Skip to main content

Configuration Options

Configuration File

The primary way to configure RKE2 is through its config file. Command line arguments and environment variables are also available, but RKE2 is installed as a systemd service and thus these are not as easy to leverage.

By default, RKE2 will launch with the values present in the YAML file located at /etc/rancher/rke2/config.yaml.


The RKE2 config file needs to be created manually. You can do that by running touch /etc/rancher/rke2/config.yaml as a privileged user. If the configuration is changed after starting RKE2, the service must be restarted to apply the new configuration.

An example of a basic server config file is below:

write-kubeconfig-mode: "0644"
- "foo.local"
- "foo=bar"
- "something=amazing"
debug: true

The configuration file parameters map directly to CLI arguments, with repeatable CLI arguments being represented as YAML lists. Boolean flags are represented as true or false in the YAML file.

An identical configuration using solely CLI arguments is shown below to demonstrate this:

rke2 server \
--write-kubeconfig-mode "0644" \
--tls-san "foo.local" \
--node-label "foo=bar" \
--node-label "something=amazing" \

It is also possible to use both a configuration file and CLI arguments. In these situations, values will be loaded from both sources, but CLI arguments will take precedence. For repeatable arguments such as --node-label, the CLI arguments will overwrite all values in the list.

Finally, the location of the config file can be changed either through the cli argument --config FILE, -c FILE, or the environment variable $RKE2_CONFIG_FILE.

Multiple Config Files

Version Gate

Available as of v1.21.2+rke2r1

Multiple configuration files are supported. By default, configuration files are read from /etc/rancher/rke2/config.yaml and /etc/rancher/rke2/config.yaml.d/*.yaml in alphabetical order.

By default, the last value found for a given key will be used. A + can be appended to the key to append the value to the existing string or slice, instead of replacing it. All occurrences of this key in subsequent files will also require a + to prevent overwriting the accumulated value.

An example of multiple config files is below:

# config.yaml
token: boop
- foo=bar
- bar=baz

# config.yaml.d/test1.yaml
write-kubeconfig-mode: 600
- alice=bob:NoExecute

# config.yaml.d/test2.yaml
write-kubeconfig-mode: 777
- other=what
- foo=three
- charlie=delta:NoSchedule

This results in a final configuration of:

write-kubeconfig-mode: 777
token: boop
- other=what
- foo=three
- alice=bob:NoExecute
- charlie=delta:NoSchedule

Configuring the Linux Installation Script

As mentioned in the Quick-Start Guide, you can use the installation script available at to install RKE2 as a service.

The simplest form of this command is running, as root user or through sudo, as follows:

# curl -sfL | sudo sh -
curl -sfL | sh -

When using this method to install RKE2, the following environment variables can be used to configure the installation:

Environment VariableDescription
INSTALL_RKE2_VERSIONVersion of RKE2 to download from GitHub. Will attempt to download the latest release from the stable channel if not specified. INSTALL_RKE2_CHANNEL should also be set if installing on an RPM-based system and the desired version does not exist in the stable channel.
INSTALL_RKE2_TYPEType of systemd service to create, can be either "server" or "agent" Default is "server".
INSTALL_RKE2_CHANNEL_URLChannel URL for fetching RKE2 download URL. Defaults to
INSTALL_RKE2_CHANNELChannel to use for fetching RKE2 download URL. Defaults to stable. Options include: stable, latest, testing.
INSTALL_RKE2_METHODMethod of installation to use. Default is on RPM-based systems rpm, all else tar.

This installation script is straight-forward and will do the following:

  1. Obtain the desired version to install based on the above parameters. If no parameters are supplied, the latest official release will be used.
  2. Determine and execute the installation method. There are two methods: rpm and tar. If the INSTALL_RKE2_METHOD variable is set, that will be respected, Otherwise, rpm will be used on operating systems that use this package management system. On all other systems, tar will be used. In the case of the tar method, the script will simply unpack the tar archive associated with the desired release. In the case of rpm, a yum repository will be set up and the rpm will be installed using yum.

Configuring the Windows Installation Script


Windows Support requires choosing Calico or Flannel as the CNI for the RKE2 cluster

As mentioned in the Quick-Start Guide, you can use the installation script available at to install RKE2 on a Windows Agent Node.

The simplest form of this command is as follows:

Invoke-WebRequest -Uri -Outfile install.ps1

When using this method to install the Windows RKE2 agent, the following parameters can be passed to configure the installation script:


install.ps1 [[-Channel] <String>] [[-Method] <String>] [[-Type] <String>] [[-Version] <String>] [[-TarPrefix] <String>] [-Commit] [[-AgentImagesDir] <String>] [[-ArtifactPath] <String>] [[-ChannelUrl] <String>] [<CommonParameters>]


-Channel Channel to use for fetching RKE2 download URL (Default: "stable")
-Method The installation method to use. Currently tar or choco installation supported. (Default: "tar")
-Type Type of RKE2 service. Only the "agent" type is supported on Windows. (Default: "agent")
-Version Version of rke2 to download from Github
-TarPrefix Installation prefix when using the tar installation method. (Default: `C:/usr/local` unless `C:/usr/local` is read-only or has a dedicated mount point, in which case `C:/opt/rke2` is used instead)
-Commit (experimental/agent) Commit of RKE2 to download from temporary cloud storage. If set, this forces `--Method=tar`. Intended for development purposes only.
-AgentImagesDir Installation path for airgap images when installing from CI commit. (Default: `C:/var/lib/rancher/rke2/agent/images`)
-ArtifactPath If set, the install script will use the local path for sourcing the `$SUFFIX` and `sha256sum-$ARCH.txt` files rather than the downloading the files from GitHub. Disabled by default.

Other Windows Installation Script Usage Examples

Install the Latest Version Instead of Stable

Invoke-WebRequest -Uri -Outfile install.ps1
./install.ps1 -Channel Latest

Install the Latest Version using Tar Installation Method

Invoke-WebRequest -Uri -Outfile install.ps1
./install.ps1 -Channel Latest -Method Tar

Running the Binary Directly

As stated, the installation script is primarily concerned with configuring RKE2 to run as a service. If you choose to not use the script, you can run RKE2 simply by downloading the binary from our release page, placing it on your path, and executing it. The important commands are:

rke2 serverRun the RKE2 management server, which will also launch the Kubernetes control plane components such as the API server, controller-manager, and scheduler. Only Supported on Linux.
rke2 agentRun the RKE2 node agent. This will cause RKE2 to run as a worker node, launching the Kubernetes node services kubelet and kube-proxy. Supported on Linux and Windows.
rke2 --helpShows a list of commands or help for one command

More Info

For details on configuring the RKE2 server, refer to the server configuration reference.

For details on configuring the RKE2 agent, refer to the agent configuration reference.

For details on configuring the RKE2 Windows agent, refer to the Windows agent configuration reference.