In correlation with the end of life (EOL) for MKE 3.5.x, maintenance of this documentation set was discontinued as of 2023-NOV-22. Click here for the latest MKE 3.x version documentation.

Known issues

MKE 3.5.3 issues for which there are available workaround solutions include:

• [MKE-8538] Limited Windows support dump availability

• [FIELD-4200] Reloading firewalld can disable docker ingress routing mesh

[MKE-8538] Limited Windows support dump availability

Only limited support dumps are available on Windows worker nodes.

Workaround:

Manually collect the Windows worker node logs.

[FIELD-4200] Reloading firewalld can disable docker ingress routing mesh

The calico-node firewalld-policy init container can disable the docker ingress routing mesh when reloading firewalld.

Workaround:

1. Prevent the issue from recurring by disabling firewalld:

   sudo systemctl disable --now firewalld
   

2. Restore missing iptables chains by restarting dockerd:

   sudo systemctl restart docker
   

   Note

   Restarting dockerd stops all containers on the corresponding node. The node capacity will not be available to the cluster until the node returns to a healthy state in MKE. You must restart dockerd on manager nodes one node at a time, confirming the health of each one in MKE before moving on to the next.

3. Confirm issue resolution by checking for the presence of the DOCKER-INGRESS iptables chain:

   sudo iptables --list DOCKER-INGRESS
   

   Expected output:

   Chain DOCKER-INGRESS (2 references)
   target     prot opt source               destination
   [...]