3.3.14

(2021-12-20)

Components

Component

Version

MKE

3.3.14

Kubernetes

1.18.19

Calico

3.18.4

Calico for Windows

3.18.4

Interlock

3.3.1

Interlock NGINX proxy

1.21.1

Istio Ingress

1.4.10

CoreDNS

1.7.0

RethinkDB

2.3.6

etcd

3.4.3

CSI Attacher

2.1.1

CSI Provisioner

1.4.0

CSI Snapshotter

1.2.2

CSI Resizer

0.4.0

CSI Node Driver Registrar

1.2.0

CSI Liveness Probe

1.1.0

Openstack Cinder CSI plugin

1.20.3

What’s new

  • [FIELD-4313] MKE now logs DesiredStrictAffinity messages at the debug level.

Bug fixes

  • Fixed an issue with the MSR web UI wherein SAML users could fail to be redirected to MSR after login (MKE-1344).

  • Fixed links to the release notes in the MKE web UI (FIELD-4297, FIELD-4307).

  • Fixed various layout issues in the MKE web UI Admin Settings > Mirantis Secure Registry page (FIELD-4224, FIELD-4216).

  • Fixed an issue wherein a number of Kuberenetes-related components repeatedly restarted while content trust was enabled (FIELD-4491).

  • Fixed an issue with the MKE web UI wherein the mke-containers and ucp-backup volumes were not tagged as system resources (FIELD-4456).

  • Improved the presentation of nodes in the MKE web UI (FIELD-4444).

Known issues

  • The calico-node firewalld-policy init container can disable the docker ingress routing mesh when reloading firewalld (FIELD-4200).

    Workaround:

    1. Prevent the issue from recurring by disabling firewalld:

      sudo systemctl disable --now firewalld
      
    2. Restore missing iptables chains by restarting dockerd:

      sudo systemctl restart docker
      

      Note

      Restarting dockerd stops all containers on the corresponding node. The node capacity will not be available to the cluster until the node returns to a healthy state in MKE. You must restart dockerd on manager nodes one node at a time, confirming the health of each one in MKE before moving on to the next.

    3. Confirm issue resolution by checking for the presence of the DOCKER-INGRESS iptables chain:

      sudo iptables --list DOCKER-INGRESS
      

      Expected output:

      Chain DOCKER-INGRESS (2 references)
      target     prot opt source               destination
      [...]
      
  • CLI-based support dumps are unavailable on Windows worker nodes (MKE-8538).

    Workaround:

    For Swarm-orchestrated Windows nodes, use the MKE web UI to obtain a support bundle. For Kubernetes-orchestrated Windows nodes, you must manually collect the logs.