RKE2 - v1.25.0+rke2r1

This release is RKE2's first in the v1.25 line. This release updates Kubernetes to v1.25.0.

Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.

Important Notes

1. If your server (control-plane) nodes were not started with the --token CLI flag or config file key, a randomized token was generated during initial cluster startup. This key is used both for joining new nodes to the cluster, and for encrypting cluster bootstrap data within the datastore. Ensure that you retain a copy of this token, as is required when restoring from backup.

   You may retrieve the token value from any server already joined to the cluster:
   bash cat /var/lib/rancher/rke2/server/token

2. Kubernetes v1.25 removes the beta PodSecurityPolicy admission plugin. Please follow the upstream documentation to migrate from PSP if using the built-in PodSecurity Admission Plugin, prior to upgrading to v1.25.0+rke2r1.

3. RKE2 now supports version 1.23 of the CIS Benchmark for Kubernetes. The legacy CIS 1.5 and 1.6 profiles (profile: cis-1.5 and profile: cis-1.6) have been removed as they do not apply to Kubernetes 1.25. Servers using one of the legacy profiles must be updated to specify the cis-1.23 profile when upgrading to RKE2 1.25, or RKE2 will fail to start.

Changes since v1.24.4+rke2r1:

• Update Cilium version and remove startup-script (#3274)
• Update channel server stable to 1.24.4 (#3269)
• Update canal version (#3272)
• Bump the cilium chart version (#3289)
• Rework vagrant install tests (#3237)
• Add PSA to Kubernetes v1.25 (#3282)
• Update Kubernetes image to v1.25.0-rke2r1-build20220901 (#3295)
• Fix static pod cleanup when using container-runtime-endpoint (#3308)
• Bump containerd v1.6.8 / runc v1.1.4 (#3300)
• Update calico to v3.23.3 (#3317)
• Bump K3s version for v1.25 (#3323)
• Update install script with option to skip reload (#3248)
• Add exception for cis-operator-system namespace (#3324)
• Fix config directory permissions (#3338)
• Update calico to v3.24.1 (#3340)

Packaged Component Versions

| Component | Version |
| --------------- | ------------------------------------------------------------------------------------------------- |
| Kubernetes | v1.25.0 |
| Etcd | v3.5.4 |
| Containerd | v1.6.8-k3s1 |
| Runc | v1.1.4 |
| Metrics-server | v0.5.0 |
| CoreDNS | v1.9.3 |
| Ingress-Nginx | 4.1.0 |
| Helm-controller | v0.12.3 |

Available CNIs

| Component | Version | FIPS Compliant |
| --------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------- |
| Canal (Default) | Flannel v0.19.1
Calico v3.24.1 | Yes |
| Calico | v3.24.1 | No |
| Cilium | v1.12.1 | No |
| Multus | v3.8 | No |

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our Slack channel
- Check out our documentation for guidance on how to get started.