v2.6.1: Release 2.6.1

Bug Fixes

• Image publishing jobs fixed to correctly build and publish images again.

v1.15.1: Release 1.15.1

Bug Fixes

• Image publishing jobs fixed to correctly build and publish images again.

v7.0.0-beta.1: Release 7.0.0-beta.1

New Features

• Valkey service is now available on Atmosphere.
  This is required service for introduce Octavia Amphora V2 support.

• Add specific helm-toolkit patch on 0.2.78. This will allow DB drop and init job
  compatible with SQLAlchemy 2.0

• Octavia Amphere V2 is now supported and enable by default with Atmosphere.
  The Amphora V2 provider driver improves control plane resiliency.
  Should a control plane host go down during a load balancer provisioning
  operation, an alternate controller can resume the in-process provisioning
  and complete the request. This solves the issue with resources stuck in
  PENDING_* states by writing info about task states in persistent backend
  and monitoring job claims via jobboard.

• Add confluent-kafka Python package to OpenStack images to enable the use of Kafka for notifications.

• The Keystone role now supports additional parameters when creating the Keycloak realm to allow for the configuration of options such as password policy, brute force protection, and more.

• Added support for deploying the frr-k8s chart for BGP routing with
  OVN. Introduced the ovn_bgp_agent_enabled flag. When set to
  true, the frr-k8s chart will be automatically installed before
  OVN deployment.

• Add glance_image_tempfile_path variable to allow users for changing the temporary path for downloading images before uploading them to Glance.

• Keycloak is now configured to have the token-exchange and the admin-fine-grained-authz features enabled to allow for use of the OAuth Token Exchange protocol.

• The Keystone role now supports configuring multi-factor authentication for the users within the Atmosphere realm.

• Add Neutron plugins for neutron-dynamic-routing and networking-generic-switch.
  These modules enable support for Neutron BGP agents and Ironic networking.

• Add support for Neutron policy check when perform port update with
  add address pairs. This will add a POST method /address-pair.
  It will check if both ports (to be paired) are created within same project.
  With this check, we can give non-admin user to operate address pair binding
  without risk on expose resource to other projects.

• The ovn-bgp-agent has been added to the chart. The ovn-bgp-agent
  is deployed as a DaemonSet within the OVN Helm chart.

• Add OVN BGP Agent image build.

• Introduced a new Rust-based binary ovsinit which focuses on handling the migration of IP addresses from a physical interface to an OVS bridge during the Neutron or OVN initialization process.

• Added udev rules for Pure Storage devices to optimize iSCSI LUN performance.
  The rules:
  - Set the I/O scheduler to none for improved throughput.
  - Reduce CPU usage by disabling entropy collection.
  - Balance CPU load by directing I/O completions to the originating CPU.
  - Increase the HBA timeout to 60 seconds for reliable I/O operations.

• Adding basic Atmosphere upgrade process.

• It is now possible to configure DPDK interfaces using the interface names in addition to
  possibly being able to use the pci_id to ease deploying in heterogeneous environments.

• All roles that deploy Ingress resources as part of the deployment
  process now support the ability to specify the class name to use for the
  Ingress resource. This is done by setting the
  <role>_ingress_class_name variable to the desired class name.

• Introduced the ability to specify a prefix for image names. This allows for
  easier integration with image proxies and caching mechanisms, eliminating
  the need to maintain separate inventory overrides for each image.

• It's now possible to use the default TLS certificates configured within the
  ingress by using the ingress_use_default_tls_certificate variable which
  will omit the tls section from any Ingress resources managed by
  Atmosphere.

• Barbican now supports multiple KEKs in configuration. The config value
  .conf.simple_crypto_plugin_rewrap.old_kek now accepts comma-separated strings for
  KEK lists, and multiple .conf.barbican.simple_crypto_plugin.kek values can now be
  specified. The first key in the comma-separated .conf.simple_crypto_plugin_rewrap.old_kek
  string is used for encrypting new data, while additional keys are used for decrypting
  existing data. This behavior is consistent with .conf.barbican.simple_crypto_plugin.kek.

• The Barbican role now allows users to configure the priorityClassName and the runtimeClassName for all of the different components of the service.

• Bump pxc-operator to 1.17.0 that improves observability, reliability, and monitoring.
  New features include HAProxy/ProxySQL stats endpoints, automatic backup queuing and
  suspension during cluster recovery, readiness/liveness probes,
  and Prometheus metrics for backups.

• Bump pxc-operator to 1.18.0 that improves observability, reliability, and monitoring.
  Improved backup retention for streamlined management of scheduled backups in cloud storage.

• The Storpool driver has been updated from the Bobcat release to the Caracal release.

• Upgraded OpenStack service containers from Ubuntu 22.04 (Jammy) to Ubuntu 24.04 (Noble).
  All images now run on the latest Ubuntu LTS release with improved security and
  enhanced system libraries.

• Upgraded OpenStack service containers from Python 3.10 to 3.12, delivering
  significant performance improvements and better memory management while
  maintaining backward compatibility.

• The Cinder role now allows users to configure the priorityClassName and the runtimeClassName for all of the different components of the service.

• The Designate role now allows users to configure the priorityClassName and the runtimeClassName for all of the different components of the service.

• Atmosphere previously deactivated the Keystone auth token cache due to bug
  https://tracker.ceph.com/issues/64094. This issue is now resolved upstream,
  making it safe to reactivate the cache in the new version of Ceph which
  includes the fix (18.2.7).

• The Atmosphere project now includes the Tap-as-a-Service (TaaS) extension for the OpenStack
  Neutron networking service. This feature introduces local and remote port mirroring
  capabilities, enabling tenants and cloud administrators to monitor and debug complex virtual
  networks by capturing and analyzing network traffic associated with virtual machines.

• Applied the same pod affinity rules used for OVN NB/SB sts's to northd deployment and
  changed the default pod affinity rules from preferred during scheduling to required
  during scheduling.

• The ovn-northd service did not have liveness probes enabled which can result in the pod failing readiness checks but not being automatically restarted. The liveness probe is now enabled by default which will restart any stuck ovn-northd processes.

• The Glance role now allows users to configure the priorityClassName and the runtimeClassName for all of the different components of the service.

• The Heat role now allows users to configure the priorityClassName and the runtimeClassName for all of the different components of the service.

• The Horizon role now allows users to configure the priorityClassName and the runtimeClassName for all of the different components of the service.

• The Ironic role now allows users to configure the priorityClassName and the runtimeClassName for all of the different components of the service.

• The Keystone role now allows users to configure the priorityClassName and the runtimeClassName for all of the different components of the service.

• The OpenStack database exporter has been updated and the collection of Octavia metrics happens through it only.

• Added alerting for amphoras to cover cases for when an Amphora becomes in ERROR state or not ready for an unexpected duration.

• The Magnum role now allows users to configure the priorityClassName and the runtimeClassName for all of the different components of the service.

• The Manila role now allows users to configure the priorityClassName and the runtimeClassName for all of the different components of the service.

• Adjust Neutron policy server to network scope checks for
  port update or delete operations. This will improve scope check when
  Neutron goes through policy for port update or delete when
  allowed-address-pair binding exists.

• The Neutron role now allows users to configure the priorityClassName and the runtimeClassName for all of the different components of the service.

• The Nova role now allows users to configure the priorityClassName and the runtimeClassName for all of the different components of the service.

• The Octavia role now allows users to configure the priorityClassName and the runtimeClassName for all of the different components of the service.

• The Open vSwitch container image now uses a more centralized location at
  ghcr.io/vexxhost/docker-openvswitch. This provides better
  maintainability and a dedicated repository for the Open vSwitch container
  images. The image now uses a specific version tag (v3.3.6-2) for
  better reproducibility and stability.

• Neutron now supports using the built-in DHCP agent when using OVN (Open Virtual Network)
  for cases when DHCP relay is necessary.

• Updated Open vSwitch images to use AVX-512 optimized builds for better performance on supported hardware.

• The Placement role now allows users to configure the priorityClassName and the runtimeClassName for all of the different components of the service.

• The ovn-controller image is now being pre-pulled on the nodes prior to the Helm chart being deployed. This will help reduce the time it takes to switch over to the new version of the ovn-controller image.

• The Staffeln role now allows users to configure the priorityClassName and the `runtimeCla...

v6.2.0: Release 6.2.0

New Features

• Bump pxc-operator to 1.17.0 that improves observability, reliability, and monitoring.
  New features include HAProxy/ProxySQL stats endpoints, automatic backup queuing and
  suspension during cluster recovery, readiness/liveness probes,
  and Prometheus metrics for backups.

• Bump pxc-operator to 1.18.0 that improves observability, reliability, and monitoring.
  Improved backup retention for streamlined management of scheduled backups in cloud storage.

• Updated Open vSwitch images to use AVX-512 optimized builds for better performance on supported hardware.

Upgrade Notes

• Bump the Cluster API driver for Magnum from 0.31.2 to 0.33.0
  to improve stability, fix bugs and add new features.

Bug Fixes

• Add missing mdevctl package for vGPU feature.

• Resolved an issue where Manila shares can become stuck in an ensuring state in certain failure scenarios. For more details, please refer to Launchpad bug 2102673.

v5.2.0: Release 5.2.0

New Features

• Bump pxc-operator to 1.17.0 that improves observability, reliability, and monitoring.
  New features include HAProxy/ProxySQL stats endpoints, automatic backup queuing and
  suspension during cluster recovery, readiness/liveness probes,
  and Prometheus metrics for backups.

• Updated Open vSwitch images to use AVX-512 optimized builds for better performance on supported hardware.

Upgrade Notes

• Bump the Cluster API driver for Magnum from 0.31.2 to 0.33.0
  to improve stability, fix bugs and add new features.

Bug Fixes

• Add missing mdevctl package for vGPU feature.

v4.8.0: Release 4.8.0

New Features

• Bump pxc-operator to 1.17.0 that improves observability, reliability, and monitoring.
  New features include HAProxy/ProxySQL stats endpoints, automatic backup queuing and
  suspension during cluster recovery, readiness/liveness probes,
  and Prometheus metrics for backups.

• Updated Open vSwitch images to use AVX-512 optimized builds for better performance on supported hardware.

Upgrade Notes

• Bump the Cluster API driver for Magnum from 0.31.2 to 0.33.0
  to improve stability, fix bugs and add new features.

v3.6.0: Release 3.6.0

New Features

• Bump pxc-operator to 1.17.0 that improves observability, reliability, and monitoring.
  New features include HAProxy/ProxySQL stats endpoints, automatic backup queuing and
  suspension during cluster recovery, readiness/liveness probes,
  and Prometheus metrics for backups.

• Updated Open vSwitch images to use AVX-512 optimized builds for better performance on supported hardware.

Upgrade Notes

• Bump the Cluster API driver for Magnum from 0.31.2 to 0.33.0
  to improve stability, fix bugs and add new features.

v2.6.0: Release 2.6.0

New Features

• Bump pxc-operator to 1.17.0 that improves observability, reliability, and monitoring.
  New features include HAProxy/ProxySQL stats endpoints, automatic backup queuing and
  suspension during cluster recovery, readiness/liveness probes,
  and Prometheus metrics for backups.

• Updated Open vSwitch images to use AVX-512 optimized builds for better performance on supported hardware.

Upgrade Notes

• Bump the Cluster API driver for Magnum from 0.31.2 to 0.33.0
  to improve stability, fix bugs and add new features.

v1.15.0: Release 1.15.0

New Features

• Updated Open vSwitch images to use AVX-512 optimized builds for better performance on supported hardware.

Upgrade Notes

• Bump the Cluster API driver for Magnum from 0.31.2 to 0.33.0
  to improve stability, fix bugs and add new features.

v6.1.0

New Features

• The Open vSwitch container image now uses a more centralized location at
  ghcr.io/vexxhost/docker-openvswitch. This provides better
  maintainability and a dedicated repository for the Open vSwitch container
  images. The image now uses a specific version tag (v3.3.6-2) for
  better reproducibility and stability.

Bug Fixes

• Fixed the node-exporter Prometheus monitoring configuration by setting the
  nodeExporterSelector to filter metrics by job="node-exporter" label.
  This ensures that node-exporter dashboards and alerts correctly
  reference the appropriate metrics.

• Fix OctaviaAmphoraNotOperational monitoring rule to exclude DELETED Amphora status.

• Fixed an issue preventing automatic certificate renewal for Octavia load balancers.
  The fix ensures proper TLS certificate mounting for job board communication between
  Octavia components and Valkey, enabling certificates to renew correctly.

Other Notes

• The libvirt exporter image switch to use ghcr.io/inovex/prometheus-libvirt-exporter,
  offering greater stability and performance on libvirt metrics collection.