v1.19.12-rc1+rke2r2

[Release-1.19] Bump k3s version (#1325)

* Bump k3s version

* go mod tidy

v1.21.2-alpha2+rke2r2

This is a pre-release. Do not use this.

v1.21.2-alpha1+rke2r2

This is a pre-release. Do not use this.

v1.21.2+rke2r1

This release is RKE2's first in the v1.21 line. This release updates Kubernetes to v1.21.2.

For more details on what's new, see the Kubernetes release notes. If you are coming from v1.20 or earlier, it is recommended that you read the Urgent Upgrade Notes.

This release resolves a number of bugs and provides a number of new features, most notably, the introduction of the --cni flag. By default, RKE2 uses Canal as its CNI, which is a combination of Calico and Flannel. Now, with the --cni flag, an operator can specify which CNI they want to use. Operators now have the choice of calico, cilium, and canal. The multus meta-plugin can also be used in combination with other CNIs by specifying it as the first option in a comma-separated list, for example --cni=multus,canal. More on this can be found in the docs. Note that not all CNIs are FIPS compliant, please see the Available CNIs table for details.

You can still enable third party CNIs by disabling the default and deploying your own.

Note: With the introduction of addtional CNIs, we have published more image image archives and lists, to allow for fine-grained control of the images needed for air-gap installs. See the documentation for more details.

This release includes a number of new subcommands for interacting with etcd snapshots. All of the subcommands are compatible with locally stored snapshots and snapshots stored in S3.

• save - Alias for rke2 etcd-snaphot
• prune - Removes snapshots that exceed the configured retention policy
• delete - Deletes a given snapshot
• ls - Lists snapshots

Resolved Issues and Enhancements

• Added the INSTALL_RKE2_EXEC environment variable as alias for INSTALL_RKE2_TYPE (#1082)
• Added tolerations to helm charts to enable scheduling on role specific nodes (#1061)
• Added ability to confirm snapshots are turned off (#430)
• Added systemd notify support (#989)
• Added the ability to pass an alternate encryption config. (#1105)
• Added tolerations to helm charts to enable scheduling on role specific nodes (#1061)
• Added support for vSphere’s out-of-tree cloud provider. Note that this feature was introduced in RKE2 1.20.6, but in this version it can be enabled by passing --cloud-provider-name=rancher-vsphere, instead of simply vsphere. The implementation from the previous release made it impossible to enable the in-tree vsphere cloud provider. (#1114)
• Added support for Calico CNI (#860)
• Added support for Multus + sriov CNI (#746)
• Added support for SUSE Enterprise Linux 15 SP3. (#816)
• Updated Cilium to v1.9.8 (#1099)
• Updated runc to v1.0.0-rc95 (#977)
• Updated ingress nginx version to 3.30.003 (#884)
• Updated Go (GoBoring) to 1.16.4b7 (#968)
• Resolved issue where restoring from snapshot failed with executable file not found in $PATH (#1059)
• Resolved issue where snapshot and restore wasn't working with the "cluster-reset-restore-path" flag (#968)
• Resolved issue where opa-gatekeeper on rke2 cluster disallows cluster members to join after reboot and stay in NotReady state (#1054)
• Resolved possible race where bootstrap data might not save (#1116)
• Resolved an issue where SELinux would block audit logs from being written (#692)
• Resolved an issue where CIS checks for the etcd users where occuring on agents (#1063)
• Resolved an issue where kubernetes.default.svc was not being added to SANs in Kubernetes API serving Cert (#1112)
• Resolved an issue where helm charts were getting stuck in pending state after upgrade (#1143)
• Resolved an issue where removing etcd role from a node and restarting RKE2 failed (#886)
• Resolved an issue where rke2 couldn’t start if node hostnames were not resolvable through dns (#979)
• Resolved an issue where the the --disable-apiserver flag was inconsistently named. It is now --disable-api-server. The old flag remains for backwards compatibility, but is hidden (#1019)

Packaged Component Versions

Component	Version
Kubernetes	v1.21.2
Etcd	v3.4.13-k3s1
Containerd	v1.4.4-k3s2
Runc	v1.0.0-rc95
CNI Plugins	v0.8.7
Metrics-server	v0.3.6
CoreDNS	v1.6.9
Ingress-Nginx	3.30.003
Helm-controller	v0.10.1

Available CNIs

Component	Version	FIPS Compliant
Canal (Default)	Flannel v0.13.0-rancher1 Calico v3.13.3	Yes
Calico	v3.19.1	No
Cilium	v1.9.8	No
Multus	v3.7.1	No

Known Issues

• #786 - NetworkManager interferes with network related components. If your node has NetworkManager installed and enabled, please refer to the RKE2 Docs for a workaround.

• #1009 - RKE2 integrated cloud-controller-manager RBAC conflicts with out-of-tree Helm charts. RBAC roles have been renamed to no longer conflict, but if you are upgrading from an earlier release and plan on installing an out-of-tree cloud controller you should run the following command to clean up the legacy roles:

  kubectl delete clusterrole,clusterrolebinding cloud-controller-manager

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started.

v1.21.2-rc1+rke2r1

kubernetes: v1.21.2 (#1163)

* bump kubernetes version to 1.21.2

v1.20.8+rke2r1

This release updates Kubernetes to v1.20.8
For more details on what's new, see the Kubernetes release notes

Upgrade Notes

If you installed RKE2 from RPMs (default on RHEL-based distributions), you will need to either re-run the installer, or edit /etc/yum.repos.d/rancher-rke2.repo to point at the latest/1.20 or stable/1.20 channel (depending on how quickly you would like to receive new releases) in order to update RKE2 via yum.

Changes since v1.20.7+rke2r2

• Upgrade Kubernetes to v1.20.8
  (#1135)
• The built-in vsphere helm chart is now enabled by passing --cloud-provider-name=rancher-vsphere, instead of simply vsphere. The implementation from the previous release made it impossible to enable the in-tree vsphere cloud provider.
  (#1115)
• CIS checks no longer require the etcd user be present on agent nodes.
  (#1063)
• A message is now written to the logs when etcd snapshots are disabled.
  (#1123)
• Cluster bootstrap data (certs, etc) are now more reliably written to the datastore.
  (#1117)
• The kube-proxy helm chart no longer quotes boolean values.
  (#1131)
• kubernetes.default.svc is now included in the default SANs on the Kubernetes API serving certificate.
  (#1113)
• RBAC resources for the RKE integrated cloud-controller-manager are now uniquely named.
  (#1118)

Packaged Component Versions

Component	Version
Kubernetes	v1.20.8
Etcd	v3.4.13-k3s1
Containerd	v1.4.4-k3s2
Runc	v1.0.0-rc95
CNI Plugins	v0.8.7
Flannel	v0.13.0-rancher1
Calico	v3.13.3
Metrics-server	v0.3.6
CoreDNS	v1.6.9
Ingress-Nginx	v1.36.3
Helm-controller	v0.9.2

Known Issues

• #786 - NetworkManager interferes with network related components. If your node has NetworkManager installed and enabled, please referer to RKE2 Docs for a workaround.
• #1118 - RKE2 integrated cloud-controller-manager RBAC conflicts with out-of-tree Helm charts. RBAC roles have been renamed to no longer conflict, but if you are upgrading from an earlier release and plan on installing an out-of-tree cloud controller you should run the following command to clean up the legacy roles:

  kubectl delete clusterrole,clusterrolebinding cloud-controller-manager

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started.

v1.20.8-rc1+rke2r1

kubernetes: v1.20.8 (#1162)

See rancher/rke2#1135

Signed-off-by: Jacob Blain Christen <[email protected]>

v1.19.12+rke2r1

This release updates Kubernetes to v1.19.12
For more details on what's new, see the Kubernetes release notes

Changes since v1.19.11+rke2r1

• Upgrade Kubernetes to v1.19.12 (#1136)
• RKE2's Pod Security Policy (PSP) bootstrap code no longer updates the kube-system namespace's annotations when PSPs have not changed. (#1057)
  This resolves issues with OPA Gatekeeper deployments that enforce an admission controller webhook on namespace writes.
• The kube-proxy helm chart no longer quotes boolean values.
  (#1133)

Packaged Component Versions

Component	Version
Kubernetes	v1.19.12
Etcd	v3.4.13-k3s1
Containerd	v1.4.4-k3s2
Runc	v1.0.0-rc95
CNI Plugins	v0.8.7
Flannel	v0.13.0-rancher1
Calico	v3.13.3
Metrics-server	v0.3.6
CoreDNS	v1.6.9
Ingress-Nginx	v1.36.3
Helm-controller	v0.8.4

Known Issues

• #786 - NetworkManager interferes with network related components. If your node has NetworkManager installed and enabled, please refere to Rke2 Docs for a workaround.

This will be addressed in an upcoming release.

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started.

v1.19.12-rc1+rke2r1

kubernetes: v1.19.12 (#1161)

See rancher/rke2#1136

Signed-off-by: Jacob Blain Christen <[email protected]>

v1.18.20+rke2r1

This release updates Kubernetes to v1.18.20
For more details on what's new, see the Kubernetes release notes

Changes since v1.18.19+rke2r1

• Upgrade Kubernetes to v1.18.20

Packaged Component Versions

Component	Version
Kubernetes	v1.18.20
Etcd	v3.4.13-k3s1
Containerd	v1.3.10-k3s4
Runc	v1.0.0-rc95
CNI Plugins	v0.8.7
Flannel	v0.13.0-rancher1
Calico	v3.13.3
Metrics-server	v0.3.6
CoreDNS	v1.6.9
Ingress-Nginx	v1.36.3
Helm-controller	v0.8.4

Known Issues

• #786 - NetworkManager interferes with network related components. If your node has NetworkManager installed and enabled, please refer to the RKE2 Documentation for a workaround.

This will be addressed in an upcoming release.

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started.