Detail on the new features and enhancements introduced in MKE 3.6.3 includes:

[MKE-9638] Enablement of read-only root filesystem for select MKE containers

The following MKE containers are now configured with read-only root filesystems:

  • ucp-cluster-agent

  • ucp-worker-agent

  • ucp-manager-agent

  • ucp-client-root-ca

  • ucp-cluster-root-ca

  • ucp-proxy

  • ucp-controller

[MKE-9632] Health checks added to ucp-sf-notifier container

Health checks are now defined for the ucp-sf-notifier container, the Salesforce Notifier service task.

[MKE-9577] ucp-kube-ingress-controller container is non-root

The ucp-kube-ingress-controller container now runs as non-root.

[MKE-9561] ucp-sf-notifier container is non-root

The ucp-sf-notifier container now runs as non-root.

[MKE-9550] ucp-hardware-info container is non-root

The ucp-hardware-info container now runs as non-root.

[MKE-9547] k8s components are non-root

k8s components now run as non-root.

[MKE-8950] Delivery of container disk usage metric

MKE now delivers the ucp_engine_container_disk_size_rootfs metric, which Prometheus exposes for the purpose of collecting container disk usage.