2023.2 Series Release Notes¶
To make sure better have backward compatibility, we set specific rule to allow admin perform all actions. This will apply on part of APIs in * Cluster * Cluster Template * federation
The Magnum service now allows enables policies (RBAC) new defaults and scope checks. These are controlled by the following (default) config options in
[oslo_policy] enforce_new_defaults=False enforce_scope=False
We will change the default to True in 2024.1 (Caracal) cycle. If you want to enable them then modify both values to True.
Deprecate the use of os_distro ‘coreos’ with COE ‘kubernetes’. CoreOS (not Fedora CoreOS) has been EOL since 2020-05-26. Users using COE ‘kubernetes’ are encouraged to migrate to Fedora CoreOS and the ‘fedora-coreos’ driver. ‘coreos’ driver will be removed in a future Magnum verison.
Deprecate the Docker Swarm COE (‘swarm’ and ‘swarm-mode’). Docker Swarm relies on Fedora Atomic OS which has been EOL. Users are encourged to use the ‘kubernetes’ COE as it is better supported.
Due to the lack of maintainers for the Fedora Kubernetes Ironic driver, it has been deprecated. Users are encouraged to use the Fedora CoreOS Kubernetes VM driver to create their Kubernetes clusters.
PodSecurityPolicy has been removed in Kubernetes v1.25 . To allow Magnum to support Kubernetes v1.25 and above, PodSecurityPolicy Admission Controller has has been removed.
This means that there is a behaviour change in Cluster Templates created after this change, where new Clusters with such Cluster Templates will not have PodSecurityPolicy. Please be aware of the subsequent impact on Helm Charts, etc.
We have corrected the authentication scope in Magnum drivers when authenticating to create certs, so that trusts can work properly. This will change the authenticated user from trustee to trustor (as trusts designed for). This change affects all drivers that inherit from common Magnum drivers (Heat drivers). If you have custom policies that checks for trustee user, you will need to update them to trustor.
Remove checking cluster user from rules in default policy for Certificate APIs to reflect recent fixes (https://review.opendev.org/c/openstack/magnum/+/889144).
We are dropping mesos for the lack of support/test and no usage from the community.