Skip to main content
Version: latest

Release Notes

tip

Are you looking for the release notes for a specific version of Palette? Use the version selector below to navigate to the release notes of the desired version.

Select...

October 19, 2025 - Release 4.7.27

Security Notices

Palette Enterprise

Breaking Changes

  • Palette and VerteX password policies are now capped to a maximum of 128 characters. This change applies only to new passwords.

Features

  • Cluster profile variables now support the drop-down input type. This improvement allows users to enforce the configuration of cluster profile variables using predefined values only, reducing input errors and enhancing cluster profile validation.

Improvements

  • When viewing project platform settings in Palette, the Cluster Auto Remediation settings are now correctly labeled as an override to the tenant-level settings.

  • Palette supports encryption at host of your Azure Kubernetes cluster using End-to-End encryption with platform-managed keys. This ensures that encryption starts on the VM host itself, including temporary disks, operating system (OS), and data disk caches. Refer to the Azure Encryption At Host for Azure IaaS guide for further information.

  • Velero has been upgraded to version 1.16, which is used internally by Palette for backing up and restoring clusters. Existing clusters with backups configured will be automatically updated to Velero version 1.16, ensuring continuous access to backup and restore functionality. Refer to the Backup and Restore page to learn more about backup and restore tools in Palette.

  • When creating Azure IaaS clusters, you can disable automatic creation of route table entries for pod-to-pod communication using the cloud.cloudControllerManager.configureCloudRoutes parameter. This improvement is useful when using Calico or Cilium Container Network Interfaces (CNIs), which support pod networking across nodes by default without requiring these route tables and entries. Refer to the Create and Manage Azure IaaS Cluster guide for more information.

  • New cluster groups now default to a newer version of vCluster, version 0.27.x, which includes new features and improvements. Existing cluster groups will continue to use older versions. If you want to use a newer version of vCluster, refer to the Palette Virtual Clusters page to learn how to migrate your virtual cluster workloads.

Bug Fixes

Deprecations and Removals

  • OpenStack support in Palette is now deprecated and will be removed in a future release. After removal, you will no longer be able to create and manage OpenStack clusters, cluster profiles, cloud accounts, or Private Cloud Gateways. We recommend migrating your workloads to another supported Data Center environment.

  • EKS-optimized Amazon Linux 2 (AL2) AMIs will be disabled in Palette from January 10, 2026 and removed on April 4, 2026. When disabled, you will no longer be able to select the AL2 AMIs for EKS worker nodes in Palette for new clusters. For existing clusters, you must create new worker nodes using AL2023 AMIs. Existing AL2 AMI worker nodes will no longer receive bug fixes or security patches after the removal date. Refer to our Scenario - Unable to Upgrade EKS Worker Nodes from AL2 to AL2023 guide for help with migrating workloads.

Edge

info

The CanvOS version corresponding to the 4.7.27 Palette release is 4.7.16.

Features

  • Local UI now supports configurable rate limiting and account lockout to protect against repeated failed login attempts. By default, Local UI applies an increasing delay after three consecutive failed login attempts and temporarily blocks access after five failures for 15 minutes. These settings can be customized in the user-data file for Edge hosts built with Palette agent version 4.7.15 or later. For more information, refer to the stylus.localUI.login parameters description in the Edge Installer Configuration Reference.

Improvements

  • Overlay network has now exited Tech Preview and is ready for production workloads.
  • Remote shell access to an Edge host can now be enabled in Palette only if the parameter stylus.site.remoteShell.disable is omitted or set to false in the host’s user-data file before the host registers with Palette. This change applies to Edge hosts built with Palette agent version 4.7.15 or later.

VerteX

Features

  • Includes all Palette features, improvements, breaking changes, and deprecations in this release. Refer to the Palette section for more details.

Automation

info

Check out the CLI Tools page to find the compatible version of the Palette CLI.

Features

Improvements

Packs

CNI

Pack NameNew Version
AWS VPC CNI (Helm)1.20.3
Cilium1.18.1

Add-on Packs

Pack NameNew Version
Calico Network Policy3.30.3
Kong2.52.0
Prometheus Agent27.39.0
Prometheus - Grafana77.13.0

FIPS Packs

Pack NameNew Version
Calico3.30.3
Cilium1.17.6

October 10, 2025 - Component Updates

The following components have been updated for Palette version 4.7.20 - 4.7.23.

ComponentVersion
Spectro Cloud Terraform provider0.25.0
Spectro Cloud Crossplane provider0.25.0

Breaking Changes

  • To avoid unnecessary cluster repaves, the Spectro Cloud Terraform provider no longer fails if a timeout occurs during cluster provisioning. Instead, the provider logs an error and continues provisioning in the background. Future Terraform executions reconcile the state of the cluster with the Terraform state.

    For increased transparency in these situations, the spectrocloud_cluster data source now exposes state and health attributes. We recommend using these attributes to validate cluster readiness before triggering any cluster management operations.

Improvements

Bug Fixes

Packs

Pack NameLayerNon-FIPSFIPSNew Version
Argo CDAdd-on8.5.7
AWS EFSCSI2.1.12
External Secrets OperatorAdd-on0.20.1
IstioAdd-on1.27.1
NginxAdd-on1.13.2
Open Policy AgentAdd-on3.20.1
Palette eXtended KubernetesKubernetes1.33.5
ReloaderAdd-on1.4.8
VaultAdd-on0.31.0
Zot RegistryAdd-on0.1.82

October 7, 2025 - Release 4.7.23

Component Updates

The following component updates are applicable to this release:

Bug Fixes

  • Fixed an issue where the cluster management agent failed to initialize after a Palette upgrade when the cluster namespace annotation was missing. The Palette upgrade process now correctly preserves existing annotation.
  • Fixed an issue where the Cluster API (CAPI) custom resource definitions failed to apply on custom cloud clusters.
  • Fixed an issue that prevented the SSO client secret from being masked in the Tenant Administration pages.

October 3, 2025 - Component Updates

The following components have been updated for Palette version 4.7.20 - 4.7.21.

Improvements

Packs

Pack NameLayerNon-FIPSFIPSNew Version
Amazon EBS CSICSI1.48.0
Amazon EBS CSICSI1.46.0
Azure Disk CSI DriverCSI1.33.4
Prometheus AgentAdd-on27.38.0
Prometheus - GrafanaAdd-on77.10.0
Palette Optimized K3sKubernetes1.33.5
Palette Optimized K3sKubernetes1.32.9
Palette Optimized K3sKubernetes1.31.13
Palette Optimized RKE2Kubernetes1.33.5
Palette Optimized RKE2Kubernetes1.32.9
Palette Optimized RKE2Kubernetes1.31.13

September 29, 2025 - Release 4.7.21

Component Updates

The following component updates are applicable to this release:

Breaking Changes

  • AWS clusters created with Palette versions 4.6.32 to 4.7.20 use Instance Metadata Service Version 2 (IMDSv2) IMDSv2 (token optional) enforcement. This is due to a change made to upstream Cluster API AWS (CAPA), which was later reverted.

    The creation of new node pools in these clusters will fail if both of the following conditions are met:

    Beginning with Palette 4.7.21, newly created AWS nodes inherit the metadata version value set at the AWS account level.

    The AWS account used for IMDS configuration needs to be assigned the ec2:GetInstanceMetadataDefaults permission. Clusters will be launched with IMDSv2 (token optional) enforcement if this permission is not assigned. Refer to the AWS reference guide for further information.

    We recommend pausing agent upgrades on the affected clusters and taking one of the following actions before upgrading to Palette 4.7.21:

Improvements

Bug Fixes

  • Fixed an issue that caused AWS Instance Metadata Service (IMDS) configurations to be incorrectly inherited by newly created AWS cluster node pools created with Palette 4.6.32 to 4.7.20.
  • Fixed an issue that caused Out-of-Memory (OOM) errors on palette-controller-manager pods.
  • Fixed an issue that prevented single node overlay clusters from provisioning correctly.

September 26, 2025 - Component Updates

The following components have been updated for Palette version 4.7.20 - 4.7.21.

ComponentVersion
Spectro Cloud Terraform provider0.24.5
Spectro Cloud Crossplane provider0.24.5

Bug Fixes

Packs

Pack Notes

  • The Karpenter pack is now verified and has been updated to integrate with Karpenter 1.6. The updated version supports upgrading existing Karpenter-managed nodes on EKS clusters. Refer to our Karpenter Support guide for more details.
Pack NameLayerFIPSNew Version
CalicoCNINo3.30.3
Cilium TetragonAdd-onNo1.5.0
FlannelCNINo0.27.3
LonghornCSIYes1.9.0
IstioAdd-onNo1.26.2-rev2
IstioAdd-onNo1.26.0-rev2
IstioAdd-onNo1.25.1-rev2
IstioAdd-onNo1.24.3-rev2
IstioAdd-onNo1.24.0-rev2
Prometheus - GrafanaAdd-onNo77.3.0
ReloaderAdd-onNo1.4.7

September 20, 2025 - Release 4.7.20

Component Updates

The following component updates are applicable to this release:

Security Notices

Palette Enterprise

Breaking Changes

  • The spec.jsonCredentialsFileUid field in API requests is no longer available. Users who create GCP cloud accounts using the API should use the spec.jsonCredentials field to supply their credentials in JSON format. Refer to the API documentation for further details.
  • The previous encryption library used in the Palette CLI has been deprecated. As a result, users cannot use their existing credentials, such as Palette API keys, passwords, and Ubuntu Pro tokens, to perform operations after upgrading to Palette CLI version 4.7.2 or later. Users must update their credentials by either running the applicable commands and following the subsequent prompts or deleting the respective configuration files. Refer to our Troubleshooting guide for more information.

Features

  • Technical preview feature badgeTechnical preview feature badge Palette and VerteX Management Appliance now support Secure Boot. Refer to the Palette Management Appliance guide for further configuration information.
  • Technical preview feature badgeTechnical preview feature badge Palette and VerteX Management Appliance now support single node installation. We do not recommend this setup for production environments.

Improvements

Bug Fixes

  • Fixed an issue that caused the VM Migration Assistant to leave open connections after VM migrations.
  • Fixed an issue that incorrectly allowed the creation of EKS Fargate in AWS GovCloud.
  • Fixed an issue where, on Azure IaaS clusters created using a Palette version prior to 4.6.32, scaling worker node pools did not attach newly created nodes to an outbound load balancer after upgrading to Palette version 4.6.32 or later and the cluster's Palette Agent version to 4.6.7 or later.
  • Fixed an issue that caused manifest layers creating using Crossplane to display incorrectly in the Palette UI.
  • Fixed an issue that caused EKS nodes customized with the AL2_x86_64 AMI label to be incorrectly configured with Amazon Linux 2023 (AL2023).
  • Fixed an issue that caused the Virtual Machine Orchestrator to incorrectly require admin permissions for managing persistent volume claims.
  • Fixed an issue that prevented Palette from deleting nodes.
  • Fixed an issue that prevented new DNS configurations from being applied without manually restarting the DNS pod.
  • Fixed an issue that caused CNI labels and annotations to be incorrectly applied to cluster namespaces.
  • Fixed an issue that prevented cluster profile variables from correctly being applied to the configuration of direct access to Virtual Machine Dashboard.

Edge

info

The CanvOS version corresponding to the 4.7.20 Palette release is 4.7.13.

Breaking Changes

  • Palette CLI versions prior to 4.7.2 do not support building content for local Edge cluster deployment on Palette version 4.7.20 or later because content created with older CLI versions lacks the required images. We recommend downloading and using Palette CLI version 4.7.2 or later to build content for Palette version 4.7.20 or later.

  • Edge clusters deployed in agent mode with a Palette cluster agent version prior to 4.7.7 do not support upgrading to the following Kubernetes pack versions released in 4.7.20:

    This breaking change affects agent mode clusters only and does not impact appliance mode clusters. For locally managed clusters, refer to Configure Palette Agent Version to upgrade the agent to the latest version before upgrading Kubernetes packs. For centrally managed clusters, do not pause upgrades so the agent can upgrade automatically.

  • The Palette Edge CLI does not support building content for local Edge cluster deployment in agent mode on Palette version 4.7.20 or later (Palette host agent version 4.7.13 or later). We recommend downloading and using Palette CLI version 4.7.2 or later instead. This breaking change affects agent mode clusters only and does not impact appliance mode clusters.

Improvements

  • Edge host grid view now supports the Graphics Processing Unit (GPU) attribute. It contains information about the GPU of the Edge host, including the GPU model, vendor, memory, count, and Multi-Instance GPU (MIG) capability and strategy. MIG fields are applicable for Nvidia devices only.
  • Local UI now supports displaying all date and time values in Coordinated Universal Time (UTC), the browser’s local time zone, or both simultaneously.

Bug Fixes

  • Fixed an issue that caused incorrect Kube-vip validation errors to appear when worker nodes were removed and re-added to clusters.
  • Fixed an issue that caused incorrect Local UI ports when using VIP addresses.

VerteX

Features

  • Includes all Palette features, improvements, breaking changes, and deprecations in this release. Refer to the Palette section for more details.

Automation

info

Check out the CLI Tools page to find the compatible version of the Palette CLI.

Breaking Changes

  • The spectrocloud_macro Terraform resource is no longer available. We recommend using the spectrocloud_macros resource to create and manage service output variables and macros. For more information, refer to the Spectro Cloud Terraform provider documentation.

Features

Bug Fixes

  • Fixed an issue that caused EKS clusters to be recreated when private and public access CIDRs are changed through Terraform.

Packs

Pack Notes

Kubernetes

Pack NameNew Version
GKE1.33
Kubernetes (AKS)1.33
Palette eXtended Kubernetes Edge (PXK-E)1.33.4
Palette eXtended Kubernetes Edge (PXK-E)1.32.8
Palette eXtended Kubernetes Edge (PXK-E)1.31.12
Palette eXtended Kubernetes1.33.4
Palette eXtended Kubernetes1.32.8
Palette eXtended Kubernetes1.31.12

CNI

Pack NameNew Version
AWS VPC CNI (Helm)1.20.1
Calico3.30.2 - Revision 2
Cilium1.17.6
Flannel0.27.2

CSI

Pack NameNew Version
Azure Disk1.31.2 - Revision 2
AWS EFS3.2.2
AWS EFS2.1.10
Amazon EFS2.1.11
Amazon EFS2.1.10
Dell CSM Operator1.9.1
Longhorn1.8.1
Rook-Ceph1.18.0
Rook-Ceph1.17.7
Piraeus Operator2.9.0
Volume Snapshot Controller8.3.0

Add-on Packs

Pack NameNew Version
Argo CD8.3.0
Argo CD8.1.4
AWS Application Loadbalancer2.13.4
Amazon EFS2.1.11
Amazon EFS2.1.10
Calico Network Policy3.30.2
Crossplane2.0.2
Dell CSM Operator1.9.1
Dex2.42.0
External Secrets Operator0.19.2
External Secrets Operator0.18.2
Flux22.16.4
Istio1.27.0
Kong2.51.0
Loki2.10.2
Nginx1.31.1
Rook-Ceph1.17.7
Prometheus Agent27.23.0
Prometheus - Grafana75.9.0
Upbound Crossplane2.0.1
Vault0.30.1
VMO Namespace Management1.0.4
Volume Snapshot Controller8.3.0

FIPS Packs

Pack NameNew Version
Longhorn1.8.1
Palette eXtended Kubernetes Edge (PXK-E)1.33.4
Palette eXtended Kubernetes Edge (PXK-E)1.32.8
Palette eXtended Kubernetes Edge (PXK-E)1.31.12
Palette eXtended Kubernetes1.33.4
Palette eXtended Kubernetes1.32.8
Palette eXtended Kubernetes1.31.12
Piraeus Operator2.9.0

September 1, 2025 - Release 4.7.16

Bug Fixes

  • Fixed an issue where Azure IaaS clusters configured with fullyPrivateAddressing failed to deploy.

August 21, 2025 - Release 4.7.15

Bug Fixes

  • Fixed an issue that prevented HTTP-Proxies from being correctly applied when configured in Local UI prior to cluster creation.
  • Fixed an issue that prevented certain hubble-system pods from being scheduled when upgrading self-hosted Palette and VerteX VMware vSphere installations from 4.6.x to 4.7.x.
  • Fixed an issue that caused the Palette Terminal User Interface (TUI) on Edge hosts to restart after entering DNS Configuration details.
  • Fixed a UI issue where the Virtual Machine Dashboard Connect button disappeared for Virtual Machine Orchestrator (VMO) clusters after switching between Proxied and Direct access in the applied Virtual Machine Orchestrator pack.
  • Fixed a UI issue where Edge host tags were not displayed in the Tags drop-down menu on the Clusters > Edge Hosts tab of Palette.

Automation

Features

Bug Fixes

  • Fixed a spectrocloud_sso Terraform resource issue where preferred_email was not an accepted value for oidc.email.

August 17, 2025 - Release 4.7.13

Security Notices

Palette Enterprise

Breaking Changes

  • Availability zones are now required when creating MAAS node pools.
    • For MAAS clusters deployed prior to Palette version 4.7.13, selecting an availability zone is required when creating a new node pool; however, selecting an availability zone is not required when modifying an existing node pool, as modifying availability zones post-cluster deployment will trigger a node pool repave.
    • For MAAS clusters deployed prior to 4.7.13, we recommend creating a new node pool with an availability zone selected and migrating existing workloads to the new node pool when convenient. For guidance on migrating workloads, refer to the Taints and Tolerations guide.

Features

  • Amazon EKS node customization is now supported for custom AMIs, such as Amazon Linux 2 (AL2) and Amazon Linux 2023 (AL2023). This feature allows you to provide pre- and post-kubeadm commands for AL2, and provide user data customization in the form of shell scripts for AL2023. This functionality is provided through the Kubernetes EKS pack.

    Refer to the Node Customization section of the Kubernetes EKS pack for configurable options available for these AMIs. For general guidance on deploying EKS clusters, refer to the Create and Manage AWS EKS Cluster guide.

  • Palette now provides a new platform setting for automatic cluster role bindings. This feature allows Palette to automatically apply the appropriate Kubernetes cluster role bindings based on user roles, ensuring that Role-Based Access Control (RBAC) permissions are consistently applied for all deployed clusters.
  • Technical preview feature badgeTechnical preview feature badge Palette now supports Canonical Kubernetes using the Ubuntu for Canonical Kubernetes OS pack. This feature currently supports the creation of MAAS clusters with Canonical Kubernetes version 1.32. Refer to the MAAS Architecture page for further details.
  • Workspace resource quotas and namespace resource quotas now support GPU limits. This feature currently supports Nvidia GPUs only.
  • Palette now supports the AI pack type. This category streamlines the grouping and finding of AI-related packs. Refer to the Packs List to search and filter packs.

Improvements

  • Nodes provisioned through Karpenter are now visible in Palette and supported for read-only operations, such as billing and monitoring. However, Day-2 operations are not supported. Refer to Karpenter Support for more details.
  • Technical preview feature badgeTechnical preview feature badge A technical preview banner is now displayed on all Artifact Studio pages.

Bug Fixes

  • Fixed an issue that caused errors on message broker pods after upgrading self-hosted Palette installations to version 4.7.4 or later.
  • Fixed an issue that caused validation errors to appear when adding an Amazon ECR hosted in AWS GovCloud to Palette.
  • Fixed an issue that caused self-hosted Palette installations to allow passing open redirects in URLs using the returnTo parameter.
  • Fixed an issue that caused multiple repeated creations and reconciliations of Spectro Proxy pack resources.
  • Fixed an issue that caused sprig template functions to fail when being used together with system and tenant scope macros.
  • Fixed an issue that caused the worker nodes of MAAS clusters to be repaved in parallel.
  • Fixed an issue that caused certificates to be incorrectly updated in cluster Kubeconfig files after certificate updates.

Edge

info

The CanvOS version corresponding to the 4.7.13 Palette release is 4.7.9.

Improvements

  • Remote shell has now exited Tech Preview and is ready for production workloads.

Bug Fixes

  • Fixed an issue that caused the creation of locally deployed clusters to fail when adding a custom stylus.path to the user-data file.
  • Fixed an issue that prevented Kubernetes upgrades from being applied to the control plane nodes of agent mode clusters.
  • Fixed an issue that caused single-node Local UI clusters configured with add-on packs to be stuck in the Provisioning state.
  • Fixed an issue that caused Palette to report single-node Edge clusters with invalid kube-vip configurations as Healthy, even though they were unreachable.

VerteX

Features

  • Includes all Palette features, improvements, breaking changes, and deprecations in this release. Refer to the Palette section for more details.

Automation

info

Check out the CLI Tools page to find the compatible version of the Palette CLI.

Features

  • All cluster Terraform resources now support the gpu_limit and gpu_provider fields to enforce GPU resource limits. For more information, refer to the Spectro Cloud Terraform provider documentation. The Terraform resource spectrocloud_workspace now also supports these configurations.
  • Terraform version 0.24.1 of the Spectro Cloud Terraform provider is available. For more details, refer to the Terraform provider release page.
  • Crossplane version 0.24.1 of the Spectro Cloud Crossplane provider is now available.

Bug Fixes

  • Fixed an issue that prevented the taints configuration from being correctly applied to the spectrocloud_cluster_custom_cloud Terraform resource.
  • Fixed an issue that caused the spectrocloud_cluster_profile Terraform resource to create invalid objects when cluster profile variables are not correctly initialized before creation.

Virtual Machine Orchestrator (VMO)

Features

Packs

Pack Notes

  • The Spectro Addon Repo registry has been removed from Palette multi-tenant SaaS. Refer to the Default Registries for the list of registries available to all SaaS tenants.

OS

Pack NameNew Version
Ubuntu for Canonical K8s (MAAS)22.04

Kubernetes

Pack NameNew Version
Canonical Kubernetes1.32
GKE1.32
Palette eXtended Kubernetes1.32.6
Palette eXtended Kubernetes1.31.10
Palette eXtended Kubernetes1.30.14
Palette eXtended Kubernetes Edge (PXK-E)1.33.3
Palette eXtended Kubernetes Edge (PXK-E)1.32.6
Palette eXtended Kubernetes Edge (PXK-E)1.31.10
Palette eXtended Kubernetes Edge (PXK-E)1.30.14
Palette Optimized Canonical1.33.2
Palette Optimized Canonical1.32.6
Palette Optimized K3s1.33.3
Palette Optimized K3s1.32.6
Palette Optimized K3s1.31.10
Palette Optimized K3s1.30.14
Palette Optimized RKE21.33.3
Palette Optimized RKE21.32.6
Palette Optimized RKE21.31.10
Palette Optimized RKE21.30.14
RKE21.32.6
RKE21.31.10
RKE21.30.14

CNI

Pack NameNew Version
Calico3.30.2
Calico (Azure)3.30.2
Cilium CNI (Canonical K8s)1.16.3

CSI

Pack NameNew Version
Amazon EBS CSI1.46.0
Amazon EFS2.1.9
Azure Disk CSI Driver1.33.2
Longhorn1.9.0
vSphere CSI3.5.0

Add-on Packs

Pack NameNew Version
Amazon EFS2.1.9
AWS Application Loadbalancer2.13.3
AWS Cluster Autoscaler Helm1.33.0
Cilium Tetragon1.4.1
ExternalDNS0.18.0
Flux22.16.2
Longhorn1.9.0
Multus CNI Plugin2.2.18
Nvidia GPU Operator25.3.1
Open Policy Agent3.19.2
VMO Namespace Management1.0.3

FIPS Packs

Pack NameNew Version
Azure Disk CSI Driver1.33.2
Calico3.30.2
Calico (Azure)3.30.2
Palette eXtended Kubernetes1.32.6
Palette eXtended Kubernetes1.31.10
Palette eXtended Kubernetes1.30.14
Palette eXtended Kubernetes Edge (PXK-E)1.33.3
Palette eXtended Kubernetes Edge (PXK-E)1.32.6
Palette eXtended Kubernetes Edge (PXK-E)1.31.10
Palette eXtended Kubernetes Edge (PXK-E)1.30.14
Palette Optimized RKE21.33.3
Palette Optimized RKE21.32.6
Palette Optimized RKE21.31.10
Palette Optimized RKE21.30.14
RKE21.32.6
RKE21.31.10
RKE21.30.14
vSphere CSI3.5.0

August 4, 2025 - Release 4.7.8

Bug Fixes

  • Fixed an issue that caused EKS clusters using custom AMI images to be stuck in the Provisioning status.
  • Fixed an issue that prevented Palette from honoring the cluster.kubevipArgs.vip_ddns value on clusters that use kube-vip to provide a virtual IP address for Edge clusters. Refer to the Publish Cluster Services with Kube-vip guide for further information.

July 31, 2025 - Release 4.7.7

Improvements

Bug Fixes

  • Fixed an issue that caused certificates added through the Registry Connect pack to be incorrectly added on Edge clusters.
  • Fixed an issue that caused registry mapping rules to be incorrectly applied for registries configured using the Registry Connect pack.
  • Fixed an issue that caused masked cluster profile variable values to be displayed as plain text in Edge Management API calls.

July 23, 2025 - Release 4.7.4

Bug Fixes

  • Fixed an issue where the Palette agent failed to start when using a MAAS PCG with the maas-preferred-subnet ConfigMap.

July 19, 2025 - Release 4.7.0 - 4.7.3

Security Notices

Palette Enterprise

Breaking Changes

  • The log fetcher API endpoints now only support creating and retrieving logs from the following log paths:

    • /var/log
    • /var/log/syslog
    • /var/log/cloud-init

    All other log paths are now unsupported.

    In addition, log downloads are only permitted from the following namespaces:

    • kube-system
    • cluster-<cluster-uid>

  • The Palette UI now supports the configuration of custom Amazon Linux 2023 (AL2023) and Amazon Linux 2 (AL2) AMIs for AWS EKS nodes. Previously, default AMI types were configured using node labels. EKS clusters previously deployed with Enable Nodepool Customization enabled and AMI node labels will be repaved upon upgrading to version 4.7.3. AWS EKS clusters that did not specify an AMI type will now use AL2_X86_64 by default. Refer to the Create and Manage AWS EKS Cluster guide for the updated configuration process.

Features

  • Technical preview feature badgeTechnical preview feature badge The Palette Management Appliance is a new method to install self-hosted Palette in your infrastructure environment. It provides a simple and efficient way to deploy Palette using an ISO file. The Palette Management Appliance is available for VMware, Bare Metal, and Machine as a Service (MAAS) environments.

  • Technical preview feature badgeTechnical preview feature badge The Artifact Studio is a new platform for obtaining bundles, packs, and installers relating to Palette Enterprise and Palette VerteX. It provides a single source for these artifacts, which you can download and then upload to your registries.

  • Self-hosted Palette now supports the configuration of a classification banner. System administrators can set the banner text and color through the system console. Refer to the Banners guide for further guidance.

  • All ZST bundles, ISO files, and images in Spectro Cloud-owned registries are now signed using Cosign, ensuring artifacts are traceable, tamper-evident, and aligned with modern compliance frameworks. Generated keys use the FIPS-compliant ECDSA-P256 cryptographic algorithm for the signature and SHA256 for hashes; keys are stored in PEM-encoded PKCS8 format. Refer to the Artifact Signatures guide for further information.

Improvements

  • Palette now supports Azure Entra ID authentication for Azure Blob Storage for Azure IaaS and AKS cluster provisioning. Palette still uses Shared Access Signature (SAS) by default, but if your Azure environment has restrictions that block SAS, Entra ID is automatically used instead.

    To enable this feature, the following DataActions have been added to the dynamic and static Azure IaaS permission sets:

    • Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read
    • Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write

    These additional permissions are not required for AKS. Refer to the Required Permissions guide for all required permissions.

Bug Fixes

  • Fixed an issue that caused the certificate renewal job to fail once clusters provisioned with Kubernetes 1.28 or older are updated to Kubernetes 1.29.
  • Fixed an issue that caused resource reconciliation to fail when deleting a pack whose resources have already been removed.
  • Fixed an issue that restricted cluster tags from containing numbers, spaces, and the following special characters: _, ., :, /, =, +, -, and @.
  • Fixed an issue that caused cluster health events to be incorrectly reported in Palette after partial broker service outages.

Edge

info

The CanvOS version corresponding to the 4.7.3 Palette release is 4.7.2.

Improvements

  • Palette now provides enhanced support for upgrades to Palette Optimized Canonical. This improvement ensures successful upgrades between minor and patch versions on connected and airgapped Edge clusters.
  • Remote shell temporary user credentials and the remote shell tunnel are now removed after 24 hours of inactivity. The removal of inactive tunnels and credentials reduces the risk of unauthorized access and helps maintain an efficient system.
  • The Palette UI now partially obfuscates Edge host registration tokens. Users must manually reveal the full token using a toggle.
  • Edge Management API has now exited Tech Preview and is ready for production workloads.
  • Cluster Definition has now exited Tech Preview and is ready for production workloads.

Bug Fixes

  • Fixed an issue that prevented Edge clusters with multi-hyphen Helm chart names from provisioning.
  • Fixed an issue that caused the containerd sync job to perform unnecessary file copying and I/O operations on disconnected Edge clusters.
  • Fixed an issue that caused API calls to add Edge cluster nodes to fail.
  • Fixed an issue that caused proxy certificates to be incorrectly shown in Local UI.
  • Fixed an issue that caused the connection configuration validation in the Palette UI to fail for certain valid endpoints and registration tokens.
  • Fixed an issue that caused commands to the API delete endpoint to reset Edge hosts actively being provisioned to an Edge cluster.
  • Fixed an issue that caused the /usr/local directory on Edge nodes to be repeatedly resized.
  • Fixed an issue that prevented new certificates from being reconciled in clusters provisioned with a certificate that has recently expired.
  • Fixed an issue that prevented the migration of resources from the system-upgrade namespace to the system-upgrade-<cluster-uid> namespace.
  • Fixed an issue that caused Palette to incorrectly report the status of successfully installed packs.
  • Fixed an issue that caused pods related to agent mode cluster upgrades to get stuck in a Terminating state.
  • Fixed an issue that caused Palette to incorrectly report certificate errors on Edge clusters.
  • Fixed an issue that caused continuous retries on malformed bundles during the deployment of Edge clusters instead of initializing a fresh pack download.
  • Fixed an issue that caused Kube-vip arguments to be incorrectly reconciled after cluster creation.

VerteX

Features

  • Technical preview feature badgeTechnical preview feature badge The VerteX Management Appliance is a new method to install Palette VerteX in your infrastructure environment. It provides a simple and efficient way to deploy Palette VerteX using an ISO file. The VerteX Management Appliance is available for VMware, Bare Metal, and Machine as a Service (MAAS) environments. Refer to the VerteX Management Appliance guide for further information.

  • The Artifact Studio is a new platform for obtaining bundles, packs, and installers relating to Palette Enterprise and Palette VerteX. It provides a single source for these artifacts, which you can download and then upload to your registries. Refer to the Artifact Studio guide for further information.

  • The Zot registry is now supported as a primary registry for clusters managed by VerteX. Refer to Deploy Cluster with a Primary Registry for more information.

  • Includes all Palette features, improvements, breaking changes, and deprecations in this release. Refer to the Palette section for more details.

Automation

info

Check out the CLI Tools page to find the compatible version of the Palette CLI.

Breaking Changes

Features

  • The content build command of the Palette CLI now includes the --exclude-profiles flag. This flag allows you to exclude content such as images, charts, or raw files present in the listed profiles from the generated content bundle. Additionally, content bundles are now saved to the <current-directory>/output/content-bundle/ directory by default; you can override this location by using the --output flag. Refer to the Content command reference page for further information.
  • Terraform version 0.23.8 of the Spectro Cloud Terraform provider is available. For more details, refer to the Terraform provider release page.
  • Crossplane version 0.23.9 of the Spectro Cloud Crossplane provider is available. The provider now includes support for public cloud, VMware, and Canonical MAAS clusters.

Improvements

  • The Terraform resource spectrocloud_macros now supports the terraform import command. For more information, refer to the Spectro Cloud Terraform provider documentation.
  • The Terraform resource spectrocloud_cluster_profile now resolves the pack_uid based on the registry_uid, tag, and name fields. For more information, refer to the Spectro Cloud Terraform provider documentation.

Bug Fixes

Virtual Machine Orchestrator (VMO)

Improvements

  • Configuration adjustments have been made to improve the compatibility of the Virtual Machine Orchestrator with self-hosted Palette installations. This includes the ability to configure a private CA certificate for secure communication. Refer to the Configure Private CA Certificate guide for more details.

  • The KubeVirt version in use is now v1.5.0. Other components of the VMO pack have also been upgraded, enhancing system reliability and security.

Packs

Pack Notes

  • Palette VerteX now supports Zot OCI-native container image registries through the Zot Registry pack.

Kubernetes

Pack NameNew Version
Palette Optimized Canonical1.33.0
Palette Optimized K3s1.33.1
Palette Optimized K3s1.32.4
Palette Optimized K3s1.31.8
Palette Optimized K3s1.30.12
Palette eXtended Kubernetes1.32.4
Palette eXtended Kubernetes1.31.8
Palette eXtended Kubernetes1.30.12
Palette eXtended Kubernetes Edge (PXK-E)1.33.1
Palette eXtended Kubernetes Edge (PXK-E)1.32.4
Palette eXtended Kubernetes Edge (PXK-E)1.31.8
Palette eXtended Kubernetes Edge (PXK-E)1.30.12
Palette Optimized RKE21.33.1
Palette Optimized RKE21.32.4
Palette Optimized RKE21.31.8
Palette Optimized RKE21.30.12
RKE21.32.7
RKE21.31.8
RKE21.30.12

CNI

Pack NameNew Version
AWS VPC CNI (Helm)1.19.5
Calico3.30.1
Calico (Azure)3.30.1
Calico (FIPS)3.30.1
Cilium1.17.4
Cilium1.16.10
Flannel0.27.0
Flannel0.26.7

CSI

Pack NameNew Version
Amazon EBS CSI1.43.0
Amazon EFS2.1.7
Amazon EFS2.1.8
Longhorn1.8.1
Piraeus Operator2.8.1
Portworx3.3.1
vSphere CSI3.4.0

Add-on Packs

Pack NameNew Version
AWS Application Loadbalancer2.13.2
Amazon EFS2.1.7
Amazon EFS2.1.8
Argo CD8.0.1
Argo CD7.9.0
ExternalDNS0.16.1
External Secrets Operator0.17.0
Istio1.26.0
Istio1.25.1
Kong2.48.0
MetalLB0.15.2
Nginx1.12.2
Open Policy Agent3.18.3
Open Observe0.14.7
Open Telemetry0.127.0
PostgreSQL1.22.1
Reloader1.4.2
Vault0.30.0

FIPS Packs

Pack NameNew Version
AWS VPC CNI (Helm)1.19.5
Calico3.30.1
Calico (FIPS)3.30.1
Cilium1.17.4
Palette eXtended Kubernetes1.32.4
Palette eXtended Kubernetes1.31.8
Palette eXtended Kubernetes1.30.12
Palette eXtended Kubernetes Edge (PXK-E)1.33.1
Palette eXtended Kubernetes Edge (PXK-E)1.32.4
Palette eXtended Kubernetes Edge (PXK-E)1.31.8
Palette eXtended Kubernetes Edge (PXK-E)1.30.12
Palette Optimized RKE21.33.1
Palette Optimized RKE21.32.4
Palette Optimized RKE21.31.8
Palette Optimized RKE21.30.12
Piraeus Operator2.8.1
RKE21.32.7
RKE21.31.8
RKE21.30.12
vSphere CSI3.4.0