Networking on Cozystack

Cozystack 1.2: OpenSearch, VPC Peering, and Smarter Tenant Scheduling

Tue, 31 Mar 2026 00:00:00 +0000

Cozystack 1.2: OpenSearch, VPC Peering, and Smarter Tenant Scheduling

The Cozystack 1.2 release line is now available. v1.2.0 was published on March 27, 2026, and v1.2.1 followed on March 31, 2026.

This cycle expands the platform in three important directions: managed search and analytics, secure networking between tenant environments, and better control over where tenant workloads run. The follow-up v1.2.1 release focuses on safety and operational stability.

Main highlights

Managed OpenSearch in the application catalog

Cozystack 1.2 adds OpenSearch as a fully managed service. It supports OpenSearch v1, v2, and v3, can run in a multi-role topology, enables TLS by default, ships with built-in HTTP Basic authentication, and can optionally deploy OpenSearch Dashboards alongside the engine.

Cozystack v0.39: Topology-Aware Routing, Windows VM Scheduling, Talm Overhaul, and VMAgent for Tenants

Tue, 23 Dec 2025 00:00:00 +0000

Cozystack v0.39: Topology-Aware Routing, Windows VM Scheduling, Talm Overhaul, and VMAgent for Tenants

Version 0.39 enhances networking, scheduling, and the tooling around Cozystack infrastructure management.

Major Features and Improvements

Topology-Aware Routing for Cilium

Cilium services now support topology-aware routing, keeping traffic local to the same zone or region when possible. This reduces latency and cross-zone network costs.

Automatic Cilium Pod Rollouts

Cilium pods now automatically roll out when their configuration changes, eliminating the need for manual restarts after config updates.

Cozystack v0.38: Virtual Private Cloud, VNC Console, Configurable Worker K8s Versions, and HTTPS Enforcement

Tue, 25 Nov 2025 00:00:00 +0000

Cozystack v0.38: Virtual Private Cloud, VNC Console, Configurable Worker K8s Versions, and HTTPS Enforcement

Version 0.38 brings network isolation capabilities, improved VM access, and security hardening across the platform.

Major Features and Improvements

Virtual Private Cloud (VPC)

The headline feature of v0.38 is VPC support with Multus CNI integration. Operators can now create isolated virtual networks with:

Subnet management for fine-grained network layout.
Network isolation between tenants at the network level.
Full integration with the Cozystack dashboard for VPC lifecycle management.

VNC Console for VMs

Virtual machines now have a VNC console accessible directly from the dashboard, enabling graphical access to VMs without external tools.

Cozystack v0.19: Keycloak SSO, Dashboard Services View, KubeVirt v1.4, and MetalLB Update

Wed, 04 Dec 2024 00:00:00 +0000

Cozystack v0.19: Keycloak SSO, Dashboard Services View, KubeVirt v1.4, and MetalLB Update

Version 0.19 introduces identity management with Keycloak and significantly improves the dashboard experience.

Major Features and Improvements

Keycloak SSO Integration

Keycloak is now available as an optional platform component, providing:

Single Sign-On (SSO) for the Cozystack dashboard and Kubeapps.
Role-based access with configurable SSO roles.
Keycloak is optional and can be enabled per distro bundle.
Network policies included for secure Keycloak operation.

Dashboard Services View

Services are now visible in the dashboard, giving users a clear overview of their deployed managed services and their endpoints.

Cozystack v0.10: FerretDB, NATS, Network Policies for Tenant Isolation, and etcd Operator v0.4

Tue, 23 Jul 2024 00:00:00 +0000

Cozystack v0.10: FerretDB, NATS, Network Policies for Tenant Isolation, and etcd Operator v0.4

Version 0.10 expands the managed application catalog and adds critical multi-tenant security.

Major Features and Improvements

FerretDB

FerretDB — a MongoDB-compatible database backed by PostgreSQL — joins the application catalog. It includes automatic schema permissions and password generation.

NATS

NATS, a lightweight messaging system for cloud-native applications, is now available as a managed service.

Network Policies for Tenant Isolation

Network policies are now enforced to isolate tenants from each other at the network level. This is a critical security improvement for multi-tenant deployments.

Cozystack v0.7: Network Stabilization, DNS Fixes, etcd Autocompaction, and cozy.local Domain

Wed, 29 May 2024 00:00:00 +0000

Cozystack v0.7: Network Stabilization, DNS Fixes, etcd Autocompaction, and cozy.local Domain

Version 0.7 is a stability release that resolves critical networking issues in tenant Kubernetes clusters.

Major Features and Improvements

Network Stabilization

Updated Kube-OVN to v1.13.0 and Cilium to v1.15.5.
Resolved pod communication issues in tenant Kubernetes clusters by enabling BPF masquerade and tunnel-based routing.
Fixed externalTrafficPolicy: Cluster not working correctly.

DNS Fixes

Tenant clusters now receive the correct DNS servers. The cluster.local domain is no longer hardcoded in Kamaji, and a new cozy.local domain for the parent cluster enables services to be reached from tenant clusters via a single FQDN.

DIY: Create Your Own Cloud with Kubernetes (Part 2)

Fri, 05 Apr 2024 07:35:00 +0000

Author: Andrei Kvapil (Ænix)

Continuing our series of posts on how to build your own cloud using just the Kubernetes ecosystem. In the previous article, we explained how we prepare a basic Kubernetes distribution based on Talos Linux and Flux CD. In this article, we’ll show you a few various virtualization technologies in Kubernetes and prepare everything need to run virtual machines in Kubernetes, primarily storage and networking.

We will talk about technologies such as KubeVirt, LINSTOR, and Kube-OVN.

Configuring routing for MetalLB in L2 mode

Thu, 14 May 2020 00:00:00 +0000

Configuring routing for MetalLB in L2 mode

Not so far ago, I was faced with a quite unusual task of configuring routing for MetalLB. All would be nothing, since MetalLB usually does not require any additional configuration from user side, but in our case there is a fairly large cluster with a quite simple network configuration.

In this article I will show you how to configure source-based and policy-based routing for the external network on your cluster.