rancher/rke2 v1.20.12+rke2r1

on GitHub

This release updates Kubernetes to v1.20.12, fixes a number of minor issues, and includes an update to ingress-nginx that resolves CVE-2021-25742.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.20.11+rke2r2

• Update Kubernetes to v1.20.12 (#2060)
• The ingress-nginx helm chart has been upgraded to version 4.0.3. (#1942)
  This resolves CVE-2021-25742.
• Servers will no longer occasionally create duplicate static pods during upgrades. (#1968)
• Servers will no longer join etcd clusters until the new member is more prepared to do so. (#1991)
• Flannel's vxlan backend now generates its own MAC addresses, preventing systemd 242+ from changing them unexpectedly. (#2009)
• Cluster member addresses are now updated when resetting/restoring etcd via --cluster-reset. (#2031)
• The rke2 etcd-snapshot subcommand now honors config file settings. (#2031)

Packaged Component Versions

Known Issues

• #2309 - Custom Cluster CIDRs are not honored when using the Canal CNI Plugin. If you specify a --cluster-cidr other than 10.42.0.0/16, you should apply the following manifest to your cluster:

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: rke2-canal
  namespace: kube-system
spec:
  valuesContent: |-
    podCidr: $YOUR_CLUSTER_CIDR

• #1447 - When restoring RKE2 from backup to a new node, you should ensure that all pods are stopped following the initial restore:

curl -sfL https://get.rke2.io | sudo INSTALL_RKE2_VERSION=v1.20.11+rke2r1
rke2 server \
  --cluster-reset \
  --cluster-reset-restore-path=<PATH-TO-SNAPSHOT> --token <token used in the original cluster>
rke2-killall.sh
systemctl enable rke2-server
systemctl start rke2-server

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started.