Mirantis named a Challenger in 2024 Gartner® Magic Quadrant™ for Container Management  |  Learn More

< BLOG HOME

Introducing Mirantis OpenStack for Kubernetes (MOSK) 24.1

Artem Andreev - March 05, 2024
image

The latest version of MOSK empowers users to run ever more complex and demanding workloads with confidence

Mirantis OpenStack for Kubernetes (MOSK) 24.1 introduces full support for OpenStack Antelope. it offers a leap forward in cloud capabilities, streamlines OpenStack version upgrades, and refines the operator experience. MOSK also provides GPU virtualization, enhancing support for AI and other compute-intensive applications.

Incorporating much recent customer feedback, MOSK 24.1 is designed to meet the sophisticated demands of today's dynamic cloud environments, ensuring robust security, operational efficiency, and a superior user experience. (If you’re unfamiliar with OpenStack, you may want to read our companion blog first: “What is OpenStack, what is MOSK, and why do you care?”)

Simplifying GPU virtualization

MOSK 24.1 introduces a technical preview of GPU virtualization, a capability enabling the division of a single physical GPU into multiple virtual devices, that can be then individually attached to virtual machines (VMs).

Why’s that important? GPU boards are expensive. Prices for NVIDIA’s top-of-the-line H100 Tensor Core deep learning boards topped $40,000 USD in mid-February. The run on GPUs is being driven by many use-cases such as 3D modeling, rendering, and probably most importantly - the widespread desire to implement secure enterprise AI by self-hosting open-source generative AI models.

As organizations hustle to equip datacenters for AI hosting, GPU virtualization helps control costs while letting more teams and business units leverage scarce GPU hardware. The new feature in MOSK 24.1 lets users share out limited physical GPU board capacity across many workloads, belonging to multiple tenants.

GPU virtualization in MOSK supports both NVIDIA time-sliced vGPU and Multi-Instance GPU (MIG) modes, the latter one primarily available from the Ampere architecture onwards. Time-sliced mode allows for dynamic allocation of GPU resources, where virtual GPUs share physical computing engines but are allocated dedicated memory slices. This mode is beneficial for maximizing resource utilization but may lead to performance variability due to resource contention among virtual GPUs.

On the other hand, Multi-Instance GPU (MIG) mode offers users a more isolated environment by dedicating physical GPU engines to each virtual GPU device, allowing them to run in parallel. This ensures predictable performance and better resource isolation, making it suitable for workloads requiring consistent computational power.

MOSK 24.1 offers cloud operators a validated end-to-end configuration path to enable NVIDIA GPUs in both vGPU and MIG modes. Mirantis has also improved the Compute service (OpenStack Nova) implementation to simplify the configuration and management of virtual GPU devices in the runtime. Some updates are, in fact, not yet available in upstream OpenStack Antelope.

Full support for OpenStack Antelope

MOSK 24.1 includes full support for the OpenStack Antelope (2023.1) release, enhancing the capabilities of cloud deployments whether they are built on Open vSwitch or Tungsten Fabric networking, and applies to both new and existing clouds. Antelope is a significant step forward in OpenStack’s evolution, introducing a range of new features that enhance the cloud computing experience.

A standout advance in this release is the ability to upgrade directly from OpenStack Yoga to Antelope, sidestepping the Zed release entirely. This leapfrogging capability is made possible through the innovative “SLURP” (Skip Level Upgrade Release Process) technique, announced by the community in late 2022.

The adoption of SLURP in MOSK signifies a shift towards more streamlined, effort-reducing upgrade paths. By supporting direct upgrades that skip intermediate releases, Mirantis not only minimizes the operational overhead associated with staying current but also facilitates quicker access to the latest features and improvements.

Among the most interesting features that become available in MOSK after upgrading to Antelope:

  • DNS-as-a-Service - OpenStack Designate zones can now be shared across multiple projects. This not only allows two or more projects to manage recordsets in the zone but enables “Classless IN-ADDR.ARPA delegation” (RFC 2317) which allows IP address DNS PTR record assignment in smaller blocks without creating a DNS zone per address.

  • Load Balancing - OpenStack Octavia now sends notifications about major events in the life cycle of a load balancer. For now, only loadbalancer.<create|update|delete>.end events are supported.

  • Networking - A new QoS rule type: “Packets per Second” – is now available in OpenStack Neutron.

  • Compute - OpenStack Nova lets administrators unshelve an instance to a specific host. In addition, a cloud user can only import a public key and not generate a complete key pair. 

  • Shared Filesystems - While creating their share snapshots in OpenStack Manila, cloud users can now specify metadata that can later be used to filter snapshots.

Running modern Windows in the cloud

MOSK 24.1 introduces several new features that simplify running the latest Windows OSes in the cloud. We regularly test such guest systems against various configurations and usage scenarios, so you can now expect their smooth operation out-of-the-box. We've also updated our user guide to help you get started with spinning up Windows instances.

UEFI booting for virtual machines now also works out of the box, saving you a lot of time to look for the right combination of emulated BIOS firmware and settings, making it easier to onboard applications built for modern Windows.  In addition, MOSK supports Secure Boot, which is a feature of BIOS that helps to keep malicious software from messing with your system startup and is mandatory for example, for Windows 11. Enabling Secure Boot for MOSK instances is straightforward – just tell your cloud users to adjust a few properties on their source images. 

Windows advanced security features often require a Trusted Platform Module (TPM), a secure crypto-processor normally implemented in hardware. We've made it easy to offer it to virtual machines: TPM emulation is ready to go in MOSK 24.1.

Last, but not least, upgrading to MOSK 24.1 with OpenStack Antelope enables the “Hyper-V Enlightenments” feature in Compute service (Nova), which makes it easier for Windows guests to deal with KVM paravirtualization by making them think they’re running on top of a Hyper-V hypervisor.

Overcoming limitations of VNC consoles with SPICE

Historically, VNC protocol has dominated as the standard mechanism for remote access to OpenStack virtual machine consoles. MOSK 24.1 introduces SPICE (Simple Protocol for Independent Computing Environments) – which offers an advanced alternative to VNC addressing several of its limitations. SPICE provides better multi-monitor, audio, clipboard, and video streaming support, making it a strong candidate for those seeking more from their remote desktop experience.

You can choose to have both VNC and SPICE or to disable either protocol entirely, based on the needs or security requirements. This choice is particularly relevant for operators concerned with VNC's security, as SPICE offers an alternative that could better fit stringent security standards.

Enabling Operational Excellence

Significant strides have been made to improve the cloud operator experience in MOSK 24.1, streamlining cluster management and enhancing reliability.

One notable improvement is the ability to move cluster machines out of Mirantis Container Cloud lifecycle management control. This flexibility is crucial for maintaining cloud stability, especially in large deployments where previously a single faulty server could disrupt a MOSK cluster update. By decoupling problematic nodes on the fly, you can prevent unexpected downtime and ensure smoother cluster update paths.

Addressing concerns around workload downtime, MOSK now allows you to precisely control the restart of Open vSwitch components during cluster updates. You can now schedule the data plane restarts strategically, live-migrating critical instances as needed to minimize disruption.

On the security front, Mirantis’s logging-monitoring-alerting solution, StackLight, has been enhanced to monitor the last rotation date of OpenStack administrator and service credentials, offering configurable alerts to remind you of upcoming rotations. This feature supports adherence to stringent password security policies, ensuring cloud environments remain secure and compliant.

Finally, MOSK 24.1 introduces the option to remove the Tungsten Fabric analytics service from already running MOSK clusters. This move, driven by customer feedback indicating minimal demand for the functionality, allows for significant cost savings by eliminating the need for additional server resources dedicated to the analytics service.

Security enhancements

A key area of enhancement has been in addressing a bunch of minor vulnerabilities within the Helm charts used by MOSK for lifecycle management. The team has meticulously worked to identify and fix all the issues, underscoring Mirantis' commitment to providing a secure platform, that allows our customers to achieve the goal of running a cloud environment free from any issues, highlighting the importance of security, regardless of the severity or exploitability of potential vulnerabilities.

Additionally, the MOSK team has taken significant steps to tighten security around Kubernetes pods that run OpenStack services. The introduction of more restrictive network policies is a direct response to meet the stringent requirements of our security-conscious customers.

To learn more about MOSK 24.1, please read the release notes. Our MOSK TCO calculator will give you an approximation of how much you can save by moving to Mirantis OpenStack for Kubernetes (e.g., from VMware). If you’re interested in a deeper dive into MOSK benefits, please contact us!

Artem Andreev

Artem Andreev is Mirantis Staff Product Manager for Mirantis OpenStack for Kubernetes.

Choose your cloud native journey.

Whatever your role, we’re here to help with open source tools and world-class support.

GET STARTED