This release is RKE2's first in the v1.22 line. This release updates Kubernetes to v1.22.3.
As this release includes a number of significant changes from previous versions, we will not make v1.22 available via the stable release channel until v1.22.4+rke2r1 or later.
Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.
Special attention should be paid to the removal of several beta Kubernetes APIs, as this is a breaking change for users with apiextensions.k8s.io/v1beta1 CustomResourceDefinition or networking.k8s.io/v1beta1 Ingress resources in their manifests.
Changes since RKE2 v1.21.2-rke2r1 (when the release-1.21 branch was forked from master)
- Bump containerd to v1.5.7-k3s2 (#2078)
- Bump RKE2 to v1.22.3-rc1+rke2r1 (#2058)
- Bump k3s to revert reconcile bootstrap data (#2055)
- Update to latest of k3s (#2049)
- Bump K3s module versions (#2029)
- Remove confirm=false for windows uninstall script (#2024)
- Bump rke2-canal flannel version for vxlan fix (#2000)
- Update K3s and update executors to delay etcd join (#1952)
- Bump rke2-coredns helm chart to include pod hostname anti-affinity rule (#1993)
- Strict mode bug fix for install.ps1 (#1994)
- Move to newer rke2 cloud provider version (#1981)
- Don't create static pod tempfiles in static pod dir (#1966)
- Migrate to Wins Logging (#1979)
- Ensure that the legacy rke2-kube-proxy chart is disabled (#1971)
- 1.22 version bumps and use stable cni-plugins release (#1838)
- Bump containerd to 1.5.7 (#1947)
- Update to Kubernetes / K3s 1.22.2 (#1827)
- Bug fixes and logic improvements for windows scripts (#1949)
- update windows uninstall and install scripts (#1872)
- Update rke2 to v1.21.5+rke2r2 and embedded k3s (#1931)
- Disable embedded CCM when enabling packaged cloud-provider charts (#1862)
- Increment Calico chart version (#1878)
- Cleaning up the PowerShell installation script (#1867)
- Adding default for AIRGAP_TARBALL_URL (#1853)
- Add Permit Port Sharing Flag to Scheduler and Controller Manager (#1841)
- Update calico chart (#1828)
- Remove the broken/unused/unneeded $AIRGAP_CHECKSUMS_URL argument (#1805)
- Bump K3s engine-1.21 to latest commit for bugfix (#1823)
- Update K3s to latest engine-1.21 (#1818)
- Cilium: Bump chart version to 1.10.402 (#1811)
- Bump k3s for etcd metrics fix (#1798)
- Bump wharfie to v0.4.2 (#1786)
- Support Harvester CCM and CSI (#1679)
- Cilium: Update to 1.10.4 (#1781)
- Bump containerd to v1.4.9-k3s1, runc to v1.0.1 (#1772)
- Add 2 new helm global values that separate v4 and v6 (#1720)
- Adding support for External IP for Windows nodes Rancher installer.. (#1753)
- Update k3s to engine-1.21 (#1747)
- Update calico chart (#1692)
- Add linux nodeSelector to coredns and helm jobs (#1688)
- Bump chart versions to pull in linux nodeSelectors (#1672)
- Upgrade k3s master (#1663)
- Refactored how we start calico with kubelet context to cancel (#1619)
- Use FQDN for node name if cloud provider is set to AWS (#1631)
- Add missing kubeproxy extra env and mounts (#1626)
- Calico: Update the chart to v3.19.2-202 (#1623)
- switch info and config calls around for proper headers to hit first (#1612)
- Bumped k3s version to bring in updated HNS Network call. (#1605)
- Allows getting the version from Rancher and passes it to the installer. (#1602)
- Bump hardened-kubernetes to v1.21.3-rke2r2 (#1582)
- Update k3s to resolve for s3 folder handling when listing snapshots (#1597)
- Bump calico to 3.19.2 for windows (#1591)
- Update Calico version to v3.19.2 (#1585)
- Switching to only using curl for windows scripts. (#1571)
- Fixing issues with windows installation scripts. (#1567)
- Update k3s to fix node stuck on removal (#1542)
- Update coredns chart (#1540)
- Update labels to be annotations (#1531)
- Bump to calico chart (#1527)
- Custom resource requests/limits, extra binds, and extra env for control plane static pod components (#1463)
- Add psp labels (#1517)
- Start using hardened dns images (#1513)
- Switching to 3.5 pause images (#1516)
- Bump k3s in go.mod to address issue with disabling kube-proxy (#1462)
- Update service watching logic for windows service manager (#1475)
- Provide support for nodelocal DNSCache (#1466)
- Upgrade k3s in master (#1489)
- Add Windows RKE2 Uninstall script (#1488)
- Bump versions in Windows Dockerfile (#1480)
- Bump ingress-nginx chart to 3.34.002 (#1476)
- Add new coredns chart (#1464)
- Remove tables and interfaces created by cilium & calico (#1456)
- Add Windows Installation for Rancher, Update existing Installer (#1461)
- Upgrade k3s bootstrap (#1431)
- Made audit-policy-file flag independent of CIS profile flag (#1419)
- Bump kubernetes versions to GA build (#1420)
- Rewrite to pass in WaitGroup (#1408)
- The embedded containerd version has been updated to v1.4.8-k3s1 to resolve GHSA-c72p-9xmj-rx3w (#1397)
- Upgrade kube-proxy version (#1303)
- Switching to using StartupHookArgs and adding Disables/Skips (#1381)
- Adding the volume mount for the docker socket (#1379)
- Hardcode rancher namespace for rke2-runtime manifest (#1374)
- Kube-proxy deployed twice and without needed permissions (#1346)
- Added privileged to static pod args (#1326)
- Windows and Calico support (#1268)
- Adding agent service sub command for Windows (#1281)
Packaged Component Versions
| Component | Version |
|---|---|
| Kubernetes | v1.22.3 |
| Etcd | v3.5.0-k3s2 |
| Containerd | v1.5.7-k3s2 |
| Runc | v1.0.2 |
| CNI Plugins | v0.9.1 |
| Metrics-server | v0.5.0 |
| CoreDNS | v1.8.5 |
| Ingress-Nginx | 4.0.3 |
| Helm-controller | v0.11.7 |
Available CNIs
| Component | Version | FIPS Compliant |
|---|---|---|
| Canal (Default) | Flannel v0.15.1 Calico v3.20.1 | Yes |
| Calico | v3.20.1 | No |
| Cilium | v1.10.4 | No |
| Multus | v3.7.1 | No |
Known Issues
- #2085 - The rke2-metrics-server helm chart may fail to upgrade due to API version deprecations not handled by the MapKubeAPIs Helm plugin, leaving the metrics-server service non-functional following the upgrade. This will be fixed in the next release, but can be resolved by running:
kubectl delete helmchart -n kube-system rke2-metrics-server
systemctl restart rke2-server- #1447 - When restoring RKE2 from backup to a new node, you should ensure that all pods are stopped following the initial restore:
curl -sfL https://get.rke2.io | sudo INSTALL_RKE2_VERSION=v1.22.3+rke2r1
rke2 server \
--cluster-reset \
--cluster-reset-restore-path=<PATH-TO-SNAPSHOT> --token <token used in the original cluster>
rke2-killall.sh
systemctl enable rke2-server
systemctl start rke2-serverHelpful Links
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our Slack channel
- Check out our documentation for guidance on how to get started.