Release v0.2.11

Rancher Kubernetes Engine (RKE) is a CNCF-certified Kubernetes distribution that runs entirely within Docker containers. It works on bare-metal and virtualized servers. With RKE, the installation and operation of Kubernetes is both simplified and easily automated, and it's entirely independent of the operating system and platform you're running.

Addressing CVEs

• Added new Kubernetes versions with updated system images to address the following k8s CVEs [#2099]:
  • CVE-2020-8555: kube-controller-manager SSRF
  • CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements
• Updated Nginx to the latest version [Rancher #27153]

Important

• RKE v0.2.x releases enable certificate rotation support. This feature addresses a 1 year expiration on certificates generated by RKE v0.1.x for secure Kubernetes cluster components communication [#450]. To renew the cluster certificates, run the following command:

  ./rke cert rotate --config cluster.yml

Known Major Issues

• RKE will not finish deployment if certain network mounts exist on the target node [#20677]
• When node is being removed from the cluster.yml, subsequent rke up run doesn't clean it up properly [1413]

Kubernetes Versions

Each version of RKE has a specific list of supported Kubernetes versions. If a version is defined in kubernetes_version in the cluster.yml and is not found in this list, then RKE will error out. If you want to use a different version than listed below, you will need to update Kubernetes using the system images option in your cluster.yml.