Perspectives, mises à jour et histoires de notre équipe
Navos runs on unmodified upstream Kubernetes and Cluster API. Learn why that architectural choice matters for portability, multi-cloud, and no-lock-in cluster management.
OpenStack controls infrastructure. Kubernetes orchestrates workloads. For AI, you need both. Learn why the combination delivers what neither can alone.
Hardware cycles are accelerating, regulations are multiplying, and costs are rising. A framework for AI infrastructure decisions that last through 2031.
The latest release of Atmosphere, now supporting the OpenStack Dalmatian, features a suite of enhancements. Key updates include a new streamlined upgrade process, advanced Keystone role configurations for Keycloak realms, and enhanced Neutron policy checks for address pair management. Additionally, significant security upgrades have been implemented for the Horizon service, alongside performance improvements in networking with OVN and DPDK interface configurations.
We are pleased to introduce Atmosphere v5.0.0, the latest upgrade to our cloud infrastructure platform. This release is a major step forward in our commitment to boost performance, security, and manageability for our users. With a focus on technical excellence, this new release brings an array of advanced features designed to streamline operations, fortify security protocols, and provide more granular control over cloud environments. These updates reflect our commitment to delivering a robust and sophisticated cloud solution that meets the evolving needs of modern enterprises and developers.
Let's dive in and explore the new features and improvements that Atmosphere v5.0.0 brings to the table:
Commitment to OpenStack Evolution Atmosphere v5.0.0 proudly supports the latest OpenStack Dalmatian release (2024.2), reflecting our steadfast commitment to delivering timely updates and keeping our cloud infrastructure in sync with the most current OpenStack version.
Basic Atmosphere Upgrade Process
Enables users to seamlessly upgrade to the latest version, integrating new features and addressing previous issues without starting anew.
Keystone Role Enhancements for Keycloak Realm
Improves security by offering configurable password policies and brute force protection, key for safeguarding user management.
Support for Neutron with OVN Using Built-in DHCP Agent
Offers greater flexibility and simplification of network management for scenarios requiring DHCP relay.
Horizon Service Security Improvements
Enhances cloud security by running the Horizon service as a non-privileged user and tightening theALLOWED_HOSTSand CORS configurations.
Bug Fixes for Open vSwitch and Cluster API Driver for Magnum
Addresses critical networking and container orchestration stability issues, ensuring reliable infrastructure operations.
Atmosphere v5.0.0 brings a host of new features aimed at enhancing performance, simplifying configuration, and fortifying the security of our cloud services. From the ability to specify image name prefixes for streamlined proxy integration to implementing default TLS certificates for ingress, these updates represent our commitment to innovation and user-centric development.
glance_image_tempfile_path variabletoken-exchange and the admin-fine-grained-authz features enabled to allow for use of the OAuth Token Exchange protocol, which means finer administrative authorization controls.address-pair, which verifies that both ports being paired are from the same project. This verification allows non-administrative users to manage address pair bindings securely, ensuring that resources are not inadvertently exposed to other projects.ovsinitpci_id, making deployments smoother in environments with varied hardware setups.Ingress Resource Class SpecificationIngress resources across all roles have been improved to allow the specification of class names, enhancing manageability by setting the <role>_ingress_class_name variable.TLS Certificates UtilizationFurther refining the user experience, we have enabled the configuration of priority and runtime classes across a wide range of service roles. This allows for more nuanced control and optimization of resources, ensuring that each component of the service operates with the efficiency and priority it requires. Moreover, the update to the Storpool driver and the introduction of liveness probes for the ovn-northd service underscore our dedication to system stability and reliability.
Our team is always ready to assist you in navigating these enhancements and ensuring you get the most out of your Atmosphere experience.
neutron:mtu value is accurately set in external_ids.ALLOWED_HOSTS in HorizonALLOWED_HOSTS setting in the Horizon service is now explicitly set to the configured service endpoints, tightening security against host header attacks.The latest update to Atmosphere addresses a range of bug fixes that enhance the stability and functionality of the platform. Critical updates have been made to service configurations, package installations, and command execution capabilities, ensuring smoother operations across Cinder, Nova, and Neutron services. Additionally, improvements in image handling and kernel settings have been implemented to optimize system performance and prevent common virtual machine startup issues.
[privsep_osbrick]/helper_command configuration has been added, resolving the issue that prevented certain CLI commands from running in the Cinder and Nova services.dmidecode Package Installationdmidecode package, necessary for certain os-brick library operations, is now properly installed on all required images, addressing NVMe-oF discovery issues.[cinder]/auth_type configuration value has been set to password, ensuring the Cinder section is correctly rendered in the OpenStack Nova configuration file.nova-ssh Image Build ArgumentSHELL build argument for the nova user has been added to the nova-ssh image, fixing issues with live and cold migrations.aio-max-nr) has been adjusted to allow for handling more asynchronous I/O events, preventing VM startup failures due to AIO limits.neutron-ironic-agent Service Start Fixneutron-ironic-agent service from starting has been resolved.atmosphere_image_prefix variable, has been corrected.Upload jobs within the gate pipeline have been eliminated in favor of build jobs, optimizing the CI/CD process by utilizing an intermediate registry for image storage.reno, a release notes management tool, to systematically document all changes, guaranteeing thorough and consistent release notes for future updates.Docker-bakedocker-bake, enabling the reuse of context and built images across different targets, which simplifies and accelerates local image building without affecting functionality.As we conclude our exploration of Atmosphere v5.0.0, we trust that this array of updates, security enhancements, and crucial bug resolutions will markedly improve your cloud infrastructure usage. Our dedication to thorough documentation, streamlined processes, and the adoption of the latest tools ensures a robust and efficient cloud environment. We encourage our users to follow the progress of Atmosphere to leverage the full potential of these updates.
If you require support or are interested in trying Atmosphere, reach out to us. Our team is prepared to assist you in harnessing the power of these new features and ensuring that your cloud infrastructure remains at the forefront of innovation and reliability.
Keep an eye out for future developments as we continue to support and advance your experience with Atmosphere.
Choose from Atmosphere Cloud, Hosted, or On-Premise.
Simplify your cloud operations with our intuitive dashboard.
Run it yourself, tap our expert support, or opt for full remote operations.
Leverage Terraform, Ansible or APIs directly powered by OpenStack & Kubernetes
ingress_use_default_tls_certificateIngressTLSpriorityClassName and runtimeClassName, offering prioritization and runtime management for various service components.ovn-northdovn-northd service to ensure automatic restarting of processes that fail readiness checks, increasing service resilience.ovn-controller Imageovn-controller image is now pre-pulled on nodes before deploying the Helm chart, reducing the time required for updating to the new version of the image.