RKE2

RKE2 (Rancher Kubernetes Engine 2) is Rancher's next-generation Kubernetes distribution that provides a secure, stable, and production-ready platform for edge and on-premises deployments. In this section, I document real-world patterns and practices for building production-grade RKE2 platforms.

Why RKE2 for Edge and On-Premises

RKE2 is particularly well-suited for edge computing and on-premises deployments where you need:

• Security by Design: FIPS 140-2 compliance and CIS hardening out of the box
• Simplified Operations: Single binary installation with embedded containerd
• Edge Resilience: Lightweight architecture perfect for resource-constrained environments
• High Availability: Built-in etcd clustering and load balancing
• Enterprise Support: Production-ready with Rancher's commercial backing

Architecture Patterns

My RKE2 deployments follow these core principles based on deployment scenario:

High Availability (HA) Deployments

• 3+ Server Nodes: Embedded etcd clustering for maximum resilience
• External Load Balancers: Layer 4 TCP load balancing with failover
• Terraform Automation: Infrastructure as Code for reproducible deployments
• GitOps Integration: Argo CD for declarative configuration management

Edge Computing Deployments

• Single Server Node: Minimized resource footprint for edge constraints
• 2+ Agent Nodes: Distributed workload execution at the edge
• edgectl Automation: Purpose-built CLI for edge lifecycle management
• VPN Integration: Tailscale overlay for secure remote management

Production Deployment Guides

• Architecture & Design: Core architectural decisions and cluster topology
• Deployment Guide: Step-by-step production cluster deployment
• Networking: Cilium configuration, load balancing, and firewall setup
• Security Hardening: Production security configurations and compliance
• Troubleshooting: Common issues and debugging techniques

GitOps Integration

RKE2 clusters integrate seamlessly with GitOps workflows, but the approach differs by deployment pattern:

High Availability GitOps

• Terraform: Manages infrastructure provisioning and initial cluster bootstrap
• Argo CD: Handles application workload delivery and cluster configuration drift
• External Secrets: Secure credential management from Azure Key Vault/AWS Secrets Manager

Edge GitOps

• edgectl: Automates cluster lifecycle including Argo CD installation
• Argo CD: Pre-configured during cluster bootstrap for immediate GitOps capability
• HashiCorp Vault: Integrated secret management for edge autonomy

Edge Computing Focus

RKE2 excels in edge computing scenarios where traditional cloud-native patterns need adaptation:

• Bandwidth Optimization: Efficient image pulling and caching strategies
• Intermittent Connectivity: Robust operation during network partitions
• Resource Constraints: Optimized resource usage for edge hardware
• Remote Management: Secure remote access via VPN overlays like Tailscale

This documentation reflects real production deployments running on ARM64 and x86_64 hardware across distributed edge locations.

Additional Resources

Official Documentation

• RKE2 Documentation - Complete RKE2 reference
• RKE2 Architecture - Core architectural concepts
• RKE2 Install Requirements - System requirements and prerequisites
• RKE2 Security Hardening - Official hardening guide
• RKE2 CIS Self-Assessment - CIS benchmark compliance guide

Networking Resources

• RKE2 Networking Options - CNI configuration options
• Cilium Documentation - Complete Cilium reference
• Cilium Requirements - System requirements for Cilium
• Cilium kube-proxy Replacement - eBPF networking guide

Tools and Automation

• edgectl - Edge cluster automation CLI
• RKE2 Helm Integration - Built-in Helm chart management
• RKE2 Cluster Access - Authentication and kubeconfig management