Home > Blog > Mirantis OpenStack for K8s 21.6: Better Security and Easier Multi-Cloud Networking

Mirantis OpenStack for K8s 21.6: Better Security and Easier Multi-Cloud Networking

Artem Andreev - November 23, 2021 - | | |

Recently, Mirantis released version 21.6 of Mirantis OpenStack for Kubernetes, which includes technical previews of several new features to provide enhanced security and expanded networking connectivity options. These include image signature verification, enhanced secrets management, and multi-rack architecture support for Tungsten Fabric.

Image Signature Verification

With the new experimental Image signature verification feature, users of Mirantis OpenStack for Kubernetes 21.6, can now use asymmetric cryptography to sign the images they upload to the cloud. The presence of the signature guarantees users that their images have not been tampered with, because every time a user uses a signed image to create a new instance, the Compute service (OpenStack Nova) automatically checks the content of the image against the user-provided metadata and reports an error in case of a mismatch.

Enterprise HashiCorp Vault as a Backend for Key Manager Service

This release adds support for the Enterprise Edition of HashiCorp Vault as a backend for the Key Manager service (OpenStack Barbican). As compared to its free open source sibling the enterprise edition offers a number of advanced capabilities. One particular enhancement that is commonly used at enterprise customers are so-called “namespaces”, which enable multiple teams inside an organization to have their own individual sandboxes full of secrets.

With the new improved Vault driver for OpenStack Barbican, Mirantis OpenStack for K8s is capable of using a dedicated namespace as a place to safely store all the secrets in a cloud.

Multi-Rack Architecture Support for Tungsten Fabric

Managing Layer 2 networking at scale is known to be difficult, therefore modern data centers are moving toward pure Layer 3 topologies that rely on dynamic routing and provide better scalability and, also, better performance than classic architectures.

To accommodate the evolution in cloud networking practice in Mirantis OpenStack for K8s, we have introduced support for “multi-rack” architecture, where every data-center cabinet participating in the cloud can hold a completely isolated group of layer 2 networks.

The exact set of networks and their configuration depend on the Software Defined Network (SDN) used as a backend for OpenStack Neutron, and in Mirantis OpenStack for Kubernetes 21.6 we have validated and documented the baseline architecture based on Tungsten Fabric, with support for Open vSwitch-based multi-rack deployments planned for future releases.

Going further, it is not uncommon for providers to have their cloud ecosystem span across multiple data centers with only wide area network (WAN) connectivity in between. Mirantis Container Cloud’s ability to be a single point of entry for multi-cluster management combined with the “multi-rack” architecture for networking allows it to efficiently deploy and manage such geographically distributed cloud infrastructures, with multiple points of presence literally across the globe.

baseline architecture for tungsten fabric  

Also, Tungsten Fabric version 2011 is now the default SDN for all green-field deployments of Mirantis OpenStack for Kubernetes. Tungsten Fabric 2011 in combination with OpenStack Victoria will be fully supported for the next 2 years.

We strongly recommend all customers who have not yet switched to the latest version do so; this is a very simple operation requiring only the changing of a single parameter in the configuration of your cloud.

Periodic Auto-Cleanup of OpenStack Databases

The longer an OpenStack cloud runs, the more data accumulates in its databases. Unfortunately, that means that information about deleted resources and other outdated records clogs the MariaDB cluster inside Mirantis OpenStack for K8s, slowing it down tremendously.

OpenStack itself provides tools that a cloud operator can use to clean the database to keep it within a manageable size, but they are something the operator must manually initiate. Starting from 21.6 release, however, Mirantis OpenStack for Kubernetes completely automates the database clean up routine, enabling it out-of-the-box on all the deployed clouds.

We’re excited for you to check out these and other features included in the 21.6 release. Would you like to get your feet wet and see if Mirantis OpenStack is for you? Then download the free trial and give it a try today!

FREE EBOOK!
Service Mesh for Mere Mortals
A Guide to Istio and How to Use Service Mesh Platforms
DOWNLOAD
LIVE WEBINAR
Protecting Container Deployments: Real Customer Stories of Security Disasters Avoided

Presented with Sonatype & NeuVector
SAVE SEAT
ON DEMAND WEBINAR
Long Live Docker Swarm!
WATCH NOW
ON DEMAND WEBINAR
Cloud Native & Coffee: How is Cloud Native changing the landscape of Edge and 5G?
WATCH NOW
Mirantis Webstore
Purchase Kubernetes support
SHOP NOW
Technical training
Learn Kubernetes & OpenStack from Deployment Experts
Prep for certification!
View schedule
FREE EBOOK!
Service Mesh for Mere Mortals
A Guide to Istio and How to Use Service Mesh Platforms
DOWNLOAD
LIVE WEBINAR
Protecting Container Deployments: Real Customer Stories of Security Disasters Avoided

Presented with Sonatype & NeuVector
SAVE SEAT
ON DEMAND WEBINAR
Long Live Docker Swarm!
WATCH NOW
ON DEMAND WEBINAR
Cloud Native & Coffee: How is Cloud Native changing the landscape of Edge and 5G?
WATCH NOW
Mirantis Webstore
Purchase Kubernetes support
SHOP NOW
Technical training
Learn Kubernetes & OpenStack from Deployment Experts
Prep for certification!
View schedule