Release v1.1.2
Rancher Kubernetes Engine (RKE) is a CNCF-certified Kubernetes distribution that runs entirely within Docker containers. It works on bare-metal and virtualized servers. With RKE, the installation and operation of Kubernetes is both simplified and easily automated, and it’s entirely independent of the operating system and platform you’re running.
Addressing CVEs
- Added new Kubernetes versions with updated system images to address the following k8s CVEs [#2099]:
- CVE-2020-8555: kube-controller-manager SSRF
- CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements
- Updated Nginx to the latest version [Rancher #26957]
Known Major Issues
- In clusters where
cloud_provider
is configured, and eitheraddress
orinternal_address
does not contain a valid IP address (e.g. hostname or FQDN), kube-proxy will fail to start. [#1725]
Kubernetes Versions
Each version of RKE has a specific list of supported Kubernetes versions. If you want to use a different version than listed below, you will need to update Kubernetes using the system images option in your cluster.yml
.
Kubernetes version |
---|
v1.17.6-rancher2-1
|
v1.16.10-rancher2-1
|
v1.15.12-rancher2-2
|
New Images in 1.17.6-rancher2-1, v1.16.10-rancher2-1, 1.15.12-rancher2-2
Updated Hyperkube Image based on k8s versions
- rancher/hyperkube:v1.17.6-rancher2
- rancher/hyperkube:v1.16.10-rancher2
- rancher/hyperkube:v1.15.12-rancher2
Updated CNI Plugins
CNI Plugin | Version | System Images |
---|---|---|
Calico | v3.13.4 | - rancher/calico-node:v3.13.4 - rancher/calico-cni:v3.13.4 - rancher/calico-kube-controllers:v3.13.4 - rancher/calico-ctl:v3.13.4 - rancher/calico-pod2daemon-flexvol:v3.13.4 |
Flannel | Flannel CNI v0.3.0-rancher6 | - rancher/flannel-cni:v0.3.0-rancher6 |
Canal | Calico v3.13.4 Flannel CNIv0.3.0-rancher6 | - rancher/calico-node:v3.13.4 - rancher/calico-cni:v3.13.4 - rancher/calico-pod2daemon-flexvol:v3.13.4 - rancher/flannel-cni:v0.3.0-rancher6 |
Weave | v2.6.4 | - weaveworks/weave-kube:2.6.4 - weaveworks/weave-npc:2.6.4 |
Other Updated System Images
NGINX updated to 0.32.0
- rancher/nginx-0.32.0-rancher1