Detail on the new features introduced in MKE 3.5.0 includes:
OpenID Connect (OIDC)¶
MKE 3.5.0 supports the use of OpenID Connect (OIDC) in authenticating users who implement a trusted external identity provider. OIDC adds security and simplifies the sign-in process.
Implemented a small, highly stable MKE configuration that supports only Swarm orchestration.
MKE 3.5.0 supports using OpsCare to anticipate cluster issues, routing notifications from your MKE deployment directly to Mirantis support engineers who will help resolve your problem.
NGINX Ingress Controller¶
MKE 3.5.0 replaces Istio Ingress with NGINX Ingress Controller
ingress-nginx), for the management of ingress traffic using the Kubernetes
Ingress rules. With only one controller to manage, NGINX Ingress Controller
simplifies the user experience.
Mutual Transport Layer Security (mTLS)¶
With MKE 3.5.0, Interlock supports using Mutual Transport Layer Security (mTLS), a process of Zero Trust mutual authentication that uses X.509 certificates. Common uses for mTLS are to verify users, devices, and servers and to maintain API security.
IPVS and eBPF networking options¶
MKE 3.5.0 supports the following service and cluster networking options, in addition to kube-proxy with iptables proxier:
Enable kube-proxy with ipvs proxier at install time (managed or unmanaged CNI).
Enable eBPF mode at install time (managed or unmanaged CNI).
Switch an existing cluster to kube-proxy with ipvs proxier (managed CNI only).
Switch an existing cluster to eBPF mode (managed CNI only).
MKE 3.5.0 supports backup scheduling and the setting of backup notifications.