This message was deleted Rancher Users #rke2

Join Slack

This message was deleted.

# rke2

adamant-kite-43734

02/09/2023, 7:16 PM

This message was deleted.

creamy-pencil-82913

02/09/2023, 7:43 PM

We put out a release of RKE2 for every release from upstream. When there are no more Kubernetes releases from the 1.24 branch, there will be no more RKE2 releases from the 1.24 branch.

hundreds-airport-66196

02/09/2023, 8:01 PM

Is this the same for all Rancher enterprise customers? What about if there is a security vulnerability in, lets say rke2 1.24.10. Does this mean that I have to upgrade to the next available version?

creamy-pencil-82913

02/09/2023, 8:05 PM

If there is a vuln in 1.24.10 that is fixed in 1.24.11, you would need to upgrade to 1.24.11. We’re not going to backport stuff from one patch release to a previous one.

hundreds-airport-66196

02/09/2023, 8:07 PM

but what if 1.24.10 is the last patch of upstream kubernetes?

creamy-pencil-82913

02/09/2023, 8:07 PM

It isn’t. 1.24 isn’t end of life for another 5 months.

creamy-pencil-82913

02/09/2023, 8:08 PM

A better example might be v1.22.17?

creamy-pencil-82913

02/09/2023, 8:08 PM

That is the last release on the 1.22 branch. There will be no additional releases of 1.22, either from Kubernetes or from Rancher.

creamy-pencil-82913

02/09/2023, 8:10 PM

That is also a good example as 1.22 was supposed to be end of life in 1.22.15, but they ended up doing two additional releases to address regressions and vulns.

hundreds-airport-66196

02/09/2023, 8:10 PM

ok, got it. Thanks brandond!

creamy-pencil-82913

02/09/2023, 8:10 PM

but yes, if it comes out today that there is an issue with 1.22.17 you would need to upgrade to 1.23 or newer

hundreds-airport-66196

02/09/2023, 8:13 PM

yeah, we're looking to upgrade but GlusterFS is deprecated in 1.25. I have to replace Gluster first with Longhorn before I can upgrade

square-policeman-85866

02/09/2023, 9:39 PM

Where can you find info on end of life dates for releases?

hundreds-airport-66196

02/09/2023, 9:39 PM

https://kubernetes.io/releases/

👍 1

rough-farmer-49135

02/09/2023, 9:48 PM

Out of curiosity, what about if there's a critical vulnerability in something bundled with RKE2, such as the nginx ingress controller? I can see how it doesn't make sense for scarce Rancher resources to go back and work on that, but is there a guide/documentation for how an enterprising user might re-package a custom release to handle the bundled issue?

rough-farmer-49135

02/09/2023, 9:48 PM

(or maybe to decouple it after the fact or something)

creamy-pencil-82913

02/09/2023, 10:09 PM

We have not yet made the call to do any additional RKE2 or K3s releases past the end of the Kubernetes release cycle. If there was ever some super-critical vuln in a packaged component, and we were just past the EOL date, we might consider doing a k3s2/rke2r2 release but that hasn’t been necessary yet.

rough-farmer-49135

02/09/2023, 10:22 PM

I can see that being fair, so that's why I was hoping for maybe documentation on how people could decouple or rebuild with the new piece themselves as kind of "emergency first aid" for that kind of situation as a possible alternative.

creamy-pencil-82913

02/09/2023, 10:51 PM

the best way to address that would probably be to either disable the component and replace it with your own, or use HelmChartConfig to customize it to deploy a fix.

full-painter-23916

02/10/2023, 7:58 AM

FWIW, "deprecated" != "removed", it should still work in 1.25

sparse-fireman-14239

02/10/2023, 12:13 PM

A better method is to "simply" follow the K8s releases and continually move foward, then you won't get stuck. Get out of the "don't touch it"-Enterprise mindset and embrace CI/CD for your entire stack. Features which are deprecated don't go out of support for a long time, so if you keep up to date with what's going on, you'll have plenty of time to migrate out of whatever.

sparse-fireman-14239

02/10/2023, 12:15 PM

By out of support I mean removed entirely.

rough-farmer-49135

02/10/2023, 12:18 PM

I wouldn't disagree at all about that being better practice, but sadly I don't call the shots so need to have my plans ready for what I expect to happen.

sparse-fireman-14239

02/10/2023, 12:20 PM

@rough-farmer-49135 I fully understand that, just putting it out there because a lot of people have a point and shoot approach, or rather "install and forget" where if hasn't blown up all is good 😉

rough-farmer-49135

02/10/2023, 12:21 PM

Yeah, and I'll admit that I have used the Kubernetes release cadence to get people like that to pause a bit, but haven't succeeded in getting it to truly penetrate into their thinking yet. I'm suspecting they'll need to get burned badly first.

👍 1

sparse-fireman-14239

02/10/2023, 12:23 PM

It's unfortunately classic, and the majority of companies still operate with what used to work 20+ years ago.

rough-farmer-49135

02/10/2023, 12:25 PM

Which I find entertaining because if those same people are looking at Kubernetes, then they're also likely replacing something from a decade or more ago and have likely been talking up new technology getting approval/funding.

sparse-fireman-14239

02/10/2023, 12:25 PM

Indeed 😄

sparse-fireman-14239

02/10/2023, 12:26 PM

Drank the Kool-Aid, put it into production. Now what? 😆🙈

hundreds-airport-66196

02/10/2023, 2:00 PM

Deprecated in 1.25 and totally removed in 1.26

60 Views

Open in Slack

Previous Next