Update known issues¶
This section lists the update known issues with workarounds for the MOSK release 23.3.
[37012] Masakari failure during update¶
While updating your cluster, the Instance High Availability service (OpenStack Masakari) may not work as expected.
As a workaround, temporarily disable the service by removing
instance-ha
from the service list in the OpenStackDeployment
custom resource.
[37545] Cloud public API becomes inaccessible during update¶
During update, the ingress pods that have not been updated yet adopt the configuration meant for the updated pods, causing disruptions. This occurs as ingress pods are sequentially updated, leading to potential inaccessibility to the cloud public API for unpredictable durations until all ingress pods are updated.
To mitigate this issue, Mirantis recommends updating ingress pods in larger batches, preferably half of all pods at a time. This approach minimizes downtime for the public API.
Workaround:
Before you start updating to MOSK 23.3:
Increase
maxUnavailable
for the ingress DaemonSet to 50% of replicas by patching directly the DaemonSet:kubectl -n openstack patch ds ingress -p '{"spec":{"updateStrategy":{"rollingUpdate":{"maxUnavailable":"50%"}}}}'
In certain scenarios, the change may trigger an immediate restart of half of the ingress pods. Therefore, after patching the ingress, wait until all ingress pods become ready, taking into account that there might be occasional failures in public API calls.
To verify that the patch has been applied successfully:
kubectl -n openstack get ds ingress -o jsonpath={.spec.updateStrategy.rollingUpdate.maxUnavailable}
Disable FIPS
tls_proxy
explicitly in MOSK 23.2 by adding the following configuration into theOpenStackDeployment
custom resource:spec: features: ssl: tls_proxy: enabled: false
Update to MOSK 23.3.
Update to MOSK 24.1.
Re-enable FIPS
tls_proxy
by removing the configuration added to theOpenStackDeployment
custom resource above.