Detail on the new features and enhancements introduced in MKE 3.5.7 includes:
[FIELD-5464] CLI support command options for node support dumps
[MKE-9265] Self ports no longer checked during upgrade (Linux only)
[MKE-9366] –kube-protect-kernel-defaults install option¶
Using the new
--kube-protect-kernel-defaults option with the
install command prevents kubelet from modifying kernel
When enabled, kubelet can fail to start if the following kernel parameters are not properly set on the nodes before you install MKE or before you add a new node to an existing cluster.
vm.panic_on_oom=0 vm.overcommit_memory=1 kernel.panic=10 kernel.panic_on_oops=1 kernel.keys.root_maxkeys=1000000 kernel.keys.root_maxbytes=25000000
[MKE-9365] kube_api_server_auditing configuration option¶
kube_api_server_auditing MKE configuration option enables auditing
to the log file in the
kube-apiserver container. Be aware, though, that to
use the option you must first enable auditing in MKE.
[MKE-9364] Configuration options for disabling profiling¶
Three new configuration options allow for the enabling and disabling of profiling:
[FIELD-5464] CLI support command options for node support dumps¶
Users can now specify support CLI command options for individual node support dumps, including:
[MKE-9518] Configuration options for system hardening¶
Two new configuration options enable features that harden and secure MKE.
limit_kernel_capabilitiesminimizes kernel capabilities to only those required by a container.
pid_limitindicates the maximum number of PIDs (Process IDs) that are allowed.
[MKE-9273] etcd storage quota UI notification¶
A new UI notification indicates when the etcd storage quota is near capacity.
[MKE-9265] Self ports no longer checked during upgrade (Linux only)¶
Self ports were removed from the checks on Linux-based machines and nodes. These ports are accessed by machine processes only and not by another node, and thus they do not need to be open at the firewall level. Be aware that this enhancement does not apply to Windows-based machines and nodes.