Addressed issues¶
Issues addressed in the MKE 3.6.5 release include:
[MKE-9743] Fixed non-compliance of
bind-address
configuration inucp-kube-scheduler
container.Kubernetes scheduler now binds to 127.0.0.1 by default. Admins can return binding capability to all available network interfaces by configurating the new
kube_scheduler_bind_to_all
setting undercluster_config
in the MKE configuration file.[MKE-9742] Fixed controls 1.1.32 and 1.1.34 in the built-in CIS benchmark (and removed control 1.1.6 from the control list) to resolve non-compliance of the following configurations in
ucp-kube-api-server
container:insecure-port
authorization-mode/Node
encryption-provider-config
[MKE-9746] Fixed controls 2.1.1-2.1.4 and 2.1.10 in the built-in CIS benchmark to resolve non-compliance of the following configurations in the
ucp-kubelet
container:anonymous-auth
authorization-mode
client-ca-file
read-only-port
tls-cert-file
tls-private-key-file
[FIELD-6221] Fixed an issue wherein the
cri-dockerd
binary was not updated following upgrade.[FIELD-6126] Fixed a memory leak in the
ucp-cluster-agent
container.[FIELD-6104] Fixed an issue wherein
cri-dockerd
continued to use the olducp-pause
image following upgrade.[FIELD-5931] Fixed an issue wherein LDAP sync occasionally failed after replacing manager nodes.
[FIELD-6210] Addressed an issue wherein CPU usage increased significantly in docker daemon following upgrade to MKE 3.6.
Note
FIELD-6210 was appended to the MKE 3.6.5 release notes on 2023-07-19.
[MKE-10017] Fixed an issue wherein
ucp-pause
containers were not carried forward during MKE upgrade.Note
MKE-10017 was appended to the MKE 3.6.5 release notes on 2023-08-16.
Perform the following steps on each Linux node where the
ucp-pause
containers are built from the upgraded MKE image version.Verify that the
ucp-pause
containers are using the MKE image version to which you tried to upgrade:docker ps -a | grep ucp-pause
Example output:
01a80dd175de mirantiseng/ucp-pause:3.7.0 "/pause" 17 minutes ago Up 16 minutes k8s_POD_ucp-node-feature-discovery-9bwsj_node-feature-discovery_0a601160-ecf7-412f-bff8-e421a4f1712d_0 498371f35994 mirantiseng/ucp-pause:3.7.0 "/pause" 20 minutes ago Up 18 minutes k8s_POD_coredns-7fb76597fc-k2q2k_kube-system_83fee771-dc1d-4e34-ae45-f0ab9dee5942_0 a94cfcfb18f6 mirantiseng/ucp-pause:3.7.0 "/pause" 22 minutes ago Up 21 minutes k8s_POD_calico-kube-controllers-58c64b9976-mg5dn_kube-system_0b80ed92-be02-40de-827e-6a6b6e7f27da_0 0a2cf203f77c mirantiseng/ucp-pause:3.7.0 "/pause" 22 minutes ago Up 21 minutes k8s_POD_calico-node-f2xhl_kube-system_3c4a27c5-b832-417d-bc30-b6a7ca8f7627_0
If the
ucp-pause
containers are using the correct image version, proceed to the next node.Copy the
cri-dockerd-mke.service
configuration file from thetmp
directory to/usr/lib/systemd/system
:sudo cp /tmp/cri-dockerd-mke.service /usr/lib/systemd/system
Restart kubelet to load the most recent configuration file:
docker rm -f ucp-kubelet
Delete all
ucp-pause
containers that are on the node:docker rm -f <pause-containrer-id-1> <pause-containrer-id-n>
Verify that the
ucp-pause
containers are using the correct MKE image version:docker ps -a | grep ucp-pause
Example output:
236b3dfb1bf6 mirantiseng/ucp-pause:3.6.4 "/pause" 12 seconds ago Up 11 seconds k8s_POD_calico-node-dp7hd_kube-system_d59d9004-5a59-46f8-8281-3c917c62fe20_0 56994306b181 mirantiseng/ucp-pause:3.6.4 "/pause" 12 seconds ago Up 11 seconds k8s_POD_calico-kube-controllers-64844db68f-br9dh_kube-system_5ea39708-231a-45f5-aa7c-f7b842131941_0 e62ae3c2a871 mirantiseng/ucp-pause:3.6.4 "/pause" 12 seconds ago Up 11 seconds k8s_POD_ucp-node-feature-discovery-rdrb7_node-feature-discovery_848cda05-74ec-4db2-825f-05afa53b2502_0 d51eba420f34 mirantiseng/ucp-pause:3.6.4 "/pause" 12 seconds ago Up 11 seconds k8s_POD_coredns-78c7f4f4c7-lljzc_kube-system_92936b7c-6a7c-4eb5-a83f-22514acac636_0