In upgrading to MKE 3.5.x, be aware that MKE versions 3.5.0 - 3.5.5 each run a version of etcd that is older than the version Mirantis includes with MKE 3.4.13. As such, MKE 3.4.13 can only be upgraded to MKE 3.5.6 or later. Parallel to this, it is necessary to target MKE 3.6.1 or later when upgrading from MKE 3.5.6 and later to 3.6.x.

The etcd component, by design, will not accept a downgrade of itself.


  • Updated Interlock to version 3.3.8.

  • [FIELD-5564] Improved ucp-proxy reliability.

  • [FIELD-5452] Improved ucp-agent reliability.

  • [FIELD-5464] Addition of CLI support command options for individual node support dumps, including:

    • --loglines

    • --until

    • --since

    • --goroutine

Addressed issues

  • [FIELD-5492] Fixed an issue wherein the Swarm > Services > CPU reservation/limit field in the MKE web UI only accepted whole number CPU values rather than partial number values (for example, it accepted 1 but not 1.5), despite being labeled Nano CPU Shares.

  • [FIELD-5446] Fixed an issue wherein a zombie ucp-upgrader issue caused the silent failure of MKE upgrade.

  • [FIELD-5432] Fixed an issue wherein MKE manager node was stuck in Pending state.

  • [FIELD-3413] Fixed an issue in the MKE web UI wherein secret and config details displayed unrelated services.

Known issues

  • Use of Node Feature Discovery (NFD) Pods can result in a crash loop in Linux systems that run MCR 20.10.8 and earlier (moby/moby#42836).

    As a workaround, update MCR to version 20.10.9 or later.

  • As MKE does not support cgroup v2 on Linux platforms, RHEL 9.0 users will be unable to use the software due to cgroup v2 default enablement.

    As a workaround, RHEL 9.0 users must disable cgroup v2.

Major component versions

Security information

  • Updated to the following middleware component versions to resolve vulnerabilities in MKE:

    • Upgraded RethinkDB to version 2.3.7 [FIELD-5398]

    • Upgraded etcd to version 3.5.6 [MKE-9391]

    • Upgraded Interlock to version 3.3.8 [MKE-9190], which mitigates vulnerabilities and introduces the following component updates:

      • Golang 1.19.4 [FIELD-5448]

      • NGINX 1.23.2 [FIELD-5448]

      • Alpine 3.16.3 [FIELD-5448]

      • containerd 1.6.14 [FIELD-5448]


  • FlexVolume drivers, including iSCSI and SMB, are deprecated in Kubernetes, and as such they will be made unavailable in a future MKE release. The CSI plugins that will remain available are detailed in Use CSI drivers.