New features

MOSK 23.1 features

Component	Support scope	Feature
OpenStack	Full	Dynamic configuration of resource oversubscription
Tungsten Fabric	Full	Tungsten Fabric 21.4 full support
	TechPreview	Advanced load balancing with Tungsten Fabric
Stacklight	Full	OpenStack Controller alerts Support for new panels for OpenSearch and Prometheus with the storage usage details Bond interfaces monitoring Logs forwarding to external destinations Ability to set custom TLS certificates for iam-proxy endpoints
Security	Full	Sensitive information hidden from OpenStackDeployment Automated password rotation for MOSK superuser and service accounts Encrypted data transfer between VNC proxy and hypervisor VNC server
	TechPreview	Restricted privileges for project administrator
Cluster update	Full	Graceful reboot of cluster nodes Mirantis Container Cloud web UI to identify cluster nodes that require reboot
Other components	Full	Ceph upgrade to Pacific 16.2.11 PowerDNS upgrade to 4.7
Documentation	n/a	User Guide: Deploy cloud applications using automation Operations Guide: Customize OpenStack container images

Dynamic configuration of resource oversubscription

Introduced a new default way to configure the resource oversubscription in the cloud that enables the cloud operator to dynamically control the oversubscription through the Compute service (OpenStack Nova) placement API.

The initial configuration is performed through the OpenStackDeployment custom resource. By default, the following values are applied:

• cpu: 8.0

• disk: 1.6

• ram: 1.0

Learn more

• Reference Architecture: Resource oversubscription

• Operations Guide: Change oversubscription setting for existing compute nodes

• Update Notes: Post-update actions

Tungsten Fabric 21.4 full support

Starting from 23.1, MOSK deploys all new clouds using Tungsten Fabric 21.4 by default. The existing OpenStack deployments using Tungsten Fabric as a networking backend will obtain this new version automatically during the cluster update to MOSK 23.1.

One of the key highlights of the Tungsten Fabric 21.4 release is the support for configuring Maximum Transmission Unit for virtual networks. This capability enables you to set the maximum packet size for your virtual networks, ensuring that your network traffic is optimized for performance and efficiency.

Learn more

Tungsten Fabric upstream documentation: Tungsten Fabric 21.4 release notes

Advanced load balancing with Tungsten Fabric

TechPreview

Enhanced load balancing as a service for Tungsten Fabric -enabled MOSK clouds by adding support for Amphora instances on top of the Tungsten Fabric networks.

Compared to the old implementation, which relied on the Tungsten Fabric-controlled HAproxy, the new approach offers:

• Full compatibility with the OpenStack Octavia API

• Layer 7 load balancing policies and rules

• Support for HTTPs/TLS terminating load balancers

• Support for the UDP protocol

Learn more

Reference Architecture: Octavia Amphora load balancing

Stacklight

• Implemented the following list of alerts for the OpenStack controller:

  • OsDplExporterTargetDown

  • OsDplSSLCertExpirationHigh

  • OsDplSSLCertExpirationMedium

  Learn more

  Operations Guide: OpenStack Controller alerts

• Implemented the new panels in the Grafana dashboards for OpenSearch and Prometheus that provide details on the storage usage and allow calculating the possible retention time based on provisioned storage and average usage.

  Learn more

  Operations Guide: Calculate the storage retention time

• Implemented monitoring of bond interfaces.

  Learn more

  Operations Guide: Bond interface alerts

• Added the capability to forward logs to external Elasticsearch and OpenSearch servers as the fluentd-logs output. This enhancement also expands existing configuration options for log forwarding to syslog.

  Learn more

  Operations Guide: Enable log forwarding to external destinations

• Implemented the ability to set up custom TLS certificates for the following StackLight iam-proxy endpoints:

  • iam-proxy-alerta

  • iam-proxy-alertmanager

  • iam-proxy-grafana

  • iam-proxy-kibana

  • iam-proxy-prometheus

  Learn more

  Operations Guide: Configure TLS certificates for cluster applications

Security

• Implemented the capability to hide sensitive fields from the OpenStackDeployment object by adding reference to a secret to this object using the value_from structure.

  Learn more

  Reference Architecture: Hiding sensitive information

• Implemented the functionality that enables cloud operators to periodically rotate credentials of OpenStack admin and service users with minimized impact on service availability and workload downtime.

  Learn more

  • Operations Guide: Rotate OpenStack credentials

  • Security Guide: Rotation of credentials in OpenStack

• Ensured better security for the noVNC client by allowing encryption of data transfer between the instances and the noVNC proxy server using VeNCrypt authentication scheme. You can enable this feature by defining features:nova:console:novnc:tls:enabled in the OpenStackDeployment custom resource.

  Learn more

  Reference Architecture: Encrypted data transfer for noVNC

• Technology Preview. Reworked the default MOSK access policies to restrict the permissions of a project administrator role exclusively to the scope of their project.

  Learn more

  • Reference Architecture: features:policies:strict_admin

  • Security guide: OpenStack API access policies

Cluster update

• Implemented the capability to reboot several cluster nodes in one go by using the Graceful reboot mechanism provided by Mirantis Container Cloud. The mechanism restarts the selected nodes one by one, honoring the instance migration policies.

• Implemented the capability to identify the nodes requiring reboot through both the Mirantis Container Cloud API and web UI:

  • API: reboot.required.true in status:providerStatus of a Machine object

  • Web UI: the One or more machines require a reboot notification on the Clusters and Machines pages

Learn more

Operations Guide: Update a MOSK cluster

Other major component version update

• Upgraded Ceph to Pacific 16.2.11 from Octopus 15.2.17

• Upgraded PowerDNS to 4.7 from 4.2

Documentation

• Published the tutorial to help you build your first cloud application and onboard it to a MOSK cloud. The dedicated section in the User Guide will guide you through the process of deploying and managing a sample application using automation, and showcase the powerful capabilities of OpenStack.

  Learn more

  User Guide: Deploy cloud applications using automation

• Published the instructions on how you can customize the functionality of MOSK OpenStack services by installing custom system or Python packages into their container images.

  Learn more

  Operations Guide: Customize OpenStack container images