Update Kubernetes updates (patch)
This MR contains the following updates:
| Package | Update | Change |
|---|---|---|
| kubernetes/kubernetes | patch |
1.29.13 -> 1.29.15
|
| kubernetes/kubernetes | patch |
1.30.9 -> 1.30.11
|
| kubernetes/kubernetes | patch |
1.31.5 -> 1.31.7
|
| rancher/rke2 | patch |
1.29.13+rke2r1 -> 1.29.15+rke2r1
|
| rancher/rke2 | patch |
1.30.9+rke2r1 -> 1.30.11+rke2r1
|
| rancher/rke2 | patch |
1.31.5+rke2r1 -> 1.31.7+rke2r1
|
Release Notes
kubernetes/kubernetes (kubernetes/kubernetes)
v1.29.15: Kubernetes v1.29.15
See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.
See the CHANGELOG for more details.
v1.29.14: Kubernetes v1.29.14
See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.
See the CHANGELOG for more details.
rancher/rke2 (rancher/rke2)
v1.29.15+rke2r1: v1.29.15+rke2r1
This release updates Kubernetes to v1.29.15, and upgrades rke2-ingress-nginx to controller v1.12.1-hardened1 (chart version 4.12.1). This addresses CVE-2025-1974 as well as all other recently announced vulnerabilities in ingress-nginx.
Important Note
If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.
You may retrieve the token value from any server already joined to the cluster:
cat /var/lib/rancher/rke2/server/tokenChanges since v1.29.14+rke2r1:
- Bump ingress-nginx to hardened10 (#7888)
- Backports for 2025-03 (#7893)
- Chart update backport for 1.29 (#7902)
- Bump K3s for apiserver addresses fix (#7915)
- Update k8s (#7924)
- Bump ingress-nginx to v1.12.1-hardened1, chart to 4.12.1 (#7962)
Charts Versions
| Component | Version |
|---|---|
| rke2-cilium | 1.17.100 |
| rke2-canal | v3.29.2-build2025030601 |
| rke2-calico | v3.29.200 |
| rke2-calico-crd | v3.29.101 |
| rke2-coredns | 1.39.100 |
| rke2-ingress-nginx | 4.12.100 |
| rke2-metrics-server | 3.12.200 |
| rancher-vsphere-csi | 3.3.1-rancher900 |
| rancher-vsphere-cpi | 1.9.100 |
| harvester-cloud-provider | 0.2.900 |
| harvester-csi-driver | 0.1.2300 |
| rke2-snapshot-controller | 4.0.002 |
| rke2-snapshot-controller-crd | 4.0.002 |
| rke2-snapshot-validation-webhook | 0.0.0 |
Packaged Component Versions
| Component | Version |
|---|---|
| Kubernetes | v1.29.15 |
| Etcd | v3.5.19-k3s1 |
| Containerd | v1.7.26-k3s1 |
| Runc | v1.2.5 |
| Metrics-server | v0.7.2 |
| CoreDNS | v1.12.0 |
| Ingress-Nginx | v1.12.1-hardened1 |
| Helm-controller | v0.15.16 |
Available CNIs
| Component | Version | FIPS Compliant |
|---|---|---|
| Canal (Default) |
Flannel v0.26.5 Calico v3.29.2 |
Yes |
| Calico | v3.29.2 | No |
| Cilium | v1.17.1 | No |
| Multus | v4.1.4 | No |
Helpful Links
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our Slack channel
- Check out our documentation for guidance on how to get started.
v1.29.14+rke2r1: v1.29.14+rke2r1
This release updates Kubernetes to v1.29.14.
Important Note
If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.
You may retrieve the token value from any server already joined to the cluster:
cat /var/lib/rancher/rke2/server/tokenChanges since v1.29.13+rke2r1:
- Update to cilium
v1.16.6(#7683) - Charts: bump Harvester CSI Driver v0.1.23 (#7670)
- Enhance the Harvester CSI controller affinity/anti-affinity
- Update cilium to v1.17.0 (#7711)
- Bump canal, flannel and multus charts (#7715)
- Update Calico and Canal to v3.29.2 (#7727)
- Bump vsphere CSI to v3.3.1-rancher9 (#7733)
- Bump k3s, traefik, etcd, crictl (#7741)
- Update k3s to fix registry auth in containerd config template
- Update etcd to v3.5.18
- Update crictl to v1.32.0
- Update rke2-ingress-nginx chart to fix typo in default backend image template
- Update to v1.29.14 and Go to 1.22.12 (#7757)
- Bump ingress-nginx to v1.12.0-hardened6 (#7776)
- Bump canal and flannel images to build20250218 (#7790)
- Sync images to Prime registry (#7802)
- Bump K3s version for release-1.29 (#7807)
Charts Versions
| Component | Version |
|---|---|
| rke2-cilium | 1.17.000 |
| rke2-canal | v3.29.2-build2025021800 |
| rke2-calico | v3.29.200 |
| rke2-calico-crd | v3.29.101 |
| rke2-coredns | 1.36.102 |
| rke2-ingress-nginx | 4.12.005 |
| rke2-metrics-server | 3.12.200 |
| rancher-vsphere-csi | 3.3.1-rancher900 |
| rancher-vsphere-cpi | 1.9.100 |
| harvester-cloud-provider | 0.2.900 |
| harvester-csi-driver | 0.1.2300 |
| rke2-snapshot-controller | 4.0.002 |
| rke2-snapshot-controller-crd | 4.0.002 |
| rke2-snapshot-validation-webhook | 0.0.0 |
Packaged Component Versions
| Component | Version |
|---|---|
| Kubernetes | v1.29.14 |
| Etcd | v3.5.18-k3s1 |
| Containerd | v1.7.23-k3s2 |
| Runc | v1.2.4 |
| Metrics-server | v0.7.2 |
| CoreDNS | v1.12.0 |
| Ingress-Nginx | v1.12.0-hardened6 |
| Helm-controller | v0.15.16 |
Available CNIs
| Component | Version | FIPS Compliant |
|---|---|---|
| Canal (Default) |
Flannel v0.26.4 Calico v3.29.2 |
Yes |
| Calico | v3.29.2 | No |
| Cilium | v1.17.0 | No |
| Multus | v4.1.4 | No |
Helpful Links
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our Slack channel
- Check out our documentation for guidance on how to get started.
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.