Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
h
hundreds-airport-66196
02/09/2023, 7:16 PMHi Rancher Team,
Will rke2 1.24.x end also support when k8s 1.24 EOL in Jul 2023?
https://kubernetes.io/releases/
c
creamy-pencil-82913
02/09/2023, 7:43 PMWe put out a release of RKE2 for every release from upstream. When there are no more Kubernetes releases from the 1.24 branch, there will be no more RKE2 releases from the 1.24 branch.
h
hundreds-airport-66196
02/09/2023, 8:01 PMIs this the same for all Rancher enterprise customers? What about if there is a security vulnerability in, lets say rke2 1.24.10. Does this mean that I have to upgrade to the next available version?
c
creamy-pencil-82913
02/09/2023, 8:05 PMIf there is a vuln in 1.24.10 that is fixed in 1.24.11, you would need to upgrade to 1.24.11. We’re not going to backport stuff from one patch release to a previous one.
h
hundreds-airport-66196
02/09/2023, 8:07 PMbut what if 1.24.10 is the last patch of upstream kubernetes?
c
creamy-pencil-82913
02/09/2023, 8:07 PMIt isn’t. 1.24 isn’t end of life for another 5 months.
A better example might be v1.22.17?
That is the last release on the 1.22 branch. There will be no additional releases of 1.22, either from Kubernetes or from Rancher.
That is also a good example as 1.22 was supposed to be end of life in 1.22.15, but they ended up doing two additional releases to address regressions and vulns.
h
hundreds-airport-66196
02/09/2023, 8:10 PMok, got it. Thanks brandond!
c
creamy-pencil-82913
02/09/2023, 8:10 PMbut yes, if it comes out today that there is an issue with 1.22.17 you would need to upgrade to 1.23 or newer
h
hundreds-airport-66196
02/09/2023, 8:13 PMyeah, we're looking to upgrade but GlusterFS is deprecated in 1.25. I have to replace Gluster first with Longhorn before I can upgrade
s
square-policeman-85866
02/09/2023, 9:39 PMWhere can you find info on end of life dates for releases?
h
hundreds-airport-66196
02/09/2023, 9:39 PMr
rough-farmer-49135
02/09/2023, 9:48 PMOut of curiosity, what about if there's a critical vulnerability in something bundled with RKE2, such as the nginx ingress controller?
I can see how it doesn't make sense for scarce Rancher resources to go back and work on that, but is there a guide/documentation for how an enterprising user might re-package a custom release to handle the bundled issue?
(or maybe to decouple it after the fact or something)
c
creamy-pencil-82913
02/09/2023, 10:09 PMWe have not yet made the call to do any additional RKE2 or K3s releases past the end of the Kubernetes release cycle. If there was ever some super-critical vuln in a packaged component, and we were just past the EOL date, we might consider doing a k3s2/rke2r2 release but that hasn’t been necessary yet.
r
rough-farmer-49135
02/09/2023, 10:22 PMI can see that being fair, so that's why I was hoping for maybe documentation on how people could decouple or rebuild with the new piece themselves as kind of "emergency first aid" for that kind of situation as a possible alternative.
c
creamy-pencil-82913
02/09/2023, 10:51 PMthe best way to address that would probably be to either disable the component and replace it with your own, or use HelmChartConfig to customize it to deploy a fix.
f
full-painter-23916
02/10/2023, 7:58 AMFWIW, "deprecated" != "removed", it should still work in 1.25
s
sparse-fireman-14239
02/10/2023, 12:13 PMA better method is to "simply" follow the K8s releases and continually move foward, then you won't get stuck. Get out of the "don't touch it"-Enterprise mindset and embrace CI/CD for your entire stack.
Features which are deprecated don't go out of support for a long time, so if you keep up to date with what's going on, you'll have plenty of time to migrate out of whatever.
By out of support I mean removed entirely.
r
rough-farmer-49135
02/10/2023, 12:18 PMI wouldn't disagree at all about that being better practice, but sadly I don't call the shots so need to have my plans ready for what I expect to happen.
s
sparse-fireman-14239
02/10/2023, 12:20 PM@rough-farmer-49135 I fully understand that, just putting it out there because a lot of people have a point and shoot approach, or rather "install and forget" where if hasn't blown up all is good 😉
r
rough-farmer-49135
02/10/2023, 12:21 PMYeah, and I'll admit that I have used the Kubernetes release cadence to get people like that to pause a bit, but haven't succeeded in getting it to truly penetrate into their thinking yet. I'm suspecting they'll need to get burned badly first.
👍 1
s
sparse-fireman-14239
02/10/2023, 12:23 PMIt's unfortunately classic, and the majority of companies still operate with what used to work 20+ years ago.
r
rough-farmer-49135
02/10/2023, 12:25 PMWhich I find entertaining because if those same people are looking at Kubernetes, then they're also likely replacing something from a decade or more ago and have likely been talking up new technology getting approval/funding.
s
sparse-fireman-14239
02/10/2023, 12:25 PMIndeed 😄
Drank the Kool-Aid, put it into production. Now what? 😆🙈
h
hundreds-airport-66196
02/10/2023, 2:00 PMDeprecated in 1.25 and totally removed in 1.26