Skip to main content

v1.32.X

Upgrade Notice

Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.

VersionRelease dateKubernetesEtcdContainerdRuncMetrics-serverCoreDNSIngress-NginxHelm-controllerCanal (Default)CalicoCiliumMultus
v1.32.13+rke2r1Mar 05 2026v1.32.13v3.5.26-k3s1v2.1.5-k3s1v1.4.0v0.8.1v1.14.1v1.14.3-hardened3v0.16.17Flannel v0.28.1
Calico v3.31.3		v3.31.3v1.19.1v4.2.3
v1.32.12+rke2r1Feb 13 2026v1.32.12v3.5.26-k3s1v2.1.5-k3s1v1.4.0v0.8.1v1.14.1v1.14.3-hardened2v0.16.17Flannel v0.28.1
Calico v3.31.3		v3.31.3v1.19.0v4.2.3
v1.32.11+rke2r3Feb 04 2026v1.32.11v3.5.26-k3s1v2.1.5-k3s1v1.4.0v0.8.0v1.14.1v1.14.3-hardened1v0.16.17Flannel v0.28.0
Calico v3.31.3		v3.31.3v1.18.6v4.2.3
v1.32.11+rke2r1Dec 18 2025v1.32.11v3.5.25-k3s1v2.1.5-k3s1v1.4.0v0.8.0v1.13.1v1.13.5-hardened2v0.16.17Flannel v0.27.4
Calico v3.31.2		v3.31.2v1.18.4v4.2.3
v1.32.10+rke2r1Nov 20 2025v1.32.10v3.5.21-k3s1v2.1.5-k3s1v1.3.3v0.8.0v1.13.1v1.13.4-hardened1v0.16.16Flannel v0.27.4
Calico v3.30.3		v3.30.4v1.18.3v4.2.3
v1.32.9+rke2r1Sep 18 2025v1.32.9v3.5.21-k3s1v2.1.4-k3s2v1.3.1v0.8.0v1.12.3v1.12.6-hardened1v0.16.13Flannel v0.27.3
Calico v3.30.3		v3.30.3 v1.18.1v4.2.2
v1.32.8+rke2r1Aug 23 2025v1.32.8v3.5.21-k3s1v2.0.5-k3s2v1.2.6v0.8.0v1.12.3v1.12.4-hardened7v0.16.13Flannel v0.27.2
Calico v3.30.2		v3.30.2v1.18.0v4.2.2
v1.32.7+rke2r1Jul 25 2025v1.32.7v3.5.21-k3s1v2.0.5-k3s2v1.2.6v0.8.0v1.12.2v1.12.4-hardened2v0.16.13Flannel v0.27.1
Calico v3.30.2		v3.30.1v1.17.6v4.2.1
v1.32.6+rke2r1Jun 27 2025v1.32.6v3.5.21-k3s1v2.0.5-k3s1v1.2.6v0.7.2v1.12.2v1.12.2-hardened2v0.16.11Flannel v0.27.0
Calico v3.30.1		v3.30.1v1.17.4v4.2.1
v1.32.5+rke2r1May 21 2025v1.32.5v3.5.21-k3s1v2.0.5-k3s1v1.2.6v0.7.2v1.12.1v1.12.1-hardened6v0.16.10Flannel v0.26.7
Calico v3.30.0		v3.30.0v1.17.3v4.2.0
v1.32.4+rke2r1May 01 2025v1.32.4v3.5.21-k3s1v2.0.4-k3s2v1.2.5v0.7.2v1.12.1v1.12.1-hardened3v0.16.10Flannel v0.26.6
Calico v3.29.3		v3.29.3v1.17.3v4.2.0
v1.32.3+rke2r1Mar 26 2025v1.32.3v3.5.19-k3s1v2.0.4-k3s2v1.2.5v0.7.2v1.12.0v1.12.1-hardened1v0.16.6Flannel v0.26.5
Calico v3.29.2		v3.29.2v1.17.1v4.1.4
v1.32.2+rke2r1Feb 27 2025v1.32.2v3.5.18-k3s1v2.0.2-k3s2v1.2.4v0.7.2v1.12.0v1.12.0-hardened6v0.16.6Flannel v0.26.4
Calico v3.29.2		v3.29.2v1.17.0v4.1.4
v1.32.1+rke2r1Jan 27 2025v1.32.1v3.5.16-k3s1v1.7.23-k3s2v1.2.4v0.7.2v1.12.0v1.12.0-hardened2v0.16.5Flannel v0.26.3
Calico v3.29.1		v3.29.1v1.16.5v4.1.4
v1.32.0+rke2r1Jan 03 2025v1.32.0v3.5.16-k3s1v1.7.23-k3s2v1.1.14v0.7.1v1.12.0v1.10.5-hardened6v0.16.5Flannel v0.26.1
Calico v3.29.1		v3.29.1v1.16.4v4.1.3

Release v1.32.13+rke2r1

This release updates Kubernetes to v1.32.13.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.32.12+rke2r1:

  • Ingress-Nginx to Traefik Docker Test (#9738)
  • Prevent manifest race in Ingress Migration test (#9743)
  • Prevent a node transform from agent/server to server/agent (#9782)
  • Fix package dev broken after dapper removal from rke2-packaging (#9807)
  • Bump Traefik to v3.6.9 (#9819)
  • Update to v1.32.12 and Go v1.24.13 (#9809)
  • Bump k3s for etcd bootstrap fix (#9796)
  • Bump ETCD version to v3.5.26-k3s1-20260227 (#9827)
  • Chore: Bump ingress-nginx 2026-Feb (#9832)
  • Backports for 2026-02 BONUS RELEASE (#9843)
  • Bump crictl, runc and containerd to build20260303 (#9849)

Charts Versions

ComponentVersion
rke2-cilium1.19.100
rke2-canalv3.31.3-build2026020600
rke2-calicov3.31.300
rke2-calico-crdv3.31.300
rke2-coredns1.45.201
rke2-ingress-nginx4.14.303
rke2-metrics-server3.13.007
rancher-vsphere-csi3.5.0-rancher200
rancher-vsphere-cpi1.12.100
harvester-cloud-provider0.2.1100
harvester-csi-driver0.1.2500
rke2-snapshot-controller4.2.001
rke2-snapshot-controller-crd4.2.001
rke2-snapshot-validation-webhook0.0.0
rke2-traefik39.0.002
rke2-traefik-crd39.0.002

Release v1.32.12+rke2r1

This release updates Kubernetes to v1.32.12.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.32.11+rke2r3:

  • Bump k3s + Bulk Backports 2026-02 (#9657)
    • Update to CoreDNS chart 1.45.201 (#9647)
  • CNI bumps for the Feb 2026 release (#9682)
    • Update Kubernetes Metrics Server chart 3.13.007 (#9690)
  • Bump ingress-nginx to v1.14.3-hardened2 (#9699)
  • Update K8s to v1.32.12 and Go to v1.24.12 (#9700)
  • Bump k3s/rke2-ccm/klipper-lb/klipper-helm (#9715)

Charts Versions

ComponentVersion
rke2-cilium1.19.001
rke2-canalv3.31.3-build2026020600
rke2-calicov3.31.300
rke2-calico-crdv3.31.300
rke2-coredns1.45.201
rke2-ingress-nginx4.14.302
rke2-metrics-server3.13.007
rancher-vsphere-csi3.5.0-rancher200
rancher-vsphere-cpi1.12.100
harvester-cloud-provider0.2.1100
harvester-csi-driver0.1.2500
rke2-snapshot-controller4.2.001
rke2-snapshot-controller-crd4.2.001
rke2-snapshot-validation-webhook0.0.0
rke2-traefik39.0.000
rke2-traefik-crd39.0.000

Release v1.32.11+rke2r3

This release updates Kubernetes to v1.32.11.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

RKE2 v1.34 Upgrade Warning

This warning targets users who perform upgrades by adding new nodes to the cluster, and removing old ones. If your etcd cluster membership is and has been consistent across versions, you should NOT be affected by this issue.

RKE2 v1.34 and higher include etcd 3.6. Maintainers of the etcd project have indicated that there no safe path from etcd 3.5 to 3.6 except by upgrading to v3.5.26 first.

In mid December, the project released an announcement indicating that there is NO safe path from etcd 3.5 to 3.6 except by upgrading to v3.5.26 first. Failure to do so can cause the cluster to report “zombie members” (etcd nodes that were removed from the cluster some time ago) re-appearing and joining database consensus, ultimately causing the cluster to lose quorum. This updated blog post contradicts previous announcements on this topic, which indicated that it was safe to upgrade from v3.5.20+ as long as nodes had been restarted at least once, to reconcile membership lists across internal storage layers.

The January releases of RKE2 v1.32 and v1.33 will include etcd v3.5.26. All users should plan on upgrading to this patch release, prior to upgrading to v1.34 and v1.35.

Changes since v1.32.11+rke2r1:

  • Remove dapper + use crane (#9445)
  • Bump calico chart to v3.31.300 (#9455)
  • CNI bump Jan 2026 (#9477)
  • Bump Ingresses - 2026 Jan (#9483)
  • Bulk Backports - 2026 Jan (#9495)
  • Rke2-coredns: Use k8s-style "IANA" names (RFC 6335) (#9506)
  • K3s bump and backports for 2026-01 (#9516)
  • Adjust Windows directory creation order (#9528)
  • Bump Traefik version to v3.6.7 (#9548)
  • Update chart and container image versions (#9561)
  • Add e2e test for Calico in eBPF mode (#9563)
  • Bump etcd to v3.5.26 (#9581)
  • Update to v1.32.11-rke2r3 (#9594)
  • Fix release arm64 (#9599)
  • Backport: Increase timeouts in calico eBPF test (#9604)
  • Fix undefined function (#9613)
  • Revert accidental hardcode of klipper-helm tag (#9626)
  • Bump K3s version for etcd reconcile fix (#9631)
  • Bump ingress-nginx to v1.14.3-hardened1 (#9636)

Charts Versions

ComponentVersion
rke2-cilium1.18.601
rke2-canalv3.31.3-build2026011900
rke2-calicov3.31.300
rke2-calico-crdv3.31.300
rke2-coredns1.45.008
rke2-ingress-nginx4.14.301
rke2-metrics-server3.13.006
rancher-vsphere-csi3.5.0-rancher200
rancher-vsphere-cpi1.12.100
harvester-cloud-provider0.2.1100
harvester-csi-driver0.1.2500
rke2-snapshot-controller4.2.000
rke2-snapshot-controller-crd4.2.000
rke2-snapshot-validation-webhook0.0.0
rke2-traefik38.0.201
rke2-traefik-crd38.0.201

Release v1.32.11+rke2r1

This release updates Kubernetes to v1.32.11.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.32.10+rke2r1:

  • Remove NetworkManager check for nm-cloud.service (#9290)
  • Bump rke2-multus to v4.2.303 (#9330)
  • Bump rke2-coredns to 1.45.002 (#9337)
  • Update CNI to the latest versions (#9355)
  • Update to multus chart version v4.2.305 (#9359)
    • Update to CoreDNS chart 1.45.003 and Kubernetes Metrics Server chart 3.13.004 (#9370)
  • Bump traefik version (#9384)
  • Backports for 2025-12 (#9379)
  • Bump ingress-nginx and vsphere-csi (#9393)
  • Bump kine to v0.14.9 (#9408)
  • Bump klipper-helm to v0.9.12 (#9402)
  • Revert "Remove FlannelBackend from config" (#9423)
  • Update k8s and Go (#9430)

Charts Versions

ComponentVersion
rke2-cilium1.18.401
rke2-canalv3.31.2-build2025120500
rke2-calicov3.31.200
rke2-calico-crdv3.31.200
rke2-coredns1.45.003
rke2-ingress-nginx4.13.500
rke2-metrics-server3.13.004
rancher-vsphere-csi3.5.0-rancher200
rancher-vsphere-cpi1.12.100
harvester-cloud-provider0.2.1100
harvester-csi-driver0.1.2500
rke2-snapshot-controller4.0.003
rke2-snapshot-controller-crd4.0.003
rke2-snapshot-validation-webhook0.0.0

Release v1.32.10+rke2r1

This release updates Kubernetes to v1.32.10.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.32.9+rke2r1:

  • Bump harvester-cloud-provider chart to v0.2.11 with app image tag v0.2.5 (#8959)
  • Update traefik to v3.5.1, use new hardened image (#8972)
  • Bump rke2-ingress-nginx to v1.13.3-hardened1 (#9000)
  • Container runtime endpoint description and Docker warning (#8987)
  • Add calico envoy-proxy and envoy-ratelimit images (#9024)
  • Move dualstack to larger docker runners to prevent eviction failures (#9032)
  • Charts: Bump Harvester CSI driver 0.1.25 (#9036)
      • Support CSI Snapshot
  • Bump k3s (#9045)
  • Update to cilium v1.18.2 (#9077)
  • October 2025 bumps for canal, flannel and multus (#9096)
  • Update to CoreDNS chart 1.44.300 and Kubernetes Metrics Server chart 3.13.002 (#9091)
  • Bump images for go1.24.9 (#9105)
  • Add new kubeapiserver argument for cis-1.11 benchmark (#9120)
  • Bump traefik and ingress-nginx (#9129)
  • Bump helm-controller/klipper-helm (#9137)
  • Tests: update e2e tests to use images from the rancher org (#9160)
  • Bump k3s and backport uninstall fixes (#9176)
  • Bump traefik to v3.5.4 and ingress-nginx to v1.13.4 (#9189)
  • Bump runc to v1.3.3 (#9194)
  • Improve PR Trivy Scanning Reports (#9240)
  • More backports for 2025-11 (#9245)
    • Update to multus chart version v4.2.300 (#9254)
  • Bump k3s and helm-controller (#9265)
  • Update k8s and Go (#9271)
  • Fix race condition with Calico startup on Windows (#9281)
  • Release race condition (#9296)

Charts Versions

ComponentVersion
rke2-cilium1.18.300
rke2-canalv3.30.3-build2025101500
rke2-calicov3.30.401
rke2-calico-crdv3.30.401
rke2-coredns1.44.300
rke2-ingress-nginx4.13.400
rke2-metrics-server3.13.002
rancher-vsphere-csi3.5.0-rancher100
rancher-vsphere-cpi1.12.100
harvester-cloud-provider0.2.1100
harvester-csi-driver0.1.2500
rke2-snapshot-controller4.0.003
rke2-snapshot-controller-crd4.0.003
rke2-snapshot-validation-webhook0.0.0

Release v1.32.9+rke2r1

This release updates Kubernetes to v1.32.9.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.32.8+rke2r1:

  • Added Calico new images (#8830)
  • Added Cilium with wireguard e2e tests (#8815)
  • CNI and coredns bumps for Sep 25 release (#8847)
  • Bump k3s, containerd, runc (#8866)
  • Bump crictl and cloud provider (#8863)
  • Bump ingress-nginx v1.12.6-hardened1 (#8870)
  • Bump CNI chart latest version (#8884)
  • Update metrics-server chart 3.13.001 (#8905)
  • Update CoreDNS chart 1.43.302 (#8909)
  • Bump etcd (#8911)
  • Update to v1.32.9 and Go v1.23.12 (#8917)
  • Bump vsphere charts (#8940)

Charts Versions

ComponentVersion
rke2-cilium1.18.103
rke2-canalv3.30.3-build2025090900
rke2-calicov3.30.300
rke2-calico-crdv3.30.300
rke2-coredns1.43.302
rke2-ingress-nginx4.12.600
rke2-metrics-server3.13.001
rancher-vsphere-csi3.5.0-rancher100
rancher-vsphere-cpi1.12.100
harvester-cloud-provider0.2.1000
harvester-csi-driver0.1.2400
rke2-snapshot-controller4.0.003
rke2-snapshot-controller-crd4.0.003
rke2-snapshot-validation-webhook0.0.0

Release v1.32.8+rke2r1

This release updates Kubernetes to v1.32.8.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.32.7+rke2r1:

  • Add.utils test (#8651) - backport 1.32 (#8661)
  • CNI Bumps for Aug 25 release (#8693)
  • Bump rancher vsphere csi to 3.3.1-rancher10 (#8677)
  • Bump rke2-coredns to 1.43.100 (#8723)
  • Update to cilium v1.18.000 (#8717)
  • Bump ingress-nginx to v1.12.4-hardened6 (#8733)
  • Update Kubernetes Metrics Server chart 3.13.000 (#8742)
  • Separate pod template generation and static pod execution code (#8747)
  • Bump k3s (#8750)
  • Add prime ribs index upload and cache invalidation (#8710)
  • Bump K3s version for certificate startup check fix (#8763)
  • Update K8s to v1.32.8 and Go 1.23.11 (#8772)
  • Fix missing ECM config (#8777)
  • Fix uploader authentication (#8782)
  • Bump k3s for metric and event fixes (#8786)
  • Bump ingress-nginx to hardened7 (#8790)
  • Bump coredns chart and image (#8736) (#8796)
  • Fix static pod cleanup (#8807)

Charts Versions

ComponentVersion
rke2-cilium1.18.000
rke2-canalv3.30.2-build2025073100
rke2-calicov3.30.200
rke2-calico-crdv3.30.200
rke2-coredns1.43.101
rke2-ingress-nginx4.12.404
rke2-metrics-server3.13.000
rancher-vsphere-csi3.3.1-rancher1000
rancher-vsphere-cpi1.10.000
harvester-cloud-provider0.2.1000
harvester-csi-driver0.1.2400
rke2-snapshot-controller4.0.003
rke2-snapshot-controller-crd4.0.003
rke2-snapshot-validation-webhook0.0.0

Release v1.32.7+rke2r1

This release updates Kubernetes to v1.32.7.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.32.6+rke2r1:

  • Update Canal chart to latest version (#8530)
  • Prepend defaults to extra kube args (#8514)
  • Bump multus and whereabouts chart (#8538)
  • Update Kubernetes Metrics Server chart 3.12.203 (#8556)
  • Change structure and set namespace for ctr command (#8543)
  • Bump ingress-nginx to v1.12.4-hardened1 (#8569)
  • Charts: Bump Harvester CSI driver 0.1.24 (#8506)
      • Support online resize
      • Support external storage
  • Allow for zypper remove 104 code on uninstall (#8578)
    • Fix snapshot controller backwards compatibility (#8592)
  • Update flannel chart v0.27.100 (#8602)
  • Backports for 2025-07 (#8607)
  • Update K8s to v1.32.7 (#8624)
  • Bump ingress-nginx to hardened2 (#8635)
  • Update to cilium v1.17.6 (#8644)

Charts Versions

ComponentVersion
rke2-cilium1.17.600
rke2-canalv3.30.2-build2025071100
rke2-calicov3.30.100
rke2-calico-crdv3.30.100
rke2-coredns1.42.302
rke2-ingress-nginx4.12.401
rke2-metrics-server3.12.203
rancher-vsphere-csi3.3.1-rancher900
rancher-vsphere-cpi1.10.000
harvester-cloud-provider0.2.1000
harvester-csi-driver0.1.2400
rke2-snapshot-controller4.0.003
rke2-snapshot-controller-crd4.0.003
rke2-snapshot-validation-webhook0.0.0

Release v1.32.6+rke2r1

This release updates Kubernetes to v1.32.6.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.32.5+rke2r1:

  • June 2025 CNI bumps (#8326)
  • Windows: Allow for silent/non confirmation use of uninstall.ps1 (#8341)
  • Testing Overhaul Backports (#8363)
  • Bump canal, flannel and cilium charts (#8359) (#8383)
  • Bump multus and whereabouts (#8360) (#8389)
  • Support profile: etcd (#8370)
  • Bumps for etcd, cloud provider, crictl, containerd and runc (#8404)
  • Backports for 2025-06 (#8418)
  • Update Kubernetes Metrics Server chart 3.12.2 (#8422)
  • Update CoreDNS chart 1.42.3 (#8426)
  • Bump ingress-nginx to v1.12.2 and hardened-dns-node for CVE fixes (#8401)
  • Bump K3s version (#8435)
  • June K8s v1.32.6 patch (#8445)
  • Update runc to the newest image (#8470)

Charts Versions

ComponentVersion
rke2-cilium1.17.401
rke2-canalv3.30.1-build2025061101
rke2-calicov3.30.100
rke2-calico-crdv3.30.100
rke2-coredns1.42.302
rke2-ingress-nginx4.12.201
rke2-metrics-server3.12.202
rancher-vsphere-csi3.3.1-rancher900
rancher-vsphere-cpi1.10.000
harvester-cloud-provider0.2.1000
harvester-csi-driver0.1.2300
rke2-snapshot-controller4.0.002
rke2-snapshot-controller-crd4.0.002
rke2-snapshot-validation-webhook0.0.0

Release v1.32.5+rke2r1

This release updates Kubernetes to v1.32.5.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.32.4+rke2r1:

  • Upload prime ribs assets (#8171)
  • Feat: bump harvester-cloud-provider to v0.2.10 (#8182)
  • Backports for 2025-05 (#8196)
  • Update calico chart to v3.30.0 and Canal image (#8202)
  • Bump nginx version (#8177)
  • Update to Kubernetes Metrics Server 3.12.201 (#8211)
  • Update to flannel v0.26.700 (#8219)
  • Update cilium and multus to cni-plugins v1.7.1 (#8227)
  • Upgrade nginx chart (#8233)
  • Update to flannel v0.26.701 and canal v3.30.0-build2025051500 (#8258)
  • Update to CoreDNS 1.42.000 (#8266)
  • Update K8s to v1.32.5 and Go to v1.23.8 (#8242)
  • Fix race conditions in startup readiness checks (#8276)
  • Fix secrets syntax (#8282)

Charts Versions

ComponentVersion
rke2-cilium1.17.301
rke2-canalv3.30.0-build2025051500
rke2-calicov3.30.001
rke2-calico-crdv3.30.001
rke2-coredns1.42.000
rke2-ingress-nginx4.12.103
rke2-metrics-server3.12.201
rancher-vsphere-csi3.3.1-rancher900
rancher-vsphere-cpi1.10.000
harvester-cloud-provider0.2.1000
harvester-csi-driver0.1.2300
rke2-snapshot-controller4.0.002
rke2-snapshot-controller-crd4.0.002
rke2-snapshot-validation-webhook0.0.0

Release v1.32.4+rke2r1

This release updates Kubernetes to v1.32.4.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.32.3+rke2r1:

  • Bump multus version (#7989)
  • Update CNI charts (#7996)
  • Bump whereabouts to v0.9.0 (#8005)
  • Update to coredns 1.39.201 (#8010)
  • Bump flannel and canal versions (#8023)
  • Chore: Bump nginx to v1.12.1-hardened3 (#8056)
  • K3s bump and backports for 2025-04 (#8038)
  • Update to flannel v0.26.601 and canal v3.29.3-build2025040801 (#8061)
  • Update to cilium v1.17.3 (#8083)
  • Bump kine for nats-server/v2 CVE-2025-30215 (#8089)
  • Bump K3s version (#8102)
  • Bump traefik to v3.3.6 (#8108)
  • Update k8s to v1.32.4 (#8116)

Charts Versions

ComponentVersion
rke2-cilium1.17.300
rke2-canalv3.29.3-build2025040801
rke2-calicov3.29.300
rke2-calico-crdv3.29.101
rke2-coredns1.39.201
rke2-ingress-nginx4.12.101
rke2-metrics-server3.12.200
rancher-vsphere-csi3.3.1-rancher900
rancher-vsphere-cpi1.10.000
harvester-cloud-provider0.2.900
harvester-csi-driver0.1.2300
rke2-snapshot-controller4.0.002
rke2-snapshot-controller-crd4.0.002
rke2-snapshot-validation-webhook0.0.0

Release v1.32.3+rke2r1

This release updates Kubernetes to v1.32.3, and upgrades rke2-ingress-nginx to controller v1.12.1-hardened1 (chart version 4.12.1). This addresses CVE-2025-1974 as well as all other recently announced vulnerabilities in ingress-nginx.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.32.2+rke2r1:

  • Update to cilium v1.17.1 (#7849)
  • Bump coredns to v1.39.100 (#7858)
  • Update multus with new CNI plugin image with bond included (#7864)
  • Update to flannel v0.26.500 and canal v3.29.2-build2025030601 (#7874)
  • Bump ingress-nginx to hardened10 (#7885)
  • Backports for 2025-03 (#7890)
  • Bump K3s for apiserver addresses fix (#7912)
  • Update k8s (#7927)
  • Bump containerd to v2.0.4 (#7948)
  • Bump ingress-nginx to v1.12.1-hardened1, chart to 4.12.1 (#7961)

Charts Versions

ComponentVersion
rke2-cilium1.17.100
rke2-canalv3.29.2-build2025030601
rke2-calicov3.29.200
rke2-calico-crdv3.29.101
rke2-coredns1.39.100
rke2-ingress-nginx4.12.100
rke2-metrics-server3.12.200
rancher-vsphere-csi3.3.1-rancher900
rancher-vsphere-cpi1.10.000
harvester-cloud-provider0.2.900
harvester-csi-driver0.1.2300
rke2-snapshot-controller4.0.002
rke2-snapshot-controller-crd4.0.002
rke2-snapshot-validation-webhook0.0.0

Release v1.32.2+rke2r1

This release updates Kubernetes to v1.32.2.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.32.1+rke2r1:

  • Update to cilium v1.16.6 (#7680)
  • Charts: bump Harvester CSI Driver v0.1.23 (#7667)
    • Enhance the Harvester CSI controller affinity/anti-affinity
  • Bump canal, flannel and multus charts (#7712)
  • Update cilium to v1.17.0 (#7708)
  • Update Calico and Canal to v3.29.2 (#7723)
  • Bump k3s, containerd, traefik, etcd, crictl (#7738)
    • Update k3s to fix registry auth in containerd config template
    • Update containerd to v2.0.2
    • Update traefik to v3.3.2
    • Update etcd to v3.5.18
    • Update crictl to v1.32.0
    • Update rke2-ingress-nginx chart to fix typo in default backend image template
  • Bump vsphere CSI to v3.3.1-rancher9 (#7734)
  • Update to v1.32.2 and Go to 1.23.6 (#7760)
  • Update version (#7769)
  • Bump ingress-nginx to v1.12.0-hardened6 (#7773)
  • Bump canal and flannel images to build20250218 (#7787)
  • Sync images to Prime registry (#7799)
  • Bump K3s version for release-1.32 (#7804)
  • Bump containerd for go-cni deadlock fix (#7811)

Charts Versions

ComponentVersion
rke2-cilium1.17.000
rke2-canalv3.29.2-build2025021800
rke2-calicov3.29.200
rke2-calico-crdv3.29.101
rke2-coredns1.36.102
rke2-ingress-nginx4.12.005
rke2-metrics-server3.12.200
rancher-vsphere-csi3.3.1-rancher900
rancher-vsphere-cpi1.10.000
harvester-cloud-provider0.2.900
harvester-csi-driver0.1.2300
rke2-snapshot-controller4.0.002
rke2-snapshot-controller-crd4.0.002
rke2-snapshot-validation-webhook0.0.0

Release v1.32.1+rke2r1

This release updates Kubernetes to v1.32.1.

Important Note If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.32.0+rke2r1:

  • Charts: bump Harvester CSI Driver v0.1.2 (#7470)
    • Bump Harvester-csi-driver v0.1.22
  • Bump flannel, canal and multus charts (#7499)
  • Update to Cilium v1.16.5 (#7526)
  • Feat: bump harvester-cloud-provider to v0.2.9 (#7493)
    • Bump Harvester-cloud-provider v0.2.9
  • Updated calico chart to fix IP autodetect in case of IPv6 only (#7535)
  • Update metrics-server to 3.2.12 (#7550)
  • Update canal to v3.29.1-build2025011000 (#7566)
  • Add runtime classes hook and runtimes chart (#7578)
  • Backports for 2025-01 (#7587)
  • Bump ingress-nginx v1.12.0 (#7561)
  • Add Release downstream components in release workflow (#7597)
  • Bump k3s version for master and add/enhance tests (#7605)
  • Update k8s (#7603)
  • Bump ingress-nginx to v1.12.0-hardened2 (#7623)
  • Bump K3s version for split-role fix (#7635)

Charts Versions

ComponentVersion
rke2-cilium1.16.501
rke2-canalv3.29.1-build2025011000
rke2-calicov3.29.101
rke2-calico-crdv3.29.101
rke2-coredns1.36.102
rke2-ingress-nginx4.12.003
rke2-metrics-server3.12.200
rancher-vsphere-csi3.3.1-rancher800
rancher-vsphere-cpi1.10.000
harvester-cloud-provider0.2.900
harvester-csi-driver0.1.2200
rke2-snapshot-controller4.0.002
rke2-snapshot-controller-crd4.0.002
rke2-snapshot-validation-webhook0.0.0

Release v1.32.0+rke2r1

This release is RKE2's first in the v1.32 line. It updates Kubernetes to v1.32.0.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.31.4+rke2r1:

  • Bump K3s version for release-1.32 (#7445)
  • Validate single branch for tag (#7451)
  • Update rke2-cloud-controller for v1.32.0 (#7461)

Charts Versions

ComponentVersion
rke2-cilium1.16.400
rke2-canalv3.29.1-build2024121100
rke2-calicov3.29.100
rke2-calico-crdv3.29.100
rke2-coredns1.36.102
rke2-ingress-nginx4.10.503
rke2-metrics-server3.12.004
rancher-vsphere-csi3.3.1-rancher800
rancher-vsphere-cpi1.10.000
harvester-cloud-provider0.2.600
harvester-csi-driver0.1.2100
rke2-snapshot-controller3.0.601
rke2-snapshot-controller-crd3.0.601
rke2-snapshot-validation-webhook1.9.001