Release Notes¶
Considerations
Upgrading MKE 3.6.0 - 3.6.4 to a later MKE version can result in
ucp-pause
containers not carrying forward to the later version.A limitation in MKE 3.6.2 and MKE 3.6.3 can cause issues in clusters that deploy more than 120 nodes.
If you plan to run a cluster with more than 120 nodes, Mirantis strongly recommends that you upgrade to MKE 3.6.4. If, however, it is imperative that you run one of the affected MKE versions with 121+ nodes, contact Mirantis support to secure a workaround.
As MKE 3.6.0 runs etcd 3.4.16, upgrading to it from MKE 3.5.6 or later (which run etcd 3.5.5) will fail. As such, it is necessary to upgrade instead to MKE 3.6.1 or later.
The etcd component, by design, will not accept a downgrade of itself.
MKE 3.6.0 requires MCR 20.10.13 or later, which you must install or upgrade to prior to installing or upgrading to MKE 3.6.0.
Upgrading from one MKE minor version to another minor version can result in the downgrading of MKE middleware components. For more information, refer to the middleware versioning tables in the release notes of both the source and target MKE versions.
CentOS 8 entered EOL status as of 31-December-2021. For this reason, Mirantis no longer supports CentOS 8 for all versions of MKE. We encourage customers who are using CentOS 8 to migrate onto any one of the supported operating systems, as further bug fixes will not be forthcoming.
Custom log drivers are no longer supported, beginning with MKE 3.6.0. This is due to the transition from Dockershim over to cri-dockerd.
In MKE 3.6.1 - 3.6.7, performance issues may occur with both cri-dockerd and dockerd due to the manner in which cri-dockerd handles container and ImageFSInfo statistics.
MKE 3.6.20 current
Patch release for MKE 3.6 introducing the following key features:
New flag for collecting metrics during support bundle generation
Hypervisor Looker dashboard information added to telemetry
MKE 3.6.19
Patch release for MKE 3.6 that focuses exclusively on CVE mitigation.
MKE 3.6.18
Patch release for MKE 3.6 that focuses exclusively on CVE mitigation.
MKE 3.6.17
Patch release for MKE 3.6 that focuses exclusively on bug resolution.
MKE 3.6.16
Patch release for MKE 3.6 that focuses exclusively on bug resolution.
MKE 3.6.15
Patch release for MKE 3.6 that focuses exclusively on CVE mitigation.
MKE 3.6.14
Patch release for MKE 3.6 introducing the following key features:
Addition of Kubernetes log retention configuration parameters
Customizability of audit log policies
Inclusion of Docker events in MKE support bundle
MKE 3.6.13
Patch release for MKE 3.6 that focuses exclusively on CVE mitigation.
MKE 3.6.12
Patch release for MKE 3.6 introducing the following key features:
Kubernetes for GMSA now supported
Addition of ucp-cadvisor container level metrics component
MKE 3.6.11
Patch release for MKE 3.6 introducing the following key features:
Augmented validation for etcd storage quota
Improved handling of larger sized etcd instances
All errors now returned from pre upgrade checks
Minimum Docker storage requirement now part of pre upgrade checks
MKE 3.6.10 (discontinued)
MKE 3.6.10 was discontinued shortly after release due to issues encountered when upgrading to it from previous versions of the product.
MKE 3.6.9
Patch release for MKE 3.6 that focuses exclusively on CVE resolution.
MKE 3.6.8
Patch release for MKE 3.6 introducing the following key features:
Performance improvement to MKE image tagging API
MKE 3.6.7
Patch release for MKE 3.6 introducing the following key features:
Added ability to filter organizations by name in MKE web UI
Improved Kubernetes role creation error handling in MKE web UI
Increased SAML proxy feedback detail
Upgrade verifies that cluster nodes have minimum required MCR
kube-proxy now binds only to localhost
Enablement of read-only rootfs for specific containers
Added MKE web UI capability to add OS constraints to swarm services
Added ability to set support bundle collection windows
Added ability to set line limit of log files in support bundles
Addition of search function to Grants > Swarm in MKE web UI
MKE 3.6.6
Patch release for MKE 3.6 that focuses exclusively on the resolution of security vulnerabilities.
MKE 3.6.5
Patch release for MKE 3.6 introducing the following key features:
Enablement of read-only root filesystem for select MKE containers
Support bundles with custom options now carry custom preface
Enablement of stack traces collection with support bundles
Improved support for custom containerd root
Enablement of node type selection with support bundles
Type designation added to the MKE web UI swarm grants table
Addition of referral chasing LDAP parameter
MKE 3.6.4
Patch release for MKE 3.6 introducing the following key features:
Enablement of read-only root filesystem for select MKE containers
Addition of option to limit kernel capabilities in Interlock 3.3.10
Calico components metrics collection
Addition of SAML proxy configuration to auth settings in MKE web UI
Addition of option to disable LDAP referral URL chasing
MKE 3.6.3
Patch release for MKE 3.6 introducing the following key features:
Enablement of read-only root filesystem for select MKE containers
Health checks added to
ucp-sf-notifier
containerThe
ucp-kube-ingress-controller
container now runs as non-rootThe
ucp-sf-notifier
container now runs as non-rootThe
ucp-hardware-info
container now runs as non-rootk8s components are non-root
Delivery of container disk usage metric
MKE 3.6.2
Patch release for MKE 3.6 introducing the following key features:
Interlock update to 3.3.8
--kube-protect-kernel-defaults
install optionkube_api_server_auditing
configuration optionConfiguration options for disabling profiling
support CLI command options for node support dumps
Configuration options for system hardening
MKE web UI Banner design update
etcd storage quota UI notification
Self ports no longer checked during upgrade (Linux only)
MKE 3.6.1
Patch release for MKE 3.6 introducing the following key features:
NVIDIA settings disablement
Support bundle API endpoint
Account Privileges page in MKE web UI
Improved Image Pruning section in the MKE web UI
MKE 3.6.0
Initial MKE 3.6.0 release introducing the following key features and enhancements:
GCP support
OPA Gatekeeper
Windows Server 2022 support
no-new-privileges
cri-dockerd-mke
Kubernetes 1.24.5
Calico 3.24.1
Interlock 3.3.7
Deprecation notes
A list of features deprecated in MKE 3.6.x.