NEW! Mirantis Academy -   Learn confidently with expert guidance and On-demand content.   Learn More

< BLOG HOME

Mirantis OpenStack for Kubernetes 23.2: Improved Networking, Enhanced Security and Operational Excellence

Mirantis OpenStack for Kubernetes

Mirantis OpenStack for Kubernetes (MOSK) continues to evolve, bringing new features and improvements that empower enterprises and service providers to optimize their cloud workloads. The release of Mirantis OpenStack for Kubernetes 23.2 introduces significant enhancements in security, network capabilities, and operational excellence. Let's delve into the key highlights of this release and explore how they can benefit your organization.

Long-lived Graceful Restart (LLGR) for Tungsten Fabric

For geographically distributed clouds that adopt the “one central control plane - many remote hypervisors” design and often face network connectivity challenges between the main and remote sites, the Long-lived Graceful Restart (LLGR) feature of Tungsten Fabric, one of two networking backends for MOSK, ensures the continuity of workload network connectivity even during extended periods of network failure or maintenance activities. LLGR enables the Tungsten Fabric data plane to maintain stale routing information, sustaining network operability for the instances running in remote sites until connectivity to the control plane is restored.

Announcing virtual networks and floating IP addresses with BGP

MOSK 23.2 introduces the BGP dynamic routing extension for the MOSK networking service (OpenStack Neutron). This feature enables OpenStack users to announce their private networks and floating IP addresses outside of the cloud using Border Gateway Protocol (BGP). By seamlessly integrating cloud application networking into modern data centers that rely on Layer 3 packet routing, rather than VLAN stretching, organizations can optimize network scalability, resiliency, and performance. The new feature allows MOSK clouds that rely on Open vSwitch as the networking backend to achieve parity with those using Tungsten Fabric. 

BGP dynamic routing extension for Mirantis OpenStack
Announce private networks and floating IP addresses outside of the cloud via Border Gateway Protocol (BGP)


“Ceph-less” architecture to support 3rd party storage

For operators moving away from VMware or for companies, generally in favor of proprietary storage solutions like Pure Storage, NetApp, etc, MOSK 23.2 offers the new "Ceph-less" architecture blueprint. This blueprint describes the deployment of a MOSK cluster that does not rely on Ceph to host cloud applications’ data and infrastructure services metadata. Instead, all the data is stored on a 3rd party storage appliance, which gets integrated into a MOSK cloud through an extension. This feature simplifies the migration process and provides flexibility in choosing storage solutions.

Enhanced security 

Security is always a paramount concern in cloud computing, especially in enterprise environments. MOSK 23.2 introduces several security improvements to protect your cloud workloads. Starting today, all instance live-migration traffic gets automatically encrypted, safeguarding secrets contained in the instances' memory or local ephemeral storage from potential eavesdropping. 

In addition, we introduced encryption of the endpoints where OpenStack notification messages get exposed outside of the cloud, ensuring their secure consumption by external systems for security auditing purposes or for resource consumption metering.

To enhance protection further, MOSK now supports encryption of internal communication traffic between OpenStack and Tungsten Fabric control plane components by leveraging WireGuard tunneling for Calico networking in the underlying Mirantis Kubernetes Engine (MKE) cluster. 

Finally, the installation of the Linux Audit daemon (auditd) is now supported by Mirantis Container Cloud (MCC) on the MOSK cluster nodes, facilitating the early detection of potentially malicious activities.

Major updates for Ceph and host OS

All Ceph clusters deployed as a part of MOSK will automatically switch to the Quincy release as part of the MOSK 23.2 update. This update ensures that customers benefit from the latest features and improvements, as the previous Pacific release will reach the end of its standard support in October this year.

MOSK 23.2 offers existing MOSK clouds an upgrade path to Ubuntu 20.04 as the host operating system. With Ubuntu 18.04 reaching its end of standard support in May this year, it is crucial for operators to upgrade to the new LTS version to ensure continued support and access to the latest bug fixes and security patches.

Faster updates for large clusters

Updating large MOSK clusters can be a time-consuming process. MOSK 23.2 introduces an improved update mechanism that allows changes to be applied to multiple compute nodes simultaneously. This enhancement significantly speeds up the update process, enabling the seamless updating of extensive MOSK clusters, 500 nodes and larger, in a matter of days rather than weeks.

Safe removal of compute nodes 

Removing a compute node from a MOSK cluster requires careful handling to ensure that all OpenStack services are gracefully disabled, and no leftover instances or volumes remain on the server. MOSK 23.2 introduces an automatic metadata clean-up mechanism that provides cloud operators with the assurance that the removal process is thorough and comprehensive, minimizing the risk of resource remnants.

Monitor availability of critical workloads

Mirantis StackLight, the logging, monitoring, and alerting solution for MOSK, can now be utilized to monitor and measure the availability of specific instances running a MOSK cluster. By marking an instance with a special tag and getting its floating IP continuously probed, organizations can ensure that availability SLAs are met, particularly during infrastructure updates or maintenance activities.

Store Tungsten Fabric database backups on external NFS share

MOSK 23.2 enables Tungsten Fabric to store backups of its database (Cassandra and ZooKeeper) on an external Network File System (NFS) share. This enhances the resiliency of Tungsten Fabric clusters, ensuring that critical data is securely stored and easily restorable.

Custom names for bare metal machines

Operators of large clouds often employ custom naming conventions for their bare metal servers, encoding physical location, purpose, and other relevant information in the name. MOSK 23.2 introduces the ability to define custom names for bare metal hosts through Mirantis Container Cloud (MCC), catering to the specific needs of operators managing extensive cluster deployments.

Workload onboarding tutorial

If you're new to OpenStack and MOSK, the workload onboarding tutorial is an invaluable resource. This tutorial guides users through the process of deploying a simple cloud application using OpenStack Horizon, the web-based user interface for managing OpenStack clouds. By following the tutorial, users can gain hands-on experience and familiarize themselves with the powerful capabilities of MOSK.

In conclusion, Mirantis OpenStack for Kubernetes 23.2 delivers a range of new features, security enhancements, and operational improvements that empower organizations to streamline their cloud workloads. By leveraging the advanced capabilities of OpenStack Yoga, embracing seamless integration with data center networking, and ensuring data protection through encryption and auditing, MOSK provides a robust and flexible platform for modern cloud deployments. Upgrade to MOSK 23.2 today and experience the power and reliability of OpenStack for Kubernetes.

To learn more about Mirantis OpenStack for Kubernetes 23.2, please see the release notes.


Artem Andreev

Artem Andreev is Product Manager for Mirantis OpenStack for Kubernetes.

Choose your cloud native journey.

Whatever your role, we’re here to help with open source tools and world-class support.

GET STARTED
NEWSLETTER

Subscribe to our bi-weekly newsletter for exclusive interviews, expert commentary, and thought leadership on topics shaping the cloud native world.

JOIN NOW