Installing RKE2 on Ubuntu 24.04

What is RKE2 ?

RKE2, also known as RKE Government, is Rancher’s next-generation Kubernetes distribution.

It is a fully conformant Kubernetes distribution that focuses on security and compliance within the U.S. Federal Government sector.

To meet these goals, RKE2 does the following:

Provides defaults and configuration options that allow clusters to pass the CIS Kubernetes Benchmark v1.6 or v1.23 with minimal operator intervention
Enables FIPS 140-2 compliance
Regularly scans components for CVEs using trivy in our build pipeline

RKE2 combines the best-of-both-worlds from the 1.x version of RKE (hereafter referred to as RKE1) and K3s.

From K3s, it inherits the usability, ease-of-operations, and deployment model.

From RKE1, it inherits close alignment with upstream Kubernetes. In places K3s has diverged from upstream Kubernetes in order to optimize for edge deployments, but RKE1 and RKE2 can stay closely aligned with upstream.

Importantly, RKE2 does not rely on Docker as RKE1 does. RKE1 leveraged Docker for deploying and managing the control plane components as well as the container runtime for Kubernetes. RKE2 launches control plane components as static pods, managed by the kubelet. The embedded container runtime is containerd.

RKE1 vs RKE2

Behavior Differences Between RKE1 and RKE2
RKE2, also known as RKE Government, is a Kubernetes distribution that focuses on security and compliance for U.S. Federal Government entities. It is considered the next iteration of the Rancher Kubernetes Engine, now known as RKE1.

RKE1 and RKE2 have several slight behavioral differences to note, and this page will highlight some of these at a high level.

Control Plane Components
RKE1 uses Docker for deploying and managing control plane components, and it also uses Docker as the container runtime for Kubernetes. By contrast, RKE2 launches control plane components as static pods that are managed by the kubelet. RKE2’s container runtime is containerd, which allows things such as mirroring a container image registry. RKE1 with Docker does not allow mirroring.

Today I will guide you through the process of RKE2 installation, although in the time of writing the tutorial it is not yet officially a part of RKE support matrix (hope it will be eventually) we will deploy it on Ubuntu 24.04, we will start fresh, only thing was performed is an update.
HELM and kubectl will be needed down the road so it will be a good idea to install them before we start with RKE2 and rancher.

First lets install KUBECTL, run the following set of commands to download the latest stable release of kubectl, make it executable, move it to a directory in your PATH for easy access, and then verify the installation.

curl -LO`curl -s`/bin/linux/amd64/kubectl

chmod +x ./kubectl

sudo mv ./kubectl /usr/local/bin/kubectl

kubectl version -o json

Next let’s install HELM, that too will be done with the following set of commands.

curl -O

bash ./get-helm-3

helm version

Now that you have kubectl and helm we can proceed to RKE2 installtion.

Run the installer, this command will install rke2-server service and rke2 binary onto your machine. This command must be run as the root user or through sudo.

curl -sfL | sudo sh -

sudo systemctl enable rke2-server.service

sudo systemctl start rke2-server.service

# If you want to follow the logs, you can use:

journalctl -u rke2-server -f

After running this installation:

The rke2-server service will be installed.

The rke2-server service will be configured to automatically restart after node reboots or if the process crashes or is killed.

Additional utilities will be installed at /var/lib/rancher/rke2/bin/. They include: kubectl, crictl, and ctr. Note that these are not on your path by default.

Two cleanup scripts, and, will be installed to the path at: /usr/local/bin for regular file systems, /opt/rke2/bin for read-only and brtfs file systems, INSTALL_RKE2_TAR_PREFIX/bin if INSTALL_RKE2_TAR_PREFIX is set.

A kubeconfig file will be written to /etc/rancher/rke2/rke2.yaml.

A token that can be used to register other server or agent nodes will be created at /var/lib/rancher/rke2/server/node-token.


At this point you want to configure a KUBECONFIG file, this is an important step before you get access to your cluster.
cat ‘rke2.yaml’ file, this is the kubeconfig for the cluster, copy it’s content to ‘ ~.kube/config’

mkdir ~/.kube && sudo cp /etc/rancher/rke2/rke2.yaml ~/.kube/config

Take ownership of the file and you can start working with it…

sudo chown $(id -u):$(id -g) $HOME/.kube/config

Now you can run kubectl commands and get to know our cluster….

and now is the time to install Rancher GUI, there are two steps in that procedure, one is deploying a cert manager, and the second is installing Rancher UI, we will accomplish that with HELM.

Let’s install the CRD’s first, run the following command.

kubectl apply --validate=false -f

Now that the repo is added let’s install it, you can use the following command.

kubectl create namespace cert-manager

helm repo add jetstack

helm repo update

helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager 

Very well, we deployed it, now let’s see what we got there.

kubectl get all -n cert-manager

Everything looks good, so now we can proceed to installing Rancher, run the following set of commands, that will add a repo and install Rancher.

NOTE: change hostname to your value.

helm repo add rancher-latest

helm repo update

kubectl create namespace cattle-system

helm install rancher rancher-latest/rancher \
  --namespace cattle-system \
  --set hostname=rancher.rke2.local

After checking deployment status and verifying that nothing went wrong you can navigate to your dns and get to Rancher initialization page, there you will be introduced to a kubectl command that will retrieve the initial password.

Copy the command and run it in the terminal, you will get the init admin password.

after login you will get to your newly installed RKE2 cluster.

Well that’s it… you got it, you have installed RKE2 and Rancher on Ubuntu 24.04.     thumbs up man! or miss :>

the next thing you will probably need is a load balancer, you can learn how to deploy MetalLB load balancer here:

after that i think a good idea will be to install a VPN, you can learn how to deploy and configure WireGuard VPN here: