3.4.6

(2021-10-6)

Enhancements

  • MKE 3.4.6 did not release in conjunction with a new MCR patch version. As such, unlike with previous releases, you cannot simultaneously upgrade the two products.

  • Updated Kubernetes to version 1.20.11 to address CVE-2021-25741 (MKE-8572).

  • Added the nvidia_device_plugin setting to the MKE configuration file, which you can use to enable the NVIDIA device plugin (MKE-8387).

  • During the pre-upgrade process, MKE now verifies whether the ports newly required for the upgrade version are available and accessible on Linux nodes (MKE-8275).

  • Added a cleanup step to the uninstall process pertaining to Calico CNI files in /etc/cni that are deployed by kubectl apply. All other files and subdirectories in that location are left in place (MKE-7674).

  • Added the --unmanaged-cni option to the ucp uninstall-ucp command. Those who used --unmanaged-cni to install MKE in Unmanaged CNI mode must use --unmanaged-cni when uninstalling MKE. By omitting the /etc/cni cleanup step from the uninstall process, the --unmanaged-cni option leaves all user-supplied CNI configuration files intact (MKE-7674).

  • Added a checkbox to the MKE web UI Upgrade Management Plane on the <username> > Admin Settings > Upgrade page to indicate that SELinux is enabled when generating an MKE upgrade string (FIELD-2698).

  • Mirantis no longer supports legacy Docker Hub-issued licenses for MKE installation (MKE-8350).

    To request a JWT license, contact support@mirantis.com.

Addressed issues

  • Fixed an issue with the MKE web UI wherein modifications to the <user name> > Admin Settings > Ingress page reset to the default settings upon being saved (MKE-8478).

  • Fixed an issue with the MKE web UI wherein the product was referred to as UCP on the <user name> > Admin Settings > Authentication & Authorization page (MKE-8437).

  • Fixed an issue with the MKE web UI wherein the log text could not be differentiated from the background because they were the same color (FIELD-4241).

  • Fixed an issue with the MKE web UI wherein the Upgrade Now feature on the <user name> > Admin Settings > Upgrade page failed to initiate upgrade (FIELD-4230).

  • Fixed an issue wherein using a JWT license with an MKE instance that manages MCR caused MCR to log error messages (FIELD-4201).

  • Fixed an issue with the MKE web UI wherein clicking the Pod options icon on the Pod details page caused the vulnerability data to disappear (FIELD-3859).

  • Fixed an issue wherein Pods could not be removed if the associated image pull secret has been previously deleted (FIELD-3638).

    Correction

    This bug fix was reported in error, as the solution requires that you run a later version of Kubernetes, specifically Kubernetes 1.21.3. We apologize for any inconvenience.

Known issues

  • The calico-node firewalld-policy init container can disable the docker ingress routing mesh when reloading firewalld (FIELD-4200).

    Workaround:

    1. Prevent the issue from recurring by disabling firewalld:

      sudo systemctl disable --now firewalld
      
    2. Restore missing iptables chains by restarting dockerd:

      sudo systemctl restart docker
      

      Note

      Restarting dockerd stops all containers on the corresponding node. The node capacity will not be available to the cluster until the node returns to a healthy state in MKE. You must restart dockerd on manager nodes one node at a time, confirming the health of each node in MKE before moving on to the next.

    3. Confirm that the issue is no longer present by checking for the presence of the DOCKER-INGRESS iptables chain:

      sudo iptables --list DOCKER-INGRESS
      

      Expected output:

      Chain DOCKER-INGRESS (2 references)
      target     prot opt source               destination
      [...]
      

Major component versions

Component

Version

MKE

3.4.6

Kubernetes

1.20.11

Calico

3.19.1

Calico for Windows

3.19.1

Interlock

3.2.4

Interlock NGINX proxy

1.21.1

Istio Ingress

1.4.10

CoreDNS

1.7.0

RethinkDB

2.3.6

etcd

3.4.16

CSI Attacher

2.1.1

CSI Provisioner

1.4.0

CSI Snapshotter

1.2.2

CSI Resizer

0.4.0

CSI Node Driver Registrar

1.2.0

CSI Liveness Probe

1.1.0

Openstack Cinder CSI plugin

1.20.3