Skip to content

Enhancements#

Detail on the enhancements introduced in MKE 4k 4.1.2 includes:

  • Role-Based Access Control (RBAC)

    Role-Based Access Control is a critical new feature in MKE 4k, which allows multiple users and teams to interact with shared resources as per assigned permissions linked to specific roles.

    Refer to Authorization for more information.

  • Improved, more secure access to MKE 4k clusters

    MKE 4k 4.1.2 provides a secure, seamless method for users to access MKE 4k management cluster and child clusters in a multi-cluster Kubernetes platform. The solution offers a consistent authentication flow for kubectl, the CLI, and the MKE 4k Dashboard. It circumvents long-life credentials, such as client certificates and service account tokens.

    Refer to Access and manage the cluster with kubectl for more information.

  • Managed support for Calico eBPF data plane

    With the 4.1.2 release, MKE 4k now supports the use of the Calico eBPF data plane.

    Refer to Deploy eBPF Data Plane for more information.

  • SSH bastion jump host availability

    MKE 4k 4.1.2 offers users the ability to access cluster nodes through an SSH bastion jump host.

    For more information, refer to the instruction for setting up an SSH bastion host.

  • Expanded etcd functionality

    MKE 4k 4.1.2 adds such etcd functions as kubernetes event cleansing, cleanup schedule configuration, defragmentation, alarms response, and temporary storage quota increase on issuance of nospace alarm.

    Refer to etcd for comprehensive information.

  • Writable paths upgrade support

    Support for relocation of MKE 4k (k0s and containerd) writable paths during upgrade.

Backend enhancements#

  • Sanitizing of org / team name during upgrade from MKE 3 to MKE 4k.
  • Addition of a dex static client for mkectl.
  • MKE 4k to use SSH agent signers when available.
  • Validation of kubeconfig on login.
  • Implementation of CLI operator feature gates.
  • Changes to CLI for handling provider changes.
  • Improvements to custom CNI UX.
  • Child cluster enhancements:
  • Addition of DNS lameduck management.
  • Addition of support for deleting child clusters as a part of mkectl reset command.
  • Enablement with custom infra providers.
  • Addition of authentication credentials secret reconciliation.
  • The MKE 4k offline bundle no longer includes Velero and Minio artifacts.
  • Addition of support dump capability.

UI enhancements#

Introduction of full lifecycle management for Organizations and Teams, including creation, detailed views, deletion, and LDAP synchronization.