End-to-End Kubernetes with Rancher, RKE2, K3s, Fleet, Longhorn, and NeuVector

The RKE2 Bootstrapping Process Explained

On the control plane node, the installation of RKE2 also installs kubectl as well as other binaries—some of them may be new to you, but they can be useful for troubleshooting and debugging.

• crictl: A CLI tool for troubleshooting and interacting with container runtimes via the Container Runtime Interface (CRI), designed primarily for Kubernetes environments.

• ctr: A low-level CLI for advanced debugging and direct interaction with the containerd API. It provides granular control over container runtime operations.

You can, for example, check the status of the containers using crictl:

CRI_CONFIG_FILE=/var/lib/rancher/rke2/agent/etc/crictl.yaml \
    /var/lib/rancher/rke2/bin/crictl ps

You can also use ctr to do the same thing:

/var/lib/rancher/rke2/bin/ctr \
    --address /run/k3s/containerd/containerd.sock \
    --namespace k8s.io \
    containers list

The installation of RKE2 also downloads the following binaries:

• containerd: A lightweight, industry-standard container runtime responsible for managing the complete lifecycle of containers, including image storage, container execution, and networking.
• containerd-shim: A daemon that acts as an intermediary between containerd and container processes. It ensures the container lifecycle is managed independently of containerd. It enables features like container runtime upgrades without disrupting running containers.
• runc: The Open Container Initiative (OCI)-compliant runtime used to create and manage container sandboxes. It handles the low-level details of starting and running containers.
• containerd-shim-runc-v1: The initial implementation of the containerd-shim using the v1 API. It interacts with runc to manage containers and is designed for use with cgroups v1. (Deprecated and slated for removal in future versions.)
• containerd-shim-runc-v2: An updated implementation of the containerd-shim with a more flexible v2 API. It supports both cgroups v1 and v2 and enables multiple containers in the same pod to run under a single shim process, a feature critical for Kubernetes.

RKE2 relies on the RKE2 Runtime Image to source the binaries and manifests required to run both server and agent nodes. By default, RKE2 scans for the runtime image in the directory /var/lib/rancher/rke2/agent/images/*.tar. If the image is not found locally, RKE2 attempts to pull it from an external source such as Docker Hub.

Once located, RKE2 extracts the /bin directory from the runtime image and places it into /var/lib/rancher/rke2/data/${RKE2_DATA_KEY}/bin, where ${RKE2_DATA_KEY} is a unique identifier for the image. This flattened structure provides the necessary binaries for RKE2 operation.

You can find the list of images pulled by default and their versions in the /var/lib/rancher/rke2/server/images directory, including the rke2 runtime image.