Skip to content

Enhancements#

Detail on the enhancements introduced in MKE 4k 4.1.3 includes:

Networking and ingress evolution#

  • With version 4.1.3, MKE 4k is retiring Ingress NGINX in favor of Envoy Gateway as the standard Kubernetes North-South entry point, thus providing a more modern, scalable, and API-native approach to traffic management.

  • NodeLocal DNS is now supported, to improve DNS lookup latency and reliability by running a DNS caching agent on cluster nodes.

Security & Compliance#

  • MKE 4k now fully supports SELinux for both worker and controller nodes, which ensures better process isolation and hardening.

  • MKE 4k now supports the configuring of custom TLS certificates for the Kubernetes API server, including synchronization for child clusters.

  • CIS Benchmark results are now directly published, to aid in compliance auditing.

  • Continuous refinements are made to MKE 4k RBAC, across both the API and UI, to ensure more granular access control.

  • MKE 4k offers a new cluster access interface, for managing and visualizing cluster access.

Disaster Recovery & Maintenance#

  • MKE 4k now supports disaster recovery scenarios wherein the user can boostrap a cluster on different infrastructure or node configurations than that of the original backup.

  • To ensure longterm databsase health, MKE 4k version 4.1.3 introduces a cronjob for automated etcd defragmentation and cleanup.

  • The mkectl apply command now operates in distinct phases, thus offering better predictability and troubleshooting during cluster deployments.

  • The --etcd-snapshot-path flag for the mkectl upgrade command has been renamed --backup-path.

Component Updates#

  • k0rdent Enterprise upgraded to version 1.2.3.
  • k0s upgraded to v1.32.11+k0s.0.
  • Grafana has been removed and is no longer a built-in component.

MKE 4k CLI size reduction#

MKE 4k now sources the required binary files by way of the OCI Registry, with the result being an 80+% reduction in the size of the MKE 4k CLI, mkectl.