This release updates Kubernetes to v1.24.17, and fixes a number of issues.
⚠️ This release includes support for remediating CVE-2023-32186, a potential Denial of Service attack vector on RKE2 servers. See GHSA-p45j-vfv5-wprq for more information, including mandatory steps necessary to harden clusters against this vulnerability.
If your server (control-plane) nodes were not started with the
--tokenCLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.
You may retrieve the token value from any server already joined to the cluster:
Changes since v1.24.16+rke2r1:
- Sync Felix and calico-node datastore (#4578)
- Update Calico and Flannel on Canal (#4566)
- Update cilium to v1.14.0 (#4587)
- Update to whereabouts v0.6.2 (#4593)
- Windows fixes (#4674)
- Bumping k3s version 1.24 (#4680)
- Version bumps and backports for 2023-08 release (#4687)
- Updated the embedded containerd to v1.7.3+k3s1
- Updated the embedded runc to v1.1.8
- Updated the embedded etcd to v3.5.9+k3s1
- Security bump to docker/distribution
- Fix static pod UID generation and cleanup
- Fix default server address for rotate-ca command
- Upgrade multus chart to v4.0.2-build2023081100 (#4682)
- Update to 1.24.17 (#4689)
- Bump K3s version for v1.24 (#4704)
- Added a new
--tls-san-securityoption. This flag defaults to false, but can be set to true to disable automatically adding SANs to the server's TLS certificate to satisfy any hostname requested by a client.
- Added a new
- Add additional static pod cleanup during cluster reset (#4727)
Packaged Component Versions
|Canal (Default)||Flannel v0.22.1|
As always, we welcome and appreciate feedback from our community of users. Please feel free to: