We are heading for Victoria

Mikael Nerde OpenStack Leave a Comment

We are continuously working to improve our public and Compliant Cloud. As we have designed our platform on OpenStack, version updates are an essential part of our improvement path.

As usual, each major version upgrade comes with plenty of bug fixes and stability improvements, which is true this time around as well. We see this as a sign of the maturity of OpenStack. At this time a lot of projects have their fundamental functionality in place and it is nice to see the overall stability improving iteratively.

For the updates in 2021, we will move on to the Victoria release, which means a jump of two major revisions. We will still benefit from the improvements made in the Ussuri release of course. For Victoria, we see a lot of ”operator improvements”. These improvements, at a glance, aren’t visible for the end-users, i.e. you as a customer, but will give us as a platform designer and enabler better tools to deliver a stable, secure and more robust infrastructure service to you.

Version references

Ussuri https://releases.openstack.org/ussuri/highlights.html
Victoria https://releases.openstack.org/victoria/highlights.html

Selected highlights relevant for City Network customers

  1. Significant improvements to the reliability of the core infrastructure layer.
  2. Major enhancements in relation to security- and encryption capabilities.
  3. Extended versatility to deliver support for new and emerging use cases
  4. Additional support for diverse architectures and standards.
  5. Progressive solutions for complex networking issues.

Key areas

Significant improvements to the reliability of the core infrastructure layer

With each new OpenStack release, we see that the core infrastructure layer is improved even further, as with every new OpenStack release, the reliability of the core infrastructure layer has the most priority. This applies to the Victoria release also; for the release called ‘Ussuri’, OpenStack included over 24,000 code changes by more than 1,000 developers from 188 different organizations from over 50 countries.

OpenStack is supported by a global open source community and at this pace, it continues to be one of the top three open-source projects in the world in terms of active contributions, alongside the Linux kernel and the Chromium project.

Major enhancements to security and encryption capabilities

Besides the ongoing improvements in regards to the reliability of the core infrastructure layer, also enhancements to the security- and encryption capabilities have been added, which will allow us to offer storage encryption early in the year. We see Nova (Compute Service) added support for cold migration and resizing servers between Nova cells. Also, additional support for IPv6 was added in with Ussuri, which City Network will benefit further from as we are currently rolling out IPv6 in all regions.

Extended versatility to deliver support for new and emerging use cases

Octavia (OpenStack Network Load Balancing) added support for deploying load balancers in specific availability zones, which enables the deployment of load balancing capabilities to edge environments. This is something we will implement fully in the second half of 2021.

Along with the Kubernetes version upgrade support, Magnum (Container Infrastructure Management Service) added the support to upgrade the operating system of Kubernetes clusters, including both master- and worker nodes.

Additional support for diverse architectures and standards

  • Octavia now supports HTTP/2 over TLS using Application Layer Protocol Negotiation (ALPN), as well as allows specifying minimum TLS versions accepted for listeners and pools.
  • Removal of Python2 is something that has been worked on for a couple of cycles, and a lot of projects have now fully dropped that support.

Solutions for complex networking issues

  • Neutron now provides metadata service over IPv6. Users can now use metadata service without config drive in IPv6-only networks. Neutron has also added support for flat networks for Distributed Virtual Routers (DVR), Floating IP port forwarding for the OVN backend, and router availability zones in OVN, which is an important part of our future development beyond 2021.
  • Octavia load balancer pools now support version two of the PROXY protocol. This allows passing client information to member servers when using TCP protocols. PROXYV2 improves the performance of establishing new connections using the PROXY protocol to member servers, especially when the listener is using IPv6.

OpenStack Modules in focus

Below is a list of selected improvements and changes that will take place with the upgrade to Victoria in City and Compliant Cloud specifically.

Octavia

  • Users can now specify the TLS ciphers acceptable for listeners and pools. This will allow load balancers to enforce security compliance requirements.
  • Octavia provider drivers can now offer HTTP/2 over TLS (protocol negotiation via ALPN) to clients.
  • Two new types of health monitoring are now valid for UDP listeners. Both HTTP and TCP check types can now be used.

Neutron

  • Neutron API now allows tagging resources directly in the POST request
  • Add a new field description to the PortForwarding resource.
  • Address scope is now supported via the network RBAC mechanism
  • Subnetpool is now supported via the network RBAC mechanism.

Magnum

  • Add a new label named master_lb_allowed_cidrs to control the IP ranges which can access the Kubernetes API and etcd load balancers of the master. To get this feature, the minimum version of Heat is Ussuri and the minimum version of Octavia is Train.
  • Magnum now cascade deletes all the load balancers before deleting the cluster, not only including load balancers for the cluster services and ingresses, but also those for Kubernetes API/etcd endpoints.
  • New labels to support containerd as a runtime.
  • Along with the Kubernetes version upgrade support just released, adding the support to upgrade the operating system of the k8s cluster (including master and worker nodes). It’s an in-place upgrade leveraging the atomic/ostree upgrade capability.

Heat

  • Properties of the VPNaaS OS::Neutron::IKEPolicy resource can now be updated in place.
  • Support for a lot of Octavia resources has been added.

Trove

Trove has been picking up some serious pace lately and a lot of progress is currently happening inside the project. For example, a new architecture is now in place where the database services are running inside Docker containers on the Trove instances. The stability in general, core features for this service is in place and the number of supported database engines is increasing as well.

It is our intent to deploy this service in City Cloud and Compliant Cloud in 2021. Initially, three database engines will be supported: default MySQL 5.7 version, all MariaDB 11.4 versions, and Postgres 12.4. We will communicate more details as we get closer to deployment.

Endnote

So, again in this new OpenStack release, the Cloud infrastructure has been further improved and extended with new features. OpenStack still is the most extensive and reliable open-source cloud infrastructure solution available today. With features further extended, it is becoming suitable for more and more use cases. 

City Network is confident we are building a very competitive and feature-rich infrastructure service with OpenStack and, of course, with full regulatory compliance by design.