Addressed issues¶
Issues addressed in the MKE 3.5.10 release include:
[MKE-9743] Fixed non-compliance of
address
configuration inucp-kube-scheduler
container.Kubernetes scheduler now binds to 127.0.0.1 by default. Admins can return binding capability to all available network interfaces by configurating the new
kube_scheduler_bind_to_all
setting undercluster_config
in the MKE configuration file.[MKE-9742] Fixed controls 1.1.32 and 1.1.34 in the built-in CIS benchmark (and removed control 1.1.6 from the control list) to resolve non-compliance of the following configurations in
ucp-kube-api-server
container:insecure-port
authorization-mode/Node
encryption-provider-config
[MKE-9746] Fixed controls 2.1.1-2.1.4 and 2.1.10 in the built-in CIS benchmark to resolve non-compliance of the following configurations in the
ucp-kubelet
container:anonymous-auth
authorization-mode
client-ca-file
read-only-port
tls-cert-file
tls-private-key-file
[FIELD-6126] Fixed a memory leak in the
ucp-cluster-agent
container.[FIELD-5931] Fixed an issue wherein LDAP sync occasionally failed after replacing manager nodes.