v1.31.X
Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.
Release v1.31.5+rke2r1
This release updates Kubernetes to v1.31.5.
Important Note
If your server (control-plane) nodes were not started with the --token
CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.
You may retrieve the token value from any server already joined to the cluster:
cat /var/lib/rancher/rke2/server/token
Changes since v1.31.4+rke2r1:
- Charts: bump harvester csi driver v0.1.22 (#7471)
- Bump Harvester-csi-driver v0.1.22
- Bump flannel, canal and multus charts (#7501)
- Update to Cilium
v1.16.5
(#7527) - Feat: bump harvester-cloud-provider to v0.2.9 (#7492)
- Bump Harvester-cloud-provider v0.2.9
- Updated calico chart to fix IP autodetect in case of IPv6 only (#7536)
- Update metrics-server to
3.2.12
(#7551) - Update canal to
v3.29.1-build2025011000
(#7567) - Add runtime classes hook and runtimes chart (#7579)
- Add Release downstream components in release workflow (#7591)
- Backports for 2025-01 (#7588)
- Bump ingress-nginx v1.12.0 (#7560)
- Fix Release downstream components in release workflow (#7595)
- Add
--latest
flag set to false in GHrelease create
(#7598) - Bump k3s version for master and add/enhance tests (#7606)
- Update k8s (#7604)
- Bump ingress-nginx to v1.12.0-hardened2 (#7620)
- Bump K3s version for split-role fix (#7636)
Charts Versions
Component | Version |
---|---|
rke2-cilium | 1.16.501 |
rke2-canal | v3.29.1-build2025011000 |
rke2-calico | v3.29.101 |
rke2-calico-crd | v3.29.101 |
rke2-coredns | 1.36.102 |
rke2-ingress-nginx | 4.12.003 |
rke2-metrics-server | 3.12.200 |
rancher-vsphere-csi | 3.3.1-rancher700 |
rancher-vsphere-cpi | 1.9.100 |
harvester-cloud-provider | 0.2.900 |
harvester-csi-driver | 0.1.2200 |
rke2-snapshot-controller | 4.0.002 |
rke2-snapshot-controller-crd | 4.0.002 |
rke2-snapshot-validation-webhook | 0.0.0 |
Release v1.31.4+rke2r1
This release updates Kubernetes to v1.31.4.
Important Note
If your server (control-plane) nodes were not started with the --token
CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.
You may retrieve the token value from any server already joined to the cluster:
cat /var/lib/rancher/rke2/server/token
Changes since v1.31.3+rke2r1:
- Update to Cilium v1.16.4 (#7325)
- Updated Calico version to
v3.29.1
(#7351) - Bump Harvester CSI driver v0.1.21 (#7283)
- Bump Harvester-csi-driver v0.1.21
- Update k3s for loadbalancer improvements (#7397)
- Update Flannel and Canal version (#7406)
- Bump ingress-nginx to hardened6 (#7416)
- Bump dns-node-cache to 1.24.0 (#7418)
- Bump hardened k8s and build base (#7424)
Charts Versions
Component | Version |
---|---|
rke2-cilium | 1.16.400 |
rke2-canal | v3.29.1-build2024121100 |
rke2-calico | v3.29.100 |
rke2-calico-crd | v3.29.100 |
rke2-coredns | 1.36.102 |
rke2-ingress-nginx | 4.10.503 |
rke2-metrics-server | 3.12.004 |
rancher-vsphere-csi | 3.3.1-rancher700 |
rancher-vsphere-cpi | 1.9.100 |
harvester-cloud-provider | 0.2.600 |
harvester-csi-driver | 0.1.2100 |
rke2-snapshot-controller | 3.0.601 |
rke2-snapshot-controller-crd | 3.0.601 |
rke2-snapshot-validation-webhook | 1.9.001 |
Release v1.31.3+rke2r1
This release updates Kubernetes to v1.31.3.
Important Note
If your server (control-plane) nodes were not started with the --token
CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.
You may retrieve the token value from any server already joined to the cluster:
cat /var/lib/rancher/rke2/server/token
Changes since v1.31.2+rke2r1:
- Backport E2E GHA fixes (#7179)
- Bump multus, cilium and flannel charts (#7194)
- Bump ingress-nginx to v1.10.5-hardened4 (#7189)
- Bump canal chart to v3.29.0 (#7223)
- Bump rke2-calico to v3.29.0 (#7229)
- Backport missing E2E PRs (#7203)
- Update to newer OS images for install testing
- Add cleanup to e2e tests in vagrant env
- Add e2e validation test for kine
- Bump vSphere CSI/CPI charts to 1.9.1 and 3.3.1-rancher700 (#7252)
- Update Flannel to v0.26.1 (#7257)
- Fix e2e ci by ignoring FOG warnings (#7268)
- Bump rke2-coredns to 1.33.005 (#7279)
- Backports for 2024-11 (#7289)
- Bump etcd to 3.5.16
- Bump containerd to v1.7.23
- Fix issue on nodes with large datastores and slow disk that would cause RKE2 to fail to start due to the etcd defrag timing out after 30 seconds.
- Fix issue where RKE2 killall script could remove data from pod volumes that failed to unmount correctly
- Update upstream version (#7320)
- Restore AWS node-name support and add IMDSv2 support (#7354)
- Bump containerd for image rewrite fix (#7377)
- Bump containerd to v1.7.23-k3s2
Charts Versions
Component | Version |
---|---|
rke2-cilium | 1.16.303 |
rke2-canal | v3.29.0-build2024110400 |
rke2-calico | v3.29.000 |
rke2-calico-crd | v3.29.000 |
rke2-coredns | 1.33.005 |
rke2-ingress-nginx | 4.10.502 |
rke2-metrics-server | 3.12.004 |
rancher-vsphere-csi | 3.3.1-rancher700 |
rancher-vsphere-cpi | 1.9.100 |
harvester-cloud-provider | 0.2.600 |
harvester-csi-driver | 0.1.2000 |
rke2-snapshot-controller | 3.0.601 |
rke2-snapshot-controller-crd | 3.0.601 |
rke2-snapshot-validation-webhook | 1.9.001 |
Release v1.31.2+rke2r1
This release updates Kubernetes to v1.31.2.
Important Note
If your server (control-plane) nodes were not started with the --token
CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.
You may retrieve the token value from any server already joined to the cluster:
cat /var/lib/rancher/rke2/server/token
Changes since v1.31.1+rke2r1:
- Fixed windows CNI setup in case cni none is configured (#6831)
- Fix e2e test bug in mixedosbgp (#6843)
- Add trivy scanning to PR reports (#6838)
- Bump Calico v3.28.2 (#6878)
- Fix typo in dispatch workflow (#6894)
- Bump coredns chart (#6904)
- Fix uninstall for amazon linux 2 (#6918)
- Update to Cilium v1.16.2 (#6937)
- Bump traefik to chart 27.0.2 (#6957)
- Bump crictl (#6975)
- Update Canal to v3.28.2-build2024100300 and Flannel to v0.25.7 (#6971)
- Ingress-nginx and rke2-cloud-provider bumps (#6991)
- Bump containerd to v1.7.22 (#7001)
- Bump crictl to v1.31.1-build20241011 (#7010)
- Bump csi snapshot charts (#7023)
- Update multus to v4.1.2 (#7018)
- Bump k3s (#7032)
- Bump Harvester CSI driver v0.1.20 (#7049)
- Bump Harvester-csi-driver v0.1.20
- Bump K3s/CCM version (#7056)
- Add org.opencontainers.image url and source labels to dockerfiles (#7062)
- October 2024 R2 update (#7066)
- Bump CSI snapshot controller chart for CRD updates (#7068)
- Rke2-runtime signing and manifests (#7089) (#7102)
- Update hardened chart images (#7098)
- October K8s patch (#7104)
- Bump coredns chart and image (#7084)
- Fix hardened-flannel airgap image for rke2-flannel (#7121)
- Fix release workflow (#7124)
- Use buildkit (#7133)
- Fix publish windows runtime (#7147)
Charts Versions
Component | Version |
---|---|
rke2-cilium | 1.16.201 |
rke2-canal | v3.28.2-build2024101601 |
rke2-calico | v3.28.200 |
rke2-calico-crd | v3.28.200 |
rke2-coredns | 1.33.002 |
rke2-ingress-nginx | 4.10.501 |
rke2-metrics-server | 3.12.004 |
rancher-vsphere-csi | 3.3.1-rancher100 |
rancher-vsphere-cpi | 1.9.000 |
harvester-cloud-provider | 0.2.600 |
harvester-csi-driver | 0.1.2000 |
rke2-snapshot-controller | 3.0.601 |
rke2-snapshot-controller-crd | 3.0.601 |
rke2-snapshot-validation-webhook | 1.9.001 |
Release v1.31.1+rke2r1
This release updates Kubernetes to v1.31.1.
Important Note
If your server (control-plane) nodes were not started with the --token
CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.
You may retrieve the token value from any server already joined to the cluster:
cat /var/lib/rancher/rke2/server/token
Changes since v1.31.0+rke2r1:
- Bump canal to v3.28.1-build20240830 (#6687)
- Update chart with CNI plugins on Flannel and Cilium (#6700)
- Bump multus chart to v4.1.000 (#6745)
- Remove sriov images from airgap tarball (#6751)
- Add ctr to shell completion (#6731)
- Bump k3s/containerd/runc/ccm versions (#6762)
- Update cilium chart to
1.16.103
(#6714) - Bump charts and images to fix go CVE (#6780)
- Bump hardened images (#6775)
- Update Calico image for Canal with updated CNI plugins (#6793)
- Bump ingress-nginx to v1.10.4-hardened3 (#6798)
- Bump etcd and CCM builds (#6802)
- September K8s patch (#6812)
- Update cilium e2e test (#6817)
Charts Versions
Component | Version |
---|---|
rke2-cilium | 1.16.104 |
rke2-canal | v3.28.1-build2024091100 |
rke2-calico | v3.28.100 |
rke2-calico-crd | v3.28.100 |
rke2-coredns | 1.29.006 |
rke2-ingress-nginx | 4.10.402 |
rke2-metrics-server | 3.12.003 |
rancher-vsphere-csi | 3.3.1-rancher100 |
rancher-vsphere-cpi | 1.9.000 |
harvester-cloud-provider | 0.2.600 |
harvester-csi-driver | 0.1.1800 |
rke2-snapshot-controller | 1.7.202 |
rke2-snapshot-controller-crd | 1.7.202 |
rke2-snapshot-validation-webhook | 1.7.302 |
Release v1.31.0+rke2r1
This release updates Kubernetes to v1.31.0.
Important Note
If your server (control-plane) nodes were not started with the --token
CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.
You may retrieve the token value from any server already joined to the cluster:
cat /var/lib/rancher/rke2/server/token
Changes since v1.30.4+rke2r1:
- Fix RoleBinding/ClusterRoleBinding subject growth (#6273)
- Improve agent logs dir default permissions (#6276)
- Refactor run_tests.sh script (#6280)
- Add e2e test about mixedos+flannel (#6063)
- Add
data-dir
to uninstall and killall scripts (#6296) - Bump github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.7 (#6246)
- Bump alpine from 3.19 to 3.20 (#6017)
- Add multiple ingress controller support + traefik (#5943)
- Bump multus to v4.0.206 (#6311)
- Rke2 shell completion (#6305)
- RKE2 now support shell completion
- Bump K3s version for master (#6315)
- Change fapolicyd rules to full replacement rather than append (#6309)
- Bump vsphere csi chart to 3.3.0-rancher100 and cpi to 1.8.000 (#6340)
- Upload tarball with merges to master and release branches (#6316)
- Add updatecli configuration to update vsphere cpi and csi charts (#5326)
- Fix secrets for commit id uploads (#6359)
- Fix secrets for commit id uploads (#6360)
- Publish binaries in dapper (#6375)
- Fix decompressing gh tool in Dockerfile (#6378)
- Fixing pat_username (#6383)
- Stage CNI (and harvester) images if avaliable for airgap (#6275)
- Add missing package windows step in release (#6387)
- Add manifest pipeline for rke2-runtime docker image (#6397)
- Fix dispatch script (#6405)
- Bump rke2-coredns to add option to use nodelocal dns cache with cilium Local Redirect Policy (#6372)
- Add traefik airgap image tarball (#6439)
- Support Amazon Linux 2 rpm installs (#6429)
- Update channel server for July 2024 release (#6450)
- Fix external etcd connection (#6355)
- Add netpol template for traefik (#6452)
- Bump rke2-calico chart to v3.28.100 (#6473)
- Bump ingress-nginx to hardened2 (#6448)
- Bump rke2-canal to v3.28.1-build2024080600 (#6496)
- Update flannel to v0.25.5 (#6498)
- Update Cilium to v1.16.0 (#6500)
- Bump k3s and containerd (#6523)
- Added check if the node is rebooted before the networks is deleted on windows (#6437)
- Modify rke2-killall.sh to handle RKE2_DATA_DIR (#6531)
- Bump Harvester CSI driver v0.1.18 (#6392)
- Bump Harvester-csi-driver v0.1.18
- Bump containerd/crictl/runc versions (#6551)
- Fix kill all script to not delete data dir (#6558)
- Fix traefik netpol annotation key (#6569)
- Fix windows airgap image packaging (#6580)
- Update to cilium v1.16.1 (#6577)
- Fixed Flannel chart to rightly disable nft (#6606)
- Bump ingress-nginx to v1.10.4-hardened2 (#6591)
- Fix traefik netpol port names (#6619)
- Update channel server for August 2024 release (#6642)
- Bump canal to v3.28.1-build20240827 (#6659)
- Bump runc to v1.1.13 (#6623)
- Update Kubernetes to v1.31.0 (#6625)
- Bump K8s to v1.31.0-k3s3 (#6665)
- Feat: bump harvester-cloud-provider to v0.2.6 (#6667)
Charts Versions
Component | Version |
---|---|
rke2-cilium | 1.16.101 |
rke2-canal | v3.28.1-build2024082701 |
rke2-calico | v3.28.100 |
rke2-calico-crd | v3.28.100 |
rke2-coredns | 1.29.004 |
rke2-ingress-nginx | 4.10.401 |
rke2-metrics-server | 3.12.002 |
rancher-vsphere-csi | 3.3.1-rancher100 |
rancher-vsphere-cpi | 1.9.000 |
harvester-cloud-provider | 0.2.600 |
harvester-csi-driver | 0.1.1800 |
rke2-snapshot-controller | 1.7.202 |
rke2-snapshot-controller-crd | 1.7.202 |
rke2-snapshot-validation-webhook | 1.7.302 |