Skip to main content

RKE2

RKE2 is a fully conformant Kubernetes distribution focusing on security and compliance within the U.S. Federal Government sector. To meet the Kubernetes security and compliance goals required by the U.S. Federal Government, RKE2 establishes the following:

  1. Provides defaults and configuration options that allow clusters to pass the CIS Kubernetes Benchmark v1.6 with minimal operator intervention.

  2. Enables Federal Information Processing Standard 140-2 (FIPS 140-2) compliance.

  3. Scans components regularly for Common Vulnerabilities and Exposures (CVEs) using Trivy in the build pipeline.

RKE2 launches control plane components as static pods, managed by the kubelet instead of relying on Docker. Additionally, the embedded container runtime is containerd.

You can deploy RKE2 by adding this pack to a cluster profile. Once the cluster profile is created, you can deploy the RKE2-based Kubernetes clusters through Palette.

Support Lifecycle

We support other Kubernetes distributions such as K3s, Microk8s, and RKE2 until their official EOL. The EOL is set by the respective owner. Once we stop supporting the minor version, we initiate the deprecation process. Refer to the Kubernetes Support Lifecycle guide to learn more.

Versions Supported

The following RKE2 versions are supported to work with Palette.

Prerequisites

  • A Linux operating system. Refer to the official RKE2 requirements for more details on supported Linux distributions and versions.

  • 8 GB Memory

  • 4 CPU

  • An Edge host. Refer to the Edge documentation to learn more about Edge.

Usage

You can add RKE2 to an Edge cluster profile as the Kubernetes layer. Refer to the Create an Infrastructure Profile guide to learn more.

RKE2 offers several customization options, ranging from networking to security. We recommend you review the following RKE2 documentation:

Many of the Day-2 cluster management responsibilities are handled by Palette. Review the Cluster Management reference resource to learn more about Palette and Day-2 operations.

Terraform

data "spectrocloud_registry" "public_registry" {
name = "Public Repo"
}

data "spectrocloud_pack_simple" "k8s" {
name = "edge-rke2"
version = "1.27.5"
type = "helm"
registry_uid = data.spectrocloud_registry.public_registry.id
}

Troubleshooting

  • When using Vault with the RKE2 distribution of Kubernetes in Palette Edge, you must explicitly specify a storage class for the Vault server. Refer to the Vault pack page for details.

Resources