Skip to main content
Version: latest

Release Notes

tip

Are you looking for the release notes to a specific version of Palette? Use the version selector below to navigate to the release notes of the desired version.

Select...

Jul 20, 2024 - Release 4.4.11

Palette

Features

  • This release introduces a system-wide control User Interface (UI) for feature flags. System administrators can now turn features on or off through the system console. Once a feature flag is enabled, all tenants will have access to the feature. Check out the Feature Flags documentation to learn more.

  • Kubernetes clusters deployed to Azure can now use network proxy configurations. To use this new feature, you must deploy a PCG in your Azure environment and configure the PCG to use your network proxy server. Once the PCG is deployed and configured with the proxy server details, the newly deployed Azure clusters will inherit the proxy configurations from the PCG. To learn more, refer to the Proxy Configuration guide.

  • Palette now supports specifying a custom Certificate Authority (CA) when enabling OIDC integration. You now use self-signed root certificates from internal identity providers when configuring OIDC integration. To learn more, refer to the Enable SSO with Custom CA guide.

  • You can now deploy a cluster on Azure and only use private IP addresses for the control plane and worker nodes. When deploying the cluster, this new behavior requires using a Private Cloud Gateway (PCG) and static placement selection. To learn more about deploying a cluster with private IP addresses, refer to the Deploy a Cluster with Private IP Addresses guide.

Improvements

  • The Palette UI has been updated to improve the user experience for the project and tenant settings pages. The new Settings Menu enhances usability and reduces visual clutter. You can now collapse and expand categories within the Settings Menu.

  • Self-hosted Palette and PCG instances deployed to Azure through a Helm Chart now accept proxy configurations for outbound traffic. The proxy configuration is set in the values.yaml file during the deployment process. Refer to the Self-Hosted Helm Chart Configuration Reference or the Deploy a PCG to an Existing Kubernetes Cluster guide to learn more.

  • Improvements to the Palette agent has reduced the frequency and bandwidth of agent communication with the Palette management platform. This change reduces the resource consumption by the Palette agent in a cluster and the bandwidth usage between the agent and the Palette management platform.

  • Palette API responses now include the header Cache-Control. This header provides information on how long the response can be cached and helps improve the performance of the Palette UI.

  • Self-Hosted Palette and Private Cloud Gateway (PCG) instances deployed on VMware vSphere now use the vSphere CSI driver version 3.2.0. The new version will automatically get picked up during an upgrade.

Bug Fixes

  • The issue preventing RKE2 and PXK clusters using Kubernetes version 1.29.4 from deploying on MAAS successfully is now resolved. Remove any existing MAAS Kubernetes 1.29.4 images from your environment to pull in the updated images.

Edge

Breaking Changes

  • A change in the EdgeForge process affects the Local UI customization process when using the CanvOS utility. In the past, placing a folder named ui at the root level of the CanvOS project was required. Moving forward, the ui folder will be placed in the local-ui/ folder. This change is to align with the new CanvOS project structure. If you are using the EdgeForge process to create Edge artifacts, ensure you update the location of the ui folder in your CanvOS project. Refer to the Local UI Custom Links and Customize Local UI Theme to learn more about the changes.

Features

  • A new Palette API endpoint, v1/edgehosts/tags, is available to retrieve all tags associated with Edge clusters.

  • The Edge Management API now supports some operations on connected Edge hosts (non-airgap). In the past, the Edge Management API only supported airgap Edge hosts and clusters. The new functionality now allows you to perform some actions using the Edge Management API on connected Edge hosts. Refer to List of Endpoints Unavailable to Connected Edge Hosts section to learn more about the limitations of connected Edge hosts.

  • Local UI now supports signed content bundles and cluster definitions. You can embed a public key in your Edge Installer ISO or provider image. Local UI can use the key to verify the content bundle and cluster definition cryptographically during uploads to ensure you are fulfilling compliance requirements. Refer to the Build Content Bundles guide to learn more.

Improvements

  • You can now disable password changes of Operating System (OS) users from Local UI. When password updates from Local UI are disabled, you can still update the OS user password from the OS or the Edge Management API. Check out the Access Local UI page to learn more.

  • Several enhancements have been made to the UI for Edge host management in the context of cluster creation and updates. These changes ensure a consistent and user-friendly experience, including new designs for the Edge host selection screen and a customizable, powerful grid view. This redesign provides a better user experience for managing many edge hosts in large-scale environments. Check out the Edge Host Grid View page to learn more.

  • EdgeForge now supports creating base images for Edge hosts using Ubuntu 24.04 UKI. To learn more about creating base images, refer to the Build Edge Artifacts guide.

VerteX

Features

  • Includes all Palette features and improvements in this release. Refer to the Palette section for more details.

Automation

  • Terraform version 0.20.7 of the Spectro Cloud Terraform provider is available. For more details, refer to the Terraform provider release page.

  • Palette Crossplane provider version 0.20.7 is available. For more details, refer to the provider release page.

  • The Palette CLI now supports automatic validation when deploying a self-hosted VerteX or Palette instance. Use the --validate flag to validate the deployment configuration before deploying the instance. Refer to the Validate Environment section of the Palette EC command documentation to learn more.

Docs and Education

  • Palette tutorials now have a dedicated view in the documentation. The Tutorials page provides a list of tutorials to help you get started with Palette and its features, and other advanced topics.

Packs

Kubernetes

PackNew Version
K3s1.27.15
K3s1.28.11
K3s1.29.6
Palette eXtended Kubernetes (PXK)1.27.15
Palette eXtended Kubernetes (PXK)1.28.11
Palette eXtended Kubernetes (PXK)1.29.6
Palette eXtended Kubernetes - Edge (PXK-E)1.27.15
Palette eXtended Kubernetes - Edge (PXK-E)1.28.11
Palette eXtended Kubernetes - Edge (PXK-E)1.29.6
RKE21.27.14
RKE21.28.10
RKE21.29.5
RKE2 - Edge1.27.14
RKE2 - Edge1.28.10
RKE2 - Edge1.29.5

CNI

PackNew Version
Calico3.28.0

CSI

PackNew Version
AWS EFS2.0.4
Rook Ceph1.14.0
vSphere CSI3.2.0

Add-on Packs

PackNew Version
External Secrets Operator0.9.16
Kong2.38.0
Reloader1.0.74
Reloader1.0.107
Spectro Proxy1.5.3

FIPS

PackNew Version
Calico3.28.0
Flannel0.24.3
RKE21.27.14
RKE21.28.10
RKE21.29.5
RKE2 - Edge1.27.14
RKE2 - Edge1.28.10
RKE2 - Edge1.29.5

Jul 7, 2024 - Release 4.4.7

Bug Fixes

  • Fixed an issue where Edge hosts would lose the local network configuration after adding a node to the cluster.

  • Fixed an issue where cluster profile manifest layers were switched, and as a result, different manifest layer YAML files were applied at the wrong time.

  • Fixed an issue occurring with self-hosted Palette and VerteX upgrading to 4.4. x. Mongo DNS was incorrectly configured in the configserver ConfigMap, resulting in pod errors.

  • Fixed an issue where the airgap setup script failed to push all the compressed images to the local registry.

Jun 15, 2024 - Release 4.4.0 - 4.4.6

This release contains various new features and improvements. One new feature is the introduction of Trusted Boot for Edge. Trusted Boot is a hardware-based security feature that ensures that the system boots securely and that the boot process has not been tampered with. We also improved the MicroK8s experience by exposing lifecycle commands. Other improvements include enhancements to the Cluster Profile Variables user experience, automatic SSL certificate updates for Edge clusters in airgap environments, and new network troubleshooting tools in Local UI. Check out the full release notes to learn more about this release's new features and improvements.

Security Notices

Palette

Breaking Changes

  • In this release, Palette aligns Google Cloud Platform GKE behavior with Azure AKS and AWS EKS and removes the ability to specify a patch version when creating a cluster profile for AKS, EKS, and GKE. Only the major and minor versions are available for selection. The underlying cloud provider will automatically select the latest patch version available for the selected major and minor version.

  • Validator Helm Charts have migrated from https://github.com/spectrocloud-labs/validator to https://github.com/validator-labs/validator. Former versions of the Palette CLI will point to the former repository when prompted for the Helm chart location and require a manual URL change. The new version of the Palette CLI will point to the new repository. Refer to the Validator CLI page documentation for more details.

  • Due to the removal of GKE Kubernetes patch versions, it's critical you update existing cluster profiles to use the new GKE Kubernetes packs to avoid issues. Active clusters using old GKE Kubernetes pack versions may encounter problems like pods failing to start and scaling issues. We recommend deploying new clusters with the updated GKE cluster profile and migrating workloads.

Features

  • Technical preview feature badgeTechnical preview feature badge The MicroK8s pack layer now exposes bootCommands, preRunCommands and postRunCommands. You can use these commands to customize and configure MicroK8s as needed. MicroK8s is delivered as a Technical Preview for AWS and Canonical MAAS in this release. To learn more, refer to the MicroK8s pack documentation.

Improvements

  • You can now upload a custom pack to a self-hosted OCI registry multiple times by using different namespaces in the OCI repository.

  • This release removes terminology that may be culturally insensitive or create a barrier to inclusion. We removed the term "master" from our product and replaced it with "control-plane". This work aligns with the Linux Foundation initiative for Diversity & Inclusivity.

Bug Fixes

  • The issue where Google GKE cluster deployments failed is now resolved. You can now deploy GKE clusters using the latest available GKE versions.

Deprecations and Removals

  • The term master is removed from Palette and replaced with the term, control plane. This change is reflected in the UI, API and documentation. The following API endpoints are affected as a the payload object includeMasterMachines is deprecated and replaced with the new object, includeControlPlaneMachines:

    • POST /v1/dashboard/spectroclusters/resources/usage
    • POST /v1/dashboard/spectroclusters/resources/cost
    • POST /v1/dashboard/spectroclusters/{uid}/resources/consumption
    • POST /v1/dashboard/spectroclusters/resources/consumption
    • GET /v1/metrics/{resourceKind}/{resourceUid}/values
    • GET /v1/metrics/{resourceKind}/values

    warning

    After six months, the includeMasterMachines object will be removed from the API. Use the includeControlPlaneMachines object moving forward.

Known Issues

  • An issue prevents RKE2 and Palette eXtended Kubernetes (PXK) on version 1.29.4 from operating correctly with Canonical MAAS. A temporary workaround is using a version lower than 1.29.4 when using MAAS..

  • MicroK8s does not support a multi-node cluster deployment and is limited to a single-node cluster. As a result, the only supported upgrade strategy is InPlaceUpgrade.

  • Clusters using MicroK8s as the Kubernetes distribution, the control plane node fails to upgrade when using the InPlaceUpgrade strategy for sequential upgrades, such as upgrading from version 1.25.x to version 1.26.x and then to version 1.27.x. Refer to the Control Plane Node Fails to Upgrade in Sequential MicroK8s Upgrades troubleshooting guide for resolution steps.

  • If you did not configure the Trusted Boot keys to auto-enroll, manual enrollment could take several times to be successful. For more information about key enrollment, refer to Enroll Trusted Boot Keys in Edge Host.

  • Edge hosts with FIPS-compliant RHEL Operating System (OS) distribution may encounter the error where the systemd-resolved.service service enters the failed state. This prevents the nameserver from being configured, which will result in cluster deployment failure. Refer to TroubleShooting for a workaround.

Edge

Features

  • Technical preview feature badgeTechnical preview feature badge Trusted Boot is an exciting new Edge capability developed as part of the SENA framework. Trusted Boot is a hardware-based security feature that ensures that the system boots securely and that the boot process has not been tampered with. Trusted Boot does several significant things, all working in concert, to enhance security:

    • Ensures that only trusted software can boot on the system. Any modification to any part of the hard disk will be detected.
    • Encrypts all sensitive data on disk using hardware security Trusted Platform Module (TPM).
    • Ensures that the TPM will only decrypt sensitive data if the boot process is clean and untampered.

    Unlike similar solutions, Trusted Boot utilizes a secure boot, measured boot, and encryption to protect the booting system far more than other solutions. To learn more about Edge Trusted Boot, check out the Edge Trusted Boot documentation.

Improvements

  • Technical preview feature badgeTechnical preview feature badge The Cluster Profile Variables user experience has been improved. Users can now identify where a variable is used, preview the variable during creation time, and change the order of the variables displayed. An improved Day-2 management experience is also available. You can learn more about these new features in the Cluster Profile Variables documentation.

  • Edge clusters managed by LocalUI now receive automatic SSL certificate updates for Kubernetes. Users can also manually trigger the SSL certificate update process. For more information, refer to the Renew Certificates for Airgap Clusters guide.

  • Local UI now includes tools to help users troubleshoot network issues. The tools include ping and traceroute. For more information, refer to the Local UI documentation.

  • Clusters managed by Local UI now include a new feature that allows users to download diagnostic logs from Local UI. This feature reduces the friction of troubleshooting issues on the cluster as the need to SSH into the cluster is reduced.

  • Support for custom links, URLs, and static pages is now available in Local UI. You can populate custom links in the left Main Menu of Local UI, which will either load content into in an iframe or act as en external link. You can also can host static pages in Local UI. This is useful when you need to deploy and host custom or specific content for a site and want to avoid introducing additional services to host a static site.

Palette Dev Engine (PDE)

Known Issues

  • During the platform upgrade from Palette 4.3 to 4.4, Virtual Clusters may encounter a scenario where the pod palette-controller-manager is not upgraded to the newer version of Palette. The virtual cluster will continue to be operational, and this does not impact its functionality. Refer to the Controller Manager Pod Not Upgraded troubleshooting guide for resolution steps.

Virtual Machine Orchestrator (VMO)

Improvements

  • The KubeVirt version in use is now v1.2.0. Other minor maintenance updates in support of Kubevirt 1.2.0 are also included.

Automation

  • Terraform version 0.20.0 of the Spectro Cloud Terraform provider is available. For more details, refer to the Terraform provider release page.

  • Palette Crossplane provider version 0.20.0 is available. For more details, refer to the provider release page.

  • The Terraform data resources, spectrocloud_pack and spectrocloud_pack_simple, will both require the attribute registry_uid to be set the next Terraform release, 0.21.0. We recommend you start using this attribute in your Terraform configurations to avoid issues in the future.

Docs and Education

  • Palette's Crossplane provider now has a dedicated documentation section. The new section also includes a few guides on how to deploy a Kubernetes clusters using Crossplane. Check out the Crossplane Provider documentation for more details.

Packs

Pack Notes

  • Cluster Autoscaler version 1.29.2 is a Helm-based pack. Previous versions of the pack were manifest-based. Upgrades to the new version require you to select the new Helm-based pack.

  • The BYOOS pack is now available for Palette VerteX deployments. This allows users to bring their own Operating System (OS) image to deploy VerteX instances. RHEL is the only custom OS supported for VerteX deployments at this time.

  • MicroK8s now supports boot, preRun and postRun commands on cloud-init. This allows users to execute custom commands before and after their MicroK8s deployment processes, providing enhanced flexibility and control over deployment environments.

  • The Kubernetes pack parameter k8sHardening is removed and no longer used as the method for hardening images during the image creation process. This change does not impact users.

  • Cluster Autoscaler is now a verified pack. Refer to the Verified Packs page for more details on verified packs.

Kubernetes

PackNew Version
Palette eXtended Kubernetes Edge (PXK-E)1.26.15
Palette eXtended Kubernetes Edge (PXK-E)1.27.11
Palette eXtended Kubernetes Edge (PXK-E)1.28.9
Palette eXtended Kubernetes1.27.13
Palette eXtended Kubernetes1.28.9
Palette eXtended Kubernetes1.29.4
Kubernetes Azure AKS1.29
Kubernetes Google GKE1.26
Kubernetes Google GKE1.27
Kubernetes Google GKE1.28
Kubernetes Google GKE1.29
RKE21.27.13
RKE21.28.9
RKE21.29.4
RKE2 - Edge1.26.15
RKE2 - Edge1.27.13
RKE2 - Edge1.28.9
RKE2 - Edge1.29.4

CNI

PackNew Version
AWS VPC CNI (Helm)1.17.1
Calico3.27.2
Calico Azure3.27.2
Cilium OSS1.15.3
Flannel0.24.3

CSI

PackNew Version
AWS EFS1.7.6
AWS EBS CSI1.28.0
Azure Disk CSI Driver1.30.0
GCE Persistent Disk CSI1.13.2
Portworx /w Operator3.1.0

Add-on Packs

PackNew Version
AWS Application Loadbalancer2.7.2
AWS Cluster Autoscaler (Helm)1.29.2
MetalLB (Helm)0.14.3
Nginx1.10.0
OpenPolicyAgent3.15.1
Portworx /w Operator3.1.0
Prometheus - Grafana57.0.1

FIPS Packs

PackNew Version
AWS EBS CSI1.28.0
AWS VPC CNI (Helm)1.1.17
Calico Azure3.25.1
Calico Azure3.26.3
Cilium1.13.4
Cilium1.14.3
Cilium1.14.5
Longhorn1.4.1
Longhorn1.5.3
Palette eXtended Kubernetes Edge (PXK-E)1.26.15
Palette eXtended Kubernetes Edge (PXK-E)1.27.14
Palette eXtended Kubernetes Edge (PXK-E)1.28.10
Palette eXtended Kubernetes Edge (PXK-E)1.29.5
Palette Optimized RKE21.27.13
Palette Optimized RKE21.28.9
Palette Optimized RKE21.29.4
Palette eXtended Kubernetes (PXK)1.27.13
Palette eXtended Kubernetes (PXK)1.27.2
Palette eXtended Kubernetes (PXK)1.28.9
Palette eXtended Kubernetes (PXK)1.29.4
RKE21.27.13
RKE21.28.9
RKE21.29.0
RKE21.29.4
RKE2 - Edge1.27.13
RKE2 - Edge1.28.9
RKE2 - Edge1.29.4
vSphere CSI3.1.0
vSphere CSI3.1.2

Deprecations and Removals