Zenn
🍣

Setting Up K3s and Istio on Ubuntu 24 Installed in UTM on macOS

2024/09/04に公開
Istio
k3s
tech

K3s + Istio Setup

This guide will help you set up K3s and Istio on Ubuntu 24 running in UTM on macOS. It follows the Istio Bookinfo example.

Software URL
UTM https://mac.getutm.app/
Istio https://istio.io/
K3s https://k3s.io/

Step 1: Setup VM

Steps to follow on your local machine:

  1. Install UTM.
  2. Download ubuntu-24.04.1-live-server-amd64.iso.
    https://releases.ubuntu.com/noble/
  3. If you are using an Apple Silicon Mac, create the VM using the "Emulate" option (since Apple Silicon uses arm64, and the ISO is amd64).
  4. Follow the guide at https://oopsoop.com/ubuntu-on-mac-using-utm/ to set up the VM with Ubuntu 24 in UTM (also configure SSH according to the guide).
  5. Use the ip a command to check the VM's IP address.
  6. Set a password for the root user. Reference: Qiita - Root Password Setup

Step 2: Install K3s

# Login to the VM
ssh takashi@192.168.67.3
su root
cd /root

# Install K3s
curl -sfL https://get.k3s.io | sh -

Step 3: Configure kubeconfig

# Edit /root/.bashrc to set the KUBECONFIG environment variable for the root user
vi /root/.bashrc

# Add the following line
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml

# Reload /root/.bashrc
source /root/.bashrc

Step 4: Install Istioctl

# Download Istioctl
cd /root
curl -sL https://istio.io/downloadIstioctl | sh -

# Check Istioctl version and list the installation directory
ls -la /root/ | grep istio
drwxr-x--- 6 root    root    4096 Aug 13 01:16 istio-1.23.0

# Edit /root/.bashrc to add Istioctl to the PATH
vi /root/.bashrc

# Add the following line
export PATH=/root/istio-1.23.0/bin:$PATH

# Reload /root/.bashrc
source /root/.bashrc

Step 5: Install Istio and Enable Sidecar Injection

# Install Istio with the demo profile
istioctl install --set profile=demo -y

# Enable automatic sidecar injection for the default namespace
kubectl label namespace default istio-injection=enabled

# Verify the namespace label
kubectl get ns --show-labels

Step 6: Deploy the Bookinfo Application

# Apply the Bookinfo YAML
kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.23/samples/bookinfo/platform/kube/bookinfo.yaml

# Verify the pods and services
kubectl get pod,svc -L app,version

# Test the ratings service
kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -sS productpage:9080/productpage | grep -o "<title>.*</title>"

Expected output:

<title>Simple Bookstore App</title>

Step 7: Expose the Application using Istio Gateway

# Apply the Istio Gateway for the Bookinfo app
kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.23/samples/bookinfo/networking/bookinfo-gateway.yaml

# Verify the Gateway
kubectl get gateway

Step 8: Verify Istio Ingress

# Set Ingress Gateway variables
export INGRESS_NAME=istio-ingressgateway
export INGRESS_NS=istio-system

# Check the service status
kubectl get svc "$INGRESS_NAME" -n "$INGRESS_NS"

Step 9: Install and Configure MetalLB

Note: If the EXTERNAL-IP is <pending>, you will need to simulate a LoadBalancer using MetalLB.

# Apply MetalLB manifests
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.14.8/config/manifests/metallb-native.yaml

# Apply the IPAddressPool and L2Advertisement
kubectl apply -f - <<EOF
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
  name: default
  namespace: metallb-system
spec:
  addresses:
  - 192.168.67.200-192.168.67.210
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
  name: default
  namespace: metallb-system
EOF
  • The ip a command shows the VM's IP address is 192.168.67.3/24, so the IP range in the addresses section is specified between 192.168.67.200 and 192.168.67.210.

Step 10: Verify the Ingress Gateway

kubectl get svc "$INGRESS_NAME" -n "$INGRESS_NS"

Expected output:

NAME                   TYPE           CLUSTER-IP    EXTERNAL-IP      PORT(S)                                                                      AGE
istio-ingressgateway   LoadBalancer   10.43.59.65   192.168.67.201   15021:30139/TCP,80:32488/TCP,443:32067/TCP,31400:31973/TCP,15443:30922/TCP   85m

Step 11: Access the Bookinfo Application

# Set environment variables for the Gateway URL
export INGRESS_HOST=$(kubectl -n "$INGRESS_NS" get service "$INGRESS_NAME" -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
export INGRESS_PORT=$(kubectl -n "$INGRESS_NS" get service "$INGRESS_NAME" -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
export SECURE_INGRESS_PORT=$(kubectl -n "$INGRESS_NS" get service "$INGRESS_NAME" -o jsonpath='{.spec.ports[?(@.name=="https")].port}')
export TCP_INGRESS_PORT=$(kubectl -n "$INGRESS_NS" get service "$INGRESS_NAME" -o jsonpath='{.spec.ports[?(@.name=="tcp")].port}')
export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT

# Test the Bookinfo app through the Gateway
curl -s "http://${GATEWAY_URL}/productpage" | grep -o "<title>.*</title>"

Expected output:

<title>Simple Bookstore App</title>

Step 12: Apply Destination Rules

kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.23/samples/bookinfo/networking/destination-rule-all.yaml

# Verify Destination Rules
kubectl get destinationrules -o yaml

Step 13: Access the Bookinfo Application from a Browser

Once the setup is complete, you can access the Bookinfo application using your browser:

  1. Open a web browser.
  2. Navigate to http://192.168.67.201/productpage.

Discussion