New features

MOSK 22.3 features

Component	Support scope	Feature
OpenStack	Full	Ubuntu 20.04 on OpenStack with OVS and Tungsten Fabric greenfield deployments
	Full	Support for large clusters
	Full	OpenStackDeploymentSecret custom resource
	Full	Built-in policies for OpenStack services
Tungsten Fabric	Full	Tungsten Fabric image precaching
Container Cloud	Full	Configuration of custom Docker registries

Ubuntu 20.04 on OpenStack with OVS and Tungsten Fabric greenfield deployments

Implemented full support for Ubuntu 20.04 LTS (Focal Fossa) as the default host operating system on OpenStack with OVS and OpenStack with Tungsten Fabric greenfield deployments.

Support for large clusters

MOSK is now confirmed to be able to run up to 10,000 virtual machines under a single control plane.

Depending on the cloud workload profile and the number of OpenStack objects in use, the control plane needs to be extended with additional hardware. Specifically, for the MOSK clouds that use Open vSwitch as a back end for the Networking service (OpenStack Neutron) and run more than 12,000 network ports, Mirantis recommends deploying extra tenant gateways.

The maximum size of a MOSK cluster is limited to 500 nodes in total, regardless of their roles.

OpenStackDeploymentSecret custom resource

Introduced the OpenStackDeploymentSecret custom resource to aggregate the cloud’s confidential settings such as SSL/TLS certificates, access credentials for external systems, and other secrets. Previously, the secrets were stored together with the rest of configuration in the OpenStackDeployment custom resource.

The following fields have been moved out of the OpenStackDeployment custom resource:

• features:ssl

• features:barbican:backends:vault:approle_role_id

• features:barbican:backends:vault:approle_secret_id

See also

• OpenStackDeploymentSecret custom resource overview

• Migrate fields from OsDpl to OsDplSecret

Built-in policies for OpenStack services

Switched all OpenStack services to use the built-in policies, aka in-code policies, to control user access to cloud functions. MOSK keeps the built-in policies up-to-date with the OpenStack development ensuring safe by default behavior as well as allowing you to override only those access rules that you actually need through the features:policies structure in the OpenStackDeployment custom resource.

Sticking to the default policy set as much as possible simplifies the future enablement of advanced authentication and access control functionality, such as scoped tokens and scoped access policies.

Learn more

OpenStack official documentation: Policy in code specification

Tungsten Fabric image precaching

Added capability to precache containers’ images on Kubernetes nodes to minimize possible downtime on the components update. The feature is enabled by default and can be disabled through the TFOperator custom resource if required.

Learn more

Reference Architecture: Tungsten Fabric image precaching

Configuration of custom Docker registries

Implemented support for custom Docker registries configuration. Using the ContainerRegistry custom resource, you can configure CA certificates on machines to access private Docker registries.

Learn more

• Mirantis Container Cloud API: ContainerRegistry resource

• Mirantis Container Cloud Operations Guide: Define a custom CA certificate for a private Docker registry

See also

• Cluster release 7.8.0 Release Notes: Enhancements

• Cluster release 7.7.0 Release Notes: Enhancements