Rancher Release v2.4.0-alpha1 - Preview of CIS Scan

Release v2.4.0-alpha1


  • This is an alpha release of Rancher 2.4.0 and should only be used for evaluation purposes.

Note: When using Helm3 to install Rancher through HA, it can only be installed when specifying the version in the Helm3 command.

Features and Enhancements

  • CIS scanning of RKE clusters [#18600] Cluster owners can verify CIS benchmark conformance of RKE clusters. For every RKE cluster, users can initiate scans, view the history of previous scans and download reports of any scan that has completed. Within each scan, cluster owners can elect to skip tests if desired before initiating a scan.
  • Ability to create custom global roles [#16216] Administrators can create custom roles that can be set at a global level. These custom roles can be set as the default roles for any new user. In other words, when a new user logs in, they can be automatically assigned to a custom global role.
  • Ability to assign global roles to groups [#22707] Administrators can assign an identity provider (IDP) group to a global role. When using an external authentication provider, admins can leverage the groups that exist in the provider and assign a global role to them. When a user in the group logs in to Rancher, they will automatically be given permissions associated with any group that they are members. For example, admins can give admin permissions to a group instead of individually updating users to elevate their permissions.



  • rancher/rancher:v2.4.0-alpha1
  • rancher/rancher-agent:v2.4.0-alpha1



Upgrades and Rollbacks

Rancher supports both upgrade and rollback. Please note the version you would like to upgrade or rollback to change the Rancher version.

Please be aware that upon an upgrade to v2.3.0+, any edits to a Rancher launched Kubernetes cluster will cause all system components to restart due to added tolerations to Kubernetes system components. Plan accordingly.

Recent changes to cert-manager require an upgrade if you have an HA install of Rancher using self-signed certificates. If you are using cert-manager older than v0.9.1, please see the documentation on how to upgrade cert-manager.

Important: When rolling back, we are expecting you to rollback to the state at the time of your upgrade. Any changes post upgrade would not be reflected.