https://github.com/numtide/nixos-rke2
NixOS modules for RKE2
https://github.com/numtide/nixos-rke2
Last synced: about 1 year ago
JSON representation
NixOS modules for RKE2
- Host: GitHub
- URL: https://github.com/numtide/nixos-rke2
- Owner: numtide
- License: mit
- Created: 2024-05-10T09:24:22.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2025-03-24T16:59:28.000Z (over 1 year ago)
- Last Synced: 2025-04-02T23:55:51.123Z (about 1 year ago)
- Language: Nix
- Size: 10.7 KB
- Stars: 21
- Watchers: 3
- Forks: 2
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# NixOS RKE2
RKE2 is Rancher's next-generation Kubernetes distribution. It is a fully conformant Kubernetes distribution that focuses on security and compliance within the U.S. Federal Government and other regulated industries.
NixOS is a Linux distribution that is declaratively configured using the Nix package manager. It is a great fit for running Kubernetes clusters, as it allows for easy and reproducible cluster deployments.
This repository contains a NixOS module for deploying RKE2 on NixOS. We are using it in a couple of places and it's stable, but not yet fully tested and documented.
## Quick usage
First, add this project to your flake inputs:
```nix
inputs = {
rke2.url = "github:numtide/nixos-rke2";
}
```
Then configure your master node like this (single-node deployment):
```nix
{ config, pkgs, inputs, ... }:
{
imports = [
inputs.rke2.nixosModules.default
];
# Don't interfere with k8s
networking.firewall.enable = lib.mkForce false;
services.numtide-rke2 = {
enable = true;
role = "server";
extraFlags = [
"--disable"
"rke2-ingress-nginx"
];
settings.kube-apiserver-arg = [ "anonymous-auth=false" ];
settings.tls-san = [ "" ];
settings.write-kubeconfig-mode = "0644";
};
}
```
Once deployed, get the RKE2 join token by SSH-into to the master node and running:
```sh
rke2 token create
```
Stick the token in a file and encrypt it with SOPS. Then deploy your workers:
```nix
{ config, pkgs, inputs, ... }:
{
imports = [
inputs.rke2.nixosModules.default
];
# Don't interfere with k8s
networking.firewall.enable = lib.mkForce false;
services.numtide-rke2 = {
enable = true;
role = "agent";
serverAddr = "https://:9345";
tokenFile = config.sops.secrets.rke2-worker-token.path;
};
```
## Supported platforms
* x86_64-linux
## Missing features
The module is still very barebones.
* Add more documentation and use-cases.
* Add NixOS VM test
* Add airgap/offline mode
## Copyright
MIT
Brought to you by Numtide, the open-source specialists. [Ping us](https://numtide.com/contact) if you need feature development or help.