Addressed issues

Issues addressed in the MKE 3.5.10 release include:

• [MKE-9743] Fixed non-compliance of address configuration in ucp-kube-scheduler container.

  Kubernetes scheduler now binds to 127.0.0.1 by default. Admins can return binding capability to all available network interfaces by configurating the new kube_scheduler_bind_to_all setting under cluster_config in the MKE configuration file.

• [MKE-9742] Fixed controls 1.1.32 and 1.1.34 in the built-in CIS benchmark (and removed control 1.1.6 from the control list) to resolve non-compliance of the following configurations in ucp-kube-api-server container:

  • insecure-port

  • authorization-mode/Node

  • encryption-provider-config

• [MKE-9746] Fixed controls 2.1.1-2.1.4 and 2.1.10 in the built-in CIS benchmark to resolve non-compliance of the following configurations in the ucp-kubelet container:

  • anonymous-auth

  • authorization-mode

  • client-ca-file

  • read-only-port

  • tls-cert-file

  • tls-private-key-file

• [FIELD-6126] Fixed a memory leak in the ucp-cluster-agent container.

• [FIELD-5931] Fixed an issue wherein LDAP sync occasionally failed after replacing manager nodes.