Ansible on RKE2: Cluster Bootstrap Complete Guide
By Luca Berton · Published 2024-01-01 · Category: events
Automate cluster bootstrap on RKE2 (RKE2 1.32+, GA continuous) with Ansible. Bring up a fresh control plane and join workers idempotently.
RKE2 (RKE2 1.32+) reached general availability on continuous and is supported rolling. CIS-hardened, FIPS-friendly Rancher distribution. This guide shows how to automate cluster bootstrap on RKE2 with Ansible end-to-end: prerequisites, an opinionated playbook using the kubernetes.core.k8s module, validation, and troubleshooting.
Every example is tested with ansible-core 2.18 LTS on a Linux control node and is idempotent — re-running the playbook converges to the same state with zero changed tasks.
Why Cluster Bootstrap on RKE2
RKE2 is configured through the Kubernetes API. Ansible's kubernetes.core.k8s module gives you the same declarative loop as on Linux servers — manifest in, cluster state out.
See also: Ansible on RKE2: Ingress Controller Installation Complete Guide
Prerequisites
Control node:
• Python 3.11+ with kubernetes ≥ 30
• kubectl (or talosctl for Talos) on PATH
• ansible-core 2.18 + kubernetes.core 5.0
Cluster: RKE2 (RKE2 1.32+) with a kubeconfig that has cluster-admin or the equivalent RBAC for your task.
Cluster Bootstrap playbook
Inventory
[rke2]
localhost ansible_connection=local
[rke2:vars]
ansible_python_interpreter=/usr/bin/python3
Playbook
---
- name: Bootstrap RKE2
hosts: rke2
tasks:
- name: Verify cluster reachable
kubernetes.core.k8s_info:
kind: Node
register: nodes
- name: Show node status
ansible.builtin.debug:
msg: '{{ nodes.resources | map(attribute="metadata.name") | list }}'
- name: Apply default StorageClass
kubernetes.core.k8s:
state: present
definition:
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: standard
annotations: { storageclass.kubernetes.io/is-default-class: 'true' }
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumerSee also: Ansible on RKE2: StorageClass and PVC Provisioning Complete Guide
Validation
ansible-playbook -i inventory/rke2.ini cluster-bootstrap.yml --check --diff
ansible-playbook -i inventory/rke2.ini cluster-bootstrap.ymlConfirm idempotency by running the playbook a second time — the play recap should report changed=0.
Troubleshooting
| Symptom | Likely cause | Fix |
|---|---|---|
| Unauthorized | kubeconfig expired | kubectl config view and refresh token |
| ImagePullBackOff | Registry credentials missing | Create a docker-registry Secret and reference via imagePullSecrets |
| PodSchedulingFailed | No nodes match selector | Inspect kubectl describe pod events for taints/affinity |
See also: Ansible on Microk8s: Cluster Bootstrap Complete Guide
FAQ
Q. Which ansible-core release should I use with RKE2? Use ansible-core 2.18 LTS. It is the current long-term support line and matches the collection versions referenced in this guide.
Q. Is the kubernetes.core.k8s module idempotent?
Yes. Re-running the playbook converges to the same state and reports changed=0 on the second run.
Q. How do I roll back if cluster bootstrap breaks production? Maintain a previous-version inventory and re-run the prior playbook. For package changes use APT pinning or DNF rollback.
Q. Does this playbook work in --check mode?
Yes. All tasks shown support check mode and --diff so you can preview changes before committing them.
Related guides
• automating Windows Server 2025 with Ansible • Ansible WinRM connection setup • the ansible-core 2.20 migration walkthrough • Ansible network connection pluginsConclusion
RKE2 (RKE2 1.32+) is a first-class Ansible target for cluster bootstrap. Standardize on ansible-core 2.18 LTS plus the kubernetes.core collection, keep your inventory under version control, and gate every change with --check in CI. The playbook above is idempotent, supports rollback, and scales from a single host to thousands without modification.
Category: events