Update notes¶
This section describes the specific actions you as a Cloud Operator need to complete to accurately plan and successfully perform your Mirantis OpenStack for Kubernetes (MOSK) cluster to the version 22.4. Consider this information as a supplement to the generic update procedure published in Operations Guide: Update a MOSK cluster.
Additionally, read through the Cluster update known issues for the problems that are known to occur during update with recommended workarounds.
Features¶
The MOSK cluster will obtain the newly implemented capabilities automatically with no significant impact on the update procedure.
Update impact and maintenance windows planning¶
When updating to MOSK 22.4, the Cloud Operator can easily
determine if a node needs to be rebooted by checking for the
restartRequired
flag in the machine status. For details,
see Determine if the node needs to be rebooted.
Post-upgrade actions¶
Explicitly define the OIDCClaimDelimiter parameter¶
The OIDCClaimDelimiter
parameter defines the delimiter to use when setting
multi-valued claims in the HTTP headers. See the MOSK 22.4 OpenStack API
Reference
for details.
The current default value of the OIDCClaimDelimiter
parameter is ","
.
This value misaligns with the behavior expected by Keystone. As a result, when
creating federation mappings for Keystone, the cloud operator may be forced
to write more complex rules. Therefore, in early 2023, Mirantis will change
the default value for the OIDCClaimDelimiter
parameter.
Affected deployments
Proceed with the instruction below only if the following conditions are true:
Keystone is set to use federation through the OpenID Connect protocol, with Mirantis Container Cloud Keycloak in particular. The following configuration is present in your
OpenStackDeployment
custom resource:kind: OpenStackDeployment spec: features: keystone: keycloak: enabled: true
No value has already been specified for the
OIDCClaimDelimiter
parameter in yourOpenStackDeployment
custom resource.
To facilitate smooth transition of the existing deployments to the new default
value, explicitly define the OIDCClaimDelimiter
parameter as follows:
kind: OpenStackDeployment
spec:
features:
keystone:
keycloak:
oidc:
OIDCClaimDelimiter: ","
Note
The new default value for the OIDCClaimDelimiter
parameter
will be ";"
. To find out whether your Keystone mappings will need
adjustment after changing the default value, set the parameter to
";"
on your staging environment and verify the rules.