Managing Server Roles

By default, starting the RKE2 will run all control-plane components, including the apiserver, controller-manager, scheduler, and etcd. It is possible to disable specific components in order to split the control-plane and etcd roles on to separate nodes.

Dedicated etcd Nodes

To create a server with only the etcd role, deploy a config with all the control-plane components disabled:

# /etc/rancher/rke2/config.yaml
disable-apiserver: true
disable-controller-manager: true
disable-scheduler: true

This first node will start etcd, and wait for additional etcd and/or control-plane nodes to join. The cluster will not be usable until you join an additional server with the control-plane components enabled.

Dedicated control-plane Nodes

A dedicated control-plane node cannot be the first server in the cluster; there must be an existing node with the etcd role before joining dedicated control-plane nodes.

To create a server with only the control-plane role, deploy a config with etcd disabled:

# /etc/rancher/rke2/config.yaml
server: https://<etcd-only-node>:9345
disable-etcd: true

After creating dedicated server nodes, the selected roles will be visible in kubectl get node:

$ kubectl get nodes
NAME           STATUS   ROLES                       AGE     VERSION
rke2-server-1   Ready    etcd                        5h39m   v1.26.4+rke2r1
rke2-server-2   Ready    control-plane,master        5h39m   v1.26.4+rke2r1

Adding Roles To Existing Servers

Roles can be added to existing dedicated nodes by restarting RKE2 with the disable flags removed. For example, if you want to add the control-plane role to a dedicated etcd node, you can remove the disable-apiserver disable-controller-manager disable-scheduler lines from the config file, and restart the service.