Complete container management platform

Overview

Rancher

Build Status Docker Pulls Go Report Card

Rancher is an open source project that provides a container management platform built for organizations that deploy containers in production. Rancher makes it easy to run Kubernetes everywhere, meet IT requirements, and empower DevOps teams.

Looking for Rancher 1.6.x info? Click here

Latest Release

  • Latest - v2.5.7 - rancher/rancher:latest - Read the full release notes.

  • Stable - v2.5.7 - rancher/rancher:stable - Read the full release notes.

To get automated notifications of our latest release, you can watch the announcements category in our forums, or subscribe to the RSS feed https://forums.rancher.com/c/announcements.rss.

Quick Start

sudo docker run -d --restart=unless-stopped -p 80:80 -p 443:443 --privileged rancher/rancher

Open your browser to https://localhost

Installation

Rancher can be deployed in either a single node or multi-node setup. Please refer to the following for guides on how to get Rancher up and running.

No internet access? Refer to our Air Gap Installation for instructions on how to use your own private registry to install Rancher.

Minimum Requirements

  • Operating Systems
    • Ubuntu 16.04 (64-bit)
    • Red Hat Enterprise Linux 7.5 (64-bit)
    • RancherOS 1.4 (64-bit)
  • Hardware
    • 4 GB of Memory
  • Software
    • Docker v1.12.6, 1.13.1, 17.03.2

Using Rancher

To learn more about using Rancher, please refer to our Rancher Documentation.

Source Code

This repo is a meta-repo used for packaging and contains the majority of rancher codebase. Rancher does include other Rancher projects including:

Rancher also includes other open source libraries and projects, see go.mod for the full list.

Support, Discussion, and Community

If you need any help with Rancher or RancherOS, please join us at either our Rancher forums, #rancher IRC channel or Slack where most of our team hangs out at.

Please submit any Rancher bugs, issues, and feature requests to rancher/rancher.

Please submit any RancherOS bugs, issues, and feature requests to rancher/os.

For security issues, please email [email protected] instead of posting a public issue in GitHub. You may (but are not required to) use the GPG key located on Keybase.

License

Copyright (c) 2014-2020 Rancher Labs, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

You might also like...
Go-turing-i2c-cmdline - Controlling the i2c management bus of the turing pi with i2c works fine

go-turing-i2c-cmdline What is it? Controlling the i2c management bus of the turi

This Go based project of Aadhyarupam Innovators demonstrate the code examples for building microservices, integration with cloud services (Google Cloud Firestore), application configuration management (Viper) etc.

This Go based project of Aadhyarupam Innovators demonstrate the code examples for building microservices, integration with cloud services (Google Cloud Firestore), application configuration management (Viper) etc.

go.mod file is the root of dependency management in Go

go.mod file is the root of dependency management in Go. All the modules which are needed or to be used in the project are maintained in go.mod file. I

Supply chain management indie game... IN SPACE!
Supply chain management indie game... IN SPACE!

Ship shape Supply chain management indie game ... IN SPACE! Current state is preliminary - there's a six-level tutorial, about an hour's worth of game

cross-platform, normalized battery information library

battery Cross-platform, normalized battery information library. Gives access to a system independent, typed battery state, capacity, charge and voltag

Cross-platform file system notifications for Go.

File system notifications for Go fsnotify utilizes golang.org/x/sys rather than syscall from the standard library. Ensure you have the latest version

An example client implementation written in GO to access the CyberVox platform API

About This is an example client implementation written in GO to access the CyberVox platform API.

golang script for bypass AV and work only in windows platform
golang script for bypass AV and work only in windows platform

antivirus bypass protection requirements golang installed usage 1 - create your payload go run create.go ip port secret any url

Neko is a cross-platform open-source animated cursor-chasing cat. This is the reimplementation write in Go.

Neko Neko is a cat that chases the mouse cursor across the screen, an app written in the late 1980s and ported for many platforms. This code is a re-i

Comments
  • Bump Helm version

    Bump Helm version

    Bump Helm version

    Report

    Source:
    	✔ [helm] Get Helm latest release version(githubrelease)
    
    
    Condition:
    	✔ [dockerfile-dapper] Check if 'ENV HELM_VERSION' is set(dockerfile)
    	✔ [package-dockerfile] Check if 'ENV HELM_VERSION' is set(dockerfile)
    
    Target:
    	✔ [dockerfile-dapper] Bump Helm version(dockerfile)
    	✔ [package-dockerfile] Bump Helm version(dockerfile)
    

    Changelog

    Click to expand
    
    Release published on the 2022-11-10 17:13:10 +0000 UTC at the url https://github.com/helm/helm/releases/tag/v3.10.2
    
    Helm v3.10.2 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.
    
    The community keeps growing, and we'd love to see you there!
    
    - Join the discussion in [Kubernetes Slack](https://kubernetes.slack.com):
      -  for questions and just to hang out
      -  for discussing PRs, code, and bugs
    - Hang out at the Public Developer Call: Thursday, 9:30 Pacific via [Zoom](https://zoom.us/j/696660622)
    - Test, debug, and contribute charts: [ArtifactHub/packages](https://artifacthub.io/packages/search?kind=0)
    
    ## Installation and Upgrading
    
    Download Helm v3.10.2. The common platform binaries are here:
    
    - [MacOS amd64](https://get.helm.sh/helm-v3.10.2-darwin-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.2-darwin-amd64.tar.gz.sha256sum) / e889960e4c1d7e2dfdb91b102becfaf22700cb86dc3e3553d9bebd7bab5a3803)
    - [MacOS arm64](https://get.helm.sh/helm-v3.10.2-darwin-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.2-darwin-arm64.tar.gz.sha256sum) / 460441eea1764ca438e29fa0e38aa0d2607402f753cb656a4ab0da9223eda494)
    - [Linux amd64](https://get.helm.sh/helm-v3.10.2-linux-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.2-linux-amd64.tar.gz.sha256sum) / 2315941a13291c277dac9f65e75ead56386440d3907e0540bf157ae70f188347)
    - [Linux arm](https://get.helm.sh/helm-v3.10.2-linux-arm.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.2-linux-arm.tar.gz.sha256sum) / 25af344f46348958baa1c758cdf3b204ede3ddc483be1171ed3738d47efd0aae)
    - [Linux arm64](https://get.helm.sh/helm-v3.10.2-linux-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.2-linux-arm64.tar.gz.sha256sum) / 57fa17b6bb040a3788116557a72579f2180ea9620b4ee8a9b7244e5901df02e4)
    - [Linux i386](https://get.helm.sh/helm-v3.10.2-linux-386.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.2-linux-386.tar.gz.sha256sum) / ac9cbef2ec1237e2723ee8d3a92d1c4525a2da7cecc11336ba67de9bb6b473f0)
    - [Linux ppc64le](https://get.helm.sh/helm-v3.10.2-linux-ppc64le.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.2-linux-ppc64le.tar.gz.sha256sum) / 53a578b84155d31c3e62dd93a88586b75e876dae82c7912c895ee5a574fa6209)
    - [Linux s390x](https://get.helm.sh/helm-v3.10.2-linux-s390x.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.2-linux-s390x.tar.gz.sha256sum) / 33cb4a3382bea6bcd7eb7f385dd08941bdc84d0020345951eb467fbc8f5ccb60)
    - [Windows amd64](https://get.helm.sh/helm-v3.10.2-windows-amd64.zip) ([checksum](https://get.helm.sh/helm-v3.10.2-windows-amd64.zip.sha256sum) / f1a3190adecc26270bbef4f3ab2d1a56509f9d8df95413cdd6e3151f6f367862)
    
    This release was signed with `672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E ` and can be found at @mattfarina [keybase account](https://keybase.io/mattfarina). Please use the attached signatures for verifying this release using `gpg`.
    
    The [Quickstart Guide](https://helm.sh/docs/intro/quickstart/) will get you going from there. For **upgrade instructions** or detailed installation notes, check the [install guide](https://helm.sh/docs/intro/install/). You can also use a [script to install](https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3) on any system with `bash`.
    
    ## What's Next
    
    - 3.10.3 will contain only bug fixes and be released on December 14, 2022
    - 3.11.0 is the next feature releaseand be released on January 18, 2023
    
    ## Changelog
    
    - fix a few function names on comments 50f003e5ee8704ec937a756c646870227d7c8b58 (cui fliter)
    - redirect registry client output to stderr c3a62f7880be8bdc904f2d54c4b0c16a86ec204c (Cyril Jouve)
    - Readiness & liveness probes correct port 727bdf1813df73073d5a8eba4581201ef6518f93 (Peter Leong)
    
    

    Remark

    This pull request was automatically created using Updatecli.

    Please report any issues with this tool here

    opened by rancherbot 0
  • Bump Helm version

    Bump Helm version

    Bump Helm version

    Report

    Source:
    	✔ [helm] Get Helm latest release version(githubrelease)
    
    
    Condition:
    	✔ [dockerfile-dapper] Check if 'ENV HELM_VERSION' is set(dockerfile)
    	✔ [package-dockerfile] Check if 'ENV HELM_VERSION' is set(dockerfile)
    
    Target:
    	✔ [dockerfile-dapper] Bump Helm version(dockerfile)
    	✔ [package-dockerfile] Bump Helm version(dockerfile)
    

    Changelog

    Click to expand
    
    Release published on the 2022-11-10 17:13:10 +0000 UTC at the url https://github.com/helm/helm/releases/tag/v3.10.2
    
    Helm v3.10.2 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.
    
    The community keeps growing, and we'd love to see you there!
    
    - Join the discussion in [Kubernetes Slack](https://kubernetes.slack.com):
      -  for questions and just to hang out
      -  for discussing PRs, code, and bugs
    - Hang out at the Public Developer Call: Thursday, 9:30 Pacific via [Zoom](https://zoom.us/j/696660622)
    - Test, debug, and contribute charts: [ArtifactHub/packages](https://artifacthub.io/packages/search?kind=0)
    
    ## Installation and Upgrading
    
    Download Helm v3.10.2. The common platform binaries are here:
    
    - [MacOS amd64](https://get.helm.sh/helm-v3.10.2-darwin-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.2-darwin-amd64.tar.gz.sha256sum) / e889960e4c1d7e2dfdb91b102becfaf22700cb86dc3e3553d9bebd7bab5a3803)
    - [MacOS arm64](https://get.helm.sh/helm-v3.10.2-darwin-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.2-darwin-arm64.tar.gz.sha256sum) / 460441eea1764ca438e29fa0e38aa0d2607402f753cb656a4ab0da9223eda494)
    - [Linux amd64](https://get.helm.sh/helm-v3.10.2-linux-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.2-linux-amd64.tar.gz.sha256sum) / 2315941a13291c277dac9f65e75ead56386440d3907e0540bf157ae70f188347)
    - [Linux arm](https://get.helm.sh/helm-v3.10.2-linux-arm.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.2-linux-arm.tar.gz.sha256sum) / 25af344f46348958baa1c758cdf3b204ede3ddc483be1171ed3738d47efd0aae)
    - [Linux arm64](https://get.helm.sh/helm-v3.10.2-linux-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.2-linux-arm64.tar.gz.sha256sum) / 57fa17b6bb040a3788116557a72579f2180ea9620b4ee8a9b7244e5901df02e4)
    - [Linux i386](https://get.helm.sh/helm-v3.10.2-linux-386.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.2-linux-386.tar.gz.sha256sum) / ac9cbef2ec1237e2723ee8d3a92d1c4525a2da7cecc11336ba67de9bb6b473f0)
    - [Linux ppc64le](https://get.helm.sh/helm-v3.10.2-linux-ppc64le.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.2-linux-ppc64le.tar.gz.sha256sum) / 53a578b84155d31c3e62dd93a88586b75e876dae82c7912c895ee5a574fa6209)
    - [Linux s390x](https://get.helm.sh/helm-v3.10.2-linux-s390x.tar.gz) ([checksum](https://get.helm.sh/helm-v3.10.2-linux-s390x.tar.gz.sha256sum) / 33cb4a3382bea6bcd7eb7f385dd08941bdc84d0020345951eb467fbc8f5ccb60)
    - [Windows amd64](https://get.helm.sh/helm-v3.10.2-windows-amd64.zip) ([checksum](https://get.helm.sh/helm-v3.10.2-windows-amd64.zip.sha256sum) / f1a3190adecc26270bbef4f3ab2d1a56509f9d8df95413cdd6e3151f6f367862)
    
    This release was signed with `672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E ` and can be found at @mattfarina [keybase account](https://keybase.io/mattfarina). Please use the attached signatures for verifying this release using `gpg`.
    
    The [Quickstart Guide](https://helm.sh/docs/intro/quickstart/) will get you going from there. For **upgrade instructions** or detailed installation notes, check the [install guide](https://helm.sh/docs/intro/install/). You can also use a [script to install](https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3) on any system with `bash`.
    
    ## What's Next
    
    - 3.10.3 will contain only bug fixes and be released on December 14, 2022
    - 3.11.0 is the next feature releaseand be released on January 18, 2023
    
    ## Changelog
    
    - fix a few function names on comments 50f003e5ee8704ec937a756c646870227d7c8b58 (cui fliter)
    - redirect registry client output to stderr c3a62f7880be8bdc904f2d54c4b0c16a86ec204c (Cyril Jouve)
    - Readiness & liveness probes correct port 727bdf1813df73073d5a8eba4581201ef6518f93 (Peter Leong)
    
    

    Remark

    This pull request was automatically created using Updatecli.

    Please report any issues with this tool here

    opened by rancherbot 0
  • [Project Monitoring V2] Rebase Project Monitoring against 40.x.x Rancher Monitoring

    [Project Monitoring V2] Rebase Project Monitoring against 40.x.x Rancher Monitoring

    Followup for https://github.com/rancher/rancher/issues/39725.

    Also introduce e2e CI to validate rebase and introduce documentation and script to make it easier to perform rebases in the future.

    area/monitoring [zube]: Review team/area3 
    opened by aiyengar2 1
  • [v2.6] Back-Port #39300: Ensure ProvV2 indexers are registered for all replicas

    [v2.6] Back-Port #39300: Ensure ProvV2 indexers are registered for all replicas

    Issue: https://github.com/rancher/rancher/issues/39300, https://github.com/rancher/rancher/issues/39717

    This is a back port of https://github.com/rancher/rancher/pull/39622. More detailed description and testing steps can be found in the original PR.

    opened by HarrisonWAffel 1
Releases(v2.7.0)
  • v2.7.0(Nov 16, 2022)

    Release v2.7.0

    It is important to review the Install/Upgrade Notes below before upgrading to any Rancher version.

    With the release of Rancher v2.7.0, several legacy features have been removed. See the Removed Legacy Features section below for details.

    Features and Enhancements

    Extensions

    Rancher v2.7.0 introduces extensions. Admins may now make changes and enhancements to their UI functionality as desired independent of Rancher Manager releases. Using the Extensions catalog, which can be found at ≡ > Extensions, the admin can view the list of installed extensions, update or roll back existing extensions, and install new extensions as desired. For more information on how to use Rancher extensions, please see the docs.

    K3s Provisioning is GA (x86 Only)

    Provisioning K3s clusters on x86 clusters has graduated to GA! The fully compliant Kubernetes distribution is simplified, secure and at less than 60mb is perfect for Edge.

    New in Rancher

    • Support has ended for Kubernetes v1.20, v1.21, and v1.22.
    • The Manage Cluster Members and Manage Project Members roles have been updated to better align with common expectations regarding privilege escalation. Users in this role must now have any privilege they wish to assign to others. See #122.

    New in the Rancher UI

    • Cluster events are now displayed more prominently. See #5816.
    • Added the ability to customize documentation links in the Rancher UI. See #6294.
    • The Diagnostics page now shows more detailed information for troubleshooting performance issues. See #6739.

    New in Fleet

    Authentication for OCI-based registries is now supported. Note that the structure of the fleet.yaml is the same, and the credentials are provided as a Kubernetes secret which is described in the Private Helm Repo box in the Repo Structure docs.

    Major Bug Fixes

    • When deploying a RKE2/K3s custom cluster that uses a proxy, the registration now completes as expected. See #39066.
    • When navigating to the Continuous Delivery page from the Cluster Management page or Home page, the clusters now show up per the selected namespace as expected. See #7213.
    • Kubernetes versions 1.24.x are no longer appearing as "experimental" when provisioning AKS clusters, as 1.24.x versions are fully supported for AKS clusters. See #7217.
    • RKE v1.3.10-v1.3.13 in Rancher v2.6.7-v2.6.8 no longer removes user addons during an upgrade before redeploying them, which would cause issues with RKE1 cluster upgrades if user addons template has cattle-* or other system namespaces. See #38749.
    • Fixed an issue where user-defined EKS security groups were configured as the only node group security groups rather than being appended to the cluster default security group. See #38014.
    • Fixed issue in which OPA Gatekeeper became stuck when uninstalled. See #37029.
    • Web socket disconnections no longer result in too many notifications. See #6992.
    • CPU and memory usage are now displayed properly for EKS nodes. See #4956.

    Rancher Behavior Changes

    • Pods critical to running Rancher did not use a priority class. This could cause a cluster with limited resources to evict Rancher pods before other noncritical pods. A configurable priorityClass has been added to the Rancher pod and its feature charts. See #37927.
    • Rancher now defaults to using the bci-micro image for its sidecar audit logging instead of busybox. See #35587.
    • Rancher no longer validates an app registration's permissions to use Microsoft Graph on endpoint updates or initial setup. Rancher recommends admins to add Directory.Read.All permissions of type Application. If you configure a different set of permissions, Rancher may not be able to perform some of the actions within Azure AD, if the permissions are insufficient, so you may encounter errors.
    • For RKE2/K3s node driver clusters, when installing or upgrading an official Rancher Helm chart app, the behavior has changed for pulling images. Previously, only the global container registry was used. As of this release, by default, if a private registry exists in the cluster config, that registry will be used for pulling images. If no cluster scoped registry is found, the global container registry will be used. To change the default registry, a custom registry can be specified during the Helm chart install/upgrade workflow.

    Known Issues

    • EKS clusters on Kubernetes v1.21 or below on Rancher v2.7 cannot be upgraded. To see more detail about this issue and the workaround, please see this comment.
    • In RKE1 clusters on Kubernetes v1.24, cadvisor container labels and metric series break Monitoring V2 dashboards. See #38934 for a workaround and more details on the issue.

    Install/Upgrade Notes

    Upgrade Requirements

    • Creating backups: We strongly recommend creating a backup before upgrading Rancher. To roll back Rancher after an upgrade, you must back up and restore Rancher to the previous Rancher version. Because Rancher will be restored to its state when a backup was created, any changes post upgrade will not be included after the restore. For more information, see the documentation on backing up Rancher.
    • Helm version: Rancher install or upgrade must occur with Helm 3.2.x+ due to the changes with the latest cert-manager release. See #29213.
    • CNI requirements:
      • For Kubernetes v1.19 and newer, we recommend disabling firewalld as it has been found to be incompatible with various CNI plugins. See #28840.
      • If upgrading or installing to a Linux distribution which uses nf_tables as the backend packet filter, such as SLES 15, RHEL 8, Ubuntu 20.10, Debian 10, or newer, users should upgrade to RKE1 v1.19.2 or later to get Flannel version v0.13.0 that supports nf_tables. See Flannel #1317.
    • Requirements for air gapped environments:
      • For installing or upgrading Rancher in an air gapped environment, please add the flag --no-hooks to the helm template command to skip rendering files for Helm's hooks. See #3226.
      • If using a proxy in front of an air gapped Rancher, you must pass additional parameters to NO_PROXY. See the documentation and related issue #2725.
    • Requirements for Docker installs:
      • When starting the Rancher Docker container, the privileged flag must be used. See documentation.
      • When installing in an air gapped environment, you must supply a custom registries.yaml file to the docker run command as shown in the K3s documentation. If the registry has certificates, then you will need to also supply those. See #28969.
      • When upgrading a Docker installation, a panic may occur in the container, which causes it to restart. After restarting, the container comes up and is working as expected. See #33685.

    Rancher Behavior Changes

    See the Rancher v2.6.9 release notes for previous behavior changes.

    Versions

    Please refer to the README for latest and stable versions.

    Please review our version documentation for more details on versioning and tagging conventions.

    Images

    • rancher/rancher:v2.7.0

    Tools

    Kubernetes Versions

    • v1.24.6 (Default)
    • v1.23.12

    Rancher Helm Chart Versions

    Starting in 2.6.0, many of the Rancher Helm charts available in the Apps & Marketplace will start with a major version of 100. This was done to avoid simultaneous upstream changes and Rancher changes from causing conflicting version increments. This also brings us into compliance with semver, which is a requirement for newer versions of Helm. You can now see the upstream version of a chart in the build metadata, for example: 100.0.0+up2.1.0. See #32294.

    Other Notes

    Experimental Features

    • Dual-stack and IPv6-only support for RKE1 clusters using the Flannel CNI will be experimental starting in v1.23.x. See the upstream Kubernetes docs. Dual-stack is not currently supported on Windows. See #165.

    Deprecated Upstream Projects

    • Microsoft has deprecated the Azure AD Graph API that Rancher had been using for authentication via Azure AD. A configuration update is necessary to make sure users can still use Rancher with Azure AD. See the docs and #29306 for details.

    Removed Legacy Features

    The following legacy features have been removed as of Rancher v2.7.0. The deprecation and removal of these features were announced in previous releases. See #6864.

    UI and Backend

    • CIS Scans v1 (Cluster)
    • Pipelines (Project)
    • Istio v1 (Project)
    • Logging v1 (Project)
    • RancherD

    UI

    • Multiclusterapps (Global) - Apps within Multicluster Apps section

    Known Major Issues

    • Kubernetes Cluster Distributions:
      • RKE:
        • Rotating encryption keys with a custom encryption provider is not supported. See #30539.
        • Kubernetes RKE1 1.24.x clusters fail to reach an Active state using Oracle Linux 8.4; high CPU usage is also observed. Cluster could be a fresh installation or upgraded to v1.24.x. See #38816.
      • RKE2:
        • Amazon ECR Private Registries are not functional. See #33920.
        • When provisioning using an RKE2 cluster template, the rootSize for AWS EC2 provisioners does not currently take an integer when it should, and an error is thrown. To work around this issue, wrap the EC2 rootSize in quotes. See Dashboard #3689.
        • The communication between the ingress controller and the pods doesn't work when you create an RKE2 cluster with Cilium as the CNI and activate project network isolation. See documentation and #34275.
        • Encryption keys may fail to rotate when there are a large number (> 2000) of secrets. See #38283.
        • The system-upgrade-controller Deployment may fail after Monitoring is enabled on an RKE2 v1.23 or v1.24 cluster with Windows nodes. See #38646.
      • RKE2 - Windows:
        • CSI Proxy for Windows will now work in an air-gapped environment.
        • NodePorts do not work on Windows Server 2022 in RKE2 clusters due to a Windows kernel bug. See #159.
        • When upgrading Windows nodes in RKE2 clusters via the Rancher UI, Windows worker nodes will require a reboot after the upgrade is completed. See #37645.
      • K3s:
        • The K3s proxied downstream cluster does not work on v1.24.4+k3s1 but does work on v1.24.6+k3s1. See #39284.
      • AKS:
        • When editing or upgrading the AKS cluster, do not make changes from the Azure console or CLI at the same time. These actions must be done separately. See #33561.
        • Windows node pools are not currently supported. See #32586.
        • Azure Container Registry-based Helm charts cannot be added in Cluster Explorer, but do work in the Apps feature of Cluster Manager. Note that when using a Helm chart repository, the disableSameOriginCheck setting controls when credentials are attached to requests. See documentation and #34584 for more information.
      • GKE:
        • Basic authentication must be explicitly disabled in GCP before upgrading a GKE cluster to 1.19+ in Rancher. See #32312.
    • Infrastructures:
      • vSphere:
        • PersistentVolumes are unable to mount to custom vSphere hardened clusters using CSI charts. See #35173.
    • Harvester:
      • Upgrades from Harvester v0.3.0 are not supported.
      • Deploying Fleet to Harvester clusters is not yet supported. Clusters, whether Harvester or non-Harvester, imported using the Virtualization Management page will result in the cluster not being listed on the Continuous Delivery page. See #35049.
      • When upgrading RKE2 in a Harvester cluster, the result may be that the first node will be upgraded while the remaining server nodes' scheduling is disabled. See #39167.
    • Cluster Tools:
      • Fleet:
        • Multiple fleet-agent pods may be created and deleted during initial downstream agent deployment; rather than just one. This resolves itself quickly, but is unintentional behavior. See #33293.
      • Hardened clusters:
        • Not all cluster tools can currently be installed on a hardened cluster.
      • Rancher Backup:
        • When migrating to a cluster with the Rancher Backup feature, the server-url cannot be changed to a different location. It must continue to use the same URL.
        • When running a newer version of the rancher-backup app to restore a backup made with an older version of the app, the resourceSet named rancher-resource-set will be restored to an older version that might be different from the one defined in the current running rancher-backup app. The workaround is to edit the rancher-backup app to trigger a reconciliation. See #34495.
        • Because Kubernetes v1.22 drops the apiVersion apiextensions.k8s.io/v1beta1, trying to restore an existing backup file into a v1.22+ cluster will fail because the backup file contains CRDs with the apiVersion v1beta1. There are two options to work around this issue: update the default resourceSet to collect the CRDs with the apiVersion v1, or update the default resourceSet and the client to use the new APIs internally. See documentation and #34154.
      • Monitoring:
        • Deploying Monitoring on a Windows cluster with win_prefix_path set requires users to deploy Rancher Wins Upgrader to restart wins on the hosts to start collecting metrics in Prometheus. See #32535.
      • Logging:
        • Windows nodeAgents are not deleted when performing helm upgrade after disabling Windows logging on a Windows cluster. See #32325.
      • Istio Versions:
        • Istio 1.12 and below do not work on Kubernetes 1.23 clusters. To use the Istio charts, please do not update to Kubernetes 1.23 until the next charts' release.
        • Deprecated resources are not automatically removed and will cause errors during upgrades. Manual steps must be taken to migrate and/or cleanup resources before an upgrade is performed. See #34699.
        • Applications injecting Istio sidecars, fail on SELinux RHEL 8.4 enabled clusters. A temporary workaround for this issue is to run the following command on each cluster node before creating a cluster: mkdir -p /var/run/istio-cni && semanage fcontext -a -t container_file_t /var/run/istio-cni && restorecon -v /var/run/istio-cni. See #33291.
    • Docker Installations:
      • UI issues may occur due to a longer startup time. User will receive an error message when launching Docker for the first time #28800, and user is directed to username/password screen when accessing the UI after a Docker install of Rancher. See #28798.
      • On a Docker install upgrade and rollback, Rancher logs will repeatedly display the messages "Updating workload ingress-nginx/nginx-ingress-controller" and "Updating service frontend with public endpoints". Ingresses and clusters are functional and active, and logs resolve eventually. See #35798.
      • Rancher single node wont start on Apple M1 devices with Docker Desktop 4.3.0 or newer. See #35930.
    • Rancher UI:
      • After installing an app from a partner chart repo, the partner chart will upgrade to feature charts if the chart also exists in the feature charts default repo. See #5655.
      • In some instances under Users and Authentication, no users are listed and clicking Create to create a new user does not display the entire form. To work around this when encountered, perform a hard refresh to be able to log back in. See #37531.
      • Deployment securityContext section is missing when a new workload is created. This prevents pods from starting when Pod Security Policy Support is enabled. See #4815.
    • Legacy UI:
      • When using the Rancher UI to add a new port of type ClusterIP to an existing Deployment created using the legacy UI, the new port will not be created upon saving. To work around this issue, repeat the procedure to add the port again. Users will notice the Service Type field will display as Do not create a service. Change this to ClusterIP and upon saving, the new port will be created successfully during this subsequent attempt. See #4280.
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(649 bytes)
    rancher-data.json(3.54 MB)
    rancher-images-digests-linux-amd64.txt(42.61 KB)
    rancher-images-digests-linux-arm64.txt(32.35 KB)
    rancher-images-digests-linux-s390x.txt(33.46 KB)
    rancher-images-digests-windows-1809.txt(1.10 KB)
    rancher-images-digests-windows-ltsc2022.txt(1.10 KB)
    rancher-images-origins.txt(14.60 KB)
    rancher-images-sources.txt(22.67 KB)
    rancher-images.txt(15.44 KB)
    rancher-load-images.ps1(3.41 KB)
    rancher-load-images.sh(4.01 KB)
    rancher-mirror-to-rancher-org.ps1(506 bytes)
    rancher-mirror-to-rancher-org.sh(19.46 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(39 bytes)
    rancher-save-images.ps1(2.59 KB)
    rancher-save-images.sh(1.71 KB)
    rancher-windows-images-sources.txt(624 bytes)
    rancher-windows-images.txt(362 bytes)
    sha256sum.txt(1.40 KB)
  • v2.7.0-rc12(Nov 15, 2022)

    Images with -rc

    rancher/rancher v2.7.0-rc12 rancher/rancher-agent v2.7.0-rc12 rancher/rancher-runtime v2.7.0-rc12

    Components with -rc

    Min version components with -rc

    RKE Kubernetes versions

    v1.23.12-rancher1-1 v1.24.6-rancher1-1

    Chart/KDM sources

    • SYSTEM_CHART_DEFAULT_BRANCH: release-v2.7 (scripts/package-env)
    • CHART_DEFAULT_BRANCH: release-v2.7 (scripts/package-env)
    • SYSTEM_CHART_DEFAULT_BRANCH: release-v2.7 (package/Dockerfile)
    • CHART_DEFAULT_BRANCH: release-v2.7 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: release-v2.7 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: release-v2.7 (Dockerfile.dapper)
    • KDMBranch: release-v2.7 (pkg/settings/setting.go)
    • ChartDefaultBranch: release-v2.7 (pkg/settings/setting.go)
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(746 bytes)
    rancher-data.json(3.54 MB)
    rancher-images-digests-linux-amd64.txt(42.63 KB)
    rancher-images-digests-linux-arm64.txt(32.29 KB)
    rancher-images-digests-linux-s390x.txt(33.40 KB)
    rancher-images-digests-windows-1809.txt(1.11 KB)
    rancher-images-digests-windows-ltsc2022.txt(1.11 KB)
    rancher-images-origins.txt(14.60 KB)
    rancher-images-sources.txt(22.68 KB)
    rancher-images.txt(15.46 KB)
    rancher-load-images.ps1(3.41 KB)
    rancher-load-images.sh(4.01 KB)
    rancher-mirror-to-rancher-org.ps1(511 bytes)
    rancher-mirror-to-rancher-org.sh(19.47 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(39 bytes)
    rancher-save-images.ps1(2.59 KB)
    rancher-save-images.sh(1.71 KB)
    rancher-windows-images-sources.txt(629 bytes)
    rancher-windows-images.txt(367 bytes)
    sha256sum.txt(1.40 KB)
  • v2.7.0-rc11(Nov 11, 2022)

    Images with -rc

    rancher/rancher v2.7.0-rc11 rancher/rancher-agent v2.7.0-rc11 rancher/rancher-runtime v2.7.0-rc11

    Components with -rc

    CLI_VERSION v2.7.0-rc1 DASHBOARD_UI_VERSION v2.7.0-rc10 UI_VERSION 2.7.0-rc10 RKE v1.4.0-rc4

    Min version components with -rc

    FLEET_MIN_VERSION 101.0.0+up0.5.0-rc4

    RKE Kubernetes versions

    v1.23.12-rancher1-1 v1.24.6-rancher1-1

    Chart/KDM sources

    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.7 (scripts/package-env)
    • CHART_DEFAULT_BRANCH: dev-v2.7 (scripts/package-env)
    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.7 (package/Dockerfile)
    • CHART_DEFAULT_BRANCH: dev-v2.7 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.7 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.7 (Dockerfile.dapper)
    • KDMBranch: dev-v2.7 (pkg/settings/setting.go)
    • ChartDefaultBranch: dev-v2.7 (pkg/settings/setting.go)
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(842 bytes)
    rancher-data.json(3.54 MB)
    rancher-images-digests-linux-amd64.txt(42.63 KB)
    rancher-images-digests-linux-arm64.txt(32.29 KB)
    rancher-images-digests-linux-s390x.txt(33.40 KB)
    rancher-images-digests-windows-1809.txt(1.11 KB)
    rancher-images-digests-windows-ltsc2022.txt(1.11 KB)
    rancher-images-origins.txt(14.60 KB)
    rancher-images-sources.txt(22.68 KB)
    rancher-images.txt(15.46 KB)
    rancher-load-images.ps1(3.41 KB)
    rancher-load-images.sh(4.01 KB)
    rancher-mirror-to-rancher-org.ps1(511 bytes)
    rancher-mirror-to-rancher-org.sh(19.47 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(39 bytes)
    rancher-save-images.ps1(2.59 KB)
    rancher-save-images.sh(1.71 KB)
    rancher-windows-images-sources.txt(629 bytes)
    rancher-windows-images.txt(367 bytes)
    sha256sum.txt(1.40 KB)
  • v2.7.0-rc10(Nov 9, 2022)

    Images with -rc

    rancher/cis-operator v1.0.10-rc2 rancher/fleet v0.5.0-rc4 rancher/fleet-agent v0.5.0-rc4 rancher/rancher v2.7.0-rc10 rancher/rancher-agent v2.7.0-rc10 rancher/rancher-runtime v2.7.0-rc10 rancher/rancher-webhook v0.3.0-rc5 rancher/security-scan v0.2.9-rc6

    Components with -rc

    CLI_VERSION v2.7.0-rc1 DASHBOARD_UI_VERSION v2.7.0-rc10 UI_VERSION 2.7.0-rc10 GKE-OPERATOR v1.1.5-rc1 RKE v1.4.0-rc4

    Min version components with -rc

    FLEET_MIN_VERSION 101.0.0+up0.5.0-rc4 RANCHER_WEBHOOK_MIN_VERSION 2.0.0+up0.3.0-rc5

    RKE Kubernetes versions

    v1.23.12-rancher1-1 v1.24.6-rancher1-1

    Chart/KDM sources

    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.7 (scripts/package-env)
    • CHART_DEFAULT_BRANCH: dev-v2.7 (scripts/package-env)
    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.7 (package/Dockerfile)
    • CHART_DEFAULT_BRANCH: dev-v2.7 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.7 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.7 (Dockerfile.dapper)
    • KDMBranch: dev-v2.7 (pkg/settings/setting.go)
    • ChartDefaultBranch: dev-v2.7 (pkg/settings/setting.go)
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(1.04 KB)
    rancher-data.json(3.54 MB)
    rancher-images-digests-linux-amd64.txt(43.13 KB)
    rancher-images-digests-linux-arm64.txt(32.66 KB)
    rancher-images-digests-linux-s390x.txt(33.90 KB)
    rancher-images-digests-windows-1809.txt(1.11 KB)
    rancher-images-digests-windows-ltsc2022.txt(1.11 KB)
    rancher-images-origins.txt(14.60 KB)
    rancher-images-sources.txt(22.97 KB)
    rancher-images.txt(15.64 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(515 bytes)
    rancher-mirror-to-rancher-org.sh(19.70 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(39 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(637 bytes)
    rancher-windows-images.txt(371 bytes)
    sha256sum.txt(1.40 KB)
  • v2.7.0-rc9(Nov 3, 2022)

    Images with -rc

    rancher/aks-operator v1.0.7-rc2 rancher/backup-restore-operator v3.0.0-rc1 rancher/cis-operator v1.0.10-rc2 rancher/eks-operator v1.1.5-rc2 rancher/fleet v0.5.0-rc4 rancher/fleet-agent v0.5.0-rc4 rancher/gke-operator v1.1.5-rc1 rancher/rancher v2.7.0-rc9 rancher/rancher-agent v2.7.0-rc9 rancher/rancher-runtime v2.7.0-rc9 rancher/rancher-webhook v0.3.0-rc5 rancher/security-scan v0.2.9-rc6

    Components with -rc

    CLI_VERSION v2.7.0-rc1 DASHBOARD_UI_VERSION v2.7.0-rc8 UI_VERSION 2.7.0-rc8 GKE-OPERATOR v1.1.5-rc1 RKE v1.4.0-rc4

    Min version components with -rc

    FLEET_MIN_VERSION 101.0.0+up0.5.0-rc4 RANCHER_WEBHOOK_MIN_VERSION 2.0.0+up0.3.0-rc5

    RKE Kubernetes versions

    v1.23.12-rancher1-1 v1.24.6-rancher1-1

    Chart/KDM sources

    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.7 (scripts/package-env)
    • CHART_DEFAULT_BRANCH: dev-v2.7 (scripts/package-env)
    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.7 (package/Dockerfile)
    • CHART_DEFAULT_BRANCH: dev-v2.7 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.7 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.7 (Dockerfile.dapper)
    • KDMBranch: dev-v2.7 (pkg/settings/setting.go)
    • ChartDefaultBranch: dev-v2.7 (pkg/settings/setting.go)
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(1.17 KB)
    rancher-data.json(3.56 MB)
    rancher-image-origins.txt(14.60 KB)
    rancher-images-digests-linux-amd64.txt(44.78 KB)
    rancher-images-digests-linux-arm64.txt(33.54 KB)
    rancher-images-digests-linux-s390x.txt(35.55 KB)
    rancher-images-digests-windows-1809.txt(1.11 KB)
    rancher-images-digests-windows-ltsc2022.txt(1.11 KB)
    rancher-images-sources.txt(23.71 KB)
    rancher-images.txt(16.25 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(514 bytes)
    rancher-mirror-to-rancher-org.sh(20.46 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(39 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(636 bytes)
    rancher-windows-images.txt(370 bytes)
    sha256sum.txt(1.40 KB)
  • v2.7.0-rc8(Oct 28, 2022)

    Images with -rc

    rancher/aks-operator v1.0.7-rc2 rancher/backup-restore-operator v3.0.0-rc1 rancher/cis-operator v1.0.10-rc2 rancher/eks-operator v1.1.5-rc2 rancher/fleet v0.5.0-rc4 rancher/fleet-agent v0.5.0-rc4 rancher/gke-operator v1.1.5-rc1 rancher/rancher v2.7.0-rc8 rancher/rancher-agent v2.7.0-rc8 rancher/rancher-runtime v2.7.0-rc8 rancher/rancher-webhook v0.3.0-rc4 rancher/security-scan v0.2.9-rc6 rancher/ui-plugin-operator v0.1.0-rc3

    Components with -rc

    CLI_VERSION v2.7.0-rc1 DASHBOARD_UI_VERSION v2.7.0-rc7 UI_VERSION 2.7.0-rc7 GKE-OPERATOR v1.1.5-rc1 RKE v1.4.0-rc4

    Min version components with -rc

    FLEET_MIN_VERSION 101.0.0+up0.5.0-rc4 RANCHER_WEBHOOK_MIN_VERSION 2.0.0+up0.3.0-rc4

    RKE Kubernetes versions

    v1.23.12-rancher1-1 v1.24.6-rancher1-1

    Chart/KDM sources

    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.7 (scripts/package-env)
    • CHART_DEFAULT_BRANCH: dev-v2.7 (scripts/package-env)
    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.7 (package/Dockerfile)
    • CHART_DEFAULT_BRANCH: dev-v2.7 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.7 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.7 (Dockerfile.dapper)
    • KDMBranch: dev-v2.7 (pkg/settings/setting.go)
    • ChartDefaultBranch: dev-v2.7 (pkg/settings/setting.go)
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(1.21 KB)
    rancher-data.json(3.56 MB)
    rancher-image-origins.txt(14.60 KB)
    rancher-images-digests-linux-amd64.txt(44.78 KB)
    rancher-images-digests-linux-arm64.txt(33.55 KB)
    rancher-images-digests-linux-s390x.txt(35.56 KB)
    rancher-images-digests-windows-1809.txt(1.11 KB)
    rancher-images-digests-windows-ltsc2022.txt(1.11 KB)
    rancher-images-sources.txt(23.73 KB)
    rancher-images.txt(16.25 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(514 bytes)
    rancher-mirror-to-rancher-org.sh(20.47 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(39 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(636 bytes)
    rancher-windows-images.txt(370 bytes)
    sha256sum.txt(1.40 KB)
  • v2.7.0-rc7(Oct 25, 2022)

    Images with -rc

    rancher/aks-operator v1.0.7-rc2 rancher/backup-restore-operator v3.0.0-rc1 rancher/cis-operator v1.0.10-rc2 rancher/eks-operator v1.1.5-rc2 rancher/fleet v0.5.0-rc3 rancher/fleet-agent v0.5.0-rc3 rancher/gke-operator v1.1.5-rc1 rancher/rancher v2.7.0-rc7 rancher/rancher-agent v2.7.0-rc7 rancher/rancher-runtime v2.7.0-rc7 rancher/rancher-webhook v0.3.0-rc4 rancher/security-scan v0.2.9-rc6 rancher/ui-plugin-operator v0.1.0-rc3

    Components with -rc

    CLI_VERSION v2.7.0-rc1 DASHBOARD_UI_VERSION v2.7.0-rc7 UI_VERSION 2.7.0-rc7 GKE-OPERATOR v1.1.5-rc1 RKE v1.4.0-rc4

    Min version components with -rc

    FLEET_MIN_VERSION 101.0.0+up0.5.0-rc3 RANCHER_WEBHOOK_MIN_VERSION 2.0.0+up0.3.0-rc4

    RKE Kubernetes versions

    v1.23.12-rancher1-1 v1.24.6-rancher1-1

    Chart/KDM sources

    • SYSTEM_CHART_DEFAULT_BRANCH: (scripts/package)
    • CHART_DEFAULT_BRANCH: (scripts/package)
    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.7 (package/Dockerfile)
    • CHART_DEFAULT_BRANCH: dev-v2.7 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.7 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.7 (Dockerfile.dapper)
    • KDMBranch: dev-v2.7 (pkg/settings/setting.go)
    • ChartDefaultBranch: dev-v2.7 (pkg/settings/setting.go)
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(1.18 KB)
    rancher-data.json(3.55 MB)
    rancher-image-origins.txt(14.42 KB)
    rancher-images-digests-linux-amd64.txt(44.05 KB)
    rancher-images-digests-linux-arm64.txt(32.96 KB)
    rancher-images-digests-linux-s390x.txt(34.83 KB)
    rancher-images-digests-windows-1809.txt(1.11 KB)
    rancher-images-digests-windows-ltsc2022.txt(1.11 KB)
    rancher-images-sources.txt(23.46 KB)
    rancher-images.txt(16.06 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(514 bytes)
    rancher-mirror-to-rancher-org.sh(20.22 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(39 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(636 bytes)
    rancher-windows-images.txt(370 bytes)
    sha256sum.txt(1.40 KB)
  • v2.7.0-rc6(Oct 21, 2022)

    Images with -rc

    rancher/aks-operator v1.0.7-rc2 rancher/backup-restore-operator v3.0.0-rc1 rancher/cis-operator v1.0.10-rc2 rancher/eks-operator v1.1.5-rc2 rancher/fleet v0.5.0-rc3 rancher/fleet-agent v0.5.0-rc3 rancher/gke-operator v1.1.5-rc1 rancher/rancher v2.7.0-rc6 rancher/rancher-agent v2.7.0-rc6 rancher/rancher-csp-adapter v2.0.0-rc1 rancher/rancher-runtime v2.7.0-rc6 rancher/rancher-webhook v0.3.0-rc4 rancher/security-scan v0.2.9-rc6 rancher/ui-plugin-operator v0.1.0-rc3

    Components with -rc

    CLI_VERSION v2.7.0-rc1 DASHBOARD_UI_VERSION v2.7.0-rc6 UI_VERSION 2.7.0-rc6 GKE-OPERATOR v1.1.5-rc1 RKE v1.4.0-rc4

    Min version components with -rc

    CSP_ADAPTER_MIN_VERSION 2.0.0+up2.0.0-rc1 FLEET_MIN_VERSION 101.0.0+up0.5.0-rc3 RANCHER_WEBHOOK_MIN_VERSION 2.0.0+up0.3.0-rc4

    RKE Kubernetes versions

    v1.23.12-rancher1-1 v1.24.6-rancher1-1

    Chart/KDM sources

    • SYSTEM_CHART_DEFAULT_BRANCH: (scripts/package)
    • CHART_DEFAULT_BRANCH: (scripts/package)
    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.7 (package/Dockerfile)
    • CHART_DEFAULT_BRANCH: dev-v2.7 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.7 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.7 (Dockerfile.dapper)
    • KDMBranch: dev-v2.7 (pkg/settings/setting.go)
    • ChartDefaultBranch: dev-v2.7 (pkg/settings/setting.go)
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(1.26 KB)
    rancher-data.json(3.55 MB)
    rancher-image-origins.txt(14.42 KB)
    rancher-images-digests-linux-amd64.txt(44.06 KB)
    rancher-images-digests-linux-arm64.txt(32.96 KB)
    rancher-images-digests-linux-s390x.txt(34.83 KB)
    rancher-images-digests-windows-1809.txt(1.11 KB)
    rancher-images-digests-windows-ltsc2022.txt(1.11 KB)
    rancher-images-sources.txt(23.47 KB)
    rancher-images.txt(16.07 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(514 bytes)
    rancher-mirror-to-rancher-org.sh(20.22 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(39 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(636 bytes)
    rancher-windows-images.txt(370 bytes)
    sha256sum.txt(1.40 KB)
  • v2.7.0-rc5(Oct 21, 2022)

    Images with -rc

    rancher/aks-operator v1.0.7-rc2 rancher/backup-restore-operator v3.0.0-rc1 rancher/cis-operator v1.0.10-rc2 rancher/eks-operator v1.1.5-rc2 rancher/fleet v0.5.0-rc3 rancher/fleet-agent v0.5.0-rc3 rancher/gke-operator v1.1.5-rc1 rancher/rancher v2.7.0-rc5 rancher/rancher-agent v2.7.0-rc5 rancher/rancher-csp-adapter v2.0.0-rc1 rancher/rancher-runtime v2.7.0-rc5 rancher/rancher-webhook v0.3.0-rc4 rancher/security-scan v0.2.9-rc6 rancher/ui-plugin-operator v0.1.0-rc3

    Components with -rc

    CLI_VERSION v2.7.0-rc1 DASHBOARD_UI_VERSION v2.7.0-rc6 UI_VERSION 2.7.0-rc6 GKE-OPERATOR v1.1.5-rc1 RKE v1.4.0-rc4

    Min version components with -rc

    CSP_ADAPTER_MIN_VERSION 2.0.0+up2.0.0-rc1 FLEET_MIN_VERSION 101.0.0+up0.5.0-rc2 RANCHER_WEBHOOK_MIN_VERSION 2.0.0+up0.3.0-rc4

    RKE Kubernetes versions

    v1.23.12-rancher1-1 v1.24.6-rancher1-1

    Chart/KDM sources

    • SYSTEM_CHART_DEFAULT_BRANCH: (scripts/package)
    • CHART_DEFAULT_BRANCH: (scripts/package)
    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.7 (package/Dockerfile)
    • CHART_DEFAULT_BRANCH: dev-v2.7 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.7 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.7 (Dockerfile.dapper)
    • KDMBranch: dev-v2.7 (pkg/settings/setting.go)
    • ChartDefaultBranch: dev-v2.7 (pkg/settings/setting.go)
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(1.26 KB)
    rancher-data.json(3.55 MB)
    rancher-image-origins.txt(14.42 KB)
    rancher-images-digests-linux-amd64.txt(44.06 KB)
    rancher-images-digests-linux-arm64.txt(32.96 KB)
    rancher-images-digests-linux-s390x.txt(34.83 KB)
    rancher-images-digests-windows-1809.txt(1.11 KB)
    rancher-images-digests-windows-ltsc2022.txt(1.11 KB)
    rancher-images-sources.txt(23.47 KB)
    rancher-images.txt(16.07 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(514 bytes)
    rancher-mirror-to-rancher-org.sh(20.22 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(39 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(636 bytes)
    rancher-windows-images.txt(370 bytes)
    sha256sum.txt(1.40 KB)
  • v2.7.0-rc4(Oct 18, 2022)

    Images with -rc

    rancher/aks-operator v1.0.7-rc2 rancher/backup-restore-operator v3.0.0-rc1 rancher/cis-operator v1.0.10-rc2 rancher/eks-operator v1.1.5-rc2 rancher/fleet v0.5.0-rc2 rancher/fleet-agent v0.5.0-rc2 rancher/gke-operator v1.1.5-rc1 rancher/rancher v2.7.0-rc4 rancher/rancher-agent v2.7.0-rc4 rancher/rancher-csp-adapter v2.0.0-rc1 rancher/rancher-runtime v2.7.0-rc4 rancher/rancher-webhook v0.3.0-rc4 rancher/security-scan v0.2.9-rc4 rancher/ui-plugin-operator v0.1.0-rc3

    Components with -rc

    CLI_VERSION v2.7.0-rc1 DASHBOARD_UI_VERSION v2.7.0-rc5 UI_VERSION 2.7.0-rc5 GKE-OPERATOR v1.1.5-rc1 RKE v1.4.0-rc4

    Min version components with -rc

    CSP_ADAPTER_MIN_VERSION 2.0.0+up2.0.0-rc1 FLEET_MIN_VERSION 101.0.0+up0.5.0-rc2 RANCHER_WEBHOOK_MIN_VERSION 2.0.0+up0.3.0-rc4

    RKE Kubernetes versions

    v1.23.12-rancher1-1 v1.24.6-rancher1-1

    Chart/KDM sources

    • SYSTEM_CHART_DEFAULT_BRANCH: (scripts/package)
    • CHART_DEFAULT_BRANCH: (scripts/package)
    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.7 (package/Dockerfile)
    • CHART_DEFAULT_BRANCH: dev-v2.7 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.7 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.7 (Dockerfile.dapper)
    • KDMBranch: dev-v2.7 (pkg/settings/setting.go)
    • ChartDefaultBranch: dev-v2.7 (pkg/settings/setting.go)
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(1.26 KB)
    rancher-data.json(3.54 MB)
    rancher-image-origins.txt(14.33 KB)
    rancher-images-digests-linux-amd64.txt(39.96 KB)
    rancher-images-digests-linux-arm64.txt(30.67 KB)
    rancher-images-digests-linux-s390x.txt(31.30 KB)
    rancher-images-digests-windows-1809.txt(1.11 KB)
    rancher-images-digests-windows-ltsc2022.txt(1.11 KB)
    rancher-images-sources.txt(21.58 KB)
    rancher-images.txt(14.46 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(514 bytes)
    rancher-mirror-to-rancher-org.sh(18.25 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(39 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(636 bytes)
    rancher-windows-images.txt(370 bytes)
    sha256sum.txt(1.40 KB)
  • v2.6.9(Oct 18, 2022)

    Release v2.6.9

    It is important to review the Install/Upgrade Notes below before upgrading to any Rancher version.

    In Rancher v2.6.4, the cluster-api module has been upgraded from v0.4.4 to v1.0.2 in which the apiVersion of CAPI CRDs are upgraded from cluster.x-k8s.io/v1alpha4 to cluster.x-k8s.io/v1beta1. This has the effect of causing rollbacks from Rancher v2.6.4 to any previous version of Rancher v2.6.x to fail because the previous version the CRDs needed to roll back are no longer available in v1beta1. To avoid this, the Rancher resource cleanup script should be run before the restore or rollback is attempted. This script can be found in the rancherlabs/support-tools repo and the usage of the script can be found in the backup-restore operator docs. In addition, when users roll back Rancher on the same cluster using the Rancher Backup and Restore app in 2.6.4+, the updated steps to create the Restore Custom Resource must be followed. See also #36803 for more details.

    Major Bug Fixes

    • Fixed an issue which caused version 1.0.0 of the CSP Adapter to incorrectly count nodes. Users should only use version 1.0.1 or higher of the adapter to ensure that node counts are accurate. See #38712.
    • Fixed an issue where role templates with circular references (e.g., role template 1 inherits role template 2 which inherits role template 1) could result in high CPU usage and crashes. Requests to create new role templates with such a structure (or edit existing role templates to have such a structure) should not fail, and Rancher should no longer have excessively high CPU cycles when attempting to process such existing roles. Note that this will not remove existing custom roles which have circular references; therefore, it is recommended that users review existing role templates to ensure that they do not have circular references (such role templates will not function as desired). See #38419.
    • Fixed an issue in which user attributes were not being refreshed correctly and sometimes became empty which caused impersonation rules to be incorrect. See #36096.
    • Fixed an issue where user-defined EKS security groups were configured as the only node group security groups rather than being appended to the cluster default security group. See #38014.
    • Fixed issue in which OPA Gatekeeper became stuck when uninstalled. See #37029.
    • Users running RHEL/CentOS 7 may install or upgrade using K3s/RKE2 v1.24.4 and up. See #5912.
    • RKE v1.3.10-v1.3.13 in Rancher v2.6.7-v2.6.8 no longer removes user addons during an upgrade before redeploying them, which would cause issues with RKE1 cluster upgrades if user addons template has cattle-* or other system namespaces. See #38876.
    • Fixed an issue in which after installing any chart through the Rancher UI, the proxy container of the helm-operation pod was not terminated, and it would become NotReady. See #38873.
    • Resolved an issue in which Kubernetes API events were not recorded when the log level was set to 3. See #38323.
    • Admins can now reconfigure (edit) a new Azure AD setup as well as a setup with updated endpoints for the Microsoft Graph without errors. See #38753.
    • A bug has been fixed that resulted in certain clusters being rendered unavailable after upgrade. This was due to improper migration of certain cluster fields to secrets. The known cluster types this affected were legacy AKS, GKE, and EKS clusters but may have affected other types of clusters as well. See #38699.
    • RKE2 and K3s custom clusters now provision as expected when using a proxy. See #39068.
    • Fixed an issue in which the Rancher UI produced the wrong CLI command when joining a node to a cluster with a taint in AWS. See #6827.
    • In the Rancher UI, yellow icons have been added to indicate which clusters need to be updated. See #6580.

    Rancher Behavior Changes

    • For Azure AD, Rancher now doesn't create or update the cached secret with the Azure AD access token if a new token does not have the necessary permissions. Rancher also prevents admins from updating the endpoints for Microsoft Graph if a new token lacks permissions. Note that this will be removed in v2.6.10 in favor of a different approach of handling token permissions. See #38754.

    Known Issues

    Rancher UI

    • Upon upgrade to Rancher v2.6.8, the UI consistently throws Websocket Disconnected errors. Note that alerts have been hidden behind a toggle by default so that systems remain usable. See #6960.
    • When navigating to the Continuous Delivery page from the Cluster Management page or Home page, the namespace filter is missing from the top-right corner. As a workaround, navigate to the Continuous Delivery page from the Cluster Explorer page to have access to the namespace filter. See #7213.
    • Kubernetes versions 1.24.x are incorrectly marked as “experimental” when provisioning AKS clusters (1.24.x versions are fully supported for AKS clusters). See #7217.

    Harvester

    • When upgrading RKE2 in a Harvester cluster, the result may be that the first node will be upgraded while the remaining server nodes' scheduling is disabled. See #39167.

    K3s

    • The K3s proxied downstream cluster does not work on v1.24.4+k3s1 but does work on v1.24.6+k3s1. This will be fixed in an upcoming release. See #39284.

    RKE

    • High CPU usage is observed on RKE1 v1.24.x clusters. Cluster could be a fresh installation or upgraded to v1.24.x. See #38816.

    Install/Upgrade Notes

    • If you are installing Rancher for the first time, your environment must fulfill the installation requirements.
    • The namespace where the local Fleet agent runs has been changed to cattle-fleet-local-system. This change does not impact GitOps workflows.

    Upgrade Requirements

    • Creating backups: We strongly recommend creating a backup before upgrading Rancher. To roll back Rancher after an upgrade, you must back up and restore Rancher to the previous Rancher version. Because Rancher will be restored to its state when a backup was created, any changes post upgrade will not be included after the restore. For more information, see the documentation on backing up Rancher.
    • Helm version: Rancher install or upgrade must occur with Helm 3.2.x+ due to the changes with the latest cert-manager release. See #29213.
    • Kubernetes version:
      • The local Kubernetes cluster for the Rancher server should be upgraded to Kubernetes 1.18+ before installing Rancher 2.6+.
    • CNI requirements:
      • For Kubernetes v1.19 and newer, we recommend disabling firewalld as it has been found to be incompatible with various CNI plugins. See #28840.
      • If upgrading or installing to a Linux distribution which uses nf_tables as the backend packet filter, such as SLES 15, RHEL 8, Ubuntu 20.10, Debian 10, or newer, users should upgrade to RKE1 v1.19.2 or later to get Flannel version v0.13.0 that supports nf_tables. See Flannel #1317.
      • For users upgrading from >=v2.4.4 to v2.5.x with clusters where ACI CNI is enabled, note that upgrading Rancher will result in automatic cluster reconciliation. This is applicable for Kubernetes versions v1.17.16-rancher1-1, v1.17.17-rancher1-1, v1.17.17-rancher2-1, v1.18.14-rancher1-1, v1.18.15-rancher1-1, v1.18.16-rancher1-1, and v1.18.17-rancher1-1. Please refer to the workaround BEFORE upgrading to v2.5.x. See #32002.
    • Requirements for air gapped environments:
      • For installing or upgrading Rancher in an air gapped environment, please add the flag --no-hooks to the helm template command to skip rendering files for Helm's hooks. See #3226.
      • If using a proxy in front of an air gapped Rancher, you must pass additional parameters to NO_PROXY. See the documentation and related issue #2725.
    • Cert-manager version requirements: Recent changes to cert-manager require an upgrade if you have a high-availability install of Rancher using self-signed certificates. If you are using cert-manager older than v0.9.1, please see the documentation on how to upgrade cert-manager. See documentation.
    • Requirements for Docker installs:
      • When starting the Rancher Docker container, the privileged flag must be used. See documentation.
      • When installing in an air gapped environment, you must supply a custom registries.yaml file to the docker run command as shown in the K3s documentation. If the registry has certificates, then you will need to also supply those. See #28969.
      • When upgrading a Docker installation, a panic may occur in the container, which causes it to restart. After restarting, the container comes up and is working as expected. See #33685.

    Rancher Behavior Changes

    • Cert-Manager:
      • Rancher now supports cert-manager versions 1.6.2 and 1.7.1. We recommend v1.7.x because v 1.6.x will reach end-of-life on March 30, 2022. To read more, see the documentation.
      • When upgrading Rancher and cert-manager, you will need to use Option B: Reinstalling Rancher and cert-manager from the Rancher docs.
      • There are several versions of cert-manager which, due to their backwards incompatibility, are not recommended for use with Rancher. You can read more about which versions are affected by this issue in the cert-manager docs. As a result, only versions 1.6.2 and 1.7.1 are recommended for use at this time.
      • For instructions on upgrading cert-manager from version 1.5 to 1.6, see the relevant cert-manager docs.
      • For instructions on upgrading cert-manager from version 1.6 to 1.7, see the relevant cert-manager docs.
    • Readiness and Liveness Check:
      • Users can now configure the Readiness Check and Liveness Check of coredns-autoscaler. See #24939.
    • Legacy Features:
      • Users upgrading from Rancher <=v2.5.x will automatically have the --legacy feature flag enabled. New installations that require legacy features need to enable the flag on install or through the UI.
      • When workloads created using the legacy UI are deleted, the corresponding services are not automatically deleted. Users will need to manually remove these services. A message will be displayed notifying the user to manually delete the associated services when such a workload is deleted. See #34639.
    • Library and Helm3-Library Catalogs:
      • Users will no longer be able to launch charts from the library and helm3-library catalogs, which are available through the legacy apps and multi-cluster-apps pages. Any existing legacy app that was deployed from a previous Rancher version will continue to be able to edit its currently deployed chart. Note that the Longhorn app will still be available from the library for new installs but will be removed in the next Rancher version. All users are recommended to deploy Longhorn from the Apps & Marketplace section of the Rancher UI instead of through the Legacy Apps pages.
    • Local Cluster:
      • In older Rancher versions, the local cluster could be hidden to restrict admin access to the Rancher server's local Kubernetes cluster, but that feature has been deprecated. The local Kubernetes cluster can no longer be hidden and all admins will have access to the local cluster. If you would like to restrict permissions to the local cluster, there is a new restricted-admin role that must be used. The access to local cluster can now be disabled by setting hide_local_cluster to true from the v3/settings API. See the documentation and #29325. For more information on upgrading from Rancher with a hidden local cluster, see the documentation.
    • Upgrading the Rancher UI:
      • After upgrading to v2.6+, users will be automatically logged out of the old Rancher UI and must log in again to access Rancher and the new UI. See #34004.
    • Fleet:
      • For users upgrading from v2.5.x to v2.6.x, note that Fleet will be enabled by default as it is required for operation in v2.6+. This will occur even if Fleet was disabled in v2.5.x. During the upgrade process, users will observe restarts of the rancher pods, which is expected. See #31044 and #32688.
      • Starting with Rancher v2.6.1, Fleet allows for two agents in the local cluster for scenarios where "Fleet is managing Fleet". The true local agent runs in the new cattle-fleet-local-system namespace. The agent downstream from another Fleet management cluster runs in cattle-fleet-system, similar to the agent pure downstream clusters. See #34716 and #531.
    • Editing and Saving Clusters:
      • For users upgrading from <=v2.4.8 (<= RKE v1.1.6) to v2.4.12+ (RKE v1.1.13+)/v2.5.0+ (RKE v1.2.0+) , please note that Edit and save cluster (even with no changes or a trivial change like cluster name) will result in cluster reconciliation and upgrading kube-proxy on all nodes because of a change in kube-proxy binds. This only happens on the first edit and later edits shouldn't affect the cluster. See #32216.
    • EKS Cluster:
      • There is currently a setting allowing users to configure the length of refresh time in cron format: eks-refresh-cron. That setting is now deprecated and has been migrated to a standard seconds format in a new setting: eks-refresh. If previously set, the migration will happen automatically. See #31789.
    • System Components:
      • Please be aware that upon an upgrade to v2.3.0+, any edits to a Rancher launched Kubernetes cluster will cause all system components to restart due to added tolerations to Kubernetes system components. Plan accordingly.
    • GKE and AKS Clusters:
      • Existing GKE and AKS clusters and imported clusters will continue to operate as-is. Only new creations and registered clusters will use the new full lifecycle management.
    • Rolling Back Rancher:
      • The process to roll back Rancher has been updated for versions v2.5.0 and above. New steps require scaling Rancher down to 0 replica before restoring the backup. Please refer to the documentation for the new instructions.
    • RBAC:
      • Due to the change of the provisioning framework, the Manage Nodes role will no longer be able to scale up/down machine pools. The user would need the ability to edit the cluster to manage the machine pools #34474.
    • Azure Cloud Provider for RKE2:
      • For RKE2, the process to set up an Azure cloud provider is different than for RKE1 clusters. Users should refer to the documentation for the new instructions. See #34367 for original issue.
    • Machines vs. Kube Nodes:
      • In previous versions, Rancher only displayed Nodes, but with v2.6, there are the concepts of machines and kube nodes. Kube nodes are the Kubernetes node objects and are only accessible if the Kubernetes API server is running and the cluster is active. Machines are the cluster's machine object which defines what the cluster should be running.
    • Rancher's External IP Webhook:
      • In v1.22, upstream Kubernetes has enabled the admission controller to reject usage of external IPs. As such, the rancher-external-ip-webhook chart that was created as a workaround is no longer needed, and support for it is now capped to Kubernetes v1.21 and below. See #33893.
    • Memory Limit for Legacy Monitoring:
      • The default value of the Prometheus memory limit in the legacy Rancher UI is now 2000Mi to prevent the pod from restarting due to a OOMKill. See #34850.
    • Memory Limit for Monitoring:
      • The default value of the Prometheus memory limit in the new Rancher UI is now 3000Mi to prevent the pod from restarting due to a OOMKill. See #34850.
    • **Snapshot

    Versions

    Please refer to the README for latest and stable versions.

    Please review our version documentation for more details on versioning and tagging conventions.

    Images

    • rancher/rancher:v2.6.9

    Tools

    Kubernetes Versions

    • v1.24.4 (Default)
    • v1.23.10
    • v1.22.13
    • v1.21.14
    • v1.20.15

    Rancher Helm Chart Versions

    Starting in 2.6.0, many of the Rancher Helm charts available in the Apps & Marketplace will start with a major version of 100. This was done to avoid simultaneous upstream changes and Rancher changes from causing conflicting version increments. This also brings us into compliance with semver, which is a requirement for newer versions of Helm. You can now see the upstream version of a chart in the build metadata, for example: 100.0.0+up2.1.0. See #32294.

    Other Notes

    Feature Flags

    Feature flags introduced in 2.6.0 and the Harvester feature flag introduced in 2.6.1 are listed below for reference:

    Feature Flag | Default Value | Description ---|---|--- harvester | true | Used to manage access to the Harvester list page where users can navigate directly to Harvester host clusters and have the ability to import them. fleet| true | The previous fleet feature flag is now required to be enabled as the fleet capabilities are leveraged within the new provisioning framework. If you had this feature flag disabled in earlier versions, upon upgrading to Rancher, the flag will automatically be enabled. gitops | true | If you want to hide the "Continuous Delivery" feature from your users, then please use the newly introduced gitops feature flag, which hides the ability to leverage Continuous Delivery. rke2 | true | Used to enable the ability to provision RKE2 clusters. By default, this feature flag is enabled, which allows users to attempt to provision these type of clusters. legacy | false for new installs, true for upgrades | There are a set of features from previous versions that are slowly being phased out of Rancher for newer iterations of the feature. This is a mix of deprecated features as well as features that will eventually be moved to newer variations in Rancher. By default, this feature flag is disabled for new installations. If you are upgrading from a previous version, this feature flag would be enabled. token-hashing | false | Used to enable new token-hashing feature. Once enabled, existing tokens will be hashed and all new tokens will be hashed automatically using the SHA256 algorithm. Once a token is hashed it cannot be undone. Once this feature flag is enabled it cannot be disabled.

    Experimental Features

    • Dual-stack and IPv6-only support for RKE1 clusters using the Flannel CNI will be experimental starting in v1.23.x. See the upstream Kubernetes docs. Dual-stack is not currently supported on Windows. See #165.

    Deprecated Rancher Features

    • RancherD was introduced as part of Rancher v2.5.4 through v2.5.10 as an experimental feature but is now deprecated. See #33423.

    Deprecated Upstream Projects

    • Microsoft has deprecated the Azure AD Graph API that Rancher had been using for authentication via Azure AD. A configuration update is necessary to make sure users can still use Rancher with Azure AD. See the docs and #29306 for details.

    Legacy Features

    Legacy features are features hidden behind the legacy feature flag, which are various features/functionality of Rancher that was available in previous releases. These are features that Rancher doesn't intend for new users to consume, but if you have been using past versions of Rancher, you'll still want to use this functionality.

    When you first start 2.6, there is a card in the Home page that outlines the location of where these features are now located.

    The deprecated features from v2.5 are now behind the legacy feature flag. Please review our deprecation policy for questions.

    The following legacy features are no longer supported on Kubernetes v1.21+ clusters:

    • Logging
    • CIS Scans
    • Istio 1.5
    • Pipelines

    The following legacy feature is no longer supported past Kubernetes v1.21+ clusters:

    • Monitoring v1

    Known Major Issues

    • Kubernetes Cluster Distributions:
      • RKE:
        • Rotating encryption keys with a custom encryption provider is not supported. See #30539.
        • RKE2:
        • Amazon ECR Private Registries are not functional. See #33920.
        • When provisioning using an RKE2 cluster template, the rootSize for AWS EC2 provisioners does not currently take an integer when it should, and an error is thrown. To work around this issue, wrap the EC2 rootSize in quotes. See Dashboard #3689.
        • RKE2 node driver cluster gets stuck in provisioning state after an upgrade to v2.6.4 and rollback to v2.6.3. See #36859.
        • RKE2 node driver cluster has its nodes redeployed when upgrading Rancher from v2.6.3 to v2.6.4. See #36627.
        • The communication between the ingress controller and the pods doesn't work when you create an RKE2 cluster with Cilium as the CNI and activate project network isolation. See documentation and #34275.
        • Encryption keys may fail to rotate when there are a large number (> 2000) of secrets. See #38283.
        • The system-upgrade-controller Deployment may fail after Monitoring is enabled on an RKE2 v1.23 or v1.24 cluster with Windows nodes. See #38646.
      • RKE2 - Windows:
        • In v2.6.5, v1.21.x of RKE2 will remain experimental and unsupported for RKE2 Windows. End users should not use v1.21.x of RKE2 for any RKE2 cluster that will have Windows worker nodes. This is due to an upstream Calico bug that was not backported to the minor version of Calico (3.19.x) that is present in v1.21.x of RKE2. See #131.
        • CSI Proxy for Windows will now work in an air-gapped environment.
        • NodePorts do not work on Windows Server 2022 in RKE2 clusters due to a Windows kernel bug. See #159.
        • When upgrading Windows nodes in RKE2 clusters via the Rancher UI, Windows worker nodes will require a reboot after the upgrade is completed. See #37645.
      • AKS:
        • When editing or upgrading the AKS cluster, do not make changes from the Azure console or CLI at the same time. These actions must be done separately. See #33561.
        • Windows node pools are not currently supported. See #32586.
        • Azure Container Registry-based Helm charts cannot be added in Cluster Explorer, but do work in the Apps feature of Cluster Manager. Note that when using a Helm chart repository, the disableSameOriginCheck setting controls when credentials are attached to requests. See documentation and #34584 for more information.
      • GKE:
        • Basic authentication must be explicitly disabled in GCP before upgrading a GKE cluster to 1.19+ in Rancher. See #32312.
      • AWS:
        • On RHEL8.4 SELinux in AWS AMI, Kubernetes v1.22 fails to provision on AWS. As Rancher will not install RPMs on the nodes, users may work around this issue either by using AMI with this package already installed, or by installing AMI via cloud-init. Users will encounter this issue on upgrade to v1.22 as well. When upgrading to 1.22, users must manually upgrade/install the rancher-selinux package on all the nodes in the cluster, then upgrade the Kubernetes version. See #36509.
    • Infrastructures:
      • vSphere:
        • PersistentVolumes are unable to mount to custom vSphere hardened clusters using CSI charts. See #35173.
      • Oracle:
        • Kubernetes 1.24 clusters fail to reach an Active state using Oracle Linux 8.4. See #38214.
    • Harvester:
      • Upgrades from Harvester v0.3.0 are not supported.
      • Deploying Fleet to Harvester clusters is not yet supported. Clusters, whether Harvester or non-Harvester, imported using the Virtualization Management page will result in the cluster not being listed on the Continuous Delivery page. See #35049.
    • Cluster Tools:
      • Fleet:
        • Multiple fleet-agent pods may be created and deleted during initial downstream agent deployment; rather than just one. This resolves itself quickly, but is unintentional behavior. See #33293.
      • Hardened clusters:
        • Not all cluster tools can currently be installed on a hardened cluster.
      • Rancher Backup:
        • When migrating to a cluster with the Rancher Backup feature, the server-url cannot be changed to a different location. It must continue to use the same URL.
        • When running a newer version of the rancher-backup app to restore a backup made with an older version of the app, the resourceSet named rancher-resource-set will be restored to an older version that might be different from the one defined in the current running rancher-backup app. The workaround is to edit the rancher-backup app to trigger a reconciliation. See #34495.
        • Because Kubernetes v1.22 drops the apiVersion apiextensions.k8s.io/v1beta1, trying to restore an existing backup file into a v1.22 cluster will fail because the backup file contains CRDs with the apiVersion v1beta1. There are two options to work around this issue: update the default resourceSet to collect the CRDs with the apiVersion v1, or update the default resourceSet and the client to use the new APIs internally. See documentation and #34154.
      • Monitoring:
        • Deploying Monitoring on a Windows cluster with win_prefix_path set requires users to deploy Rancher Wins Upgrader to restart wins on the hosts to start collecting metrics in Prometheus. See #32535.
      • Logging:
        • Windows nodeAgents are not deleted when performing helm upgrade after disabling Windows logging on a Windows cluster. See #32325.
      • Istio Versions:
        • Istio 1.12 and below do not work on Kubernetes 1.23 clusters. To use the Istio charts, please do not update to Kubernetes 1.23 until the next charts' release.
        • Istio 1.5 is not supported in air-gapped environments. Please note that the Istio project has ended support for Istio 1.5.
        • Istio 1.9 support ended on October 8th, 2021.
        • Deprecated resources are not automatically removed and will cause errors during upgrades. Manual steps must be taken to migrate and/or cleanup resources before an upgrade is performed. See #34699.
        • Applications injecting Istio sidecars, fail on SELinux RHEL 8.4 enabled clusters. A temporary workaround for this issue is to run the following command on each cluster node before creating a cluster: mkdir -p /var/run/istio-cni && semanage fcontext -a -t container_file_t /var/run/istio-cni && restorecon -v /var/run/istio-cni. See #33291.
      • Legacy Monitoring:
        • The Grafana instance inside Cluster Manager's Monitoring is not compatible with Kubernetes v1.21. To work around this issue, disable the BoundServiceAccountTokenVolume feature in Kubernetes v1.21 and above. Note that this workaround will be deprecated in Kubernetes v1.22. See #33465.
        • In air gapped setups, the generated rancher-images.txt that is used to mirror images on private registries does not contain the images required to run Legacy Monitoring which is compatible with Kubernetes v1.15 clusters. If you are running Kubernetes v1.15 clusters in an air gapped environment, and you want to either install Legacy Monitoring or upgrade Legacy Monitoring to the latest that is offered by Rancher for Kubernetes v1.15 clusters, you will need to take one of the following actions:
          • Upgrade the Kubernetes version so that you can use v0.2.x of the Monitoring application Helm chart.
          • Manually import the necessary images into your private registry for the Monitoring application to use.
        • When deploying any downstream cluster, Rancher logs errors that seem to be related to Monitoring even when Monitoring is not installed onto either cluster; specifically, Rancher logs that it failed on subscribe to the Prometheus CRs in the cluster because it is unable to get the resource prometheus.meta.k8s.io. These logs appear in a similar fashion for other Prometheus CRs (namely Alertmanager, ServiceMonitors, and PrometheusRules), but do not seem to cause any other major impact in functionality. See #32978.
        • Legacy Monitoring does not support Kubernetes v1.22 due to the feature-gates flag no longer being supported. See #35574.
        • After performing an upgrade to Rancher v2.6.3 from v2.6.2, the Legacy Monitoring custom metric endpoint stops working. To work around this issue, delete the service that is being targeted by the servicemonitor and allow it to be recreated; this will reload the pods that need to be targeted on a service sync. See #35790.
    • Docker Installations:
      • UI issues may occur due to a longer startup time. User will receive an error message when launching Docker for the first time #28800, and user is directed to username/password screen when accessing the UI after a Docker install of Rancher. See #28798.
      • On a Docker install upgrade and rollback, Rancher logs will repeatedly display the messages "Updating workload ingress-nginx/nginx-ingress-controller" and "Updating service frontend with public endpoints". Ingresses and clusters are functional and active, and logs resolve eventually. See #35798.
      • Rancher single node wont start on Apple M1 devices with Docker Desktop 4.3.0 or newer. See #35930.
    • Rancher UI:
      • After installing an app from a partner chart repo, the partner chart will upgrade to feature charts if the chart also exists in the feature charts default repo. See #5655.
      • In some instances under Users and Authentication, no users are listed and clicking Create to create a new user does not display the entire form. To work around this when encountered, perform a hard refresh to be able to log back in. See #37531.
      • Deployment securityContext section is missing when a new workload is created. This prevents pods from starting when Pod Security Policy Support is enabled. See #4815.
    • Legacy UI:
      • When using the Rancher v2.6 UI to add a new port of type ClusterIP to an existing Deployment created using the legacy UI, the new port will not be created upon saving. To work around this issue, repeat the procedure to add the port again. Users will notice the Service Type field will display as Do not create a service. Change this to ClusterIP and upon saving, the new port will be created successfully during this subsequent attempt. See #4280.
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(741 bytes)
    rancher-data.json(3.50 MB)
    rancher-images-digests-linux-amd64.txt(66.69 KB)
    rancher-images-digests-linux-arm64.txt(49.84 KB)
    rancher-images-digests-linux-s390x.txt(48.66 KB)
    rancher-images-digests-windows-1809.txt(1.79 KB)
    rancher-images-digests-windows-ltsc2022.txt(1.72 KB)
    rancher-images-sources.txt(32.77 KB)
    rancher-images.txt(23.59 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(863 bytes)
    rancher-mirror-to-rancher-org.sh(29.94 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(139 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(941 bytes)
    rancher-windows-images.txt(623 bytes)
    sha256sum.txt(1.31 KB)
  • v2.6.9-rc6(Oct 17, 2022)

    Images with -rc

    rancher/rancher v2.6.9-rc6 rancher/rancher-agent v2.6.9-rc6 rancher/rancher-runtime v2.6.9-rc6

    Components with -rc

    Min version components with -rc

    RKE Kubernetes versions

    v1.18.20-rancher1-3 v1.19.16-rancher2-1 v1.20.15-rancher2-2 v1.21.14-rancher1-1 v1.22.13-rancher1-1 v1.23.10-rancher1-1 v1.24.4-rancher1-1

    Chart/KDM sources

    • SYSTEM_CHART_DEFAULT_BRANCH: release-v2.6 (scripts/package)
    • CHART_DEFAULT_BRANCH: release-v2.6 (scripts/package)
    • SYSTEM_CHART_DEFAULT_BRANCH: release-v2.6 (package/Dockerfile)
    • CHART_DEFAULT_BRANCH: release-v2.6 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: release-v2.6 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: release-v2.6 (Dockerfile.dapper)
    • KDMBranch: release-v2.6 (pkg/settings/setting.go)
    • ChartDefaultBranch: release-v2.6 (pkg/settings/setting.go)
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(835 bytes)
    rancher-data.json(3.50 MB)
    rancher-images-digests-linux-amd64.txt(66.70 KB)
    rancher-images-digests-linux-arm64.txt(49.85 KB)
    rancher-images-digests-linux-s390x.txt(48.68 KB)
    rancher-images-digests-windows-1809.txt(1.79 KB)
    rancher-images-digests-windows-ltsc2022.txt(1.79 KB)
    rancher-images-sources.txt(32.78 KB)
    rancher-images.txt(23.60 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(867 bytes)
    rancher-mirror-to-rancher-org.sh(29.95 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(139 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(945 bytes)
    rancher-windows-images.txt(627 bytes)
    sha256sum.txt(1.31 KB)
  • v2.6.9-rc5(Oct 14, 2022)

    Images with -rc

    rancher/rancher v2.6.9-rc5 rancher/rancher-agent v2.6.9-rc5 rancher/rancher-runtime v2.6.9-rc5

    Components with -rc

    Min version components with -rc

    RKE Kubernetes versions

    v1.18.20-rancher1-3 v1.19.16-rancher2-1 v1.20.15-rancher2-2 v1.21.14-rancher1-1 v1.22.13-rancher1-1 v1.23.10-rancher1-1 v1.24.4-rancher1-1

    Chart/KDM sources

    • SYSTEM_CHART_DEFAULT_BRANCH: release-v2.6 (scripts/package)
    • CHART_DEFAULT_BRANCH: release-v2.6 (scripts/package)
    • SYSTEM_CHART_DEFAULT_BRANCH: release-v2.6 (package/Dockerfile)
    • CHART_DEFAULT_BRANCH: release-v2.6 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: release-v2.6 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: release-v2.6 (Dockerfile.dapper)
    • KDMBranch: release-v2.6 (pkg/settings/setting.go)
    • ChartDefaultBranch: release-v2.6 (pkg/settings/setting.go)
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(835 bytes)
    rancher-data.json(3.50 MB)
    rancher-images-digests-linux-amd64.txt(66.50 KB)
    rancher-images-digests-linux-arm64.txt(49.72 KB)
    rancher-images-digests-linux-s390x.txt(48.68 KB)
    rancher-images-digests-windows-1809.txt(1.72 KB)
    rancher-images-digests-windows-ltsc2022.txt(1.72 KB)
    rancher-images-sources.txt(32.78 KB)
    rancher-images.txt(23.60 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(867 bytes)
    rancher-mirror-to-rancher-org.sh(29.95 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(139 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(945 bytes)
    rancher-windows-images.txt(627 bytes)
    sha256sum.txt(1.31 KB)
  • v2.6.9-rc4(Oct 12, 2022)

    Images with -rc

    rancher/aks-operator v1.0.7-rc1 rancher/backup-restore-operator v2.1.4-rc1 rancher/eks-operator v1.1.5-rc1 rancher/fleet v0.4.0-rc3 rancher/fleet-agent v0.4.0-rc3 rancher/rancher v2.6.9-rc4 rancher/rancher-agent v2.6.9-rc4 rancher/rancher-runtime v2.6.9-rc4 rancher/rancher-webhook v0.2.7-rc4

    Components with -rc

    CLI_VERSION v2.6.9-rc1 DASHBOARD_UI_VERSION v2.6.9-rc4 UI_VERSION 2.6.9-rc4 AKS-OPERATOR v1.0.7-rc1 EKS-OPERATOR v1.1.5-rc1 RKE v1.3.15-rc2

    Min version components with -rc

    FLEET_MIN_VERSION 100.1.0+up0.4.0-rc3 RANCHER_WEBHOOK_MIN_VERSION 1.0.6+up0.2.7-rc4

    RKE Kubernetes versions

    v1.18.20-rancher1-3 v1.19.16-rancher2-1 v1.20.15-rancher2-2 v1.21.14-rancher1-1 v1.22.13-rancher1-1 v1.23.10-rancher1-1 v1.24.4-rancher1-1

    Chart/KDM sources

    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.6 (scripts/package)
    • CHART_DEFAULT_BRANCH: dev-v2.6 (scripts/package)
    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.6 (package/Dockerfile)
    • CHART_DEFAULT_BRANCH: dev-v2.6 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.6 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.6 (Dockerfile.dapper)
    • KDMBranch: dev-v2.6 (pkg/settings/setting.go)
    • ChartDefaultBranch: dev-v2.6 (pkg/settings/setting.go)
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(1.19 KB)
    rancher-data.json(3.50 MB)
    rancher-images-digests-linux-amd64.txt(66.73 KB)
    rancher-images-digests-linux-arm64.txt(49.88 KB)
    rancher-images-digests-linux-s390x.txt(48.70 KB)
    rancher-images-digests-windows-1809.txt(1.80 KB)
    rancher-images-digests-windows-ltsc2022.txt(1.80 KB)
    rancher-images-sources.txt(32.85 KB)
    rancher-images.txt(23.62 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(871 bytes)
    rancher-mirror-to-rancher-org.sh(29.97 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(139 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(953 bytes)
    rancher-windows-images.txt(631 bytes)
    sha256sum.txt(1.31 KB)
  • v2.7.0-rc3(Oct 1, 2022)

    Images with -rc

    rancher/aks-operator v1.0.7-rc1 rancher/backup-restore-operator v3.0.0-rc1 rancher/cis-operator v1.0.10-rc2 rancher/eks-operator v1.1.5-rc1 rancher/fleet v0.5.0-rc2 rancher/fleet-agent v0.5.0-rc2 rancher/rancher v2.7.0-rc3 rancher/rancher-agent v2.7.0-rc3 rancher/rancher-csp-adapter v2.0.0-rc1 rancher/rancher-runtime v2.7.0-rc3 rancher/rancher-webhook v0.3.0-rc3 rancher/security-scan v0.2.9-rc3 rancher/ui-plugin-operator v0.1.0-rc2

    Components with -rc

    CLI_VERSION v2.7.0-rc1 DASHBOARD_UI_VERSION v2.7.0-rc3 UI_VERSION 2.7.0-rc3 AKS-OPERATOR v1.0.7-rc1 EKS-OPERATOR v1.1.5-rc1 RKE v1.4.0-rc1

    Min version components with -rc

    CSP_ADAPTER_MIN_VERSION 2.0.0+up2.0.0-rc1 FLEET_MIN_VERSION 101.0.0+up0.5.0-rc2 RANCHER_WEBHOOK_MIN_VERSION 2.0.0+up0.3.0-rc3

    RKE Kubernetes versions

    v1.19.16-rancher2-1 v1.20.15-rancher2-2 v1.21.14-rancher1-1 v1.22.15-rancher1-1 v1.23.12-rancher1-1 v1.24.6-rancher1-1

    Chart/KDM sources

    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.7 (scripts/package)
    • CHART_DEFAULT_BRANCH: dev-v2.7 (scripts/package)
    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.7 (package/Dockerfile)
    • CHART_DEFAULT_BRANCH: dev-v2.7 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.7 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.7 (Dockerfile.dapper)
    • KDMBranch: dev-v2.7 (pkg/settings/setting.go)
    • ChartDefaultBranch: dev-v2.7 (pkg/settings/setting.go)
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(1.35 KB)
    rancher-data.json(3.52 MB)
    rancher-images-digests-linux-amd64.txt(42.58 KB)
    rancher-images-digests-linux-arm64.txt(32.73 KB)
    rancher-images-digests-linux-s390x.txt(32.45 KB)
    rancher-images-digests-windows-1809.txt(1.65 KB)
    rancher-images-digests-windows-ltsc2022.txt(1.65 KB)
    rancher-images-sources.txt(22.39 KB)
    rancher-images.txt(15.23 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(785 bytes)
    rancher-mirror-to-rancher-org.sh(19.29 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(119 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(877 bytes)
    rancher-windows-images.txt(569 bytes)
    sha256sum.txt(1.31 KB)
  • v2.6.9-rc3(Sep 29, 2022)

    Images with -rc

    rancher/aks-operator v1.0.7-rc1 rancher/backup-restore-operator v2.1.4-rc1 rancher/eks-operator v1.1.5-rc1 rancher/fleet v0.4.0-rc3 rancher/fleet-agent v0.4.0-rc3 rancher/rancher v2.6.9-rc3 rancher/rancher-agent v2.6.9-rc3 rancher/rancher-runtime v2.6.9-rc3 rancher/rancher-webhook v0.2.7-rc4

    Components with -rc

    CLI_VERSION v2.6.9-rc1 DASHBOARD_UI_VERSION v2.6.9-rc3 UI_VERSION 2.6.9-rc3 AKS-OPERATOR v1.0.7-rc1 EKS-OPERATOR v1.1.5-rc1 RKE v1.3.15-rc2

    Min version components with -rc

    FLEET_MIN_VERSION 100.1.0+up0.4.0-rc3 RANCHER_WEBHOOK_MIN_VERSION 1.0.6+up0.2.7-rc4

    RKE Kubernetes versions

    v1.18.20-rancher1-3 v1.19.16-rancher2-1 v1.20.15-rancher2-2 v1.21.14-rancher1-1 v1.22.13-rancher1-1 v1.23.10-rancher1-1 v1.24.4-rancher1-1

    Chart/KDM sources

    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.6 (scripts/package)
    • CHART_DEFAULT_BRANCH: dev-v2.6 (scripts/package)
    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.6 (package/Dockerfile)
    • CHART_DEFAULT_BRANCH: dev-v2.6 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.6 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.6 (Dockerfile.dapper)
    • KDMBranch: dev-v2.6 (pkg/settings/setting.go)
    • ChartDefaultBranch: dev-v2.6 (pkg/settings/setting.go)
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(1.19 KB)
    rancher-data.json(3.50 MB)
    rancher-images-digests-linux-amd64.txt(66.73 KB)
    rancher-images-digests-linux-arm64.txt(49.88 KB)
    rancher-images-digests-linux-s390x.txt(48.70 KB)
    rancher-images-digests-windows-1809.txt(1.80 KB)
    rancher-images-digests-windows-ltsc2022.txt(1.80 KB)
    rancher-images-sources.txt(32.85 KB)
    rancher-images.txt(23.62 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(871 bytes)
    rancher-mirror-to-rancher-org.sh(29.97 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(139 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(953 bytes)
    rancher-windows-images.txt(631 bytes)
    sha256sum.txt(1.31 KB)
  • v2.7.0-rc2(Sep 28, 2022)

    Images with -rc

    rancher/aks-operator v1.0.7-rc1 rancher/backup-restore-operator v3.0.0-rc1 rancher/cis-operator v1.0.10-rc2 rancher/eks-operator v1.1.5-rc1 rancher/fleet v0.5.0-rc2 rancher/fleet-agent v0.5.0-rc2 rancher/rancher v2.7.0-rc2 rancher/rancher-agent v2.7.0-rc2 rancher/rancher-csp-adapter v2.0.0-rc1 rancher/rancher-runtime v2.7.0-rc2 rancher/rancher-webhook v0.3.0-rc2 rancher/security-scan v0.2.9-rc3 rancher/ui-plugin-operator v0.1.0-rc2

    Components with -rc

    CLI_VERSION v2.7.0-rc1 DASHBOARD_UI_VERSION v2.7.0-rc2 UI_VERSION 2.7.0-rc2 AKS-OPERATOR v1.0.7-rc1 EKS-OPERATOR v1.1.5-rc1 RKE v1.4.0-rc1

    Min version components with -rc

    CSP_ADAPTER_MIN_VERSION 2.0.0+up2.0.0-rc1 FLEET_MIN_VERSION 101.0.0+up0.5.0-rc2 RANCHER_WEBHOOK_MIN_VERSION 2.0.0+up0.3.0-rc2

    RKE Kubernetes versions

    v1.19.16-rancher2-1 v1.20.15-rancher2-2 v1.21.14-rancher1-1 v1.22.15-rancher1-1 v1.23.12-rancher1-1 v1.24.6-rancher1-1

    Chart/KDM sources

    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.7 (scripts/package)
    • CHART_DEFAULT_BRANCH: dev-v2.7 (scripts/package)
    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.7 (package/Dockerfile)
    • CHART_DEFAULT_BRANCH: dev-v2.7 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.7 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.7 (Dockerfile.dapper)
    • KDMBranch: dev-v2.7 (pkg/settings/setting.go)
    • ChartDefaultBranch: dev-v2.7 (pkg/settings/setting.go)
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(1.35 KB)
    rancher-data.json(3.51 MB)
    rancher-images-digests-linux-amd64.txt(41.75 KB)
    rancher-images-digests-linux-arm64.txt(32.11 KB)
    rancher-images-digests-linux-s390x.txt(31.63 KB)
    rancher-images-digests-windows-1809.txt(1.65 KB)
    rancher-images-digests-windows-ltsc2022.txt(1.65 KB)
    rancher-images-sources.txt(21.97 KB)
    rancher-images.txt(14.90 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(785 bytes)
    rancher-mirror-to-rancher-org.sh(18.87 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(119 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(877 bytes)
    rancher-windows-images.txt(569 bytes)
    sha256sum.txt(1.31 KB)
  • v2.6.9-rc2(Sep 27, 2022)

    Images with -rc

    rancher/aks-operator v1.0.7-rc1 rancher/backup-restore-operator v2.1.4-rc1 rancher/eks-operator v1.1.5-rc1 rancher/fleet v0.4.0-rc3 rancher/fleet-agent v0.4.0-rc3 rancher/rancher v2.6.9-rc2 rancher/rancher-agent v2.6.9-rc2 rancher/rancher-runtime v2.6.9-rc2 rancher/rancher-webhook v0.2.7-rc4

    Components with -rc

    CLI_VERSION v2.6.9-rc1 DASHBOARD_UI_VERSION v2.6.9-rc2 UI_VERSION 2.6.9-rc2 AKS-OPERATOR v1.0.7-rc1 EKS-OPERATOR v1.1.5-rc1 RKE v1.3.15-rc2

    Min version components with -rc

    FLEET_MIN_VERSION 100.1.0+up0.4.0-rc3 RANCHER_WEBHOOK_MIN_VERSION 1.0.6+up0.2.7-rc4

    RKE Kubernetes versions

    v1.18.20-rancher1-3 v1.19.16-rancher2-1 v1.20.15-rancher2-2 v1.21.14-rancher1-1 v1.22.13-rancher1-1 v1.23.10-rancher1-1 v1.24.4-rancher1-1

    Chart/KDM sources

    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.6 (scripts/package)
    • CHART_DEFAULT_BRANCH: dev-v2.6 (scripts/package)
    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.6 (package/Dockerfile)
    • CHART_DEFAULT_BRANCH: dev-v2.6 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.6 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.6 (Dockerfile.dapper)
    • KDMBranch: dev-v2.6 (pkg/settings/setting.go)
    • ChartDefaultBranch: dev-v2.6 (pkg/settings/setting.go)
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(1.19 KB)
    rancher-data.json(3.50 MB)
    rancher-images-digests-linux-amd64.txt(65.47 KB)
    rancher-images-digests-linux-arm64.txt(48.83 KB)
    rancher-images-digests-linux-s390x.txt(47.72 KB)
    rancher-images-digests-windows-1809.txt(1.80 KB)
    rancher-images-digests-windows-ltsc2022.txt(1.80 KB)
    rancher-images-sources.txt(32.14 KB)
    rancher-images.txt(23.17 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(870 bytes)
    rancher-mirror-to-rancher-org.sh(29.40 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(139 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(952 bytes)
    rancher-windows-images.txt(630 bytes)
    sha256sum.txt(1.31 KB)
  • v2.7.0-rc1(Sep 22, 2022)

    Images with -rc

    rancher/rancher v2.7.0-rc1 rancher/rancher-agent v2.7.0-rc1 rancher/rancher-runtime v2.7.0-rc1 rancher/rancher-webhook v0.3.0-rc2 rancher/security-scan v0.2.9-rc1 rancher/ui-plugin-operator v0.1.0-rc1

    Components with -rc

    CLI_VERSION v2.7.0-rc1 DASHBOARD_UI_VERSION v2.7.0-rc1 UI_VERSION 2.6.9-rc1 AKS-OPERATOR v1.0.7-rc1 EKS-OPERATOR v1.1.5-rc1 RKE v1.4.0-rc1

    Min version components with -rc

    RANCHER_WEBHOOK_MIN_VERSION 2.0.0+up0.3.0-rc2

    RKE Kubernetes versions

    v1.19.16-rancher2-1 v1.20.15-rancher2-2 v1.21.14-rancher1-1 v1.22.13-rancher1-1 v1.23.10-rancher1-1 v1.24.4-rancher1-1

    Chart/KDM sources

    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.7 (scripts/package)
    • CHART_DEFAULT_BRANCH: dev-v2.7 (scripts/package)
    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.7 (package/Dockerfile)
    • CHART_DEFAULT_BRANCH: dev-v2.7 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.7 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.7 (Dockerfile.dapper)
    • KDMBranch: dev-v2.7 (pkg/settings/setting.go)
    • ChartDefaultBranch: dev-v2.7 (pkg/settings/setting.go)
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(1.04 KB)
    rancher-data.json(3.50 MB)
    rancher-images-digests-linux-amd64.txt(32.97 KB)
    rancher-images-digests-linux-arm64.txt(25.62 KB)
    rancher-images-digests-linux-s390x.txt(25.00 KB)
    rancher-images-digests-windows-1809.txt(1.57 KB)
    rancher-images-digests-windows-ltsc2022.txt(1.57 KB)
    rancher-images-sources.txt(17.91 KB)
    rancher-images.txt(11.67 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(781 bytes)
    rancher-mirror-to-rancher-org.sh(14.81 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(119 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(870 bytes)
    rancher-windows-images.txt(565 bytes)
    sha256sum.txt(1.31 KB)
  • v2.6.9-rc1(Sep 19, 2022)

    Images with -rc

    rancher/aks-operator v1.0.7-rc1 rancher/backup-restore-operator v2.1.4-rc1 rancher/eks-operator v1.1.5-rc1 rancher/fleet v0.4.0-rc3 rancher/fleet-agent v0.4.0-rc3 rancher/rancher v2.6.9-rc1 rancher/rancher-agent v2.6.9-rc1 rancher/rancher-runtime v2.6.9-rc1 rancher/rancher-webhook v0.2.7-rc4

    Components with -rc

    CLI_VERSION v2.6.9-rc1 DASHBOARD_UI_VERSION v2.6.9-rc1 UI_VERSION 2.6.9-rc1 AKS-OPERATOR v1.0.7-rc1 EKS-OPERATOR v1.1.5-rc1 RKE v1.3.15-rc2

    Min version components with -rc

    FLEET_MIN_VERSION 100.1.0+up0.4.0-rc3 RANCHER_WEBHOOK_MIN_VERSION 1.0.6+up0.2.7-rc4

    RKE Kubernetes versions

    v1.18.20-rancher1-3 v1.19.16-rancher2-1 v1.20.15-rancher2-2 v1.21.14-rancher1-1 v1.22.13-rancher1-1 v1.23.10-rancher1-1 v1.24.4-rancher1-1

    Chart/KDM sources

    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.6 (scripts/package)
    • CHART_DEFAULT_BRANCH: dev-v2.6 (scripts/package)
    • SYSTEM_CHART_DEFAULT_BRANCH: dev-v2.6 (package/Dockerfile)
    • CHART_DEFAULT_BRANCH: dev-v2.6 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.6 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: dev-v2.6 (Dockerfile.dapper)
    • KDMBranch: dev-v2.6 (pkg/settings/setting.go)
    • ChartDefaultBranch: dev-v2.6 (pkg/settings/setting.go)
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(1.19 KB)
    rancher-data.json(3.50 MB)
    rancher-images-digests-linux-amd64.txt(65.47 KB)
    rancher-images-digests-linux-arm64.txt(48.83 KB)
    rancher-images-digests-linux-s390x.txt(47.72 KB)
    rancher-images-digests-windows-1809.txt(1.80 KB)
    rancher-images-digests-windows-ltsc2022.txt(1.80 KB)
    rancher-images-sources.txt(32.14 KB)
    rancher-images.txt(23.17 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(870 bytes)
    rancher-mirror-to-rancher-org.sh(29.40 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(139 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(952 bytes)
    rancher-windows-images.txt(630 bytes)
    sha256sum.txt(1.31 KB)
  • v2.6.8-patch1(Sep 2, 2022)

    Images with -rc

    Components with -rc

    Min version components with -rc

    RKE Kubernetes versions

    v1.18.20-rancher1-3 v1.19.16-rancher1-6 v1.20.15-rancher2-2 v1.21.14-rancher1-1 v1.22.11-rancher1-1 v1.23.8-rancher1-1 v1.24.2-rancher1-1

    Chart/KDM sources

    • SYSTEM_CHART_DEFAULT_BRANCH: release-v2.6 (scripts/package)
    • CHART_DEFAULT_BRANCH: release-v2.6 (scripts/package)
    • SYSTEM_CHART_DEFAULT_BRANCH: release-v2.6 (package/Dockerfile)
    • CHART_DEFAULT_BRANCH: release-v2.6 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: release-v2.6 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: release-v2.6 (Dockerfile.dapper)
    • KDMBranch: release-v2.6 (pkg/settings/setting.go)
    • ChartDefaultBranch: release-v2.6 (pkg/settings/setting.go)
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(740 bytes)
    rancher-data.json(3.47 MB)
    rancher-images-digests-linux-amd64.txt(62.27 KB)
    rancher-images-digests-linux-arm64.txt(46.67 KB)
    rancher-images-digests-linux-s390x.txt(44.94 KB)
    rancher-images-digests-windows-1809.txt(2.07 KB)
    rancher-images-digests-windows-ltsc2022.txt(2.07 KB)
    rancher-images-sources.txt(30.62 KB)
    rancher-images.txt(21.95 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(869 bytes)
    rancher-mirror-to-rancher-org.sh(27.89 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(138 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(948 bytes)
    rancher-windows-images.txt(629 bytes)
    sha256sum.txt(1.31 KB)
  • v2.6.8(Aug 30, 2022)

    Release v2.6.8

    Rancher v2.6.8 is a mirror release of v2.6.7 to address the following issues:

    Major Bug Fixes

    • Fleet bundle pruning was too aggressive when GitJobs had multiple paths. This situation can lead to data loss. Note that this data loss only affects applications deployed through Fleet, including Longhorn. This has been fixed. Update to v2.6.8 or later to prevent potential data loss. See #933 for more details on the fix.
    • Fixed an issue in which custom branding, color, and theme in Rancher Manager v2.6.7 was not correctly applied in the UI. See #6704 for more details.

    Known Issue in RKE

    • RKE v1.3.10-v1.3.13 in Rancher v2.6.7-v2.6.8 removes user addons during an upgrade before redeploying them. This causes issues with RKE1 cluster upgrades if user addons template has cattle-* or other system namespaces. See #38749 for more details.
    • High CPU usage is observed on RKE1 v1.24.x clusters. Cluster could be a fresh installation or upgraded to v1.24.x. See #38816.

    Known Issue in GKE

    • Provisioning K8s 1.23+ GKE clusters with the default option of "Container-Optimized OS with Docker" for "Image Type" fails due to GKE no longer supporting Docker-based images per GKE documentation. Please use containerd-based images instead. See #38743.

    It is important to review the Install/Upgrade Notes below before upgrading to any Rancher version.

    In Rancher v2.6.4, the cluster-api module has been upgraded from v0.4.4 to v1.0.2 in which the apiVersion of CAPI CRDs are upgraded from cluster.x-k8s.io/v1alpha4 to cluster.x-k8s.io/v1beta1. This has the effect of causing rollbacks from Rancher v2.6.4 to any previous version of Rancher v2.6.x to fail because the previous version the CRDs needed to roll back are no longer available in v1beta1. To avoid this, the Rancher resource cleanup script should be run before the restore or rollback is attempted. This script can be found in the rancherlabs/support-tools repo and the usage of the script can be found in the backup-restore operator docs. In addition, when users roll back Rancher on the same cluster using the Rancher Backup and Restore app in 2.6.4+, the updated steps to create the Restore Custom Resource must be followed. See also #36803 for more details.

    Security Fixes for Rancher Vulnerabilities

    This release addresses three critical severity security issues found in Rancher:

    • Fixed an issue where sensitive fields like passwords, API keys, and Rancher's service account token were stored as plaintext on Kubernetes objects. Any user with read access to those objects in the Kubernetes API could retrieve the plaintext version of those sensitive data. For more information, see CVE-2021-36782.

    • Improved the sanitization (removal) of credentials from cluster template answers. Failure to sanitize data can lead to plaintext storage and exposure of credentials, passwords, and API tokens. For more information, see CVE-2021-36783.

    • Fixed an authorization logic flaw that allowed privilege escalation in downstream clusters through cluster role template binding (CRTB) and project role template binding (PRTB). For more information, see CVE-2022-31247.

    For more details, see the Security Advisories page.

    Features and Enhancements

    Azure Active Directory API Migration

    Microsoft has deprecated the Azure AD Graph API that Rancher had been using for authentication via Azure AD. A configuration update is necessary to make sure users can still use Rancher with Azure AD. See the docs and #29306 for details.

    • Limitations
      • Attempts to log in will fail after rolling back a Docker install of Rancher if the following conditions have occurred:

        • Azure AD is enabled.
        • Before the rollback, admins committed to the Azure AD configuration update.

        This is because the Azure AD endpoints will not be rolled back if the rollback is not performed via the backup-restore operator. If you want to roll back Rancher to use the old Azure AD Graph API without using the backup-restore operator, follow this workaround to edit the AzureAD authconfig resource stored in the local cluster's database. The old Azure AD Graph API endpoints will not be rolled back on a Rancher rollback. See #38025.

    • Other
      • Multi-factor authentication (MFA) now works with the Azure AD auth provider. Some Rancher setups might have had MFA enabled in Azure from before, but Rancher wasn't working with it correctly. Be aware that on upgrade, if MFA is enabled for the Azure app, Rancher will require additional verification. See #38028.
      • Before starting the migration process or enabling Azure AD for the first time in v2.6.7+, ensure that you add the Azure app registration's permissions of type Application and NOT Delegated for Microsoft Graph. Otherwise, you may not be able to login to Azure AD. This issue will persist even after you disable/re-enable Azure AD and will require an hour wait, or manual deletion of a cache value to resolve.

    Integration with Cloud Marketplaces

    Rancher v2.6.7 introduces an integration allowing users to easily purchase support through the AWS marketplace for installation hosted on AWS/EKS. You must be running Rancher v2.6.7 or higher and have set up Rancher and it's local cluster according to the prerequisites.

    For details about the integration, refer to the Rancher documentation and #37495.

    Note: If users are using the csp-adapter and the rancher backup-restore operator, they will need to upgrade the backup-restore operator to the latest version (v2.1.3) in order to ensure that the applications work together.

    New in Rancher

    • Support for Kubernetes v1.24 added.
    • Support has ended for Kubernetes v1.18 and v1.19.
    • Increased entropy of CSRF (cross-site request forgery) token. See #14 and #414
    • Starting in v2.6.0, whenever a user requests a kubeconfig file, Rancher creates a newly-generated token instead of retrieving the old one. The token TTL is not configurable on these tokens, causing token cleanup to be a manual process. We've now added a new setting to allow users to change the TTL on kubeconfig tokens called kubeconfig-default-token-TTL-minutes. This setting has a default value of 0 to retain default behavior between Rancher versions. Rancher recommends that admins change this setting from its default to prevent unbound token creation. Note that this setting only applies to tokens generated for kubeconfigs when kubeconfig-generate-tokens is true, which is the default. When kubeconfig-generate-tokens is false, kubeconfig-token-ttl-minutes will be used for token TTL. This behavior is the same as previous versions of Rancher. The kubeconfig-token-ttl-minutes setting is now deprecated in favor of using kubeconfig-default-token-TTL-minutes in the future. See #37705.
    • The Rancher chart now exposes the ingress.ingressClassName value, which allows setting the name of the ingress controller to be used with Rancher's Ingress resource. This is relevant for Rancher clusters created with a provider other than RKE, since RKE automatically sets nginx as the ingress class name. By default, the value is an empty string because Rancher does not make assumptions about the type of ingress controller that runs in Rancher (nginx, Traefik, etc.). See #37971.
    • Behavior Changes
      • The Kubernetes team has observed an increase in memory usage with Kubernetes v1.24. See the upstream changelog for details.
      • All Kubernetes 1.24 clusters will have cri-dockerd enabled by default which includes new and upgraded clusters. Users can apply the io.cattle.cluster.cridockerd.enable annotation on a cluster, and the annotation will override the default behavior. If the annotation is set to false and enable_cri_dockerd is set to true, the annotation will override the field/flag behavior and enable_cri_dockerd will be updated to false. Clusters will not provision correctly if cri-dockerd is disabled; this is expected unless a proper Docker runtime is provided. See #38160.

    New in RKE1

    • Resolved an issue for RKE clusters that prevented specifying more than one private registry in the YAML configuration. See #37658.
    • Windows
      • Important: RKE1 Support for Windows will stop on September 1st 2022 due to upstream changes. See this article for more details.
      • A warning message has been added to inform users that Windows support is being deprecated for RKE1. See #5995.

    New in RKE2

    • New encryption key rotation feature added. See the docs and #35436.
    • Windows
      • HostProcess containers are now supported in Kubernetes v1.24.1 and up. See #69.
    • Behavior Changes
      • After an upgrade to Rancher v2.6.7, RKE2 provisioned clusters will briefly go into an Updating state with the message waiting for plan to be applied. This behavior is expected and has no adverse effects. See #38353.
    • Known Issues
      • Encryption keys may fail to rotate when there are a large number (> 2000) of secrets. See #38283.
      • Users running RHEL/CentOS 7 should not install or upgrade to K3s/RKE2 v1.24.2 or v1.24.3 but should instead wait for K3s/RKE2 v1.24.4 to do so. See #5912.
      • The system-upgrade-controller Deployment may fail after Monitoring is enabled on an RKE2 v1.23 or v1.24 cluster with Windows nodes. See 38646.

    New in the Rancher UI

    • Removed monitoring dashboard "Rancher Internal State (Controllers)". Most functionality from this dashboard has been replaced and can be found in the dashboard "Rancher Performance Debugging". See #37274.
    • ProjectHelmCharts has been added as a selectable resource from the helm.cattle.io API group when creating a new project/namespace role. See #5747.
    • Added a Diagnostics page to allow users to gather data from their systems to append to any issues filed for Rancher. The Diagnostics page is accessible via the About page. See #6544.
    • The Deployment creation screen has been improved and a new Pod creation view has been added. See #5734.
    • When viewing the details of a GitRepo through Fleet, users can now get a graphical representation of the bundle deployments that came from that GitRepo. See #4680.
    • Behavior Changes
      • Project owners and project members will no longer be able to see namespaces outside of the project(s) they have access to. This is to prevent a bad user experience, where some users could see namespaces that they could not use.
      • Project owners and project members will now be required to delete namespaces within a project when deleting the project. This is to prevent a situation where they would essentially be creating orphaned namespaces, which they would lose access to when they delete the project.

    Major Bug Fixes

    • User Preferences set by a drop-down component will now be applied correctly. Previously, updating a user preference in this manner would cause adverse effects such as the inability to view logs or the setting not taking effect. See #5984.
    • Prior to v2.6.7, if S3 or other kinds of credentials were added to a cluster after it was already created, the reference to the secret containing the credentials was lost because the cluster status cannot be updated through the API. The references are now moved to the cluster Spec so that they can be updated after creation. To repair a cluster after a upgrade to v2.6.7, edit the cluster and change the etcd snapshot configuration back to local and save it, then edit again to configure S3 snapshots again. See #38215.
    • Certificates with a CN exceeding 64 characters will not cause an error. See #37766.
    • If the creation of the impersonation ClusterRoleBinding is interfered with or interrupted, users can now access the downstream cluster without experiencing unauthorized errors. See #37733.
    • Resolved an issue where users that existed since Rancher v2.6.2 or earlier may start experiencing authorization errors upon upgrade to Rancher v2.6.5 when using kubectl with a downloaded kubeconfig for a downstream cluster. See #37894.
    • Users with the role 'Cluster Owners' who are not also 'Admins' are now able to manage snapshots on RKE2 clusters. See #37630.
    • A bug was found that overloaded the downstream Kubernetes API server when the Cluster Explorer dashboard is left open to a page for a downstream cluster for over 30 minutes and would start rapidly opening and closing watch requests perpetually. See #37627.
    • Rancher server now generates a new token every time a kubeconfig is requested via the CLI. This token is then cached by the CLI on the local system and will not cause previously created tokens to become invalid. See #37245.
    • Windows installation scripts are now successfully retrieved in proxied RKE2 downstream clusters. See #36574.
    • The istiod-istio-system ValidatingWebhookConfiguration has been removed to allow Istio 1.11.x and higher to be installed in air-gapped environments. See #35742.
    • Most API responses now set response headers to include Cache-Control: no-store which directs intermediate caches not to cache the response. Previously, some intermediate caches between the Rancher server and clients, including cluster agents, were configured to cache responses for the purpose of scalability and improved response time. In some cases this led to stale data getting inadvertently cached which would disrupt deployment of downstream clusters. See #35199.
    • Project resource quotas are now correctly removed when deleted through the UI. See #35688.

    Install/Upgrade Notes

    • If you are installing Rancher for the first time, your environment must fulfill the installation requirements.
    • The namespace where the local Fleet agent runs has been changed to cattle-fleet-local-system. This change does not impact GitOps workflows.

    Upgrade Requirements

    • Creating backups: We strongly recommend creating a backup before upgrading Rancher. To roll back Rancher after an upgrade, you must back up and restore Rancher to the previous Rancher version. Because Rancher will be restored to its state when a backup was created, any changes post upgrade will not be included after the restore. For more information, see the documentation on backing up Rancher.
    • Helm version: Rancher install or upgrade must occur with Helm 3.2.x+ due to the changes with the latest cert-manager release. See #29213.
    • Kubernetes version:
      • The local Kubernetes cluster for the Rancher server should be upgraded to Kubernetes 1.18+ before installing Rancher 2.6+.
    • CNI requirements:
      • For Kubernetes v1.19 and newer, we recommend disabling firewalld as it has been found to be incompatible with various CNI plugins. See #28840.
      • If upgrading or installing to a Linux distribution which uses nf_tables as the backend packet filter, such as SLES 15, RHEL 8, Ubuntu 20.10, Debian 10, or newer, users should upgrade to RKE1 v1.19.2 or later to get Flannel version v0.13.0 that supports nf_tables. See Flannel #1317.
      • For users upgrading from >=v2.4.4 to v2.5.x with clusters where ACI CNI is enabled, note that upgrading Rancher will result in automatic cluster reconciliation. This is applicable for Kubernetes versions v1.17.16-rancher1-1, v1.17.17-rancher1-1, v1.17.17-rancher2-1, v1.18.14-rancher1-1, v1.18.15-rancher1-1, v1.18.16-rancher1-1, and v1.18.17-rancher1-1. Please refer to the workaround BEFORE upgrading to v2.5.x. See #32002.
    • Requirements for air gapped environments:
      • For installing or upgrading Rancher in an air gapped environment, please add the flag --no-hooks to the helm template command to skip rendering files for Helm's hooks. See #3226.
      • If using a proxy in front of an air gapped Rancher, you must pass additional parameters to NO_PROXY. See the documentation and related issue #2725.
    • Cert-manager version requirements: Recent changes to cert-manager require an upgrade if you have a high-availability install of Rancher using self-signed certificates. If you are using cert-manager older than v0.9.1, please see the documentation on how to upgrade cert-manager. See documentation.
    • Requirements for Docker installs:
      • When starting the Rancher Docker container, the privileged flag must be used. See documentation.
      • When installing in an air gapped environment, you must supply a custom registries.yaml file to the docker run command as shown in the K3s documentation. If the registry has certificates, then you will need to also supply those. See #28969.
      • When upgrading a Docker installation, a panic may occur in the container, which causes it to restart. After restarting, the container comes up and is working as expected. See #33685.

    Rancher Behavior Changes

    • Cert-Manager:
      • Rancher now supports cert-manager versions 1.6.2 and 1.7.1. We recommend v1.7.x because v 1.6.x will reach end-of-life on March 30, 2022. To read more, see the documentation.
      • When upgrading Rancher and cert-manager, you will need to use Option B: Reinstalling Rancher and cert-manager from the Rancher docs.
      • There are several versions of cert-manager which, due to their backwards incompatibility, are not recommended for use with Rancher. You can read more about which versions are affected by this issue in the cert-manager docs. As a result, only versions 1.6.2 and 1.7.1 are recommended for use at this time.
      • For instructions on upgrading cert-manager from version 1.5 to 1.6, see the relevant cert-manager docs.
      • For instructions on upgrading cert-manager from version 1.6 to 1.7, see the relevant cert-manager docs.
    • Readiness and Liveness Check:
      • Users can now configure the Readiness Check and Liveness Check of coredns-autoscaler. See #24939.
    • Legacy Features:
      • Users upgrading from Rancher <=v2.5.x will automatically have the --legacy feature flag enabled. New installations that require legacy features need to enable the flag on install or through the UI.
      • When workloads created using the legacy UI are deleted, the corresponding services are not automatically deleted. Users will need to manually remove these services. A message will be displayed notifying the user to manually delete the associated services when such a workload is deleted. See #34639.
    • Library and Helm3-Library Catalogs:
      • Users will no longer be able to launch charts from the library and helm3-library catalogs, which are available through the legacy apps and multi-cluster-apps pages. Any existing legacy app that was deployed from a previous Rancher version will continue to be able to edit its currently deployed chart. Note that the Longhorn app will still be available from the library for new installs but will be removed in the next Rancher version. All users are recommended to deploy Longhorn from the Apps & Marketplace section of the Rancher UI instead of through the Legacy Apps pages.
    • Local Cluster:
      • In older Rancher versions, the local cluster could be hidden to restrict admin access to the Rancher server's local Kubernetes cluster, but that feature has been deprecated. The local Kubernetes cluster can no longer be hidden and all admins will have access to the local cluster. If you would like to restrict permissions to the local cluster, there is a new restricted-admin role that must be used. The access to local cluster can now be disabled by setting hide_local_cluster to true from the v3/settings API. See the documentation and #29325. For more information on upgrading from Rancher with a hidden local cluster, see the documentation.
    • Upgrading the Rancher UI:
      • After upgrading to v2.6+, users will be automatically logged out of the old Rancher UI and must log in again to access Rancher and the new UI. See #34004.
    • Fleet:
      • For users upgrading from v2.5.x to v2.6.x, note that Fleet will be enabled by default as it is required for operation in v2.6+. This will occur even if Fleet was disabled in v2.5.x. During the upgrade process, users will observe restarts of the rancher pods, which is expected. See #31044 and #32688.
      • Starting with Rancher v2.6.1, Fleet allows for two agents in the local cluster for scenarios where "Fleet is managing Fleet". The true local agent runs in the new cattle-fleet-local-system namespace. The agent downstream from another Fleet management cluster runs in cattle-fleet-system, similar to the agent pure downstream clusters. See #34716 and #531.
    • Editing and Saving Clusters:
      • For users upgrading from <=v2.4.8 (<= RKE v1.1.6) to v2.4.12+ (RKE v1.1.13+)/v2.5.0+ (RKE v1.2.0+) , please note that Edit and save cluster (even with no changes or a trivial change like cluster name) will result in cluster reconciliation and upgrading kube-proxy on all nodes because of a change in kube-proxy binds. This only happens on the first edit and later edits shouldn't affect the cluster. See #32216.
    • EKS Cluster:
      • There is currently a setting allowing users to configure the length of refresh time in cron format: eks-refresh-cron. That setting is now deprecated and has been migrated to a standard seconds format in a new setting: eks-refresh. If previously set, the migration will happen automatically. See #31789.
    • System Components:
      • Please be aware that upon an upgrade to v2.3.0+, any edits to a Rancher launched Kubernetes cluster will cause all system components to restart due to added tolerations to Kubernetes system components. Plan accordingly.
    • GKE and AKS Clusters:
      • Existing GKE and AKS clusters and imported clusters will continue to operate as-is. Only new creations and registered clusters will use the new full lifecycle management.
    • Rolling Back Rancher:
      • The process to roll back Rancher has been updated for versions v2.5.0 and above. New steps require scaling Rancher down to 0 replica before restoring the backup. Please refer to the documentation for the new instructions.
    • RBAC:
      • Due to the change of the provisioning framework, the Manage Nodes role will no longer be able to scale up/down machine pools. The user would need the ability to edit the cluster to manage the machine pools #34474.
    • Azure Cloud Provider for RKE2:
      • For RKE2, the process to set up an Azure cloud provider is different than for RKE1 clusters. Users should refer to the documentation for the new instructions. See #34367 for original issue.
    • Machines vs. Kube Nodes:
      • In previous versions, Rancher only displayed Nodes, but with v2.6, there are the concepts of machines and kube nodes. Kube nodes are the Kubernetes node objects and are only accessible if the Kubernetes API server is running and the cluster is active. Machines are the cluster's machine object which defines what the cluster should be running.
    • Rancher's External IP Webhook:
      • In v1.22, upstream Kubernetes has enabled the admission controller to reject usage of external IPs. As such, the rancher-external-ip-webhook chart that was created as a workaround is no longer needed, and support for it is now capped to Kubernetes v1.21 and below. See #33893.
    • Memory Limit for Legacy Monitoring:
      • The default value of the Prometheus memory limit in the legacy Rancher UI is now 2000Mi to prevent the pod from restarting due to a OOMKill. See #34850.
    • Memory Limit for Monitoring:
      • The default value of the Prometheus memory limit in the new Rancher UI is now 3000Mi to prevent the pod from restarting due to a OOMKill. See #34850.
    • **Snapshot

    Versions

    Please refer to the README for latest and stable versions.

    Please review our version documentation for more details on versioning and tagging conventions.

    Images

    • rancher/rancher:v2.6.8

    Tools

    Kubernetes Versions

    • v1.24.2 (Default)
    • v1.23.8
    • v1.22.11
    • v1.21.14
    • v1.20.15

    Rancher Helm Chart Versions

    Starting in 2.6.0, many of the Rancher Helm charts available in the Apps & Marketplace will start with a major version of 100. This was done to avoid simultaneous upstream changes and Rancher changes from causing conflicting version increments. This also brings us into compliance with semver, which is a requirement for newer versions of Helm. You can now see the upstream version of a chart in the build metadata, for example: 100.0.0+up2.1.0. See #32294.

    Other Notes

    Feature Flags

    Feature flags introduced in 2.6.0 and the Harvester feature flag introduced in 2.6.1 are listed below for reference:

    Feature Flag | Default Value | Description ---|---|--- harvester | true | Used to manage access to the Harvester list page where users can navigate directly to Harvester host clusters and have the ability to import them. fleet| true | The previous fleet feature flag is now required to be enabled as the fleet capabilities are leveraged within the new provisioning framework. If you had this feature flag disabled in earlier versions, upon upgrading to Rancher, the flag will automatically be enabled. gitops | true | If you want to hide the "Continuous Delivery" feature from your users, then please use the newly introduced gitops feature flag, which hides the ability to leverage Continuous Delivery. rke2 | true | Used to enable the ability to provision RKE2 clusters. By default, this feature flag is enabled, which allows users to attempt to provision these type of clusters. legacy | false for new installs, true for upgrades | There are a set of features from previous versions that are slowly being phased out of Rancher for newer iterations of the feature. This is a mix of deprecated features as well as features that will eventually be moved to newer variations in Rancher. By default, this feature flag is disabled for new installations. If you are upgrading from a previous version, this feature flag would be enabled. token-hashing | false | Used to enable new token-hashing feature. Once enabled, existing tokens will be hashed and all new tokens will be hashed automatically using the SHA256 algorithm. Once a token is hashed it cannot be undone. Once this feature flag is enabled it cannot be disabled.

    Experimental Features

    • Dual-stack and IPv6-only support for RKE1 clusters using the Flannel CNI will be experimental starting in v1.23.x. See the upstream Kubernetes docs. Dual-stack is not currently supported on Windows. See #165.

    • RancherD was introduced as part of Rancher v2.5.4 through v2.5.10 as an experimental feature but is now deprecated. See #33423.

    Legacy Features

    Legacy features are features hidden behind the legacy feature flag, which are various features/functionality of Rancher that was available in previous releases. These are features that Rancher doesn't intend for new users to consume, but if you have been using past versions of Rancher, you'll still want to use this functionality.

    When you first start 2.6, there is a card in the Home page that outlines the location of where these features are now located.

    The deprecated features from v2.5 are now behind the legacy feature flag. Please review our deprecation policy for questions.

    The following legacy features are no longer supported on Kubernetes v1.21+ clusters:

    • Logging
    • CIS Scans
    • Istio 1.5
    • Pipelines

    The following legacy feature is no longer supported past Kubernetes v1.21+ clusters:

    • Monitoring v1

    Known Major Issues

    • Kubernetes Cluster Distributions:
      • RKE:
        • Rotating encryption keys with a custom encryption provider is not supported. See #30539.
      • RKE1 - Windows:
        • OPA Gatekeeper gets stuck when uninstalled. See #37029.
      • RKE2:
        • Amazon ECR Private Registries are not functional. See #33920.
        • When provisioning using an RKE2 cluster template, the rootSize for AWS EC2 provisioners does not currently take an integer when it should, and an error is thrown. To work around this issue, wrap the EC2 rootSize in quotes. See Dashboard #3689.
        • RKE2 node driver cluster gets stuck in provisioning state after an upgrade to v2.6.4 and rollback to v2.6.3. See #36859.
        • RKE2 node driver cluster has its nodes redeployed when upgrading Rancher from v2.6.3 to v2.6.4. See #36627.
        • The communication between the ingress controller and the pods doesn't work when you create an RKE2 cluster with Cilium as the CNI and activate project network isolation. See documentation and #34275.
      • RKE2 - Windows:
        • OPA Gatekeeper gets stuck when uninstalled. See #37029.
        • In v2.6.5, v1.21.x of RKE2 will remain experimental and unsupported for RKE2 Windows. End users should not use v1.21.x of RKE2 for any RKE2 cluster that will have Windows worker nodes. This is due to an upstream Calico bug that was not backported to the minor version of Calico (3.19.x) that is present in v1.21.x of RKE2. See #131.
        • CSI Proxy for Windows will now work in an air-gapped environment.
        • NodePorts do not work on Windows Server 2022 in RKE2 clusters due to a Windows kernel bug. See #159.
        • When upgrading Windows nodes in RKE2 clusters via the Rancher UI, Windows worker nodes will require a reboot after the upgrade is completed. See #37645.
      • AKS:
        • When editing or upgrading the AKS cluster, do not make changes from the Azure console or CLI at the same time. These actions must be done separately. See #33561.
        • Windows node pools are not currently supported. See #32586.
        • Azure Container Registry-based Helm charts cannot be added in Cluster Explorer, but do work in the Apps feature of Cluster Manager. Note that when using a Helm chart repository, the disableSameOriginCheck setting controls when credentials are attached to requests. See documentation and #34584 for more information.
      • GKE:
        • Basic authentication must be explicitly disabled in GCP before upgrading a GKE cluster to 1.19+ in Rancher. See #32312.
      • AWS:
        • On RHEL8.4 SELinux in AWS AMI, Kubernetes v1.22 fails to provision on AWS. As Rancher will not install RPMs on the nodes, users may work around this issue either by using AMI with this package already installed, or by installing AMI via cloud-init. Users will encounter this issue on upgrade to v1.22 as well. When upgrading to 1.22, users must manually upgrade/install the rancher-selinux package on all the nodes in the cluster, then upgrade the Kubernetes version. See #36509.
    • Infrastructures:
      • vSphere:
        • PersistentVolumes are unable to mount to custom vSphere hardened clusters using CSI charts. See #35173.
      • Oracle:
        • Kubernetes 1.24 clusters fail to reach an Active state using Oracle Linux 8.4. See #38214.
    • Harvester:
      • Upgrades from Harvester v0.3.0 are not supported.
      • Deploying Fleet to Harvester clusters is not yet supported. Clusters, whether Harvester or non-Harvester, imported using the Virtualization Management page will result in the cluster not being listed on the Continuous Delivery page. See #35049.
    • Cluster Tools:
      • Fleet:
        • Multiple fleet-agent pods may be created and deleted during initial downstream agent deployment; rather than just one. This resolves itself quickly, but is unintentional behavior. See #33293.
      • Hardened clusters:
        • Not all cluster tools can currently be installed on a hardened cluster.
      • Rancher Backup:
        • When migrating to a cluster with the Rancher Backup feature, the server-url cannot be changed to a different location. It must continue to use the same URL.
        • When running a newer version of the rancher-backup app to restore a backup made with an older version of the app, the resourceSet named rancher-resource-set will be restored to an older version that might be different from the one defined in the current running rancher-backup app. The workaround is to edit the rancher-backup app to trigger a reconciliation. See #34495.
        • Because Kubernetes v1.22 drops the apiVersion apiextensions.k8s.io/v1beta1, trying to restore an existing backup file into a v1.22 cluster will fail because the backup file contains CRDs with the apiVersion v1beta1. There are two options to work around this issue: update the default resourceSet to collect the CRDs with the apiVersion v1, or update the default resourceSet and the client to use the new APIs internally. See documentation and #34154.
      • Monitoring:
        • Deploying Monitoring on a Windows cluster with win_prefix_path set requires users to deploy Rancher Wins Upgrader to restart wins on the hosts to start collecting metrics in Prometheus. See #32535.
      • Logging:
        • Windows nodeAgents are not deleted when performing helm upgrade after disabling Windows logging on a Windows cluster. See #32325.
      • Istio Versions:
        • Istio 1.12 and below do not work on Kubernetes 1.23 clusters. To use the Istio charts, please do not update to Kubernetes 1.23 until the next charts' release.
        • Istio 1.5 is not supported in air-gapped environments. Please note that the Istio project has ended support for Istio 1.5.
        • Istio 1.9 support ended on October 8th, 2021.
        • Deprecated resources are not automatically removed and will cause errors during upgrades. Manual steps must be taken to migrate and/or cleanup resources before an upgrade is performed. See #34699.
        • Applications injecting Istio sidecars, fail on SELinux RHEL 8.4 enabled clusters. A temporary workaround for this issue is to run the following command on each cluster node before creating a cluster: mkdir -p /var/run/istio-cni && semanage fcontext -a -t container_file_t /var/run/istio-cni && restorecon -v /var/run/istio-cni. See #33291.
      • Legacy Monitoring:
        • The Grafana instance inside Cluster Manager's Monitoring is not compatible with Kubernetes v1.21. To work around this issue, disable the BoundServiceAccountTokenVolume feature in Kubernetes v1.21 and above. Note that this workaround will be deprecated in Kubernetes v1.22. See #33465.
        • In air gapped setups, the generated rancher-images.txt that is used to mirror images on private registries does not contain the images required to run Legacy Monitoring which is compatible with Kubernetes v1.15 clusters. If you are running Kubernetes v1.15 clusters in an air gapped environment, and you want to either install Legacy Monitoring or upgrade Legacy Monitoring to the latest that is offered by Rancher for Kubernetes v1.15 clusters, you will need to take one of the following actions:
          • Upgrade the Kubernetes version so that you can use v0.2.x of the Monitoring application Helm chart.
          • Manually import the necessary images into your private registry for the Monitoring application to use.
        • When deploying any downstream cluster, Rancher logs errors that seem to be related to Monitoring even when Monitoring is not installed onto either cluster; specifically, Rancher logs that it failed on subscribe to the Prometheus CRs in the cluster because it is unable to get the resource prometheus.meta.k8s.io. These logs appear in a similar fashion for other Prometheus CRs (namely Alertmanager, ServiceMonitors, and PrometheusRules), but do not seem to cause any other major impact in functionality. See #32978.
        • Legacy Monitoring does not support Kubernetes v1.22 due to the feature-gates flag no longer being supported. See #35574.
        • After performing an upgrade to Rancher v2.6.3 from v2.6.2, the Legacy Monitoring custom metric endpoint stops working. To work around this issue, delete the service that is being targeted by the servicemonitor and allow it to be recreated; this will reload the pods that need to be targeted on a service sync. See #35790.
    • Docker Installations:
      • UI issues may occur due to a longer startup time. User will receive an error message when launching Docker for the first time #28800, and user is directed to username/password screen when accessing the UI after a Docker install of Rancher. See #28798.
      • On a Docker install upgrade and rollback, Rancher logs will repeatedly display the messages "Updating workload ingress-nginx/nginx-ingress-controller" and "Updating service frontend with public endpoints". Ingresses and clusters are functional and active, and logs resolve eventually. See #35798.
      • Rancher single node wont start on Apple M1 devices with Docker Desktop 4.3.0 or newer. See #35930.
    • Rancher UI:
      • After installing an app from a partner chart repo, the partner chart will upgrade to feature charts if the chart also exists in the feature charts default repo. See #5655.
      • In some instances under Users and Authentication, no users are listed and clicking Create to create a new user does not display the entire form. To work around this when encountered, perform a hard refresh to be able to log back in. See #37531.
      • Deployment securityContext section is missing when a new workload is created. This prevents pods from starting when Pod Security Policy Support is enabled. See #4815.
    • Legacy UI:
      • When using the Rancher v2.6 UI to add a new port of type ClusterIP to an existing Deployment created using the legacy UI, the new port will not be created upon saving. To work around this issue, repeat the procedure to add the port again. Users will notice the Service Type field will display as Do not create a service. Change this to ClusterIP and upon saving, the new port will be created successfully during this subsequent attempt. See #4280.
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(740 bytes)
    rancher-data.json(3.47 MB)
    rancher-images-digests-linux-amd64.txt(62.25 KB)
    rancher-images-digests-linux-arm64.txt(46.65 KB)
    rancher-images-digests-linux-s390x.txt(44.92 KB)
    rancher-images-digests-windows-1809.txt(2.07 KB)
    rancher-images-digests-windows-ltsc2022.txt(2.07 KB)
    rancher-images-sources.txt(30.59 KB)
    rancher-images.txt(21.93 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(862 bytes)
    rancher-mirror-to-rancher-org.sh(27.87 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(138 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(941 bytes)
    rancher-windows-images.txt(622 bytes)
    sha256sum.txt(1.31 KB)
  • v2.6.8-rc4(Aug 29, 2022)

    Images with -rc

    rancher/rancher v2.6.8-rc4 rancher/rancher-agent v2.6.8-rc4 rancher/rancher-runtime v2.6.8-rc4

    Components with -rc

    Min version components with -rc

    RKE Kubernetes versions

    v1.18.20-rancher1-3 v1.19.16-rancher1-6 v1.20.15-rancher2-2 v1.21.14-rancher1-1 v1.22.11-rancher1-1 v1.23.8-rancher1-1 v1.24.2-rancher1-1

    Chart/KDM sources

    • SYSTEM_CHART_DEFAULT_BRANCH: release-v2.6 (scripts/package)
    • CHART_DEFAULT_BRANCH: release-v2.6 (scripts/package)
    • SYSTEM_CHART_DEFAULT_BRANCH: release-v2.6 (package/Dockerfile)
    • CHART_DEFAULT_BRANCH: release-v2.6 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: release-v2.6 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: release-v2.6 (Dockerfile.dapper)
    • KDMBranch: release-v2.6 (pkg/settings/setting.go)
    • ChartDefaultBranch: release-v2.6 (pkg/settings/setting.go)
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(834 bytes)
    rancher-data.json(3.47 MB)
    rancher-images-digests-linux-amd64.txt(62.26 KB)
    rancher-images-digests-linux-arm64.txt(46.66 KB)
    rancher-images-digests-linux-s390x.txt(44.93 KB)
    rancher-images-digests-windows-1809.txt(2.07 KB)
    rancher-images-digests-windows-ltsc2022.txt(2.07 KB)
    rancher-images-sources.txt(30.61 KB)
    rancher-images.txt(21.95 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(866 bytes)
    rancher-mirror-to-rancher-org.sh(27.88 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(138 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(945 bytes)
    rancher-windows-images.txt(626 bytes)
    sha256sum.txt(1.31 KB)
  • v2.6.8-rc3(Aug 29, 2022)

    Images with -rc

    rancher/rancher v2.6.8-rc3 rancher/rancher-agent v2.6.8-rc3 rancher/rancher-runtime v2.6.8-rc3

    Components with -rc

    Min version components with -rc

    RKE Kubernetes versions

    v1.18.20-rancher1-3 v1.19.16-rancher1-6 v1.20.15-rancher2-2 v1.21.14-rancher1-1 v1.22.11-rancher1-1 v1.23.8-rancher1-1 v1.24.2-rancher1-1

    Chart/KDM sources

    • SYSTEM_CHART_DEFAULT_BRANCH: release-v2.6 (scripts/package)
    • CHART_DEFAULT_BRANCH: release-v2.6 (scripts/package)
    • SYSTEM_CHART_DEFAULT_BRANCH: release-v2.6 (package/Dockerfile)
    • CHART_DEFAULT_BRANCH: release-v2.6 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: release-v2.6 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: release-v2.6 (Dockerfile.dapper)
    • KDMBranch: release-v2.6 (pkg/settings/setting.go)
    • ChartDefaultBranch: release-v2.6 (pkg/settings/setting.go)
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(834 bytes)
    rancher-data.json(3.47 MB)
    rancher-images-digests-linux-amd64.txt(62.26 KB)
    rancher-images-digests-linux-arm64.txt(46.66 KB)
    rancher-images-digests-linux-s390x.txt(44.93 KB)
    rancher-images-digests-windows-1809.txt(2.07 KB)
    rancher-images-digests-windows-ltsc2022.txt(2.07 KB)
    rancher-images-sources.txt(30.61 KB)
    rancher-images.txt(21.95 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(866 bytes)
    rancher-mirror-to-rancher-org.sh(27.88 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(138 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(945 bytes)
    rancher-windows-images.txt(626 bytes)
    sha256sum.txt(1.31 KB)
  • v2.6.8-rc2(Aug 29, 2022)

    Images with -rc

    rancher/rancher v2.6.8-rc2 rancher/rancher-agent v2.6.8-rc2 rancher/rancher-runtime v2.6.8-rc2

    Components with -rc

    Min version components with -rc

    RKE Kubernetes versions

    v1.18.20-rancher1-3 v1.19.16-rancher1-6 v1.20.15-rancher2-2 v1.21.14-rancher1-1 v1.22.11-rancher1-1 v1.23.8-rancher1-1 v1.24.2-rancher1-1

    Chart/KDM sources

    • SYSTEM_CHART_DEFAULT_BRANCH: release-v2.6 (scripts/package)
    • CHART_DEFAULT_BRANCH: release-v2.6 (scripts/package)
    • SYSTEM_CHART_DEFAULT_BRANCH: release-v2.6 (package/Dockerfile)
    • CHART_DEFAULT_BRANCH: release-v2.6 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: release-v2.6 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: release-v2.6 (Dockerfile.dapper)
    • KDMBranch: release-v2.6 (pkg/settings/setting.go)
    • ChartDefaultBranch: release-v2.6 (pkg/settings/setting.go)
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(834 bytes)
    rancher-data.json(3.47 MB)
    rancher-images-digests-linux-amd64.txt(62.26 KB)
    rancher-images-digests-linux-arm64.txt(46.66 KB)
    rancher-images-digests-linux-s390x.txt(44.93 KB)
    rancher-images-digests-windows-1809.txt(2.07 KB)
    rancher-images-digests-windows-ltsc2022.txt(2.07 KB)
    rancher-images-sources.txt(30.61 KB)
    rancher-images.txt(21.95 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(866 bytes)
    rancher-mirror-to-rancher-org.sh(27.88 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(138 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(945 bytes)
    rancher-windows-images.txt(626 bytes)
    sha256sum.txt(1.31 KB)
  • v2.6.8-rc1(Aug 26, 2022)

    Images with -rc

    rancher/fleet v0.3.11-rc1 rancher/fleet-agent v0.3.11-rc1 rancher/rancher v2.6.8-rc1 rancher/rancher-agent v2.6.8-rc1 rancher/rancher-runtime v2.6.8-rc1

    Components with -rc

    Min version components with -rc

    FLEET_MIN_VERSION 100.0.5+up0.3.11-rc1

    RKE Kubernetes versions

    v1.18.20-rancher1-3 v1.19.16-rancher1-6 v1.20.15-rancher2-2 v1.21.14-rancher1-1 v1.22.11-rancher1-1 v1.23.8-rancher1-1 v1.24.2-rancher1-1

    Chart/KDM sources

    • SYSTEM_CHART_DEFAULT_BRANCH: release-v2.6 (scripts/package)
    • CHART_DEFAULT_BRANCH: release-v2.6.8 (scripts/package)
    • SYSTEM_CHART_DEFAULT_BRANCH: release-v2.6 (package/Dockerfile)
    • CHART_DEFAULT_BRANCH: release-v2.6.8 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: release-v2.6 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: release-v2.6 (Dockerfile.dapper)
    • KDMBranch: release-v2.6 (pkg/settings/setting.go)
    • ChartDefaultBranch: release-v2.6.8 (pkg/settings/setting.go)
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(936 bytes)
    rancher-data.json(3.47 MB)
    rancher-images-digests-linux-amd64.txt(62.27 KB)
    rancher-images-digests-linux-arm64.txt(46.67 KB)
    rancher-images-digests-linux-s390x.txt(44.94 KB)
    rancher-images-digests-windows-1809.txt(2.07 KB)
    rancher-images-digests-windows-ltsc2022.txt(2.07 KB)
    rancher-images-sources.txt(30.64 KB)
    rancher-images.txt(21.95 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(870 bytes)
    rancher-mirror-to-rancher-org.sh(27.89 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(138 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(953 bytes)
    rancher-windows-images.txt(630 bytes)
    sha256sum.txt(1.31 KB)
  • v2.6.7(Aug 19, 2022)

    Release v2.6.7

    WARNING: Version 2.6.7 introduced a bug that can cause data loss. If you are running v2.6.7, it is highly recommended to update to v2.6.8 or later.

    It is important to review the Install/Upgrade Notes below before upgrading to any Rancher version.

    In Rancher v2.6.4, the cluster-api module has been upgraded from v0.4.4 to v1.0.2 in which the apiVersion of CAPI CRDs are upgraded from cluster.x-k8s.io/v1alpha4 to cluster.x-k8s.io/v1beta1. This has the effect of causing rollbacks from Rancher v2.6.4 to any previous version of Rancher v2.6.x to fail because the previous version the CRDs needed to roll back are no longer available in v1beta1. To avoid this, the Rancher resource cleanup script should be run before the restore or rollback is attempted. This script can be found in the rancherlabs/support-tools repo and the usage of the script can be found in the backup-restore operator docs. In addition, when users roll back Rancher on the same cluster using the Rancher Backup and Restore app in 2.6.4+, the updated steps to create the Restore Custom Resource must be followed. See also #36803 for more details.

    Security Fixes for Rancher Vulnerabilities

    This release addresses three critical severity security issues found in Rancher:

    • Fixed an issue where sensitive fields like passwords, API keys, and Rancher's service account token were stored as plaintext on Kubernetes objects. Any user with read access to those objects in the Kubernetes API could retrieve the plaintext version of those sensitive data. For more information, see CVE-2021-36782.

    • Improved the sanitization (removal) of credentials from cluster template answers. Failure to sanitize data can lead to plaintext storage and exposure of credentials, passwords, and API tokens. For more information, see CVE-2021-36783.

    • Fixed an authorization logic flaw that allowed privilege escalation in downstream clusters through cluster role template binding (CRTB) and project role template binding (PRTB). For more information, see CVE-2022-31247.

    For more details, see the Security Advisories page.

    Features and Enhancements

    Azure Active Directory API Migration

    Microsoft has deprecated the Azure AD Graph API that Rancher had been using for authentication via Azure AD. A configuration update is necessary to make sure users can still use Rancher with Azure AD. See the docs and #29306 for details.

    • Limitations
      • Attempts to log in will fail after rolling back a Docker install of Rancher if the following conditions have occurred:

        • Azure AD is enabled.
        • Before the rollback, admins committed to the Azure AD configuration update.

        This is because the Azure AD endpoints will not be rolled back if the rollback is not performed via the backup-restore operator. If you want to roll back Rancher to use the old Azure AD Graph API without using the backup-restore operator, follow this workaround to edit the AzureAD authconfig resource stored in the local cluster's database. The old Azure AD Graph API endpoints will not be rolled back on a Rancher rollback. See #38025.

    • Other
      • Multi-factor authentication (MFA) now works with the Azure AD auth provider. Some Rancher setups might have had MFA enabled in Azure from before, but Rancher wasn't working with it correctly. Be aware that on upgrade, if MFA is enabled for the Azure app, Rancher will require additional verification. See #38028.
      • Before starting the migration process or enabling Azure AD for the first time in v2.6.7+, ensure that you add the Azure app registration's permissions of type Application and NOT Delegated for Microsoft Graph. Otherwise, you may not be able to login to Azure AD. This issue will persist even after you disable/re-enable Azure AD and will require an hour wait, or manual deletion of a cache value to resolve.

    Integration with Cloud Marketplaces

    Rancher v2.6.7 introduces an integration allowing users to easily purchase support through the AWS marketplace for installation hosted on AWS/EKS. You must be running Rancher v2.6.7 or higher and have set up Rancher and it's local cluster according to the prerequisites.

    For details about the integration, refer to the Rancher documentation and #37495.

    Note: If users are using the csp-adapter and the rancher backup-restore operator, they will need to upgrade the backup-restore operator to the latest version (v2.1.3) in order to ensure that the applications work together.

    New in Rancher

    • Support for Kubernetes v1.24 added.
    • Support has ended for Kubernetes v1.18 and v1.19.
    • Increased entropy of CSRF (cross-site request forgery) token. See #14 and #414
    • Starting in v2.6.0, whenever a user requests a kubeconfig file, Rancher creates a newly-generated token instead of retrieving the old one. The token TTL is not configurable on these tokens, causing token cleanup to be a manual process. We've now added a new setting to allow users to change the TTL on kubeconfig tokens called kubeconfig-default-token-TTL-minutes. This setting has a default value of 0 to retain default behavior between Rancher versions. Rancher recommends that admins change this setting from its default to prevent unbound token creation. Note that this setting only applies to tokens generated for kubeconfigs when kubeconfig-generate-tokens is true, which is the default. When kubeconfig-generate-tokens is false, kubeconfig-token-ttl-minutes will be used for token TTL. This behavior is the same as previous versions of Rancher. The kubeconfig-token-ttl-minutes setting is now deprecated in favor of using kubeconfig-default-token-TTL-minutes in the future. See #37705.
    • The Rancher chart now exposes the ingress.ingressClassName value, which allows setting the name of the ingress controller to be used with Rancher's Ingress resource. This is relevant for Rancher clusters created with a provider other than RKE, since RKE automatically sets nginx as the ingress class name. By default, the value is an empty string because Rancher does not make assumptions about the type of ingress controller that runs in Rancher (nginx, Traefik, etc.). See #37971.
    • Behavior Changes
      • The Kubernetes team has observed an increase in memory usage with Kubernetes v1.24. See the upstream changelog for details.
      • All Kubernetes 1.24 clusters will have cri-dockerd enabled by default which includes new and upgraded clusters. Users can apply the io.cattle.cluster.cridockerd.enable annotation on a cluster, and the annotation will override the default behavior. If the annotation is set to false and enable_cri_dockerd is set to true, the annotation will override the field/flag behavior and enable_cri_dockerd will be updated to false. Clusters will not provision correctly if cri-dockerd is disabled; this is expected unless a proper Docker runtime is provided. See #38160.

    New in RKE1

    • Resolved an issue for RKE clusters that prevented specifying more than one private registry in the YAML configuration. See #37658.
    • Windows
      • Important: RKE1 Support for Windows will stop on September 1st 2022 due to upstream changes. See this article for more details.
      • A warning message has been added to inform users that Windows support is being deprecated for RKE1. See #5995.

    New in RKE2

    • New encryption key rotation feature added. See the docs and #35436.
    • Windows
      • HostProcess containers are now supported in Kubernetes v1.24.1 and up. See #69.
    • Behavior Changes
      • After an upgrade to Rancher v2.6.7, RKE2 provisioned clusters will briefly go into an Updating state with the message waiting for plan to be applied. This behavior is expected and has no adverse effects. See #38353.
    • Known Issues
      • Encryption keys may fail to rotate when there are a large number (> 2000) of secrets. See #38283.
      • Users running RHEL/CentOS 7 should not install or upgrade to K3s/RKE2 v1.24.2 or v1.24.3 but should instead wait for K3s/RKE2 v1.24.4 to do so. See #5912.
      • The system-upgrade-controller Deployment may fail after Monitoring is enabled on an RKE2 v1.23 or v1.24 cluster with Windows nodes. See 38646.

    New in the Rancher UI

    • Removed monitoring dashboard "Rancher Internal State (Controllers)". Most functionality from this dashboard has been replaced and can be found in the dashboard "Rancher Performance Debugging". See #37274.
    • ProjectHelmCharts has been added as a selectable resource from the helm.cattle.io API group when creating a new project/namespace role. See #5747.
    • Added a Diagnostics page to allow users to gather data from their systems to append to any issues filed for Rancher. The Diagnostics page is accessible via the About page. See #6544.
    • The Deployment creation screen has been improved and a new Pod creation view has been added. See #5734.
    • When viewing the details of a GitRepo through Fleet, users can now get a graphical representation of the bundle deployments that came from that GitRepo. See #4680.
    • Behavior Changes
      • Project owners and project members will no longer be able to see namespaces outside of the project(s) they have access to. This is to prevent a bad user experience, where some users could see namespaces that they could not use.
      • Project owners and project members will now be required to delete namespaces within a project when deleting the project. This is to prevent a situation where they would essentially be creating orphaned namespaces, which they would lose access to when they delete the project.

    Major Bug Fixes

    • User Preferences set by a drop-down component will now be applied correctly. Previously, updating a user preference in this manner would cause adverse effects such as the inability to view logs or the setting not taking effect. See #5984.
    • Prior to v2.6.7, if S3 or other kinds of credentials were added to a cluster after it was already created, the reference to the secret containing the credentials was lost because the cluster status cannot be updated through the API. The references are now moved to the cluster Spec so that they can be updated after creation. To repair a cluster after a upgrade to v2.6.7, edit the cluster and change the etcd snapshot configuration back to local and save it, then edit again to configure S3 snapshots again. See #38215.
    • Certificates with a CN exceeding 64 characters will not cause an error. See #37766.
    • If the creation of the impersonation ClusterRoleBinding is interfered with or interrupted, users can now access the downstream cluster without experiencing unauthorized errors. See #37733.
    • Resolved an issue where users that existed since Rancher v2.6.2 or earlier may start experiencing authorization errors upon upgrade to Rancher v2.6.5 when using kubectl with a downloaded kubeconfig for a downstream cluster. See #37894.
    • Users with the role 'Cluster Owners' who are not also 'Admins' are now able to manage snapshots on RKE2 clusters. See #37630.
    • A bug was found that overloaded the downstream Kubernetes API server when the Cluster Explorer dashboard is left open to a page for a downstream cluster for over 30 minutes and would start rapidly opening and closing watch requests perpetually. See #37627.
    • Rancher server now generates a new token every time a kubeconfig is requested via the CLI. This token is then cached by the CLI on the local system and will not cause previously created tokens to become invalid. See #37245.
    • Windows installation scripts are now successfully retrieved in proxied RKE2 downstream clusters. See #36574.
    • The istiod-istio-system ValidatingWebhookConfiguration has been removed to allow Istio 1.11.x and higher to be installed in air-gapped environments. See #35742.
    • Most API responses now set response headers to include Cache-Control: no-store which directs intermediate caches not to cache the response. Previously, some intermediate caches between the Rancher server and clients, including cluster agents, were configured to cache responses for the purpose of scalability and improved response time. In some cases this led to stale data getting inadvertently cached which would disrupt deployment of downstream clusters. See #35199.
    • Project resource quotas are now correctly removed when deleted through the UI. See #35688.

    Install/Upgrade Notes

    • If you are installing Rancher for the first time, your environment must fulfill the installation requirements.
    • The namespace where the local Fleet agent runs has been changed to cattle-fleet-local-system. This change does not impact GitOps workflows.

    Upgrade Requirements

    • Creating backups: We strongly recommend creating a backup before upgrading Rancher. To roll back Rancher after an upgrade, you must back up and restore Rancher to the previous Rancher version. Because Rancher will be restored to its state when a backup was created, any changes post upgrade will not be included after the restore. For more information, see the documentation on backing up Rancher.
    • Helm version: Rancher install or upgrade must occur with Helm 3.2.x+ due to the changes with the latest cert-manager release. See #29213.
    • Kubernetes version:
      • The local Kubernetes cluster for the Rancher server should be upgraded to Kubernetes 1.18+ before installing Rancher 2.6+.
    • CNI requirements:
      • For Kubernetes v1.19 and newer, we recommend disabling firewalld as it has been found to be incompatible with various CNI plugins. See #28840.
      • If upgrading or installing to a Linux distribution which uses nf_tables as the backend packet filter, such as SLES 15, RHEL 8, Ubuntu 20.10, Debian 10, or newer, users should upgrade to RKE1 v1.19.2 or later to get Flannel version v0.13.0 that supports nf_tables. See Flannel #1317.
      • For users upgrading from >=v2.4.4 to v2.5.x with clusters where ACI CNI is enabled, note that upgrading Rancher will result in automatic cluster reconciliation. This is applicable for Kubernetes versions v1.17.16-rancher1-1, v1.17.17-rancher1-1, v1.17.17-rancher2-1, v1.18.14-rancher1-1, v1.18.15-rancher1-1, v1.18.16-rancher1-1, and v1.18.17-rancher1-1. Please refer to the workaround BEFORE upgrading to v2.5.x. See #32002.
    • Requirements for air gapped environments:
      • For installing or upgrading Rancher in an air gapped environment, please add the flag --no-hooks to the helm template command to skip rendering files for Helm's hooks. See #3226.
      • If using a proxy in front of an air gapped Rancher, you must pass additional parameters to NO_PROXY. See the documentation and related issue #2725.
    • Cert-manager version requirements: Recent changes to cert-manager require an upgrade if you have a high-availability install of Rancher using self-signed certificates. If you are using cert-manager older than v0.9.1, please see the documentation on how to upgrade cert-manager. See documentation.
    • Requirements for Docker installs:
      • When starting the Rancher Docker container, the privileged flag must be used. See documentation.
      • When installing in an air gapped environment, you must supply a custom registries.yaml file to the docker run command as shown in the K3s documentation. If the registry has certificates, then you will need to also supply those. See #28969.
      • When upgrading a Docker installation, a panic may occur in the container, which causes it to restart. After restarting, the container comes up and is working as expected. See #33685.

    Rancher Behavior Changes

    • Cert-Manager:
      • Rancher now supports cert-manager versions 1.6.2 and 1.7.1. We recommend v1.7.x because v 1.6.x will reach end-of-life on March 30, 2022. To read more, see the documentation.
      • When upgrading Rancher and cert-manager, you will need to use Option B: Reinstalling Rancher and cert-manager from the Rancher docs.
      • There are several versions of cert-manager which, due to their backwards incompatibility, are not recommended for use with Rancher. You can read more about which versions are affected by this issue in the cert-manager docs. As a result, only versions 1.6.2 and 1.7.1 are recommended for use at this time.
      • For instructions on upgrading cert-manager from version 1.5 to 1.6, see the relevant cert-manager docs.
      • For instructions on upgrading cert-manager from version 1.6 to 1.7, see the relevant cert-manager docs.
    • Readiness and Liveness Check:
      • Users can now configure the Readiness Check and Liveness Check of coredns-autoscaler. See #24939.
    • Legacy Features:
      • Users upgrading from Rancher <=v2.5.x will automatically have the --legacy feature flag enabled. New installations that require legacy features need to enable the flag on install or through the UI.
      • When workloads created using the legacy UI are deleted, the corresponding services are not automatically deleted. Users will need to manually remove these services. A message will be displayed notifying the user to manually delete the associated services when such a workload is deleted. See #34639.
    • Library and Helm3-Library Catalogs:
      • Users will no longer be able to launch charts from the library and helm3-library catalogs, which are available through the legacy apps and multi-cluster-apps pages. Any existing legacy app that was deployed from a previous Rancher version will continue to be able to edit its currently deployed chart. Note that the Longhorn app will still be available from the library for new installs but will be removed in the next Rancher version. All users are recommended to deploy Longhorn from the Apps & Marketplace section of the Rancher UI instead of through the Legacy Apps pages.
    • Local Cluster:
      • In older Rancher versions, the local cluster could be hidden to restrict admin access to the Rancher server's local Kubernetes cluster, but that feature has been deprecated. The local Kubernetes cluster can no longer be hidden and all admins will have access to the local cluster. If you would like to restrict permissions to the local cluster, there is a new restricted-admin role that must be used. The access to local cluster can now be disabled by setting hide_local_cluster to true from the v3/settings API. See the documentation and #29325. For more information on upgrading from Rancher with a hidden local cluster, see the documentation.
    • Upgrading the Rancher UI:
      • After upgrading to v2.6+, users will be automatically logged out of the old Rancher UI and must log in again to access Rancher and the new UI. See #34004.
    • Fleet:
      • For users upgrading from v2.5.x to v2.6.x, note that Fleet will be enabled by default as it is required for operation in v2.6+. This will occur even if Fleet was disabled in v2.5.x. During the upgrade process, users will observe restarts of the rancher pods, which is expected. See #31044 and #32688.
      • Starting with Rancher v2.6.1, Fleet allows for two agents in the local cluster for scenarios where "Fleet is managing Fleet". The true local agent runs in the new cattle-fleet-local-system namespace. The agent downstream from another Fleet management cluster runs in cattle-fleet-system, similar to the agent pure downstream clusters. See #34716 and #531.
    • Editing and Saving Clusters:
      • For users upgrading from <=v2.4.8 (<= RKE v1.1.6) to v2.4.12+ (RKE v1.1.13+)/v2.5.0+ (RKE v1.2.0+) , please note that Edit and save cluster (even with no changes or a trivial change like cluster name) will result in cluster reconciliation and upgrading kube-proxy on all nodes because of a change in kube-proxy binds. This only happens on the first edit and later edits shouldn't affect the cluster. See #32216.
    • EKS Cluster:
      • There is currently a setting allowing users to configure the length of refresh time in cron format: eks-refresh-cron. That setting is now deprecated and has been migrated to a standard seconds format in a new setting: eks-refresh. If previously set, the migration will happen automatically. See #31789.
    • System Components:
      • Please be aware that upon an upgrade to v2.3.0+, any edits to a Rancher launched Kubernetes cluster will cause all system components to restart due to added tolerations to Kubernetes system components. Plan accordingly.
    • GKE and AKS Clusters:
      • Existing GKE and AKS clusters and imported clusters will continue to operate as-is. Only new creations and registered clusters will use the new full lifecycle management.
    • Rolling Back Rancher:
      • The process to roll back Rancher has been updated for versions v2.5.0 and above. New steps require scaling Rancher down to 0 replica before restoring the backup. Please refer to the documentation for the new instructions.
    • RBAC:
      • Due to the change of the provisioning framework, the Manage Nodes role will no longer be able to scale up/down machine pools. The user would need the ability to edit the cluster to manage the machine pools #34474.
    • Azure Cloud Provider for RKE2:
      • For RKE2, the process to set up an Azure cloud provider is different than for RKE1 clusters. Users should refer to the documentation for the new instructions. See #34367 for original issue.
    • Machines vs. Kube Nodes:
      • In previous versions, Rancher only displayed Nodes, but with v2.6, there are the concepts of machines and kube nodes. Kube nodes are the Kubernetes node objects and are only accessible if the Kubernetes API server is running and the cluster is active. Machines are the cluster's machine object which defines what the cluster should be running.
    • Rancher's External IP Webhook:
      • In v1.22, upstream Kubernetes has enabled the admission controller to reject usage of external IPs. As such, the rancher-external-ip-webhook chart that was created as a workaround is no longer needed, and support for it is now capped to Kubernetes v1.21 and below. See #33893.
    • Memory Limit for Legacy Monitoring:
      • The default value of the Prometheus memory limit in the legacy Rancher UI is now 2000Mi to prevent the pod from restarting due to a OOMKill. See #34850.
    • Memory Limit for Monitoring:
      • The default value of the Prometheus memory limit in the new Rancher UI is now 3000Mi to prevent the pod from restarting due to a OOMKill. See #34850.

    Versions

    Please refer to the README for latest and stable versions.

    Please review our version documentation for more details on versioning and tagging conventions.

    Images

    • rancher/rancher:v2.6.7

    Tools

    Kubernetes Versions

    • v1.24.2 (Default)
    • v1.23.8
    • v1.22.11
    • v1.21.14
    • v1.20.15

    Rancher Helm Chart Versions

    Starting in 2.6.0, many of the Rancher Helm charts available in the Apps & Marketplace will start with a major version of 100. This was done to avoid simultaneous upstream changes and Rancher changes from causing conflicting version increments. This also brings us into compliance with semver, which is a requirement for newer versions of Helm. You can now see the upstream version of a chart in the build metadata, for example: 100.0.0+up2.1.0. See #32294.

    Other Notes

    Feature Flags

    Feature flags introduced in 2.6.0 and the Harvester feature flag introduced in 2.6.1 are listed below for reference:

    Feature Flag | Default Value | Description ---|---|--- harvester | true | Used to manage access to the Harvester list page where users can navigate directly to Harvester host clusters and have the ability to import them. fleet| true | The previous fleet feature flag is now required to be enabled as the fleet capabilities are leveraged within the new provisioning framework. If you had this feature flag disabled in earlier versions, upon upgrading to Rancher, the flag will automatically be enabled. gitops | true | If you want to hide the "Continuous Delivery" feature from your users, then please use the newly introduced gitops feature flag, which hides the ability to leverage Continuous Delivery. rke2 | true | Used to enable the ability to provision RKE2 clusters. By default, this feature flag is enabled, which allows users to attempt to provision these type of clusters. legacy | false for new installs, true for upgrades | There are a set of features from previous versions that are slowly being phased out of Rancher for newer iterations of the feature. This is a mix of deprecated features as well as features that will eventually be moved to newer variations in Rancher. By default, this feature flag is disabled for new installations. If you are upgrading from a previous version, this feature flag would be enabled. token-hashing | false | Used to enable new token-hashing feature. Once enabled, existing tokens will be hashed and all new tokens will be hashed automatically using the SHA256 algorithm. Once a token is hashed it cannot be undone. Once this feature flag is enabled it cannot be disabled.

    Experimental Features

    • Dual-stack and IPv6-only support for RKE1 clusters using the Flannel CNI will be experimental starting in v1.23.x. See the upstream Kubernetes docs. Dual-stack is not currently supported on Windows. See #165.

    • RancherD was introduced as part of Rancher v2.5.4 through v2.5.10 as an experimental feature but is now deprecated. See #33423.

    Legacy Features

    Legacy features are features hidden behind the legacy feature flag, which are various features/functionality of Rancher that was available in previous releases. These are features that Rancher doesn't intend for new users to consume, but if you have been using past versions of Rancher, you'll still want to use this functionality.

    When you first start 2.6, there is a card in the Home page that outlines the location of where these features are now located.

    The deprecated features from v2.5 are now behind the legacy feature flag. Please review our deprecation policy for questions.

    The following legacy features are no longer supported on Kubernetes v1.21+ clusters:

    • Logging
    • CIS Scans
    • Istio 1.5
    • Pipelines

    The following legacy feature is no longer supported past Kubernetes v1.21+ clusters:

    • Monitoring v1

    Known Major Issues

    • Kubernetes Cluster Distributions:
      • RKE:
        • Rotating encryption keys with a custom encryption provider is not supported. See #30539.
        • RKE v1.3.10-v1.3.13 in Rancher v2.6.7-v2.6.8 removes user addons during an upgrade before redeploying them. This causes issues with RKE1 cluster upgrades if user addons template has cattle-* or other system namespaces. See #38749 for more details.
      • RKE1 - Windows:
        • OPA Gatekeeper gets stuck when uninstalled. See #37029.
      • RKE2:
        • Amazon ECR Private Registries are not functional. See #33920.
        • When provisioning using an RKE2 cluster template, the rootSize for AWS EC2 provisioners does not currently take an integer when it should, and an error is thrown. To work around this issue, wrap the EC2 rootSize in quotes. See Dashboard #3689.
        • RKE2 node driver cluster gets stuck in provisioning state after an upgrade to v2.6.4 and rollback to v2.6.3. See #36859.
        • RKE2 node driver cluster has its nodes redeployed when upgrading Rancher from v2.6.3 to v2.6.4. See #36627.
        • The communication between the ingress controller and the pods doesn't work when you create an RKE2 cluster with Cilium as the CNI and activate project network isolation. See documentation and #34275.
      • RKE2 - Windows:
        • OPA Gatekeeper gets stuck when uninstalled. See #37029.
        • In v2.6.5, v1.21.x of RKE2 will remain experimental and unsupported for RKE2 Windows. End users should not use v1.21.x of RKE2 for any RKE2 cluster that will have Windows worker nodes. This is due to an upstream Calico bug that was not backported to the minor version of Calico (3.19.x) that is present in v1.21.x of RKE2. See #131.
        • CSI Proxy for Windows will now work in an air-gapped environment.
        • NodePorts do not work on Windows Server 2022 in RKE2 clusters due to a Windows kernel bug. See #159.
        • When upgrading Windows nodes in RKE2 clusters via the Rancher UI, Windows worker nodes will require a reboot after the upgrade is completed. See #37645.
      • AKS:
        • When editing or upgrading the AKS cluster, do not make changes from the Azure console or CLI at the same time. These actions must be done separately. See #33561.
        • Windows node pools are not currently supported. See #32586.
        • Azure Container Registry-based Helm charts cannot be added in Cluster Explorer, but do work in the Apps feature of Cluster Manager. Note that when using a Helm chart repository, the disableSameOriginCheck setting controls when credentials are attached to requests. See documentation and #34584 for more information.
      • GKE:
        • Basic authentication must be explicitly disabled in GCP before upgrading a GKE cluster to 1.19+ in Rancher. See #32312.
        • Provisioning K8s 1.23+ GKE clusters with the default option of "Container-Optimized OS with Docker" for "Image Type" fails due to GKE no longer supporting Docker-based images per GKE documentation. Please use containerd-based images instead. See #38743.
      • AWS:
        • On RHEL8.4 SELinux in AWS AMI, Kubernetes v1.22 fails to provision on AWS. As Rancher will not install RPMs on the nodes, users may work around this issue either by using AMI with this package already installed, or by installing AMI via cloud-init. Users will encounter this issue on upgrade to v1.22 as well. When upgrading to 1.22, users must manually upgrade/install the rancher-selinux package on all the nodes in the cluster, then upgrade the Kubernetes version. See #36509.
    • Infrastructures:
      • vSphere:
        • PersistentVolumes are unable to mount to custom vSphere hardened clusters using CSI charts. See #35173.
      • Oracle:
        • Kubernetes 1.24 clusters fail to reach an Active state using Oracle Linux 8.4. See #38214.
    • Harvester:
      • Upgrades from Harvester v0.3.0 are not supported.
      • Deploying Fleet to Harvester clusters is not yet supported. Clusters, whether Harvester or non-Harvester, imported using the Virtualization Management page will result in the cluster not being listed on the Continuous Delivery page. See #35049.
    • Cluster Tools:
      • Fleet:
        • Multiple fleet-agent pods may be created and deleted during initial downstream agent deployment; rather than just one. This resolves itself quickly, but is unintentional behavior. See #33293.
      • Hardened clusters:
        • Not all cluster tools can currently be installed on a hardened cluster.
      • Rancher Backup:
        • When migrating to a cluster with the Rancher Backup feature, the server-url cannot be changed to a different location. It must continue to use the same URL.
        • When running a newer version of the rancher-backup app to restore a backup made with an older version of the app, the resourceSet named rancher-resource-set will be restored to an older version that might be different from the one defined in the current running rancher-backup app. The workaround is to edit the rancher-backup app to trigger a reconciliation. See #34495.
        • Because Kubernetes v1.22 drops the apiVersion apiextensions.k8s.io/v1beta1, trying to restore an existing backup file into a v1.22 cluster will fail because the backup file contains CRDs with the apiVersion v1beta1. There are two options to work around this issue: update the default resourceSet to collect the CRDs with the apiVersion v1, or update the default resourceSet and the client to use the new APIs internally. See documentation and #34154.
      • Monitoring:
        • Deploying Monitoring on a Windows cluster with win_prefix_path set requires users to deploy Rancher Wins Upgrader to restart wins on the hosts to start collecting metrics in Prometheus. See #32535.
      • Logging:
        • Windows nodeAgents are not deleted when performing helm upgrade after disabling Windows logging on a Windows cluster. See #32325.
      • Istio Versions:
        • Istio 1.12 and below do not work on Kubernetes 1.23 clusters. To use the Istio charts, please do not update to Kubernetes 1.23 until the next charts' release.
        • Istio 1.5 is not supported in air-gapped environments. Please note that the Istio project has ended support for Istio 1.5.
        • Istio 1.9 support ended on October 8th, 2021.
        • Deprecated resources are not automatically removed and will cause errors during upgrades. Manual steps must be taken to migrate and/or cleanup resources before an upgrade is performed. See #34699.
        • Applications injecting Istio sidecars, fail on SELinux RHEL 8.4 enabled clusters. A temporary workaround for this issue is to run the following command on each cluster node before creating a cluster: mkdir -p /var/run/istio-cni && semanage fcontext -a -t container_file_t /var/run/istio-cni && restorecon -v /var/run/istio-cni. See #33291.
      • Legacy Monitoring:
        • The Grafana instance inside Cluster Manager's Monitoring is not compatible with Kubernetes v1.21. To work around this issue, disable the BoundServiceAccountTokenVolume feature in Kubernetes v1.21 and above. Note that this workaround will be deprecated in Kubernetes v1.22. See #33465.
        • In air gapped setups, the generated rancher-images.txt that is used to mirror images on private registries does not contain the images required to run Legacy Monitoring which is compatible with Kubernetes v1.15 clusters. If you are running Kubernetes v1.15 clusters in an air gapped environment, and you want to either install Legacy Monitoring or upgrade Legacy Monitoring to the latest that is offered by Rancher for Kubernetes v1.15 clusters, you will need to take one of the following actions:
          • Upgrade the Kubernetes version so that you can use v0.2.x of the Monitoring application Helm chart.
          • Manually import the necessary images into your private registry for the Monitoring application to use.
        • When deploying any downstream cluster, Rancher logs errors that seem to be related to Monitoring even when Monitoring is not installed onto either cluster; specifically, Rancher logs that it failed on subscribe to the Prometheus CRs in the cluster because it is unable to get the resource prometheus.meta.k8s.io. These logs appear in a similar fashion for other Prometheus CRs (namely Alertmanager, ServiceMonitors, and PrometheusRules), but do not seem to cause any other major impact in functionality. See #32978.
        • Legacy Monitoring does not support Kubernetes v1.22 due to the feature-gates flag no longer being supported. See #35574.
        • After performing an upgrade to Rancher v2.6.3 from v2.6.2, the Legacy Monitoring custom metric endpoint stops working. To work around this issue, delete the service that is being targeted by the servicemonitor and allow it to be recreated; this will reload the pods that need to be targeted on a service sync. See #35790.
    • Docker Installations:
      • UI issues may occur due to a longer startup time. User will receive an error message when launching Docker for the first time #28800, and user is directed to username/password screen when accessing the UI after a Docker install of Rancher. See #28798.
      • On a Docker install upgrade and rollback, Rancher logs will repeatedly display the messages "Updating workload ingress-nginx/nginx-ingress-controller" and "Updating service frontend with public endpoints". Ingresses and clusters are functional and active, and logs resolve eventually. See #35798.
      • Rancher single node wont start on Apple M1 devices with Docker Desktop 4.3.0 or newer. See #35930.
    • Rancher UI:
      • After installing an app from a partner chart repo, the partner chart will upgrade to feature charts if the chart also exists in the feature charts default repo. See #5655.
      • In some instances under Users and Authentication, no users are listed and clicking Create to create a new user does not display the entire form. To work around this when encountered, perform a hard refresh to be able to log back in. See #37531.
      • Deployment securityContext section is missing when a new workload is created. This prevents pods from starting when Pod Security Policy Support is enabled. See #4815.
    • Legacy UI:
      • When using the Rancher v2.6 UI to add a new port of type ClusterIP to an existing Deployment created using the legacy UI, the new port will not be created upon saving. To work around this issue, repeat the procedure to add the port again. Users will notice the Service Type field will display as Do not create a service. Change this to ClusterIP and upon saving, the new port will be created successfully during this subsequent attempt. See #4280.
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(740 bytes)
    rancher-data.json(3.47 MB)
    rancher-images-digests-linux-amd64.txt(62.25 KB)
    rancher-images-digests-linux-arm64.txt(46.65 KB)
    rancher-images-digests-linux-s390x.txt(44.92 KB)
    rancher-images-digests-windows-1809.txt(2.07 KB)
    rancher-images-digests-windows-ltsc2022.txt(2.07 KB)
    rancher-images-sources.txt(30.59 KB)
    rancher-images.txt(21.93 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(862 bytes)
    rancher-mirror-to-rancher-org.sh(27.87 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(138 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(941 bytes)
    rancher-windows-images.txt(622 bytes)
    sha256sum.txt(1.31 KB)
  • v2.6.7-rc10(Aug 18, 2022)

    Images with -rc

    rancher/rancher v2.6.7-rc10 rancher/rancher-agent v2.6.7-rc10 rancher/rancher-runtime v2.6.7-rc10

    Components with -rc

    Min version components with -rc

    RKE Kubernetes versions

    v1.18.20-rancher1-3 v1.19.16-rancher1-6 v1.20.15-rancher2-2 v1.21.14-rancher1-1 v1.22.11-rancher1-1 v1.23.8-rancher1-1 v1.24.2-rancher1-1

    Chart/KDM sources

    • SYSTEM_CHART_DEFAULT_BRANCH: release-v2.6 (scripts/package)
    • CHART_DEFAULT_BRANCH: release-v2.6 (scripts/package)
    • SYSTEM_CHART_DEFAULT_BRANCH: release-v2.6 (package/Dockerfile)
    • CHART_DEFAULT_BRANCH: release-v2.6 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: release-v2.6 (package/Dockerfile)
    • CATTLE_KDM_BRANCH: release-v2.6 (Dockerfile.dapper)
    • KDMBranch: release-v2.6 (pkg/settings/setting.go)
    • ChartDefaultBranch: release-v2.6 (pkg/settings/setting.go)
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(837 bytes)
    rancher-data.json(3.47 MB)
    rancher-images-digests-linux-amd64.txt(62.26 KB)
    rancher-images-digests-linux-arm64.txt(46.66 KB)
    rancher-images-digests-linux-s390x.txt(44.93 KB)
    rancher-images-digests-windows-1809.txt(2.07 KB)
    rancher-images-digests-windows-ltsc2022.txt(2.07 KB)
    rancher-images-sources.txt(30.61 KB)
    rancher-images.txt(21.95 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(867 bytes)
    rancher-mirror-to-rancher-org.sh(27.89 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(138 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(946 bytes)
    rancher-windows-images.txt(627 bytes)
    sha256sum.txt(1.31 KB)
  • v2.5.16(Aug 18, 2022)

    Release v2.5.16

    It is important to review the Install/Upgrade Notes below before upgrading to any Rancher version.

    Security Fixes for Rancher Vulnerabilities

    This release addresses three critical severity security issues found in Rancher:

    • Fixed an issue where sensitive fields like passwords, API keys, and Rancher's service account token were stored as plaintext on Kubernetes objects. Any user with read access to those objects in the Kubernetes API could retrieve the plaintext version of those sensitive data. For more information, see CVE-2021-36782.

    • Improved the sanitization (removal) of credentials from cluster template answers. Failure to sanitize data can lead to plaintext storage and exposure of credentials, passwords, and API tokens. For more information, see CVE-2021-36783.

    • Fixed an authorization logic flaw that allowed privilege escalation in downstream clusters through cluster role template binding (CRTB) and project role template binding (PRTB). For more information, see CVE-2022-31247.

    For more details, see the Security Advisories page.

    Features and Enhancements

    Azure Active Directory API Migration

    Microsoft has deprecated the Azure AD Graph API that Rancher had been using for authentication via Azure AD. A configuration update is necessary to make sure users can still use Rancher with Azure AD. See the docs and #37228 for details.

    • Limitations
      • Attempts to log in will fail after rolling back a Docker install of Rancher if the following conditions have occurred:

        • Azure AD is enabled.
        • Before the rollback, admins committed to the Azure AD configuration update.

        This is because the Azure AD endpoints will not be rolled back if the rollback is not performed via the backup-restore operator. If you want to roll back Rancher to use the old Azure AD Graph API without using the backup-restore operator, follow this workaround to edit the AzureAD authconfig resource stored in the local cluster's database. The old Azure AD Graph API endpoints will not be rolled back on a Rancher rollback. See #38025.

    • Other
      • Multi-factor authentication (MFA) now works with the Azure AD auth provider. Some Rancher setups might have had MFA enabled in Azure from before, but Rancher wasn't working with it correctly. Be aware that on upgrade, if MFA is enabled for the Azure app, Rancher will require additional verification. See #38028.
      • Before starting the migration process or enabling Azure AD for the first time in v2.6.7+, ensure that you add the Azure app registration's permissions of type Application and NOT Delegated for Microsoft Graph. Otherwise, you may not be able to login to Azure AD. This issue will persist even after you disable/re-enable Azure AD and will require an hour wait, or manual deletion of a cache value to resolve.

    Major Bug Fixes

    • Prior to v2.5.16, if S3 or other kinds of credentials were added to a cluster after it was already created, the reference to the secret containing the credentials was lost because the cluster status cannot updated through the API. The references are now moved to the cluster Spec so that they can be updated added after creation. To repair a cluster after a upgrade to v2.5.16, edit the cluster and change the etcd snapshot configuration back to local and save it, then edit again to configure S3 snapshots again. See #38397.
    • Fixed a bug that overloaded the downstream Kubernetes API server when the Cluster Explorer dashboard was left open to a page for a downstream cluster for over 30 minutes and would start rapidly opening and closing watch requests perpetually. See #37986.
    • Fixed an issue where issues in a downstream cluster would cause a controller to frequently restart and eventually lead to a Goroutine leak. See #37965.
    • Updated an internal download link that was causing upgrades to fail. See #37859.
    • Increased entropy of CSRF (cross-site request forgery) token. See #15 and #419.

    Install/Upgrade Notes

    If you are installing Rancher for the first time, your environment must fulfill the installation requirements.

    Upgrade Requirements

    • Creating backups:
      • We strongly recommend creating a backup before upgrading Rancher. To roll back Rancher after an upgrade, you must back up and restore Rancher to the previous Rancher version. Because Rancher will be restored to its state when a backup was created, any changes post upgrade will not be included after the restore. For more information, see the documentation on backing up Rancher.
    • Helm version:
      • Rancher install or upgrade must occur with Helm 3.2.x+ due to the changes with the latest cert-manager release. See #29213.
    • Kubernetes version:
      • The local Kubernetes cluster for the Rancher server should be upgraded to Kubernetes 1.17+ before installing Rancher 2.5+.
    • CNI requirements:
      • For Kubernetes v1.19 and newer, we recommend disabling firewalld as it has been found to be incompatible with various CNI plugins. See #28840.
      • If upgrading or installing to a Linux distribution that uses nf_tables as the backend packet filter, such as SLES 15, RHEL 8, Ubuntu 20.10, Debian 10, or newer, users should upgrade to RKE1 v1.19.2 or later to get Flannel version v0.13.0 that supports nf_tables. See Flannel #1317.
      • For users upgrading from >=v2.4.4 to v2.5.x with clusters where ACI CNI is enabled, note that upgrading Rancher will result in automatic cluster reconciliation. This is applicable for Kubernetes versions v1.17.16-rancher1-1, v1.17.17-rancher1-1, v1.17.17-rancher2-1, v1.18.14-rancher1-1, v1.18.15-rancher1-1, v1.18.16-rancher1-1, and v1.18.17-rancher1-1. Please refer to the workaround BEFORE upgrading to v2.5.x. See #32002.
    • Requirements for air-gapped environments:
      • For installing or upgrading Rancher in an air-gapped environment, please add the flag --no-hooks to the helm template command to skip rendering files for Helm's hooks. See #3226.
      • If using a proxy in front of an air-gapped Rancher, you must pass additional parameters to NO_PROXY. See the documentation and #2725.
    • Cert-manager version requirements:
      • Recent changes to cert-manager require an upgrade if you have a high-availability install of Rancher using self-signed certificates. If you are using cert-manager older than v0.9.1, please see the documentation for information on how to upgrade cert-manager.
    • Requirements for Docker installs:
      • When starting the Rancher Docker container, the privileged flag must be used. See the documentation.
      • When installing in an air-gapped environment, you must supply a custom registries.yaml file to the docker run command as shown in the K3s documentation. If the registry has certs, then you will need to also supply those. See #28969.
      • When upgrading a Docker installation, a panic may occur in the container, which causes it to restart. After restarting, the container comes up and works as expected. See #33685.
    • RKE requirements:
      • For users upgrading from <=v2.4.8 (<= RKE v1.1.6) to v2.4.12+ (RKE v1.1.13+)/v2.5.0+ (RKE v1.2.0+), please note that Edit and Save cluster (even with no changes or a trivial change like cluster name) will result in cluster reconciliation and upgrading kube-proxy on all nodes because of a change in kube-proxy binds. This only happens on the first edit, and later edits shouldn't affect the cluster. See #32216.
    • EKS requirements:
      • There was a setting for Rancher versions prior to 2.5.8 that allowed users to configure the length of refresh time in cron format: eks-refresh-cron. That setting is now deprecated and has been migrated to a standard seconds format in a new setting: eks-refresh. If previously set, the migration will happen automatically. See #31789.
    • Fleet-agent:
      • When upgrading <=v2.5.7 to >=v2.5.8, you may notice that in Apps & Marketplace, there is a fleet-agent release stuck at uninstalling. This is caused by migrating fleet-agent release name. It is safe to delete fleet-agent release as it is no longer used, and doing so should not delete the real fleet-agent deployment since it has been migrated. See #362.

    Rancher Behavior Changes

    • Upgrades and Rollbacks:
      • Rancher supports both upgrade and rollback. Please note the version you would like to upgrade or roll back to change the Rancher version.
      • Please be aware when upgrading to v2.3.0+, any edits to a Rancher-launched Kubernetes cluster will cause all system components to restart due to added tolerations to Kubernetes system components. Plan accordingly.
      • Recent changes to cert-manager require an upgrade if you have an HA install of Rancher using self-signed certificates. If you are using cert-manager older than v0.9.1, please see the documentation on how to upgrade cert-manager.
      • Existing GKE clusters and imported clusters will continue to operate as is. Only new creations and registered clusters will use the new full lifecycle management.
      • The process to roll back Rancher has been updated for versions v2.5.0 and above. Refer to the documentation for the new instructions.
    • Important:
      • When rolling back, we are expecting you to roll back to the state at the time of your upgrade. Any changes post-upgrade would not be reflected.
    • The local cluster can no longer be turned off:
      • In older Rancher versions, the local cluster could be hidden to restrict admin access to the Rancher server's local Kubernetes cluster, but that feature has been deprecated. The local Kubernetes cluster can no longer be hidden and all admins will have access to the local cluster. If you would like to restrict permissions to the local cluster, there is a new restricted-admin role that must be used. Access to the local cluster can now be disabled by setting hide_local_cluster to true from the v3/settings API. See the documentation and #29325. For more information on upgrading from Rancher with a hidden local cluster, see the documentation.

    Versions

    Please refer to the README for latest and stable versions.

    Please review our version documentation for more details on versioning and tagging conventions.

    Images

    • rancher/rancher:v2.5.16
    • rancher/rancher-agent:v2.5.16

    Tools

    Kubernetes Versions

    • 1.20.15 (Default)
    • 1.19.16
    • 1.18.20
    • 1.17.17

    Other Notes

    Deprecated Features

    |Feature | Justification | |---|---| |Cluster Manager - Rancher Monitoring | Monitoring in Cluster Manager UI has been replaced with a new monitoring chart available in the Apps & Marketplace in Cluster Explorer. | |Cluster Manager - Rancher Alerts and Notifiers| Alerting and notifiers functionality is now directly integrated with a new monitoring chart available in the Apps & Marketplace in Cluster Explorer. | |Cluster Manager - Rancher Logging | Functionality replaced with a new logging solution using a new logging chart available in the Apps & Marketplace in Cluster Explorer. | |Cluster Manager - MultiCluster Apps| Deploying to multiple clusters is now recommended to be handled with Rancher Continuous Delivery powered by Fleet available in Cluster Explorer.| |Cluster Manager - Kubernetes CIS 1.4 Scanning| Kubernetes CIS 1.5+ benchmark scanning is now replaced with a new scan tool deployed with a cis benchmarks chart available in the Apps & Marketplace in Cluster Explorer. | |Cluster Manager - Rancher Pipelines| Git-based deployment pipelines is now recommend to be handled with Rancher Continuous Delivery powered by Fleet available in Cluster Explorer. | |Cluster Manager - Istio v1.5| The Istio project has ended support for Istio 1.5 and has recommended all users upgrade. Newer Istio versions are now available as a chart in the Apps & Marketplace in Cluster Explorer. | |Cluster Manager - Provision Kubernetes v1.16 Clusters | We have ended support for Kubernetes v1.16. Cluster Manager no longer provisions new v1.16 clusters. If you already have a v1.16 cluster, it is unaffected. |

    Experimental Features

    RancherD was introduced as part of Rancher v2.5.4 through v2.5.10 as an experimental feature but is now deprecated. See #33423.

    Duplicated Features in Cluster Manager and Cluster Explorer

    • Only one version of the feature may be installed at any given time due to potentially conflicting CRDs.
    • Each feature should only be managed by the UI that it was deployed from.
    • If you have installed a feature in Cluster Manager, you must uninstall it in Cluster Manager before attempting to install the new version in Cluster Explorer dashboard.

    Cluster Explorer Feature Caveats and Upgrades

    • General:
      • Not all new features are currently installable on a hardened cluster.
      • New features are expected to be deployed using the Helm 3 CLI and not with the Rancher CLI.
    • UI Shell:
      • After closing the shell in the Rancher UI, be aware that the corresponding processes remain running indefinitely for each shell in the pod. See #16192.
    • Continuous Delivery:
      • Restricted admins are not able to create git repos from the Continuous Delivery option under Cluster Explorer; the screen will become stuck in a loading status. See #4909.
    • Rancher Backup:
      • When migrating to a cluster with the Rancher Backup feature, the server-url cannot be changed to a different location; it must continue to use the same URL.
    • Monitoring:
      • Monitoring sometimes errors on installation because it can't identify CRDs. See #29171.
    • Istio:
      • Be aware that when upgrading from Istio v1.7.4 or earlier to any later version, there may be connectivity issues. See upgrade notes and #31811.
      • Starting in v1.8.x, DNS is supported natively. This means that the additional addon component istioCoreDNS is deprecated in v1.8.x and is not supported in v1.9x. If you are upgrading from v1.8.x to v1.9.x and you are using the istioCoreDNS addon, it is recommended that you disable it and switch to the natively supported DNS prior to upgrade. If you upgrade without disabling it, you will need to manually clean up your installation as it will not get removed automatically. See #31761 and #31265.
      • Istio v1.10 and earlier versions are now End-of-life but are required for the upgrade path in order to not skip a minor version. See #33824.

    Cluster Manager Feature Caveats and Upgrades

    • GKE:
      • Basic authentication must be explicitly disabled in GCP before upgrading a GKE cluster to 1.19+ in Rancher. See #32312.
      • When creating GKE clusters in Terraform, the labels field cannot be empty: at least one label must be set. See #32553.
    • EKS & GKE:
      • When creating EKS and GKE clusters in Terraform, string fields cannot be set to empty. See #32440.

    Known Major Issues

    • Kubernetes Cluster Distributions
      • RKE:
        • Rotating encryption keys with a custom encryption provider is not supported. See #30539.
        • After migrating from the in-tree vSphere cloud provider to the out-of-tree cloud provider, attempts to upgrade the cluster will not complete. This is due to nodes containing workloads with bound volumes before the migration failing to drain. Users will observe these nodes stuck in a draining state. Follow this workaround to continue with the upgrade. See #35102.
      • AKS:
        • AKS Kubernetes versions 1.20 and earlier have reached end of life. As Rancher v2.5 does not support Kubernetes greater than 1.20, it is not possible to provision new downstream AKS clusters. See #38406.
        • Azure Container Registry-based Helm charts cannot be added in Cluster Explorer but do work in the Apps feature of Cluster Manager. Note that when using a Helm chart repository, the disableSameOriginCheck setting controls when credentials are attached to requests. See documentation and #35940 for more information.
    • Cluster Tools
      • Hardened clusters:
        • Not all cluster tools can currently be installed on a hardened cluster.
      • Monitoring:
        • Deploying Monitoring V2 on a Windows cluster with win_prefix_path set requires users to deploy Rancher Wins Upgrader to restart wins on the hosts to start collecting metrics in Prometheus. See #32535.
        • Monitoring V2 fails to scrape ingress-nginx pods on any nodes except for the one Prometheus is deployed on, if the security group used by worker nodes blocks incoming requests to port 10254. The workaround for this issue is to open up port 10254 on all hosts. See #32563.
      • Logging:
        • Logging (Cluster Explorer): Windows nodeAgents are not deleted when performing Helm upgrade after disabling Windows logging on a Windows cluster. See #32325.
      • Istio versions:
        • Istio v1.5 is not supported in air-gapped environments. Please note that the Istio project has ended support for Istio v1.5.
        • Istio v1.10 support ended on January 7th, 2022.
      • Legacy Monitoring:
        • In air-gapped setups, the generated rancher-images.txt that is used to mirror images on private registries does not contain the images required to run Legacy Monitoring, also called Monitoring V1, which is compatible with Kubernetes 1.15 clusters. If you are running Kubernetes 1.15 clusters in an air-gapped environment, and you want to either install Monitoring V1 or upgrade Monitoring V1 to the latest that is offered by Rancher for Kubernetes 1.15 clusters, you will need to take one of the following actions:
          • Upgrade the Kubernetes version so that you can use v0.2.x of the Monitoring application Helm chart.
          • Manually import the necessary images into your private registry for the Monitoring application to use.
      • Installation requirements:
        • Importing a Kubernetes v1.21 cluster might not work properly and is unsupported.
      • Backup and Restore:
        • Reinstalling Rancher 2.5.x on the same cluster may fail due to a lingering rancher.cattle.io. MutatingWebhookConfiguration object from a previous installation. Manually deleting it will resolve the issue.
      • Docker installs:
        • UI issues may occur due to a longer startup time.
        • Users may receive an error message when logging in for the first time. See #28800.
        • Users may be redirected to the login screen before a password and default view have been set. See #28798.
    Source code(tar.gz)
    Source code(zip)
    rancher-components.txt(184 bytes)
    rancher-images-digests-linux-amd64.txt(23.21 KB)
    rancher-images-digests-linux-arm64.txt(20.23 KB)
    rancher-images-digests-windows-1809.txt(1.90 KB)
    rancher-images-digests-windows-2004.txt(1.90 KB)
    rancher-images-sources.txt(11.81 KB)
    rancher-images.txt(7.58 KB)
    rancher-load-images.ps1(2.58 KB)
    rancher-load-images.sh(3.45 KB)
    rancher-mirror-to-rancher-org.ps1(763 bytes)
    rancher-mirror-to-rancher-org.sh(9.89 KB)
    rancher-namespace.yaml(62 bytes)
    rancher-rke-k8s-versions.txt(80 bytes)
    rancher-save-images.ps1(2.12 KB)
    rancher-save-images.sh(1.31 KB)
    rancher-windows-images-sources.txt(854 bytes)
    rancher-windows-images.txt(547 bytes)
    rancherd-amd64(152.05 MB)
    rancherd-amd64.tar.gz(40.89 MB)
    sha256sum.txt(1.39 KB)
Generate random, pronounceable, sometimes even memorable, "superhero like" codenames - just like Docker does with container names.

Codename an RFC1178 implementation to generate pronounceable, sometimes even memorable, "superheroe like" codenames, consisting of a random combinatio

Luca Sepe 83 Oct 23, 2022
Monitoring Go application inside docker container by InfluxDB, Telegraf, Grafana

REST API for TreatField app Docker compose for TIG and Golang simple app: https://github.com/tochytskyi/treatfield-api/blob/main/docker-compose.yml Gr

Volodymyr Tochytskyi 0 Nov 6, 2021
Generic-list-go - Go container/list but with generics

generic-list-go Go container/list but with generics. The code is based on contai

Arne Bahlo 6 Oct 13, 2022
literature management for bio programmers

literature management for bio programmers

latch.ai 51 Oct 24, 2022
An unified key management system to make life easier.

Safebox An unified key management system to make life easier. The main goal of safebox is to make key backup easier with single main key to derive the

xtaci 54 Nov 15, 2022
Transaction management tool for taxable investments

Market Lot Robot Transaction management tool for taxable investments. How it works Run the web socket server with the following command: go run . Visi

theoperator.eth 0 Oct 19, 2021
Small proof of concept project to try temporal.io with Dispatch Incident Management from Netflix.

temporal-dispatch-poc Small POC project to try out the Temporal workflow engine together with Netflix's Dispatch Incident Management System. Supported

Jørgen 1 Nov 12, 2021
🕕Todo management through emails

??Todo management through emails

Changkun Ou 2 Nov 15, 2021
Product Lifecycle Management (PLM) in Git

Product Lifecycle Management (PLM) in Git. This repo contains a set of best practices and an application that is used to manage information needed to

Git PLM 18 Nov 23, 2022
Golang-module-references - A reference for how to setup a Golang project with modules - Task Management + Math Examples

Golang Module Project The purpose of this project is to act as a reference for setting up future Golang projects using modules. This project has a mat

Bob Bass 0 Jan 2, 2022