This section outlines new features and enhancements introduced in the Mirantis Container Cloud release 2.14.0. For the list of enhancements in the Cluster releases 7.4.0 and 5.21.0 that are supported by the Container Cloud release 2.14.0, see the Cluster releases (managed).
Support of the Equinix Metal provider with private networking¶
Introduced support of Container Cloud deployments that are based on the Equinix Metal infrastructure with private networking.
Private networks are required for the following use cases:
Connect the Container Cloud to the on-premises corporate networks without exposing it to the Internet. This can be required by corporate security policies.
Reduce ingress and egress bandwidth costs and the number of public IP addresses utilized by the deployment. Public IP addresses are a scarce and valuable resource, and Container Cloud should only expose the necessary services in that address space.
Testing and staging environments typically do not require accepting connections from the outside of the cluster. Such Container Cloud clusters should be isolated in private VLANs.
The feature is supported starting from the Cluster releases 7.4.0 and 5.21.0.
Support of the regional clusters that are based on Equinix Metal with private networking will be announced in one of the following Container Cloud releases.
Support of the community CentOS 7.9 version for the OpenStack provider¶
Introduced support of the community version of the CentOS 7.9 operating system for the management, regional, and managed clusters machines deployed with the OpenStack provider. The following CentOS resources are used:
Latest upstream CentOS 7.9 image: CentOS-7-x86_64-GenericCloud-2009.qcow2
Latest CentOS 7.9
Configuration of server metadata for OpenStack machines in web UI¶
Implemented the possibility to specify the
during the OpenStack machines creation through the Container Cloud web UI.
Server metadata is a set of string key-value pairs that you can configure
meta_data field of
Initial RHEL 8.4 support for the vSphere provider¶
Introduced the initial Technology Preview support of the RHEL 8.4 operating system for the vSphere-based management, regional, and managed clusters.
Deployment of a Container Cloud cluster based on both RHEL and CentOS operating systems or on mixed RHEL versions is not supported.
Configuration of RAM and CPU for vSphere machines in web UI¶
Implemented the possibility to configure the following settings during a vSphere machine creation using the Container Cloud web UI:
VM memory size that defaults to 16 GB
VM CPUs number that defaults to 8
Visualization of service mapping in the bare metal IpamHost object¶
Implemented the following amendments to the
ipam/SVC-* labels to simplify
visualization of service mapping in the bare metal IpamHost object:
All IP addresses allocated from the Subnet` object that has the
ipam/SVC-*service labels defined will inherit those labels
IpamHost.Statuscontains information about which IPs and interfaces correspond to which Container Cloud services.
Separation of PXE and management networks for bare metal clusters¶
Added the capability to configure a dedicated PXE network that is separated from the management network on management or regional bare metal clusters. A separate PXE network allows isolating sensitive bare metal provisioning process from the end users. The users still have access to Container Cloud services, such as Keycloak, to authenticate workloads in managed clusters, such as Horizon in a Mirantis OpenStack for Kubernetes cluster.
User access management through the Container Cloud API or web UI¶
Implemented the capability to manage user access through the Container Cloud API or web UI by introducing the following objects to manage user role bindings:
Also, updated the role naming used in Keycloak by introducing the following IAM roles with the possibility to upgrade the old-style role names with the new-style ones:
User management for the MOSK
m:osroles through API or web UI is on the final development stage and will be announced in one of the following Container Cloud releases. Meanwhile, continue managing these roles using Keycloak.
The possibility to manage the
IAM*RoleBindingobjects through the Container Cloud web UI is available for the
global-adminrole only. The possibility to manage project role bindings using the
operatorrole will become available in one of the following Container Cloud releases.
Support matrix of MKE versions for cluster attachment¶
Updated the matrix of supported MKE versions for cluster attachment to improve the upgrade and testing procedures:
Implemented separate Cluster release series to support 2 series of MKE versions for cluster attachment:
Cluster release series 9.x for the 3.3.x version series
Cluster release series 10.x for the 3.4.x version series
Added a requirement to update an existing MKE cluster to the latest available supported MKE version in a series to trigger the Container Cloud upgrade that allows updating its components, such as StackLight, to the latest versions.
When a new MKE version for cluster attachment is released in a series, the oldest supported version of the previous Container Cloud release is dropped.
Switch of bare metal and StackLight Helm releases from v2 to v3¶
Upgraded the bare metal and StackLight Helm releases in the
KaasRelease objects from v2 to v3. Switching of the remaining Ceph and
OpenStack Helm releases to v3 will be implemented in one of the following
Container Cloud releases.