3.3.8

(2021-04-12)

Components

Component

Version

MKE

3.3.8

Kubernetes

1.18.14

Calico

3.14.1

Calico for Windows

3.12.1

Interlock

3.2.1

Interlock NGINX proxy

1.17.10

Istio Ingress

1.4.10

CoreDNS

1.7.0

etcd

3.4.3

CSI Attacher

2.1.1

CSI Provisioner

1.4.0

CSI Snapshotter

1.2.2

CSI Resizer

0.4.0

CSI Node Driver Registrar

1.2.0

CSI Liveness Probe

1.1.0

What’s new

  • Added the ability to rate your MKE experience on a five-star scale from within the MKE web UI (MKE-8151).

    Learn more

    Customer feedback

  • Added the ability to submit detailed feedback by opening a ticket from within the MKE web UI (MKE-8176).

    Learn more

    Customer feedback

  • Added the ability to send a support dump to Mirantis Customer Support from within the MKE web UI (MKE-8134).

    Learn more

    Get support

  • Added the ability to use the CLI to send a support dump to Mirantis Customer Support, by including the --submit option with the support command (MKE-8150).

    Learn more

  • The matchExpressions field now displays in the NetworkPolicy for both PodSelector and Ingress Rules (MKE-8074).

  • Added the allowPrivilegedPods setting, which when set to true enables users operating under the PodSecurityPolicy to create Kubernetes pods using the privileged parameter. Note that by default allowPrivilegedPods is set to false, under which users cannot create privileged pods even when their applicable PodSecurityPolicy specifies that they can do so.

    The new allowPrivilegedPods setting only applies to the authz admission controller (MKE-7960).

  • Compose-on-Kubernetes will be deprecated in a future release (ENGDOCS-959).

  • The LDAP search initiates stricter checks, and as such user syncing errors can no longer cause MKE users to be deactivated. User syncing now aborts when any of the following conditions are met:

    • An incorrect LDAP configuration is found

    • A configured LDAP URL is inaccessible

    • An LDAP URL that SearchResultReference points to is inaccessible

    (FIELD-3619).

  • MKE web UI dropdown options no longer display with a transparent background (MKE 8102).

  • MKE now enforces the HTTP Strict Transport Security (HTST) header with the following values: max-age=63072000; includeSubDomains (FIELD-2900).

  • Support dumps no longer contain false positives that suggest nonexistent IP or network overlaps (FIELD-2925).

Bug fixes

  • Fixed an issue wherein MKE 3.3.6 and 3.3.7 failed to install or upgrade when the Docker log-driver was not set to the default value of json-file (FIELD-3665).

  • Fixed an issue wherein users were unable to turn off service replicas in the web UI by setting their value to 0 (FIELD-3556).