ACA Blog

ACA Blog

June 2021


How to install Rancher RKE2 on CentOS Stream 8

Bregt CoenenBregt Coenen

In this technical blog post, I will explain how to set up the new Rancher Kubernetes Distribution RKE2 on CentOS 8 Stream. Before explaining how to install Rancher RKE2 on CentOS Stream 8, let’s discuss the components of such a set-up.

What is CentOS 8 Stream?

You might already know that CentOS is a Linux distribution. Maybe you’re also aware that it provides a free, community-supported computing platform functionally compatible with Red Hat Enterprise Linux (RHEL). However, the ‘new’ CentOS, which is called CentOS Stream, actually works the other way around. Features will first be released on CentOS Stream, and only released to RHEL afterwards. This means CentOS Stream will be similar to Fedora. As most bugs will be patched on Fedora and CentOS Stream before they are released to RHEL, RHEL should be the most stable.

For now, there is still a ‘regular’ CentOS 8 you can download, but this will soon change. CentOS has stated that ‘the future is CentOS Stream‘ and set the EOL date for CentOS 8 on the 31st of December 2021.

What is Rancher?

The official website describes Rancher as ‘a complete software stack for teams adopting containers’. Rancher addresses the operational and security challenges of managing multiple Kubernetes clusters across any infrastructure, while providing DevOps teams with integrated tools for running containerized workloads. Basically, it’s a tool which provides an easy way to set up one or more Kubernetes clusters and provides a lot of features out of the box, such as security, a centralized software catalog, unified cluster management and so much more. In short, Rancher is the software that runs on a Kubernetes cluster.

What is RKE2?

You can create a Kubernetes cluster using RKE2 (or RKE1), but this is not a requirement. RKE2 (Rancher Kubernetes Engine), also known as RKE Gov(ernment), is basically a combination of RKE1 and K3s.

RKE2 does not rely on Docker. Instead, it launches control plane components as static pods, managed by the kubelet. The embedded container runtime is containered. The diagram below shows the topology of an RKE2 cluster.

Image describing the topology of an RKE2 cluster in blogpost on how to install Rancher RKE2 on CentOS Stream 8.

You can find more information on RKE2 architecture here.

Setting up nodes

When setting up nodes, you have a choice to either set up a server (master) node or an agent (worker) node. In both cases, you’ll want to automate this process using Ansible. After all, you don’t want to repeat the steps every time you set up a new node.

Scheme displaying the automation of setting up nodes with Ansible in blog post on how to install Rancher RKE2 on CentOS Stream 8

For this tutorial blog post, we’ll set up this architecture using RKE2.

Scheme displaying RKE2 architecture in blog post on how to install Rancher RKE2 on CentOS Stream 8

Make sure that the node names are resolvable via DNS and to add DNS entries. That way, each node can do a DNS lookup to connect to other nodes.

For example:

Depending on the node type, you’ll either install the rke2-server or rke2-agent package using Yum. Make sure to add the following Yum repositories so the packages can be installed:

You can validate the documentation here for known issues and here for advanced options.

Since we are using nftables, we will disable firewalld and enable nftables.

If you are using a DENY by default policy, you will have to add nftables rules in /etc/nftables/main.nft to allow the required traffic. You can find the documentation for this here.

Screenshot of protocols with corresponding ports and sources

Setting up the first Server Node

I’m going to explain the steps to setup server nodes here. Usually, you’d automate these using a software provisioning tool like Ansible like we mentioned above.

First, install the rke2-server package.

Then, add the node configuration to /etc/rancher/rke2/config.yaml.

Next up, add additional configuration to /etc/sysconfig/rke2-server. If you use a proxy server, you should add it in this step.

Additionally, you’ll have to instruct Canal that you’re using nftables, as documented here. You’ll need to create a file /var/lib/rancher/rke2/server/manifests/rke2-canal-config.yaml.

Now, you can start the rke2-server with the provided information.

You can now configure your kubectl for easy access, as documented here.

Follow the progress using the following commands:

Find and note down the token somewhere safe. You’ll need this token to add the other nodes to the cluster.

Setting up the load balancer in front of the first server node

This step depends heavily on the load balancer solution that is running within the datacenter or in the cloud. You should create a DNS entry that points to the load balancer, for example When the request hits the load balancer, it should forward the requests to the server node. This should work for TCP ports 9345 and 6443. Make sure that at this point, only the server node we configured in the previous step will get the requests. You can find more information here.

Scheme of how a load balancer works in combination with a CentOS VM

Setting up additional Server Nodes

As stated in the High Availability documentation, you will need to setup an odd number of server nodes in total. This is required to maintain quorum so the cluster can afford to lose connection with one of the nodes without impacting the cluster functionality. To achieve high availability, you need to set up at least 3 server nodes.

Since most information is already on the first node, this node requires less configuration.

First, install the rke2-server package.

Then, add the node configuration to /etc/rancher/rke2/config.yaml.

Next, add additional configuration to /etc/sysconfig/rke2-server. Again, if you use a proxy server, you should add this here.

Now, you can start the rke2-server with the provided information.

That’s it! Repeat these steps for all additional server nodes.

Adding the other nodes to the load balancer in front of the server nodes

Add all created server nodes as target for the load balancer.

Scheme of how a load balancer works in combination with multiples nodes running a CentOS VM

Setting up Agent Nodes

Apart from installing another yum package, the setup is similar to adding additional server nodes

First, install the rke2-agent package.

Then, add the node configuration to /etc/rancher/rke2/config.yaml.

Next, add additional configuration to /etc/sysconfig/rke2-agent. Once more, if you use a proxy server, you should add this here.

Now you can start the rke2-agent with the provided information.

Done! Repeat these steps for all additional agent nodes.

RKE2 server helm chart optimization

RKE2 will launch the following helm charts when starting the first server node.
  • rke2-canal
  • rke2-coredns
  • rke2-ingress-nginx
  • rke2-kube-proxy
  • rke2-metrics-server
They will be launched with default configuration. However, in some cases, you’ll want to change this. For example, we want to have multiple replicas running for the rke2-ingress-nginx-controller and rke2-ingress-nginx-default-backend. To achieve this, create the following file: /var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml

kind: HelmChartConfig

name: rke2-ingress-nginx
namespace: kube-system
valuesContent: |-
replicaCount: 2
replicaCount: 2

This will create a job container and run the helm chart. The required changes will be evaluated and executed. In this case, additional containers for the ingress-controller and the default-backend will be created.

Installing Rancher

Now that we have a functional RKE2 cluster, you will need to add the Rancher resources to the cluster. You can find most information on this using this guide from Rancher. In this case, we’ll be installing this using helm.

Install helm

To keep things simple, we’ll be running these commands on the first server node, as kubectl is already configured there. You could also install kubectl and helm on your local machine and point the kubeconfig to the cluster (assuming the cluster is reachable from your network). I actually advise the second method, since we won’t be installing extra software on the agent node. To install helm, you can follow the steps here.

Add helm repo

I recommend you use the stable version for this.

Create namespace for rancher

The rancher resources will be created in this Kubernetes namespace.

Install cert-manager

We will be using self-signed certificates for now. The cert-manager tool can generate these automatically. Note: if you bring your own certificates, this step is not required.

Wait until cert-manager pods are in a Running state.

Install Rancher

You should update the command from the documentation to your likes.

Then, validate if all resources are created.

If all goes well, your fancy dashboard will be available at

If you followed our guide on how to install Rancher RKE2 on CentOS Stream 8, your dashboard will look like this.
Make sure to create a DNS entry and possible load balancer configuration and firewall rules so HTTPS traffic can reach the dashboard.

And that’s how you install Rancher RKE2 on CentOS Stream 8! If you have any questions, we’re here to help. Leave us a comment below or contact us here and we’ll get back to you ASAP. And if you’re interested in Kubernetes services, check out what we can do for you!

Hungry for more technical cloud content? Check out these blog posts:

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x