Mirantis Cloud Native Platform April Update
VMware support for Mirantis Container Cloud, 2FA for Kubernetes Engine, Helm chart support for Secure Registry, and more
Mirantis no longer does "waterfall" releases. Instead, all the interoperating parts of Mirantis Cloud Native platform (and the open source projects we sponsor, as well) release continuously — as frequently as every few weeks. That's good, in that it gets features and updates to users, faster. But it also makes release communications a little harder to manage. Today, for example, we're introducing what we call the Mirantis Cloud Native Platform April Update. But some of the "news" we're "announcing" here reflects features made available to customers some weeks ago.
No matter ... We're excited to tell you about these updates: to Mirantis Container Cloud, Mirantis Kubernetes Engine (Formerly Docker Enterprise), Mirantis Secure Registry (formerly Docker Trusted Registry), and even the foundation of container support in Mirantis Container Engine (formerly Docker Engine - Enterprise). Our engineers have written several blogs (linked below) to give you the detailed scoop. To learn even more, you can join Adam Parco, Chris Price, Sergey Lukjanov, Drew Erny, Ryan Zhang, and other engineering leaders for a look at everything new in the Mirantis Cloud Native Platform stack on April 29. Meanwhile, here's the latest news.
VMware added as a Mirantis Container Cloud provider
Mirantis Container Cloud launched last November with VMware provider support in Beta. With the most recent release, VMware support enters general availability. Now you can confidently deploy Container Cloud itself, and/or use it to deploy, scale, observe, and lifecycle-manage Mirantis Kubernetes Engine clusters on VMware on-premises datacenters -- in addition to Amazon Web Services, OpenStack, Equinix Metal, or directly onto bare metal hardware in the datacenter or at the edge.
Mirantis Container Cloud gives VMware users a single interface and API for managing consistent, batteries-included, production-ready Kubernetes across global datacenters, remote locations, and public clouds. That single API and cloud-like user experience simplifies creation of self-service and other automation to govern Kubernetes throughout your organization. Mirantis Kubernetes Engine clusters provide industry-leading security, and can be configured with Linux or Windows workers using Kubernetes or Swarm orchestration. MKE consistency means that applications are radically portable across Kubernetes/Swarm environments on different infrastructures, and the same, self-similar CI/CD and application lifecycle management automation works everywhere: saving time, reducing learning curves, and operating costs.
You can read more about VMware support and other new features in Mirantis Container Cloud 2.7, in Director of Engineering Sergey Lukjanov's blog on the topic. If you're running VMware, our upcoming webinar (May 27, 2021) with Sergey will demonstrate Mirantis Container Cloud and Mirantis Kubernetes Engine on that platform.
Mirantis Secure Registry gets Helm and Running Image Enforcement support
Mirantis Secure Registry runs on Mirantis Kubernetes Engine, and has long been the de-facto private registry solution for Swarm and Kubernetes developers on that platform. Secure Registry has long offered container image scanning for CVEs. The latest release builds in several new features to make Secure both more useful and an even more important component of secure software supply chains. To start with, the latest release of Secure Registry now stores Helm (2 and 3) charts, and interoperates with the standard Helm CLI. So organizations can use Secure Registry to create protected, curated collections of validated Helm charts for developer use. We've also added:
- static analysis (aka. chart linting), which checks charts for a variety of potential vulnerabilities, such as permitting NET_RAW access or mounting a writable path to the host filesystem, letting you mitigate issues and prevent deployment of apps with structural vulnerabilities.
- Running Image Enforcement, which prevents pulling images that match specific criteria, such as a high number of security vulnerabilities
You can read more about the improvements to Mirantis Secure Registry, here.
Mirantis Kubernetes Engine now enables Two Factor Authentication
Two-factor authentication (2FA) adds an extra layer of security when logging into Mirantis Kubernetes Engine (MKE). With 2FA, you still have to log in with your username and password, but you must also provide another factor of authentication that only you know or can access. For MKE, the second form of authentication is a code generated by a standard time-based, one-time-password (TOTP) application (you have many to choose from, including LastPass, Google Authenticator, YubiKey, and others, several of which are easily installed on mobile phones). Once you enable 2FA, MKE generates an authentication code any time you attempt to sign into your MKE account. The only way you can sign into your account is if you can provide both your password and the correlated token generated by your TOTP app. Read more about the addition of 2FA to Mirantis Kubernetes Engine, here.
Mirantis Kubernetes Engine will continue to support Dockershim after Kubernetes upstream drops it
For many users, the release of Kubernetes 1.21, which announced that Docker containers would no longer be supported natively as of Kubernetes 1.23 caused a panic, but that panic was not justified. Mirantis Kubernetes Engine (formerly Docker Enterprise/UCP), which uses the Docker-compatible Mirantis Container Runtime, but we have taken steps to ensure continuous compatibility and a seamless transition once Kubernetes 1.23 arrives by continuing to support Dockershim, the part of Kubernetes that currently makes Docker container use possible. Removal of Dockershim from the upstream Kubernetes codebase was a coordinated effort between Mirantis and the community, and Dockershim has been cleanly moved into a new repository. As part of this project, initial steps were taken to wrap Dockershim in something that can speak CRI (the Container Runtime Interface, a standard way for container engines to communicate with Kubernetes). An early, but usable version of this project is available, and Mirantis customers won't need to change anything when Mirantis Kubernetes Engine is updated to Kubernetes 1.23. You can read more about Dockershim, here.
We want your feedback — and we've made it easy
We're always interested in knowing not just how you're getting along with our products, but also what we can do to improve the experience. To that end, we've made it easy for you to give us feedback from inside Mirantis Kubernetes Engine. Just click the "Give Feedback" button at the bottom of the left-side navigation pane, or open the detailed feedback dialog when downloading a Support Dump. Feedback is sent to the Mirantis product team to track user satisfaction and potential improvements and will inform planning for future improvements. You can find more information on giving feedback here, or you're always welcome to contact us.