Turn animation on/off

Sovereign Cloud Stack Release 7 released

Turnkey cloud computing – Sovereign Cloud Stack releases version 7

Berlin, 11 September 2024: Turnkey cloud computing – Sovereign Cloud Stack releases version 7

The Sovereign Cloud Stack (SCS) provides all the cloud technology fundamentals needed to achieve digital sovereignty and implement open source strategies. SCS thus offers a digitally sovereign, secure, complete, standardised and open virtualisation solution and container layer as the basis for all containerised applications. The software implements all SCS standards that have been developed with users and operators and are certifiable. After several years of practical use, a considerable amount of knowledge and experience is now available, particularly for operation.

SCS Turnkey Solution

An important focus in the development cycle for Release 7 (R7) was to integrate the various modular software components more closely in order to make it easier for operators to use the complete SCS software stack. In addition to improvements in installation automation, an end-to-end installation guide covering all essential components is particularly noteworthy. Part of the integration work also includes a central API that centrally bundles the functionality of user management, virtualisation and container layers and is available as a technical preview.

Strengthening upstream technologies

SCS would be inconceivable without technologies such as Linux, Ceph, OpenStack and Kubernetes. The employees of the SCS community (both the project team at OSBA and contractors or users) are active members of the relevant upstream communities and contribute to the technology there. The SCS project strategically avoids making such improvements only in its own implementation, but attaches great importance to a joint approach with the upstream technology community. The process is sometimes slower, but always more sustainable. Current examples of this are contributions to the domain manager role in OpenStack, the distribution of Kubernetes control plane nodes to different hosts in the cluster API provider for OpenStack, and the end-to-end encryption of internal connections in Kolla Ansible. Both examples will lead to improvements in the next release and are not yet included in R7.

Current software

SCS R7 comes with the latest OpenStack (2024.1 Caracal), which can be run on various Linux distributions. Ubuntu 22.04 LTS continues to be supported, and now Ubuntu 24.04 LTS, Debian 12 and CentOS Stream 9 (and thus also RHEL9) are also supported. Support for VPN as a service with modern OVN network virtualisation has been retrofitted and successfully validated. A new version of Ceph (Reef instead of the tried-and-tested Quincy) and deployment using Rook (instead of the tried-and-tested ceph-ansible) are available as technical previews.

The cluster stacks have undergone numerous improvements. The clusters are provided using the latest cluster API (v1.8) and the cluster API provider for OpenStack (v0.10), which has finally been marked as stable, and support the latest Kubernetes versions (v1.30/v1.31). The cluster stacks now allow the use of OCI registries to utilise custom versions of the cluster stacks. Custom node images can be easily created and stored on object storage for use. Use is now also possible if the infrastructure works with certificates that do not come from one of the preset TLS certification authorities.

In addition to being used on SCS-compliant infrastructure, cluster stacks are also increasingly being used on other clouds, such as the Hetzner Cloud. This strengthens the technology and proves that the approach is flexible. On SCS, Kamaji provides a technical preview in which the control planes of multiple workload clusters are combined into a single cluster, thereby saving resources.

The most important improvement under the hood is the so-called multi-stage add-ons. With their help, in the case of more complicated version upgrades, for example, the version dependencies of different components can be mapped cleanly, ensuring seamless availability of the cluster even in this scenario. With the improvements in Cluster Stacks technology, the old Kubernetes-as-a-Service v1 technology is no longer being maintained – the switch to Cluster Stacks is therefore strongly recommended for all users.

Operational aspects and safety

The OpenStack Health Monitor has proven itself in monitoring the virtualisation layer. The code was outdated and has been reimplemented. Similar to the monitoring of the container layer, it is now based on modern technology. This makes further development and maintenance much easier to ensure.

Another significant investment in securing the technology was made with the help of dedicated penetration testers. These tests were automated in a CI pipeline so that they can be performed regularly as a routine or when changes need to be validated. This continuous security testing is an important contribution to defending against increasing risks in cyberspace.

SCS compliant thanks to open standards

In addition to work on the reference implementations, progress was also made in the area of standardisation and certification. This enabled be shown in May, that Yaook, an implementation other than the SCS reference implementation, was able to achieve SCS-compatible IaaS v4 certification with manageable effort. Since the last release, new partners have also joined the List of SCS clouds Published: AOV, SysEleven, and, with proof-of-concept environments, KDO Service GmbH and Cloud&Heat Technologies GmbH; of which SysEleven also does not use the SCS reference implementation. In addition to automatic daily checks to ensure that operators' clouds are compliant with standards, the new SCS Compliance Monitor (currently in trial operation) also provides a detailed overview of individual tests that have passed or failed, ensuring transparency with regard to the fulfilment of optional or future requirements.

Further links

About the Sovereign Cloud Stack project

SCS has been funded by the Federal Ministry for Economic Affairs and Climate Protection (BMWK) since July 2021 and is based at the Open Source Business Alliance. An international ecosystem of over 25 companies with more than 50 software developers contributes to the success of the Sovereign Cloud Stack, in collaboration with the upstream communities at the OpenInfra Foundation, CNCF and others. The SCS project provides a reference implementation for a complete, production-ready cloud stack. In addition, open standards for a modern, federatable open source cloud and container platform are being jointly defined and implemented in an open development process using proven open source components. At the same time, operational knowledge and practices are made transparently accessible in order to minimise the difficulties involved in providing high-quality and secure cloud services. Six providers are already using SCS technology productively to operate sovereign and GDPR-compliant public cloud offerings. Further SCS-based cloud infrastructures (public and private clouds) are currently being set up. SCS also contributes to Gaia-X and provides the development platform for the Gaia-X Federation Services / Cross-Federation Service Components (GXFS/XFSC).

Further contributions:

Image with text: SCS News

Sovereign Cloud Stack: An interview with Lisa Seifert

Consultation process Germany Stack – Submission Forum Sovereign Cloud Stack standards of the Open Source Business Alliance e.V.

Image with text: SCS News

The EU Commission's Cloud Sovereignty Framework

Image with text: SCS News

Sovereign Cloud Stack R9 released

Six men receive certificates.

We award the first Sovereign Cloud Stack certificates

Image with text: SCS News

Sovereign Cloud Stack Training Courses