Unverified Commit fbd134f0 authored by Jonas Chevalier's avatar Jonas Chevalier Committed by GitHub
Browse files

rke2: switch to minor release versions (#379844)

parents c4a805b7 36cb383f

pkgs/applications/networking/cluster/rke2/1_29/versions.nix

0 → 100644
+11 −0
Original line number Diff line number Diff line 
{

  rke2Version = "1.29.13+rke2r1";

  rke2Commit = "00803ef95072be9d13b6e52a56fa9b6d9e7b0a51";

  rke2TarballHash = "sha256-1OphaTrEU2MvV0kdEyxomRGgbl/YSVikcYtLuL3QnBI=";

  rke2VendorHash = "sha256-6XczvyQMqYqHHu+cSsmXsi7zMG128ZwiAHr482qQqpI=";

  k8sImageTag = "v1.29.13-rke2r1-build20250117";

  etcdVersion = "v3.5.16-k3s1-build20241106";

  pauseVersion = "3.6";

  ccmVersion = "v1.29.10-0.20241016053521-9510ac25fefb-build20241016";

  dockerizedVersion = "v1.29.13-rke2r1";

}

pkgs/applications/networking/cluster/rke2/1_30/versions.nix

0 → 100644
+11 −0
Original line number Diff line number Diff line 
{

  rke2Version = "1.30.9+rke2r1";

  rke2Commit = "bfd23524f32a4d9fa6f19ab58a2d47572e56f813";

  rke2TarballHash = "sha256-/WVKmK9ZackY9ULST0zFi/RRwA4ZR3u1DXULWTc6G3o=";

  rke2VendorHash = "sha256-kghiYswm3s7bILGp8t452jx84MY73EF9OTaWdncFr34=";

  k8sImageTag = "v1.30.9-rke2r1-build20250116";

  etcdVersion = "v3.5.16-k3s1-build20241106";

  pauseVersion = "3.6";

  ccmVersion = "v1.30.6-0.20241016053533-5ec454f50e7a-build20241016";

  dockerizedVersion = "v1.30.9-rke2r1";

}

pkgs/applications/networking/cluster/rke2/stable/versions.nixpkgs/applications/networking/cluster/rke2/1_31/versions.nix

+0 −3
Original line number Diff line number Diff line
@@ -3,12 +3,9 @@ 
  rke2Commit = "08e198bbe3f0b8d4c9b0af4d92085c06bb94aa89";

  rke2TarballHash = "sha256-GG1GOs/kLWDCvc/+l0ymRpJzEthIyGpampCjvfnEPB8=";

  rke2VendorHash = "sha256-xWqMidOWiLgJXp6AEITkyOieLw4yi1JMmi80YS4RNy0=";

  k8sVersion = "v1.31.5";

  k8sImageTag = "v1.31.5-rke2r1-build20250115";

  etcdVersion = "v3.5.16-k3s1-build20241106";

  pauseVersion = "3.6";

  ccmVersion = "v1.31.2-0.20241016053446-0955fa330f90-build20241016";

  dockerizedVersion = "v1.31.5-rke2r1";

  golangVersion = "go1.22.10";

  eol = "2025-10-28";

}

pkgs/applications/networking/cluster/rke2/latest/versions.nixpkgs/applications/networking/cluster/rke2/1_32/versions.nix

+0 −3
Original line number Diff line number Diff line
@@ -3,12 +3,9 @@ 
  rke2Commit = "c0f7be4407cf2c437cacfe735e5c943e827f2ff8";

  rke2TarballHash = "sha256-clZpTnMnj2PRDDYz7+r11RlyX2ExwsE1Tmdt3/kUmtE=";

  rke2VendorHash = "sha256-aIB2fRkccx5fXMnFxZ+tirXp5gg8o/h/a6Lgc+EG4L4=";

  k8sVersion = "v1.32.1";

  k8sImageTag = "v1.32.1-rke2r1-build20250115";

  etcdVersion = "v3.5.16-k3s1-build20241106";

  pauseVersion = "3.6";

  ccmVersion = "v1.32.0-rc3.0.20241220224140-68fbd1a6b543-build20250101";

  dockerizedVersion = "v1.32.1-rke2r1";

  golangVersion = "go1.23.4";

  eol = "2026-02-28";

}

pkgs/applications/networking/cluster/rke2/README.md

+30 −22
Original line number Diff line number Diff line 
# RKE2 Version



RKE2, Kubernetes, and other clustered software has the property of not being able to update atomically.

Most software in nixpkgs, like for example bash, can be updated as part of a `nixos-rebuild switch`

without having to worry about the old and the new bash interacting in some way.

RKE2, Kubernetes, and other clustered software has the property of not being able to update

atomically. Most software in nixpkgs, like for example bash, can be updated as part of a

`nixos-rebuild switch` without having to worry about the old and the new bash interacting in some

way. RKE2/Kubernetes, on the other hand, is typically run across several machines, and each machine

is updated independently. As such, different versions of the package and NixOS module must maintain

compatibility with each other through temporary version skew during updates. The upstream Kubernetes

project documents this in their

[version-skew policy](https://kubernetes.io/releases/version-skew-policy/#supported-component-upgrade-order).



Within nixpkgs, we strive to maintain a valid "upgrade path" that does not run afoul of the upstream

version skew policy.



> [!NOTE]

> Upgrade the server nodes first, one at a time. Once all servers have been upgraded, you may then upgrade agent nodes.

> Upgrade the server nodes first, one at a time. Once all servers have been upgraded, you may then

> upgrade agent nodes.



## Release Channels



RKE2 has three main release channels, which are: `stable`, `latest` and `testing`.

RKE2 has two named release channels, i.e. `stable` and `latest`. Additionally, there exists a

release channel tied to each Kubernetes minor version, e.g. `v1.32`.



The `stable` channel is the default channel and is recommended for production use.

The `latest` channel is the latest release.

The `testing` channel is the latest release, including pre-releases.

Nixpkgs follows active minor version release channels (typically 4 at a time) and sets aliases for

`rke2_stable` and `rke2_latest` accordingly.



| Channel   | Description                                                                                                                                                                                    |

| --------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |

| `stable`  | **(Default)** Stable is recommended for production environments. These releases have been through a period of community hardening, and are compatible with the most recent release of Rancher. |

| `latest`  | Latest is recommended for trying out the latest features. These releases have not yet been through a period of community hardening, and may not be compatible with Rancher.                    |

| `testing` | The most recent release, including pre-releases.                                                                                                                                               |

Patch releases should be backported to to the latest stable release branch, however, new minor

versions are not backported.



Learn more about the [RKE2 release channels](https://docs.rke2.io/upgrade/manual_upgrade).

For further information visit the

[RKE2 release channels documentation](https://docs.rke2.io/upgrades/manual_upgrade?_highlight=manua#release-channels).



For an exhaustive and up-to-date list of channels, you can visit the

[rke2 channel service API](https://update.rke2.io/v1-release/channels).

For more technical details on how channels work, you can see the [channelserver project](https://github.com/rancher/channelserver).

## EOL Versions



> [!TIP]

> When attempting to upgrade to a new version of RKE2,

> the [Kubernetes version skew policy](https://kubernetes.io/docs/setup/release/version-skew-policy) applies.

> Ensure that your plan **does not skip intermediate minor versions** when upgrading. Nothing in the upgrade process will

> protect you against unsupported changes to the Kubernetes version.
 
Approximately every 4 months a minor RKE2 version reaches EOL. EOL versions should be removed from

`nixpkgs-unstable`, preferably by throwing with an explanatory message in

`pkgs/top-level/aliases.nix`. With stable releases, however, it isn't expected that packages will be

removed. Instead we set `meta.knownVulnerabilities` for stable EOL packages, like it is also done

for EOL JDKs, browser engines, Node.js versions, etc.



For further information on the RKE2 lifecycle, see the

[SUSE Product Support Lifecycle page](https://www.suse.com/lifecycle#rke2).