Detail on the new features and enhancements introduced in MKE 3.5.8 includes:

[MKE-9638] Enablement of read-only root filesystem for select MKE containers

The following MKE containers are now configured with read-only root filesystems:

  • ucp-cluster-agent

  • ucp-worker-agent

  • ucp-manager-agent

  • ucp-client-root-ca

  • ucp-cluster-root-ca

  • ucp-proxy

  • ucp-controller

[MKE-9632] Health checks added to ucp-sf-notifier container

Health checks are now defined for the ucp-sf-notifier container, the Salesforce Notifier service task.

[MKE-9577] ucp-kube-ingress-controller container is non-root

The ucp-kube-ingress-controller container now runs as non-root.

[MKE-9561] ucp-sf-notifier container is non-root

The ucp-sf-notifier container now runs as non-root.

[MKE-9550] ucp-hardware-info container is non-root

The ucp-hardware-info container now runs as non-root.

[MKE-9547] k8s components are non-root

k8s components now run as non-root.