RKE2 Overview

RKE2 is a fully conformant Kubernetes distribution focusing on security and compliance within the U.S. Federal Government sector. To meet the Kubernetes security and compliance goals required by the U.S. Federal Government, RKE2 establishes the following:

  1. Provides defaults and configuration options that allow clusters to pass the CIS Kubernetes Benchmark v1.6 with minimal operator intervention.
  1. Enables Federal Information Processing Standard 140-2 (FIPS 140-2) compliance.
  1. Scans components regularly for Common Vulnerabilities and Exposures (CVEs) using Trivy in the build pipeline.

RKE2 launches control plane components as static pods, managed by the kubelet instead of relying on Docker. Additionally, the embedded container runtime is containerd.

You can deploy RKE2 by adding this pack to a cluster profile. Once the cluster profile is created, you can deploy the RKE2-based Kubernetes clusters through Palette.

RKE2 is only available for Edge host deployments. Refer to the Edge documentation to learn more about Edge.

Versions Supported

The following RKE2 versions are supported to work with Palette.


  • A Linux operating system. Refer to the official RKE2 requirements for more details on supported Linux distributions and versions.

  • 8 GB Memory

  • 4 CPU

  • An Edge host. Refer to the Edge documentation to learn more about Edge.


You can add RKE2 to an Edge cluster profile as the Kubernetes layer. Refer to the Create Cluster Profiles guide to learn more.

RKE2 offers several customization options, ranging from networking to security. We recommend you review the following RKE2 documentation:

Many of the Day-2 cluster management responsibilities are handled by Palette. Review the Cluster Management reference resource to learn more about Palette and Day-2 operations.


data "spectrocloud_registry" "public_registry" {
name = "Public Repo"
data "spectrocloud_pack_simple" "k8s" {
name = "edge-rke2"
version = "1.25.2"
type = "helm"
registry_uid = data.spectrocloud_registry.public_registry.id