Cozystack v0.38: Virtual Private Cloud, VNC Console, Configurable Worker K8s Versions, and HTTPS Enforcement

Cozystack v0.38: Virtual Private Cloud, VNC Console, Configurable Worker K8s Versions, and HTTPS Enforcement

Version 0.38 brings network isolation capabilities, improved VM access, and security hardening across the platform.

Major Features and Improvements

Virtual Private Cloud (VPC)

The headline feature of v0.38 is VPC support with Multus CNI integration. Operators can now create isolated virtual networks with:

  • Subnet management for fine-grained network layout.
  • Network isolation between tenants at the network level.
  • Full integration with the Cozystack dashboard for VPC lifecycle management.

VNC Console for VMs

Virtual machines now have a VNC console accessible directly from the dashboard, enabling graphical access to VMs without external tools.

Configurable Kubernetes Worker Versions

Operators can now independently configure Kubernetes versions for worker nodes in tenant clusters, enabling gradual rollouts and version pinning.

Security Hardening

  • HTTPS-only enforcement for the Cozystack API.
  • Closed Flux Operator ports to external access.
  • Redis security image updates.

Component Updates

  • LINSTOR v1.32.3
  • Talos Linux v1.11.3
  • Kube-OVN v1.14.11
  • Piraeus Operator v2.10.1
  • MariaDB Operator updated

Fixes (v0.38.1–v0.38.8)

Key fixes across 8 patch releases include:

  • Extended SeaweedFS CA certificate duration.
  • Aligned CoreDNS app labels with Talos defaults.
  • Updated piraeus-operator v2.10.2 for reliable fsck checks.
  • Windows VM nodeAffinity scheduling support.
  • SeaweedFS updated to v4.02.
  • Removed Multus memory limit due to unpredictable startup memory spikes.

All changes: v0.38.0, v0.38.1, v0.38.2, v0.38.3, v0.38.4, v0.38.5, v0.38.6, v0.38.7, v0.38.8

Join the community