github rancher/rke2 v1.19.15+rke2r2

3 years ago

This release updates containerd to v1.4.11+k3s1 to address CVE-2021-41103 / GHSA-c2h3-6mxw-7mvq.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.19.15+rke2r1

  • Bump containerd to v1.4.11 for CVE fix (#1911)

Packaged Component Versions

Component Version
Kubernetes v1.19.15
Etcd v3.4.13-k3s1
Containerd v1.4.11-k3s1
Runc v1.0.1
CNI Plugins v0.9.1
Flannel v0.13.0-rancher1
Calico v3.13.3
Metrics-server v0.3.6
CoreDNS v1.6.9
Ingress-Nginx v1.36.3
Helm-controller v0.8.4

Known Issues

  • #1447 - When restoring RKE2 from backup to a new node, you should ensure that all pods are stopped following the initial restore:
curl -sfL https://get.rke2.io | sudo INSTALL_RKE2_VERSION=v1.19.15+rke2r1
rke2 server \
  --cluster-reset \
  --cluster-reset-restore-path=<PATH-TO-SNAPSHOT> --token <token used in the original cluster>
rke2-killall.sh
systemctl enable rke2-server
systemctl start rke2-server

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Don't miss a new rke2 release

NewReleases is sending notifications on new releases.