🍣
Setting Up K3s and Istio on Ubuntu 24 Installed in UTM on macOS
K3s + Istio Setup
This guide will help you set up K3s and Istio on Ubuntu 24 running in UTM on macOS. It follows the Istio Bookinfo example.
Software | URL |
---|---|
UTM | https://mac.getutm.app/ |
Istio | https://istio.io/ |
K3s | https://k3s.io/ |
Step 1: Setup VM
Steps to follow on your local machine:
- Install UTM.
- Download
ubuntu-24.04.1-live-server-amd64.iso
.
https://releases.ubuntu.com/noble/ - If you are using an Apple Silicon Mac, create the VM using the "Emulate" option (since Apple Silicon uses arm64, and the ISO is amd64).
- Follow the guide at https://oopsoop.com/ubuntu-on-mac-using-utm/ to set up the VM with Ubuntu 24 in UTM (also configure SSH according to the guide).
- Use the
ip a
command to check the VM's IP address. - Set a password for the root user. Reference: Qiita - Root Password Setup
Step 2: Install K3s
# Login to the VM
ssh takashi@192.168.67.3
su root
cd /root
# Install K3s
curl -sfL https://get.k3s.io | sh -
Step 3: Configure kubeconfig
# Edit /root/.bashrc to set the KUBECONFIG environment variable for the root user
vi /root/.bashrc
# Add the following line
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
# Reload /root/.bashrc
source /root/.bashrc
Step 4: Install Istioctl
# Download Istioctl
cd /root
curl -sL https://istio.io/downloadIstioctl | sh -
# Check Istioctl version and list the installation directory
ls -la /root/ | grep istio
drwxr-x--- 6 root root 4096 Aug 13 01:16 istio-1.23.0
# Edit /root/.bashrc to add Istioctl to the PATH
vi /root/.bashrc
# Add the following line
export PATH=/root/istio-1.23.0/bin:$PATH
# Reload /root/.bashrc
source /root/.bashrc
Step 5: Install Istio and Enable Sidecar Injection
# Install Istio with the demo profile
istioctl install --set profile=demo -y
# Enable automatic sidecar injection for the default namespace
kubectl label namespace default istio-injection=enabled
# Verify the namespace label
kubectl get ns --show-labels
Step 6: Deploy the Bookinfo Application
# Apply the Bookinfo YAML
kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.23/samples/bookinfo/platform/kube/bookinfo.yaml
# Verify the pods and services
kubectl get pod,svc -L app,version
# Test the ratings service
kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -sS productpage:9080/productpage | grep -o "<title>.*</title>"
Expected output:
<title>Simple Bookstore App</title>
Step 7: Expose the Application using Istio Gateway
# Apply the Istio Gateway for the Bookinfo app
kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.23/samples/bookinfo/networking/bookinfo-gateway.yaml
# Verify the Gateway
kubectl get gateway
Step 8: Verify Istio Ingress
# Set Ingress Gateway variables
export INGRESS_NAME=istio-ingressgateway
export INGRESS_NS=istio-system
# Check the service status
kubectl get svc "$INGRESS_NAME" -n "$INGRESS_NS"
Step 9: Install and Configure MetalLB
Note: If the EXTERNAL-IP
is <pending>
, you will need to simulate a LoadBalancer using MetalLB.
# Apply MetalLB manifests
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.14.8/config/manifests/metallb-native.yaml
# Apply the IPAddressPool and L2Advertisement
kubectl apply -f - <<EOF
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: default
namespace: metallb-system
spec:
addresses:
- 192.168.67.200-192.168.67.210
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: default
namespace: metallb-system
EOF
- The
ip a
command shows the VM's IP address is192.168.67.3/24
, so the IP range in theaddresses
section is specified between192.168.67.200
and192.168.67.210
.
Step 10: Verify the Ingress Gateway
kubectl get svc "$INGRESS_NAME" -n "$INGRESS_NS"
Expected output:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.43.59.65 192.168.67.201 15021:30139/TCP,80:32488/TCP,443:32067/TCP,31400:31973/TCP,15443:30922/TCP 85m
Step 11: Access the Bookinfo Application
# Set environment variables for the Gateway URL
export INGRESS_HOST=$(kubectl -n "$INGRESS_NS" get service "$INGRESS_NAME" -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
export INGRESS_PORT=$(kubectl -n "$INGRESS_NS" get service "$INGRESS_NAME" -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
export SECURE_INGRESS_PORT=$(kubectl -n "$INGRESS_NS" get service "$INGRESS_NAME" -o jsonpath='{.spec.ports[?(@.name=="https")].port}')
export TCP_INGRESS_PORT=$(kubectl -n "$INGRESS_NS" get service "$INGRESS_NAME" -o jsonpath='{.spec.ports[?(@.name=="tcp")].port}')
export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
# Test the Bookinfo app through the Gateway
curl -s "http://${GATEWAY_URL}/productpage" | grep -o "<title>.*</title>"
Expected output:
<title>Simple Bookstore App</title>
Step 12: Apply Destination Rules
kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.23/samples/bookinfo/networking/destination-rule-all.yaml
# Verify Destination Rules
kubectl get destinationrules -o yaml
Step 13: Access the Bookinfo Application from a Browser
Once the setup is complete, you can access the Bookinfo application using your browser:
- Open a web browser.
- Navigate to
http://192.168.67.201/productpage
.
Discussion