MKE 3.6 brings updated K8s and expanded option of platforms

Al Meadows, Product Manager, Mirantis Kubernetes Engine - October 13, 2022
image

Mirantis Kubernetes Engine 3.6, released this week, provides users with access to updated Kubernetes, additional choice of public cloud with introduction of Google Cloud Platform, Windows Server 2022 support, and other benefits.

What do you give the Enterprise Kubernetes platform already known to provide the easiest and fastest way to deploy cloud native applications at scale in any environment? How about a fresh version of Kubernetes and features that can make your container orchestration even easier to manage, providing you with more time for other tasks?   

Today we are pleased to announce the availability of Mirantis Kubernetes Engine (MKE) 3.6, with key enhancements including:

  • Update to Kubernetes 1.24

  • Google Cloud Platform support

  • cri-dockerd support to replace Dockershim

  • Windows Server 2022 support

  • Security admission control updates

In this post, we’ll break down some of the most important new features and capabilities.

Kubernetes 1.24

Mirantis Kubernetes Engine 3.6 now includes Kubernetes 1.24. This is a significant change and its importance can not be understated as we align MKE to take full advantage of the enhancements and efficiencies that are a byproduct of Kubernetes evolution.

There have been a number of changes since our last Kubernetes update but we’ll call out a few that have some direct significance to our product: 

  • etcd 3.5: This update to etcd contains changes centered around performance, memory usage, security and logging. These enhancements are especially important for customers running larger clusters, where etcd has been known to be a performance bottleneck--enabling you to scale your k8s deployments further than before.

  • Removal of Dockershim: This is an important change to anyone using Docker Engine as their container runtime. Dockershim was always meant to be a temporary solution for interoperability and its removal is ultimately a positive for the Kubernetes community, though for those using Docker it understandably raises concerns on what it means to them.   Mirantis has you covered with cri-dockerd support and we will discuss this in more detail later in this blog.

  • Pod Security Admission: The new included admissions controller, which replaces the deprecated Pod Security Policy (PSP), simplifies the ability to secure your workloads through enforcement of Pod Security Standards (PSS).

  • Beta APIs off by Default: Earlier versions of k8s maintained the model where all APIs that reached beta were enabled by default. This helped the adoption of new features, but it forced the majority of Kubernetes users to be exposed to bugs even if they chose not to actively use an enabled feature.  By changing this policy within k8s, and disabling Beta APIs by default, Kubernetes provides a more stable and secure environment, while still letting you enable the APIs you want to use.

This is a sampling of just few of the new features and changes that have been included in k8s since our last update--but rest assured that we have worked hard to ensure the k8s 1.24 version included in MKE 3.6 has been fully validated, and “plays nice” with the other features we provided in MKE.

Who needs Dockershim, anyway?

So, when you first heard about the removal of Dockershim from k8s, did it keep you up at night? Were you left wondering if your Docker containers would still run in Kubernetes 1.24? We’ve made sure that this change will be as seamless as possible for you. MKE 3.6 has replaced dockershim with cri-dockerd to fully support our customers who want to continue to use Docker Engine as their container runtime. We break down the details on this transition in a previous blog post.

Welcome to Google Cloud Platform (GCP)

With MKE 3.6 we have provided even more choice for customers with the support for running MKE on Google Cloud Platform (GCP) for both Linux and Windows. GCP has been added to the roster, along with Amazon AWS, Microsoft Azure, Equinix Metal for bare-metal hosting, VMware and of course, bare-metal, providing you with the ability to choose where you host your k8s deployment based on your unique requirements related to cost, latency, availability, region, or other factors.

In addition to full Linux support on GCP, MKE 3.6 offers support for deployment to Google Cloud with Windows workers (with Linux-based controller nodes) and allocation of Swarm and Kubernetes workloads on Windows nodes. GCP support will also be added to Mirantis Container Cloud in a coming release.

Windows Server 2022

In MKE 3.6, we have added support for allocating workloads on Windows Server 2022 nodes for both Swarm and Kubernetes, while also adding support for hybrid clusters with both Windows Server 2019 and Windows Server 2022 nodes, providing users with choice of host OS for their  container deployments.

Security Admission Control Update

Anyone involved with ensuring the security of Kubernetes deployments is aware of the key role that admission controllers play. K8s has had a fairly major facelift in this area, with Pod Security Admissions replacing the now depreciated Pod Security Policy (PSP).  

Since PSP will not be officially removed from Kubernetes until version 1.25 we will continue to support it, but with a few caveats. MKE 3.6 will detect when PSP is active and provide a banner warning to inform customers that it will be removed from a future MKE release - along with an active link to a PSP deprecation page. For those users that wish to be proactive, we have included an option to remove PSP now.

Finally, for customers looking for an alternative that might be more appropriate for their enterprise needs, we’ve included OPA Gatekeeper as an optional install along with the ability to backup any policy settings that are created during installation.  Gatekeeper is customizable and enforces policies from Open Policy Agent, a policy engine for CNCF environments.  It is a robust admissions controller and OPA engine well suited for the demands of enterprise environments.   Even better, should OPA Gatekeeper be uninstalled for any reason the settings are restorable, eliminating the need to recreate them upon re-install.

This blog has touched on just a few of the exciting new changes that are a part of Mirantis Kubernetes Engine 3.6.  For a full list of changes in this release, including adapter and component version bumps and support for no-new-privileges, refer to the release notes

If you are ready to give Mirantis Kubernetes Engine a try, we encourage you to download the MKE free trial, or contact us for more information and see how MKE can help you spend more time focusing on your business applications and less on running your infrastructure.

{
  "$experimentIndex": 0,
  "$variantIndexes": [
    1
  ],
  "$activeVariants": [
    "AltVariant"
  ],
  "$classes": [
    "exp-alternate-ad-placement-1"
  ],
  "name": "alternate-ad-placement",
  "experimentID": "ca62VGC4QDaNqECV8gH-kg",
  "variants": [
    "OriginalVariant",
    "AltVariant"
  ]
}