Due to upgrade issues with the Envoy gateway and the offline installation environments, upgrading to MKE 4k 4.1.3 is not recommended. These issues are fixed in the 4.1.4 release. For version 4.1.3, Mirantis only supports fresh installations.
2. etcd node configuration#
| CIS ID | Recommendation | Resolution | Comments |
|---|---|---|---|
| 2.1 | Ensure that the --cert-file and --key-file arguments are set as appropriate. |
Pass | NA |
| 2.2 | Ensure that the --client-cert-auth argument is set to true. |
Pass | NA |
| 2.3 | Ensure that the --auto-tls argument is not set to true. |
Pass | NA |
| 2.4 | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate. |
Pass | NA |
| 2.5 | Ensure that the --peer-client-cert-auth argument is set to true. |
Pass | NA |
| 2.6 | Ensure that the --peer-auto-tls argument is not set to true. |
Pass | NA |
| 2.7 | Ensure that a unique Certificate Authority is used for etcd. | Pass | NA |