aggarwalakshun/public-k3s
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Update Helm release rancher to v2.11.3 #46

Merged
aggarwalakshun merged 1 commits from renovate/rancher-2.x into main 2025-06-26 10:57:51 +00:00
Conversation 0 Commits 1 Files Changed 1 +1 -1
aggarwalakshun commented 2025-06-26 00:04:01 +00:00
Owner
Copy Link

This PR contains the following updates:

Package Update Change
rancher (source) patch 2.11.2 -> 2.11.3

Release Notes

rancher/rancher (rancher)

v2.11.3

Compare Source

Release v2.11.3

Important: If you are using Active Directory Federation Service (AD FS) upgrading to Rancher v2.10.1 or later may cause issues with authentication caused by the AD FS Relying Party Trust not being able to pick up a signature verification certificate from the metadata, that requires manual intervention. This can be corrected by either trying to update Relying Party Trust information from federation metadata (Relying Party Trust -> Update from Federation Metadata...) or by directly adding the certificate (Relying Party Trust -> Properties -> Signature tab -> Add -> Select the certificate). For more information see #​48655.

Important: Rancher Kubernetes Engine (RKE/RKE1) will reach end of life on July 31, 2025. Rancher 2.12.0 and later will no longer support provisioning or managing downstream RKE1 clusters. We recommend replatforming RKE1 clusters to RKE2 to ensure continued support and security updates. Learn more about the transition here.

Important: Rancher-Istio will be deprecated in Rancher v2.12.0; turn to the SUSE Application Collection build of Istio for enhanced security (included in SUSE Rancher Prime subscriptions). Detailed information can be found in this announcement

Important: Review the Install/Upgrade Notes before upgrading to any Rancher version.

Rancher v2.11.3 is the latest patch release of Rancher. This is a Community and Prime version release that introduces maintenance updates and bug fixes. To learn more about Rancher Prime, see our page on the Rancher Prime Platform.

For more information on new features in the general minor release see the v2.11.0 release notes.

Changes Since v2.11.2

See the full list of changes.

Virtualization Management (Harvester)

Major Bug Fixes
  • Fixed an issue where error messages are not displayed in the UI when using the Harvester UI Extension. See #​14363.

RKE2/K3s Provisioning

Major Bug Fixes
  • Encryption Key Rotation feature is re-enabled on K3s/RKE2 versions included with this release. Please upgrade any clusters running versions affected by #​8236 (1.32.4, 1.31.8, or 1.30.12) to 1.32.5+, 1.31.9+, or 1.30.13+.

Install/Upgrade Notes

Expected Changes in Image Artifacts

Image artifact digests are expected to be renamed in Rancher v2.12.0, v2.11.4 and v2.10.8. Up until this change, separate image digests files for each operating system and architecture have been maintained for compatibility reasons. With this change, only one file for each operating system is to be provided:

  • The rancher-images-digests-linux-amd64.txt and rancher-images-digests-linux-arm64.txt files are to be renamed to rancher-images-digests-linux.txt.
  • The rancher-images-digests-windows-ltsc2019.txt and rancher-images-digests-windows-ltsc2022.txt files are to be renamed to rancher-images-digests-windows.txt.

Upgrade Requirements

  • Creating backups: Create a backup before you upgrade Rancher. To roll back Rancher after an upgrade, you must first back up and restore Rancher to the previous Rancher version. Because Rancher will be restored to the same state as when the backup was created, any changes post-upgrade will not be included after the restore.
  • CNI requirements:
    • For Kubernetes v1.19 and later, disable firewalld as it's incompatible with various CNI plugins. See #​28840.
    • When upgrading or installing a Linux distribution that uses nf_tables as the backend packet filter, such as SLES 15, RHEL 8, Ubuntu 20.10, Debian 10, or later, upgrade to RKE v1.19.2 or later to get Flannel v0.13.0. Flannel v0.13.0 supports nf_tables. See Flannel #​1317.
  • Requirements for air-gapped environments:
    • When using a proxy in front of an air-gapped Rancher instance, you must pass additional parameters to NO_PROXY. See the documentation and issue #​2725.
    • When installing Rancher with Docker in an air-gapped environment, you must supply a custom registries.yaml file to the docker run command, as shown in the K3s documentation. If the registry has certificates, then you'll also need to supply those. See #​28969.
  • Requirements for general Docker installs:
    • When starting the Rancher Docker container, you must use the privileged flag. See documentation.
    • When upgrading a Docker installation, a panic may occur in the container, which causes it to restart. After restarting, the container will come up and work as expected. See #​33685.

Versions

Please refer to the README for the latest and stable Rancher versions.

Please review our version documentation for more details on versioning and tagging conventions.

Images

  • rancher/rancher:v2.11.3

Tools

Kubernetes Versions for RKE

  • v1.32.5 (Default)
  • v1.31.9
  • v1.30.13

Kubernetes Versions for RKE2/K3s

  • v1.32.5 (Default)
  • v1.31.9
  • v1.30.13

Rancher Helm Chart Versions

In Rancher v2.6.0 and later, in the Apps & Marketplace UI, many Rancher Helm charts are named with a major version that starts with 100. This avoids simultaneous upstream changes and Rancher changes from causing conflicting version increments. This also complies with semantic versioning (SemVer), which is a requirement for Helm. You can see the upstream version number of a chart in the build metadata, for example: 100.0.0+up2.1.0. See #​32294.

Other Notes

Experimental Features

Rancher now supports the ability to use an OCI Helm chart registry for Apps & Marketplace. View documentation on using OCI based Helm chart repositories and note this feature is in an experimental stage. See #​29105 and #​45062

Deprecated Upstream Projects

In June 2023, Microsoft deprecated the Azure AD Graph API that Rancher had been using for authentication via Azure AD. When updating Rancher, update the configuration to make sure that users can still use Rancher with Azure AD. See the documentation and issue #​29306 for details.

Removed Legacy Features

Apps functionality in the cluster manager has been deprecated as of the Rancher v2.7 line. This functionality has been replaced by the Apps & Marketplace section of the Rancher UI.

Also, rancher-external-dns and rancher-global-dns have been deprecated as of the Rancher v2.7 line.

The following legacy features have been removed as of Rancher v2.7.0. The deprecation and removal of these features was announced in previous releases. See #​6864.

UI and Backend

  • CIS Scans v1 (Cluster)
  • Pipelines (Project)
  • Istio v1 (Project)
  • Logging v1 (Project)
  • RancherD

UI

  • Multiclusterapps (Global): Apps within the Multicluster Apps section of the Rancher UI.

Previous Rancher Behavior Changes

Previous Rancher Behavior Changes - Rancher General

  • Rancher v2.11.0:
    • Kubernetes v1.28 and v1.29 are no longer supported. Before upgrading to Rancher v2.11.0, ensure all clusters are running Kubernetes v1.30 or later. See #​48628.

Previous Rancher Behavior Changes - Rancher App (Global UI)

  • Rancher v2.11.0:
    • Replaced instances of v-tooltip with v-clean-tooltip to fix an issue where the UI did not sanitize cluster description inputs, allowing the possibility of changes to a cluster (local or downstream) description to cause a stored XSS attack. For more information, see CVE-2024-52281 and #​12564.
    • The v2.11.0 release removed the data collection feature, which removed the Rancher legacy telemetry and the subsequent Opt-out of Telemetry setting during set-up. Part of the legacy telemetry has been replaced with the SCC registration process for Prime, and the most important deployment metric is still tracked via the system-charts registry analysis. Going forward, telemetry will be gathered SUSE-wide. For more information, see #​12639.

Previous Rancher Behavior Changes - Cluster Provisioning

  • Rancher v2.11.0:
    • Generic Kubernetes imported clusters now use the v3 management cluster object (cluster.management.cattle.io) for both the initial creation and the updates (POST and PUT API calls respectively). See #​13151.

Previous Rancher Behavior Changes - RKE2/K3s Provisioning

  • Rancher v2.11.0:
    • etcd snapshots are now populated to Rancher by listing the etcdsnapshotfile.k3s.cattle.io resources in the downstream cluster instead of periodically scraping the CLI and rke2/k3s-etcd-snapshots configmap. See #​44452.

Previous Rancher Behavior Changes - Rancher CLI

  • Rancher v2.11.0:
    • CLI commands corresponding to the multi-cluster app legacy feature are no longer available. See #​48252.
    • The deprecated subcommand globaldns was removed from the Rancher CLI. See #​48129.

Previous Rancher Behavior Changes - Role-Based Access Control (RBAC)

  • Rancher v2.11.0:
    • The Restricted Admin role has been removed. Existing users with the Restricted Admin role will have privileges associated with this role revoked upon upgrade. See #​47875.

Previous Rancher Behavior Changes - Continuous Delivery (Fleet)

  • Rancher v2.11.0:

    • Fleet now honors custom certificate authority (CA) bundles configured in Rancher.

      This prevents you from needing to copy your CA bundles to all GitRepos and/or Helm secrets referenced by those GitRepos. Instead, you can configure those bundles directly through a single secret already known by Rancher, which Fleet will transparently use as a fallback option.

      See the Fleet documentation and fleet#2750.

    • Since the move from StatefulSet to a Deployment and the introduction of leader election for the agents, agent failover has improved. When failover has been tested by shutting down a node with a fleet agent, we observed the pods from that node to stay in the terminating state. We want to make sure that it is clear to our users, that this is not a problem of Fleet, nor is it Fleet related. This is how Kubernetes behaves when the node becomes unreachable. Failover works correctly, even if those pods are kept in the terminating state. See fleet#3096 and kubernetes/kubernetes#72226.

Previous Rancher Behavior Changes - Apps & Marketplace

  • Rancher v2.11.0:

    • The Catalog v1, Multi-Cluster App (MCA) legacy feature has been removed. If upgrading from a previous Rancher version to v2.11 then the MCA associated CRD's and their instances will still exist in the cluster and can be manually deleted by using the following command:

      kubectl delete crds catalogs.management.cattle.io catalogtemplates.management.cattle.io catalogtemplateversions.management.cattle.io templates.management.cattle.io templateversions.management.cattle.io templatecontents.management.cattle.io clustercatalogs.management.cattle.io projectcatalogs.management.cattle.io multiclusterapps.management.cattle.io multiclusterapprevisions.management.cattle.io apps.project.cattle.io apprevisions.project.cattle.io

    See #​39525.

Previous Rancher Behavior Changes - Monitoring

  • Rancher v2.11.0:
    • rancher-alerting-drivers app now uses rancher/kuberlr-kubectl, improving how alerts are sent and received. See #​48849.

Long-standing Known Issues

Long-standing Known Issues - Cluster Provisioning

  • Not all cluster tools can be installed on a hardened cluster.

  • Rancher v2.8.1:

    • When you attempt to register a new etcd/controlplane node in a CAPR-managed cluster after a failed etcd snapshot restoration, the node can become stuck in a perpetual paused state, displaying the error message [ERROR] 000 received while downloading Rancher connection information. Sleeping for 5 seconds and trying again. As a workaround, you can unpause the cluster by running kubectl edit clusters.cluster clustername -n fleet-default and set spec.unpaused to false. See #​43735.

  • Rancher v2.7.2:

    • If you upgrade or update any hosted cluster, and go to Cluster Management > Clusters while the cluster is still provisioning, the Registration tab is visible. Registering a cluster that is already registered with Rancher can cause data corruption. See #​8524.

Long-standing Known Issues - RKE Provisioning

  • Rancher v2.9.0:
    • The Weave CNI plugin for RKE v1.27 and later is now deprecated, due to the plugin being deprecated for upstream Kubernetes v1.27 and later. RKE creation will not go through as it will raise a validation warning. See #​11322.

Long-standing Known Issues - RKE2 Provisioning

  • Rancher v2.9.0:
    • When adding the provisioning.cattle.io/allow-dynamic-schema-drop annotation through the cluster config UI, the annotation disappears before adding the value field. When viewing the YAML, the respective value field is not updated and is displayed as an empty string. As a workaround, when creating the cluster, set the annotation by using the Edit Yaml option located in the dropdown attached to your respective cluster in the Cluster Management view. See #​13655.
  • Rancher v2.7.7:
    • Due to the backoff logic in various components, downstream provisioned K3s and RKE2 clusters may take longer to re-achieve Active status after a migration. If you see that a downstream cluster is still updating or in an error state immediately after a migration, please let it attempt to resolve itself. This might take up to an hour to complete. See #​34518 and #​42834.
  • Rancher v2.7.6:
    • Provisioning RKE2/K3s clusters with added (not built-in) custom node drivers causes provisioning to fail. As a workaround, fix the added node drivers after activating. See #​37074.
  • Rancher v2.7.2:
    • When viewing or editing the YAML configuration of downstream RKE2 clusters through the UI, spec.rkeConfig.machineGlobalConfig.profile is set to null, which is an invalid configuration. See #​8480.

Long-standing Known Issues - K3s Provisioning

  • Rancher v2.7.6:
    • Provisioning RKE2/K3s clusters with added (not built-in) custom node drivers causes provisioning to fail. As a workaround, fix the added node drivers after activating. See #​37074.
  • Rancher v2.7.2:
    • Clusters remain in an Updating state even when they contain nodes in an Error state. See #​39164.

Long-standing Known Issues - Rancher App (Global UI)

  • Rancher v2.10.0:
    • After deleting a Namespace or Project in the Rancher UI, the Namespace or Project remains visible. As a workaround, refresh the page. See #​12220.
  • Rancher v2.9.2:
    • Although system mode node pools must have at least one node, the Rancher UI allows a minimum node count of zero. Inputting a zero minimum node count through the UI can cause cluster creation to fail due to an invalid parameter error. To prevent this error from occurring, enter a minimum node count at least equal to the node count. See #​11922.
  • Rancher v2.7.7:
    • When creating a cluster in the Rancher UI it does not allow the use of an underscore _ in the Cluster Name field. See #​9416.

Long-standing Known Issues - Hosted Rancher

  • Rancher v2.7.5:
    • The Cluster page shows the Registration tab when updating or upgrading a hosted cluster. See #​8524.

Long-standing Known Issues - EKS

  • Rancher v2.7.0:
    • EKS clusters on Kubernetes v1.21 or below on Rancher v2.7 cannot be upgraded. See #​39392.

Long-standing Known Issues - Authentication

  • Rancher v2.9.0:
    • There are some known issues with the OpenID Connect provider support:
      • When the generic OIDC auth provider is enabled, and you attempt to add auth provider users to a cluster or project, users are not populated in the dropdown search bar. This is expected behavior as the OIDC auth provider alone is not searchable. See #​46104.
      • When the generic OIDC auth provider is enabled, auth provider users that are added to a cluster/project by their username are not able to access resources upon logging in. A user will only have access to resources upon login if the user is added by their userID. See #​46105.
      • When the generic OIDC auth provider is enabled and an auth provider user in a nested group is logged into Rancher, the user will see the following error when they attempt to create a Project: [projectroletemplatebindings.management.cattle.io](http://projectroletemplatebindings.management.cattle.io/) is forbidden: User "u-gcxatwsnku" cannot create resource "projectroletemplatebindings" in API group "[management.cattle.io](http://management.cattle.io/)" in the namespace "p-9t5pg". However, the project is still created. See #​46106.

Long-standing Known Issues - Rancher Webhook

  • Rancher v2.7.2:
    • A webhook is installed in all downstream clusters. There are several issues that users may encounter with this functionality:
      • If you rollback from a version of Rancher v2.7.2 or later, to a Rancher version earlier than v2.7.2, the webhooks will remain in downstream clusters. Since the webhook is designed to be 1:1 compatible with specific versions of Rancher, this can cause unexpected behaviors to occur downstream. The Rancher team has developed a script which should be used after rollback is complete (meaning after a Rancher version earlier than v2.7.2 is running). This removes the webhook from affected downstream clusters. See #​40816.

Long-standing Known Issues - Virtualization Management (Harvester)

  • Rancher v2.7.2:
    • If you're using Rancher v2.7.2 with Harvester v1.1.1 clusters, you won't be able to select the Harvester cloud provider when deploying or updating guest clusters. The Harvester release notes contain instructions on how to resolve this. See #​3750.

Long-standing Known Issues - Backup/Restore

  • When migrating to a cluster with the Rancher Backup feature, the server-url cannot be changed to a different location. It must continue to use the same URL.

  • Rancher v2.7.7:

    • Due to the backoff logic in various components, downstream provisioned K3s and RKE2 clusters may take longer to re-achieve Active status after a migration. If you see that a downstream cluster is still updating or in an error state immediately after a migration, please let it attempt to resolve itself. This might take up to an hour to complete. See #​34518 and #​42834.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [rancher](https://rancher.com) ([source](https://github.com/rancher/rancher)) | patch | `2.11.2` -> `2.11.3` | --- ### Release Notes <details> <summary>rancher/rancher (rancher)</summary> ### [`v2.11.3`](https://github.com/rancher/rancher/releases/tag/v2.11.3) [Compare Source](https://github.com/rancher/rancher/compare/v2.11.2...v2.11.3) ### Release v2.11.3 > **Important:** If you are using Active Directory Federation Service (AD FS) upgrading to Rancher v2.10.1 or later may cause issues with authentication caused by the AD FS Relying Party Trust not being able to pick up a signature verification certificate from the metadata, that requires manual intervention. This can be corrected by either trying to update Relying Party Trust information from federation metadata (Relying Party Trust -> Update from Federation Metadata...) or by directly adding the certificate (Relying Party Trust -> Properties -> Signature tab -> Add -> Select the certificate). For more information see [#&#8203;48655](https://github.com/rancher/rancher/issues/48655). > **Important:** Rancher Kubernetes Engine (RKE/RKE1) will reach end of life on **July 31, 2025**. Rancher 2.12.0 and later will no longer support provisioning or managing downstream RKE1 clusters. We recommend replatforming RKE1 clusters to RKE2 to ensure continued support and security updates. Learn more about the transition [here](https://www.suse.com/support/kb/doc/?id=000021518). > **Important:** [Rancher-Istio](https://ranchermanager.docs.rancher.com/integrations-in-rancher/istio) will be deprecated in Rancher v2.12.0; turn to the [SUSE Application Collection](https://apps.rancher.io) build of Istio for enhanced security (included in SUSE Rancher Prime subscriptions). Detailed information can be found in [this announcement](https://forums.suse.com/t/deprecation-of-rancher-istio/45043) > **Important:** Review the Install/Upgrade Notes before upgrading to any Rancher version. Rancher v2.11.3 is the latest patch release of Rancher. This is a Community and Prime version release that introduces maintenance updates and bug fixes. To learn more about Rancher Prime, see our page on the [Rancher Prime Platform](https://www.rancher.com/products/rancher-platform). For more information on new features in the general minor release see the [v2.11.0 release notes](https://github.com/rancher/rancher/releases/tag/v2.11.0). #### Changes Since v2.11.2 See the full list of [changes](https://github.com/rancher/rancher/compare/v2.11.2...v2.11.3). #### Virtualization Management (Harvester) ##### Major Bug Fixes - Fixed an issue where error messages are not displayed in the UI when using the Harvester UI Extension. See [#&#8203;14363](https://github.com/rancher/dashboard/issues/14363). #### RKE2/K3s Provisioning ##### Major Bug Fixes - Encryption Key Rotation feature is re-enabled on K3s/RKE2 versions included with this release. Please upgrade any clusters running versions affected by [#&#8203;8236](https://github.com/rancher/rke2/issues/8236) (1.32.4, 1.31.8, or 1.30.12) to 1.32.5+, 1.31.9+, or 1.30.13+. ### Install/Upgrade Notes > - If you're installing Rancher for the first time, your environment must fulfill the [installation requirements](https://ranchermanager.docs.rancher.com/v2.11/getting-started/installation-and-upgrade/installation-requirements). #### Expected Changes in Image Artifacts Image artifact digests are expected to be renamed in Rancher v2.12.0, v2.11.4 and v2.10.8. Up until this change, separate image digests files for each operating system and architecture have been maintained for compatibility reasons. With this change, only one file for each operating system is to be provided: - The `rancher-images-digests-linux-amd64.txt` and `rancher-images-digests-linux-arm64.txt` files are to be renamed to `rancher-images-digests-linux.txt`. - The `rancher-images-digests-windows-ltsc2019.txt` and `rancher-images-digests-windows-ltsc2022.txt` files are to be renamed to `rancher-images-digests-windows.txt`. ### Upgrade Requirements - **Creating backups:** [Create a backup](https://ranchermanager.docs.rancher.com/v2.11/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher) before you upgrade Rancher. To roll back Rancher after an upgrade, you must first back up and restore Rancher to the previous Rancher version. Because Rancher will be restored to the same state as when the backup was created, any changes post-upgrade will not be included after the restore. - **CNI requirements:** - For Kubernetes v1.19 and later, disable firewalld as it's incompatible with various CNI plugins. See [#&#8203;28840](https://github.com/rancher/rancher/issues/28840). - When upgrading or installing a Linux distribution that uses nf\_tables as the backend packet filter, such as SLES 15, RHEL 8, Ubuntu 20.10, Debian 10, or later, upgrade to RKE v1.19.2 or later to get Flannel v0.13.0. Flannel v0.13.0 supports nf\_tables. See Flannel [#&#8203;1317](https://github.com/flannel-io/flannel/issues/1317). - **Requirements for air-gapped environments:** - When using a proxy in front of an air-gapped Rancher instance, you must pass additional parameters to `NO_PROXY`. See the [documentation](https://docs.ranchermanager.rancher.io/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/install-rancher) and issue [#&#8203;2725](https://github.com/rancher/docs/issues/2725#issuecomment-702454584). - When installing Rancher with Docker in an air-gapped environment, you must supply a custom `registries.yaml` file to the `docker run` command, as shown in the [K3s documentation](https://docs.k3s.io/installation/private-registry). If the registry has certificates, then you'll also need to supply those. See [#&#8203;28969](https://github.com/rancher/rancher/issues/28969#issuecomment-694474229). - **Requirements for general Docker installs:** - When starting the Rancher Docker container, you must use the `privileged` flag. See [documentation](https://docs.ranchermanager.rancher.io/pages-for-subheaders/rancher-on-a-single-node-with-docker). - When upgrading a Docker installation, a panic may occur in the container, which causes it to restart. After restarting, the container will come up and work as expected. See [#&#8203;33685](https://github.com/rancher/rancher/issues/33685). ### Versions Please refer to the [README](https://github.com/rancher/rancher#latest-release) for the latest and stable Rancher versions. Please review our [version documentation](https://docs.ranchermanager.rancher.io/getting-started/installation-and-upgrade/resources/choose-a-rancher-version) for more details on versioning and tagging conventions. #### Images - rancher/rancher:v2.11.3 #### Tools - CLI - [v2.11.3](https://github.com/rancher/cli/releases/tag/v2.11.3) - RKE - [v1.8.4](https://github.com/rancher/rke/releases/tag/v1.8.4) #### Kubernetes Versions for RKE - v1.32.5 (Default) - v1.31.9 - v1.30.13 #### Kubernetes Versions for RKE2/K3s - v1.32.5 (Default) - v1.31.9 - v1.30.13 #### Rancher Helm Chart Versions In Rancher v2.6.0 and later, in the **Apps & Marketplace** UI, many Rancher Helm charts are named with a major version that starts with *100*. This avoids simultaneous upstream changes and Rancher changes from causing conflicting version increments. This also complies with semantic versioning (SemVer), which is a requirement for Helm. You can see the upstream version number of a chart in the build metadata, for example: `100.0.0+up2.1.0`. See [#&#8203;32294](https://github.com/rancher/rancher/issues/32294). ### Other Notes #### Experimental Features Rancher now supports the ability to use an OCI Helm chart registry for Apps & Marketplace. View documentation on [using OCI based Helm chart repositories](https://ranchermanager.docs.rancher.com/v2.9/how-to-guides/new-user-guides/helm-charts-in-rancher/oci-repositories) and note this feature is in an experimental stage. See [#&#8203;29105](https://github.com/rancher/rancher/issues/29105) and [#&#8203;45062](https://github.com/rancher/rancher/pull/45062) #### Deprecated Upstream Projects In June 2023, Microsoft deprecated the Azure AD Graph API that Rancher had been using for authentication via Azure AD. When updating Rancher, update the configuration to make sure that users can still use Rancher with Azure AD. See [the documentation](https://docs.ranchermanager.rancher.io/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-azure-ad#migrating-from-azure-ad-graph-api-to-microsoft-graph-api) and issue [#&#8203;29306](https://github.com/rancher/rancher/issues/29306) for details. #### Removed Legacy Features Apps functionality in the cluster manager has been deprecated as of the Rancher v2.7 line. This functionality has been replaced by the **Apps & Marketplace** section of the Rancher UI. Also, `rancher-external-dns` and `rancher-global-dns` have been deprecated as of the Rancher v2.7 line. The following legacy features have been removed as of Rancher v2.7.0. The deprecation and removal of these features was announced in previous releases. See [#&#8203;6864](https://github.com/rancher/dashboard/issues/6864). **UI and Backend** - CIS Scans v1 (Cluster) - Pipelines (Project) - Istio v1 (Project) - Logging v1 (Project) - RancherD **UI** - Multiclusterapps (Global): Apps within the **Multicluster Apps** section of the Rancher UI. ### Previous Rancher Behavior Changes #### Previous Rancher Behavior Changes - Rancher General - **Rancher v2.11.0:** - Kubernetes v1.28 and v1.29 are no longer supported. Before upgrading to Rancher v2.11.0, ensure all clusters are running Kubernetes v1.30 or later. See [#&#8203;48628](https://github.com/rancher/rancher/issues/48628). #### Previous Rancher Behavior Changes - Rancher App (Global UI) - **Rancher v2.11.0:** - Replaced instances of v-tooltip with v-clean-tooltip to fix an issue where the UI did not sanitize cluster description inputs, allowing the possibility of changes to a cluster (local or downstream) description to cause a stored XSS attack. For more information, see [CVE-2024-52281](https://github.com/rancher/rancher/security/advisories/GHSA-2v2w-8v8c-wcm9) and [#&#8203;12564](https://github.com/rancher/dashboard/issues/12564). - The v2.11.0 release removed the data collection feature, which removed the [Rancher legacy telemetry](https://github.com/rancher/telemetry) and the subsequent `Opt-out of Telemetry` setting during set-up. Part of the legacy telemetry has been replaced with the SCC registration process for Prime, and the most important deployment metric is still tracked via the `system-charts` registry analysis. Going forward, telemetry will be gathered SUSE-wide. For more information, see [#&#8203;12639](https://github.com/rancher/dashboard/issues/12639). #### Previous Rancher Behavior Changes - Cluster Provisioning - **Rancher v2.11.0:** - Generic Kubernetes imported clusters now use the v3 management cluster object (`cluster.management.cattle.io`) for both the initial creation and the updates (POST and PUT API calls respectively). See [#&#8203;13151](https://github.com/rancher/dashboard/issues/13151). #### Previous Rancher Behavior Changes - RKE2/K3s Provisioning - **Rancher v2.11.0:** - etcd snapshots are now populated to Rancher by listing the `etcdsnapshotfile.k3s.cattle.io` resources in the downstream cluster instead of periodically scraping the CLI and `rke2/k3s-etcd-snapshots` configmap. See [#&#8203;44452](https://github.com/rancher/rancher/issues/44452#issuecomment-2762057052). #### Previous Rancher Behavior Changes - Rancher CLI - **Rancher v2.11.0:** - CLI commands corresponding to the multi-cluster app legacy feature are no longer available. See [#&#8203;48252](https://github.com/rancher/rancher/issues/48252). - The deprecated subcommand `globaldns` was removed from the Rancher CLI. See [#&#8203;48129](https://github.com/rancher/rancher/issues/48129). #### Previous Rancher Behavior Changes - Role-Based Access Control (RBAC) - **Rancher v2.11.0:** - The `Restricted Admin` role has been removed. Existing users with the `Restricted Admin` role will have privileges associated with this role revoked upon upgrade. See [#&#8203;47875](https://github.com/rancher/rancher/issues/47875). #### Previous Rancher Behavior Changes - Continuous Delivery (Fleet) - **Rancher v2.11.0:** - Fleet now honors custom certificate authority (CA) bundles [configured](https://ranchermanager.docs.rancher.com/v2.11/getting-started/installation-and-upgrade/installation-references/helm-chart-options#additional-trusted-cas) in Rancher. This prevents you from needing to copy your CA bundles to all `GitRepos` and/or Helm secrets referenced by those `GitRepos`. Instead, you can configure those bundles directly through a single secret already known by Rancher, which Fleet will transparently use as a fallback option. See the [Fleet documentation](https://fleet.rancher.io/gitrepo-add#using-custom-ca-bundles) and [fleet#2750](https://github.com/rancher/fleet/issues/2750). - Since the move from StatefulSet to a Deployment and the introduction of leader election for the agents, agent failover has improved. When failover has been tested by shutting down a node with a fleet agent, we observed the pods from that node to stay in the `terminating` state. We want to make sure that it is clear to our users, that this is not a problem of Fleet, nor is it Fleet related. This is how Kubernetes behaves when the node becomes unreachable. Failover works correctly, even if those pods are kept in the `terminating` state. See [fleet#3096](https://github.com/rancher/fleet/issues/3096) and [kubernetes/kubernetes#72226](https://github.com/kubernetes/kubernetes/issues/72226). #### Previous Rancher Behavior Changes - Apps & Marketplace - **Rancher v2.11.0:** - The Catalog v1, Multi-Cluster App (MCA) legacy feature has been removed. If upgrading from a previous Rancher version to v2.11 then the MCA associated CRD's and their instances will still exist in the cluster and can be manually deleted by using the following command: ```shell kubectl delete crds catalogs.management.cattle.io catalogtemplates.management.cattle.io catalogtemplateversions.management.cattle.io templates.management.cattle.io templateversions.management.cattle.io templatecontents.management.cattle.io clustercatalogs.management.cattle.io projectcatalogs.management.cattle.io multiclusterapps.management.cattle.io multiclusterapprevisions.management.cattle.io apps.project.cattle.io apprevisions.project.cattle.io ``` See [#&#8203;39525](https://github.com/rancher/rancher/issues/39525). #### Previous Rancher Behavior Changes - Monitoring - **Rancher v2.11.0:** - `rancher-alerting-drivers` app now uses `rancher/kuberlr-kubectl`, improving how alerts are sent and received. See [#&#8203;48849](https://github.com/rancher/rancher/issues/48849). ### Long-standing Known Issues <!-- Apply same headers as "Major Bug Fixes" but with "Long-standing Known Issues" suffix instead --> #### Long-standing Known Issues - Cluster Provisioning - Not all cluster tools can be installed on a hardened cluster.<!--no issue number available --> - **Rancher v2.8.1:** - When you attempt to register a new etcd/controlplane node in a CAPR-managed cluster after a failed etcd snapshot restoration, the node can become stuck in a perpetual paused state, displaying the error message `[ERROR] 000 received while downloading Rancher connection information. Sleeping for 5 seconds and trying again`. As a workaround, you can unpause the cluster by running `kubectl edit clusters.cluster clustername -n fleet-default` and set `spec.unpaused` to `false`. See [#&#8203;43735](https://github.com/rancher/rancher/issues/43735). - **Rancher v2.7.2:** - If you upgrade or update any hosted cluster, and go to **Cluster Management > Clusters** while the cluster is still provisioning, the **Registration** tab is visible. Registering a cluster that is already registered with Rancher can cause data corruption. See [#&#8203;8524](https://github.com/rancher/dashboard/issues/8524). #### Long-standing Known Issues - RKE Provisioning - **Rancher v2.9.0:** - The Weave CNI plugin for RKE v1.27 and later is now deprecated, due to the plugin being deprecated for upstream Kubernetes v1.27 and later. RKE creation will not go through as it will raise a validation warning. See [#&#8203;11322](https://github.com/rancher/dashboard/issues/11322). #### Long-standing Known Issues - RKE2 Provisioning <!-- hostbusters --> - **Rancher v2.9.0:** - When adding the `provisioning.cattle.io/allow-dynamic-schema-drop` annotation through the cluster config UI, the annotation disappears before adding the value field. When viewing the YAML, the respective value field is not updated and is displayed as an empty string. As a workaround, when creating the cluster, set the annotation by using the **Edit Yaml** option located in the dropdown **⋮** attached to your respective cluster in the **Cluster Management** view. See [#&#8203;13655](https://github.com/rancher/dashboard/issues/13655). - **Rancher v2.7.7:** - Due to the backoff logic in various components, downstream provisioned K3s and RKE2 clusters may take longer to re-achieve `Active` status after a migration. If you see that a downstream cluster is still updating or in an error state immediately after a migration, please let it attempt to resolve itself. This might take up to an hour to complete. See [#&#8203;34518](https://github.com/rancher/rancher/issues/34518) and [#&#8203;42834](https://github.com/rancher/rancher/issues/42834). - **Rancher v2.7.6:** - Provisioning RKE2/K3s clusters with added (not built-in) custom node drivers causes provisioning to fail. As a workaround, [fix](https://github.com/rancher/rancher/issues/37074#issuecomment-1664722305) the added node drivers after activating. See [#&#8203;37074](https://github.com/rancher/rancher/issues/37074). - **Rancher v2.7.2:** - When viewing or editing the YAML configuration of downstream RKE2 clusters through the UI, `spec.rkeConfig.machineGlobalConfig.profile` is set to `null`, which is an invalid configuration. See [#&#8203;8480](https://github.com/rancher/dashboard/issues/8480). - [RKE2 uninstall script](https://docs.rke2.io/install/uninstall?_highlight=uninstall#tarball-method). #### Long-standing Known Issues - K3s Provisioning <!-- hostbusters --> - **Rancher v2.7.6:** - Provisioning RKE2/K3s clusters with added (not built-in) custom node drivers causes provisioning to fail. As a workaround, [fix](https://github.com/rancher/rancher/issues/37074#issuecomment-1664722305) the added node drivers after activating. See [#&#8203;37074](https://github.com/rancher/rancher/issues/37074). - **Rancher v2.7.2:** - Clusters remain in an `Updating` state even when they contain nodes in an `Error` state. See [#&#8203;39164](https://github.com/rancher/rancher/issues/39164). #### Long-standing Known Issues - Rancher App (Global UI) - **Rancher v2.10.0:** - After deleting a Namespace or Project in the Rancher UI, the Namespace or Project remains visible. As a workaround, refresh the page. See [#&#8203;12220](https://github.com/rancher/dashboard/issues/12220). - **Rancher v2.9.2:** - Although system mode node pools must have at least one node, the Rancher UI allows a minimum node count of zero. Inputting a zero minimum node count through the UI can cause cluster creation to fail due to an invalid parameter error. To prevent this error from occurring, enter a minimum node count at least equal to the node count. See [#&#8203;11922](https://github.com/rancher/dashboard/issues/11922). - **Rancher v2.7.7:** - When creating a cluster in the Rancher UI it does not allow the use of an underscore `_` in the `Cluster Name` field. See [#&#8203;9416](https://github.com/rancher/dashboard/issues/9416). #### Long-standing Known Issues - Hosted Rancher <!-- hostbusters --> - **Rancher v2.7.5:** - The **Cluster** page shows the **Registration** tab when updating or upgrading a hosted cluster. See [#&#8203;8524](https://github.com/rancher/dashboard/issues/8524). #### Long-standing Known Issues - EKS - **Rancher v2.7.0:** - EKS clusters on Kubernetes v1.21 or below on Rancher v2.7 cannot be upgraded. See [#&#8203;39392](https://github.com/rancher/rancher/issues/39392). #### Long-standing Known Issues - Authentication <!-- night's watch --> - **Rancher v2.9.0:** - There are some known issues with the OpenID Connect provider support: - When the generic OIDC auth provider is enabled, and you attempt to add auth provider users to a cluster or project, users are not populated in the dropdown search bar. This is expected behavior as the OIDC auth provider alone is not searchable. See [#&#8203;46104](https://github.com/rancher/rancher/issues/46104). - When the generic OIDC auth provider is enabled, auth provider users that are added to a cluster/project by their username are not able to access resources upon logging in. A user will only have access to resources upon login if the user is added by their userID. See [#&#8203;46105](https://github.com/rancher/rancher/issues/46105). - When the generic OIDC auth provider is enabled and an auth provider user in a nested group is logged into Rancher, the user will see the following error when they attempt to create a Project: `[projectroletemplatebindings.management.cattle.io](http://projectroletemplatebindings.management.cattle.io/) is forbidden: User "u-gcxatwsnku" cannot create resource "projectroletemplatebindings" in API group "[management.cattle.io](http://management.cattle.io/)" in the namespace "p-9t5pg"`. However, the project is still created. See [#&#8203;46106](https://github.com/rancher/rancher/issues/46106). #### Long-standing Known Issues - Rancher Webhook <!-- neo --> - **Rancher v2.7.2:** - A webhook is installed in all downstream clusters. There are several issues that users may encounter with this functionality: - If you rollback from a version of Rancher v2.7.2 or later, to a Rancher version earlier than v2.7.2, the webhooks will remain in downstream clusters. Since the webhook is designed to be 1:1 compatible with specific versions of Rancher, this can cause unexpected behaviors to occur downstream. The Rancher team has developed a [script](https://github.com/rancher/webhook/wiki/Remove-Webhook-from-downstream-clusters) which should be used after rollback is complete (meaning after a Rancher version earlier than v2.7.2 is running). This removes the webhook from affected downstream clusters. See [#&#8203;40816](https://github.com/rancher/rancher/issues/40816). #### Long-standing Known Issues - Virtualization Management (Harvester) - **Rancher v2.7.2:** - If you're using Rancher v2.7.2 with Harvester v1.1.1 clusters, you won't be able to select the Harvester cloud provider when deploying or updating guest clusters. The [Harvester release notes](https://github.com/harvester/release-notes/blob/main/v1.1.2.md#important-information-about-rancher-support) contain instructions on how to resolve this. See [#&#8203;3750](https://github.com/harvester/harvester/issues/3750). #### Long-standing Known Issues - Backup/Restore <!-- night's watch --> - When migrating to a cluster with the Rancher Backup feature, the server-url cannot be changed to a different location. It must continue to use the same URL.<!-- no issue number --> - **Rancher v2.7.7:** - Due to the backoff logic in various components, downstream provisioned K3s and RKE2 clusters may take longer to re-achieve `Active` status after a migration. If you see that a downstream cluster is still updating or in an error state immediately after a migration, please let it attempt to resolve itself. This might take up to an hour to complete. See [#&#8203;34518](https://github.com/rancher/rancher/issues/34518) and [#&#8203;42834](https://github.com/rancher/rancher/issues/42834). </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC41Ny4xIiwidXBkYXRlZEluVmVyIjoiNDAuNTcuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
aggarwalakshun added 1 commit 2025-06-26 00:04:04 +00:00
Update Helm release rancher to v2.11.3 809e4a6d95
aggarwalakshun merged commit f9424dd442 into main 2025-06-26 10:57:51 +00:00
aggarwalakshun deleted branch renovate/rancher-2.x 2025-06-26 10:57:52 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
aggarwalakshun
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: aggarwalakshun/public-k3s#46
Delete Branch "renovate/rancher-2.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?