3.4.9

(2022-04-05)

Components

Component

Version

MKE

3.4.9

Kubernetes

1.20.11

Calico

3.19.1

Calico for Windows

3.19.1

Interlock

3.3.3

Interlock NGINX proxy

1.21.1

Istio Ingress

1.4.10

CoreDNS

1.7.0

RethinkDB

2.3.6

etcd

3.4.16

CSI Attacher

2.1.1

CSI Provisioner

1.4.0

CSI Snapshotter

1.2.2

CSI Resizer

0.4.0

CSI Node Driver Registrar

1.2.0

CSI Liveness Probe

1.1.0

Openstack Cinder CSI plugin

1.20.3

What’s new

  • [MKE-8692] The Interlock proxy NGINX can now be run in debugging mode, which you must enable manually. Mirantis recommends that you not use debugging mode in production environments.

Bug fixes

  • [FIELD-4691] Fixed an issue with the backup and restore processes wherein the default timeout duration was not long enough to accommodate certain use cases. The default timeout duration is increased to 30 minutes and you can now customize the duration by using the optional --timeout flag with the backup and restore commands.

  • [FIELD-4629] Fixed an issue wherein there was excessive white space in the Interlock config template.

  • [FIELD-4623] Fixed an issue with the MKE web UI wherein the <user name> > Admin Settings > Upgrade page did not always report accurate upgrade options information.

  • [FIELD-4572] Fixed an issue with the MKE API wherein the output of GET /containers/json requests did not filter the running containers.

  • [FIELD-4567] Fixed an issue wherein attempts to sync LDAP groups aborted when the group was empty.

  • [FIELD-4459] Fixed an issue wherein licenses that are invalid or removed caused all custom collections to reset to the default collection.

  • [FIELD-4407] Fixed an issue wherein specifying a URI SAN using the --san flag with the install command caused the installation to fail.

  • [FIELD-4317] Fixed an issue with the MKE web UI wherein navigating to Dashboard > Manage Users & Teams and clicking the manually creating a user account link produced a blank page.

  • [MKE-8738] Fixed an issue with unmounting containerd snapshots on Windows nodes.

  • [MKE-8524, FIELD-4252] Fixed an issue with Windows nodes wherein restarting Kubernetes services did not stop containerd tasks.

  • [MKE-8524, FIELD-4252] Improved the resiliency of containerd components on Windows nodes.

  • [MKE-8783] MKE installation and upgrade now require the use of Mirantis Container Runtime (MCR) version 20.10.0 or later.

  • [FIELD-4713] Improved the performance of the MKE API for docker build commands.

  • [FIELD-4684] Added a banner warning to the MKE web UI concerning the expiration of client root CA certificates.

  • [FIELD-4684] The UCP client root CA certificate lifetime for new MKE clusters is now 20 years, extended from the previous 5-year lifetime.

  • [MKE-8538] Added documentation that enables the downloading of a limited support bundle on Windows nodes. Refer to Use PowerShell to obtain a support bundle for more information.

Known issues

  • [FIELD-4200] The calico-node firewalld-policy init container can disable the docker ingress routing mesh when reloading firewalld.

    Workaround:

    1. Prevent the issue from recurring by disabling firewalld:

      sudo systemctl disable --now firewalld
      
    2. Restore missing iptables chains by restarting dockerd:

      sudo systemctl restart docker
      

      Note

      Restarting dockerd stops all containers on the corresponding node. The node capacity will not be available to the cluster until the node returns to a healthy state in MKE. You must restart dockerd on manager nodes one node at a time, confirming the health of each one in MKE before moving on to the next.

    3. Confirm issue resolution by checking for the presence of the DOCKER-INGRESS iptables chain:

      sudo iptables --list DOCKER-INGRESS
      

      Expected output:

      Chain DOCKER-INGRESS (2 references)
      target     prot opt source               destination
      [...]
      
  • [MKE-8538] Only limited support bundles are available on Windows worker nodes.

    Workaround:

    Manually collect the Windows worker node logs.