3.4.12

(2022-11-17)

Components

What’s new

  • Updated Interlock to version 3.3.7. This includes:

    • Interlock security fixes [MKE-9121]

    • Moby security fixes [MKE-9118]

    • An improved service cluster removal process. Now, when removing a service cluster, Interlock removes all of the Interlock services that the service cluster previously used, while leaving the user services intact [MKE-8708].

  • [FIELD-5273] Added the public /support endpoint to the MKE API for the collection of cluster-wide support bundles.

Addressed issues

  • [MKE-9110] Fixed an issue wherein IPVS mode was inoperable on kernel version 5.11 or later.

  • [FIELD-4544] Fixed an issue wherein the Pod event page in the MKE web UI did not display events.

  • [FIELD-4909] Fixed an issue wherein MKE failed to collect network data for RHEL 7.9 in the support bundle.

Security information

  • Updated to the following middleware component versions to resolve vulnerabilities in MKE:

    • Interlock 3.3.7 [MKE-9166]

    • CoreDNS 1.9.4 [MKE-8939, FIELD-5113]

    • Calico 3.22.4 [MKE-8807]

    • OpenSSL 3.0.7 [MKE-9302]

Deprecations

  • FlexVolume drivers, including iSCSI and SMB, are deprecated in Kubernetes, and as such they will be made unavailable in a future MKE release. The CSI plugins that will remain available are detailed in Use CSI drivers.

Known issues

  • Use of Node Feature Discovery (NFD) Pods can result in a crash loop in Linux systems that run MCR 20.10.8 and earlier (moby/moby#42836).

    As a workaround, update MCR to version 20.10.9 or later.

  • As MKE does not support cgroup v2 on Linux platforms, RHEL 9.0 users will be unable to use the software due to cgroup v2 default enablement.

    As a workaround, RHEL 9.0 users must disable cgroup v2.