rancher · salasberryfin · Feb 11, 2026 · Feb 11, 2026
@@ -15,7 +15,7 @@ spec:
         - --use-service-account-credentials=true
         - --configure-cloud-routes=false
       image: |-
-        tag: v1.32.1
+        tag: v1.35.0
       nodeSelector: |-
         ${- if contains "RKE2ControlPlane" ( .ClusterValues | quote ) }
         node-role.kubernetes.io/control-plane: "true"
@@ -24,39 +24,39 @@ spec:
         ${- end }
     values:
       clusterRoleRules:
-      - apiGroups:
-        - ""
-        resources:
-        - events
-        - nodes
-        - nodes/status
-        - services
-        - services/status
-        - serviceaccounts
-        - persistentvolumes
-        - configmaps
-        - serviceaccounts/token
-        - endpoints
-        verbs:
-        - '*'
-      - apiGroups:
-        - coordination.k8s.io
-        resources:
-        - leases
-        verbs:
-        - create
-        - get
-        - list
-        - watch
-        - update
+        - apiGroups:
+            - ""
+          resources:
+            - events
+            - nodes
+            - nodes/status
+            - services
+            - services/status
+            - serviceaccounts
+            - persistentvolumes
+            - configmaps
+            - serviceaccounts/token
+            - endpoints
+          verbs:
+            - "*"
+        - apiGroups:
+            - coordination.k8s.io
+          resources:
+            - leases
+          verbs:
+            - create
+            - get
+            - list
+            - watch
+            - update
   insecureSkipTLSVerify: true
   targets:
-  - clusterSelector:
-      matchLabels:
-        cloud-provider: aws
-      matchExpressions:
-      - key: clusterclass-name.fleet.addons.cluster.x-k8s.io
-        operator: In
-        values: 
-        - aws-rke2-example
-        - aws-kubeadm-example
+    - clusterSelector:
+        matchLabels:
+          cloud-provider: aws
+        matchExpressions:
+          - key: clusterclass-name.fleet.addons.cluster.x-k8s.io
+            operator: In
+            values:
+              - aws-rke2-example
+              - aws-kubeadm-example
@@ -1,9 +1,9 @@
 managementClusterName: rancher-turtles-e2e
 
 images:
-# Use local dev images built source tree;
-- name: "{TURTLES_IMAGE}:{TURTLES_VERSION}"
-  loadBehavior: tryLoad
+  # Use local dev images built source tree;
+  - name: "{TURTLES_IMAGE}:{TURTLES_VERSION}"
+    loadBehavior: tryLoad
 
 intervals:
   default/wait-controllers: ["15m", "10s"]
@@ -38,45 +38,56 @@ variables:
   SECRET_KEYS: "NGROK_AUTHTOKEN,NGROK_API_KEY,RANCHER_HOSTNAME,RANCHER_PASSWORD,CAPG_ENCODED_CREDS,AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,AZURE_SUBSCRIPTION_ID,AZURE_CLIENT_ID,AZURE_CLIENT_SECRET,AZURE_TENANT_ID,GCP_PROJECT,GCP_NETWORK_NAME,GCP_IMAGE_ID,VSPHERE_TLS_THUMBPRINT,VSPHERE_SERVER,VSPHERE_DATACENTER,VSPHERE_DATASTORE,VSPHERE_FOLDER,VSPHERE_TEMPLATE,VSPHERE_NETWORK,VSPHERE_RESOURCE_POOL,VSPHERE_USERNAME,VSPHERE_PASSWORD,VSPHERE_KUBE_VIP_IP_KUBEADM,VSPHERE_KUBE_VIP_IP_RKE2,DOCKER_REGISTRY_TOKEN,DOCKER_REGISTRY_USERNAME,DOCKER_REGISTRY_CONFIG"
 
   # Kubernetes Configuration
-  KUBERNETES_VERSION: "v1.34.0" # Depends on kindest/node
-  KUBERNETES_MANAGEMENT_VERSION: "v1.34.0" # Depends on kindest/node for kind environments.
-  RKE2_VERSION: "v1.34.1+rke2r1"
+  KUBERNETES_VERSION: "v1.35.0" # Depends on kindest/node
+  # Kubernetes version used for the Rancher/CAPI management cluster
+  KUBERNETES_MANAGEMENT_VERSION: "v1.34.0"
+  # The cluster used in chart_upgrade must run a Kubernetes version compatible with an older version of Rancher
+  #   - Use v1.34.0 for Rancher 2.13.2 compatibility (requires < v1.35.0)
+  KUBERNETES_MANAGEMENT_VERSION_CHART_UPGRADE: "v1.34.0"
+
+  # RKE2 specifics
+  RKE2_KUBERNETES_VERSION: "v1.35.0+rke2r1"
   RKE2_CNI: "none"
 
+  # These two values are used for provisioning a CAPI v1.10 cluster (`v1beta1`) in the chart_upgrade test -> Kubernetes <=v1.33
+  KUBERNETES_V1BETA1_VERSION: "v1.33.7"
+  RKE2_V1BETA1_KUBERNETES_VERSION: "v1.33.7+rke2r1"
+
   # Azure Configuration
   #
   # Azure Kubeadm tests need specific k8s version.
   # This is due to the limited availability of published AMIs.
   # For example: https://portal.azure.com/#view/Microsoft_Azure_ComputeHub/ComputeHubMenuBlade/~/communityImagesBrowse
   #              Filter `capi-ubun2-2404` images. Beware: not all versions are published on all regions.
-  AZURE_KUBERNETES_VERSION: "v1.34.1"
+  AZURE_KUBERNETES_VERSION: "v1.35.0"
   # For AKS available versions, run: az aks get-versions --location westeurope
-  AZURE_AKS_VERSION: "v1.33.3"
+  AZURE_AKS_KUBERNETES_VERSION: "v1.34.2"
 
   # AWS Configuration
   #
   # AWS Kubeadm tests need specific k8s version.
   # Images are self-built and need versioned kubernetes components. See docs/image-builder
-  AWS_KUBERNETES_VERSION: "v1.34.1"
+  AWS_KUBERNETES_VERSION: "v1.35.0"
   # EKS also needs versioned images, that may not be available for recent versions of k8s.
   # To verify availability, you can run: aws ssm get-parameter --name /aws/service/eks/optimized-ami/1.34/amazon-linux-2023/x86_64/standard/recommended/image_id
   # Recent versions will return a 'ParameterNotFound' error, preventing EKS from deploying.
-  AWS_EKS_VERSION: "v1.32.0" #See: https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/main/docs/proposal/20250922-nodeadm-bootstrap.md
+  AWS_EKS_VERSION: "v1.35.0" #See: https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/main/docs/proposal/20250922-nodeadm-bootstrap.md
   AWS_REGION: "eu-west-2"
   KUBERNETES_MANAGEMENT_AWS_REGION: "eu-west-2"
   AWS_CONTROL_PLANE_MACHINE_TYPE: "t3.large"
   AWS_NODE_MACHINE_TYPE: "t3.large"
   AWS_RKE2_CONTROL_PLANE_MACHINE_TYPE: "t3.xlarge"
   AWS_RKE2_NODE_MACHINE_TYPE: "t3.xlarge"
-  AWS_AMI_ID: "ami-055123d49b91c2827" # Private image. See docs/image-builder
+  AWS_AMI_ID: "ami-0f19b6377d50fa855" # Private image. See docs/image-builder
 
   # GCP Configuration
-  GCP_KUBERNETES_VERSION: "v1.34.1"
+  # Images are self-built and need versioned kubernetes components. See docs/image-builder
+  GCP_KUBERNETES_VERSION: "v1.35.0"
   GCP_MACHINE_TYPE: "n1-standard-2"
   GCP_REGION: "europe-west2"
-  GCP_IMAGE_ID: "cluster-api-ubuntu-2404-v1-34-1-1762253907" # Private image. See docs/image-builder
+  GCP_IMAGE_ID: "cluster-api-ubuntu-2404-v1-35-0-1770652401" # Private image. See docs/image-builder
   GCP_IMAGE_ID_FORMATTED: "" #Calculated at runtime: https://www.googleapis.com/compute/v1/projects/${GCP_PROJECT_ID}/global/images/${GCP_IMAGE_ID}"
-  
+
   # CLI Tool Paths
   CLUSTERCTL_BINARY_PATH: ""
   HELM_BINARY_PATH: "helm"
@@ -128,7 +139,7 @@ variables:
   GITEA_CHART_VERSION: "12.4.0"
   GITEA_USER_NAME: "gitea_admin"
   GITEA_USER_PWD: "password"
-  
+
   # Credentials used to pull images from docker.io
   DOCKER_REGISTRY_TOKEN: ""
   DOCKER_REGISTRY_USERNAME: ""

@@ -174,23 +174,17 @@ const (
 
 	BootstrapClusterNameVar = "BOOTSTRAP_CLUSTER_NAME"
 
-	KubernetesVersionVar      = "KUBERNETES_VERSION"
-	AWSKubernetesVersionVar   = "AWS_KUBERNETES_VERSION"
-	AzureKubernetesVersionVar = "AZURE_KUBERNETES_VERSION"
-	RancherHostnameVar        = "RANCHER_HOSTNAME"
+	RancherHostnameVar = "RANCHER_HOSTNAME"
 
 	ArtifactsFolderVar     = "ARTIFACTS_FOLDER"
 	UseExistingClusterVar  = "USE_EXISTING_CLUSTER"
 	HelmBinaryPathVar      = "HELM_BINARY_PATH"
-	TurtlesPathVar         = "TURTLES_PATH"
 	SkipResourceCleanupVar = "SKIP_RESOURCE_CLEANUP"
 	SkipDeletionTestVar    = "SKIP_DELETION_TEST"
 
-	TurtlesProvidersRepoNameVar = "TURTLES_PROVIDERS_REPO_NAME"
-	TurtlesProvidersUrlVar      = "TURTLES_PROVIDERS_URL"
-	TurtlesProvidersPathVar     = "TURTLES_PROVIDERS_PATH"
+	KubernetesVersionChartUpgradeVar = "KUBERNETES_MANAGEMENT_VERSION_CHART_UPGRADE"
 
-	RKE2VersionVar = "RKE2_VERSION"
+	RKE2VersionVar = "RKE2_KUBERNETES_VERSION"
 
 	AzureSubIDVar        = "AZURE_SUBSCRIPTION_ID"
 	AzureClientIDVar     = "AZURE_CLIENT_ID"
@@ -207,13 +201,6 @@ const (
 	CapiClusterOwnerNamespaceLabel = "cluster-api.cattle.io/capi-cluster-owner-ns"
 	OwnedLabelName                 = "cluster-api.cattle.io/owned"
 
-	GiteaRepoNameVar     = "GITEA_REPO_NAME"
-	GiteaRepoURLVar      = "GITEA_REPO_URL"
-	GiteaChartNameVar    = "GITEA_CHART_NAME"
-	GiteaChartVersionVar = "GITEA_CHART_VERSION"
-	GiteaUserNameVar     = "GITEA_USER_NAME"
-	GiteaUserPasswordVar = "GITEA_USER_PWD"
-
 	GCPImageIDVar          = "GCP_IMAGE_ID"
 	GCPImageIDFormattedVar = "GCP_IMAGE_ID_FORMATTED"
 	GCPProjectIDVar        = "GCP_PROJECT"

@@ -39,7 +39,7 @@ spec:
         value: none
       - name: awsClusterIdentityName
         value: cluster-identity
-    version: ${RKE2_VERSION}
+    version: ${RKE2_KUBERNETES_VERSION}
     workers:
       machineDeployments:
         - class: default-worker

@@ -25,26 +25,26 @@ spec:
   clusterNetwork:
     pods:
       cidrBlocks:
-      - 192.168.0.0/16
+        - 192.168.0.0/16
   topology:
     classRef:
       name: azure-aks-example
       namespace: ${TOPOLOGY_NAMESPACE}
     variables:
-    - name: subscriptionID
-      value: ${AZURE_SUBSCRIPTION_ID}
-    - name: location
-      value: germanywestcentral
-    - name: resourceGroup
-      value: highlander-e2e-azure-aks
-    - name: azureClusterIdentityName
-      value: cluster-identity
-    version: ${KUBERNETES_VERSION}
+      - name: subscriptionID
+        value: ${AZURE_SUBSCRIPTION_ID}
+      - name: location
+        value: germanywestcentral
+      - name: resourceGroup
+        value: highlander-e2e-azure-aks
+      - name: azureClusterIdentityName
+        value: cluster-identity
+    version: ${AZURE_AKS_KUBERNETES_VERSION}
     workers:
       machinePools:
-      - class: default-system
-        name: system-1
-        replicas: 1
-      - class: default-worker
-        name: worker-1
-        replicas: 1
+        - class: default-system
+          name: system-1
+          replicas: 1
+        - class: default-worker
+          name: worker-1
+          replicas: 1
@@ -1,20 +1,20 @@
-apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
-kind: AzureClusterIdentity
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  labels:
-    clusterctl.cluster.x-k8s.io/move-hierarchy: "true"
-  name: cluster-identity
-  namespace: ${NAMESPACE}
-spec:
-  allowedNamespaces: {}
-  clientID: ${AZURE_CLIENT_ID}
-  clientSecret:
-    name: cluster-identity-secret
-    namespace: capz-system
-  tenantID: ${AZURE_TENANT_ID}
-  type: ServicePrincipal
+# apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+# kind: AzureClusterIdentity
+# metadata:
+#   annotations:
+#     "helm.sh/resource-policy": keep
+#   labels:
+#     clusterctl.cluster.x-k8s.io/move-hierarchy: "true"
+#   name: cluster-identity
+#   namespace: ${NAMESPACE}
+# spec:
+#   allowedNamespaces: {}
+#   clientID: ${AZURE_CLIENT_ID}
+#   clientSecret:
+#     name: cluster-identity-secret
+#     namespace: capz-system
+#   tenantID: ${AZURE_TENANT_ID}
+#   type: ServicePrincipal
 ---
 apiVersion: cluster.x-k8s.io/v1beta2
 kind: Cluster
@@ -29,26 +29,25 @@ spec:
   clusterNetwork:
     pods:
       cidrBlocks:
-      - 192.168.0.0/16
+        - 192.168.0.0/16
   topology:
     classRef:
       name: azure-rke2-example
       namespace: ${TOPOLOGY_NAMESPACE}
     controlPlane:
       replicas: 3
     variables:
-    - name: subscriptionID
-      value: ${AZURE_SUBSCRIPTION_ID}
-    - name: location
-      value: germanywestcentral
-    - name: resourceGroup
-      value: highlander-e2e-azure-rke2
-    - name: azureClusterIdentityName
-      value: cluster-identity
-    version: ${RKE2_VERSION}
+      - name: subscriptionID
+        value: ${AZURE_SUBSCRIPTION_ID}
+      - name: location
+        value: germanywestcentral
+      - name: resourceGroup
+        value: highlander-e2e-azure-rke2
+      - name: azureClusterIdentityName
+        value: cluster-identity
+    version: ${RKE2_KUBERNETES_VERSION}
     workers:
       machineDeployments:
-      - class: rke2-default-worker
-        name: md-0
-        replicas: 3
-
+        - class: rke2-default-worker
+          name: md-0
+          replicas: 3
@@ -29,7 +29,7 @@ spec:
       value: kindest/node:${KUBERNETES_VERSION}
     - name: dockerAuthSecret
       value: '${CLUSTER_NAME}-docker-token'
-    version: ${RKE2_VERSION}
+    version: ${RKE2_KUBERNETES_VERSION}
     workers:
       machineDeployments:
       - class: default-worker

@@ -25,10 +25,10 @@ spec:
       - name: rke2CNI
         value: ${RKE2_CNI}
       - name: dockerImage
-        value: kindest/node:${KUBERNETES_VERSION}
+        value: kindest/node:${KUBERNETES_V1BETA1_VERSION}
       - name: dockerAuthSecret
         value: "${CLUSTER_NAME}-docker-token"
-    version: ${RKE2_VERSION}
+    version: ${RKE2_V1BETA1_KUBERNETES_VERSION}
     workers:
       machineDeployments:
         - class: default-worker

@@ -36,7 +36,7 @@ spec:
     classRef:
       name: vsphere-rke2-example
       namespace: ${TOPOLOGY_NAMESPACE}
-    version: ${RKE2_VERSION}
+    version: ${RKE2_KUBERNETES_VERSION}
     controlPlane:
       replicas: ${CONTROL_PLANE_MACHINE_COUNT}
     workers:

@@ -88,10 +88,9 @@ var _ = SynchronizedBeforeSuite(
 
 		e2eConfig.ManagementClusterName = e2eConfig.ManagementClusterName + "-chart-upgrade"
 		setupClusterResult = testenv.SetupTestCluster(ctx, testenv.SetupTestClusterInput{
-			E2EConfig: e2eConfig,
-			Scheme:    e2e.InitScheme(),
-			// Use v1.32.0 for Rancher 2.12.3 compatibility (requires < v1.34.0) and v1.33 causes issues with CAAPF
-			KubernetesVersion: "v1.32.0",
+			E2EConfig:         e2eConfig,
+			Scheme:            e2e.InitScheme(),
+			KubernetesVersion: e2eConfig.GetVariableOrEmpty(e2e.KubernetesVersionChartUpgradeVar),
 		})
 
 		testenv.DeployCertManager(ctx, testenv.DeployCertManagerInput{