Users running kernel version 4.15 or earlier may encounter an issue wherein support dumps fail and nodes disconnect. Mirantis strongly recommends that these users either upgrade to kernel version 4.16 (or later) or upgrade to MKE 3.4.4.


  • Updated Kubernetes to version 1.20.5.

  • Administrators can now give permission to use one or more privileged pod attributes (such as specifying host networking usage or host IPC) to groups of non-administrator user accounts or non-cluster-admin service accounts. Administrators can choose different sets of attributes for each group (MKE-8252).

  • MKE now gives users the option to send the log and a support bundle to Mirantis Support when an upgrade fails (MKE-8133).

  • The ucp upgrade command now includes the checks subcommand, allowing you to run pre-upgrade checks only (MKE-8131).

  • MKE now includes a pod-cidr check in the MKE installer when using the VXLAN dataplane in an Azure environment (FIELD-3903).

  • Using the new --kubelet-data-root flag with ucp install, you can now configure the kubelet data root directory on Linux systems during new MKE installations (MKE-8268).

  • Using the new --containerd-root flag with ucp install, you can now configure the containerd root directory on Linux systems during new MKE installations. Any non-root directory containerd customizations must be made along with the root directory customizations prior to installation and with the --containerd-root flag omitted (MKE-7949).

Addressed issues

  • Fixed an issue wherein the default Interlock NGINX proxy server_names_hash_bucket_size could not handle very long host names, sometimes causing existing services to become unreachable. server_names_hash_bucket_size is now fully adaptive within hard bounds. (MKE-8262).

  • Fixed broken links to MKE documentation in the MKE web UI (FIELD-3459, FIELD-3683, FIELD-3839, FIELD-3843, FIELD-3845).

  • Fixed an issue wherein enabling HitlessServiceUpdate while a proxy update is in progress caused the proxy update to stop (FIELD-3623).

  • Fixed an issue wherein opening a network policy with matchExpressions returned a blank page in the MKE web UI (FIELD-2834).

  • Fixed an issue wherein two files remained in the ucp-backup volume (/var/lib/docker/volumes/ucp-backup) after the completion of the back-up process. Now, following back-up, only the back-up archive and log file (if included) remain (FIELD-3612).

  • Fixed an issue wherein users could not change new swarm configurations to use a non-default collection (FIELD-2297).

  • Fixed an issue wherein logs for pods with multiple containers did not display. The pods log view now includes a container selector (FIELD-3582).

  • Fixed an issue wherein MKE erroneously reported disconnected for drained nodes (FIELD-3771).

  • Fixed an issue with the MKE web UI wherein clicking on a gateway with an invalid configuration produced a blank page (FIELD-2562).

  • Fixed an issue in MKE 3.4.1 (discontinued) that prevented service creation from MKE client bundles and CI/CD pipeline deployment, and could interrupt MSR availability.

Known issues

  • After upgrading to MKE 3.4.0 or later, the strict affinity setting is enabled for Calico CNI and cannot be disabled. This can impact networking functionality in large Kubernetes clusters with a limited private IP space allocated for pods using the --pod-cidr MKE install flag.

    Mirantis strongly recommends that impacted customers wait to upgrade until this issue is resolved in an upcoming release (FIELD-4182).

Major component versions









Calico for Windows




Interlock NGINX proxy


Istio Ingress






CSI Attacher


CSI Provisioner


CSI Snapshotter


CSI Resizer


CSI Node Driver Registrar


CSI Liveness Probe