How does RKE2 know which version of images to use I m lookin Rancher Users #general

How does RKE2 know which version of images to use?...

refined-application-74576

03/14/2025, 7:28 PM

How does RKE2 know which version of images to use? I'm looking at https://github.com/rancher/rke2/releases/download/v1.32.1%2Brke2r1/rke2-images.linux-amd64.txt but when I look at

/var/lib/rancher/rke2/agent/images/etcd-image.txt

I get a different image.

<http://index.docker.io/rancher/hardened-etcd:v3.5.13-k3s1-build20240531|index.docker.io/rancher/hardened-etcd:v3.5.13-k3s1-build20240531>

Copy code

sean@jammy-02:/var/lib/rancher/rke2/agent/images$ rke2 -v
rke2 version v1.32.1+rke2r1 (c0f7be4407cf2c437cacfe735e5c943e827f2ff8)
go version go1.23.4 X:boringcrypto

Copy code

sean@jammy-02:/var/lib/rancher/rke2/agent/images$ uname -a
Linux jammy-02 5.15.0-134-generic #145-Ubuntu SMP Wed Feb 12 20:08:39 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

creamy-pencil-82913

03/14/2025, 7:29 PM

its set at compile time

creamy-pencil-82913

03/14/2025, 7:29 PM

you can override via CLI flag though

creamy-pencil-82913

03/14/2025, 7:30 PM

different than what?

refined-application-74576

03/14/2025, 7:30 PM

the github link specifies a different etcd image than the one rke2 places in the images dir

creamy-pencil-82913

03/14/2025, 7:32 PM

are you sure you’re running v1.32.1+rke2r1?

creamy-pencil-82913

03/14/2025, 7:33 PM

If so are you sure you haven’t overridden the

etcd-image

value in your config?

creamy-pencil-82913

03/14/2025, 7:34 PM

Copy code

root@rke2-server-1:/# rke2 --version
rke2 version v1.32.1+rke2r1 (c0f7be4407cf2c437cacfe735e5c943e827f2ff8)
go version go1.23.4 X:boringcrypto

root@rke2-server-1:/# kubectl get node -o wide
NAME                        STATUS   ROLES                       AGE   VERSION          INTERNAL-IP   EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION   CONTAINER-RUNTIME
<http://rke2-server-1.example.com|rke2-server-1.example.com>   Ready    control-plane,etcd,master   50s   v1.32.1+rke2r1   172.17.0.4    <none>        Ubuntu 22.04.5 LTS   6.8.0-1016-aws   <containerd://1.7.23-k3s2>

root@rke2-server-1:/# cat /var/lib/rancher/rke2/agent/images/etcd-image.txt
<http://index.docker.io/rancher/hardened-etcd:v3.5.16-k3s1-build20241106|index.docker.io/rancher/hardened-etcd:v3.5.16-k3s1-build20241106>

root@rke2-server-1:/# curl -sL <https://github.com/rancher/rke2/releases/download/v1.32.1%2Brke2r1/rke2-images.linux-amd64.txt> | grep hardened-etcd
<http://docker.io/rancher/hardened-etcd:v3.5.16-k3s1-build20241106|docker.io/rancher/hardened-etcd:v3.5.16-k3s1-build20241106>

looks consistent to me

refined-application-74576

03/14/2025, 7:34 PM

oh I think I know whats going on

refined-application-74576

03/14/2025, 7:35 PM

I had an

00-rke2-runtime.tar.zst

and

rke2-runtime.tar.zst

in that directory that differed in content.

refined-application-74576

03/14/2025, 7:36 PM

(we generate this file)

creamy-pencil-82913

03/14/2025, 7:36 PM

no… the version is set by the rke2 binary itself. doesn’t matter what’s in the rke2-runtime image tarball. That just has charts, kubelet, containerd, and the like

refined-application-74576

03/14/2025, 7:36 PM

refined-application-74576

03/14/2025, 7:37 PM

then something put this

hardened-etcd.txt

file with a different version

refined-application-74576

03/14/2025, 7:37 PM

maybe someone else mucking around on this box

creamy-pencil-82913

03/14/2025, 7:38 PM

The file that rke2 manages would be called etcd-image.txt. You’ll find X-image.txt files for all the static pods. We don’t drop any files called hardened-etcd.txt. That would be coming from something else.

creamy-pencil-82913

03/14/2025, 7:39 PM

Copy code

root@rke2-server-1:/# ls -la /var/lib/rancher/rke2/agent/images/
total 36
drwxr-xr-x 2 root root 4096 Mar 14 19:32 .
drwxr-xr-x 7 root root 4096 Mar 14 19:32 ..
-rw-r--r-- 1 root root  100 Mar 14 19:31 cloud-controller-manager-image.txt
-rw-r--r-- 1 root root   65 Mar 14 19:31 etcd-image.txt
-rw-r--r-- 1 root root   73 Mar 14 19:31 kube-apiserver-image.txt
-rw-r--r-- 1 root root   73 Mar 14 19:31 kube-controller-manager-image.txt
-rw-r--r-- 1 root root   73 Mar 14 19:32 kube-proxy-image.txt
-rw-r--r-- 1 root root   73 Mar 14 19:31 kube-scheduler-image.txt
-rw-r--r-- 1 root root   52 Mar 14 19:31 runtime-image.txt

this is what we manage. anything else would be something that is being created by an external process on your side.

refined-application-74576

03/14/2025, 7:40 PM

refined-application-74576

03/14/2025, 7:40 PM

in what circumstances is the etcd-image.txt placed?

refined-application-74576

03/14/2025, 7:40 PM

i just spun up a new instance and there's nothing in there

creamy-pencil-82913

03/14/2025, 7:41 PM

x-image.txt is created when the corresponding x.yaml for the static pod is created:

Copy code

root@rke2-server-1:/# ls -la /var/lib/rancher/rke2/agent/pod-manifests/
total 44
drwx------ 2 root root 4096 Mar 14 19:32 .
drwxr-xr-x 7 root root 4096 Mar 14 19:32 ..
-rw-r--r-- 1 root root 3799 Mar 14 19:32 cloud-controller-manager.yaml
-rw-r--r-- 1 root root 3284 Mar 14 19:31 etcd.yaml
-rw-r--r-- 1 root root 9511 Mar 14 19:32 kube-apiserver.yaml
-rw-r--r-- 1 root root 5820 Mar 14 19:32 kube-controller-manager.yaml
-rw-r--r-- 1 root root 2451 Mar 14 19:32 kube-proxy.yaml
-rw-r--r-- 1 root root 2729 Mar 14 19:32 kube-scheduler.yaml

creamy-pencil-82913

03/14/2025, 7:41 PM

it is used to trigger containerd to preload the image earlier, instead of waiting until the kubelet goes to actually start the pod.

refined-application-74576

03/14/2025, 7:43 PM

ok. thx.

8 Views

Open in Slack

Previous Next