New features

Detail on the new features and enhancements introduced in MKE 3.7.0 includes:

• ZeroOps: certificate management

• ZeroOps: upgrade rollback

• ZeroOps: metrics

• Prometheus memory resources

• etcd event cleanup

• TLS passthrough

• TCP and UDP services

• Additional NGINX Ingress Controller options

• Setting for NGINX Ingress Controller default ports

• MetalLB

• Lameduck configuration options

• Multus CNI

• SAML proxy

• Addition of referral chasing LDAP parameter

ZeroOps: certificate management

MKE offers the ability to manage the two root certificate authorities: MKE Cluster Root CA and MKE Client Root CA.

Learn more

Manage MKE certificate authorities

ZeroOps: upgrade rollback

If your MKE upgrade fails, you can roll back to the previously running MKE version without rebuilding your cluster from a backup.

Learn more

Perform the upgrade

ZeroOps: metrics

MKE exposes Prometheus metrics associated with the following core components and functionality:

• Kube State Metrics

• Kubernetes Workqueue

• Kubelet

• Kube Proxy

• Kube Controller Manager

• Kube API Server

• Calico

• RethinkDB

Learn more

MKE component metrics

Prometheus memory resources

Added MKE configuration file options for the minimum and maximum amount of memory that can be used by the Prometheus container.

etcd event cleanup

Manually clean up Kubernetes event objects in etcd using the MKE API.

Learn more

• Cleanse etcd of Kubernetes events

• Configure etcd storage quota

TLS passthrough

Use TLS passthrough to pass un-decrypted data through the NGINX Ingress Controller to your web server.

Learn more

• TLS passthrough

• TLS termination

TCP and UDP services

Expose TCP and UDP services using NGINX Ingress Controller.

Learn more

Expose TCP and UDP services

Additional NGINX Ingress Controller options

Added the following NGINX Ingress Controller options to the MKE configuration file:

• ingress_extra_args.http_port: Sets the container port for servicing HTTP traffic.

• ingress_extra_args.https_port: Sets the container port for servicing HTTPS traffic.

• ingress_extra_args.enable_ssl_passthrough: Enables SSL passthrough.

• ingress_extra_args.default_ssl_certificate: Sets the Secret that contains an SSL certificate to be used as the default HTTPS server.

Learn more

Configuration options: cluster_config.ingress_controller

Setting for NGINX Ingress Controller default ports

The NGINX Ingress Controller default ports can be changed in the MKE web UI Admin Settings.

MetalLB

Bare metal Kubernetes clusters can leverage MetalLB to create Load Balancer services, offering features such as address allocation and external announcement.

Learn more

Deploy MetalLB

Lameduck configuration options

The MKE configuration file includes options to enable and disable lameduck in CoreDNS.

Learn more

Configuration options: cluster_config.core_dns_lameduck_config

Multus CNI

MKE provides the option to use Multus CNI, a Kubernetes plugin that enables the attachment of multiple network interfaces to multi-homed Pods.

Learn more

• Multus CNI installation and enablement

• Use Multus CNI to create multi-homed Pods

SAML proxy

Use a SAML proxy to secure your MKE deployment while benefiting from the use of SAML authentication.

Learn more

Set up SAML proxy

Addition of referral chasing LDAP parameter

Added the option to toggle Enable referral chasing in the LDAP configuration settings using the MKE web UI.