MKE 3.4.6 did not release in conjunction with a new MCR patch version. As such, unlike with previous releases, you cannot simultaneously upgrade the two products.
Updated Kubernetes to version 1.20.11 to address CVE-2021-25741 (MKE-8572).
nvidia_device_pluginsetting to the MKE configuration file, which you can use to enable the NVIDIA device plugin (MKE-8387).
During the pre-upgrade process, MKE now verifies whether the ports newly required for the upgrade version are available and accessible on Linux nodes (MKE-8275).
Added a cleanup step to the uninstall process pertaining to Calico CNI files in
/etc/cnithat are deployed by kubectl apply. All other files and subdirectories in that location are left in place (MKE-7674).
--unmanaged-cnioption to the ucp uninstall-ucp command. Those who used
--unmanaged-cnito install MKE in
Unmanaged CNImode must use
--unmanaged-cniwhen uninstalling MKE. By omitting the
/etc/cnicleanup step from the uninstall process, the
--unmanaged-cnioption leaves all user-supplied CNI configuration files intact (MKE-7674).
Added a checkbox to the MKE web UI Upgrade Management Plane on the <username> > Admin Settings > Upgrade page to indicate that SELinux is enabled when generating an MKE upgrade string (FIELD-2698).
Mirantis no longer supports legacy Docker Hub-issued licenses for MKE installation (MKE-8350).
To request a JWT license, contact firstname.lastname@example.org.
Fixed an issue with the MKE web UI wherein modifications to the <user name> > Admin Settings > Ingress page reset to the default settings upon being saved (MKE-8478).
Fixed an issue with the MKE web UI wherein the product was referred to as UCP on the <user name> > Admin Settings > Authentication & Authorization page (MKE-8437).
Fixed an issue with the MKE web UI wherein the log text could not be differentiated from the background because they were the same color (FIELD-4241).
Fixed an issue with the MKE web UI wherein the Upgrade Now feature on the <user name> > Admin Settings > Upgrade page failed to initiate upgrade (FIELD-4230).
Fixed an issue wherein using a JWT license with an MKE instance that manages MCR caused MCR to log error messages (FIELD-4201).
Fixed an issue with the MKE web UI wherein clicking the Pod options icon on the Pod details page caused the vulnerability data to disappear (FIELD-3859).
Fixed an issue wherein Pods could not be removed if the associated image pull secret has been previously deleted (FIELD-3638).
This bug fix was reported in error, as the solution requires that you run a later version of Kubernetes, specifically Kubernetes 1.21.3. We apologize for any inconvenience.
firewalld-policyinit container can disable the docker ingress routing mesh when reloading firewalld (FIELD-4200).
Prevent the issue from recurring by disabling firewalld:
sudo systemctl disable --now firewalld
Restore missing iptables chains by restarting dockerd:
sudo systemctl restart docker
Restarting dockerd stops all containers on the corresponding node. The node capacity will not be available to the cluster until the node returns to a healthy state in MKE. You must restart dockerd on manager nodes one node at a time, confirming the health of each node in MKE before moving on to the next.
Confirm that the issue is no longer present by checking for the presence of the
sudo iptables --list DOCKER-INGRESS
Chain DOCKER-INGRESS (2 references) target prot opt source destination [...]
Major component versions¶
Interlock NGINX proxy
CSI Node Driver Registrar
CSI Liveness Probe
Openstack Cinder CSI plugin