Mirantis Kubernetes Engine API limitations

To ensure the Mirantis Container Cloud stability in managing the Container Cloud-based Mirantis Kubernetes Engine (MKE) clusters, the following MKE API functionality is not available for the Container Cloud-based MKE clusters as compared to the MKE clusters that are deployed not by Container Cloud. Use the Container Cloud web UI or CLI for this functionality instead.

Public APIs limitations in a Container Cloud-based MKE cluster

API endpoint

Limitation

GET /swarm

Swarm Join Tokens are filtered out for all users, including admins.

PUT /api/ucp/config-toml

All requests are forbidden.

POST /nodes/{id}/update

Requests for the following changes are forbidden:

  • Change Role

  • Add or remove the com.docker.ucp.orchestrator.swarm and com.docker.ucp.orchestrator.kubernetes labels.

DELETE /nodes/{id}

All requests are forbidden.

Since 2.25.1, Container Cloud does not override changes in MKE configuration except the following list of parameters that are automatically managed by Container Cloud and are always overridden when modified using the MKE API. However, you can manually configure a few options from this list using the Cluster object of a Container Cloud cluster. They are labeled with the superscript in the table. For details, see the Comments column.

MKE options managed by Container Cloud

Configuration option name

Option parameters

Comments

audit_log_configuration

  • level

  • support_dump_include_audit_logs

You can enable this option either using MKE API with no Container Cloud overrides or using the Cluster object of a Container Cloud cluster. For details, see Configure Kubernetes auditing and profiling and MKE documentation: MKE audit logging.

If enabled using the Cluster object, use the same object to disable the option. Otherwise, it will be overridden by Container Cloud.

auth

  • backend

  • default_new_user_role

  • samlEnabled

auth.external_identity_provider

All

hardening_configuration

  • hardening_enabled

  • limit_kernel_capabilities

  • pids_limit_int

  • pids_limit_k8s

  • pids_limit_swarm

scheduling_configuration

All

tracking_configuration

cluster_label

cluster_config

  • calico_ip_auto_method

  • calico_mtu

  • calico_vxlan_mtu

  • calico_vxlan_port

  • calico_vxlan

  • cloud_provider

  • controller_port

  • custom_kube_api_server_flags

  • custom_kube_controller_manager_flags

  • custom_kube_scheduler_flags

  • custom_kubelet_flags

  • etcd_storage_quota

  • exclude_server_identity_headers

  • ipip_mtu

  • kube_api_server_auditing

  • kube_api_server_profiling_enabled

  • kube_apiserver_port

  • kube_protect_kernel_defaults

  • local_volume_collection_mapping

  • manager_kube_reserved_resources

  • metrics_retention_time

  • metrics_scrape_interval

  • nodeport_range

  • pod_cidr

  • priv_attributes_allowed_for_service_accounts

  • priv_attributes_service_accounts

  • profiling_enabled

  • prometheus_memory_limit

  • prometheus_memory_request

  • secure_overlay

  • service_cluster_ip_range

  • swarm_port

  • swarm_strategy

  • unmanaged_cni

  • vxlan_vni

  • worker_kube_reserved_resources

To enable the following options, use the spec:providerSpec:value section in the Cluster object:

For priv_attributes parameters, you can add custom options on top of existing parameters using the MKE API.