This guide will help you set up a Kubernetes cluster, including a service mesh using k3s (at the time of writing at version 0.10.2) and Rio. We’ll deploy the cluster on DigitalOcean. Ubuntu 18.04 LTS will be OS during this tutorial.

If you sign up to DigitalOcean using this link you’ll receive $50 to spend on their services over 30 days.

If you wish to run your cluster on your own hardware, you could do so on Raspberry Pis (ARM64) or Intel NUCs (x86_64) for example.

This tutorial will result in a three node cluster with one Kubernetes master and two workers.


This tutorial assumes you have a domain name. If you don’t have one, you can register one at Porkbun for example. In this tutorial we’ll use (replace it when you see it).

Next, create three Droplets on DigitalOcean running Ubuntu 18.04 LTS with “Private networking” enabled. Make sure they are all in the same datacenter.

Create DNS records pointing at the (public) IP addresses of your nodes. How you do this depends on your DNS provider or domain registrar. Please refer to their documentation. In this tutorial the nodes will have the FQDNs, and

Make note of the private IP address of each node. If you’re using DigitalOcean, you can find the private IP address in the DigitalOcean web console or using the DigitalOcean command line tool.

Also, make sure that port 6443 is open for incoming connections for your nodes in your firewall.

Make sure you are logged in as root (sudo su -) when executing the commands in this tutorial.

Configure the Nodes

Note: The following should be run on all nodes.

Start by upgrading the system:

# apt update && apt upgrade -y

If the kernel was upgraded when running apt pgarde -y, reboot:

# reboot

Next, add the hostnames and private IP addresses to the /etc/hosts file (replace with your domain):

# echo "" >> /etc/hosts # is the private IP of node 1 (master)
# echo "" >> /etc/hosts # is the private IP of node 2 (worker)
# echo "" >> /etc/hosts # is the private IP of node 3 (worker)

Deploy the Kubernetes Master

Note: The following should be run on the master node.

Log back in to the designated master node, in this tutorial it’s

Run the following command to install k3s as master, with the private IP address for internal cluster use and exposing the public IP address for external use (replace <private ip> with your private IP address, and <public ip> with your public IP address):

# curl -sfL | INSTALL_K3S_EXEC="--advertise-address <private ip> --node-external-ip <public ip>" sh -

Now grab the join token, which we’ll need to join the workers to the cluster (copy the output of the command):

# cat /var/lib/rancher/k3s/server/node-token

Deploy the Kubernetes Workers

Note: The following should be run on the worker node(s).

Install k3s on the worker nodes and join the worker to the cluster. Replace below with the hostname of your Kubernetes master, MY_K3S_TOKEN with the join token you grabbed in the previous part of the tutorial, and <public ip> with the public IP of your worker node:


# curl -sfL | K3S_URL= INSTALL_K3S_EXEC="--node-external-ip <public ip>" K3S_TOKEN="MY_K3S_TOKEN" sh -

Deploy Rio Service Mesh

At the time of writing, there is a bug preventing Rio from installing on the latest version of k3s (0.10.2)!

Note: The following should be run on the master node.

On your master node, install rio by running the following commands:

# curl -sfL | sh -
# rio install

To make sure the Rio service mesh pods are up and running, run:

# kubectl get po -n rio-system

Run the following to use your own domain name instead of

rio domain register default/route1


  • Make sure the required ports are open in your firewall
  • Check the k3s and Rio issue trackers to see if you’ve encountered a bug (at the time of writing, there is a bug in Rio that may prevent it from properly installing)

Last Words

That should do it! 😀 You should have a k3s cluster running with a Rio supplied service mesh.

If you plan on use this cluster for anything serious, you should continue by configuring firewalls and taking other measures to make sure your cluster is secure.

To learn more about Kubernetes, check out the Kubernetes documentation, the k3s documentation, and maybe read a few books:

Audible has a number of books on Kubernetes. If you sign up using this link you’ll get 30 days for free!

Hope you learned something reading through this tutorial! 😊 In future tutorials we’ll configure a k3s cluster with High Availability (HA) features.