Overview

RKE2 is a lightweight Kubernetes distribution designed for production environments, offering tight integration with upstream Kubernetes and leveraging containerd as its container runtime. It operates by running control plane components as static pods managed by kubelet.

Network Requirements

To ensure proper operation of an RKE2 cluster:

• Port 6443 and 9345 must be accessible by other nodes in the cluster.
• For metrics server functionality, port 10250 should be open on all nodes.
• Ports 2379 and 2380 need to allow etcd client peer connections.
• A range of ports from 30000 to 32767 must be available for NodePort services.

Architecture

The simplest deployment of RKE2 involves a single binary file that manages all required components. The process begins with initializing server components, followed by launching agent processes including the container runtime and node proxy. Once initialized, Helm controllers apply manifests located in /var/lib/rancher/rke2/server/manifests. This setup ensures continuous operation until SIGKILL or SIGTERM signals are received or the containerd process terminates.

Installation Steps

Preparing Network Interfaces

Before installing RKE2, it's essential to configure network interfaces used by Calico and Flannel so they are not managed by NetworkManager:

hostnamectl set-hostname k8s-master-1 && bash
mkdir -p /etc/NetworkManager/conf.d
cat <<EOF > /etc/NetworkManager/conf.d/rke2-canal.conf
[keyfile]
unmanaged-devices=interface-name:cali*;interface-name:flannel*
EOF
systemctl daemon-reload
systemctl restart NetworkManager

Installing the Server Node

Download and install the RKE2 server binary:

curl -sfL https://get.rke2.io | sh -
# For users in China:
curl -sfL http://rancher-mirror.rancher.cn/rke2/install.sh | INSTALL_RKE2_MIRROR=cn INSTALL_RKE2_TYPE="server" sh -
systemctl enable rke2-server.service
systemctl start rke2-server.service

Troubleshooting can be performed using:

journalctl -u rke2-server -f

Configuring Environment Variables

Update environment variables and copy configuration files for access via kubectl:

echo "export PATH=$PATH:/var/lib/rancher/rke2/bin" >> /etc/profile && source /etc/profile
mkdir ~/.kube && cp /etc/rancher/rke2/rke2.yaml ~/.kube/config
ln -s /var/lib/rancher/rke2/agent/etc/crictl.yaml /etc/crictl.yaml
crictl ps

Additional utilities are installed under /var/lib/rancher/rke2/bin/. The token needed to register additional servers or agents is stored at /var/lib/rancher/rke2/server/node-token.

Uninstalling the Server

To uninstall the server component:

# Stop services
/usr/bin/rke2-killall.sh

# Remove installation
/usr/bin/rke2-uninstall.sh

Adding Worker Nodes

Preparing Network Interfaces on Workers

Repeat the interface preparation steps on worker nodes:

hostnamectl set-hostname k8s-worker-1 && bash
mkdir -p /etc/NetworkManager/conf.d
cat <<EOF > /etc/NetworkManager/conf.d/rke2-canal.conf
[keyfile]
unmanaged-devices=interface-name:cali*;interface-name:flannel*
EOF
systemctl daemon-reload
systemctl restart NetworkManager

Installing the Agent Node

Install the agent node using the following commands:

curl -sfL https://get.rke2.io | INSTALL_RKE2_TYPE="agent" sh -
# For users in China:
curl -sfL https://rancher-mirror.rancher.cn/rke2/install.sh | INSTALL_RKE2_MIRROR=cn INSTALL_RKE2_TYPE="agent" sh -
systemctl enable rke2-agent.service

Configure the agent by editing the config file:

mkdir -p /etc/rancher/rke2/
vim /etc/rancher/rke2/config.yaml

Add the following content:

server: https://<server-ip>:9345
token: <node-token-from-server>

Then start the agent service:

systemctl start rke2-agent.service
journalctl -u rke2-agent -f

Uninstalling the Agent

To remove the agent node:

# Stop services
/usr/bin/rke2-killall.sh

# Remove installation
/usr/bin/rke2-uninstall.sh