Rancher Release v2.4.18

Release v2.4.18

This release concludes support for Rancher 2.4. Please upgrade to a newer version of Rancher for continued support.

Changes in this Release

Security Fixes for Rancher Vulnerabilities

This release addresses security issues found in Rancher:

  • Improved authorization check to delete orphaned role bindings and properly revoke project level access from group based authentication. Fixes CVE-2021-36775.

For more details, see the security advisories page.

Important Notes

  • Kubernetes 1.18 is now the default version [#25117] - Kubernetes 1.18 is now the default version. Whenever upgrading to any Kubernetes version, please review the Kubernetes release notes for any breaking changes.
  • Users using a single Docker container install - Etcd in the Docker container has been upgraded from 3.3 to 3.4, therefore you must take a backup before upgrading in order to be able to roll back to a v2.3.x release. You will not be able to rollback without this backup.

  • Users using node pools with RHEL/CentOS nodes [#18065]: The default storage driver for RHEL/CentOS nodes has been updated to overlay2. If your node template does not specify a storage driver, any new node will be provisioned using the new updated default (overlay) instead of the old default (devicemapper). If you need to keep using devicemapper as your storage driver option, edit your node template to explicitly set the storage driver as devicemapper.

  • Users running Windows clusters [#25582] - Windows has launched a security patch as of Feb 11. Before upgrading, please update your nodes to include this security patch, otherwise your upgrade will fail until the patch is applied.

  • Rancher launched clusters require additional 500MB space - By default, Rancher launched clusters have enabled audit logging on the cluster.

  • Rancher launched Kubernetes clusters behavior of upgrades have changed [#23897] - Worker nodes are now upgraded in batches. Please refer to the RKE documentation about how to upgrade clusters without downtime for applications.

  • Restrict Kubernetes versions in Rancher helm chart to versions less than 1.20.0 [#30746] - This restriction was added to prevent Rancher from being installed on incompatible versions of Kubernetes.

Versions

Please refer to the README for latest and stable versions.

Please review our version documentation for more details on versioning and tagging conventions.

Air Gap Installations and Upgrades

In v2.4.0, an air gap installation no longer requires mirroring the systems chart git repo. Please follow the directions on how to install Rancher to use the packaged systems chart.

Known Major Issues

  • When using monitoring with persistent storage for Grafana enabled, upgrading monitoring causes the pod to fail to start. Workaround steps are provided in the issue. [#27450]
  • When using monitoring, upgrading Kubernetes versions removes the “API Server Request Rate” metric [#27267]
  • When a new chart version is added to a helm 3 catalog, the upgrade process can default to helm 2, causing an api error. Workaround in issue. [27252]

Versions

Images

  • rancher/rancher:v2.4.18
  • rancher/rancher-agent:v2.4.18

Tools

Kubernetes Versions

  • 1.18.20 (Default)
  • 1.17.17
  • 1.16.15
  • 1.15.12

Upgrades and Rollbacks

Rancher supports both upgrade and rollback. Please note the version you would like to upgrade or rollback to change the Rancher version.

Please be aware that upon an upgrade to v2.3.0+, any edits to a Rancher launched Kubernetes cluster will cause all system components to restart due to added tolerations to Kubernetes system components. Plan accordingly.

Recent changes to cert-manager require an upgrade if you have an HA install of Rancher using self-signed certificates. If you are using cert-manager older than v0.9.1, please see the documentation on how to upgrade cert-manager.

Important: When rolling back, we are expecting you to rollback to the state at the time of your upgrade. Any changes post upgrade would not be reflected.