Detail on the new features and enhancements introduced in MKE 3.7.0 includes:
ZeroOps: certificate management¶
MKE offers the ability to manage the two root certificate authorities: MKE Cluster Root CA and MKE Client Root CA.
ZeroOps: upgrade rollback¶
If your MKE upgrade fails, you can roll back to the previously running MKE version without rebuilding your cluster from a backup.
MKE exposes Prometheus metrics associated with the following core components and functionality:
Kube State Metrics
Kube Controller Manager
Kube API Server
Prometheus memory resources¶
Added MKE configuration file options for the minimum and maximum amount of memory that can be used by the Prometheus container.
etcd event cleanup¶
Manually clean up Kubernetes event objects in etcd using the MKE API.
Use TLS passthrough to pass un-decrypted data through the NGINX Ingress Controller to your web server.
TCP and UDP services¶
Expose TCP and UDP services using NGINX Ingress Controller.
Additional NGINX Ingress Controller options¶
Added the following NGINX Ingress Controller options to the MKE configuration file:
ingress_extra_args.http_port: Sets the container port for servicing HTTP traffic.
ingress_extra_args.https_port: Sets the container port for servicing HTTPS traffic.
ingress_extra_args.enable_ssl_passthrough: Enables SSL passthrough.
ingress_extra_args.default_ssl_certificate: Sets the Secret that contains an SSL certificate to be used as the default HTTPS server.
Setting for NGINX Ingress Controller default ports¶
The NGINX Ingress Controller default ports can be changed in the MKE web UI Admin Settings.
Bare metal Kubernetes clusters can leverage MetalLB to create Load Balancer services, offering features such as address allocation and external announcement.
Lameduck configuration options¶
The MKE configuration file includes options to enable and disable lameduck in CoreDNS.
MKE provides the option to use Multus CNI, a Kubernetes plugin that enables the attachment of multiple network interfaces to multi-homed Pods.
Use a SAML proxy to secure your MKE deployment while benefiting from the use of SAML authentication.
Addition of referral chasing LDAP parameter¶
Added the option to toggle Enable referral chasing in the LDAP configuration settings using the MKE web UI.