Release Notes

Considerations

  • Upgrading MKE 3.6.0 - 3.6.4 to a later MKE version can result in ucp-pause containers not carrying forward to the later version.

  • A limitation in MKE 3.6.2 and MKE 3.6.3 can cause issues in clusters that deploy more than 120 nodes.

    If you plan to run a cluster with more than 120 nodes, Mirantis strongly recommends that you upgrade to MKE 3.6.4. If, however, it is imperative that you run one of the affected MKE versions with 121+ nodes, contact Mirantis support to secure a workaround.

  • As MKE 3.6.0 runs etcd 3.4.16, upgrading to it from MKE 3.5.6 or later (which run etcd 3.5.5) will fail. As such, it is necessary to upgrade instead to MKE 3.6.1 or later.

    The etcd component, by design, will not accept a downgrade of itself.

  • MKE 3.6.0 requires MCR 20.10.13 or later, which you must install or upgrade to prior to installing or upgrading to MKE 3.6.0.

  • Upgrading from one MKE minor version to another minor version can result in the downgrading of MKE middleware components. For more information, refer to the middleware versioning tables in the release notes of both the source and target MKE versions.

  • CentOS 8 entered EOL status as of 31-December-2021. For this reason, Mirantis no longer supports CentOS 8 for all versions of MKE. We encourage customers who are using CentOS 8 to migrate onto any one of the supported operating systems, as further bug fixes will not be forthcoming.

  • Custom log drivers are no longer supported, beginning with MKE 3.6.0. This is due to the transition from Dockershim over to cri-dockerd.

  • In MKE 3.6.1 - 3.6.7, performance issues may occur with both cri-dockerd and dockerd due to the manner in which cri-dockerd handles container and ImageFSInfo statistics.

MKE 3.6.11 current

Patch release for MKE 3.6 introducing the following key features:

  • Augmented validation for etcd storage quota

  • Improved handling of larger sized etcd instances

  • All errors now returned from pre upgrade checks

  • Minimum Docker storage requirement now part of pre upgrade checks

MKE 3.6.10 (discontinued)

MKE 3.6.10 was discontinued shortly after release due to issues encountered when upgrading to it from previous versions of the product.

MKE 3.6.9

Patch release for MKE 3.6 that focuses exclusively on CVE resolution. For detail on the specific CVEs addressed, refer to Security information.

MKE 3.6.8

Patch release for MKE 3.6 introducing the following key features:

  • Performance improvement to MKE image tagging API

MKE 3.6.7

Patch release for MKE 3.6 introducing the following key features:

  • Added ability to filter organizations by name in MKE web UI

  • Improved Kubernetes role creation error handling in MKE web UI

  • Increased SAML proxy feedback detail

  • Upgrade verifies that cluster nodes have minimum required MCR

  • kube-proxy now binds only to localhost

  • Enablement of read-only rootfs for specific containers

  • Added MKE web UI capability to add OS constraints to swarm services

  • Added ability to set support bundle collection windows

  • Added ability to set line limit of log files in support bundles

  • Addition of search function to Grants > Swarm in MKE web UI

MKE 3.6.6

Patch release for MKE 3.6 that focuses exclusively on the resolution of security vulnerabilities.

MKE 3.6.5

Patch release for MKE 3.6 introducing the following key features:

  • Enablement of read-only root filesystem for select MKE containers

  • Support bundles with custom options now carry custom preface

  • Enablement of stack traces collection with support bundles

  • Improved support for custom containerd root

  • Enablement of node type selection with support bundles

  • Type designation added to the MKE web UI swarm grants table

  • Addition of referral chasing LDAP parameter

MKE 3.6.4

Patch release for MKE 3.6 introducing the following key features:

  • Enablement of read-only root filesystem for select MKE containers

  • Addition of option to limit kernel capabilities in Interlock 3.3.10

  • Calico components metrics collection

  • Addition of SAML proxy configuration to auth settings in MKE web UI

  • Addition of option to disable LDAP referral URL chasing

MKE 3.6.3

Patch release for MKE 3.6 introducing the following key features:

  • Enablement of read-only root filesystem for select MKE containers

  • Health checks added to ucp-sf-notifier container

  • The ucp-kube-ingress-controller container now runs as non-root

  • The ucp-sf-notifier container now runs as non-root

  • The ucp-hardware-info container now runs as non-root

  • k8s components are non-root

  • Delivery of container disk usage metric

MKE 3.6.2

Patch release for MKE 3.6 introducing the following key features:

  • Interlock update to 3.3.8

  • --kube-protect-kernel-defaults install option

  • kube_api_server_auditing configuration option

  • Configuration options for disabling profiling

  • support CLI command options for node support dumps

  • Configuration options for system hardening

  • MKE web UI Banner design update

  • etcd storage quota UI notification

  • Self ports no longer checked during upgrade (Linux only)

MKE 3.6.1

Patch release for MKE 3.6 introducing the following key features:

  • NVIDIA settings disablement

  • Support bundle API endpoint

  • Account Privileges page in MKE web UI

  • Improved Image Pruning section in the MKE web UI

MKE 3.6.0

Initial MKE 3.6.0 release introducing the following key features and enhancements:

  • GCP support

  • OPA Gatekeeper

  • Windows Server 2022 support

  • no-new-privileges

  • cri-dockerd-mke

  • Kubernetes 1.24.5

  • Calico 3.24.1

  • Interlock 3.3.7

Deprecation notes

A list of features deprecated in MKE 3.6.x.