3.3.13¶
(2021-10-6)
Components¶
Component |
Version |
---|---|
MKE |
3.3.13 |
Interlock |
3.2.4 |
Interlock NGINX proxy |
1.21.1 |
CSI Attacher |
2.1.1 |
CSI Provisioner |
1.4.0 |
CSI Snapshotter |
1.2.2 |
CSI Resizer |
0.4.0 |
CSI Node Driver Registrar |
1.2.0 |
CSI Liveness Probe |
1.1.0 |
Openstack Cinder CSI plugin |
1.20.3 |
What’s new¶
MKE 3.3.13 did not release in conjunction with a new MCR patch version. As such, unlike with previous releases, you cannot simultaneously upgrade the two products.
Added the
nvidia_device_plugin
setting to the MKE configuration file, which you can use to enable the NVIDIA device plugin (MKE-8387).Added a cleanup step to the uninstall process pertaining to Calico CNI files in
/etc/cni
that are deployed by kubectl apply. All other files and subdirectories in that location are left in place (MKE-7674).Added the
--unmanaged-cni
option to the ucp uninstall-ucp command. Those who used--unmanaged-cni
to install MKE inUnmanaged CNI
mode must use--unmanaged-cni
when uninstalling MKE. By omitting the/etc/cni
cleanup step from the uninstall process,--unmanaged-cni
option leaves all user-supplied CNI configuration files intact (MKE-7674).Added a checkbox to the MKE web UI Upgrade Management Plane on the <username> > Admin Settings > Upgrade page to indicate that SELinux is enabled when generating an MKE upgrade string (FIELD-2698).
Mirantis no longer supports legacy Docker Hub-issued licenses for MKE installation (MKE-8350).
To request a JWT license, contact support@mirantis.com.
Bug fixes¶
Fixed an issue with the MKE web UI wherein the product was referred to as UCP on the <user name> > Admin Settings > Authentication & Authorization page (MKE-8437).
Fixed an issue with the MKE web UI wherein the Upgrade Now feature on the <user name> > Admin Settings > Upgrade page failed to initiate upgrade (FIELD-4230).
Fixed an issue wherein using a JWT license with an MKE instance that manages MCR caused MCR to log error messages (FIELD-4201).
Fixed an issue with the MKE web UI wherein enabling the option to hide the Swarm UI caused Collections and Stacks not to display under Kubernetes in the left-side menu (FIELD-3929).
Fixed an issue with the MKE web UI wherein clicking the Pod options icon on the Pod details page caused the vulnerability data to disappear (FIELD-3859).
Backported a resolution for CVE-2021-25741 from the upstream Kubernetes fix (MKE-8580).
Fixed an issue wherein Pods could not be removed if the associated image pull secret has been previously deleted (FIELD-3638).
Correction
This bug fix was reported in error, as the solution requires that you run a later version of Kubernetes, specifically Kubernetes 1.21.3. We apologize for any inconvenience.
Known issue¶
The
calico-node
firewalld-policy
init container can disable the docker ingress routing mesh when reloading firewalld (FIELD-4200).Workaround:
Prevent the issue from recurring by disabling firewalld:
sudo systemctl disable --now firewalld
Restore missing iptables chains by restarting dockerd:
sudo systemctl restart docker
Note
Restarting dockerd stops all containers on the corresponding node. The node capacity will not be available to the cluster until the node returns to a healthy state in MKE. You must restart dockerd on manager nodes one node at a time, confirming the health of each node in MKE before moving on to the next.
Confirm that the issue is no longer present by checking for the presence of the
DOCKER-INGRESS
iptables chain:sudo iptables --list DOCKER-INGRESS
Expected output:
Chain DOCKER-INGRESS (2 references) target prot opt source destination [...]