github rancher/rke2 v1.25.0+rke2r1

2 years ago

This release is RKE2's first in the v1.25 line. This release updates Kubernetes to v1.25.0.

Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.

Important Notes

  1. If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

    You may retrieve the token value from any server already joined to the cluster:

    cat /var/lib/rancher/rke2/server/token
  2. Kubernetes v1.25 removes the beta PodSecurityPolicy admission plugin. Please follow the upstream documentation to migrate from PSP if using the built-in PodSecurity Admission Plugin, prior to upgrading to v1.25.0+rke2r1.

  3. RKE2 now supports version 1.23 of the CIS Benchmark for Kubernetes. The legacy CIS 1.5 and 1.6 profiles (profile: cis-1.5 and profile: cis-1.6) have been removed as they do not apply to Kubernetes 1.25. Servers using one of the legacy profiles must be updated to specify the cis-1.23 profile when upgrading to RKE2 1.25, or RKE2 will fail to start.

Changes since v1.24.4+rke2r1:

  • Update Cilium version and remove startup-script (#3274)
  • Update channel server stable to 1.24.4 (#3269)
  • Update canal version (#3272)
  • Bump the cilium chart version (#3289)
  • Rework vagrant install tests (#3237)
  • Add PSA to Kubernetes v1.25 (#3282)
  • Update Kubernetes image to v1.25.0-rke2r1-build20220901 (#3295)
  • Fix static pod cleanup when using container-runtime-endpoint (#3308)
  • Bump containerd v1.6.8 / runc v1.1.4 (#3300)
  • Update calico to v3.23.3 (#3317)
  • Bump K3s version for v1.25 (#3323)
  • Update install script with option to skip reload (#3248)
  • Add exception for cis-operator-system namespace (#3324)
  • Fix config directory permissions (#3338)
  • Update calico to v3.24.1 (#3340)

Packaged Component Versions

Component Version
Kubernetes v1.25.0
Etcd v3.5.4
Containerd v1.6.8-k3s1
Runc v1.1.4
Metrics-server v0.5.0
CoreDNS v1.9.3
Ingress-Nginx 4.1.0
Helm-controller v0.12.3

Available CNIs

Component Version FIPS Compliant
Canal (Default) Flannel v0.19.1
Calico v3.24.1
Yes
Calico v3.24.1 No
Cilium v1.12.1 No
Multus v3.8 No

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Don't miss a new rke2 release

NewReleases is sending notifications on new releases.