3.4.15

Important

MKE 3.4.15 is the final patch release for MKE 3.4.x as that version of the software reached end of life (EOL) status on 2022-04-11. In correlation, Mirantis has halted maintenance of the MKE 3.4 documentation set.

(2023-05-16)

Caution

In upgrading to MKE 3.5.x, be aware that MKE versions 3.5.0 - 3.5.8 each run a version of etcd that is older than the version Mirantis includes with MKE 3.4.15. As such, MKE 3.4.15 can only be upgraded to MKE 3.5.9 or later.

The etcd component, by design, will not accept a downgrade of itself.

Components

Component

Version

MKE

3.4.15

Golang

1.19.8

Kubernetes

1.20.15

Calico

3.22.4

Calico for Windows

3.22.4

Interlock

3.3.10

Interlock NGINX proxy

1.23.4-alpine

Istio Ingress

1.4.10

CoreDNS

1.9.4

RethinkDB

2.3.7

etcd

3.5.8

Alpine Linux

3.16

Node Feature Discovery

0.11.1

Prometheus

2.6.0

NVIDIA Device Plugin

1.0.19

NVIDIA GPU Feature Discovery

0.6.2

Enhancements

  • [MKE-9679] Addition of option to limit kernel capabilities in Interlock 3.3.10.

Addressed issues

  • [FIELD-5885] Fixed an issue wherein the readiness/liveness probe of calico-kube-controllers failed.

  • [FIELD-5764] Fixed an issue wherein user status in MKE DB did not sync with LDAP in JIT mode. Note that users who are not available through LDAP search will be deactivated in MKE as a result of the periodic sync.

  • [MKE-9620] Fixed an issue wherein MKE Swarm Interlock created service tasks that did not have a health check defined.

  • [MKE-9619] Fixed an issue wherein ucp-interlock-config was created as

    part of the default bridge network.

  • [MKE-9343] Fixed an issue in the MKE web UI wherein the Renewal Threshold Minutes setting at guilabel:Admin Settings` > guilabel:auth would not accept 0 as a value.

  • [MKE-9541] Removed the build Kubernetes Compose applications function from the MKE web UI, which has long been broken due to the deprecation of the underlying APIs.

  • [MKE-9130] Fixed an issue wherein SANs provided with the --san flag at installation were not shared between all manager nodes.

  • [FIELD-5877] Fixed an issue wherein Calico components were sometimes redeployed following ucp-cluster-agent restarts.

Security information

  • Updated to the following middleware component versions to resolve vulnerabilities in MKE:

    • Upgraded etcd to to version 3.5.8 [FIELD-6014]

    • Upgraded to Go to version 1.19.8 [FIELD-6018]

    • Upgraded Interlock to version 3.3.10 [MKE-9734], which mitigates vulnerabilities and introduces the following component updates:

      • Golang 1.19.8 [FIELD-5823]

      • NGINX 1.23.4 [FIELD-5823]

      • Alpine 3.16.5 [FIELD-5823]

      • containerd 1.6.19 [FIELD-5823]

Deprecations

Not applicable.

Known issues

  • Use of Node Feature Discovery (NFD) Pods can result in a crash loop in Linux systems that run MCR 20.10.8 and earlier (moby/moby#42836).

    As a workaround, update MCR to version 20.10.9 or later.

  • As MKE does not support cgroup v2 on Linux platforms, RHEL 9.0 users will be unable to use the software due to cgroup v2 default enablement.

    As a workaround, RHEL 9.0 users must disable cgroup v2.