Skip to main content
Version: latest

Release Notes


Are you looking for the release notes to a specific version of Palette? Use the version selector below to navigate to the release notes of the desired version.

Jun 15, 2024 - Release 4.4.0 - 4.4.4

This release contains various new features and improvements. One new feature is the introduction of Trusted Boot for Edge. Trusted Boot is a hardware-based security feature that ensures that the system boots securely and that the boot process has not been tampered with. We also improved the MicroK8s experience by exposing lifecycle commands. Other improvements include enhancements to the Cluster Profile Variables user experience, automatic SSL certificate updates for Edge clusters in airgap environments, and new network troubleshooting tools in local UI. Check out the full release notes to learn more about this release's new features and improvements.

Security Notices


Breaking Changes

  • In this release, Palette aligns Google Cloud Platform GKE behavior with Azure AKS and AWS EKS and removes the ability to specify a patch version when creating a cluster profile for AKS, EKS, and GKE. Only the major and minor versions are available for selection. The underlying cloud provider will automatically select the latest patch version available for the selected major and minor version.

  • Validator Helm Charts have migrated from to Former versions of the Palette CLI will point to the former repository when prompted for the Helm chart location and require a manual URL change. The new version of the Palette CLI will point to the new repository. Refer to the Validator CLI page documentation for more details.

  • Due to the removal of GKE Kubernetes patch versions, it's critical you update existing cluster profiles to use the new GKE Kubernetes packs to avoid issues. Active clusters using old GKE Kubernetes pack versions may encounter problems like pods failing to start and scaling issues. We recommend deploying new clusters with the updated GKE cluster profile and migrating workloads.


  • Technical preview feature badgeTechnical preview feature badge The MicroK8s pack layer now exposes bootCommands, preRunCommands and postRunCommands. You can use these commands to customize and configure MicroK8s as needed. MicroK8s is delivered as a Technical Preview for AWS and Canonical MAAS in this release. To learn more, refer to the MicroK8s pack documentation.


  • You can now upload a custom pack to a self-hosted OCI registry multiple times by using different namespaces in the OCI repository.

  • This release removes terminology that may be culturally insensitive or create a barrier to inclusion. We removed the term "master" from our product and replaced it with "control-plane". This work aligns with the Linux Foundation initiative for Diversity & Inclusivity.

Bug Fixes

  • The issue where Google GKE cluster deployments failed is now resolved. You can now deploy GKE clusters using the latest available GKE versions.

Deprecations and Removals

  • The term master is removed from Palette and replaced with the term, control plane. This change is reflected in the UI, API and documentation. The following API endpoints are affected as a the payload object includeMasterMachines is deprecated and replaced with the new object, includeControlPlaneMachines:

    • POST /v1/dashboard/spectroclusters/resources/usage
    • POST /v1/dashboard/spectroclusters/resources/cost
    • POST /v1/dashboard/spectroclusters/{uid}/resources/consumption
    • POST /v1/dashboard/spectroclusters/resources/consumption
    • GET /v1/metrics/{resourceKind}/{resourceUid}/values
    • GET /v1/metrics/{resourceKind}/values


    After six months, the includeMasterMachines object will be removed from the API. Use the includeControlPlaneMachines object moving forward.

Known Issues

  • An issue prevents RKE2 and Palette eXtended Kubernetes (PXK) on version 1.29.4 from operating correctly with Canonical MAAS. A temporary workaround is using a version lower than 1.29.4 when using MAAS..

  • MicroK8s does not support a multi-node cluster deployment and is limited to a single-node cluster. As a result, the only supported upgrade strategy is InPlaceUpgrade.

  • Clusters using MicroK8s as the Kubernetes distribution, the control plane node fails to upgrade when using the InPlaceUpgrade strategy for sequential upgrades, such as upgrading from version 1.25.x to version 1.26.x and then to version 1.27.x. Refer to the Control Plane Node Fails to Upgrade in Sequential MicroK8s Upgrades troubleshooting guide for resolution steps.

  • If you did not configure the Trusted Boot keys to auto-enroll, manual enrollment could take several times to be successful. For more information about key enrollment, refer to Enroll Trusted Boot Keys in Edge Host.

  • Edge hosts with FIPS-compliant RHEL Operating System (OS) distribution may encounter the error where the systemd-resolved.service service enters the failed state. This prevents the nameserver from being configured, which will result in cluster deployment failure. Refer to TroubleShooting for a workaround.



  • Technical preview feature badgeTechnical preview feature badge Trusted Boot is an exciting new Edge capability developed as part of the SENA framework. Trusted Boot is a hardware-based security feature that ensures that the system boots securely and that the boot process has not been tampered with. Trusted Boot does several significant things, all working in concert, to enhance security:

    • Ensures that only trusted software can boot on the system. Any modification to any part of the hard disk will be detected.
    • Encrypts all sensitive data on disk using hardware security Trusted Platform Module (TPM).
    • Ensures that the TPM will only decrypt sensitive data if the boot process is clean and untampered.

    Unlike similar solutions, Trusted Boot utilizes a secure boot, measured boot, and encryption to protect the booting system far more than other solutions. To learn more about Edge Trusted Boot, check out the Edge Trusted Boot documentation.


  • Technical preview feature badgeTechnical preview feature badge The Cluster Profile Variables user experience has been improved. Users can now identify where a variable is used, preview the variable during creation time, and change the order of the variables displayed. An improved Day-2 management experience is also available. You can learn more about these new features in the Cluster Profile Variables documentation.

  • Edge clusters managed by LocalUI now receive automatic SSL certificate updates for Kubernetes. Users can also manually trigger the SSL certificate update process. For more information, refer to the Renew Certificates for Airgap Clusters guide.

  • Local UI now includes tools to help users troubleshoot network issues. The tools include ping and traceroute. For more information, refer to the local UI documentation.

  • Clusters managed by local UI now include a new feature that allows users to download diagnostic logs from the local UI. This feature reduces the friction of troubleshooting issues on the cluster as the need to SSH into the cluster is reduced.

  • Support for custom links, URLs, and static pages is now available in local UI. You can populate custom links in the left Main Menu of local UI, which will either load content into in an iframe or act as en external link. You can also can host static pages in local UI. This is useful when you need to deploy and host custom or specific content for a site and want to avoid introducing additional services to host a static site.

Palette Dev Engine (PDE)

Known Issues

  • During the platform upgrade from Palette 4.3 to 4.4, Virtual Clusters may encounter a scenario where the pod palette-controller-manager is not upgraded to the newer version of Palette. The virtual cluster will continue to be operational, and this does not impact its functionality. Refer to the Controller Manager Pod Not Upgraded troubleshooting guide for resolution steps.

Virtual Machine Orchestrator (VMO)


  • The KubeVirt version in use is now v1.2.0. Other minor maintenance updates in support of Kubevirt 1.2.0 are also included.


  • Terraform version 0.20.0 of the Spectro Cloud Terraform provider is available. For more details, refer to the Terraform provider release page.

  • Palette Crossplane provider version 0.20.0 is available. For more details, refer to the provider release page.

  • The Terraform data resources, spectrocloud_pack and spectrocloud_pack_simple, will both require the attribute registry_uid to be set the next Terraform release, 0.21.0. We recommend you start using this attribute in your Terraform configurations to avoid issues in the future.

Docs and Education

  • Palette's Crossplane provider now has a dedicated documentation section. The new section also includes a few guides on how to deploy a Kubernetes clusters using Crossplane. Check out the Crossplane Provider documentation for more details.


Pack Notes

  • Cluster Autoscaler version 1.29.2 is a Helm-based pack. Previous versions of the pack were manifest-based. Upgrades to the new version require you to select the new Helm-based pack.

  • The BYOOS pack is now available for Palette VerteX deployments. This allows users to bring their own Operating System (OS) image to deploy VerteX instances. RHEL is the only custom OS supported for VerteX deployments at this time.

  • MicroK8s now supports boot, preRun and postRun commands on cloud-init. This allows users to execute custom commands before and after their MicroK8s deployment processes, providing enhanced flexibility and control over deployment environments.

  • The Kubernetes pack parameter k8sHardening is removed and no longer used as the method for hardening images during the image creation process. This change does not impact users.

  • Cluster Autoscaler is now a verified pack. Refer to the Verified Packs page for more details on verified packs.


PackNew Version
Palette eXtended Kubernetes Edge (PXK-E)1.26.15
Palette eXtended Kubernetes Edge (PXK-E)1.27.11
Palette eXtended Kubernetes Edge (PXK-E)1.28.9
Palette eXtended Kubernetes1.27.13
Palette eXtended Kubernetes1.28.9
Palette eXtended Kubernetes1.29.4
Kubernetes Azure AKS1.29
Kubernetes Google GKE1.26
Kubernetes Google GKE1.27
Kubernetes Google GKE1.28
Kubernetes Google GKE1.29
RKE2 - Edge1.26.15
RKE2 - Edge1.27.13
RKE2 - Edge1.28.9
RKE2 - Edge1.29.4


PackNew Version
AWS VPC CNI (Helm)1.17.1
Calico Azure3.27.2
Cilium OSS1.15.3


PackNew Version
AWS EFS1.7.6
Azure Disk CSI Driver1.30.0
GCE Persistent Disk CSI1.13.2
Portworx /w Operator3.1.0

Add-on Packs

PackNew Version
AWS Application Loadbalancer2.7.2
AWS Cluster Autoscaler (Helm)1.29.2
MetalLB (Helm)0.14.3
Portworx /w Operator3.1.0
Prometheus - Grafana57.0.1

FIPS Packs

PackNew Version
AWS VPC CNI (Helm)1.1.17
Calico Azure3.25.1
Calico Azure3.26.3
Palette eXtended Kubernetes Edge (PXK-E)1.26.15
Palette eXtended Kubernetes Edge (PXK-E)1.27.14
Palette eXtended Kubernetes Edge (PXK-E)1.28.10
Palette eXtended Kubernetes Edge (PXK-E)1.29.5
Palette Optimized RKE21.27.13
Palette Optimized RKE21.28.9
Palette Optimized RKE21.29.4
Palette eXtended Kubernetes (PXK)1.27.13
Palette eXtended Kubernetes (PXK)1.27.2
Palette eXtended Kubernetes (PXK)1.28.9
Palette eXtended Kubernetes (PXK)1.29.4
RKE2 - Edge1.27.13
RKE2 - Edge1.28.9
RKE2 - Edge1.29.4
vSphere CSI3.1.0
vSphere CSI3.1.2

Deprecations and Removals