Skip to main content
Version: latest

Release Notes

tip

Are you looking for the release notes for a specific version of Palette? Use the version selector below to navigate to the release notes of the desired version.

October 13, 2024 - Release 4.5.0 - 4.5.3

This release of Palette features a new deployment model, Agent Mode, and contains several new improvements and enhancements. Take a moment and review the breaking changes and deprecation messages to ensure you stay informed of upcoming changes. We also have a new and improved Getting Started series worth checking out, especially if you have new users who need to get familiar with Palette. Check out the following sections to learn more about the changes introduced in this release.

Security Notices

Palette Enterprise

Breaking Changes

  • Due to Google's decision to deprecate the gcr.io container registry, we are adding a new image registry that Palette agents will use to pull images. The new registry is us-docker.pkg.dev. If you have network restrictions in place, ensure that the new registry is allowed. The new registry is available for use starting with this release. Refer to the Proxy Requirements for a complete list of domains that must be allowed.

Features

  • Technical preview feature badgeTechnical preview feature badge A new deployment model is available in Palette, Agent Mode. Agent mode allows you to use your preferred security-hardened Operating System (OS) or immutable OS and machine without sharing cloud provider credentials with Palette. The Palette agent is downloaded and installed on the machine, and the machine is then registered with Palette. The new model provides more flexibility for customers who want to use their own OS and manage the infrastructure provisioning process. In this release, the first supported use case for agent mode is Edge deployments. Check out the Agent Mode section to learn more about this new deployment model. This feature is only available to Palette Enterprise, and is not available in Palette VerteX.

Improvements

  • You can now use OIDC user information endpoints to retrieve user information from your designated Identity Provider (IdP), such as roles and groups. This improvement allows you to automate the synchronization of user roles and groups in Palette with your IdP. Refer to OIDC to learn more about enabling OIDC integration in Palette.

  • Palette now supports automatic synchronization for OCI Helm registries. Previously, you had to trigger the synchronization process manually. With this release, you can enable automatic synchronization for OCI Helm registries. This feature is only available to new OCI Helm registries added to Palette. Existing OCI Helm registries will continue to require manual synchronization. Re-register existing OCI Helm registries to take advantage of automatic synchronization. Refer to the Add OCI Helm Registry guide to learn more about adding an OCI Helm registry.

  • The self-hosted Palette system console login page has now improved visual feedback for login errors. If the username and password fields are empty, they will be highlighted in red.

  • Several improvements have been introduced to the Palette UI in this release.These upgrades include better support for wider screens, optimized page width, ensuring headings are visible on all screen sizes, and other responsive design improvements. In addition, event and audit logs can now occupy the entire screen width.

  • The difference editor during cluster profile upgrades received minor improvements to make it more user-friendly.

  • Palette's internal database, MongoDB, has been upgraded to version 6.0.

Deprecations and Removals

  • The cluster group, Beehive, will be sunset on November 9, 2024. If you are using Palette SaaS and have virtual clusters in the Beehive cluster group, migrate the workload to new virtual clusters hosted in a self-managed cluster group before November 9, 2024. You can learn more about creating a new cluster group in the Create and Manage Cluster Groups guide.

Edge

Features

  • You can now use LocalUI to facilitate user authentication for applications deployed onto Edge clusters. Application developers can use the JWT token provided by LocalUI to authenticate users for their applications hosted in the Edge cluster. The LocalUI provides a shared public key to each Edge host that you can use to verify the JWT token produced by LocalUI. This feature enables a single authentication source for applications deployed onto your Edge cluster. Check out the Share Local UI Authentication guide to learn more about this feature.

Improvements

  • You can now disable the webhook Edge hosts use to redirect image pulls to the appropriate locations depending on your Edge user data configuration. Turning off the default webhook allows you to use diverse registry setups, such as private authenticated registries and airgap domains. Check out the Disable Webhook to Customize Image Pull Behavior guide to learn more about this feature.

Bug Fixes

  • Fixed an issue where the Harbor pack's SSL certificate was not updated when a new certificate was specified in the pack YAML configuration.

VerteX

Features

  • Includes all Palette features, improvements, breaking changes, and deprecations in this release. Refer to the Palette section for more details.

Automation

Docs and Education

  • The Getting Started section of the documentation has been updated to provide a more comprehensive guide for new users to get started with Palette. In the Getting Started section, you can now find guides featuring AWS, Azure, GCP, and VMware vSphere. The sections have been updated with new tutorials and feature the fictional company Spacetastic to help you understand how to use Palette to manage your infrastructure.

  • A new tutorial for Edge is now available. The Deploy an Edge Cluster on VirtualBox tutorial provides a step-by-step guide to deploying an Edge cluster on VirtualBox. This tutorial is great for new users who want to learn more about Edge and gain hands-on experience without needing access to physical hardware.

Packs

Pack Notes

  • NVIDIA has released a software update for the NVIDIA Container Toolkit and NVIDIA GPU Operator that addresses a critical vulnerability, NVIDIA CVE-2024-0132, that affects the NVIDIA Container Toolkit versions v1.16.1 or earlier. To address this vulnerability, we recommend you upgrade to the latest NVIDIA GPU Operator pack version v24.6.2.

OS

Pack NameNew Version
BYOS2.0.0

Kubernetes

Pack NameNew Version
K3s1.28.14
K3s1.29.9
K3s1.30.5
Microk8s1.28

CNI

Pack NameNew Version
Calico3.28.2
Custom CNI1.0.0

CSI

Pack NameNew Version
AWS EBS1.35.0
Custom CSI1.0.0
Portworx w/Operator3.1.5
Rook Ceph1.14.9

Add-on Packs

Pack NameNew Version
AWS ALB2.8.3
Cillium Tetragon1.2.0
Dex2.39.1
ExternalDNS0.15.0
External Secrets Operator0.10.3
Istio1.23.1
Kong2.41.1
Nginx1.11.2
Spectro Proxy1.5.4
Vault0.28.1

FIPS Packs

Pack NameNew Version
AWS EBS1.35.0
Calico3.28.2

Deprecations and Removals