要求

RKE2 非常轻量,但也有一些最低要求,如下所述。

先决条件

两个 RKE2 节点不能具有相同的节点名称。默认情况下,节点名称取自计算机的主机名。

如果两台或多台计算机具有相同的主机名,则必须执行以下操作之一:

  • 将主机名更新为唯一值

  • 将配置文件中的 node-name 参数设置为唯一值

  • 将配置文件中的 with-node-id 参数设置为 true,从而将随机生成的 ID 号附加到主机名后。

版本

with-node-id 参数从 2023-05 版本(v1.27.2+rke2r1、v1.26.5+rke2r1、v1.25.10+rke2r1、v1.24.14+rke2r1)开始可用。

操作系统

Architecture

RKE2 is available for x86_64 and arm64/aarch64.

Linux

See the RKE2 Support Matrix for all the OS versions that have been validated with RKE2. In general, RKE2 should work on any Linux distribution that uses systemd and iptables.

Windows

版本

v1.21.3+rke2r1 开始作为实验性功能。

Windows 支持要求选择 Calico 作为 RKE2 集群的 CNI。

The Windows Server Containers feature needs to be enabled for the RKE2 Windows agent to work.

RKE2 Windows Node (Worker) agent 已在以下操作系统及其后续非主要版本上进行了测试和验证:

  • Windows Server 2019 LTSC (amd64) (OS Build 17763.2061)

  • Windows Server 2022 LTSC (amd64) (OS Build 20348.169)

注意:需要启用 Windows Server Containers 功能才能使 RKE2 Windows Agent 工作。

使用管理员权限打开一个新的 Powershell 窗口。

powershell -Command "Start-Process PowerShell -Verb RunAs"

在新的 Powershell 窗口中,运行以下命令:

Enable-WindowsOptionalFeature -Online -FeatureName Containers –All

需要重启才能使 Containers 功能正常运行。

硬件

硬件要求根据你部署的规模而变化。此处概述了最低建议。

Linux/Windows

  • RAM:最低 4 GB(建议至少 8 GB)

  • CPU:最少 2(建议至少 4 CPU)

VM Sizing Guide

When limited on CPU and RAM on the control-plane + etcd nodes, there could be limitations for the amount of agent nodes that can be joined under standard workload conditions.

Server CPU Server RAM Number of Agents

2

4 GB

0-225

4

8 GB

226-450

8

16 GB

451-1300

16+

32 GB

1300+

It is recommended to join agent nodes in batches of 50 or less to allow the CPU to free up space, as there is a spike on node join. Remember to modify the default cluster-cidr if desiring more than 255 nodes!

This data was retrieved under specific test conditions. It will vary depending upon environment and workloads. The steps below give an overview of the test that was run to retrieve this. It was last performed on v1.27.4+rke2r1. All of the machines were provisioned in AWS with standard 20 GiB gp3 volumes.

  1. Monitor resources on grafana using prometheus data source.

  2. Deploy workloads in such a way to simulate continuous cluster activity:

    • A basic workload that scales up and down continuously

    • A workload that is deleted and recreated in a loop

    • A constant workload that contains multiple other resources including CRDs.

  3. Join agent nodes in batches of 30-50 at a time.

磁盘

RKE2 的性能取决于数据库的性能。由于 RKE2 嵌入式运行 etcd 并将数据目录存储在磁盘上,我们建议尽可能使用 SSD 以确保最佳性能。

网络

重要提示

如果你的节点安装并启用了 NetworkManager,请确保将其配置为忽略 CNI 管理的接口。如果你的节点安装并启用了 Wicked,请确保转发 sysctl 配置已启用

RKE2 server 需要开放端口 6443 和 9345 才能供集群中的其他节点访问。

使用 Flannel VXLAN 时,所有节点都需要能够通过 UDP 端口 8472 访问其他节点。

如果要使用 Metrics Server,则需要在每个节点上打开端口 10250。

重要提示:节点上的 VXLAN 端口会开放集群网络,让任何人均能访问集群。因此,不要将 VXLAN 端口暴露给外界。请使用禁用 8472 端口的防火墙/安全组来运行节点。

入站网络规则

Port Protocol Source Destination Description

6443

TCP

All RKE2 nodes

RKE2 server nodes

Kubernetes API

9345

TCP

All RKE2 nodes

RKE2 server nodes

RKE2 supervisor API

10250

TCP

All RKE2 nodes

All RKE2 nodes

kubelet metrics

2379

TCP

RKE2 server nodes

RKE2 server nodes

etcd client port

2380

TCP

RKE2 server nodes

RKE2 server nodes

etcd peer port

2381

TCP

RKE2 server nodes

RKE2 server nodes

etcd metrics port

30000-32767

TCP

All RKE2 nodes

All RKE2 nodes

NodePort port range

CNI Specific Inbound Network Rules

  • Canal

  • Cilium

  • Calico

  • Flannel

Port Protocol Source Destination Description

8472

UDP

All RKE2 nodes

All RKE2 nodes

Canal CNI with VXLAN

9099

TCP

All RKE2 nodes

All RKE2 nodes

Canal CNI health checks

51820

UDP

All RKE2 nodes

All RKE2 nodes

Canal CNI with WireGuard IPv4

51821

UDP

All RKE2 nodes

All RKE2 nodes

Canal CNI with WireGuard IPv6/dual-stack
Port Protocol Source Destination Description

8/0

ICMP

All RKE2 nodes

All RKE2 nodes

Cilium CNI health checks

4240

TCP

All RKE2 nodes

All RKE2 nodes

Cilium CNI health checks

8472

UDP

All RKE2 nodes

All RKE2 nodes

Cilium CNI with VXLAN

51871

UDP

All RKE2 nodes

All RKE2 nodes

Cilium CNI with WireGaurd
Port Protocol Source Destination Description

179

TCP

All RKE2 nodes

All RKE2 nodes

Calico CNI with BGP

4789

UDP

All RKE2 nodes

All RKE2 nodes

Calico CNI with VXLAN

5473

TCP

All RKE2 nodes

All RKE2 nodes

Calico CNI with Typha

9098

TCP

All RKE2 nodes

All RKE2 nodes

Calico Typha health checks

9099

TCP

All RKE2 nodes

All RKE2 nodes

Calico health checks
Port Protocol Source Destination Description

4789

UDP

All RKE2 nodes

All RKE2 nodes

Flannel CNI with VXLAN

Windows 特定的入站网络规则

Protocol Port Source Destination Description

UDP

4789

All RKE2 nodes

All RKE2 nodes

Required for Calico and Flannel VXLAN

TCP

179

All RKE2 nodes

All RKE2 nodes

Calico CNI with BGP

所有出站流量通常都是允许的。