New features¶
Component |
Support scope |
Feature |
---|---|---|
OpenStack |
Full |
Ubuntu 20.04 on OpenStack with OVS and Tungsten Fabric greenfield deployments |
Full |
||
Full |
||
Full |
||
Tungsten Fabric |
Full |
|
Container Cloud |
Full |
Ubuntu 20.04 on OpenStack with OVS and Tungsten Fabric greenfield deployments¶
Implemented full support for Ubuntu 20.04 LTS (Focal Fossa) as the default host operating system on OpenStack with OVS and OpenStack with Tungsten Fabric greenfield deployments.
Support for large clusters¶
MOSK is now confirmed to be able to run up to 10,000 virtual machines under a single control plane.
Depending on the cloud workload profile and the number of OpenStack objects in use, the control plane needs to be extended with additional hardware. Specifically, for the MOSK clouds that use Open vSwitch as a backend for the Networking service (OpenStack Neutron) and run more than 12,000 network ports, Mirantis recommends deploying extra tenant gateways.
The maximum size of a MOSK cluster is limited to 500 nodes in total, regardless of their roles.
OpenStackDeploymentSecret custom resource¶
Introduced the OpenStackDeploymentSecret
custom resource to aggregate
the cloud’s confidential settings such as SSL/TLS certificates, access
credentials for external systems, and other secrets. Previously, the secrets
were stored together with the rest of configuration in the
OpenStackDeployment
custom resource.
The following fields have been moved out of the OpenStackDeployment
custom resource:
features:ssl
features:barbican:backends:vault:approle_role_id
features:barbican:backends:vault:approle_secret_id
Built-in policies for OpenStack services¶
Switched all OpenStack services to use the built-in policies, aka in-code
policies, to control user access to cloud functions. MOSK
keeps the built-in policies up-to-date with the OpenStack development ensuring
safe by default behavior as well as allowing you to override only those access
rules that you actually need through the features:policies structure in
the OpenStackDeployment
custom resource.
Sticking to the default policy set as much as possible simplifies the future enablement of advanced authentication and access control functionality, such as scoped tokens and scoped access policies.
Learn more
OpenStack official documentation: Policy in code specification
Tungsten Fabric image precaching¶
Added capability to precache containers’ images on Kubernetes nodes
to minimize possible downtime on the components update. The feature is
enabled by default and can be disabled through the TFOperator
custom
resource if required.
Configuration of custom Docker registries¶
Implemented support for custom Docker registries configuration. Using the
ContainerRegistry
custom resource, you can configure CA certificates on
machines to access private Docker registries.
Learn more