New features

This section outlines the new features and enhancements introduced in the MKE 3.5.0 release.


OpenID Connect (OIDC)

MKE 3.5.0 supports the use of OpenID Connect (OIDC) in authenticating users who implement a trusted external identity provider. OIDC adds security and simplifies the sign-in process.


Swarm-only mode

Implemented a small, highly stable MKE configuration that supports only Swarm orchestration.


OpsCare

MKE 3.5.0 supports using OpsCare to anticipate cluster issues, routing notifications from your MKE deployment directly to Mirantis support engineers who will help resolve your problem.


NGINX Ingress Controller

MKE 3.5.0 replaces Istio Ingress with NGINX Ingress Controller (ingress-nginx), for the management of ingress traffic using the Kubernetes Ingress rules. With only one controller to manage, NGINX Ingress Controller simplifies the user experience.


Mutual Transport Layer Security (mTLS)

With MKE 3.5.0, Interlock supports using Mutual Transport Layer Security (mTLS), a process of Zero Trust mutual authentication that uses X.509 certificates. Common uses for mTLS are to verify users, devices, and servers and to maintain API security.


IPVS and eBPF networking options

MKE 3.5.0 supports the following service and cluster networking options, in addition to kube-proxy with iptables proxier:

  • Enable kube-proxy with ipvs proxier at install time (managed or unmanaged CNI).

  • Enable eBPF mode at install time (managed or unmanaged CNI).

  • Switch an existing cluster to kube-proxy with ipvs proxier (managed CNI only).

  • Switch an existing cluster to eBPF mode (managed CNI only).


Backup scheduling

MKE 3.5.0 supports backup scheduling and the setting of backup notifications.


Kubernetes 1.21.3

MKE promotes Kubernetes to version 1.21.3 when you upgrade to MKE 3.5.0.