Mirantis OpenStack for Kubernetes 25.1: Modernized Networking, Seamless Cloud Operations, and User Empowerment
From advancing networking capabilities with OpenSDN and OVN to streamlining cluster updates with an intuitive graphical interface, Mirantis OpenStack for Kubernetes (MOSK) 25.1 is packed with new features, including a few specifically requested by customers using MOSK in telecommunications, travel, technology, and other industries. For cloud users, this release delivers improved network performance, greater flexibility in managing resources, and a more intuitive and efficient experience when deploying and maintaining workloads. Security remains a top priority, with improvements in compliance, encryption, and infrastructure protection. Whether you have a telecom, enterprise, or service provider cloud, MOSK 25.1 empowers users and operators alike with smarter tools, automation, and greater control over the cloud infrastructure and workloads.
Modern Networking Capabilities
Networking is the backbone of any cloud, and MOSK 25.1 brings two substantial networking enhancements to ensure users get the performance and features their workloads require:
OpenSDN 24.1—formerly Tungsten Fabric—debuts as a technical preview for greenfield deployments, delivering robust IPv6 support, including metadata services, NAT66, and virtual DNS. Primarily used in telecom and service provider environments, OpenSDN enhances cloud networking with greater flexibility, security, and efficiency, making it well-suited for large-scale, high-performance infrastructure needs. Mirantis is an active participant and contributor in the renewed OpenSDN project, collaborating with the broader community to advance its capabilities, reliability, scalability, and enterprise readiness, and, of course, ensure its seamless integration with MOSK and other OpenStack distributions.
Additionally, MOSK now supports Open Virtual Network (OVN) for new deployments. In recent years, the OpenStack community has increasingly positioned OVN as the preferred backend for Neutron, as it provides cloud operators with native Layer 3 routing, distributed DHCP, and built-in security groups. OVN’s tight integration with OpenStack ensures a more scalable, resilient, and modernized networking solution for cloud environments than the classic Open vSwitch (OvS). Nevertheless, the OvS installation base is still huge, and Mirantis will continue to support customers who rely on it.
Empowering Cloud Users
MOSK 25.1 introduces several improvements aimed at enhancing user flexibility, control, and operational efficiency.
To ensure better support for advanced networking use cases, the OpenStack Neutron trunk ports plugin is nowenabled by default.Cloud users can leverage port trunking capabilities in their workloads without concerns about the feature stability.
Users of MOSK clouds with multiple block storage backends can select the target volume type when booting from an image or snapshot through the Dashboard (OpenStack Horizon) service. This provides greater control over instance storage configurations and ensures better alignment with workload requirements.
To improve communication between cloud operators and users, MOSK now supports configurable “messages of the day” in the Dashboard service. Operators use the OpenStackDeployment API to define notifications related to infrastructure malfunctions, scheduled maintenance, or other critical updates. The messages can be customized by content, severity, and whether they can be seen before and after authentication, ensuring important information reaches cloud users.
Message of the Day notifying users of authentication issues
To enhance workload reliability,instance introspection in the Instance HA service (OpenStack Masakari) now provides automated failure detection and recovery for virtual machines. By probing the QEMU agent installed inside the guest OS, the hypervisor detects issues such as hang-ups, and kernel panics, triggering a restart of the machine to minimize its downtime. This feature is particularly useful for workloads migrating from VMware, as it helps maintain the high availability of cloud applications.
Release 25.1 expands cloud storage capabilities by integrating the Shared Filesystems service (OpenStack Manila) with CephFS, so that MOSK can provide instances with a scalable, distributed, and POSIX-compliant shared filesystem on demand, without having to invest in expensive enterprise storage appliances. The “native” integration presumes that cloud workloads access the Ceph cluster directly, without relying on an NFS adapter, which provides the best possible performance and reduces complexity but has security implications.
Finally, to streamline maintenance routines and reduce the need for manual coordination between cloud operators and users, MOSK 25.1 introduces automated instance handling for hypervisor maintenance. Cloud users can tag their instances as "safe to shut down" to allow graceful power-off instead of default live migration (saving everybody’s time) or "not safe to auto-shutdown or live-migrate" to pause hypervisor maintenance until they manually shut their application down. This ensures that workloads with specific availability requirements are treated accordingly, reducing disruption and enhancing overall operational efficiency.
Infrastructure and Resource Management
To help cloud operators optimize resource allocation and infrastructure visibility, MOSK 25.1 introduces several enhancements in network capacity monitoring, bare metal management, and cloud resources control
The new OpenStack Network IP Capacity dashboard in StackLight provides real-time insights into IP address allocation in OpenStack external (floating) networks, enabling cloud operators to track usage trends, predict capacity needs, and plan future expansions efficiently. With clear visibility into address space utilization, operators can better manage pools of externally routable IP addresses, which are always scarce in data centers, and prevent allocation bottlenecks.
For cloud operators moving towards GitOps workflows for MOSK cluster management, the new BareMetalHostInventory API replaces the previous BareMetalHost. Like its predecessor, BareMetalHostInventory reflects the actual status of bare metal servers but guarantees that only cloud operators, not automated subsystems, can modify its configuration part. To support this transition, the MOSK management web interface has been updated to utilize BareMetalHostInventory, providing enhanced visibility and control over bare metal hosts, subnets, credentials, and network configurations.
In MOSK 25.1, cloud operators can restrict the OpenStackinstance tag assignment based on the tag value. This allows control of the cloud users' access to MOSK advanced features, like Dynamic Resource Balancing or automatic instance handling during hypervisor maintenance (see above), which rely on the virtual machine tags to make decisions.
Operational Excellence Through Smarter and Safer Cluster Updates
MOSK 25.1 introduces a comprehensive graphical interface for managing cluster updates, making the upgrade process more intuitive, streamlined, and efficient. This new interface visually represents the ClusterUpdatePlan API, allowing cloud operators to plan, execute, and troubleshoot updates with minimal risk of errors. Operators can track update progress in real-time, receive notifications when attention is needed, and manage multiple updates in parallel, ensuring full visibility and control over MOSK cluster lifecycle management.
The ClusterUpdatePlan API now also features automated impact and duration estimation, reducing the need for manual assessments. By dynamically analyzing the specific MOSK cluster architecture and target release data, this functionality provides operators with a forecast of update times and potential disruptions, helping them better plan and minimize downtime.
To further enhance update safety, MOSK lifecycle managementcan now automatically pause an updateif anoperator-defined critical alert is triggered. This prevents potentially disruptive changes from propagating, ensuring that cloud operators have the opportunity to address underlying issues before continuing the update process.
Comprehensive graphical user interface for MOSK cluster updates
Strengthening Data Protection and Compliance
MOSK 25.1 introduces several security enhancements to strengthen data protection, ensure compliance, and minimize operational risks.
Automatic OpenStack DB backups can now be securely stored in a remote S3 bucket, and not only NFS. To meet security compliance requirements, backup data can now be protected with symmetric envelope encryption, where the key-encryption key (KEK) is securely stored within a Kubernetes secret. This ensures that sensitive database backups remain encrypted both locally and in remote storage, providing an extra layer of security for enterprise environments.
In response to growing security concerns, MOSK has undergone a series of improvements to align with CIS security benchmarks for Docker and Mirantis Kubernetes Engine (MKE). Additionally, the transition to Ubuntu 22.04 as the default host operating system has significantly improved compliance, passing approximately 90% of CIS Ubuntu benchmark controls.
Further strengthening infrastructure security, SSL certificates for Ceph S3/Swift API must now be stored as Kubernetes secrets rather than being openly included in the cluster configuration, reducing the risk of unintended exposure. Cloud operators will need to update their Ceph configurations manually to adopt this more secure approach.
With these advancements, MOSK 25.1 reinforces its commitment to delivering a secure, compliant, and enterprise-ready OpenStack solution, addressing critical security needs while maintaining operational flexibility.
Conclusion
MOSK 25.1 marks a significant step forward in modernizing OpenStack on Kubernetes, delivering stronger networking capabilities, refined operational controls, and a security-first approach. With seamless integration of OpenSDN, OVN, and enhanced automation tools, cloud operators can achieve greater efficiency and control over their infrastructure, while users and workloads can enjoy the resiliency of the cloud infrastructure they rely on.
But we haven’t just been focusing on making Mirantis OpenStack for Kubernetes more modern and robust than ever — Mirantis has also been strategically taking steps towards making private cloud infrastructure more open and transparent. Open source has been at the core of our business since the beginning, and our commitment to open-source innovation is now reinforced by the launch of Rockoon, an open-source Kubernetes controller designed to simplify the deployment and lifecycle management of containerized OpenStack services in Kubernetes environments. MOSK 25.1 and all the previous releases have the Rockoon controller at their heart, therefore getting this core module published brings Mirantis one step further towards providing a completely transparent private cloud infrastructure.
To learn more about MOSK 25.1, view the release notes.
