rancher/rke2 v1.20.7+rke2r2

on GitHub

This release resolves a bug (#1052) with the --cluster-reset flag which causes a goroutine panic when attempting to reset the etcd cluster membership. It is required to upgrade to this version of RKE2 if you intend to leverage etcd cluster reset or etcd restore functionality.

Upgrade Notes

If you installed RKE2 from RPMs (default on RHEL-based distributions), you will need to either re-run the installer, or edit /etc/yum.repos.d/rancher-rke2.repo to point at the latest/1.20 or stable/1.20 channel (depending on how quickly you would like to receive new releases) in order to update RKE2 via yum.

Changes since v1.20.7+rke2r1

• rke2 server --cluster-reset now functions properly. (#1052)
• The calico and cilium CNI images have been updated to address vulnerabilities in the base image. (#1042)
• RKE2's Pod Security Policy (PSP) bootstrap code no longer updates the kube-system namespace's annotations when PSPs have not changed. (#1056)
  This resolves issues with OPA Gatekeeper deployments that enforce an admission controller webhook on namespace writes.

Packaged Component Versions

Known Issues

• #1063 - CIS Profile checks require etcd user to be present on agents. As a workaround, ensure that the etcd user exists on all nodes on which you will use the --profile flag, even ones that you do not plan to enable etcd on. This will be fixed in a subsequent patch release.
• #786 - NetworkManager interferes with network related components. If your node has NetworkManager installed and enabled, please refer to the RKE2 Docs for a workaround.

These will be addressed in an upcoming release.

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started.