Container management platform Rancher 2.4 is now available, providing users with rolling updates for RKE clusters, improved scaling, CIS scanning capabilities, and more.

The first, according to Rancher’s Tom Callway, is something many Rancher customers using RKE, the company’s Kubernetes distribution running within Docker containers, have been looking forward to for a while. “The blue/green approach to updating hasn’t really matched the velocity that they needed in their continuous deployment environments. They want to be able to leverage the latest features of Kubernetes. And they want those upgrades to happen as quickly as possible.”

Rolling updates in RKE are meant to help with that, and have been used by cloud providers for a while to provide maximum uptime. The system is now able to update one node at a time, with configuration options available to go for either maximum availability updates (one node at a time) or quick upgrading (several nodes at once). Should users run into problems in the process, version 2.4 also brings support for “rolling back both the etcd database and the Kubernetes configuration in a single operation” to get to the last known state.

Since Rancher is mainly focussing on enterprise users, the company has used the current release to also improve on security features. “In 2.3,” Callway points out, “we had a feature called cluster templates, which allowed administrators to form sort of their own best practice security configuration around the cluster and deploy that consistently across their infrastructure.

“We’ve taken that a step further with something called CIS scan, where we’re actually establishing the best practices from the CIS benchmark for the Kuberentes standard. We built that into the product itself, and people can run ad-hoc scans against their clusters.” 

Rancher will then flag up inconsistencies such as configuration drifts and make recommendations as to how to fix them. Other somewhat security related enhancements include the new option to customise global roles and assign them to groups.

As in earlier versions, the Rancher team has also worked on making the tool more useful in various edge-related use cases and laid some groundwork for upcoming releases. This time, the team focussed on some under the hood improvements “in order to architecturally support running up to a million clusters.”

Building upon that, Rancher is looking “to introduce the fleet management capabilities that are necessary to run these tens of thousands of clusters consistently from a single pane of glass” later this year.

If that doesn’t sound like a particularly reasonable size for you, you might have to start thinking a bit more long-term. “We’re looking very much to the future,” Callways said. “We had the release of K3s last year, which is our lightweight Kubernetes distribution built for low-power remote environments.”

“That has taken off massively, with [..] customers looking to use it in the telco industry, or banking, retail, and lots of manufacturing. I think generally, these customers are looking at using data hungry workloads, the sort of AI/ML type workloads, 5G workloads, and try to get those as close to the end user as possible to satisfy their low latency requirements.”

Speaking of K3s, starting with this release, the distro is now supported by Rancher HA. Also, clusters imported from K3s can be upgraded from within Rancher, since the platform now detects them and offers a couple of new options when editing clusters. 

Experimental features in the new version come in the form of a preview for the new Rancher UI, and support for the Open Policy Agent Gatekeeper operator, which can be accessed via said UI. More details can be found in the release notes, which also include some upgrade information.

And if you feel like day to day operations are tricky enough, the company is now trying a hosted Rancher offering as well. “It is not fully managed Rancher, we are not managing downstream clusters,” Callway quickly pointed out. “We’re providing existing Platinum customers, so people who we already engage with, with the option to have Rancher hosted for them in an environment using our best practice and our reference architecture.”

The initial environment for this will be AWS, with plans to look into additional options later on. “It’s currently limited to the control plane, but depending on the kind of response we get from customers, maybe we’ll extend that coverage to downstream clusters. But for now, it’s just about providing three nines SLA for Rancher.” Sounds almost comforting, hm?