Addressed issues

Issues addressed in the MKE 3.6.5 release include:

• [MKE-9743] Fixed non-compliance of bind-address configuration in ucp-kube-scheduler container.

  Kubernetes scheduler now binds to 127.0.0.1 by default. Admins can return binding capability to all available network interfaces by configurating the new kube_scheduler_bind_to_all setting under cluster_config in the MKE configuration file.

• [MKE-9742] Fixed controls 1.1.32 and 1.1.34 in the built-in CIS benchmark (and removed control 1.1.6 from the control list) to resolve non-compliance of the following configurations in ucp-kube-api-server container:

  • insecure-port

  • authorization-mode/Node

  • encryption-provider-config

• [MKE-9746] Fixed controls 2.1.1-2.1.4 and 2.1.10 in the built-in CIS benchmark to resolve non-compliance of the following configurations in the ucp-kubelet container:

  • anonymous-auth

  • authorization-mode

  • client-ca-file

  • read-only-port

  • tls-cert-file

  • tls-private-key-file

• [FIELD-6221] Fixed an issue wherein the cri-dockerd binary was not updated following upgrade.

• [FIELD-6126] Fixed a memory leak in the ucp-cluster-agent container.

• [FIELD-6104] Fixed an issue wherein cri-dockerd continued to use the old ucp-pause image following upgrade.

• [FIELD-5931] Fixed an issue wherein LDAP sync occasionally failed after replacing manager nodes.

• [FIELD-6210] Addressed an issue wherein CPU usage increased significantly in docker daemon following upgrade to MKE 3.6.

  Note

  FIELD-6210 was appended to the MKE 3.6.5 release notes on 2023-07-19.

• [MKE-10017] Fixed an issue wherein ucp-pause containers were not carried forward during MKE upgrade.

  Note

  MKE-10017 was appended to the MKE 3.6.5 release notes on 2023-08-16.