New features¶
This section highlights the newly introduced and enhanced capabilities in this release. Each feature includes a brief description and links to related documentation where applicable, so you can quickly explore how to enable, configure, and use them.
Major components version update¶
Ubuntu 24.04 for MOSK clusters¶
Implemented full support for Ubuntu 24.04 LTS (Noble Numbat) as the default host operating system on MOSK clusters, including greenfield deployments and update from Ubuntu 22.04 to 24.04 on existing clusters.
Ubuntu 22.04 is deprecated for greenfield deployments and supported during the MOSK 26.1.x series release cycle only for existing clusters.
Warning
During the course of the MOSK 26.1.x series, Mirantis strongly recommends upgrading the operating system on all machines of your MOSK clusters to Ubuntu 24.04 before the next major Cluster release becomes available.
It is not mandatory to upgrade all machines at once. You can upgrade them one by one or in small batches, for example, if the maintenance window is limited in time.
Otherwise, the Cluster release update of the Ubuntu 22.04-based MOSK clusters will no longer be possible starting with MOSK management 2.32.0 where Ubuntu 24.04 is the only supported version.
Management cluster update to MOSK management 2.32.0 will be blocked if at least one node of any related MOSK cluster is running Ubuntu 22.04.
Note
MOSK management clusters were automatically updated to Ubuntu 24.04 in MOSK management 2.30.0. Greenfield deployments of management clusters are also based on Ubuntu 24.04.
Ubuntu 24.04 for HOC modules¶
Implemented support for Ubuntu 24.04 LTS (Noble Numbat) as the default host operating system on the following configuration modules provided by Mirantis:
cpushieldgrub_settingsirqbalancepackagesysctl
Bare metal: metallb 0.15.2, baremetal-operator 0.9.3¶
Updated the following bare metal components and their dependencies to the specified stable upstream versions to apply issue resolutions (including CVEs) and resolve potential issues with update of core components:
metallb: 0.15.2baremetal-operator: 0.9.3
Learn more
Cassandra 4.0¶
Transitioned the OpenSDN database backend from Apache Cassandra 3.11 to 4.0, replacing the legacy Thrift protocol with the modern CQL driver.
This upgrade provides OpenSDN 24.1 with improved performance, faster data streaming, and better long-term support, ensuring a more stable and efficient data layer for all scaling operations.
MOSK management¶
Keycloak on a dedicated MetalLB address pool¶
TechPreview
Implemented the ability to expose Keycloak on an additional MetalLB address pool for cloud end users to access IAM services from an external network. The feature allows exposing only the Keycloak endpoint while keeping other management services isolated, addressing security concerns for MOSK users who require Keycloak-based authentication.
NTP configuration using the NTP module¶
TechPreview
Implemented support for the NTP host operating system configuration module as a flexible way to manage different NTP settings for machines of both management and MOSK clusters. Now, you can roll out NTP settings node-by-node or rack-by-rack while continuously monitoring the state of the cluster and revert the settings if required.
MKE backup improvements¶
Implemented improvements to the backup process for Mirantis Kubernetes Engine (MKE) on management and MOSK clusters:
Automatic backup before and after cluster update with separate backup steps added to the
ClusterUpdatePlancustom resource for MOSK clustersAbility to configure remote backup storage and encryption
Dedicated custom resources for backup configuration and scheduling
Backup status monitoring through custom resources and StackLight alerts to notify operators about failures of recent backups
Caution
Remote backup storage and encryption can be configured only after cluster update to 26.1 for MOSK clusters and to 2.31.0 for management clusters. During update to the mentioned releases, the backup is still stored locally on one of the cluster manager nodes of the target cluster.
Visualizing hoc and hocm in MOSK management console¶
Introduced read-only visualization of HostOSConfiguration (hoc) and
HostOSConfigurationModules (hocm) object details and their statuses
in the MOSK management console.
You can view statuses and configurations of hoc and hocm objects and
the list of related modules along with their details available through the
Info kebab menu on the following pages of the management console:
Clusters > <cluster-name> > Host OS Config.
Baremetal > Config. Modules
Note
Editing, creating, and deleting these objects is not yet available in the management console and can be performed using CLI or API.
OpenStack¶
Enhanced policy controls for Instance High Availability (Masakari)¶
Introduced granular management and project-based constraints for the Instance High Availability service (OpenStack Masakari), providing cloud administrators with deeper control over how automated recovery is applied across the environment:
Cloud administrators can now decouple recovery triggers by defining separate metadata keys for instance restart and host evacuation.
Cloud administrators can now restrict automated host evacuation to specific OpenStack projects. This ensures that HA resources are reserved for specific departments or high-priority accounts while excluding others from automated recovery workflows.
Redfish Virtual Media support for Bare Metal¶
Implemented support for Redfish Virtual Media booting for MOSK Bare Metal service (OpenStack Ironic) nodes. The Redfish Virtual Media enables booting bare metal nodes directly from an ISO image through the Redfish API. This feature enhances boot reliability and accelerates deployment by switching from traditional PXE to modern HTTP-based image delivery.
Virtual Private Network for OVN¶
TechPreview
Implemented support for the Virtual Private Network as a Service (VPNaaS) extension to the MOSK Networking service (OpenStack Neutron), enabling cloud users to establish secure, encrypted IPsec tunnels between remote sites or hybrid cloud environments directly through the MOSK Networking service.
This Technical Preview introduces native integration for the OVN backend through dedicated VPN Agent pods, eliminating the need to deploy and manage standalone VPN virtual machines for site-to-site connectivity. By leveraging this functionality, organizations can achieve transparent L3 security across multi-site deployments while maintaining a unified management interface for both standard networking and encrypted traffic policies.
OpenSDN¶
OpenSDN maintenance progress visibility¶
Enhanced visibility into the progress of maintenance operations for OpenSDN clusters. The capability enables operators to monitor the status of cluster-wide and node-specific maintenance tasks in real-time.
With this enhancement, the TFOperator calculates and displays progress as
a percentage through the ClusterWorkloadLock and NodeWorkloadLock
custom resources. Operators can now easily identify how many nodes have
successfully completed maintenance and detect if any nodes have failed.
Logging, monitoring, and alerting¶
Monitoring of memory usage on NUMA nodes¶
Implemented monitoring of memory usage on Non-Uniform Memory Access (NUMA)
nodes to detect high memory usage and potential issues with low memory
availability. This monitoring is based on the node_memory_numa_* metrics
collected by the Prometheus Node Exporter. The meminfo_numa collector is
enabled by default in StackLight to collect these metrics.
This monitoring is useful in multi-socket or NUMA-enabled systems where memory allocation can affect performance of workloads running on different NUMA nodes.
Monitoring of mdadm-based RAID devices¶
TechPreview
Implemented monitoring of mdadm-based software RAID devices. This monitoring allows detecting and alerting on issues with RAID devices, such as disk failures and recovery or synchronization progress.
This monitoring is based on the node_md_* metrics collected by the
Prometheus Node Exporter. The mdadm collector is enabled by default in
StackLight to collect metrics about mdadm-based software RAID devices.
IPMI monitoring¶
Implemented IPMI monitoring using the Prometheus IPMI exporter to provide visibility into hardware health and power consumption of bare metal hosts. The exporter is enabled by default, runs on management clusters, and collects hardware telemetry from Baseboard Management Controller (BMC) endpoints for all hosts in both management and MOSK clusters. Only hosts with BMC configured for IPMI are monitored. Hosts using other BMC protocols are not scraped.
IPMI monitoring includes preconfigured alerts and a Grafana dashboard. Additionally, you can add custom alerts and dashboards, as well as disable monitoring per cluster or host.
OpenSearch handling during cluster update¶
Improved the OpenSearch handling during management and MOSK cluster updates. For clusters with StackLight in HA mode and logging enabled, the update process now waits for the green OpenSearch cluster status before restarting replicas. The new behavior ensures that a replica becomes ready only after all its shards are fully assigned, ensuring consistent OpenSearch cluster health throughout the update. However, the update time is expected to increase by up to 60 minutes, depending on the size of the StackLight OpenSearch cluster.
Storage¶
Ceph controller (Pelagia)¶
The MOSK Ceph controller, which is the central component for Ceph operations, has been open-sourced under the new name Pelagia and will be maintained as an independent open-source project moving forward.
As part of this transition, all ceph-controller pods now refer to the new
CephDeployment custom resource instead of MiraCeph across the
MOSK documentation and deployments. This change does not
affect functionality.
Security¶
CIS-Ubuntu 24.04 compliance¶
Implemented support for the Center for Internet Security (CIS) benchmarks for Ubuntu 24.04. The CIS Benchmark compliance checks reached 85% of pass rate executed by the Nessus scanner for Ubuntu Linux 24.04 LTS Server L1 v1.0.0.
Migration of the auditd settings from the Cluster object to the auditd module¶
TechPreview
Implemented support for the auditd host operating system configuration module to manage auditd settings for machines of both management and MOSK clusters. The module allows you to roll out auditd configuration granularly per node (label-based) with an ability to roll back the changes.
The module replaces the deprecated auditd section of the Cluster
object. For the migration procedure, see Migrate auditd settings from the Cluster object to the auditd module.
Warning
The auditd parameters of the Cluster object are no longer
applied to the host operating system after the cluster update to 26.1 for
MOSK clusters and to 2.31.0 for management clusters.
Software Bill of Materials¶
Introduced a comprehensive Software Bill of Materials (SBOM) in the industry-standard CycloneDX. This cryptographically signed inventory enables organizations to track all software components and dependencies within on-premises environments.
By integrating these files with existing security platforms, operators can automate vulnerability scanning, monitor license obligations, and ensure the integrity of the software supply chain.