Mirantis Kubernetes Engine API limitations

To ensure the Mirantis Container Cloud stability in managing the Container Cloud-based Mirantis Kubernetes Engine (MKE) clusters, the following MKE API functionality is not available for the Container Cloud-based MKE clusters as compared to the MKE clusters that are deployed not by Container Cloud. Use the Container Cloud web UI or CLI for this functionality instead.

Public APIs limitations in a Container Cloud-based MKE cluster

API endpoint

Limitation

GET /swarm

Swarm Join Tokens are filtered out for all users, including admins.

PUT /api/ucp/config-toml

All requests are forbidden.

POST /nodes/{id}/update

Requests for the following changes are forbidden:

  • Change Role

  • Add or remove the com.docker.ucp.orchestrator.swarm and com.docker.ucp.orchestrator.kubernetes labels.

DELETE /nodes/{id}

All requests are forbidden.

Since 2.25.1, Container Cloud does not override changes in MKE configuration except the following list of parameters that are automatically managed by Container Cloud and are always overridden when modified using the MKE API. However, you can manually configure a few options from this list using the Cluster object of a Container Cloud cluster. They are labeled with the superscript in the table. For details, see the Comments column.

MKE options managed by Container Cloud

Configuration option name

Option parameters

Comments

audit_log_configuration

  • level

  • support_dump_include_audit_logs

auth

  • backend

  • default_new_user_role

  • samlEnabled

auth.external_identity_provider

All

hardening_configuration

  • hardening_enabled

  • limit_kernel_capabilities

  • pids_limit_int

  • pids_limit_k8s

  • pids_limit_swarm

scheduling_configuration

All

tracking_configuration

cluster_label

cluster_config

  • calico_ip_auto_method

  • calico_mtu

  • calico_vxlan_mtu

  • calico_vxlan_port

  • calico_vxlan

  • cloud_provider

  • controller_port

  • custom_kube_api_server_flags

  • custom_kube_controller_manager_flags

  • custom_kube_scheduler_flags

  • custom_kubelet_flags

  • etcd_storage_quota

  • exclude_server_identity_headers

  • ipip_mtu

  • kube_api_server_auditing

  • kube_api_server_profiling_enabled

  • kube_apiserver_port

  • kube_protect_kernel_defaults

  • local_volume_collection_mapping

  • manager_kube_reserved_resources

  • metrics_retention_time

  • metrics_scrape_interval

  • nodeport_range

  • pod_cidr

  • priv_attributes_allowed_for_service_accounts

  • priv_attributes_service_accounts

  • profiling_enabled

  • prometheus_memory_limit

  • prometheus_memory_request

  • secure_overlay

  • service_cluster_ip_range

  • swarm_port

  • swarm_strategy

  • unmanaged_cni

  • vxlan_vni

  • worker_kube_reserved_resources

  • For calico_mtu, use the spec:providerSpec:value:calico:mtu parameter in the Cluster object. For details, see Set the MTU size for Calico.

  • For etcd_storage_quota, use the spec:providerSpec:value:etcd:storageQuota parameter in the Cluster object. For details, see Increase storage quota for etcd.

  • For priv_attributes parameters, you can add custom options on top of existing parameters using the MKE API.