github rancher/rke2 v1.28.1+rke2r1

pre-release20 days ago

This release is RKE2's first in the v1.28 line. This release updates Kubernetes to v1.28.1.

Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.

Important Notes

  • ⚠️ This release includes remediation for CVE-2023-32186, a potential Denial of Service attack vector on RKE2 servers. See GHSA-p45j-vfv5-wprq for more information, including documentation on changes in behavior that harden clusters against this vulnerability.

  • Kubernetes v1.28 contains a critical regression (kubernetes/kubernetes#120247) that causes init containers to run at the same time as app containers following a restart of the node. This issue will be fixed in v1.28.2. We do not recommend using RKE2 v1.28 at this time.

  • If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

    You may retrieve the token value from any server already joined to the cluster:

    cat /var/lib/rancher/rke2/server/token

Changes since v1.27.5+rke2r1:

  • Add additional static pod cleanup during cluster reset (#4712)
  • Bump k3s and kubernetes versions for v1.28 (#4705)

Packaged Component Versions

ComponentVersion
Kubernetesv1.28.1
Etcdv3.5.9-k3s1
Containerdv1.7.3-k3s1
Runcv1.1.8
Metrics-serverv0.6.3
CoreDNSv1.10.1
Ingress-Nginx4.6.1
Helm-controllerv0.15.4

Available CNIs

ComponentVersionFIPS Compliant
Canal (Default)Flannel v0.22.1
Calico v3.26.1
Yes
Calicov3.26.1No
Ciliumv1.14.0No
Multusv4.0.2No

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Don't miss a new rke2 release

NewReleases is sending notifications on new releases.