Enhancements#
Detail on the enhancements introduced in MKE 4k 4.1.3 includes:
Networking and ingress evolution#
-
With version 4.1.3, MKE 4k is retiring Ingress NGINX in favor of Envoy Gateway as the standard Kubernetes North-South entry point, thus providing a more modern, scalable, and API-native approach to traffic management.
-
NodeLocal DNS is now supported, to improve DNS lookup latency and reliability by running a DNS caching agent on cluster nodes.
Security & Compliance#
-
MKE 4k now fully supports SELinux for both worker and controller nodes, which ensures better process isolation and hardening.
-
MKE 4k now supports the configuring of custom TLS certificates for the Kubernetes API server, including synchronization for child clusters.
-
CIS Benchmark results are now directly published, to aid in compliance auditing.
-
Continuous refinements are made to MKE 4k RBAC, across both the API and UI, to ensure more granular access control.
-
MKE 4k offers a new cluster access interface, for managing and visualizing cluster access.
Disaster Recovery & Maintenance#
-
MKE 4k now supports disaster recovery scenarios wherein the user can boostrap a cluster on different infrastructure or node configurations than that of the original backup.
-
To ensure longterm databsase health, MKE 4k version 4.1.3 introduces a cronjob for automated etcd defragmentation and cleanup.
-
The
mkectl applycommand now operates in distinct phases, thus offering better predictability and troubleshooting during cluster deployments. -
The
--etcd-snapshot-pathflag for themkectl upgradecommand has been renamed--backup-path.
Component Updates#
- k0rdent Enterprise upgraded to version 1.2.3.
- k0s upgraded to v1.32.11+k0s.0.
- Grafana has been removed and is no longer a built-in component.
MKE 4k CLI size reduction#
MKE 4k now sources the required binary files by way of the OCI Registry, with the result being an 80+% reduction in the size of the MKE 4k CLI, mkectl.