This article provides information on current plans which are subject to change for any or no reason and Rancher is only responsible for supporting configurations that are currently found in its official Support and Maintenance Terms of Service.
Updated: 8/24 to reflect Docker CE update
Updated: 10/8/2020 to reflect post Rancher 2.5 RKE and K3s updates.
Rancher Labs will support RHEL/CentOS 8 as part of the Rancher 2.5 release.
RHEL 8 will be supported in Rancher 2.5 across all Rancher Kubernetes distributions. In the latest versions of the operating system, version 1.8+ of iptables in nft mode became the default. This comes with the benefit of being more scalable and performant than previous versions. Under normal operation, the host is able to detect which mode iptables is running in. In a containerized Kubernetes environment, detecting the mode is more difficult. To address this Rancher is developing a lightweight wrapper called iptables-detect to determine which mode to operate within a container.
RKE Government shipped with RHEL/CentOS 8 support with Rancher 2.5.0. The distribution leverages containerd and runs as a process on the host leveraging native binaries to detect iptables mode.
K3s support for RHEL 8/ CentOS 8 is planned for release in November 2020 as an update to Rancher 2.5. K3s will be installed as a binary on the host with its containerd runtime and userspace tools. K3s will run on the host and leverage the host level binaries to detect the iptables mode. For containerized CNI plugins provided by Rancher Labs, the iptables-detect script will be used when needed.
For RKE 1, Docker shipped 19.03 binaries compatible with CentOS 8 and we will investigate leveraging these once K3s support has been added. The RPMs will install Docker CE and use the host level binaries to detect iptables in nftables mode. The containerized components of an RKE install like kubelet, kube-proxy and CNI plugins will all make use of the iptables-detect script.