v7.2.0: Release 7.2.0

New Features

• The Keystone-Keycloak identity driver now uses service account authentication
  (client credentials) instead of username and password. The keystone
  Keycloak client now has service accounts enabled and the necessary
  realm-management roles to read users and groups.

Upgrade Notes

• The default Magnum Kubernetes images now use versions 1.32.10, 1.33.7, and
  1.34.3.

• The libvirt-tls-sidecar image moved from ghcr.io/vexxhost/atmosphere
  to ghcr.io/vexxhost/libvirt-tls-sidecar. This change uses an official
  image with a stable version tag.

• The pod-tls-sidecar image moved from registry.atmosphere.dev to
  ghcr.io/vexxhost/pod-tls-sidecar. This change centralizes the
  image location and uses a stable version tag.

Bug Fixes

• The Octavia health manager now preserves Kubernetes DNS configuration
  by preventing the Dynamic Host Configuration Protocol (DHCP) client
  from modifying /etc/resolv.conf.

• The Placement API now uses 4 uWSGI processes by default instead of 1,
  improving request handling capacity and aligning with other OpenStack
  services like Octavia.

v6.6.0: Release 6.6.0

New Features

• The Keystone-Keycloak identity driver now uses service account authentication
  (client credentials) instead of username and password. The keystone
  Keycloak client now has service accounts enabled and the necessary
  realm-management roles to read users and groups.

Upgrade Notes

• The default Magnum Kubernetes images now use versions 1.32.10, 1.33.7, and
  1.34.3.

• The libvirt-tls-sidecar image moved from ghcr.io/vexxhost/atmosphere
  to ghcr.io/vexxhost/libvirt-tls-sidecar. This change uses an official
  image with a stable version tag.

• The pod-tls-sidecar image moved from registry.atmosphere.dev to
  ghcr.io/vexxhost/pod-tls-sidecar. This change centralizes the
  image location and uses a stable version tag.

Bug Fixes

• The Octavia health manager now preserves Kubernetes DNS configuration
  by preventing the Dynamic Host Configuration Protocol (DHCP) client
  from modifying /etc/resolv.conf.

• The Placement API now uses 4 uWSGI processes by default instead of 1,
  improving request handling capacity and aligning with other OpenStack
  services like Octavia.

v5.6.0: Release 5.6.0

New Features

• The Keystone-Keycloak identity driver now uses service account authentication
  (client credentials) instead of username and password. The keystone
  Keycloak client now has service accounts enabled and the necessary
  realm-management roles to read users and groups.

Upgrade Notes

• The default Magnum Kubernetes images now use versions 1.32.10, 1.33.7, and
  1.34.3.

• The libvirt-tls-sidecar image moved from ghcr.io/vexxhost/atmosphere
  to ghcr.io/vexxhost/libvirt-tls-sidecar. This change uses an official
  image with a stable version tag.

• The pod-tls-sidecar image moved from registry.atmosphere.dev to
  ghcr.io/vexxhost/pod-tls-sidecar. This change centralizes the
  image location and uses a stable version tag.

Bug Fixes

• The Octavia health manager now preserves Kubernetes DNS configuration
  by preventing the Dynamic Host Configuration Protocol (DHCP) client
  from modifying /etc/resolv.conf.

• The Placement API now uses 4 uWSGI processes by default instead of 1,
  improving request handling capacity and aligning with other OpenStack
  services like Octavia.

v7.1.1: Release 7.1.1

New Features

• The Ceph CSI driver now supports external Ceph clusters without
  requiring SSH access to the Ceph monitors. You can configure this by
  setting the ceph_csi_rbd_ceph_fsid, ceph_csi_rbd_monitors, and
  ceph_csi_rbd_keyring variables. When you define these variables,
  the role skips the SSH-based discovery and user creation tasks.

• The Kubernetes version is now configurable using the
  atmosphere_kubernetes_version variable. You can deploy
  Kubernetes clusters with different versions without modifying the
  playbook directly.

Security Issues

• This update modifies the storage of the Ceph RGW Keystone authentication password,
  transitioning from a ConfigMap to a Kubernetes Secret for enhanced security.

Other Notes

• All container images now use external repositories at ghcr.io/vexxhost
  instead of the Atmosphere repository. The images for OVN, Open vSwitch,
  libvirt, and all OpenStack services have dedicated repositories with
  independent versioning and release cycles. This change improves
  maintainability and removes all image build infrastructure from
  Atmosphere.

v6.5.1: Release 6.5.1

New Features

• The Ceph CSI driver now supports external Ceph clusters without
  requiring SSH access to the Ceph monitors. You can configure this by
  setting the ceph_csi_rbd_ceph_fsid, ceph_csi_rbd_monitors, and
  ceph_csi_rbd_keyring variables. When you define these variables,
  the role skips the SSH-based discovery and user creation tasks.

• The Kubernetes version is now configurable using the
  atmosphere_kubernetes_version variable. You can deploy
  Kubernetes clusters with different versions without modifying the
  playbook directly.

Security Issues

• This update modifies the storage of the Ceph RGW Keystone authentication password,
  transitioning from a ConfigMap to a Kubernetes Secret for enhanced security.

Other Notes

• All container images now use external repositories at ghcr.io/vexxhost
  instead of the Atmosphere repository. The images for OVN, Open vSwitch,
  libvirt, and all OpenStack services have dedicated repositories with
  independent versioning and release cycles. This change improves
  maintainability and removes all image build infrastructure from
  Atmosphere.

v5.5.1: Release 5.5.1

New Features

• The Ceph CSI driver now supports external Ceph clusters without
  requiring SSH access to the Ceph monitors. You can configure this by
  setting the ceph_csi_rbd_ceph_fsid, ceph_csi_rbd_monitors, and
  ceph_csi_rbd_keyring variables. When you define these variables,
  the role skips the SSH-based discovery and user creation tasks.

• The Kubernetes version is now configurable using the
  atmosphere_kubernetes_version variable. You can deploy
  Kubernetes clusters with different versions without modifying the
  playbook directly.

Security Issues

• This update modifies the storage of the Ceph RGW Keystone authentication password,
  transitioning from a ConfigMap to a Kubernetes Secret for enhanced security.

Other Notes

• All container images now use external repositories at ghcr.io/vexxhost
  instead of the Atmosphere repository. The images for OVN, Open vSwitch,
  libvirt, and all OpenStack services have dedicated repositories with
  independent versioning and release cycles. This change improves
  maintainability and removes all image build infrastructure from
  Atmosphere.

v7.1.0: Release 7.1.0

New Features

• The Ceph CSI driver now supports external Ceph clusters without
  requiring SSH access to the Ceph monitors. You can configure this by
  setting the ceph_csi_rbd_ceph_fsid, ceph_csi_rbd_monitors, and
  ceph_csi_rbd_keyring variables. When you define these variables,
  the role skips the SSH-based discovery and user creation tasks.

• The Kubernetes version is now configurable using the
  atmosphere_kubernetes_version variable. You can deploy
  Kubernetes clusters with different versions without modifying the
  playbook directly.

Security Issues

• This update modifies the storage of the Ceph RGW Keystone authentication password,
  transitioning from a ConfigMap to a Kubernetes Secret for enhanced security.

Other Notes

• All container images now use external repositories at ghcr.io/vexxhost
  instead of the Atmosphere repository. The images for OVN, Open vSwitch,
  libvirt, and all OpenStack services have dedicated repositories with
  independent versioning and release cycles. This change improves
  maintainability and removes all image build infrastructure from
  Atmosphere.

v6.5.0: Release 6.5.0

New Features

• The Ceph CSI driver now supports external Ceph clusters without
  requiring SSH access to the Ceph monitors. You can configure this by
  setting the ceph_csi_rbd_ceph_fsid, ceph_csi_rbd_monitors, and
  ceph_csi_rbd_keyring variables. When you define these variables,
  the role skips the SSH-based discovery and user creation tasks.

• The Kubernetes version is now configurable using the
  atmosphere_kubernetes_version variable. You can deploy
  Kubernetes clusters with different versions without modifying the
  playbook directly.

Security Issues

• This update modifies the storage of the Ceph RGW Keystone authentication password,
  transitioning from a ConfigMap to a Kubernetes Secret for enhanced security.

Other Notes

• All container images now use external repositories at ghcr.io/vexxhost
  instead of the Atmosphere repository. The images for OVN, Open vSwitch,
  libvirt, and all OpenStack services have dedicated repositories with
  independent versioning and release cycles. This change improves
  maintainability and removes all image build infrastructure from
  Atmosphere.

v5.5.0: Release 5.5.0

New Features

• The Ceph CSI driver now supports external Ceph clusters without
  requiring SSH access to the Ceph monitors. You can configure this by
  setting the ceph_csi_rbd_ceph_fsid, ceph_csi_rbd_monitors, and
  ceph_csi_rbd_keyring variables. When you define these variables,
  the role skips the SSH-based discovery and user creation tasks.

• The Kubernetes version is now configurable using the
  atmosphere_kubernetes_version variable. You can deploy
  Kubernetes clusters with different versions without modifying the
  playbook directly.

Security Issues

• This update modifies the storage of the Ceph RGW Keystone authentication password,
  transitioning from a ConfigMap to a Kubernetes Secret for enhanced security.

Other Notes

• All container images now use external repositories at ghcr.io/vexxhost
  instead of the Atmosphere repository. The images for OVN, Open vSwitch,
  libvirt, and all OpenStack services have dedicated repositories with
  independent versioning and release cycles. This change improves
  maintainability and removes all image build infrastructure from
  Atmosphere.

v4.11.0: Release 4.11.0

New Features

• The Kubernetes version is now configurable using the
  atmosphere_kubernetes_version variable. You can deploy
  Kubernetes clusters with different versions without modifying the
  playbook directly.

Upgrade Notes

• Bump the Cluster API driver for Magnum from 0.33.0 to 0.34.2
  to improve stability, fix bugs and add new features.

• Bump the Open vSwitch Helm charts in OpenStack-Helm from version 1.1.0
  to 1.2.0.

Security Issues

• This update modifies the storage of the Ceph RGW Keystone authentication password,
  transitioning from a ConfigMap to a Kubernetes Secret for enhanced security.

Bug Fixes

• Ensures the OpenStack Resource Controller runs only on control-plane nodes.

Other Notes

• All container images now use external repositories at ghcr.io/vexxhost
  instead of the Atmosphere repository. The images for OVN, Open vSwitch,
  libvirt, and all OpenStack services have dedicated repositories with
  independent versioning and release cycles. This change improves
  maintainability and removes all image build infrastructure from
  Atmosphere.