feat: Add RKE2 as alternative Kubernetes distribution for service cluster

[j0hnL]

Summary

Add support for deploying RKE2 (Rancher Kubernetes Engine 2) as an alternative to vanilla Kubernetes (kubeadm) for the service cluster. The distribution is selected by listing service_rke2 (instead of service_k8s) in software_config.json and configuring the new service_rke2_k8s_cluster block in omnia_config.yml.

How to use

1. In input/software_config.json, replace service_k8s with service_rke2 in the softwares list and set its "version" (e.g. 1.35.1)
2. In input/omnia_config.yml, uncomment and configure the service_rke2_k8s_cluster block with deployment: true (only one of service_k8s_cluster / service_rke2_k8s_cluster may have deployment: true)
3. Ensure the cluster has an entry in high_availability_config.yml — the kube-vip VIP is required for cluster join
4. Run the pipeline as normal (local_repo.yml → build_image_x86_64.yml → discovery.yml)

Configuration changes

• New service_rke2_k8s_cluster block in omnia_config.yml with schema validation in omnia_config.json (supported CNIs: calico, canal, cilium, flannel)
• Validation rejects service_k8s and service_rke2 being present together
• rke2 (stable/1.35 channel) and rke2-common RPM repositories added to local_repo_config.yml

Pipeline integration

• provision.yml: enable service_k8s tag when service_rke2 is in software_config.json
• include_software_config.yml / validate_software_config_json.yml: detect service_rke2, set support facts, handle arch and version
• common_validation.py: validate service_rke2 cluster configuration
• image_package_collector.py: select service_rke2.json for image builds
• k8s_config/main.yml: branch NFS setup on k8s_distro; create_rke2_config_nfs.yml reads NFS share details from storage_config.yml mounts
• configure_cloud_init_group.yml: select RKE2-specific cloud-init templates

New files

• 3 RKE2 cloud-init templates (first server, additional server, agent)
• create_rke2_config_nfs.yml for RKE2-specific NFS setup
• service_rke2.json package definitions for RHEL 10.0 x86_64

Key differences from kubeadm path

• RKE2 uses built-in containerd (no CRI-O); RKE2 manages the CNI lifecycle
• Token-based cluster join via the kube-vip VIP on port 9345 (RKE2 supervisor API)
• kube-vip runs as a kubelet static pod (/var/lib/rancher/rke2/agent/pod-manifests/) with the kubeconfig mounted at /etc/kubernetes/admin.conf
• Air-gapped system images: official RKE2 image tarballs (core + selected CNI, v1.35.1+rke2r1) are downloaded by local_repo, staged on the NFS share, and auto-imported from /var/lib/rancher/rke2/agent/images/ on every node
• registries.yaml mirrors public registries to the Pulp mirror for all other images

Backward compatibility

Existing kubeadm deployment is completely unaffected when service_k8s is selected (the default). All branching logic only activates for service_rke2.

[sujit-jadhav]

input/omnia_config.yml

Can we segrigate the blocks as per the k8s destribution?

service_k8s_cluster:

• cluster_name: service_cluster
  deployment: true
  etcd_on_local_disk: false
  k8s_distro: "kubeadm"
  k8s_cni: "calico"
  pod_external_ip_range: "172.16.107.170-172.16.107.200"
  k8s_service_addresses: "10.233.0.0/18"
  k8s_pod_network_cidr: "10.233.64.0/18"
  nfs_storage_name: "nfs_k8s"
  k8s_crio_storage_size: "20G"
  csi_powerscale_driver_secret_file_path: ""
  csi_powerscale_driver_values_file_path: ""

We can add new block:
service_rke2_k8s_cluster

and have specific settings for it.

I will ask team to change the existing service_k8s_cluster to service_upstream_k8s_cluster

Same way we can add service_charmed_k8s_cluster for canonical.

service_upstream_k8s_cluster
service_rke2_k8s_cluster
service_charmed_k8s_cluster

[abhishek-sa1]

software_config.json changes required to add service_rke2 and need to add input validation for the samea