: NodeBalancers

Expiry

All configuration actions performed on your Linode account by Darwinium use the PAT (including access to clusters, as we do not store your LKE clusters' kubeconfig files). This includes installing, reconfiguring and deleting clusters, as well as upgrades to Darwinium software.

However, it does not include updates to journeys deployed to your Darwinium installation, which are automatically delivered securely to your clusters.

You may wish to set an expiry on the Linode PAT provided to Darwinium, but you need to ensure that the PAT provided is valid when you perform any action such as those above that needs access to your Linode account.

Resources managed by Darwinium

Darwinium will create LKE clusters with the defined minimum and maximum autoscaling configuration corresponding to your cluster definitions. All Darwinium clusters have labels prefixed with dwn- and a tag prefixed with dwn-managed- . The LKE platform automatically manages Linodes that are part of each cluster.

Darwinium will also create a single NodeBalancer for traffic flowing to each LKE cluster, also with a tag prefixed with dwn-managed- .

Two Cloud Firewalls will be created. One will be assigned to the Linodes comprising your LKE clusters. This is configured with Linode recommended rules for LKE nodes and should not be changed. The second will be assigned to the NodeBalancers for your LKE clusters. You can configure inbound rules on this second firewall to restrict inbound traffic to your Darwinium installation.

When a cluster is deleted, the corresponding NodeBalancer will also be deleted. When all clusters are deleted, the Cloud Firewalls will also be deleted.

Please do not edit the labels or any existing tags on Darwinium managed resources in Linode.

3. Configure Akamai Deployment Target in Darwinium

In Darwinium portal, go to Setting and then Edge Deployment.

Add a Target

Click + Add Target and we can set the Target Name and Choose Akamai for the CDN vendor. Linode Personal Access Token is mandatory to let Aphex can operate with Akamai Linode API.

Set Linode Personal Access Token

Enter Linode Personal Access Token into the labelled box

Click “Update user secrets”, it’ll create basic information that is necessary for next steps as following.

Configure Valid origins - linode

There are various domain name used in Akamai Linode

• Edge domain: This is the domain name of your website as visible to an end-user's website, which is served through Akamai edge.
• Origin domain: this is your origin domain that Akamai currently forwards requests to, Darwinium will forward requests to this domain.
• Cluster Load Balancer Hostname: where there is a request that that needs to be processed via Darwinium, it should be forwarded to this address.

Configure Manage Clusters - linode

Here we can “Add Cluster” and fill some basic information.

• It is possible to create multiple clusters across different region, with each cluster, we suggest minimal nodes >= 3 to take full advantage of High Availability
• Darwinium will configure auto-scale according to current load till the max nodes be used, so set a relative big enough Max nodes will make sure service.
• The standard node type Darwinium supporting g6-standard-1 have 1 CPU and 2G memory

Press “create” and Aphex will trigger to create the specified cluster on Akamai, it will take 3 to 5 minutes as following.

The cluster will now be running and ready to process requests.

At this point, we recommend you set up a simple journey and step with a trigger configured on a URL within your website in order to test the later configuration.
See Creating and Editing Steps for information.

4. Configure Akamai Edge

Open Property Manager in Akamai Control Centre (Go to CDN -> Properties, select appropriate Property Group and Property for your edge hostname then select an appropriate version).

Origin Redirect Rule

Create a new Blank Rule Template

You may name this rule whatever you want.

Inside this template add a condition to route appropriate paths to Darwinium. These paths should match the "Trigger" section of the proxy steps in your Darwinium Journey (see Creating and Editing Steps).

Next configure your new Cluster Load Balancer Hostname as the origin for these paths.
Select + Behavior -> Standard Property Behaviour -> Origin to add an origin behaviour.

For certificate matching, you must use your Node Subdomain from Darwinium Portal Admin -> Nodes as the Common Name to match against.
Assuming Step 3 is complete, you may use Add Certificate -> Retrieve from Hostname and enter your Cluster Load Balancer Hostname to automatically pin against the correct certificate.

Finally, add a behaviour to disable caching for these paths.
Select + Behavior -> Standard Property Behaviour -> Caching.
Then select Bypass Cache.

Testing

Deploy your new properties to Akamai's Staging network.
Follow these these instrucitons to test your site in a staging environment.
After visiting a link with both a Darwinium Step and an entry in your rule's Criteria, visit Investigations -> Query in the Darwinium portal. Press "search" without a condition to show all events. You should see your new event displayed.

Congratulations

If your event displays correctly and your site runs as expected, consider deploying your edge properties to production.

Congratulations, you have successfully set up Darwinium on your Akamai website.