v1.30.X

Upgrade Notice

Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.

Version	Release date	Kubernetes	Etcd	Containerd	Runc	Metrics-server	CoreDNS	Ingress-Nginx	Helm-controller	Canal (Default)	Calico	Cilium	Multus
v1.30.4+rke2r1	Aug 26 2024	v1.30.4	v3.5.13-k3s1	v1.7.20-k3s1	v1.1.12	v0.7.1	v1.11.1	v1.10.4-hardened2	v0.16.1	Flannel v0.25.5 Calico v3.28.1	v3.28.1	v1.16.0	v4.0.2
v1.30.4+rke2r1	Aug 01 2024	v1.30.3	v3.5.13-k3s1	v1.7.17-k3s1	v1.1.12	v0.7.1	v1.11.1	v1.10.1-hardened1	v0.16.1	Flannel v0.25.4 Calico v3.28.0	v3.27.3	v1.15.5	v4.0.2
v1.30.2+rke2r1	Jul 01 2024	v1.30.2	v3.5.13-k3s1	v1.7.17-k3s1	v1.1.12	v0.7.1	v1.11.1	v1.10.1-hardened1	v0.16.1	Flannel v0.25.4 Calico v3.28.0	v3.27.3	v1.15.5	v4.0.2
v1.30.1+rke2r1	May 22 2024	v1.30.1	v3.5.9-k3s1	v1.7.11-k3s2	v1.1.12	v0.7.1	v1.11.1	nginx-1.9.6-hardened1	v0.16.1-0.20240502205943-2f32059d43e6	Flannel v0.25.1 Calico v3.27.3	v3.27.3	v1.15.5	v4.0.2
v1.30.0+rke2r1	May 09 2024	v1.30.0	v3.5.9-k3s1	v1.7.11-k3s2	v1.1.12	v0.7.1	v1.11.1	nginx-1.9.6-hardened1	v0.16.1	Flannel v0.25.1 Calico v3.27.3	v3.27.3	v1.15.4	v4.0.2

Version

Release date

Kubernetes

Etcd

Containerd

Runc

Metrics-server

CoreDNS

Ingress-Nginx

Helm-controller

Canal (Default)

Calico

Cilium

Multus

Aug 26 2024

Flannel v0.25.5
Calico v3.28.1

Aug 01 2024

Flannel v0.25.4
Calico v3.28.0

Jul 01 2024

Flannel v0.25.4
Calico v3.28.0

May 22 2024

nginx-1.9.6-hardened1

v0.16.1-0.20240502205943-2f32059d43e6

Flannel v0.25.1
Calico v3.27.3

May 09 2024

nginx-1.9.6-hardened1

v0.16.1

Flannel v0.25.1
Calico v3.27.3

v3.27.3

v1.15.4

v4.0.2

Release v1.30.4+rke2r1

This v1.30.4+rke2r1 release updates Kubernetes to v1.30.4.

Important Notes

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.30.3+rke2r1

Bump rke2-coredns to add option to use nodelocal dns cache with cilium (#6432)
Bump rke2-calico chart to v3.28.100 (#6489)
Bump nginx to hardened2 (#6482)
Update for CNI flannel, Cilium and Canal (#6515)
Fix external etcd connection (#6465)
Rke2 shell completion (#6460)
Bump k3s and containerd (#6524)
Fixed hns clean only in case of reboot (#6538)
Bump harvester csi driver v0.1.18 (#6395)
- Bump Harvester-csi-driver v0.1.18
Bump containerd/crictl/runc versions (#6552)
Fix kill all to not delete data dir (#6564)
Add netpol template for traefik (#6570)
Update Kubernetes to v1.30.4 (#6574)
Fix windows airgap image packaging (#6585)
Fixed Flannel chart to rightly disable nft (#6607)
Bump ingress-nginx to v1.10.4-hardened2 (#6611)
Fix traefik netpol port names (#6620)

Charts Versions

Component	Version
rke2-cilium	1.16.000
rke2-canal	v3.28.1-build2024080600
rke2-calico	v3.28.100
rke2-calico-crd	v3.28.100
rke2-coredns	1.29.004
rke2-ingress-nginx	4.10.401
rke2-metrics-server	3.12.002
rancher-vsphere-csi	3.3.0-rancher100
rancher-vsphere-cpi	1.8.000
harvester-cloud-provider	0.2.400
harvester-csi-driver	0.1.1800
rke2-snapshot-controller	1.7.202
rke2-snapshot-controller-crd	1.7.202
rke2-snapshot-validation-webhook	1.7.302

Component

Version

rke2-cilium

1.16.000

rke2-canal

v3.28.1-build2024080600

rke2-calico

rke2-calico-crd

rke2-coredns

rke2-ingress-nginx

rke2-metrics-server

rancher-vsphere-csi

rancher-vsphere-cpi

harvester-cloud-provider

0.2.400

harvester-csi-driver

0.1.1800

rke2-snapshot-controller

1.7.202

rke2-snapshot-controller-crd

1.7.202

rke2-snapshot-validation-webhook

1.7.302

Release v1.30.3+rke2r1

This v1.30.3+rke2r1 release updates Kubernetes to v1.30.3.

Important Notes

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/rke2/server/token

Changes since v1.30.2+rke2r1

Update stable channel to v1.28.11+rke2r1 (#6277)
Update Vagrantfile of a few e2e tests (#6274)
GHA Migration (#6062)
Bump multus to v4.0.206 (#6353)
Version bumps and backports for 2024-07 release cycle (#6317)
Bump vsphere csi chart to 3.3.0-rancher100 and cpi to 1.8.000 (#6341)
Fix secrets for commit id uploads (#6366)
Update Kubernetes to v1.30.3 (#6364)
Publish binaries in dapper (#6379)
Add missing package windows step in release (#6388)
Add manifest pipeline for rke2-runtime docker image (#6398)
Fix dispatch script (#6406)
Add traefik airgap image tarball (#6441)

Charts Versions

Component	Version
rke2-cilium	1.15.500
rke2-canal	v3.28.0-build2024062503
rke2-calico	v3.27.300
rke2-calico-crd	v3.27.002
rke2-coredns	1.29.002
rke2-ingress-nginx	4.10.102
rke2-metrics-server	3.12.002
rancher-vsphere-csi	3.3.0-rancher100
rancher-vsphere-cpi	1.8.000
harvester-cloud-provider	0.2.400
harvester-csi-driver	0.1.1700
rke2-snapshot-controller	1.7.202
rke2-snapshot-controller-crd	1.7.202
rke2-snapshot-validation-webhook	1.7.302

Component

Version

rke2-cilium

1.15.500

rke2-canal

v3.28.0-build2024062503

rke2-calico

rke2-calico-crd

rke2-coredns

rke2-ingress-nginx

rke2-metrics-server

rancher-vsphere-csi

rancher-vsphere-cpi

harvester-cloud-provider

0.2.400

harvester-csi-driver

0.1.1700

rke2-snapshot-controller

1.7.202

rke2-snapshot-controller-crd

1.7.202

rke2-snapshot-validation-webhook

1.7.302

Release v1.30.2+rke2r1

This v1.30.2+rke2r1 release updates Kubernetes to v1.30.2.

Important Notes

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:
```
cat /var/lib/rancher/rke2/server/token
```

Changes since v1.30.1+rke2r1

Improve rke2-uninstall.ps1 script (#5779)
Add cilium no proxy e2e test (#5885)
Apply netpols async with retry (#5909)
Remove cisnetworkpolicy finalizer when controller is disabled (#5856)
Update cloud-provider image which now uses scratch as base (#5933)
- Rke2-cloud-provider uses now scratch base image
Update flannel chart to fix vni error (#5953)
- Use vni=4096 as default for rke2-flannel
Add a Kine fix when rke2 restart apiserver (#5931)
- Fix apiserver delay to restart when apiserver is using kine
Fix incorrect wrangler package import (#6007)
Update channel server for may 2024 (#5951)
Add extra log in e2e tests (#5955)
Bump nginx to v1.10.1 (#6022)
Update rke2-killall.sh (#4111)
Changed systemctl command from 'restart' to 'try-restart' for fapolicyd in rke2-uninstall.sh (#5811)
Allow disabling injection of cluster config into HelmCharts (#6010)
- Injection of cluster config variables into HelmChart resources found on disk can now be disabled per-chart by adding a rke2.cattle.io/inject-cluster-config: "false" annotation to HelmChart resources, or by setting the RKE2_INJECT_CLUSTER_CONFIG=false environment variable to disable it for all resources that do not set the annotation to false.
Bump multus and whereabouts version (#6015)
Bump flannel to v0.25.201 and canal to v3.28.0-build2024052800 (#6043)
Add ADR for branching strategy (#4078)
Add easy support for single node sqlite with kine (#5954)
- New behavior when --disable-etcd is used without --server, rke2 will use sqlite as the default database
Bump harvester-cloud-provider v0.2.4 (#5980)
Bump K3s version for v1.30 (#6073)
Fix loadManifests function (#6058)
Bump K3s version for v1.30 (#6104)
Bump flannel version (#6116)
- Bump flannel cni version to v0.25.3
Bump containerd to correctly built tag (#6126)
Improve rke2-uninstall.ps1 (#6098)
Update to the latest SR-IOV image versions (#5889)
Bump flannel image in rke2-canal (#6136)
Slim down E2E artifacts (#6097)
Add custom golang setup action for better caching (#6144)
Support MixedOS E2E local testing (#6137)
Use rancher/permissions dependency (#6138)
Bump K3s version for v1.30 (#6164)
Update flannel version to v0.25.4 (#6172)
- Bump flannel to v0.25.4 to fix windows-vxlan issue
Update Kubernetes to v1.30.2 (#6191)
Fix drone pipeline (#6199)
Update drone build base image (#6206)
Bump K3s version for v1.30 to fix regression in agent’s supervisor port (#6200)
Bump rke2-ingress-nginx chart to revert watchIngressWithoutClass default (#6216)
Update hardened kubernetes (#6225)
Bump K3s version for snapshot fix (#6230)
- Fix issue that allowed multiple simultaneous snapshots to be allowed
Revert rke2-ingress-nginx bump back to v1.9.6 (#6238)
Reinstate newest rke2-ingress-nginx (#6253)
Pass install_type as a string in the mixedos e2e test (#6251)
Update calico image to v3.28.0-build20240625 (#6257)

Charts Versions

Component	Version
rke2-cilium	1.15.500
rke2-canal	v3.28.0-build2024062503
rke2-calico	v3.27.300
rke2-calico-crd	v3.27.002
rke2-coredns	1.29.002
rke2-ingress-nginx	4.10.101
rke2-metrics-server	3.12.002
rancher-vsphere-csi	3.1.2-rancher400
rancher-vsphere-cpi	1.7.001
harvester-cloud-provider	0.2.400
harvester-csi-driver	0.1.1700
rke2-snapshot-controller	1.7.202
rke2-snapshot-controller-crd	1.7.202
rke2-snapshot-validation-webhook	1.7.302

Component

Version

rke2-cilium

1.15.500

rke2-canal

v3.28.0-build2024062503

rke2-calico

rke2-calico-crd

rke2-coredns

rke2-ingress-nginx

rke2-metrics-server

rancher-vsphere-csi

rancher-vsphere-cpi

harvester-cloud-provider

0.2.400

harvester-csi-driver

0.1.1700

rke2-snapshot-controller

1.7.202

rke2-snapshot-controller-crd

1.7.202

rke2-snapshot-validation-webhook

1.7.302

Release v1.30.1+rke2r1

This v1.30.1+rke2r1 release updates Kubernetes to v1.30.1.

Important Notes

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:
```
cat /var/lib/rancher/rke2/server/token
```

Changes since v1.30.0+rke2r1

Add E2E as a GitHub Action (#5864)
Bump ubuntu from 22.04 to 24.04 (#5861)
Update channels for 1.30 (#5911)
Update k8s v1.30.1 and Go (#5914)
Windows changes (#5918)
Cilium version bump to 1.15.5 (#5935)

Charts Versions

Component	Version
rke2-cilium	1.15.500
rke2-canal	v3.27.3-build2024042301
rke2-calico	v3.27.300
rke2-calico-crd	v3.27.002
rke2-coredns	1.29.002
rke2-ingress-nginx	4.9.100
rke2-metrics-server	3.12.002
rancher-vsphere-csi	3.1.2-rancher400
rancher-vsphere-cpi	1.7.001
harvester-cloud-provider	0.2.300
harvester-csi-driver	0.1.1700
rke2-snapshot-controller	1.7.202
rke2-snapshot-controller-crd	1.7.202
rke2-snapshot-validation-webhook	1.7.302

Component

Version

rke2-cilium

1.15.500

rke2-canal

v3.27.3-build2024042301

rke2-calico

rke2-calico-crd

rke2-coredns

rke2-ingress-nginx

rke2-metrics-server

rancher-vsphere-csi

rancher-vsphere-cpi

harvester-cloud-provider

0.2.300

harvester-csi-driver

0.1.1700

rke2-snapshot-controller

1.7.202

rke2-snapshot-controller-crd

1.7.202

rke2-snapshot-validation-webhook

1.7.302

Release v1.30.0+rke2r1

This v1.30.0+rke2r1 release is RKE2’s first in the v1.30 line. This release updates Kubernetes to v1.30.0.

Before upgrading from earlier releases, be sure to read the Kubernetes Changelog.

Important Notes

If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

You may retrieve the token value from any server already joined to the cluster:
```
cat /var/lib/rancher/rke2/server/token
```

Changes since v1.29.4+rke2r1

Update stable channel to v1.28.9+rke2r1 (#5870)
Add mixedos BGP e2e test (#5859)
Remove flannel-v6.4096 when rke2-killall.sh (#5795)
Update e2e test (#5880)
Bump k3s to 1.30 (#5888)
Move to fatal error for cis-1.23 profile value (#5781)
Remove cni parameter from agent config in e2e tests (#5881)
Add script to validate flannel versions (#5788)
Bump k3s to deprecate pod-infra-container-image (#5900)
Fix mixedosbgp e2e test (#5886)

Charts Versions

Component	Version
rke2-cilium	1.15.400
rke2-canal	v3.27.3-build2024042301
rke2-calico	v3.27.300
rke2-calico-crd	v3.27.002
rke2-coredns	1.29.002
rke2-ingress-nginx	4.9.100
rke2-metrics-server	3.12.002
rancher-vsphere-csi	3.1.2-rancher400
rancher-vsphere-cpi	1.7.001
harvester-cloud-provider	0.2.300
harvester-csi-driver	0.1.1700
rke2-snapshot-controller	1.7.202
rke2-snapshot-controller-crd	1.7.202
rke2-snapshot-validation-webhook	1.7.302

Component

Version

rke2-cilium

1.15.400

rke2-canal

v3.27.3-build2024042301

rke2-calico

v3.27.300

rke2-calico-crd

v3.27.002

rke2-coredns

1.29.002