v1.28.X
Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.
Release v1.28.11+rke2r1
This release updates Kubernetes to v1.28.11.
Important Note
If your server (control-plane) nodes were not started with the --token
CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.
You may retrieve the token value from any server already joined to the cluster:
cat /var/lib/rancher/rke2/server/token
Changes since v1.28.10+rke2r1:
- Improve rke2-uninstall.ps1 script (#5963)
- Update cloud-provider image which now uses scratch as base (#5933) (#5989)
- Add cilium no proxy e2e test (#5885) (#5969)
- Update flannel chart to fix vni error (#5953) (#5999)
- Add extra log in e2e tests (#6020)
- Bump flannel to v0.25.201 and canal to v3.28.0-build2024052800 (#6048)
- Add a Kine fix when rke2 restart apiserver (#6005)
- Bump multus and whereabouts version (#6015) (#6039)
- Bump harvester-cloud-provider v0.2.4 (#5982)
- Version bumps and backports for 2024-06 release cycle (#6082)
- Add easy support for single node sqlite with kine (#6071)
- Bump nginx to 1.10.1 (#6056)
- Bump K3s version for v1.28 (#6112)
- Bump containerd to correctly built tag (#6128)
- Bump flannel version (#6125)
- Update to the latest SR-IOV image versions (#6150)
- Bump flannel image in rke2-canal (#6153)
- Use
rancher/permissions
dependency (#6140) - Bump K3s version for v1.28 (#6166)
- Improve rke2-uninstall.ps1 (#6133)
- June Testing Backports (#6156)
- Fix loadManifests function
- Slim down E2E artifacts
- Support MixedOS E2E local testing
- Add custom golang setup action for better caching
- Update flannel version to v0.25.4 (#6178)
- Update kubernetes to v1.28.11 (#6189)
- Fix drone pipeline (#6197)
- Update drone build base image (#6204)
- Bump K3s version for v1.28 to fix regression in agent's supervisor port (#6202)
- Bump rke2-ingress-nginx chart to revert watchIngressWithoutClass default (#6218)
- Update hardened kubernetes (#6223)
- Bump K3s version for snapshot fix (#6232)
- Fix issue that allowed multiple simultaneous snapshots to be allowed
- Revert rke2-ingress-nginx bump back to v1.9.6 (#6243)
- Reinstate newest rke2-ingress-nginx (#6256)
- Update calico image to v3.28.0-build20240625 (#6259)
Charts Versions
Component | Version |
---|---|
rke2-cilium | 1.15.500 |
rke2-canal | v3.28.0-build2024062503 |
rke2-calico | v3.27.300 |
rke2-calico-crd | v3.27.002 |
rke2-coredns | 1.29.002 |
rke2-ingress-nginx | 4.10.101 |
rke2-metrics-server | 3.12.002 |
rancher-vsphere-csi | 3.1.2-rancher400 |
rancher-vsphere-cpi | 1.7.001 |
harvester-cloud-provider | 0.2.400 |
harvester-csi-driver | 0.1.1700 |
rke2-snapshot-controller | 1.7.202 |
rke2-snapshot-controller-crd | 1.7.202 |
rke2-snapshot-validation-webhook | 1.7.302 |
Release v1.28.10+rke2r1
This release updates Kubernetes to v1.28.10.
Important Note
If your server (control-plane) nodes were not started with the --token
CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.
You may retrieve the token value from any server already joined to the cluster:
cat /var/lib/rancher/rke2/server/token
Changes since v1.28.9+rke2r1:
- Add mixedos BGP e2e test (#5873)
- Remove flannel-v6.4096 when rke2-killall.sh (#5877)
- Unit, Integration and Install Testing Overhaul (#5796)
- Remove cni parameter from agent config (#5893)
- Add script to validate flannel versions (#5896)
- Fix mixedosbgp e2e test (#5903)
- E2E test backports (#5907)
- Update k8s v1.28.10 (#5912)
- Windows changes (#5921)
- Cilium version bump to 1.15.5 (#5942)
Charts Versions
Component | Version |
---|---|
rke2-cilium | 1.15.500 |
rke2-canal | v3.27.3-build2024042301 |
rke2-calico | v3.27.300 |
rke2-calico-crd | v3.27.002 |
rke2-coredns | 1.29.002 |
rke2-ingress-nginx | 4.9.100 |
rke2-metrics-server | 3.12.002 |
rancher-vsphere-csi | 3.1.2-rancher400 |
rancher-vsphere-cpi | 1.7.001 |
harvester-cloud-provider | 0.2.300 |
harvester-csi-driver | 0.1.1700 |
rke2-snapshot-controller | 1.7.202 |
rke2-snapshot-controller-crd | 1.7.202 |
rke2-snapshot-validation-webhook | 1.7.302 |
Release v1.28.9+rke2r1
This release updates Kubernetes to v1.28.9.
Important Note
If your server (control-plane) nodes were not started with the --token
CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.
You may retrieve the token value from any server already joined to the cluster:
cat /var/lib/rancher/rke2/server/token
Changes since v1.28.8+rke2r1:
- Bump flannel version (#5643)
- Add kine support (#5675)
- Add some small fixes in flannel-windows (#5666)
- Bump ingress-nginx to 1.9.6 (#5687)
- Bump K3s version for 2024-04 release cycle (#5715)
- Fix Windows path setting (#5728)
- Update flannel to v0.25.0 (#5733)
- Check if the kube-proxy VIP was already reserved (#5738)
- Calico and canal update (#5737)
- Update flannel to v0.25.1 (#5748)
- Update to Cilium v1.15.3 (#5745)
- Bump harvester-cloud-provider v0.2.3 (#5695)
- Backports for 2024-04 release cycle (#5752)
- Bump vsphere csi chart to 3.1.2-rancher300 and add snapshotter image (#5761)
- Update to Cilium v1.15.4 (#5773)
- Bump metrics-server version (#5758)
- Vsphere csi bump (#5802)
- Update Kubernetes to v1.28.9 (#5798)
- Bump K3s version for v1.28 to pull through etcd-snapshot save fixes (#5817)
- Bump K3s version for dbinfo fix (#5823)
- Updated Calico and Flannel to fix ARM64 build (#5828)
- Enable apiserver to access updated encryption-config.json (#5830)
- Update rke2-canal to v3.27.3-build2024042301 (#5837)
- Use the newer Flannel chart (#5847)
- Bump metrics-server chart to restore legacy label (#5852)
Charts Versions
Component | Version |
---|---|
rke2-cilium | 1.15.400 |
rke2-canal | v3.27.3-build2024042301 |
rke2-calico | v3.27.300 |
rke2-calico-crd | v3.27.002 |
rke2-coredns | 1.29.002 |
rke2-ingress-nginx | 4.9.100 |
rke2-metrics-server | 3.12.002 |
rancher-vsphere-csi | 3.1.2-rancher400 |
rancher-vsphere-cpi | 1.7.001 |
harvester-cloud-provider | 0.2.300 |
harvester-csi-driver | 0.1.1700 |
rke2-snapshot-controller | 1.7.202 |
rke2-snapshot-controller-crd | 1.7.202 |
rke2-snapshot-validation-webhook | 1.7.302 |
Release v1.28.8+rke2r1
This release updates Kubernetes to v1.28.8.
Canal uses flannel 0.24.3 which includes a bug: every 5 seconds it tries to add ipv6 iptables rules and fails if the node does not have an ipv6 address. The consequence is the log "Failed to ensure iptables rules: error setting up rules: failed to apply partial iptables-restore unable to run iptables-restore (, ): exit status 4" appears every 5 seconds in the flannel container of the canal pod.
Flannel daemonset is not tolerating node taints: "node-role.kubernetes.io/etcd:NoExecute", "node-role.kubernetes.io/control-plane:NoSchedule" and "node.cloudprovider.kubernetes.io/uninitialized:NoSchedule" which can create problems when deploying with Rancher in certain cloud-providers (e.g. vShpere or DigitalOcean).
If your server (control-plane) nodes were not started with the --token
CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.
You may retrieve the token value from any server already joined to the cluster:
cat /var/lib/rancher/rke2/server/token
Changes since v1.28.7+rke2r1:
- Add a multus e2e test (#5545)
- Bump vsphere csi chart to 3.1.2-rancher101 and cpi to 1.7.001 (#5554)
- Bump coredns chart (#5561)
- Update 1.28 to r2 (#5566)
- Update Calico and Canal to v3.27.2 (#5583)
- Bump multus chart version (#5594)
- Bump K3s version for v1.28 (#5588)
- Fix: use correct wasm shims names
- Bump spegel to v0.0.18-k3s3
- Adds wildcard registry support
- Fixes issue with excessive CPU utilization while waiting for containerd to start
- Add env var to allow spegel mirroring of latest tag
- Bump helm-controller/klipper-helm versions
- Fix snapshot prune
- Fix issue with etcd node name missing hostname
- Fix additional corner cases in registries handling
- RKE2 will now warn and suppress duplicate entries in the mirror endpoint list for a registry. Containerd does not support listing the same endpoint multiple times as a mirror for a single upstream registry.
- Bump K3s version for v1.28 (#5606)
- Update k8s to 1.28.8 and Go (#5623)
Charts Versions
Component | Version |
---|---|
rke2-cilium | 1.15.100 |
rke2-canal | v3.27.2-build2024030800 |
rke2-calico | v3.27.200 |
rke2-calico-crd | v3.27.002 |
rke2-coredns | 1.29.002 |
rke2-ingress-nginx | 4.8.200 |
rke2-metrics-server | 2.11.100-build2023051513 |
rancher-vsphere-csi | 3.1.2-rancher101 |
rancher-vsphere-cpi | 1.7.001 |
harvester-cloud-provider | 0.2.200 |
harvester-csi-driver | 0.1.1700 |
rke2-snapshot-controller | 1.7.202 |
rke2-snapshot-controller-crd | 1.7.202 |
rke2-snapshot-validation-webhook | 1.7.302 |