top of page
Writer's picturePascal Van Dam

RKE2 - Easy As Pie, Secure As Fort Knox


Rancher Cow Wearing Security Lock Emphasizing  RKE2  Security.

created with CANVA


Industry insiders are singing RKE2's praises for its undeniable ease of use. RKE2 takes a page from the playbook of K3s, the rockstar of lightweight Kubernetes distributions for edge and IoT. This means, they've made the installation, configuration, and management of Kubernetes clusters a piece of cake. But you might be wondering, just how easy and secure is it, really 🚜?!


First Things First

Kubernetes – The Heavyweight Champ of Container Control, the reigning king of orchestrating and managing containerized wonders, is like that dazzling sports car that's also a handful to handle, especially when it comes to security and compliance. But hold on, there's a new sheriff in town, brought to you by the geniuses at Rancher Labs, the masterminds behind the beloved Kubernetes legends RKE1 and K3s. Say hello to the shining star: RKE2, affectionately known as RKE Government.


RKE2 is the ace up your sleeve, a fully conformant Kubernetes distribution decked out to meet the stringent security and compliance demands of the U.S. Federal Government sector and other rule-bound industries. It's not your run-of-the-mill Kubernetes – it's a powerhouse loaded with game-changing features:


  • Security and Compliance Simplified: RKE2 doesn't just talk the talk; it walks the walk when it comes to security and compliance. It's like your own personal security detail. RKE2 makes meeting the bar set by the CIS Kubernetes Benchmark a walk in the park, with minimal operator fuss. Plus, it's got a strong FIPS 140-2 compliance game, supports SELinux policy, rocks Multi-Category Security (MCS) label enforcement, and regularly scans its components for CVEs. It's like a 24/7 bodyguard.


  • Performance and User-Friendliness Redefined: Inheriting the laid-back vibes from its cousin K3s, that lightweight Kubernetes hotshot designed for edge and IoT scenes, RKE2 isn't just keeping pace; it's breaking records. RKE2 rolls with contained (not Docker), the fancy new embedded container runtime. RKE2 keeps you on the cutting edge with the latest Kubernetes versions and features, all while making it a breeze to navigate.


  • Scalability That Knows No Bounds: RKE2 is your Swiss Army knife. It's a high-performance, super-scalable solution for your data center. It's like having the perfect outfit for every occasion. RKE2 can strut its stuff on various hardware and operating systems and can play solo, be the trusty sidekick, or even assemble a whole team of servers. Your call. With RKE2, the world's your oyster.


In this blog, we will dive a little deeper into the security and compliance, performance and ease of use, and data center scalability aspects of RKE2, and check if it's as easy as pie and secure as Fort Knox!


Security and Compliance

Let's Talk Fort Knox-Level Security and Beyond. In the wild world of Kubernetes, security and compliance reign supreme, especially when you're dealing with the rulebook-wielding champs in the U.S. Federal Government sector. But hey, that's where RKE2 shines! They've got an arsenal of features and options that make locking down your clusters a breeze, including:

  • CIS Kubernetes Benchmark: Think of it as your security bodyguard. RKE2 takes the pain out of nailing the CIS Kubernetes Benchmark, saving you from endless operator headaches. This gold-standard guide, backed by the Center for Internet Security (CIS), is your go-to for fortifying Kubernetes clusters. RKE2 even comes with a supercharged CIS mode, turning the security dial up to 11.

  • FIPS 140-2 Compliance: We're talking about FIPS 140-2 compliance, baby! RKE2 rolls with a FIPS-validated cryptographic module for all your encryption and hashing needs, ticking all the boxes set by Uncle Sam himself. And, we've got a dedicated FIPS mode that doesn't mess around – it's all about the FIPS-compliant components and configurations.

  • SELinux Policy and MCS Label Enforcement: Think of RKE2 as your security maestro. It conducts the SELinux orchestra and masterminds Multi-Category Security (MCS) label enforcement, giving you control like never before. SELinux lays down the law with mandatory access control (MAC) policies, while MCS takes it up a notch, fine-tuning the security contexts of processes and objects. We're talking business! RKE2's fortified SELinux mode keeps things tight with stricter policies and MCS labels.

  • CVE Scanning: They don't play games when it comes to security. RKE2 takes the fight to vulnerabilities with regular scans using Trivy in its build pipeline. Trivy, the Swiss-army knife of vulnerability scanning for containers and artifacts, is your trusty sidekick. RKE2 even goes a step further with a dedicated CVE mode, so you're always ahead of the curve, protecting your systems from known vulnerabilities.

It's not just security; it's security on steroids. With RKE2, your clusters are locked, loaded, and bulletproof - RKE2 has your back!

 

CVE stands for Common Vulnerabilities and Exposures,

which is a list of publicly disclosed information security flaws. CVEs are assigned by CVE Numbering Authorities (CNAs), which are organizations that have the authority to create and publish CVEs. CVEs are used by IT professionals, security researchers, and vendors to identify, track, and fix vulnerabilities in software and hardware products. CVEs are also used by vulnerability databases, such as the National Vulnerability Database (NVD), to provide additional information and analysis of CVEs, such as severity scores, impact metrics, and remediation advice.


 

These remarkable features and options solidify RKE2 as the go-to Kubernetes distribution for organizations that demand top-tier security and compliance. While it's the favorite choice for the U.S. Federal Government sector, it also shines in various other regulated industries, including:


🏥 Healthcare: RKE2 is the trusted ally of healthcare organizations, ensuring their Kubernetes clusters stay in line with the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health) regulations. These regulations stand guard over the privacy and security of sensitive health information.


💰 Finance: Financial institutions turn to RKE2 to safeguard their Kubernetes clusters while adhering to the strict PCI DSS (Payment Card Industry Data Security Standard) and SOX (Sarbanes-Oxley Act) regulations. These regulations ensure the utmost security and integrity of payment cards and financial data.


📚 Education: Educational institutions rely on RKE2 to run their Kubernetes clusters while upholding the FERPA (Family Educational Rights and Privacy Act) and COPPA (Children’s Online Privacy Protection Act) regulations. These regulations keep the privacy and security of student and children's data in check.


No matter the industry, RKE2 is delivering ironclad security and compliance overall.


Performance and Ease of Use

Alright, here's the deal: When you're out there in the wild, trying to run Kubernetes in a fast-paced, crazy environment, you need something that's as smooth as butter. Enter RKE2 - your cool cat in the Kubernetes game, packed with features that'll make you wanna high-five the air. Check it out:

  • Usability That's Off the Charts: RKE2 takes its cues from K3s, the lightweight Kubernetes champ built for edge and IoT action. What's the result? Installing, configuring, and managing Kubernetes clusters becomes as easy as ordering pizza. It's all in one slick binary, no need for a treasure hunt. Plus, RKE2 plays nice with Helm charts and manifests for deploying your apps, and it buddies up with Rancher for some centralized cluster TLC.


  • Container Runtime - A Fast Lane: RKE2 chooses containerd (over Docker), the sleek, high-speed, low-drag container runtime that's the life of the Kubernetes party. It's CNCF-approved. Special Note: Container Runtime Interface (CRI)-O is not supported by RKE2, it's only containerd based. CRI-O is an implementation of the Kubernetes Container Runtime Interface (CRI) to enable the use of Open Container Initiative (OCI) compatible runtimes. It is a lightweight alternative to using Docker as the runtime for Kubernetes. Podman isn't supported either, Podman is not a runtime engine but a Container Client tool like the docker-cli. RKE2 does support gVisor runtime on top of containerd though.


  • Always the Latest, Always the Greatest: RKE2's that friend who's always up to date. It stays locked and loaded with the newest Kubernetes versions and features. But it's not just a wild party; it's like the smooth jazz station that's always playing your favorites. RKE2 goes through the ringer with rigorous testing before each release. It's got a gold star from the Kubernetes Enhancement Proposals (KEPs) and passes the Kubernetes Conformance Tests. So, you know it's legit.

RKE2's got your back. It's a rockstar when it comes to handling the crazy twists and turns of production workloads. So, put on your shades and roll with RKE2 - Kubernetes distribution that can handle the dynamic and complex environments of production workloads!


 

Watch Our Deep RKE2 Walkthrough Webinar

  • RKE2's Features

  • RKE2 Architecture

  • Demo Of A Seamless Single Control Plane Installation and more...



 

Datacenter Scalability

When it comes to running Kubernetes in the real world, you need a solution that's as flexible as your ambitions. RKE2 is here to make it happen, offering an array of features and perks that'll leave you wondering how you ever managed without it, including:


  • Hardware and OS Versatility: RKE2 is your chameleon. It can cozy up to a wide variety of hardware and operating systems. RKE2 swings with Linux, Windows, and MacOS. And it doesn't care if it's x86_64, ARM64 – it's up for the challenge. Special Note: ARMv7 is 32 bit ARM; as of our last information RKE2 does not support that (K3S does). Networking in PODs is limited through normal ethernet. It does not do anything directly with Wifi, Bluetooth, or USB, that is all done on the Host level, not on the container/pod level. For Windows it is important to notice that it is only supported experimentally as worker nodes, not server nodes


  • Deployment Options Galore: RKE2 knows there's no one-size-fits-all. Special Note: Please note that no K8S distro has topologies like star mesh and tree, they are network topologies. K8S is just either master or node role. Etcd is just a function that is normally part of a manager. It' s the clusters state database, the Hive Mind.


  • Rock-Solid High Availability and Disaster Recovery: RKE2's got your back. It doesn't matter if you're in the data center – high availability and disaster recovery are non-negotiable. RKE2 supports multiple control plane nodes and etcd members to keep the lights on. Special Note: For the edge adventures, RKE2 is NOT for the edge; it's sister distro K3S is. RKE2 is a full-fledged K8S in the DC/OS. The Datacenter Operating System. The easiest way to run microservices, big data, and containers in production. Unlike traditional operating systems, DC/OS spans multiple machines within a network, aggregating their resources to maximize utilization by distributed applications. DC/OS can be classified as a tool in the "Cluster Management" category, while Kubernetes is grouped under "Container Tools". Please note that cluster federation is NOT supported by RKE2. Currently cluster federation in K8S is still in development, also in the other distro's . However, using Cilium can make connected (cluster mesh) not federated clusters

RKE2 isn't just a Kubernetes distribution; it's a game-changer, ready to scale and adapt. These features and benefits make RKE2 a scalable and adaptable Kubernetes distribution.


Considerations

Now, let's get real – RKE2, like any other rockstar, comes with a few quirks and limitations. It's important for our DevOps champs and business owners to have the full lowdown. Here's the scoop. Some possible cons for both DevOps and Business Owners when adopting RKE2:


🤔 RKE2 known issues and limitations: RKE2 does not support ISTIO out of the box and firewalld and Network manager are outside of RKE2. They are functions of the underlying host OS like RHEL, SUSe and UBUNTU. The savvy move? Stay in the know and check out the RKE2 documentation for updates and clever workarounds.


🚢 No, Docker 🐳: RKE2 does things differently, no Docker but opting for containerd as the embedded container runtime. Special Note: For DevOps and business owners, RKE2 was never running on docker, but it' s grandfather did use Docker. For DevOps and Business Owners this is a no-no as the use of containers/PODs in K8S is transparent. The Container Runtime Interface (CRI) and the OCI (Open Container Initiative) provide the options to smoothly exchange the container engine where applicable. E.g. RKE2 cannot, but kubeadm can. But the good news is definitely no migration is needed.


🚀 A Work in Progress: RKE2 is a bit of a wild child – it's still growing, evolving, and improving. DevOps and business owners might stumble upon a bug or two, experience the occasional hiccup, or spot a missing feature when they're out on the RKE2 adventure. It's like exploring uncharted territory. You've got to stay on your toes to keep up with the frequent updates and changes in RKE2 and its components. Plus, it's a team effort – don't forget to provide feedback and report any issues to the RKE2 community and its brilliant developers.


So, RKE2 isn't just a tool; it's an ever-evolving journey. With a little awareness and a lot of determination.


Conclusion


Important for DevOps: DevOps enthusiasts, here's your backstage pass to RKE2's feature-packed show. RKE2 doesn't just play the Kubernetes game; it redefines it, offering a trio of core benefits that you'll be giddy to get your hands on:


🛡️ Security and Compliance, No Sweat: RKE2 empowers DevOps to launch Kubernetes clusters that check all the boxes for the U.S. Federal Government sector and other regulated industries, no manual fuss required. It's like having security and compliance on autopilot. RKE2 rolls out the red carpet with features that make sure you're always in line with the CIS Kubernetes Benchmark, FIPS 140-2 compliance, SELinux policy, MCS label enforcement, and CVE scanning. Your clusters will practically run themselves.


💨 Performance and Ease, All the Way: Running Kubernetes clusters that are both lightning-fast and user-friendly is the DevOps dream, and RKE2 delivers. It takes its cues from the beloved K3s, making the whole process a breeze. Plus, it uses containerd as the secret sauce for performance. It's like having your cake and eating it too, but with Kubernetes. RKE2 stays locked and loaded with the latest and greatest from upstream Kubernetes, making sure you never miss out on the coolest features.


🚀 Datacenter Dominance: No matter if you're in the heart of a data center, RKE2's got your back. It's like a Swiss army knife for DevOps, adapting to your environment without skipping a beat. It's the embodiment of scalability, letting you run on a variety of hardware and operating systems. Plus, RKE2 has high availability and disaster recovery features that are your safety net.


RKE2 doesn't just meet your expectations; it skyrockets past them. Your secret weapon, and your guiding star in the world of Kubernetes in the dynamic and complex environments of production workloads.


Important for Business Owners: For all the business owners out there, RKE2 isn't just another tool in the shed; it's possibly a secret weapon for success. Let's break it down – here's how RKE2 can transform your business:


🛡️ Security and Compliance – No Hassles: With RKE2 in your corner, you can run Kubernetes clusters that are a security and compliance dream come true. No need to break the bank or add complexity to your operations. RKE2 is like having a guardian angel for your security and compliance needs. It reduces the risk of breaches and violations, and it boosts the trust and confidence of all your stakeholders.


💨 Performance and Ease Supercharged: RKE2 lets you run Kubernetes clusters that are both lightning-fast and as easy as pie. You won't have to sacrifice quality or consistency in your services. It's like giving your teams a turbo boost, making them more efficient and productive. And your customers? They'll love the improved experience and satisfaction.


🚀 Data center Magic – Sky's the Limit: Conquering the data center RKE2 has your back. It's like a magic wand for scalability and adaptability. It won't hold your business back – it'll propel it forward. RKE2 opens up a world of opportunities and possibilities, allowing you to deliver innovative and competitive solutions.


Signing Off

Opting for RKE2 to power your Kubernetes production environment is a "Strategic Decision". It offers a secure, high-performance, and user-friendly Kubernetes experience. Developed by Rancher Labs, a subsidiary of SUSE, RKE2 is exclusively available to U.S. Government and trusted partner customers who prioritize uncompromising security.


In a nutshell, RKE2 gives you the best of both worlds – it's a breeze to use, yet as secure as Fort Knox. With RKE2, your Kubernetes implementation becomes a cakewalk, sprinkled with an extra layer of ironclad security! 🔐🍰


Welcome to our #K8SNation, start your Kubernetes DevOps journey today. Join us! #K8SMasteryCourses | Community | Coaching


Ready To Savor More? Indulge In "What's Your Flavor?!"


Child Tasting Ice Cream Representing The Kubernetes Distros


Comments


bottom of page