We are pleased to announce the availability of Mirantis Kubernetes Engine 3.5, with key enhancements including:
- Standard OIDC support for single sign-on
- More efficient installation footprint
- Improved ease of use
- Simplified lifecycle management for Swarm users
- Support for massive clusters with high traffic throughput requirements
- Enhanced support options through Mirantis OpsCare
In this post, we’ll break down some of the most important new features and capabilities.
OIDC SSO Provider Support
As Dmitrii Shishliannikov notes in his post on Using OpenID Connect with Mirantis Kubernetes Engine 3.5.0, many organizations use external identity providers to manage authentication across their applications. This new feature enables support for external single-sign on (SSO) providers based on OIDC, such as Google SSO and Okta, in Mirantis Kubernetes Engine.
Users can now authenticate to Mirantis Kubernetes Engine — both the API and Kubernetes clusters — using their OIDC SSO credentials, but without storing the credentials in MKE. Once configured, a “sign in with external provider” button appears — the user enters their credentials on the provider’s login page, which then directs them back to the Mirantis Kubernetes Engine dashboard.
Dmitrii’s post has more details, walking you through the process of configuring and using the feature.
Almost exactly two years ago, Mirantis acquired the Docker Enterprise platform from Docker Inc and our CEO, Adrian Ionel, wrote a detailed blog post about it. Adrian noted that Mirantis expected to support Swarm for at least two years, depending on customer feedback. Well, customers have spoken — and many of them are completely satisfied using Swarm instead of Kubernetes for container orchestration.
With that in mind, we’re excited to announce Swarm-only mode: a new Mirantis Kubernetes Engine configuration option that dedicates the platform exclusively to Swarm orchestration and Docker containers. This highly requested feature reduces the footprint of Mirantis Kubernetes Engine (more than a 2GB reduction on manager nodes), involves fewer background processes, and completely avoids exposure to Kubernetes vulnerabilities. For those using only Docker Swarm, this results in a more stable environment and simplifies ongoing lifecycle management.
Using Swarm-only mode is simple — during installation for Mirantis Kubernetes Engine 3.5.0, all a user needs to do is add a flag indicating Swarm-only mode.
OpsCare enables what we call DevOps as a Service by monitoring our customers’ infrastructure and routing alerts to our support team, who can then either proactively contact the customer or even remediate the issue themselves without customer intervention.
OpsCare relies on monitoring infrastructure, including Prometheus, being installed in the target environment. Based on the values observed, alerts are sent to Mirantis from the deployment site, which initiates an automated process to create and assign a support ticket.
This is especially appealing to customers who don’t have enough in-house operations people to ensure consistent uptime for their infrastructure.
Michelle Yakura breaks down this service in detail in her blog post Infra ops made easy: Breathe a sigh of relief with OpsCare guaranteed outcomes.
Kubernetes eBPF Support
With our partner Tigera, we’re also excited to support eBPF (via Calico) in Mirantis Kubernetes Engine. This new feature enables users with large deployments and many Kubernetes services to achieve superior networking performance, supporting massive clusters with high traffic throughput requirements.
The above are just a few of the new features I wanted to call out in detail. Other changes in this release include a bump to Kubernetes 1.21, replacing the Istio ingress controller with nginx, and improved security with support for mTLS. (Watch this space for more detailed information on these features!)