In correlation with the end of life (EOL) for MKE 3.5.x, maintenance of this documentation set was discontinued as of 2023-NOV-22. Click here for the latest MKE 3.x version documentation.

Enhancements

Detail on the new features and enhancements introduced in MKE 3.5.8 includes:

• [MKE-9638] Enablement of read-only root filesystem for select MKE containers

• [MKE-9632] Health checks added to ucp-sf-notifier container

• [MKE-9577] ucp-kube-ingress-controller container is non-root

• [MKE-9561] ucp-sf-notifier container is non-root

• [MKE-9550] ucp-hardware-info container is non-root

• [MKE-9547] k8s components are non-root

[MKE-9638] Enablement of read-only root filesystem for select MKE containers

The following MKE containers are now configured with read-only root filesystems:

• ucp-cluster-agent

• ucp-worker-agent

• ucp-manager-agent

• ucp-client-root-ca

• ucp-cluster-root-ca

• ucp-proxy

• ucp-controller

[MKE-9632] Health checks added to ucp-sf-notifier container

Health checks are now defined for the ucp-sf-notifier container, the Salesforce Notifier service task.

[MKE-9577] ucp-kube-ingress-controller container is non-root

The ucp-kube-ingress-controller container now runs as non-root.

[MKE-9561] ucp-sf-notifier container is non-root

The ucp-sf-notifier container now runs as non-root.

[MKE-9550] ucp-hardware-info container is non-root

The ucp-hardware-info container now runs as non-root.

[MKE-9547] k8s components are non-root

k8s components now run as non-root.