Enhancements

Detail on the new features and enhancements introduced in MKE 3.6.0 includes:

• GCP support

• OPA Gatekeeper

• Windows Server 2022 support

• no-new-privileges

• cri-dockerd-mke

• Kubernetes 1.24.6

• Calico 3.24.1

• Interlock 3.3.7

GCP support

MKE offers support for deployment on Google Cloud Platform (GCP).

Learn more

Install MKE on Google Cloud Platform

OPA Gatekeeper

MKE uses Gatekeeper to integrate the Open Policy Agent (OPA) into Kubernetes, validating requests to create and update resources on Kubernetes clusters.

Learn more

Deploy OPA Gatekeeper

Windows Server 2022 support

You can now run worker nodes on Windows Server 2022.

Learn more

• Upgrade nodes to Windows Server 2022

• Operate a hybrid Windows cluster

no-new-privileges

For most Linux distributions, MKE supports setting no-new-privileges to true in the /etc/docker/daemon.json file. This setting prevents the container application processes from gaining new privileges during the execution process.

The parameter is not, however, supported on RHEL 7.9, CentOS 7.9, Oracle Linux 7.8, or Oracle Linux 7.9. Also, this option is not supported on Windows, as it is a Linux kernel feature.

cri-dockerd-mke

MKE now packages and installs cri-dockerd as a part of its installation and upgrade process. The name of the cri-dockerd service on MKE is cri-dockerd-mke, and it is located in /usr/local/bin.

Kubernetes 1.24.6

Updated Kubernetes to version 1.24.6.

Calico 3.24.1

Updated Calico to version 3.24.1.

Interlock 3.3.7

Updated Interlock to version 3.3.7. This includes:

• Interlock security fixes (MKE-9121)

• Moby security fixes (MKE-9118)

• An improved service cluster removal process. Now, when removing a service cluster, Interlock removes all of the Interlock services that the service cluster previously used, while leaving the user services intact (MKE-8708).