Skip to content

[3.2.2] - update release notes and airgap images #961

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 12, 2025
Merged

[3.2.2] - update release notes and airgap images #961

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion asciidoc/edge-book/links.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@
:link-rancher-extensions: https://ranchermanager.docs.rancher.com/{rancher-docs-version}/integrations-in-rancher/rancher-extensions
:link-rancher-logging: https://ranchermanager.docs.rancher.com/{rancher-docs-version}/integrations-in-rancher/logging

:link-rancher-upstream-release: https://github.com/rancher/rancher/releases/tag/{release-tag-rancher}
:link-rancher-upstream-release: https://prime.ribs.rancher.io/rancher/{release-tag-rancher}/rancher-images.txt

:link-cert-manager-installation: https://cert-manager.io/v1.14-docs/installation/helm/#installing-with-helm

Expand Down
175 changes: 174 additions & 1 deletion asciidoc/edge-book/releasenotes.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[#release-notes]

= Abstract
:revdate: 2025-09-25
:revdate: 2025-11-12
:page-revdate: {revdate}
ifdef::env-github[]
:imagesdir: ../images/
Expand Down Expand Up @@ -32,6 +32,179 @@ For more information on product support lifecycle updates for SUSE Edge, see lin

NOTE: SUSE Edge z-stream releases are tightly integrated and thoroughly tested as a versioned stack. Upgrade of any individual components to a different versions to those listed above is likely to result in system downtime. While it's possible to run Edge clusters in untested configurations, it is not recommended, and it may take longer to provide resolution through the support channels.

[#release-notes-3-2-2]
= Release 3.2.2

Availability Date: 12th November 2025

Full Support End Date: 20th July 2025

Maintenance Support End Date: 20th January 2027

EOL: 21st January 2027

Summary: SUSE Edge 3.2.2 is the second z-stream release in the SUSE Edge 3.2 release stream.

== New Features

* Updated to Kubernetes 1.31.13 and Rancher Prime 2.10.10 https://github.com/rancher/rancher/releases/tag/v2.10.10[Release Notes]
* Updated to SUSE Security (Neuvector) 5.4.6 https://open-docs.neuvector.com/releasenotes/5x/#546-august-2025[Release Notes]
* Updated to Elemental 1.7.3 https://elemental.docs.rancher.com/release-notes[Release Notes]
* Updated to Edge Image Builder (EIB) 1.1.2 https://github.com/suse-edge/edge-image-builder/blob/release-1.1/RELEASE_NOTES.md#v112[Release Notes]

== Bug & Security Fixes

* SUSE Security (Neuvector) 5.4.6 contains several bugfixes https://open-docs.neuvector.com/releasenotes/5x/#bugs-fixed[Upstream Neuvector Bug Fixes]
* https://github.com/rancher/rke2/releases/tag/v1.31.13%2Brke2r1[RKE2 1.31.13] contains several updates and fixes, including resolution of an issue in certain deployments related to CPU affinity https://github.com/opencontainers/runc/pull/4858[Upstream runc issue]

== Known Issues

* When deploying via the directed network provisioning flow, a bug affects clusters with static IPs in networks with DHCP servers and/or RAs: static network configurations only apply to the provisioned host and will not be in effect during the host discovery and enrollment. Please refer to the https://github.com/suse-edge/atip/tree/main/telco-examples/edge-clusters/dhcp-less/dual-stack/single-node#readme[SUSE Edge for Telco examples repository] for more details and updates.
* When using `toolbox` in SUSE Linux Micro 6.0, the default container image does not contain some tools which were included in the previous 5.5 version. The workaround is to configure toolbox to use the previous `suse/sle-micro/5.5/toolbox` container image, see `toolbox --help` for options to configure the image.
* When updating to RKE2 1.31.7, which resolves https://nvd.nist.gov/vuln/detail/CVE-2025-1974[CVE-2025-1974], SUSE Linux Micro 6.0 *must* be updated to include kernel `>=6.4.0-26-default` or `>=6.4.0-30-rt` (real-time kernel) due to required SELinux kernel patches. If not applied, the ingress-nginx pod will remain in a `CrashLoopBackOff` state. To apply the kernel update run `transactional-update` on the host itself (to update all packages), or `transactional-update pkg update kernel-default` (or kernel-rt) to update just the kernel, then reboot the host. If deploying new clusters, please follow <<guides-kiwi-builder-images>> to build fresh images containing the latest kernel.
* A bug with Kubernetes Job Controller has been identified that on certain conditions it can cause the RKE2/K3s nodes to stay in `NotReady` state (see the https://github.com/rancher/rke2/issues/8357[#8357 RKE2 issue]). The errors can look like:

[,bash]
----
E0605 23:11:18.489721 1 job_controller.go:631] "Unhandled Error" err="syncing job: tracking status: adding uncounted pods to status: Operation cannot be fulfilled on jobs.batch \"helm-install-rke2-ingress-nginx\": StorageError: invalid object, Code: 4, Key: /registry/jobs/kube-system/helm-install-rke2-ingress-nginx, ResourceVersion: 0, AdditionalErrorMsg: Precondition failed: UID in precondition: 0aa6a781-7757-4c61-881a-cb1a4e47802c, UID in object meta: 6a320146-16b8-4f83-88c5-fc8b5a59a581" logger="UnhandledError"
----

As a workaround, the `kube-controller-manager` pod can be restarted with `crictl` as:

[,bash]
----
export CONTAINER_RUNTIME_ENDPOINT=unix:///run/k3s/containerd/containerd.sock
export KUBEMANAGER_POD=$(/var/lib/rancher/rke2/bin/crictl ps --label io.kubernetes.container.name=kube-controller-manager --quiet)
/var/lib/rancher/rke2/bin/crictl stop ${KUBEMANAGER_POD} && \
/var/lib/rancher/rke2/bin/crictl rm ${KUBEMANAGER_POD}
----

* On RKE2/K3s 1.31 and 1.32 versions, the directory `/etc/cni` being used to store CNI configurations may not trigger a notification of the files being written there to `containerd` due to certain conditions related to `overlayfs` (see the https://github.com/rancher/rke2/issues/8356[#8356 RKE2 issue]). This in turn results in the deployment of RKE2/K3s to get stuck waiting for the CNI to start, and the RKE2/K3s nodes to stay in `NotReady` state. This can be seen at node level with `kubectl describe node <affected_node>`:

[,bash]
----
​​Conditions:
Type Status LastHeartbeatTime LastTransitionTime Reason Message
---- ------ ----------------- ------------------ ------ -------
Ready False Thu, 05 Jun 2025 17:41:28 +0000 Thu, 05 Jun 2025 14:38:16 +0000 KubeletNotReady container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:Network plugin returns error: cni plugin not initialized
----

As a workaround, a tmpfs volume can be mounted at the `/etc/cni` directory before RKE2 starts. It avoids the usage of overlayfs which results in containerd missing notifications and the configs should get rewritten every time the node is restarted and the pods initcontainers run again. If using EIB, this can be a `04-tmpfs-cni.sh` script in the `custom/scripts` directory (as explained here[https://github.com/suse-edge/edge-image-builder/blob/release-1.2/docs/building-images.md#custom]) that looks like:

[,bash]
----
#!/bin/bash
mkdir -p /etc/cni
mount -t tmpfs -o mode=0700,size=5M tmpfs /etc/cni
echo "tmpfs /etc/cni tmpfs defaults,size=5M,mode=0700 0 0" >> /etc/fstab
----

== Component Versions

The following table describes the individual components that make up the 3.2 release, including the version, the Helm chart version (if applicable), and from where the released artifact can be pulled in the binary format. Please follow the associated documentation for usage and deployment examples.

Items which have changed from the previous 3.2.1 release are highlighted in *bold*.

|======
| Name | Version | Helm Chart Version | Artifact Location (URL/Image)
| SUSE Linux Micro | 6.0 (latest) | N/A | https://www.suse.com/download/sle-micro/[SUSE Linux Micro Download Page] +
SL-Micro.x86_64-6.0-Base-SelfInstall-GM2.install.iso (sha256 bc7c3210c8a9b688d2713ad87f17e2c90cb99fd6dee1db528a5ff7f239cbcf79) +
SL-Micro.x86_64-6.0-Base-RT-SelfInstall-GM2.install.iso (sha256 8242895e21745aec15ef526a95272887fa95dd832782b2cea4a95f41493f6648) +
SL-Micro.x86_64-6.0-Base-GM2.raw.xz (sha256 7ae13d080e66c8b35624b6566b5eaff0875c8c141d0def9fbaee5876781ed81b) +
SL-Micro.x86_64-6.0-Base-RT-GM2.raw.xz (sha256 9a19078c062ab52c62c0254e11f5a5a9fac938fd094abff5aa5eac2ec00b2d4e) +
| SUSE Multi-Linux Manager | 5.0.2 | N/A | https://www.suse.com/download/suse-manager/[SUSE Multi-Linux Manager Download Page]
s| K3s s| 1.31.13 | N/A | https://github.com/k3s-io/k3s/releases/tag/v1.31.13%2Bk3s1[Upstream K3s Release]
s| RKE2 s| 1.31.13 | N/A | https://github.com/rancher/rke2/releases/tag/v1.31.13%2Brke2r1[Upstream RKE2 Release]
s| SUSE Rancher Prime s| 2.10.10 s| 2.10.10 | https://charts.rancher.com/server-charts/prime/index.yaml[Rancher Prime Helm Repository] +
https://prime.ribs.rancher.io/rancher/v2.10.10/rancher-images.txt[Rancher 2.10.10 Container Images]
| SUSE Storage | 1.7.3 | 105.1.1+up1.7.3 | https://charts.rancher.io/index.yaml[Rancher Charts Helm Repository] +
registry.suse.com/rancher/mirrored-longhornio-csi-attacher:v4.8.0 +
registry.suse.com/rancher/mirrored-longhornio-csi-provisioner:v4.0.1-20250204 +
registry.suse.com/rancher/mirrored-longhornio-csi-resizer:v1.13.1 +
registry.suse.com/rancher/mirrored-longhornio-csi-snapshotter:v7.0.2-20250204 +
registry.suse.com/rancher/mirrored-longhornio-csi-node-driver-registrar:v2.13.0 +
registry.suse.com/rancher/mirrored-longhornio-livenessprobe:v2.15.0 +
registry.suse.com/rancher/mirrored-longhornio-backing-image-manager:v1.7.3 +
registry.suse.com/rancher/mirrored-longhornio-longhorn-engine:v1.7.3 +
registry.suse.com/rancher/mirrored-longhornio-longhorn-instance-manager:v1.7.3 +
registry.suse.com/rancher/mirrored-longhornio-longhorn-manager:v1.7.3 +
registry.suse.com/rancher/mirrored-longhornio-longhorn-share-manager:v1.7.3 +
registry.suse.com/rancher/mirrored-longhornio-longhorn-ui:v1.7.3 +
registry.suse.com/rancher/mirrored-longhornio-support-bundle-kit:v0.0.51 +
registry.suse.com/rancher/mirrored-longhornio-longhorn-cli:v1.7.3 +
s| SUSE Security s| 5.4.6 s| 105.0.5+up2.8.8 | https://charts.rancher.io/index.yaml[Rancher Charts Helm Repository] +
*registry.suse.com/rancher/neuvector-controller:5.4.6* +
*registry.suse.com/rancher/neuvector-enforcer:5.4.6* +
*registry.suse.com/rancher/neuvector-manager:5.4.6* +
*registry.suse.com/rancher/neuvector-compliance-config:1.0.7* +
*registry.suse.com/rancher/neuvector-registry-adapter:0.1.7* +
*registry.suse.com/rancher/neuvector-scanner:6* +
*registry.suse.com/rancher/neuvector-updater:0.0.5*
| Rancher Turtles (CAPI) | 0.14.1 | 302.0.0+up0.14.1 | registry.suse.com/edge/3.2/rancher-turtles-chart:302.0.0_up0.14.1 +
registry.rancher.com/rancher/rancher/turtles:v0.14.1 +
registry.rancher.com/rancher/cluster-api-operator:v0.14.0 +
registry.rancher.com/rancher/cluster-api-metal3-controller:v1.8.2 +
registry.rancher.com/rancher/cluster-api-metal3-ipam-controller:v1.8.1 +
registry.suse.com/rancher/cluster-api-controller:v1.8.4 +
registry.suse.com/rancher/cluster-api-provider-rke2-bootstrap:v0.9.0 +
registry.suse.com/rancher/cluster-api-provider-rke2-controlplane:v0.9.0
| Metal^3^ | 0.9.4 | 302.0.1+up0.9.4 |registry.suse.com/edge/3.2/metal3-chart:302.0.1_up0.9.4 +
registry.suse.com/edge/3.2/baremetal-operator:0.8.0 +
registry.suse.com/edge/3.2/ironic:26.1.2.3 +
registry.suse.com/edge/3.2/ironic-ipa-downloader:3.0.1 +
registry.suse.com/edge/3.2/kube-rbac-proxy:0.18.1 +
registry.suse.com/edge/mariadb:10.6.15.1
| MetalLB | 0.14.8 | 302.0.1+up0.14.9 | registry.suse.com/edge/3.2/metallb-chart:302.0.1_up0.14.9 +
registry.suse.com/edge/3.2/metallb-controller:v0.14.8 +
registry.suse.com/edge/3.2/metallb-speaker:v0.14.8 +
registry.suse.com/edge/3.2/frr:8.4 +
registry.suse.com/edge/3.2/frr-k8s:v0.0.14 +
registry.suse.com/edge/3.2/kube-rbac-proxy:0.18.1
s| Elemental s| 1.7.3 s| 1.7.3 | *registry.suse.com/rancher/elemental-operator-chart:1.7.3* +
*registry.suse.com/rancher/elemental-operator-crds-chart:1.7.3* +
*registry.suse.com/rancher/elemental-operator:1.7.3*
| Elemental Dashboard Extension | 3.0.0 | 3.0.0 | link:https://github.com/rancher/ui-plugin-charts/tree/3.2.0/charts/elemental/3.0.0[Elemental Extension Helm Chart]
s| Edge Image Builder s| 1.1.2 | N/A | *registry.suse.com/edge/3.2/edge-image-builder:1.1.2*
| NM Configurator | 0.3.1 | N/A | https://github.com/suse-edge/nm-configurator/releases/tag/v0.3.1[NMConfigurator Upstream Release]
| KubeVirt | 1.3.1 | 302.0.0+up0.4.0 | registry.suse.com/edge/3.2/kubevirt-chart:302.0.0_up0.4.0 +
registry.suse.com/suse/sles/15.6/virt-operator:1.3.1 +
registry.suse.com/suse/sles/15.6/virt-api:1.3.1 +
registry.suse.com/suse/sles/15.6/virt-controller:1.3.1 +
registry.suse.com/suse/sles/15.6/virt-exportproxy:1.3.1 +
registry.suse.com/suse/sles/15.6/virt-exportserver:1.3.1 +
registry.suse.com/suse/sles/15.6/virt-handler:1.3.1 +
registry.suse.com/suse/sles/15.6/virt-launcher:1.3.1
| KubeVirt Dashboard Extension | 1.2.1 | 302.0.0+up1.2.1 | registry.suse.com/edge/3.2/kubevirt-dashboard-extension-chart:302.0.0_up1.2.1
| Containerized Data Importer | 1.60.1 | 302.0.0+up0.4.0 | registry.suse.com/edge/3.2/cdi-chart:302.0.0_up0.4.0 +
registry.suse.com/suse/sles/15.6/cdi-operator:1.60.1 +
registry.suse.com/suse/sles/15.6/cdi-controller:1.60.1 +
registry.suse.com/suse/sles/15.6/cdi-importer:1.60.1 +
registry.suse.com/suse/sles/15.6/cdi-cloner:1.60.1 +
registry.suse.com/suse/sles/15.6/cdi-apiserver:1.60.1 +
registry.suse.com/suse/sles/15.6/cdi-uploadserver:1.60.1 +
registry.suse.com/suse/sles/15.6/cdi-uploadproxy:1.60.1
| Endpoint Copier Operator | 0.2.0 | 302.0.0+up0.2.1 | registry.suse.com/edge/3.2/endpoint-copier-operator-chart:302.0.0_up0.2.1 +
registry.suse.com/edge/3.2/endpoint-copier-operator:0.2.0
| Akri (Tech Preview) | 0.12.20 | 302.0.0+up0.12.20 | registry.suse.com/edge/3.2/akri-chart:302.0.0_up0.12.20 +
registry.suse.com/edge/3.2/akri-dashboard-extension-chart:302.0.0_up1.2.1 +
registry.suse.com/edge/3.2/akri-agent:v0.12.20 +
registry.suse.com/edge/3.2/akri-controller:v0.12.20 +
registry.suse.com/edge/3.2/akri-debug-echo-discovery-handler:v0.12.20 +
registry.suse.com/edge/3.2/akri-onvif-discovery-handler:v0.12.20 +
registry.suse.com/edge/3.2/akri-opcua-discovery-handler:v0.12.20 +
registry.suse.com/edge/3.2/akri-udev-discovery-handler:v0.12.20 +
registry.suse.com/edge/3.2/akri-webhook-configuration:v0.12.20
| SR-IOV Network Operator | 1.4.0 | 302.0.0+up1.4.0 | registry.suse.com/edge/3.2/sriov-network-operator-chart:302.0.0_up1.4.0 +
registry.suse.com/edge/3.2/sriov-crd-chart:302.0.0_up1.4.0
| System Upgrade Controller | 0.14.2 | 105.0.1 | https://charts.rancher.io/index.yaml[Rancher Charts Helm Repository] +
registry.suse.com/rancher/system-upgrade-controller:v0.14.2
| Upgrade Controller | 0.1.1 | 302.0.0+up0.1.1 | registry.suse.com/edge/3.2/upgrade-controller-chart:302.0.0_up0.1.1 +
registry.suse.com/edge/3.2/upgrade-controller:0.1.1 +
registry.suse.com/edge/3.2/kubectl:1.30.3 +
*registry.suse.com/edge/3.2/release-manifest:3.2.2*
| Kiwi Builder | 10.2.12.0 | N/A | registry.suse.com/edge/3.2/kiwi-builder:10.2.12.0
|======

[#release-notes-3-2-1]
= Release 3.2.1

Expand Down
36 changes: 18 additions & 18 deletions asciidoc/edge-book/versions.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
// ============================================================================
:revdate: 2025-06-17
:revdate: 2025-11-12
:page-revdate: {revdate}
// Automatic Version Substitutions
//
Expand All @@ -10,7 +10,7 @@
// ============================================================================

// == General Edge ==
:version-edge: 3.2.1
:version-edge: 3.2.2
:version-edge-registry: 3.2

// == SUSE Linux Micro ==
Expand All @@ -20,7 +20,7 @@
:version-sl-micro: 6.0

// == Edge Image Builder ==
:version-eib: 1.1.1
:version-eib: 1.1.2
:version-eib-api-latest: 1.1

// KubeVirt
Expand All @@ -30,16 +30,16 @@
:version-kubevirt-release: v1.3.1

// == Component Versions ==
:version-rancher-prime: 2.10.3
:version-rancher-prime: 2.10.10
:version-cert-manager: 1.15.3
:version-elemental-operator: 1.6.5
:version-elemental-operator: 1.7.3
:version-longhorn: 1.7.3
:version-neuvector: 5.4.2
:version-neuvector: 5.4.6
:version-kubevirt: 1.3.1
:version-endpoint-copier-operator: 0.2.0
:version-suc: 0.14.2
:version-nm-configurator: 0.3.1
:version-fleet: 0.11.4
:version-fleet: 0.11.11
:version-cdi: 1.60.1
:version-nvidia-device-plugin: 0.14.5
:version-kiwi-builder: 10.2.12.0
Expand All @@ -53,8 +53,8 @@
:release-tag-eib: release-1.1
:release-tag-edge-charts: release-3.2
:release-tag-atip: release-3.2
:release-tag-fleet-examples: release-3.2.1
:release-tag-rancher: v2.10.3
:release-tag-fleet-examples: release-3.2.2
:release-tag-rancher: v2.10.10


// ============================================================================
Expand All @@ -64,29 +64,29 @@
// and should not be renamed without thinking through the implications.
// ============================================================================

:version-kubernetes-k3s: v1.31.7+k3s1
:version-kubernetes-rke2: v1.31.7+rke2r1
:version-kubernetes-k3s: v1.31.13+k3s1
:version-kubernetes-rke2: v1.31.13+rke2r1

:version-operatingsystem: 6.0

:version-akri-chart: 302.0.0+up0.12.20
:version-akri-dashboard-extension-chart: 302.0.0+up1.2.1
:version-cdi-chart: 302.0.0+up0.4.0
:version-elemental-operator-chart: 105.0.1+up1.6.5
:version-elemental-operator-crds-chart: 105.0.1+up1.6.5
:version-elemental-operator-chart: 105.1.0+up1.7.3
:version-elemental-operator-crds-chart: 105.1.0+up1.7.3
:version-endpoint-copier-operator-chart: 302.0.0+up0.2.1
:version-fleet-chart: 105.0.4+up0.11.4
:version-fleet-chart: 105.1.4+up0.11.11
:version-kubevirt-chart: 302.0.0+up0.4.0
:version-kubevirt-dashboard-extension-chart: 302.0.0+up1.2.1
:version-longhorn-chart: 105.1.1+up1.7.3
:version-longhorn-crd-chart: 105.1.1+up1.7.3
:version-longhorn-docs: 1.7.3
:version-metal3-chart: 302.0.1+up0.9.4
:version-metallb-chart: 302.0.1+up0.14.9
:version-neuvector-chart: 105.0.1+up2.8.4
:version-neuvector-crd-chart: 105.0.1+up2.8.4
:version-neuvector-dashboard-extension-chart: 2.0.1
:version-rancher-chart: 2.10.3
:version-neuvector-chart: 105.0.5+up2.8.8
:version-neuvector-crd-chart: 105.0.5+up2.8.8
:version-neuvector-dashboard-extension-chart: 2.1.3
:version-rancher-chart: 2.10.10
:version-rancher-turtles-chart: 302.0.0+up0.14.1
:version-sriov-crd-chart: 302.0.0+up1.4.0
:version-sriov-network-operator-chart: 302.0.0+up1.4.0
Expand Down
Loading