IBM API Connect on K3s

Zhimin Wen
3 min readMar 4
Image by Lionhearted Studio from Pixabay

IBM API Connect has a wide range of deployment option, including OVA on VMWare, OpenShift and plain Kubernenets. K3s as a fully compatiable certified light-weight Kubernetest distribution is the perfect candidate for testing and exploration purpose. Let’s install the API Connect on to K3s.

Base Host VM Setup

We will host the K3s cluster on the following VMs with Ubuntu 22.04.1 LTS

  • k3s-master: c4m4 (4 core, 4 GB memory), 200GB disk
  • k3s-worker1: c8m16, 300GB disk
  • k3s-worker2: c8m16, 300GB disk
  • k3s-worker3: c8m16, 300GB disk

On the master, we will setup our own DNS server with dnssmasq, where the a wildcard domain is set as below,


All the dns name with the extension of will be resolved to the k3s-master. The rest of the domain will be forwarded to the original DNS server.

The workers will set their DNS server to the above dnsmasq on master.

K3s Setup

First install K3s master on the master node,

 curl -sfL | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--disable traefik" sh -

As API Connect only support the Nginx ingress controller, we disable K3s traefik ingress controller.

Then setup the workers one by one. Get the token from master,

sudo cat /var/lib/rancher/k3s/server/node-token

Install by

curl -sfL | K3S_URL=https://{{ .masterIp }}:6443 K3S_TOKEN={{ .token }} sh -

Nginx Ingress Controller Setup

We use the Kubernetes nginx ingress controller with Helm. Prepare the following values.yaml to allow TLS passthrough for the purpose of mTLS.

watchIngressWithoutClass: true
enabled: false
ssl-protocols: "TLSv1.2 TLSv1.3"
enable-ssl-passthrough: true

Install the chart,

Zhimin Wen

Recommended from Medium


See more recommendations