Documentation survey

v1.30.X

Upgrade Notice

Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.

Version Release date Kubernetes Etcd Containerd Runc Metrics-server CoreDNS Ingress-Nginx Helm-controller Canal (Default) Calico Cilium Multus

v1.30.14+rke2r2

Jul 25 2025

v1.30.14

v3.5.21-k3s1

v1.7.27-k3s1

v1.2.6

v0.8.0

v1.12.2

v1.12.4-hardened2

v0.16.13

Flannel v0.27.1
Calico v3.30.2

v3.30.1

v1.17.6

v4.2.1

v1.30.14+rke2r1

Jun 27 2025

v1.30.14

v3.5.21-k3s1

v1.7.27-k3s1

v1.2.6

v0.7.2

v1.12.2

v1.12.2-hardened2

v0.16.11

Flannel v0.27.0
Calico v3.30.1

v3.30.1

v1.17.4

v4.2.1

v1.30.13+rke2r1

May 21 2025

v1.30.13

v3.5.21-k3s1

v1.7.27-k3s1

v1.2.6

v0.7.2

v1.12.1

v1.12.1-hardened6

v0.16.10

Flannel v0.26.7
Calico v3.30.0

v3.30.0

v1.17.3

v4.2.0

v1.30.12+rke2r1

May 01 2025

v1.30.12

v3.5.21-k3s1

v1.7.26-k3s1

v1.2.5

v0.7.2

v1.12.1

v1.12.1-hardened3

v0.16.10

Flannel v0.26.6
Calico v3.29.3

v3.29.3

v1.17.3

v4.2.0

v1.30.11+rke2r1

Mar 26 2025

v1.30.11

v3.5.19-k3s1

v1.7.26-k3s1

v1.2.5

v0.7.2

v1.12.0

v1.12.1-hardened1

v0.16.6

Flannel v0.26.5
Calico v3.29.2

v3.29.2

v1.17.1

v4.1.4

v1.30.10+rke2r1

Feb 27 2025

v1.30.10

v3.5.18-k3s1

v1.7.23-k3s2

v1.2.4

v0.7.2

v1.12.0

v1.12.0-hardened6

v0.16.6

Flannel v0.26.4
Calico v3.29.2

v3.29.2

v1.17.0

v4.1.4

v1.30.9+rke2r1

Jan 27 2025

v1.30.9

v3.5.16-k3s1

v1.7.23-k3s2

v1.2.4

v0.7.2

v1.12.0

v1.12.0-hardened2

v0.16.5

Flannel v0.26.3
Calico v3.29.1

v3.29.1

v1.16.5

v4.1.4

v1.30.8+rke2r1

Dec 18 2024

v1.30.8

v3.5.16-k3s1

v1.7.23-k3s2

v1.1.14

v0.7.1

v1.12.0

v1.10.5-hardened6

v0.16.5

Flannel v0.26.1
Calico v3.29.1

v3.29.1

v1.16.4

v4.1.3

v1.30.7+rke2r1

Dec 06 2024

v1.30.7

v3.5.16-k3s1

v1.7.23-k3s2

v1.1.14

v0.7.1

v1.11.3

v1.10.5-hardened4

v0.16.5

Flannel v0.26.0
Calico v3.29.0

v3.29.0

v1.16.3

v4.1.3

v1.30.6+rke2r1

Oct 30 2024

v1.30.6

v3.5.13-k3s1

v1.7.22-k3s1

v1.1.14

v0.7.1

v1.11.3

v1.10.5-hardened3

v0.16.5

Flannel v0.25.7
Calico v3.28.2

v3.28.2

v1.16.2

v4.1.2

v1.30.5+rke2r1

Sep 23 2024

v1.30.5

v3.5.13-k3s1

v1.7.21-k3s2

v1.1.14

v0.7.1

v1.11.1

v1.10.4-hardened3

v0.16.4

Flannel v0.25.6
Calico v3.28.1

v3.28.1

v1.16.1

v4.1.0

v1.30.4+rke2r1

Aug 26 2024

v1.30.4

v3.5.13-k3s1

v1.7.20-k3s1

v1.1.12

v0.7.1

v1.11.1

v1.10.4-hardened2

v0.16.1

Flannel v0.25.5
Calico v3.28.1

v3.28.1

v1.16.0

v4.0.2

v1.30.3+rke2r1

Aug 01 2024

v1.30.3

v3.5.13-k3s1

v1.7.17-k3s1

v1.1.12

v0.7.1

v1.11.1

v1.10.1-hardened1

v0.16.1

Flannel v0.25.4
Calico v3.28.0

v3.27.3

v1.15.5

v4.0.2

v1.30.2+rke2r1

Jul 01 2024

v1.30.2

v3.5.13-k3s1

v1.7.17-k3s1

v1.1.12

v0.7.1

v1.11.1

v1.10.1-hardened1

v0.16.1

Flannel v0.25.4
Calico v3.28.0

v3.27.3

v1.15.5

v4.0.2

v1.30.1+rke2r1

May 22 2024

v1.30.1

v3.5.9-k3s1

v1.7.11-k3s2

v1.1.12

v0.7.1

v1.11.1

nginx-1.9.6-hardened1

v0.16.1-0.20240502205943-2f32059d43e6

Flannel v0.25.1
Calico v3.27.3

v3.27.3

v1.15.5

v4.0.2

v1.30.0+rke2r1

May 09 2024

v1.30.0

v3.5.9-k3s1

v1.7.11-k3s2

v1.1.12

v0.7.1

v1.11.1

nginx-1.9.6-hardened1

v0.16.1

Flannel v0.25.1
Calico v3.27.3

v3.27.3

v1.15.4

v4.0.2

Release v1.30.14+rke2r2

This release updates Kubernetes to v1.30.14.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.30.14+rke2r1

  • Use custom golang setup for integration tests (#8453)

  • Update Canal chart to latest version (#8532)

  • Bump multus and whereabouts chart (#8542)

  • Update Kubernetes Metrics Server chart 3.12.203 (#8558)

  • Bump ingress-nginx to v1.12.4-hardened1 (#8571)

  • Update shell completion command to new structure (#8575)

  • Charts: Bump Harvester CSI driver 0.1.24 (#8504)

    • Support online resize

    • Support external storage

  • Allow for zypper remove 104 code on uninstall (#8580)

    • Fix snapshot controller backwards compatibility (#8594)

  • Update flannel chart v0.27.100 (#8604)

  • Backports for 2025-07 (#8609)

  • Update K8s to v1.30.14 r2 (#8622)

  • Bump ingress-nginx to hardened2 (#8633)

  • Update to cilium v1.17.6 (#8646)

Charts Versions

Component Version

rke2-cilium

1.17.600

rke2-canal

v3.30.2-build2025071100

rke2-calico

v3.30.100

rke2-calico-crd

v3.30.100

rke2-coredns

1.42.302

rke2-ingress-nginx

4.12.401

rke2-metrics-server

3.12.203

rancher-vsphere-csi

3.3.1-rancher900

rancher-vsphere-cpi

1.9.100

harvester-cloud-provider

0.2.1000

harvester-csi-driver

0.1.2400

rke2-snapshot-controller

4.0.003

rke2-snapshot-controller-crd

4.0.003

rke2-snapshot-validation-webhook

0.0.0

Release v1.30.14+rke2r1

This release updates Kubernetes to v1.30.14.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.30.13+rke2r1

  • June 2025 CNI bumps (#8322)

  • Windows: Allow for silent/non confirmation use of uninstall.ps1 (#8147) (#8344)

  • Testing Overhaul Backports (#8361)

  • Bump canal, flannel and cilium charts (#8359) (#8385)

  • Bump multus and whereabouts (#8360) (#8393)

  • Support profile: etcd (#8368)

  • Bump for etcd, cloud provider, crictl, containerd and runc (#8406)

  • Backports for 2025-06 (#8420)

  • Update Kubernetes Metrics Server chart 3.12.2 (#8424)

  • Update CoreDNS chart 1.42.3 (#8428)

  • Bump ingress-nginx to v1.12.2 and hardened-dns-node for CVE fixes (#8402)

  • Bump K3s version (#8437)

  • June K8s v1.30.14 patch (#8443)

  • Update runc to the newest image (#8468)

Charts Versions

Component Version

rke2-cilium

1.17.401

rke2-canal

v3.30.1-build2025061101

rke2-calico

v3.30.100

rke2-calico-crd

v3.30.100

rke2-coredns

1.42.302

rke2-ingress-nginx

4.12.201

rke2-metrics-server

3.12.202

rancher-vsphere-csi

3.3.1-rancher900

rancher-vsphere-cpi

1.9.100

harvester-cloud-provider

0.2.1000

harvester-csi-driver

0.1.2300

rke2-snapshot-controller

4.0.002

rke2-snapshot-controller-crd

4.0.002

rke2-snapshot-validation-webhook

0.0.0

Release v1.30.13+rke2r1

This release updates Kubernetes to v1.30.13.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.30.12+rke2r1

  • Upload prime ribs assets (#8181)

  • Feat: bump harvester-cloud-provider to v0.2.10 (#8185)

  • Backports for 2025-05 (#8198)

  • Udpate calico chart to v3.30.0 and Canal image (#8204)

  • Bump nginx version (#8175)

  • Update to Kubernetes Metrics Server 3.12.201 (#8213)

  • Update to flannel v0.26.700 (#8221)

  • Update cilium and multus to cni-plugins v1.7.1 (#8229)

  • Upgrade nginx chart (#8234)

  • Update to flannel v0.26.701 and canal v3.30.0-build2025051500 (#8260)

  • Update to CoreDNS 1.42.000 (#8268)

  • Update k8s to v1.30.13 and Go to v1.23.8 (#8244)

  • Fix race conditions in startup readiness checks (#8278)

  • Fix secrets syntax (#8280)

Charts Versions

Component Version

rke2-cilium

1.17.301

rke2-canal

v3.30.0-build2025051500

rke2-calico

v3.30.001

rke2-calico-crd

v3.30.001

rke2-coredns

1.42.000

rke2-ingress-nginx

4.12.103

rke2-metrics-server

3.12.201

rancher-vsphere-csi

3.3.1-rancher900

rancher-vsphere-cpi

1.9.100

harvester-cloud-provider

0.2.1000

harvester-csi-driver

0.1.2300

rke2-snapshot-controller

4.0.002

rke2-snapshot-controller-crd

4.0.002

rke2-snapshot-validation-webhook

0.0.0

Release v1.30.12+rke2r1

This release updates Kubernetes to v1.30.12.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.30.11+rke2r1

  • Bump multus version (#7991)

  • Update CNI charts (#7998)

  • Bump whereabouts to v0.9.0 (#8003)

  • Update to coredns 1.39.201 (#8012)

  • Bump flannel and canal versions (#8027)

  • Chore: Bump nginx to v1.12.1-hardened3 (#8058)

  • Update to flannel v0.26.601 and canal v3.29.3-build2025040801 (#8063)

  • K3s bump and backports for 2025-04 (#8059)

  • Update to cilium v1.17.3 (#8085)

  • Bump kine for nats-server/v2 CVE-2025-30215 (#8091)

  • Bump K3s version (#8104)

  • Bump traefik to v2.11.24 (#8110)

  • Update k8s to v1.30.12 (#8114)

Charts Versions

Component Version

rke2-cilium

1.17.300

rke2-canal

v3.29.3-build2025040801

rke2-calico

v3.29.300

rke2-calico-crd

v3.29.101

rke2-coredns

1.39.201

rke2-ingress-nginx

4.12.101

rke2-metrics-server

3.12.200

rancher-vsphere-csi

3.3.1-rancher900

rancher-vsphere-cpi

1.9.100

harvester-cloud-provider

0.2.900

harvester-csi-driver

0.1.2300

rke2-snapshot-controller

4.0.002

rke2-snapshot-controller-crd

4.0.002

rke2-snapshot-validation-webhook

0.0.0

Release v1.30.11+rke2r1

This release updates Kubernetes to v1.30.11, and upgrades rke2-ingress-nginx to controller v1.12.1-hardened1 (chart version 4.12.1). This addresses CVE-2025-1974 as well as all other recently announced vulnerabilities in ingress-nginx.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.30.10+rke2r1

  • Update to cilium v1.17.1 (#7851)

  • Bump coredns to v1.39.100 (#7860)

  • Update multus with new CNI plugin image with bond included (#7866)

  • Update to flannel v0.26.500 and canal v3.29.2-build2025030601 (#7876)

  • Bump ingress-nginx to hardened10 (#7887)

  • Backports for 2025-03 (#7892)

  • Bump K3s for apiserver addresses fix (#7914)

  • Update k8s (#7925)

  • Bump ingress-nginx to v1.12.1-hardened1, chart to 4.12.1 (#7960)

Charts Versions

Component Version

rke2-cilium

1.17.100

rke2-canal

v3.29.2-build2025030601

rke2-calico

v3.29.200

rke2-calico-crd

v3.29.101

rke2-coredns

1.39.100

rke2-ingress-nginx

4.12.100

rke2-metrics-server

3.12.200

rancher-vsphere-csi

3.3.1-rancher900

rancher-vsphere-cpi

1.9.100

harvester-cloud-provider

0.2.900

harvester-csi-driver

0.1.2300

rke2-snapshot-controller

4.0.002

rke2-snapshot-controller-crd

4.0.002

rke2-snapshot-validation-webhook

0.0.0

Release v1.30.10+rke2r1

This release updates Kubernetes to v1.30.10.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.30.9+rke2r1

  • Update to cilium v1.16.6 (#7682)

  • Charts: bump Harvester CSI Driver v0.1.23 (#7669)

    • Enhance the Harvester CSI controller affinity/anti-affinity

  • Bump canal, flannel and multus charts (#7714)

  • Update cilium to v1.17.0 (#7710)

  • Update Calico and Canal to v3.29.2 (#7725)

  • Bump k3s, traefik, etcd, crictl (#7740)

    • Update k3s to fix registry auth in containerd config template

    • Update traefik to v2.11.20

    • Update etcd to v3.5.18

    • Update crictl to v1.30.1

    • Update rke2-ingress-nginx chart to fix typo in default backend image template

  • Bump vsphere CSI to v3.3.1-rancher9 (#7732)

  • Update to v1.30.10 and Go to 1.22.12 (#7758)

  • Bump ingress-nginx to v1.12.0-hardened6 (#7775)

  • Bump canal and flannel images to build20250218 (#7789)

  • Sync images to Prime registry (#7801)

  • Bump K3s version for release-1.30 (#7806)

Charts Versions

Component Version

rke2-cilium

1.17.000

rke2-canal

v3.29.2-build2025021800

rke2-calico

v3.29.200

rke2-calico-crd

v3.29.101

rke2-coredns

1.36.102

rke2-ingress-nginx

4.12.005

rke2-metrics-server

3.12.200

rancher-vsphere-csi

3.3.1-rancher900

rancher-vsphere-cpi

1.9.100

harvester-cloud-provider

0.2.900

harvester-csi-driver

0.1.2300

rke2-snapshot-controller

4.0.002

rke2-snapshot-controller-crd

4.0.002

rke2-snapshot-validation-webhook

0.0.0

Release v1.30.9+rke2r1

This release updates Kubernetes to v1.30.9.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.30.8+rke2r1

  • Charts: bump Harvester CSI Driver v0.1.22 (#7472)

    • Bump Harvester-csi-driver v0.1.22

  • Bump flannel, canal and multus charts (#7503)

  • Update to Cilium v1.16.5 (#7528)

  • Feat: bump harvester-cloud-provider to v0.2.9 (#7491)

    • Bump Harvester-cloud-provider v0.2.9

  • Updated calico chart to fix IP autodetect in case of IPv6 only (#7537)

  • Update metrics-server to 3.2.12 (#7552)

  • Update canal to v3.29.1-build2025011000 (#7568)

  • Add runtime classes hook and runtimes chart (#7580)

  • Backports for 2025-01 (#7589)

  • Bump ingress-nginx v1.12.0 (#7559)

  • Add Release downstream components in release workflow (#7600)

  • Bump k3s version for master and add/enhance tests (#7607)

  • Update k8s (#7611)

  • Bump ingress-nginx to v1.12.0-hardened2 (#7621)

  • Bump K3s version for split-role fix (#7637)

Charts Versions

Component Version

rke2-cilium

1.16.501

rke2-canal

v3.29.1-build2025011000

rke2-calico

v3.29.101

rke2-calico-crd

v3.29.101

rke2-coredns

1.36.102

rke2-ingress-nginx

4.12.003

rke2-metrics-server

3.12.200

rancher-vsphere-csi

3.3.1-rancher700

rancher-vsphere-cpi

1.9.100

harvester-cloud-provider

0.2.900

harvester-csi-driver

0.1.2200

rke2-snapshot-controller

4.0.002

rke2-snapshot-controller-crd

4.0.002

rke2-snapshot-validation-webhook

0.0.0

Release v1.30.8+rke2r1

This release updates Kubernetes to v1.30.8.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.30.7+rke2r1

  • Update to Cilium v1.16.4 (#7326)

  • Updated Calico version to v3.29.1 (#7352)

  • Bump harvester csi driver v0.1.21 (#7284)

    • Bump Harvester-csi-driver v0.1.21

  • Update k3s for loadbalancer improvements (#7398)

  • Update Flannel and Canal version (#7407)

  • Bump ingress-nginx to hardened6 (#7415)

  • Bump dns-node-cache to 1.24.0 (#7419)

  • Bump hardened k8s and build base (#7425)

Charts Versions

Component Version

rke2-cilium

1.16.400

rke2-canal

v3.29.1-build2024121100

rke2-calico

v3.29.100

rke2-calico-crd

v3.29.100

rke2-coredns

1.36.102

rke2-ingress-nginx

4.10.503

rke2-metrics-server

3.12.004

rancher-vsphere-csi

3.3.1-rancher700

rancher-vsphere-cpi

1.9.100

harvester-cloud-provider

0.2.600

harvester-csi-driver

0.1.2100

rke2-snapshot-controller

3.0.601

rke2-snapshot-controller-crd

3.0.601

rke2-snapshot-validation-webhook

1.9.001

Release v1.30.7+rke2r1

This release updates Kubernetes to v1.30.7.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.30.6+rke2r1

  • Backport E2E GHA fixes (#7176)

  • Bump multus, cilium and flannel charts (#7199)

  • Bump ingress-nginx to v1.10.5-hardened4 (#7186)

  • Bump canal chart to v3.29.0 (#7221)

  • Bump rke2-calico to v3.29.0 (#7231)

  • Backport missing E2E PRs (#7204)

    • Refactor run_tests.sh script

    • Update to newer OS images for install testing

    • Add cleanup to e2e tests in vagrant env

    • Add e2e validation test for kine

  • Bump vSphere CSI/CPI charts to 1.9.1 and 3.3.1-rancher700 (#7249)

  • Update Flannel to v0.26.1 (#7258)

  • Fix e2e ci by ignoring FOG warnings (#7269)

  • Bump rke2-coredns to 1.33.005 (#7277)

  • Backports for 2024-11 (#7290)

    • Bump etcd to 3.5.16

    • Bump containerd to v1.7.23

    • Fix issue on nodes with large datastores and slow disk that would cause RKE2 to fail to start due to the etcd defrag timing out after 30 seconds.

    • Fix issue where RKE2 killall script could remove data from pod volumes that failed to unmount correctly

  • Update upstream version (#7319)

  • Restore AWS node-name support and add IMDSv2 support (#7355)

  • Bump containerd for image rewrite fix (#7378)

    • Bump containerd to v1.7.23-k3s2

Charts Versions

Component Version

rke2-cilium

1.16.303

rke2-canal

v3.29.0-build2024110400

rke2-calico

v3.29.000

rke2-calico-crd

v3.29.000

rke2-coredns

1.33.005

rke2-ingress-nginx

4.10.502

rke2-metrics-server

3.12.004

rancher-vsphere-csi

3.3.1-rancher700

rancher-vsphere-cpi

1.9.100

harvester-cloud-provider

0.2.600

harvester-csi-driver

0.1.2000

rke2-snapshot-controller

3.0.601

rke2-snapshot-controller-crd

3.0.601

rke2-snapshot-validation-webhook

1.9.001

Release v1.30.6+rke2r1

This release updates Kubernetes to v1.30.6.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.30.5+rke2r1

  • Fixed windows CNI setup in case cni none is configured (#6832)

  • Fix e2e test bug in mixedosbgp (#6844)

  • Bump Calico v3.28.2 (#6879)

  • Add trivy scanning to PR reports (#6837)

  • Fix typo in dispatch workflow (#6895)

  • Bump coredns chart (#6903)

  • Fix uninstall for amazon linux 2 (#6919)

  • Update to Cilium v1.16.2 (#6938)

  • Bump traefik to chart 27.0.2 (#6958)

  • Update Canal to v3.28.2-build2024100300 and Flannel to v0.25.7 (#6972)

  • Bump containerd to v1.7.22 (#7002)

  • Ingress-nginx and rke2-cloud-provider bumps (#6992)

  • Bump csi snapshot charts (#7024)

  • Update multus to v4.1.2 (#7019)

  • Bump k3s (#7033)

  • Bump Harvester CSI driver v0.1.20 (#7048)

    • Bump Harvester-csi-driver v0.1.20

  • Bump K3s/CCM version (#7057)

  • Add org.opencontainers.image url and source labels to dockerfiles (#7063)

  • Bump CSI snapshot controller chart for CRD updates (#7069)

  • Rke2-runtime signing and manifests (#7089) (#7101)

  • Update hardened chart images (#7097)

  • October K8s patch (#7105)

  • Update crictl source image for CVE bump (#7115)

  • Bump coredns chart and image (#7085)

  • Fix hardened-flannel airgap image for rke2-flannel (#7120)

  • Fix release workflow (#7125)

  • Use buildkit (#7132)

  • Fix publish windows runtime (#7146)

Charts Versions

Component Version

rke2-cilium

1.16.201

rke2-canal

v3.28.2-build2024101601

rke2-calico

v3.28.200

rke2-calico-crd

v3.28.200

rke2-coredns

1.33.002

rke2-ingress-nginx

4.10.501

rke2-metrics-server

3.12.004

rancher-vsphere-csi

3.3.0-rancher100

rancher-vsphere-cpi

1.8.000

harvester-cloud-provider

0.2.600

harvester-csi-driver

0.1.2000

rke2-snapshot-controller

3.0.601

rke2-snapshot-controller-crd

3.0.601

rke2-snapshot-validation-webhook

1.9.001

Release v1.30.5+rke2r1

This release updates Kubernetes to v1.30.5.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.30.4+rke2r1

  • Update to cilium v1.16.1 (#6653)

  • Bump canal to v3.28.1-build20240827 (#6670)

  • Bump canal to v3.28.1-build20240830 (#6688)

  • 1.30 Bump harvester cloud provider v0.2.6 (#6631)

  • Update chart with CNI plugins on Flannel and Cilium (#6701)

  • Update cilium chart to 1.16.103 (#6715)

  • Bump multus chart to v4.1.000 (#6743)

  • Remove sriov images from airgap tarball (#6753)

  • Add ctr to shell completion (#6730)

  • Bump k3s/containerd/runc/ccm versions (#6763)

  • Bump charts and images to fix go CVE (#6782)

  • Bump hardened images (#6776)

  • Update Calico image for Canal with updated CNI plugins (#6794)

  • Bump ingress-nginx to v1.10.4-hardened3 (#6799)

  • Bump etcd and CCM builds (#6803)

  • September K8s patch (#6811)

  • Update cilium e2e test (#6815)

Charts Versions

Component Version

rke2-cilium

1.16.104

rke2-canal

v3.28.1-build2024091100

rke2-calico

v3.28.100

rke2-calico-crd

v3.28.100

rke2-coredns

1.29.006

rke2-ingress-nginx

4.10.402

rke2-metrics-server

3.12.003

rancher-vsphere-csi

3.3.0-rancher100

rancher-vsphere-cpi

1.8.000

harvester-cloud-provider

0.2.600

harvester-csi-driver

0.1.1800

rke2-snapshot-controller

1.7.202

rke2-snapshot-controller-crd

1.7.202

rke2-snapshot-validation-webhook

1.7.302

Release v1.30.4+rke2r1

This release updates Kubernetes to v1.30.4.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.30.3+rke2r1

  • Bump rke2-coredns to add option to use nodelocal dns cache with cilium (#6432)

  • Bump rke2-calico chart to v3.28.100 (#6489)

  • Bump nginx to hardened2 (#6482)

  • Update for CNI flannel, Cilium and Canal (#6515)

  • Fix external etcd connection (#6465)

  • Rke2 shell completion (#6460)

  • Bump k3s and containerd (#6524)

  • Fixed hns clean only in case of reboot (#6538)

  • Bump harvester csi driver v0.1.18 (#6395)

    • Bump Harvester-csi-driver v0.1.18

  • Bump containerd/crictl/runc versions (#6552)

  • Fix kill all to not delete data dir (#6564)

  • Add netpol template for traefik (#6570)

  • Update Kubernetes to v1.30.4 (#6574)

  • Fix windows airgap image packaging (#6585)

  • Fixed Flannel chart to rightly disable nft (#6607)

  • Bump ingress-nginx to v1.10.4-hardened2 (#6611)

  • Fix traefik netpol port names (#6620)

Charts Versions

Component Version

rke2-cilium

1.16.000

rke2-canal

v3.28.1-build2024080600

rke2-calico

v3.28.100

rke2-calico-crd

v3.28.100

rke2-coredns

1.29.004

rke2-ingress-nginx

4.10.401

rke2-metrics-server

3.12.002

rancher-vsphere-csi

3.3.0-rancher100

rancher-vsphere-cpi

1.8.000

harvester-cloud-provider

0.2.400

harvester-csi-driver

0.1.1800

rke2-snapshot-controller

1.7.202

rke2-snapshot-controller-crd

1.7.202

rke2-snapshot-validation-webhook

1.7.302

Release v1.30.3+rke2r1

This release updates Kubernetes to v1.30.3.

Important Note

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.30.2+rke2r1

  • Update stable channel to v1.28.11+rke2r1 (#6277)

  • Update Vagrantfile of a few e2e tests (#6274)

  • GHA Migration (#6062)

  • Bump multus to v4.0.206 (#6353)

  • Version bumps and backports for 2024-07 release cycle (#6317)

  • Bump vsphere csi chart to 3.3.0-rancher100 and cpi to 1.8.000 (#6341)

  • Fix secrets for commit id uploads (#6366)

  • Update Kubernetes to v1.30.3 (#6364)

  • Publish binaries in dapper (#6379)

  • Add missing package windows step in release (#6388)

  • Add manifest pipeline for rke2-runtime docker image (#6398)

  • Fix dispatch script (#6406)

  • Add traefik airgap image tarball (#6441)

Charts Versions

Component Version

rke2-cilium

1.15.500

rke2-canal

v3.28.0-build2024062503

rke2-calico

v3.27.300

rke2-calico-crd

v3.27.002

rke2-coredns

1.29.002

rke2-ingress-nginx

4.10.102

rke2-metrics-server

3.12.002

rancher-vsphere-csi

3.3.0-rancher100

rancher-vsphere-cpi

1.8.000

harvester-cloud-provider

0.2.400

harvester-csi-driver

0.1.1700

rke2-snapshot-controller

1.7.202

rke2-snapshot-controller-crd

1.7.202

rke2-snapshot-validation-webhook

1.7.302

Release v1.30.2+rke2r1

This release updates Kubernetes to v1.30.2.

Important Note

  • If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

    You may retrieve the token value from any server already joined to the cluster:

    cat /var/lib/rancher/rke2/server/token

Changes since v1.30.1+rke2r1

  • Improve rke2-uninstall.ps1 script (#5779)

  • Add cilium no proxy e2e test (#5885)

  • Apply netpols async with retry (#5909)

  • Remove cisnetworkpolicy finalizer when controller is disabled (#5856)

  • Update cloud-provider image which now uses scratch as base (#5933)

    • Rke2-cloud-provider uses now scratch base image

  • Update flannel chart to fix vni error (#5953)

    • Use vni=4096 as default for rke2-flannel

  • Add a Kine fix when rke2 restart apiserver (#5931)

    • Fix apiserver delay to restart when apiserver is using kine

  • Fix incorrect wrangler package import (#6007)

  • Update channel server for may 2024 (#5951)

  • Add extra log in e2e tests (#5955)

  • Bump nginx to v1.10.1 (#6022)

  • Update rke2-killall.sh (#4111)

  • Changed systemctl command from 'restart' to 'try-restart' for fapolicyd in rke2-uninstall.sh (#5811)

  • Allow disabling injection of cluster config into HelmCharts (#6010)

    • Injection of cluster config variables into HelmChart resources found on disk can now be disabled per-chart by adding a rke2.cattle.io/inject-cluster-config: "false" annotation to HelmChart resources, or by setting the RKE2_INJECT_CLUSTER_CONFIG=false environment variable to disable it for all resources that do not set the annotation to false.

  • Bump multus and whereabouts version (#6015)

  • Bump flannel to v0.25.201 and canal to v3.28.0-build2024052800 (#6043)

  • Add ADR for branching strategy (#4078)

  • Add easy support for single node sqlite with kine (#5954)

    • New behavior when --disable-etcd is used without --server, rke2 will use sqlite as the default database

  • Bump harvester-cloud-provider v0.2.4 (#5980)

  • Bump K3s version for v1.30 (#6073)

  • Fix loadManifests function (#6058)

  • Bump K3s version for v1.30 (#6104)

  • Bump flannel version (#6116)

    • Bump flannel cni version to v0.25.3

  • Bump containerd to correctly built tag (#6126)

  • Improve rke2-uninstall.ps1 (#6098)

  • Update to the latest SR-IOV image versions (#5889)

  • Bump flannel image in rke2-canal (#6136)

  • Slim down E2E artifacts (#6097)

  • Add custom golang setup action for better caching (#6144)

  • Support MixedOS E2E local testing (#6137)

  • Use rancher/permissions dependency (#6138)

  • Bump K3s version for v1.30 (#6164)

  • Update flannel version to v0.25.4 (#6172)

    • Bump flannel to v0.25.4 to fix windows-vxlan issue

  • Update Kubernetes to v1.30.2 (#6191)

  • Fix drone pipeline (#6199)

  • Update drone build base image (#6206)

  • Bump K3s version for v1.30 to fix regression in agent’s supervisor port (#6200)

  • Bump rke2-ingress-nginx chart to revert watchIngressWithoutClass default (#6216)

  • Update hardened kubernetes (#6225)

  • Bump K3s version for snapshot fix (#6230)

    • Fix issue that allowed multiple simultaneous snapshots to be allowed

  • Revert rke2-ingress-nginx bump back to v1.9.6 (#6238)

  • Reinstate newest rke2-ingress-nginx (#6253)

  • Pass install_type as a string in the mixedos e2e test (#6251)

  • Update calico image to v3.28.0-build20240625 (#6257)

Charts Versions

Component Version

rke2-cilium

1.15.500

rke2-canal

v3.28.0-build2024062503

rke2-calico

v3.27.300

rke2-calico-crd

v3.27.002

rke2-coredns

1.29.002

rke2-ingress-nginx

4.10.101

rke2-metrics-server

3.12.002

rancher-vsphere-csi

3.1.2-rancher400

rancher-vsphere-cpi

1.7.001

harvester-cloud-provider

0.2.400

harvester-csi-driver

0.1.1700

rke2-snapshot-controller

1.7.202

rke2-snapshot-controller-crd

1.7.202

rke2-snapshot-validation-webhook

1.7.302

Release v1.30.1+rke2r1

This release updates Kubernetes to v1.30.1.

Important Note

  • If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

    You may retrieve the token value from any server already joined to the cluster:

    cat /var/lib/rancher/rke2/server/token

Changes since v1.30.0+rke2r1

Charts Versions

Component Version

rke2-cilium

1.15.500

rke2-canal

v3.27.3-build2024042301

rke2-calico

v3.27.300

rke2-calico-crd

v3.27.002

rke2-coredns

1.29.002

rke2-ingress-nginx

4.9.100

rke2-metrics-server

3.12.002

rancher-vsphere-csi

3.1.2-rancher400

rancher-vsphere-cpi

1.7.001

harvester-cloud-provider

0.2.300

harvester-csi-driver

0.1.1700

rke2-snapshot-controller

1.7.202

rke2-snapshot-controller-crd

1.7.202

rke2-snapshot-validation-webhook

1.7.302

Release v1.30.0+rke2r1

This release is RKE2’s first in the v1.30 line. This release updates Kubernetes to v1.30.0.

Before upgrading from earlier releases, be sure to read the Kubernetes Changelog.

Important Note

  • If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

    You may retrieve the token value from any server already joined to the cluster:

    cat /var/lib/rancher/rke2/server/token

Changes since v1.29.4+rke2r1

  • Update stable channel to v1.28.9+rke2r1 (#5870)

  • Add mixedos BGP e2e test (#5859)

  • Remove flannel-v6.4096 when rke2-killall.sh (#5795)

  • Update e2e test (#5880)

  • Bump k3s to 1.30 (#5888)

  • Move to fatal error for cis-1.23 profile value (#5781)

  • Remove cni parameter from agent config in e2e tests (#5881)

  • Add script to validate flannel versions (#5788)

  • Bump k3s to deprecate pod-infra-container-image (#5900)

  • Fix mixedosbgp e2e test (#5886)

Charts Versions

Component Version

rke2-cilium

1.15.400

rke2-canal

v3.27.3-build2024042301

rke2-calico

v3.27.300

rke2-calico-crd

v3.27.002

rke2-coredns

1.29.002

rke2-ingress-nginx

4.9.100

rke2-metrics-server

3.12.002

rancher-vsphere-csi

3.1.2-rancher400

rancher-vsphere-cpi

1.7.001

harvester-cloud-provider

0.2.300

harvester-csi-driver

0.1.1700

rke2-snapshot-controller

1.7.202

rke2-snapshot-controller-crd

1.7.202

rke2-snapshot-validation-webhook

1.7.302