Maintained by: Rahim Khoja (khoja1@ualberta.ca) & Karim Ali (kali2@ualberta.ca)
This repository contains a hardened RKE2 Kubernetes node image based on Ubuntu 24.04, built into a Docker container that is Warewulf-compatible and deployable on bare metal.
It's primarily used for imaging and provisioning Kubernetes-ready compute nodes using Warewulf 4, and is tailored for high-performance computing clusters or edge AI clusters that integrate Kubernetes and Slurm side-by-side.
The image includes essential kernel modules, container runtime, RKE2 (server mode), and CIS security hardening using the SCAP Security Guide.
The image is automatically built and pushed to Docker Hub using GitHub Actions whenever changes are pushed to the latest branch.
Docker Hub: rkhoja/warewulf-rke2:latest
docker pull rkhoja/warewulf-rke2:latestThis container includes:
- RKE2 Kubernetes (server mode, installed via official Rancher script)
- SSH, NFS, LVM, Ansible, smartmontools, ipmitool, sensors
- Kernel and modules pre-installed for k8s networking (iptables, CNI, auditd, etc.)
- SCAP CIS Level 2 hardening (automatically applied)
- Systemd-based boot compatible with Warewulf PXE deployments
changemeroot password (you should change this in production)
RKE2 Kubernetes (docs) (server mode, installed via official Rancher script)
All major Kubernetes dependencies (e.g., socat, conntrack, iptables, etc.) are preinstalled, and the RKE2 unit is enabled on boot.
This project includes a GitHub Actions workflow: .github/workflows/deploy-warewulf-rke2.yml.
- Builds the Docker image from the
Dockerfile - Logs into Docker Hub using stored GitHub Secrets
- Pushes the image tagged as the current branch (usually
latest)
To enable pushing to your Docker Hub:
-
Go to your fork's GitHub repo → Settings → Secrets and variables → Actions
-
Add the following:
DOCKER_HUB_REPO→ your Docker Hub repo. In this case: rkhoja/warewulf-rke2DOCKER_HUB_USER→ your Docker Hub usernameDOCKER_HUB_TOKEN→ create a Docker Hub access token
-
Manual: Run the workflow from the Actions tab with Run workflow (enabled via
workflow_dispatch). -
Automatic: Any push to the
latestbranch triggers the CI/CD pipeline. -
Recommended branching model:
- Work and test in
main - Merge or fast-forward
maintolatestto trigger a production build
- Work and test in
git checkout latest
git merge main
git push origin latestOnce you have Warewulf 4 setup on your control node:
warewulf import docker rkhoja/warewulf-rke2:latest --name=rke2-nodeThen assign the image to a compute node:
wwctl node set n00[1-4] --container=rke2-node
wwctl configure -aFinally boot the nodes via PXE.
RKE2 will auto-start via systemd and begin initializing the cluster once networking is available.
Many Bothans died to bring us this information. This project is provided as-is, but reasonable questions may be answered based on my coffee intake or mood. ;)
Feel free to open an issue or email khoja1@ualberta.ca or kali2@ualberta.ca for U of A related deployments.
This project is released under the MIT License - one of the most permissive open-source licenses available.
What this means:
- ✅ Use it for anything (personal, commercial, whatever)
- ✅ Modify it however you want
- ✅ Distribute it freely
- ✅ Include it in proprietary software
The only requirement: Keep the copyright notice somewhere in your project.
That's it! No other strings attached. The MIT License is trusted by major projects worldwide and removes virtually all legal barriers to using this code.
Full license text: MIT License
The Research Computing Group supports high-performance computing, data-intensive research, and advanced infrastructure for researchers at the University of Alberta and across Canada.
We help design and operate compute environments that power innovation — from AI training clusters to national research infrastructure.