我的书签
添加书签
移除书签Release v2.0.6
Active Directory and OpenLDAP users: If you are using AD or openLDAP, please review the schema section on whether or not you want the nested group membership setting enabled. By enabling nested group membership, it will provide permissions to users that are in groups of groups, but due to this extensive user search, it could cause slower search results/log in.
Versions
- rancher/rancher:v2.0.6
Please do not use releases with a suffix. These rc builds are meant for the Rancher team to test builds.
Latest - v2.0.6 - rancher/rancher:latest
Stable - v2.0.4 - rancher/rancher:stable
Upgrades and Rollbacks
Rancher supports both upgrade and rollback starting with v2.0.2. Please note the version you would like to upgrade or to change the Rancher version.
Note: When rolling back, we are expecting you to rollback to the state at the time of your upgrade. Any changes post upgrade would not be reflected. In the case of rolling back using a Rancher single-node install, you must specify the exact version you want to change the Rancher version to, rather than using the default
:latesttag.Note: If you had the helm stable catalog enabled in v2.0.0, we’ve updated the catalog to start pointing directly to the kubernetes helm repo instead of an internal repo. Please delete the custom catalog that is now showing up and re-enable the helm stable. []
Known Major Issues
- After upgrade, ingresses may have some issues with showing 503s or inability to target new workloads, the current workaround is to re-create the ingress []
- Authenticating with Active Directory: With v2.0.5 and v2.0.6, you are required to add in the domain as part of the service account username. [#14708]
- Fixed an issue where supporting nested group searching in Active Directory and openLDAP was having issues with taking long times to search by turning it off by default. This can be customized to be turned on when customizing your schema for configuring Active Directory and openLDAP. Note: AzureAD and FreeIPA automatically search for nested groups and do not have this customization option. []
- Fixed an issue where during upgrade, if a cluster used OSes that do not have persistent directories (i.e. RancherOS, CoreOS, boot2docker), then their cluster would fail as kubelets wouldn’t have been able to be started due to missing certificates [#14454]
- Fixed an issue where openLDAP was not doing a service account bind before trying to look up the user to authenticate openLDAP [, #14456]
