Skip to main content

Requirements

RKE2 is very lightweight, but has some minimum requirements as outlined below.

Prerequisites

Two nodes cannot have the same hostname.

If all your nodes have the same hostname, set the node-name parameter in the RKE2 config file for each node you add to the cluster to have a different node name.

Operating Systems

Linux

RKE2 has been tested and validated on the following operating systems, and their subsequent non-major releases:

  • Ubuntu 18.04, 20.04, 22.04 (amd64)
  • CentOS/RHEL 7.8 (amd64)
  • Rocky/RHEL 8.5 (amd64)
  • SLES 15 SP3, SP4
  • OpenSUSE, SLE Micro 5.1, 5.2, 5.3 (amd64)

Windows

Version Gate

Experimental as of v1.21.3+rke2r1

info

Windows Support requires choosing Calico as the CNI for the RKE2 cluster

The RKE2 Windows Node (Worker) agent has been tested and validated on the following operating systems, and their subsequent non-major releases:

  • Windows Server 2019 LTSC (amd64) (OS Build 17763.2061)
  • Windows Server 2022 LTSC (amd64) (OS Build 20348.169)

Note The Windows Server Containers feature needs to be enabled for the RKE2 Windows agent to work.

Open a new Powershell window with Administrator privileges

powershell -Command "Start-Process PowerShell -Verb RunAs"

In the new Powershell window, run the following command.

Enable-WindowsOptionalFeature -Online -FeatureName Containers –All

This will require a reboot for the Containers feature to properly function.

Hardware

Hardware requirements scale based on the size of your deployments. Minimum recommendations are outlined here.

Linux/Windows

  • RAM: 4GB Minimum (we recommend at least 8GB)
  • CPU: 2 Minimum (we recommend at least 4CPU)

Disks

RKE2 performance depends on the performance of the database, and since RKE2 runs etcd embeddedly and it stores the data dir on disk, we recommend using an SSD when possible to ensure optimal performance.

Networking

Important: If your node has NetworkManager installed and enabled, ensure that it is configured to ignore CNI-managed interfaces.. If your node has Wicked installed and enabled, ensure that the forwarding sysctl config is enabled

The RKE2 server needs port 6443 and 9345 to be accessible by other nodes in the cluster.

All nodes need to be able to reach other nodes over UDP port 8472 when Flannel VXLAN is used.

If you wish to utilize the metrics server, you will need to open port 10250 on each node.

Important: The VXLAN port on nodes should not be exposed to the world as it opens up your cluster network to be accessed by anyone. Run your nodes behind a firewall/security group that disables access to port 8472.

Inbound Rules for RKE2 Server Nodes

ProtocolPortSourceDescription
TCP9345RKE2 agent nodesKubernetes API
TCP6443RKE2 agent nodesKubernetes API
UDP8472RKE2 server and agent nodesRequired only for Flannel VXLAN
TCP10250RKE2 server and agent nodeskubelet
TCP2379RKE2 server nodesetcd client port
TCP2380RKE2 server nodesetcd peer port
TCP30000-32767RKE2 server and agent nodesNodePort port range
UDP8472RKE2 server and agent nodesCilium CNI VXLAN
TCP4240RKE2 server and agent nodesCilium CNI health checks
ICMP8/0RKE2 server and agent nodesCilium CNI health checks
TCP179RKE2 server and agent nodesCalico CNI with BGP
UDP4789RKE2 server and agent nodesCalico CNI with VXLAN
TCP5473RKE2 server and agent nodesCalico CNI with Typha
TCP9098RKE2 server and agent nodesCalico Typha health checks
TCP9099RKE2 server and agent nodesCalico health checks
TCP5473RKE2 server and agent nodesCalico CNI with Typha
UDP8472RKE2 server and agent nodesCanal CNI with VXLAN
TCP9099RKE2 server and agent nodesCanal CNI health checks
UDP51820RKE2 server and agent nodesCanal CNI with WireGuard IPv4
UDP51821RKE2 server and agent nodesCanal CNI with WireGuard IPv6/dual-stack

Windows Specific Inbound Network Rules

ProtocolPortSourceDescription
UDP4789RKE2 server nodesRequired for Calico and Flannel VXLAN

Typically, all outbound traffic will be allowed.