Unlocking Kubernetes Simplicity with RKE2 and Empowering Network Security with Cilium

Introduction

Welcome to a guide that explores the simplicity and power of Rancher Kubernetes Engine 2 (RKE2) and how you can enhance your Kubernetes networking using Cilium as the Container Network Interface (CNI). In this post, we'll walk through the advantages of RKE2, introduce Cilium, and provide a step-by-step guide to installing RKE2 with Cilium.

Understanding RKE2

What is RKE2?

RKE2 is a lightweight, CNCF-certified Kubernetes distribution built by Rancher. It's designed for simplicity, ease of use, and security. RKE2 removes the complexities of managing Kubernetes clusters, making it an excellent choice for both beginners and seasoned Kubernetes users.

Advantages of RKE2

1. Simplicity and Ease of Use: RKE2 streamlines the installation and management of Kubernetes clusters. With a single binary, RKE2 simplifies deployment, upgrades, and operations, making it accessible to a broader audience.
2. Security Focus: RKE2 is built with security in mind. It uses containerd as the container runtime, minimizing the attack surface and enhancing the security posture of your Kubernetes environment.
3. Certified Kubernetes: RKE2 is certified by the Cloud Native Computing Foundation (CNCF), ensuring that it adheres to Kubernetes best practices and standards.

Enhancing Network Security with Cilium

What is Cilium?

Cilium is a powerful CNI that brings enhanced networking and security features to Kubernetes. It provides API-aware network security, load balancing, and network visibility.

Advantages of Cilium as a CNI:

1. Layer 7 Security: Cilium operates at the application layer, enabling fine-grained security policies based on application identity. This allows you to define security rules that are context-aware and application-specific.
2. Load Balancing and Service Discovery: Cilium simplifies service discovery and load balancing within your Kubernetes cluster. It offers automatic load balancing for services, enhancing application scalability.
3. Network Visibility: Cilium provides comprehensive visibility into your Kubernetes network. With features like eBPF-based monitoring, you can gain insights into the communication between services and troubleshoot network-related issues effectively.

Step-by-Step Installation Guide

For this demo, we will create a single cluster. We will install the rke2 in linux instance.

The config.yaml file located at etc/rancher/rke2/ is a configuration file used by Rancher Kubernetes Engine 2 (RKE2) to define specific configurations for a Kubernetes cluster. This file is crucial for customizing the installation and operation of an RKE2 cluster according to your specific needs and requirements.

We can create a config.yaml file with the provided values as follows:

write-kubeconfig-mode: "0644" 
debug: true 
cni: "cilium"        

Now, follow the steps to install Rancher RKE2 and verify the cluster and Cilium installation:

# Export the environment variable to define the Rancher version export INSTALL_RKE2_CHANNEL="latest" 

# Install Rancher RKE2 

curl -sfL https://get.rke2.io | sh - 

# Enable and start the RKE2 service 
sudo systemctl enable rke2-server.service 

sudo systemctl start rke2-server.service 

# wait a bit        

# Verify that the pods are running 
kubectl get pods -A        

# Verify that Cilium is installed 

kubectl get pods -n kube-system -l k8s-app=cilium        

These steps will install Rancher RKE2 on your cluster and verify both the cluster's existence and the installation of Cilium as the CNI. Keep in mind that specific configurations may vary based on your needs and environment, so adjust as necessary.

In the next blog posts, I will be explaining how to add other nodes, HA, store etcd in some cloud provider, that is, explain more advanced concepts, for now it is enough to know how to install RKE2 with a single node.

Want to learn more? Send me a message!