IBM API Connect on K3s
--
IBM API Connect has a wide range of deployment option, including OVA on VMWare, OpenShift and plain Kubernenets. K3s as a fully compatiable certified light-weight Kubernetest distribution is the perfect candidate for testing and exploration purpose. Let’s install the API Connect on to K3s.
Base Host VM Setup
We will host the K3s cluster on the following VMs with Ubuntu 22.04.1 LTS
- k3s-master: c4m4 (4 core, 4 GB memory), 200GB disk
- k3s-worker1: c8m16, 300GB disk
- k3s-worker2: c8m16, 300GB disk
- k3s-worker3: c8m16, 300GB disk
On the master, we will setup our own DNS server with dnssmasq, where the a wildcard domain is set as below,
address=/.apps.k3s.io.cpak/192.168.10.89All the dns name with the extension of apps.k3s.io.cpak will be resolved to the k3s-master. The rest of the domain will be forwarded to the original DNS server.
The workers will set their DNS server to the above dnsmasq on master.
K3s Setup
First install K3s master on the master node,
curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--disable traefik" sh -As API Connect only support the Nginx ingress controller, we disable K3s traefik ingress controller.
Then setup the workers one by one. Get the token from master,
sudo cat /var/lib/rancher/k3s/server/node-tokenInstall by
curl -sfL https://get.k3s.io | K3S_URL=https://{{ .masterIp }}:6443 K3S_TOKEN={{ .token }} sh -Nginx Ingress Controller Setup
We use the Kubernetes nginx ingress controller with Helm. Prepare the following values.yaml to allow TLS passthrough for the purpose of mTLS.
controller:
watchIngressWithoutClass: true
admissionWebhooks:
enabled: false
config:
ssl-protocols: "TLSv1.2 TLSv1.3"
extraArgs:
annotations-prefix: ingress.kubernetes.io
enable-ssl-passthrough: trueInstall the chart,
export…
