Due to upgrade issues with the Envoy gateway and the offline installation environments, upgrading to MKE 4k 4.1.3 is not recommended. These issues will be fixed in a future release. For version 4.1.3, Mirantis only supports fresh installations.
2. etcd node configuration#
| CIS ID | Recommendation | Resolution | Comments |
|---|---|---|---|
| 2.1 | Ensure that the --cert-file and --key-file arguments are set as appropriate. |
Pass | NA |
| 2.2 | Ensure that the --client-cert-auth argument is set to true. |
Pass | NA |
| 2.3 | Ensure that the --auto-tls argument is not set to true. |
Pass | NA |
| 2.4 | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate. |
Pass | NA |
| 2.5 | Ensure that the --peer-client-cert-auth argument is set to true. |
Pass | NA |
| 2.6 | Ensure that the --peer-auto-tls argument is not set to true. |
Pass | NA |
| 2.7 | Ensure that a unique Certificate Authority is used for etcd. | Pass | NA |