3.4.7¶
(2021-12-20)
Enhancements¶
MKE now logs
DesiredStrictAffinity
messages at the debug level (FIELD-4313).
Addressed issues¶
Fixed an issue with the MSR web UI wherein SAML users could fail to be redirected to MSR after login (MKE-1344).
Fixed an issue with
etcd
disk space use in Swarm-only installations (FIELD-4458).Fixed an issue with the performance of
docker service ls
when used with the MKE client bundle and docker daemon 20.10.x (FIELD-4409).Removed the Kubernetes API documentation link from the MKE web UI left-side navigation panel while in Swarm-only mode (FIELD-4331).
Fixed various layout issues in the MKE web UI Admin Settings > Mirantis Secure Registry page (FIELD-4224, FIELD-4216).
Fixed an issue with the MKE web UI wherein modifications to the <user name> > Admin Settings > Ingress page reset to the default settings upon being saved (MKE-8478).
The MKE 3.4.6 release notes report the issue as resolved. The fix, however, was not merged until MKE 3.4.7.
Fixed an issue wherein a number of Kuberenetes-related components repeatedly restarted while content trust was enabled (FIELD-4491).
Fixed an issue with the MKE web UI wherein the
mke-containers
anducp-backup
volumes were not tagged as system resources (FIELD-4456).Improved the presentation of nodes in the MKE web UI (FIELD-4444).
Fixed an issue with the MKE web UI wherein grant information did not display on the <user name> > My Profile > My Grants page (FIELD-4445).
Port 12387 is no longer verified during upgrade in Swarm-only mode (MKE-8640).
Known issues¶
The
calico-node
firewalld-policy
init container can disable the docker ingress routing mesh when reloading firewalld (FIELD-4200).Workaround:
Prevent the issue from recurring by disabling firewalld:
sudo systemctl disable --now firewalld
Restore missing iptables chains by restarting dockerd:
sudo systemctl restart docker
Note
Restarting dockerd stops all containers on the corresponding node. The node capacity will not be available to the cluster until the node returns to a healthy state in MKE. You must restart dockerd on manager nodes one node at a time, confirming the health of each one in MKE before moving on to the next.
Confirm issue resolution by checking for the presence of the
DOCKER-INGRESS
iptables chain:sudo iptables --list DOCKER-INGRESS
Expected output:
Chain DOCKER-INGRESS (2 references) target prot opt source destination [...]
CLI-based support dumps are unavailable on Windows worker nodes (MKE-8538).
Workaround:
For Swarm-orchestrated Windows nodes, use the MKE web UI to obtain a support bundle. For Kubernetes-orchestrated Windows nodes, you must manually collect the logs.
Major component versions¶
Component |
Version |
---|---|
MKE |
3.4.7 |
Interlock |
3.3.1 |
Interlock NGINX proxy |
1.21.1 |
CSI Attacher |
2.1.1 |
CSI Provisioner |
1.4.0 |
CSI Snapshotter |
1.2.2 |
CSI Resizer |
0.4.0 |
CSI Node Driver Registrar |
1.2.0 |
CSI Liveness Probe |
1.1.0 |
Openstack Cinder CSI plugin |
1.20.3 |