Update known issues

This section lists the update known issues with workarounds for the MOSK release 23.3.

[37012] Masakari failure during update

Fixed in 23.3.1

While updating your cluster, the Instance High Availability service (OpenStack Masakari) may not work as expected.

As a workaround, temporarily disable the service by removing instance-ha from the service list in the OpenStackDeployment custom resource.

[37545] Cloud public API becomes inaccessible during update

Fixed in 23.3.3

During update, the ingress pods that have not been updated yet adopt the configuration meant for the updated pods, causing disruptions. This occurs as ingress pods are sequentially updated, leading to potential inaccessibility to the cloud public API for unpredictable durations until all ingress pods are updated.

To mitigate this issue, Mirantis recommends updating ingress pods in larger batches, preferably half of all pods at a time. This approach minimizes downtime for the public API.


  1. Before you start updating to MOSK 23.3:

    1. Increase maxUnavailable for the ingress DaemonSet to 50% of replicas by patching directly the DaemonSet:

      kubectl -n openstack patch ds ingress -p '{"spec":{"updateStrategy":{"rollingUpdate":{"maxUnavailable":"50%"}}}}'

      In certain scenarios, the change may trigger an immediate restart of half of the ingress pods. Therefore, after patching the ingress, wait until all ingress pods become ready, taking into account that there might be occasional failures in public API calls.

      To verify that the patch has been applied successfully:

      kubectl -n openstack get ds ingress -o jsonpath={.spec.updateStrategy.rollingUpdate.maxUnavailable}
    2. Disable FIPS tls_proxy explicitly in MOSK 23.2 by adding the following configuration into the OpenStackDeployment custom resource:

              enabled: false
  2. Update to MOSK 23.3.

  3. Update to MOSK 24.1.

  4. Re-enable FIPS tls_proxy by removing the configuration added to the OpenStackDeployment custom resource above.