Enhancements¶
Detail on the new features and enhancements introduced in MKE 3.6.3 includes:
[MKE-9638] Enablement of read-only root filesystem for select MKE containers
[MKE-9577] ucp-kube-ingress-controller container is non-root
[MKE-9638] Enablement of read-only root filesystem for select MKE containers¶
The following MKE containers are now configured with read-only root filesystems:
ucp-cluster-agent
ucp-worker-agent
ucp-manager-agent
ucp-client-root-ca
ucp-cluster-root-ca
ucp-proxy
ucp-controller
[MKE-9632] Health checks added to ucp-sf-notifier container¶
Health checks are now defined for the ucp-sf-notifier
container, the
Salesforce Notifier service task.
[MKE-9577] ucp-kube-ingress-controller container is non-root¶
The ucp-kube-ingress-controller
container now runs as non-root.
[MKE-9561] ucp-sf-notifier container is non-root¶
The ucp-sf-notifier
container now runs as non-root.
[MKE-9550] ucp-hardware-info container is non-root¶
The ucp-hardware-info
container now runs as non-root.
[MKE-9547] k8s components are non-root¶
k8s components now run as non-root.
[MKE-8950] Delivery of container disk usage metric¶
MKE now delivers the ucp_engine_container_disk_size_rootfs
metric, which
Prometheus exposes for the purpose of collecting container disk usage.