3.3.14¶
(2021-12-20)
Components¶
Component |
Version |
---|---|
MKE |
3.3.14 |
Interlock |
3.3.1 |
Interlock NGINX proxy |
1.21.1 |
CSI Attacher |
2.1.1 |
CSI Provisioner |
1.4.0 |
CSI Snapshotter |
1.2.2 |
CSI Resizer |
0.4.0 |
CSI Node Driver Registrar |
1.2.0 |
CSI Liveness Probe |
1.1.0 |
Openstack Cinder CSI plugin |
1.20.3 |
What’s new¶
[FIELD-4313] MKE now logs
DesiredStrictAffinity
messages at the debug level.
Bug fixes¶
Fixed an issue with the MSR web UI wherein SAML users could fail to be redirected to MSR after login (MKE-1344).
Fixed links to the release notes in the MKE web UI (FIELD-4297, FIELD-4307).
Fixed various layout issues in the MKE web UI Admin Settings > Mirantis Secure Registry page (FIELD-4224, FIELD-4216).
Fixed an issue wherein a number of Kuberenetes-related components repeatedly restarted while content trust was enabled (FIELD-4491).
Fixed an issue with the MKE web UI wherein the
mke-containers
anducp-backup
volumes were not tagged as system resources (FIELD-4456).Improved the presentation of nodes in the MKE web UI (FIELD-4444).
Known issues¶
The
calico-node
firewalld-policy
init container can disable the docker ingress routing mesh when reloading firewalld (FIELD-4200).Workaround:
Prevent the issue from recurring by disabling firewalld:
sudo systemctl disable --now firewalld
Restore missing iptables chains by restarting dockerd:
sudo systemctl restart docker
Note
Restarting dockerd stops all containers on the corresponding node. The node capacity will not be available to the cluster until the node returns to a healthy state in MKE. You must restart dockerd on manager nodes one node at a time, confirming the health of each one in MKE before moving on to the next.
Confirm issue resolution by checking for the presence of the
DOCKER-INGRESS
iptables chain:sudo iptables --list DOCKER-INGRESS
Expected output:
Chain DOCKER-INGRESS (2 references) target prot opt source destination [...]
CLI-based support dumps are unavailable on Windows worker nodes (MKE-8538).
Workaround:
For Swarm-orchestrated Windows nodes, use the MKE web UI to obtain a support bundle. For Kubernetes-orchestrated Windows nodes, you must manually collect the logs.