Skip to content

Rke2

services.rke2.agentToken

Shared secret used to join agents to the cluster, but not servers.

WARNING: This option will expose store your token unencrypted world-readable in the nix store. If this is undesired use the agentTokenFile option instead.

Type: string

Default

""

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/rke2/default.nix

services.rke2.agentTokenFile

File path containing rke2 agent token to use when connecting to the server. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/rke2/default.nix

services.rke2.cisHardening

Enable CIS Hardening for RKE2.

It will set the configurations and controls required to address Kubernetes benchmark controls from the Center for Internet Security (CIS).

Learn more about CIS Hardening for RKE2.

NOTICE:

You may need restart the systemd-sysctl muaually by:

sudo systemctl restart systemd-sysctl

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/rke2/default.nix

services.rke2.cni

CNI Plugins to deploy, one of none, calico, canal, cilium or flannel.

All CNI plugins get installed via a helm chart after the main components are up and running and can be customized by modifying the helm chart options.

Learn more about RKE2 and CNI plugins

WARNING: Flannel support in RKE2 is currently experimental.

Type: one of "none", "canal", "cilium", "calico", "flannel"

Default

"canal"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/rke2/default.nix

services.rke2.configPath

Load configuration from FILE. Type: path

Default

"/etc/rancher/rke2/config.yaml"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/rke2/default.nix

services.rke2.dataDir

The folder to hold state in. Type: path

Default

"/var/lib/rancher/rke2"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/rke2/default.nix

services.rke2.debug

Turn on debug logs. Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/rke2/default.nix

services.rke2.disable

Do not deploy packaged components and delete any deployed components. Type: list of string

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/rke2/default.nix

services.rke2.enable

Whether to enable rke2. Type: boolean

Default

false

Example

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/rke2/default.nix

services.rke2.environmentVars

Environment variables for configuring the rke2 service/agent.

Here you can find all the available environment variables:

Besides the options above, you can also active environment variables by edit/create those files:

  • /etc/default/rke2
  • /etc/sysconfig/rke2
  • /usr/local/lib/systemd/system/rke2.env

Type: attribute set of string

Default

{HOME = "/root";}

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/rke2/default.nix

services.rke2.extraFlags

Extra flags to pass to the rke2 service/agent.

Here you can find all the available flags:

Type: list of string

Default

[ ]

Example

["--disable-kube-proxy""--cluster-cidr=10.24.0.0/16"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/rke2/default.nix

services.rke2.nodeIP

IPv4/IPv6 addresses to advertise for node. Type: null or string

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/rke2/default.nix

services.rke2.nodeLabel

Registering and starting kubelet with set of labels. Type: list of string

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/rke2/default.nix

services.rke2.nodeName

Node name. Type: null or string

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/rke2/default.nix

services.rke2.nodeTaint

Registering kubelet with set of taints. Type: list of string

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/rke2/default.nix

services.rke2.package

The rke2 package to use. Type: package

Default

pkgs.rke2

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/rke2/default.nix

services.rke2.role

Whether rke2 should run as a server or agent.

If it's a server:

  • By default it also runs workloads as an agent.
  • any optionals is allowed.

If it's an agent:

  • serverAddr is required.
  • token or tokenFile is required.
  • agentToken or agentTokenFile or disable or cni are not allowed.

Type: one of "server", "agent"

Default

"server"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/rke2/default.nix

services.rke2.selinux

Enable SELinux in containerd. Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/rke2/default.nix

services.rke2.serverAddr

The rke2 server to connect to, used to join a cluster. Type: string

Default

""

Example

"https://10.0.0.10:6443"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/rke2/default.nix

services.rke2.token

Shared secret used to join a server or agent to a cluster.

WARNING: This option will expose store your token unencrypted world-readable in the nix store. If this is undesired use the tokenFile option instead.

Type: string

Default

""

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/rke2/default.nix

services.rke2.tokenFile

File path containing rke2 token to use when connecting to the server. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/cluster/rke2/default.nix