New features

MOSK 25.1 features

Component	Support scope	Feature
OpenStack	Full	Open Virtual Network (OVN) for greenfield deployments
	Full	External IP address capacity monitoring
	TechPreview	Synchronization of local MariaDB backups with remote S3 storage
	TechPreview	CephFS driver for the Shared Filesystems service (OpenStack Manila)
	TechPreview	Introspective instance monitor
	Full	Restricting tag assignments on OpenStack instances
	TechPreview	Individual instance migration handling
	Full	Message of the Day (MOTD) for MOSK Dashboard
	Full	Volume type selection for instance creation
	TechPreview	Network port trunking
	TechPreview	OpenStack database backup encryption
	Full	OpenStack Controller (Rockoon)
Tungsten Fabric	TechPreview	OpenSDN 24.1
	Full	Automatic Cassandra repairs
StackLight	Full	Per-node alerts for Cinder, Neutron, and Nova
	Full	RabbitMQ monitoring rework
Ceph	Full	Hiding sensitive ingress data of Ceph public endpoints
	Full	Rook 1.14
Bare metal	Full	BareMetalHostInventory instead of BareMetalHost
Cluster update	TechPreview	Automatic pausing of a MOSK cluster update
Container Cloud web UI	Full	Granular cluster update through the Container Cloud web UI
Container runtime	Full	Containerd as default container runtime

Open Virtual Network (OVN) for greenfield deployments

Introduced support for Open Virtual Network as a networking backend for OpenStack on greenfield deployments.

Learn more

• Reference Architecture: Networking backends

• Reference Architecture: Networking backend configuration

External IP address capacity monitoring

Introduced the IP address capacity monitoring, enabling cloud operators to better manage routable IP addresses. By providing insights into capacity usage, this monitoring capability helps predict future cloud needs, prevent service disruptions, and optimize the allocation of external IP address pools.

Learn more

• Operations Guide: Start monitoring IP address capacity

• Reference Architecture: OpenStack Exporter

Synchronization of local MariaDB backups with remote S3 storage

TechPreview

Implemented the capability to synchronize local MariaDB backups with a remote S3 storage ensuring data safety through secure authentication and server-side encryption for stored archives.

Learn more

Reference Architecture: Synchronization of local MariaDB backups with a remote S3 storage

CephFS driver for the Shared Filesystems service (OpenStack Manila)

TechPreview

Implemented support for the CephFS driver for the MOSK Shared Filesystems service.

Learn more

• Reference Architecture: Shared Filesystems drivers

• User Guide: Set up Shared Filesystems service with CephFS driver

Introspective instance monitor

TechPreview

Implemented support for introspective instance monitor in the Instance High Availability (HA) service to improve the reliability and availability of OpenStack environments by continuously monitoring virtual machines for critical failure events. These include operating system crashes, kernel panics, unresponsive states, and so on.

Learn more

• Reference Architecture: Enable introspective instance monitor

• User Guide: Configure the introspective instance monitor

Restricting tag assignments on OpenStack instances

Implemented the capability that enables cloud operators to define flexible rules to control assignment and removal of specific tags to and from OpenStack instances. The per-tag server tag policies allow the operator to restrict tag assignment and removal based on tag values.

Learn more

Security Guide: Per-tag server tag policies

Individual instance migration handling

TechPreview

Implemented the capability that enables the cloud users to mark instances that should be handled individually during host maintenance operations, such as host reboots or data plane restarts. This provides greater flexibility during cluster updates, especially for workloads that are sensitive to live migration.

To mark the instances that require individual handling during host maintenance, one of the following values for the openstack.lcm.mirantis.com:maintenance_action=<ACTION-TAG> server tag can be used: poweroff, live_migrate, or notify.

Learn more

• User Guide: Configure per-instance migration mode

• Update to a major version: Configure instance migration policy for cluster nodes

Message of the Day (MOTD) for MOSK Dashboard

Enabled cloud operators to configure Message of the Day (MOTD) in the MOSK Dashboard (OpenStack Horizon). This feature allows cloud operators to communicate critical information, such as infrastructure issues, scheduled maintenance, and other important events, directly to users.

Learn more

Reference Architecture: Message of the Day (MOTD)

Volume type selection for instance creation

Added the capability for cloud users to specify the type of the volume to be created when launching instances using Image (with Create New Volume selected) as a boot source through the MOSK Dashboard (OpenStack Horizon). The default selection is the default volume type as returned by the Cinder API.

This enhancement provides greater control and an improved user experience for instance configuration through the web UI.

Network port trunking

TechPreview

Enabled Neutron Trunk extension by default for all MOSK deployments to streamline the configuration of network port trunking in projects.

Learn more

User Guide: Configure network trunking in projects

OpenStack database backup encryption

Enhanced cloud security by providing the capability to enable encryption of OpenStack database backups, both local and remote, using the OpenSSL aes-256-cbc encryption through the OpenStackDeployment custom resource.

Learn more

Reference Architecture: Backup encryption

OpenStack Controller (Rockoon)

The OpenStack Controller, which is the central component of MOSK and is responsible for the life cycle management of OpenStack services running in Kubernetes containers, has been open-sourced under the new name Rockoon and will be maintained as an independent open-source project going forward.

As part of this transition, all openstack-controller pods are now named rockoon across the MOSK documentation and deployments. This change does not affect functionality, but users should update any references to the previous pod names accordingly.

OpenSDN 24.1

TechPreview

Implemented the technical preview support for OpenSDN 24.1, successor to Tungsten Fabric, for greenfield deployments.

To start experimenting with the new functionality, set tfVersion to 24.1 in the TFOperator custom resource during the cloud deployment.

Learn more

• OpenSDN documentation: 24.1 release announcement

• Deployment Guide: Deploy Tungsten Fabric

Automatic Cassandra repairs

Introduced automatic Cassandra database repairs for Tungsten Fabric through the tf-dbrepair-job CronJob. This enhancement allows users to enable scheduled repairs, ensuring the health and consistency of their Cassandra clusters with minimal manual intervention.

Learn more

Operations Guide: Enable Tungsten Fabric Cassandra repairs

Per-node alerts for Cinder, Neutron, and Nova

Reworked the following agent-related and service-related alerts from the cluster-wide to the host-wide scope, including the corresponding changes in the inhibition rules:

• CinderServiceDown

• NeutronAgentDown

• NovaServiceDown

This enhancement allows the operator to better operate environments on a large scale.

Learn more

• Operations Guide: StackLight operations - Alerts for OpenStack core services

• Operations Guide: StackLight operations - Alert dependencies

RabbitMQ monitoring rework

Reworked monitoring of RabbitMQ by implementing the following changes:

• Switched from the obsolete prometheus-rabbitmq-exporter job to the rabbitmq-prometheus-plugin one, which is based on the native RabbitMQ Prometheus plugin ensuring reliable and direct metric colletion.

• Introduced the RabbitMQ Overview Grafana dashboard and reworked all alert rules to utilize metrics from the RabbitMQ Prometheus plugin. This dashboard replaces the deprecated RabbitMQ dashboard, which will be removed in one of the following releases.

• Introduced the RabbitMQ Erlang Grafana dashboard to further enhance RabbitMQ monitoring capabilities.

• Reworked RabbitMQ alerts:

  • Added the RabbitMQTargetDown alert.

  • Renamed RabbitMQNetworkPartitionsDetected to RabbitMQUnreachablePeersDetected.

  • Deprecated RabbitMQDown and RabbitMQExporterTargetDown. They will be removed in one of the following releases.

Warning

If you use deprecated RabbitMQ metrics in customizations such as alerts and dashboards, switch to the new metrics and dashboards within the course of the MOSK 25.1 series to prevent issues once the deprecated metrics and dashboard will be removed.

Learn more

• Operations Guide: StackLight operations - View Grafana dashboards

• Operations Guide: StackLight operations - Manage metrics filtering

• Operations Guide: StackLight alerts - RabbitMQ

• Deprecation Notes: RabbitMQ Prometheus Exporter

Hiding sensitive ingress data of Ceph public endpoints

Introduced the ability to securely store ingress Transport Layer Security (TLS) certificates for Ceph Object Gateway public endpoints in a secret object. This feature leverages the tlsSecretRefName field in the Ceph cluster spec, enhancing security by preventing the exposure of sensitive data associated with Ceph public endpoints.

On existing clusters, Mirantis recommends updating the Ceph cluster spec by replacing fields containing TLS certificates with tlsSecretRefName as described in Hide sensitive ingress data for Ceph public endpoints.

Note

Since MOSK 25.1, the ingress field of the Ceph cluster spec is automatically replaced with the ingressConfig field.

Learn more

• Update notes: Hide sensitive ingress data for Ceph public endpoints

• Deprecation notes: Deprecated ingress section in the Ceph spec

• Operations Guide: Configure Ceph Object Gateway TLS

Rook 1.14

Added support for Rook 1.14.10 along with support for Ceph CSI v3.11.0. The updated Rook version contains the following brand new features included into the Ceph Controller API:

• Introduced the ability to define custom monitor endpoint using the monitorIP field located in the nodes section of the KaasCephCluster CR. This field allows defining the monitor IP address from the Ceph public network range. For example:

  roles: ["mon", "mgr"]
  monitorIP: "196.168.13.1"
  

• Added support for balancer mode for the Ceph Manager balancer module using the settings.balancerMode field in the KaasCephCluster CR. For example:

  mgr:
    mgrModules:
    - name: balancer
      enabled: true
      settings:
        balancerMode: upmap
  

Upgrading to a new version of Rook and Ceph CSI occurs automatically during cluster upgrade.

Learn more

Operations Guide: Ceph advanced configuration - General and Node parameters

BareMetalHostInventory instead of BareMetalHost

To allow the operator use the gitops approach, implemented the BareMetalHostInventory resource that must be used instead of BareMetalHost for adding and modifying configuration of bare metal servers.

The BareMetalHostInventory resource monitors and manages the state of a bare metal server and is created for each Machine with all information about machine hardware configuration.

Each BareMetalHostInventory object is synchronized with an automatically created BareMetalHost object, which is now used for internal purposes of the Container Cloud private API.

Caution

Any change in the BareMetalHost object will be overwitten by BareMetalHostInventory.

For any existing BareMetalHost object, a BareMetalHostInventory object is created automatically during cluster update.

Caution

While the Cluster release of the management cluster is 16.4.0, BareMetalHostInventory operations are allowed to m:kaas@management-admin only. Once the management cluster is updated to the Cluster release 16.4.1 (or later), this limitation will be lifted.

Learn more

• Deployment Guide: Add a bare metal host using CLI

• Container Cloud API Reference: BareMetalHostInventory resource

Automatic pausing of a MOSK cluster update

Technology Preview

Introduced automatic pausing of a MOSK cluster update using the UpdateAutoPause object. The operator can now define specific StackLight alerts that trigger auto-pause of an update phase execution. The feature enhances update management of MOSK clusters by preventing harmful changes to be propagated across the entire cloud.

Learn more

Operations Guide: Configure update auto-pause

Granular cluster update through the Container Cloud web UI

Implemented the ability to granularly update a MOSK cluster in the Container Cloud web UI using the ClusterUpdatePlan object. The feature introduces a convenient way to perform and control every step of a MOSK cluster update.

Learn more

Operations Guide: Granularly update a managed cluster using the Container Cloud web UI

Containerd as default container runtime

MOSK 25.1 introduces switching of the default container runtime for the underlying Kubernetes cluster from Docker to containerd on greenfield deployments. The use of containerd allows for better Kubernetes performance and component update without pod restart when applying fixes for CVEs.

On existing deployments, perform the mandatory migration from Docker to containerd in the scope of MOSK 25.1.x. Otherwise, the management cluster update to Container Cloud 2.30.0 will be blocked.

Important

Container runtime migration involves machine cordoning and draining.

Learn more

Operations Guide: Migrate container runtime from Docker to containerd