In upgrading to MKE 3.5.x, be aware that MKE versions 3.5.0 - 3.5.5 each run a version of etcd that is older than the version Mirantis includes with MKE 3.4.12. As such, MKE 3.4.12 can only be upgraded to MKE 3.5.6 or later. Parallel to this, it is necessary to target MKE 3.6.1 or later when upgrading from MKE 3.5.6 to 3.6.x.
The etcd component, by design, will not accept a downgrade of itself.
Updated Interlock to version 3.3.7. This includes:
Interlock security fixes [MKE-9121]
Moby security fixes [MKE-9118]
An improved service cluster removal process. Now, when removing a service cluster, Interlock removes all of the Interlock services that the service cluster previously used, while leaving the user services intact [MKE-8708].
[FIELD-5273] Added the public
/supportendpoint to the MKE API for the collection of cluster-wide support bundles.
[MKE-9110] Fixed an issue wherein IPVS mode was inoperable on kernel version 5.11 or later.
[FIELD-4544] Fixed an issue wherein the Pod event page in the MKE web UI did not display events.
[FIELD-4909] Fixed an issue wherein MKE failed to collect network data for RHEL 7.9 in the support bundle.
Use of Node Feature Discovery (NFD) Pods can result in a crash loop in Linux systems that run MCR 20.10.8 and earlier (moby/moby#42836).
As a workaround, update MCR to version 20.10.9 or later.
As MKE does not support cgroup v2 on Linux platforms, RHEL 9.0 users will be unable to use the software due to cgroup v2 default enablement.
As a workaround, RHEL 9.0 users must disable cgroup v2.
Major component versions¶
Interlock NGINX proxy
Updated to the following middleware component versions to resolve vulnerabilities in MKE:
Interlock 3.3.7 [MKE-9166]
CoreDNS 1.9.4 [MKE-8939, FIELD-5113]
Calico 3.22.4 [MKE-8807]
OpenSSL 3.0.7 [MKE-9302]
FlexVolume drivers, including iSCSI and SMB, are deprecated in Kubernetes, and as such they will be made unavailable in a future MKE release. The CSI plugins that will remain available are detailed in Use CSI drivers.