Release v0.11.0

⚠️ Breaking Changes

• Convert APIServerPort to uint16 (#2174)
• More than one instance found is now an error (#2109)
• Don't serve v1alpha6 (#2024)
• Deprecate v1alpha7 (#2026)
• Remove v1alpha5 (#2022)

✨ New Features

• Bump version artifacts for release-0.11 (#2198)
• ORC Image API update (#2192)
• Support Flavor IDs (#2148)
• support server group and scheduler hint additional properties (#2163)
• OpenStackImage controller (#2130)
• New CRD + controller for OpenStackServer (v1alpha1) (#2067)
• Add ability to defined API Server Load Balancer flavor name (#2058)
• Add region to openStackMachineSpec.ProviderID field from crd identityRef (#2193)

🐛 Bug Fixes

• Wait and requeue if LB not deleted (#2122)
• Expose NodePorts on cluster network instead of 0.0.0.0/0 (#2128)
• Re-allow OpenStackMachine to use their own IdentityRef (#2191)
• Ensure SSA patch can't accidentally create a new object (#2178)
• Image controller: don't attempt upload when adopting (#2180)
• port: don't add any SGs when port security is disabled (#2159)
• e2e: Only dump resources on node 1 (#2147)
• e2e: Fix deletion of test security group (#2145)
• Ensure tools deps aren't older than CAPO deps (#2143)
• Fix down-conversion of IdentityRef (#2139)
• if the openstackcluster was ready, we don't want to set a terminalError (#2099)
• Remove bastion security group when disabling the bastion (#2114)
• instance: re-add error event if server creationg returned an error (#2112)
• templates: fix clusterclass-dev (#2101)
• Fix sub-ports not deleted with trunks (#2081)
• Handle errors returned by GetInstanceStatusByName in machine controller (#2086)
• Remove k8s.io/kubernetes dependancy (#2078)
• allNodesSecurityGroupRules: relax remote fields (#2077)
• Fix loadbalancer timeout panic (#2074)
• issue-1737: Add unit tests for openstackmachine_webhook (#2068)
• Fix empty version output in release builds (#2056)
• Fix panic executing manager without valid kube context (#2057)
• Fix enabling of disabled bastion on upgrade to v1beta1 (#2052)
• issue-1711: Dependency on deprecated github.com/golang/mock (#2048)
• Remove a duplication for setting default port settings (#2046)
• Fix webhook panic when adding managed security groups (#2043)
• Fix v1alpha7 e2e tests (#2028)
• Reduce reconciles and logs (#2182)
• openstackserver: create before delete if adoption fields are empty (#2167)
• Copy InstanceID from OpenStackServer to OpenStackMachine (#2153)
• Fix nil pointer issue while creating port (#2064)

🌱 Others

• image: Fix various immutability validations (#2197)
• Bump controller-tools to v0.16.4 (#2189)
• Allow running CAPO and ORC tests separately (#2175)
• Bump golangci-lint to v1.61.0 (#2173)
• Bump CAPI to v1.8.1 (#2154)
• Dependency update (#2160)
• netlify: Fix go version (#2151)
• E2E: Add subports to trunked port to test subports deletion (#2141)
• Add design doc for OpenStackServer (#2021)
• cloud: Better error message on image lookup failure (#2135)
• Upgrade Gophercloud to v2 (#2107)
• IdentityRefProvider: DRY obtaining OpenStackIdentityRef (#2132)
• Add EmilienM as a maintainer (#2115)
• Add script for API diff check (#2096)
• E2E: Bump Kubernetes to v1.30.1 (#2108)
• E2E: Bump Kubernetes to v1.29.5 (#2103)
• E2E: Bump CAPI, cert-manager, coredns and etcd (#2104)
• Add junit formatting for unit tests (#2095)
• Bump CAPI to v1.7.2 (#2079)
• Drop dulek from reviewers (#2082)
• Set FallbackToLogsOnError on CAPO manager (#2070)
• port: no dependency on OpenStackMachine (#2049)
• lint: import v1alpha1 with alias (#2066)
• Bump Gophercloud to v1.11.0 (#2041)
• Bump Golang CI Lint to v1.57.2 (#2045)
• Refactoring: never assign unacceptable TLS versions (#2037)
• Bump CAPI to v1.7.0 (#2012)
• Ensure E2E cleanup (#2005)
• CI: update OpenStack to 2024.1 (Caracal) (#2162)
• test: bump Flatcar Stable version (#2152)
• Generate applyconfiguration for server-side apply (#2133)
• remove stale supported version info (#2051)

📖 Additionally, there have been 7 contributions to our documentation and book. (#2168, #2125, #2123, #2120, #2100, #1565, #2032)

Thanks to all our contributors! 😊

Release v0.11.0-rc.0

⚠️ Breaking Changes

• Convert APIServerPort to uint16 (#2174)
• More than one instance found is now an error (#2109)
• Don't serve v1alpha6 (#2024)
• Deprecate v1alpha7 (#2026)
• Remove v1alpha5 (#2022)

✨ New Features

• Bump version artifacts for release-0.11 (#2198)
• ORC Image API update (#2192)
• Support Flavor IDs (#2148)
• support server group and scheduler hint additional properties (#2163)
• OpenStackImage controller (#2130)
• New CRD + controller for OpenStackServer (v1alpha1) (#2067)
• Add ability to defined API Server Load Balancer flavor name (#2058)
• Add region to openStackMachineSpec.ProviderID field from crd identityRef (#2193)

🐛 Bug Fixes

• Wait and requeue if LB not deleted (#2122)
• Expose NodePorts on cluster network instead of 0.0.0.0/0 (#2128)
• Re-allow OpenStackMachine to use their own IdentityRef (#2191)
• Ensure SSA patch can't accidentally create a new object (#2178)
• Image controller: don't attempt upload when adopting (#2180)
• port: don't add any SGs when port security is disabled (#2159)
• e2e: Only dump resources on node 1 (#2147)
• e2e: Fix deletion of test security group (#2145)
• Ensure tools deps aren't older than CAPO deps (#2143)
• Fix down-conversion of IdentityRef (#2139)
• if the openstackcluster was ready, we don't want to set a terminalError (#2099)
• Remove bastion security group when disabling the bastion (#2114)
• instance: re-add error event if server creationg returned an error (#2112)
• templates: fix clusterclass-dev (#2101)
• Fix sub-ports not deleted with trunks (#2081)
• Handle errors returned by GetInstanceStatusByName in machine controller (#2086)
• Remove k8s.io/kubernetes dependancy (#2078)
• allNodesSecurityGroupRules: relax remote fields (#2077)
• Fix loadbalancer timeout panic (#2074)
• issue-1737: Add unit tests for openstackmachine_webhook (#2068)
• Fix empty version output in release builds (#2056)
• Fix panic executing manager without valid kube context (#2057)
• Fix enabling of disabled bastion on upgrade to v1beta1 (#2052)
• issue-1711: Dependency on deprecated github.com/golang/mock (#2048)
• Remove a duplication for setting default port settings (#2046)
• Fix webhook panic when adding managed security groups (#2043)
• Fix v1alpha7 e2e tests (#2028)
• Reduce reconciles and logs (#2182)
• openstackserver: create before delete if adoption fields are empty (#2167)
• Copy InstanceID from OpenStackServer to OpenStackMachine (#2153)
• Fix nil pointer issue while creating port (#2064)

🌱 Others

• image: Fix various immutability validations (#2197)
• Bump controller-tools to v0.16.4 (#2189)
• Allow running CAPO and ORC tests separately (#2175)
• Bump golangci-lint to v1.61.0 (#2173)
• Bump CAPI to v1.8.1 (#2154)
• Dependency update (#2160)
• netlify: Fix go version (#2151)
• E2E: Add subports to trunked port to test subports deletion (#2141)
• Add design doc for OpenStackServer (#2021)
• cloud: Better error message on image lookup failure (#2135)
• Upgrade Gophercloud to v2 (#2107)
• IdentityRefProvider: DRY obtaining OpenStackIdentityRef (#2132)
• Add EmilienM as a maintainer (#2115)
• Add script for API diff check (#2096)
• E2E: Bump Kubernetes to v1.30.1 (#2108)
• E2E: Bump Kubernetes to v1.29.5 (#2103)
• E2E: Bump CAPI, cert-manager, coredns and etcd (#2104)
• Add junit formatting for unit tests (#2095)
• Bump CAPI to v1.7.2 (#2079)
• Drop dulek from reviewers (#2082)
• Set FallbackToLogsOnError on CAPO manager (#2070)
• port: no dependency on OpenStackMachine (#2049)
• lint: import v1alpha1 with alias (#2066)
• Bump Gophercloud to v1.11.0 (#2041)
• Bump Golang CI Lint to v1.57.2 (#2045)
• Refactoring: never assign unacceptable TLS versions (#2037)
• Bump CAPI to v1.7.0 (#2012)
• Ensure E2E cleanup (#2005)
• CI: update OpenStack to 2024.1 (Caracal) (#2162)
• test: bump Flatcar Stable version (#2152)
• Generate applyconfiguration for server-side apply (#2133)
• remove stale supported version info (#2051)

📖 Additionally, there have been 7 contributions to our documentation and book. (#2168, #2125, #2123, #2120, #2100, #1565, #2032)

Thanks to all our contributors! 😊

Release v0.10.5

Changes since v0.10.4

🐛 Bug Fixes

• Backport #2081 and #2141 to fix sub-ports not deleted with trunks.

Thanks to all our contributors! 😊

Release v0.9.2

Changes since v0.9.1

🐛 Bug Fixes

• Backport #2081 and #2141 to fix sub-ports not deleted with trunks.

🌱 Others

• Add EmilienM as a maintainer (#2116)

Thanks to all our contributors! 😊

Release v0.10.4

Changes since v0.10.3

🐛 Bug Fixes

• Fix down-conversion of IdentityRef (#2138)

🌱 Others

• Add EmilienM as a maintainer (#2117)

Thanks to all our contributors! 😊

Release v0.9.1

What's Changed

• [release-0.9] 🐛 Fix potential panic during instance create by @k8s-infra-cherrypick-robot in #1806
• [release-0.9] ✨ Add flags for configuring rate limits by @k8s-infra-cherrypick-robot in #1817
• [release-0.9] 🐛 Fix patching OpenstackMachine's immutable spec during reconcile by @k8s-infra-cherrypick-robot in #1819
• [release-0.9] 🐛 Persist API FloatingIP immediately on creation by @k8s-infra-cherrypick-robot in #1831
• Update CI to use OpenStack Bobcat & Ubuntu 22.04 by @EmilienM in #2033
• [release-0.9] 🌱 Sync OWNERS_ALIASES with main by @mdbooth in #2084
• [release-0.9] ci: reduce vcpu for m1.medium by @mdbooth in #2090
• [release-0.9] Fix port cleanup of servers in ERROR state by @mdbooth in #2092
• [release-0.9] 🐛 Fall back to cluster identityRef in absence of machine identityRef by @k8s-infra-cherrypick-robot in #2093
• [release-0.9] 🐛 Fix empty version output in release builds by @k8s-infra-cherrypick-robot in #2094

Full Changelog: v0.9.0...v0.9.1

Release v0.10.3

Changes since v0.10.2

🐛 Bug Fixes

• Handle errors returned by GetInstanceStatusByName in machine controller (#2087)
• allNodesSecurityGroupRules: relax remote fields (#2080)
• Fix loadbalancer timeout panic (#2076)
• Fix empty version output in release builds (#2059)
• Fix panic executing manager without valid kube context (#2061)
• Fix nil pointer issue while creating port (#2065)

🌱 Others

• Drop dulek from reviewers (#2083)
• Set FallbackToLogsOnError on CAPO manager (#2072)
• Refactoring: never assign unacceptable TLS versions (#2062)

Thanks to all our contributors! 😊

Release v0.10.2

What's Changed

• 🐛 [release-0.10] Fix enabling of disabled bastion on upgrade to v1beta1 by @mdbooth in #2053

Full Changelog: v0.10.1...v0.10.2

Release v0.10.1

What's Changed

• [release-0.10] 🐛 Fix v1alpha7 e2e tests by @k8s-infra-cherrypick-robot in #2031
• [release-0.10] 🐛 Fix webhook panic when adding managed security groups by @k8s-infra-cherrypick-robot in #2044

Full Changelog: v0.10.0...v0.10.1

Release v0.10.0

Breaking API Changes

v0.10.0 is a major update which brings major changes to the API.

v1alpha5 is no longer served

If you are still using v1alpha5, this will not work in v0.10.0. However, for this release only objects are still defined in the CRDs and the code is still present, so as a temporary workaround it is possible to manually edit the CRDs to set versions.served to true for v1alpha5 objects. This is not tested, and we have low confidence that this will work without problems. Some manual effort may be required to check and fix automatically converted objects.

v1alpha6 and v1alpha7 are deprecated

v1alpha6 and v1alpha7 objects will be automatically converted to v1beta during use. This is well tested. We don’t anticipate problems with these conversions.

We will stop serving and testing v1alpha6 in the next release.

v1alpha7 is not marked deprecated in v0.10.0 to allow a switch-over period without deprecation warnings, but will be marked deprecated in the next release. Will will stop serving and testing it in a release after that.

You should update to use v1beta1 natively as soon as possible.

v1beta1 is released

v1beta1 marks a major update to the CAPO API. The specific changes from v1alpha7 are documented here: https://cluster-api-openstack.sigs.k8s.io/topics/crd-changes/v1alpha7-to-v1beta1

More than this, though, it marks an intention by the maintainers to stop making breaking changes. The API will continue to evolve, but we will make every effort to do this without introducing more backwards-incompatible changes.

Removal of hardcoded Calico CNI security group rules

This is documented more completely in the API upgrade documentation.

Prior to v1beta1, when using managed security groups we would automatically add certain rules which were specific to Calico CNI. It was not possible to add rules for any other CNI. A common way to work round this was to set allowAllInClusterTraffic: true.

With v1beta1 there are no longer any implicit rules for any CNI. However, it is now possible to specify custom rules in the cluster spec which will be automatically added to managed security groups. Users of Calico CNI must now add these rules explicitly. Users of other CNIs now have the option of using managed security groups.

Calico CNI rules will be added automatically when upgrading to v1beta1 from a previous API version.

The Calico CNI rules have been added to the release templates, so for now creating a cluster with clusterctl will continue to have Calico rules when using the default templates.

Management cluster changes

Removal of MutatingWebhookConfiguration

CAPO no longer uses a mutating webhook, and its configuration is removed. If you upgrade your management cluster with clusterctl this will be handled correctly. If you do it manually you must ensure you remove the MutatingWebhookConfiguration capo-mutating-webhook-configuration. If you do not you may see errors like the one in #1927.

Minimum management cluster version is now 1.25

v0.10.0 now uses https://kubernetes.io/docs/reference/using-api/cel/ for some API validations, which only became available without a feature gate in 1.25. Consequently we now require the management cluster to be at least k8s 1.25.

Highlighted new features

API Reference documentation

We now automatically publish API reference documentation! The documentation for v1beta1 can be found here: https://cluster-api-openstack.sigs.k8s.io/api/v1beta1/api

Floating IP IPAM Provider

It is now possible to allocate floating IPs for individual machines using the new Floating IP IPAM Provider documented here: https://cluster-api-openstack.sigs.k8s.io/api/v1alpha1/api#infrastructure.cluster.x-k8s.io/v1alpha1.OpenStackFloatingIPPool

Attach them to a machine via the new floatingIPPoolRef in OpenStackMachineSpec: https://cluster-api-openstack.sigs.k8s.io/api/v1beta1/api#infrastructure.cluster.x-k8s.io/v1beta1.OpenStackMachineSpec

What's Changed

New Features

• ✨ Add flatcar-sysext template to use regular Flatcar images by @tormath1 in #1776
• ✨ Add flags for configuring rate limits by @tobiasgiese in #1815
• ✨ Change API for OpenStackMachine.Spec.Image by @EmilienM in #1796
• ✨ Update CI to use OpenStack Bobcat by @EmilienM in #1804
• ✨ Allow AZs to be Omitted at Runtime by @spjmurray in #1769
• ✨ Support BYO dual-stack Network by @MaysaMacedo in #1789
• ✨ IPAM provider for floating ips by @bilbobrovall in #1763
• ✨ add TLS configuration flags by @tuminoid in #1867
• ✨ Adds MaxIPs to OpenstackFloatingIPPool by @bilbobrovall in #1862
• ✨ Re-work ports management by @EmilienM in #1788
• ✨ Add support to set allocation_pools for subnet by @dulek in https://github.com/kubernetes-sigs/cluster-api-provider-
• ✨ Add API docs for v1alpha1 by @mdbooth in #1993
• ✨ Adds IPAM support for floating ips in OpenStackMachine by @bilbobrovall in #1762
• 🐛 Fall back to cluster identityRef in absence of machine identityRef by @stephenfin in #1768
• 🌱 Enforce restricted pod security standards by @lentzi90 in #1895
• 📖 Add API reference documentation generation by @alexandrevilain in #1702
• 🐛 Make LB additional ports security-group generation are dynamic by @huxcrux in #1918
• feat: add configurable loadbalancer network by @oblazek in #1922
• 🐛 Include more device_owners when looking for a port for floating ip by @bilbobrovall in #1996

Bug fixes

• 🐛 Don't apply worker SG to control plane machines by @stephenfin in #1785
• 🐛 Fix potential panic during instance create by @mandre in #1803
• 🐛 Fix patching OpenstackMachine's immutable spec during reconcile by @strudelPi in #1807
• 🐛 fix: skip port deletion when instances have no port by @dulek in #1818
• 🐛 Fix random instance port deletion by @zioc in #1753
• 🐛 Persist API FloatingIP immediately on creation by @mdbooth in #1829
• 🐛 controllers: do not return a RequeueAfter and an error at the same time by @EmilienM in #1839
• 🐛Fix a stacktrace in LB logic by removing listener name from an error message when not set by @huxcrux in #1853
• 🐛Make sure that allowedCidrs lists are compared correctly to avoid patching LB listener when not needed by @huxcrux in #1854
• 🐛 Prevent the bastion to be removed before it's been disabled by @EmilienM in #1866
• 🐛 Ignore 'OS_*' environment variables by @stephenfin in #1883
• 🐛 Fix cluster network cleanup by @dulek in #1880
• 🐛 loadbalancer: resolve ControlPlaneEndpoint.Host when needed by @EmilienM in #1738
• 🐛 api/additionalPorts: don't create UDP rules by @EmilienM in #1899
• 🐛 v1alpha5: Fix panic in conversion when port has no binding profile by @mdbooth in #1949
• 🐛 Fix accidental parsing of password by @JanGutter in #1953

Documentation

• 🌱 Update links in release docs by @lentzi90 in #1798
• fix: fix the block device type name in doc by @okozachenko1203 in #1865
• 🌱 Fix doc references to NodeCIDR in v1alpha8 by @mdbooth in #1889

Administrative

• Remove Tobias and Se...