RN200986: Known issue in Raynet One 2026.2 [RTM]
Runner Image configuration adjustments needed for migrating to 2026.2
Applies to:
Raynet One 2026.2
Description:
Version 26.2 switches the runner container from a root-based to a rootless image. This improves security but requires configuration adjustments for existing deployments.
Workaround:
Option 1 – Keep Running as Root (Quick Fix)
Add the following to your Docker Compose service to retain the previous behavior:
1 user: "0:0"
Option 2 – Use Rootless Image (Recommended)
Due to changed file access permissions on the SQLite database file, the existing runner volume
must be removed and the runner re-enrolled after the update:
1. Stop the runner and remove the existing data volume.
2. Update the runner to 26.2.
3. Re-enroll the runner.
4. Add the following network scanning configuration to your Docker Compose service:
1 sysctls:
2 net.ipv4.ping_group_range: "0 2147483647"
3 net.ipv4.ip_unprivileged_port_start: 591
4
5 cap_add:
6 - NET_RAW
7 - NET_BIND_SERVICE
Helm Chart users: Apply the same sysctls and cap_add settings in your values under securityContext and podSecurityContext accordingly.
When migrating to 2026.2 Custom SSL Certificates configuration may be needed for Runner Images
Applies to:
Raynet One 2026.2
Description:
In case you are using custom ssl certificates as part of your Raynet One deployment the
configuration of those will need to be adjusted as the existing ways are not compatible with the new rootless raynet one containers.
Workaround:
1. Remove any previously configured custom entrypoints for SSL certificate installation from your Docker Compose service or Helm chart.
2. Add the following environment variable and volume mapping to your Docker Compose service:
1 environment:
2 SSL_CERT_DIR: /usr/local/share/ca-certificates/certs/
3
4 volumes:
5 ./certs/:/usr/local/share/ca-certificates/certs/(Note: This configuration expects the certificates to be available in a certs folder next to the compose file)
Comments