Skip to content

Latest commit

 

History

History
1967 lines (1348 loc) · 108 KB

release-notes.md

File metadata and controls

1967 lines (1348 loc) · 108 KB
sidebar_label title description hide_table_of_contents sidebar_position sidebar_custom_props tags
Release Notes
Release Notes
Spectro Cloud release notes for Palette and its sub-components.
false
0
icon
audits
release-notes

March 6, 2026 - Component Updates {#component-updates-2026-10}

The following components have been updated for Palette version 4.8.6 - 4.8.37.

Component Version
Spectro Cloud Terraform provider 0.28.3
Spectro Cloud Crossplane provider 0.28.3
Palette Management Appliance 4.8.37
VerteX Management Appliance 4.8.37

Improvements

  • Cloud account data sources for the Spectro Cloud Terraform provider now contain the ID of the Private Cloud Gateway (PCG) that they are associated with. This field is now available in the spectrocloud_cloudaccount_apache_cloudstack, spectrocloud_cloudaccount_maas, spectrocloud_cloudaccount_openstack, and spectrocloud_cloudaccount_vsphere data sources.

Bug Fixes

  • Fixed an issue that prevented Palette and Palette VerteX environments configured with from being successfully installed on agent mode nodes. Refer to the tab for further details.

Packs

Pack Notes

  • pack version 3.4.1 can now be used for airgapped clusters.
Pack Name Layer Non-FIPS FIPS New Version
Amazon EBS CSI CSI 1.55.0
AWS Application Loadbalancer Add-on 3.1.0
AWS VPC CNI CNI 1.21.1
External Secrets Add-on 2.0.1
Istio Add-on 1.29.0
Portworx with Operator CSI 3.4.1-rev5
Prometheus Operator Add-on 82.2.0
Volume Snapshot Controller Add-on 8.5.0

March 5, 2026 - Release 4.8.37

The following component updates are applicable to this release:

Improvements

  • The internal Palette Go versions have been upgraded to 1.24.12 and 1.25.7, depending on the component, addressing CVE-2025-68121.
  • The internal Cert Manager component for Palette environments has been updated to version 1.19.3, remediating CVE-2025-68121 caused by Cert Manager version 1.19.1. For workload clusters using the pack, you must update your cluster profile to version 1.19.3.
  • The internal Palette version of kube-vip has now been upgraded to address CVE-2025-68121. Due to cluster repave protection, cluster repaves must be manually triggered to apply the upgrade.
  • Palette now supports version 3 configuration for config.toml file for all Kubernetes packs version 1.34 or newer. Refer to Override Registry Configuration to learn more about config.toml usage.
  • Palette now supports configuring Day-1 and Day-2 resource requirements for palette-controller-manager and cluster-management-agent pods through the palette-agent-config manifest, allowing users to allocate additional resources to system components in large-scale clusters. Refer to our Troubleshooting guide for more information.
  • Palette now allows the use of tags to specify the placement of control planes on MAAS LXD VMs.

Bug Fixes

  • Fixed an issue that caused the Palette TUI to shut down Edge hosts without confirmation when the user presses F12.
  • Fixed an issue that caused Local UI to display sensitive pack values returned by the Palette API.
  • Fixed an issue that caused Edge clusters to attempt to download packs and fail to provision the cluster, even when local content bundles have been provided.
  • Fixed an issue that caused Local UI to fail to configure bridges without pre-existing networkd configuration files.
  • Fixed an issue that caused Palette to accumulate orphaned objects when changing the AMI ID on existing EKS worker pools with the pack installed.
  • Fixed an issue that caused EKS clusters deployed with the pack to fail to upgrade the Kubernetes version of their worker node groups or MachinePools.
  • Fixed an issue that prevented EKS clusters configured with the from deploying successfully.

February 27, 2026 - Component Updates {#component-updates-2026-09}

The following components have been updated for Palette version 4.8.6 - 4.8.35.

Component Version
Spectro Cloud Terraform provider 0.28.2
Spectro Cloud Crossplane provider 0.28.2

Improvements

  • Artifact Studio now includes a user survey for gathering feedback and identifying improvements. The provided data is processed internally by Spectro Cloud.

Bug Fixes

  • Fixed an Artifact Studio UI issue that caused expanded version drop-down menus to float when scrolling.
  • Fixed an Artifact Studio UI issue that caused pack sizes to be incorrectly reported as 0 GB.

Packs

Packs Notes

  • The pack version 2.2.0 is now available in the Palette Community Registry.
  • The pack version 3.31.3 fails to install on airgapped environments. Refer to the tab for the workaround.
Pack Name Layer Non-FIPS FIPS New Version
Calico CNI 3.31.4
Cert Manager Add-on 1.19.3
Cilium CNI 1.18.4
Cilium CNI 1.18.1
Harbor Add-on 1.18.2
Palette eXtended Kubernetes Kubernetes 1.33.7
Piraeus Operator CSI 2.10.4
Prometheus Agent Add-on 28.9.0
Prometheus Operator Add-on 81.6.1
Reloader Add-on 1.4.13
Tigera Operator CNI 3.31.3

February 25, 2026 - Release 4.8.35

The following component updates are applicable to this release:

Bug Fixes

February 21, 2026 - Release 4.8.33 {#release-notes-4.8.b}

The following component updates are applicable to this release:

Review the active known issues that affect this Palette release on the Known Issues page.

Security Notices

Palette Enterprise {#palette-enterprise-4.8.b}

Features

  • Palette now supports the option to skip worker node upgrades on AWS IaaS clusters. For example, if you have worker pools running critical databases or real-time processing services, you can enable this option to maintain service continuity during control plane upgrades, then schedule worker node updates during planned maintenance windows.

    The version difference between the control plane and worker nodes must not exceed the N-3 minor version skew supported by Kubernetes. Palette enforces this during cluster profile updates and blocks you from updating if you attempt to exceed the N-3 threshold.

  • Palette Management Appliance and VerteX Management Appliance version 4.8.33 is now available.

Improvements

  • The minimum permissions policies for AWS clusters have been revamped to remove certain permissions, such as iam:CreateUser, iam:CreateRole, and iam:AttachRolePolicy. There are also further resource constraints added to the existing permissions.

    As a result, there are some additional steps required to use the minimum permissions policies. You must create the required CloudFormation stack for Palette manually in your AWS region, and configure the Kubernetes layer of your cluster profiles to use the manually created stack using a new property.

    Alternatively, you can use the new minimum permissions policies and include an additional policy that allows Palette to manage the creation and lifecycle of the CloudFormation stack on your behalf. This allows you to continue using the streamlined experience for AWS cluster provisioning and management without needing to manually create the CloudFormation stack.

    For more details, refer to the Required IAM Policies for AWS Clusters documentation.

  • A cluster repave warning is now displayed when modifying operating system (OS) or Kubernetes configurations for clusters linked to a cluster template. Once you save your cluster profile changes, all clusters attached to the template are automatically repaved during the next upgrade window. Refer to Modify Cluster Templates for more information.
  • Cluster IDs and cluster profile IDs are now displayed on the respective cluster and cluster profile detail pages.
  • The Palette UI now supports direct navigation to the relevant profile layer when users click any profile component of a running cluster from the overview page, instead of defaulting to editing the Operating System layer.
  • Palette's internal database, MongoDB, has been upgraded to version 8.0.

  • Palette now improves how volumes and volumeMounts defined in ClusterPodPreset or PodPreset resources on a self-hosted PCG cluster deployed in Amazon EKS are reconciled with pod-mounted files defined under kubeadmconfig in the OS layer of an AWS EKS cluster profile used to deploy workload clusters.

    Volumes and mounts derived from the OS layer are only added if their resolved volumes.hostPath.path or volumeMounts.mountPath do not already exist in the self-hosted PCG cluster configuration, preventing duplicate mounts when the same paths are specified in both locations. Volume and mount names are generated using a hash of the full path to ensure path-unique naming and avoid Kubernetes validation conflicts.

Bug Fixes

  • Fixed an issue that caused the Palette controller to stop reconciling resources on AWS clusters where pack uninstallation is stuck.
  • Fixed an issue that caused Palette to fail to list or select Zarf OCI packs with image tags do not conform to strict semantic versioning.
  • Fixed an issue that caused backups to failing unless AWS_REGION is set in the kube2iam DaemonSet.
  • Fixed an issue that caused Palette SMTP configuration to ignore noProxy entries specified using leading-dot notation.
  • Fixed an issue that caused the Palette UI to incorrectly display the Enable Nodepool Customization toggle as off for EKS worker pools deployed with this configuration turned on.

Edge

:::info

The CanvOS version corresponding to the 4.8.33 Palette release is 4.8.10.

:::

Improvements

  • The pack has exited Tech Preview and is now ready for production workloads.
  • The kube-vip version used in Edge cluster deployments is now 1.0.3.
  • The Kubernetes boot time on Edge clusters has now been reduced through the optimization of cache fetching.

Bug Fixes

  • Palette no longer reports errors when automatic certificate renewals are not configured on Edge clusters.
  • Fixed an issue that prevented Palette from applying priority classes on critical upgrade pods, leading to scheduling errors during cluster upgrades.
  • Fixed an issue that caused the automatic upgrades task to consume high memory and crash.
  • Fixed an issue that prevented Palette from deleting some cluster artifacts and journal logs from Edge hosts that have been reset.
  • Fixed an issue that prevented Palette from clearing NTP values and SSH keys after they have been removed in LocalUI, causing the Edge cluster to fail to update successfully.
  • Fixed an issue that caused JWT tokens issued in LocalUI to fail signature verification.
  • Fixed an issue that caused Palette to print some sensitive information to the LocalUI audit logs.

VerteX

Features

  • Includes all Palette features, improvements, breaking changes, and deprecations in this release. Refer to the Palette section for more details.

Automation

:::info

Check out the CLI Tools page to find the compatible version of the Palette CLI.

:::

Features

Improvements

  • The cluster resources of the Spectro Cloud Terraform provider now provide the update_worker_pools_in_parallel, which controls whether worker pool updates occur in parallel or sequentially.

Bug Fixes

  • Fixed an issue that caused the Spectro Cloud Terraform provider to incorrectly resolve private registry pack UID for during cluster profile creation, resulting in errors.

Docs and Education

  • The Spectro Cloud Ask AI bot is now configured to use a Model Context Protocol (MCP) server. You can integrate it with your IDEs and other AI tools to retrieve answers from the Spectro Cloud documentation site. Use the Ask AI widget and expand the Use MCP drop-down menu to get started.

Packs

Pack Name Layer Non-FIPS FIPS New Version
Argo CD Add-on 9.4.1
Azure Disk CSI 1.34.1
ECK Stack Add-on 0.18.0
ECK Operator Add-on 3.3.0
External Secrets Add-on 2.0.0
Flannel CNI 0.28.1
Karpenter Add-on 1.9.0
Kubernetes (GKE) Kubernetes 1.35
Longhorn CSI 1.10.1
Open Policy Agent Add-on 3.21.1

February 13, 2026 - Component Updates {#component-updates-2026-07}

The following components have been updated for Palette version 4.8.6 - 4.8.27.

Component Version
Spectro Cloud Terraform provider 0.28.0
Spectro Cloud Crossplane provider 0.28.0

Breaking Changes

  • The kubeconfig and adminKubeConfig fields are now marked as sensitive across the Spectro Cloud Crossplane provider cluster CRDs . These fields were previously exposed in the resource status and are now protected to prevent unintended access.

    Users who require kubeconfig access must explicitly configure writeConnectionSecretToRef on the managed resource to retrieve the connection details in a secure and controlled manner.

Improvements

  • Artifact Studio now implements AWS Key Management Service (AWS KMS) signing for image and artifact signatures. The public key file used for bundle verification has also been updated.
  • The spectrocloud_cluster_aws Terraform resource now provides the skip_k8s_upgrade configuration for machine pools. When enabled, the Kubernetes version upgrade for this worker pool will be skipped provided that it remains within the allowed N-3 version skew.

Bug Fixes

Packs

Pack Name Layer Non-FIPS FIPS New Version
Amazon EBS CSI CSI 1.55.0
Argo CD Add-on 9.3.7
AWS Application Loadbalancer Add-on 3.0.0
External Secrets Add-on 1.3.1
Harbor Add-on 1.18.1-rev1
Karpenter Add-on 1.8.6
Kubernetes (EKS) Kubernetes 1.35
Longhorn CSI 1.10.1
Nginx Add-on 1.14.3
Prometheus Agent Add-on 28.6.1
Prometheus Operator Add-on 81.3.1
Traefik Add-on 39.0.0

Bug Fixes

  • Fixed an issue where the Harbor Nginx service template did not honor the expose.http.enabled: false when expose.type: nodePort was set, resulting in the HTTP NodePort 30002 being created even when it was disabled.

February 6, 2026 - Component Updates {#component-updates-2026-06}

The following components have been updated for Palette version 4.8.6 - 4.8.27.

Component Version
Palette Management Appliance 4.8.27
VerteX Management Appliance 4.8.27

Packs

Pack Notes

Pack Name Layer Non-FIPS FIPS New Version
Amazon EFS CSI 2.3.0
Argo CD Add-on 9.3.4
Istio Add-on 1.28.3
MetalLB Add-on 0.15.3
Nginx Add-on 1.13.7
Palette eXtended Kubernetes Kubernetes 1.32.11
Palette eXtended Kubernetes - Edge Kubernetes 1.34.2
Palette Optimized RKE2 Kubernetes 1.34.2
Palette Optimized RKE2 Kubernetes 1.33.6
Palette Optimized RKE2 Kubernetes 1.32.10
Palette Optimized RKE2 Kubernetes 1.31.14
K3s Kubernetes 1.34.2
K3s Kubernetes 1.33.6
K3s Kubernetes 1.32.10
K3s Kubernetes 1.31.14

February 5, 2026 - Release 4.8.27

The following component updates are applicable to this release:

Improvements

January 30, 2026 - Release 4.8.25

The following component updates are applicable to this release:

Breaking Changes

  • The number of IP addresses allocated for autoscaling VMware vSphere clusters is now based on the Maximum size of the worker pool instead of the number of worker nodes currently deployed. This ensures enough IP addresses are reserved upfront for the maximum possible scale of the cluster. As a result, updates to existing VMware vSphere clusters may fail if the IP pool cannot accommodate the Maximum size, and enabling autoscaling on new clusters may fail if the IP capacity is insufficient.

Improvements

Bug Fixes

  • Fixed an issue where node groups in EKS clusters were configured with different Classless Inter-Domain Routing (CIDR) values in their launch templates.
  • Fixed an issue where Azure and GCP clusters using Kubernetes version 1.34.2 and later experienced Kubelet failures due to the upstream removal of the --cloud-config flag.
  • Fixed an issue where worker nodes in static AKS clusters were assigned IP addresses from the control plane subnet instead of worker subnet.
  • Fixed an issue where self-hosted Palette and Palette VerteX users with the Tenant Viewer role could access password reset links via the Palette API.
  • Fixed an issue where namespace-scoped RoleBindings could not be created in the Palette UI for clusters with Palette as an identity provider (IdP) and automatic role binding disabled.
  • Fixed a UI issue where pagination did not work when attempting to replace a cluster profile on a cluster.

January 30, 2026 - Component Updates {#component-updates-2026-05}

The following components have been updated for Palette version 4.8.6 - 4.8.24.

Component Version
Spectro Cloud Terraform provider 0.27.2
Spectro Cloud Crossplane provider 0.27.2

Packs

Pack Notes

  • The pack version 2.5.1 is now Verified and available in the Palette Registry.
Pack Name Layer Non-FIPS FIPS New Version
Antrea CNI 2.5.1
Argo CD Add-on 9.2.4
AWS Application Loadbalancer Add-on 2.17.1
Azure Disk CSI 1.34.0
Flannel CNI 0.28.0
Flux2 Add-on 2.17.0
Karpenter Add-on 1.8.5
Kong Add-on 3.0.2
Kubernetes (EKS) Kubernetes 1.34
Kubernetes (GKE) Kubernetes 1.34
Palette eXtended Kubernetes Kubernetes 1.34.2
Prometheus Agent Add-on 28.2.1
Prometheus Operator Add-on 80.13.3
Vault Add-on 0.32.0

January 23, 2026 - Component Updates {#component-updates-2026-04}

The following components have been updated for Palette version 4.8.6 - 4.8.24.

Component Version
Spectro Cloud Terraform provider 0.27.1
Spectro Cloud Crossplane provider 0.27.1
Palette Management Appliance 4.8.23
VerteX Management Appliance 4.8.23

Improvements

Bug Fixes

  • Fixed an issue that caused Terraform updates to fail on EKS clusters configured with Karpenter managed machine pools.

Packs

Pack Notes

  • The pack version 7.14.0 now provides Custom access mode. This mode allows you to provide custom networking values.
Pack Name Layer Non-FIPS FIPS New Version
Argo CD Add-on 9.2.0
Amazon EBS CSI CSI 1.54.0
Amazon EFS CSI 3.3.0
Calico CNI 3.31.3
Calico Network Policy Add-on 3.31.3
External DNS Add-on 1.20.0
External Secrets Add-on 1.2.1
GCE Persistent Disk CSI CSI 1.23.3
Karpenter Add-on 1.8.3
Kong Add-on 3.0.1
Kubernetes Dashboard Add-on 7.14.0
RKE2 Kubernetes 1.33.6
RKE2 Kubernetes 1.32.10
RKE2 Kubernetes 1.31.14
Prometheus Agent Add-on 27.52.0
Prometheus Operator Add-on 80.6.0

January 23, 2026 - Release 4.8.24

The following component updates are applicable to this release:

Bug Fixes

  • Fixed an issued the caused the /clusterprofiles API endpoint to respond slowly.

January 21, 2026 - Release 4.8.23

The following component updates are applicable to this release:

Bug Fixes

  • Fixed an issue that prevented cluster role bindings configured with the Group subject type from being correctly applied.
  • Fixed an issue that prevented the Virtual Machines tab on clusters configured with the Virtual Machine Orchestrator from displaying correctly.
  • Fixed an issue that prevented cluster profile versions from being displayed correctly on the Profile tab of Palette clusters.
  • Fixed an issue that prevented Palette from correctly loading the Events tab on Edge hosts when the Tenant Admin scope is selected.

January 19, 2026 - Release 4.8.22

The following component updates are applicable to this release:

Features

Bug Fixes

  • Fixed an issue that caused Palette deployments and cluster updates to become stuck due to incorrectly configured default resource limits.

January 18, 2026 - Release 4.8.21 {#release-notes-4.8.a}

The following component updates are applicable to this release:

Security Notices

Palette Enterprise {#palette-enterprise-4.8.a}

Breaking Changes {#breaking-changes-4.8.a}

  • Users with the cluster.delete permission are no longer allowed to download the cluster admin kubeconfig file. This operation is now controlled using the cluster.adminKubeconfigDownload permission, giving system administrators fine-grained control over cluster admin access.

    The cluster.adminKubeconfigDownload permission is part of the following system roles:

    Existing users with system roles that include the cluster.delete permission automatically receive the new cluster.adminKubeconfigDownload permission. System administrators must grant the new permission manually to existing users granted access through custom roles.

Features

  • Cluster templates provide a new way to enforce consistent configurations and prevent drift across multiple clusters. With cluster templates, you define and enforce the desired state and lifecycle of clusters by combining cluster profiles with operational policies into a single, reusable governance blueprint, allowing you to deploy, manage, and upgrade a synchronized fleet of clusters with minimal effort. Refer to our Cluster Templates guide for more information.
  • Worker node pools now support configuring custom maxSurge and maxUnavailable values for rolling updates, offering more flexibility in managing cluster capacity during updates.
  • Zarf OCI registries now support synchronization, allowing public Zarf packages to be automatically imported into Palette. This setting is only available for new OCI registries and is disabled by default on existing registries. This setting is immutable and cannot be changed once the OCI registry is added to Palette.
  • Clusters now support using either the built-in Palette integrated cert-manager feature or the Cert Manager 1.19.1 add-on pack. This provides a more flexible and modular approach to certificate management.

Improvements

  • You can now add OCI Helm registries that do not require authentication to Palette. This allows you to leverage publicly available OCI Helm Charts in your cluster profiles. Refer to the Add OCI Helm Registry guide to learn more.
  • CloudStack Clusters now support the template names for machine image configuration, allowing users to customize machine images for individual node pools, similar to how Amazon EKS clusters handle AMI selections.
  • All infrastructure providers now support adding annotations to either control plane or worker nodes (infrastructure dependent), allowing system administrators to provide node-level customization.
  • All infrastructure providers now support kubeadm overrides for worker node pools, allowing workloads to meet specific operational or environmental requirements.
  • Velero has been upgraded to version 1.17, which is used internally by Palette for backing up and restoring clusters. Existing clusters with backups configured will be automatically updated to Velero version 1.17, ensuring continuous access to backup and restore functionality. Refer to the Backup and Restore page to learn more about backup and restore tools in Palette.
  • Palette's internal database, MongoDB, has been upgraded to version 7.0.28.
  • The nginx.ingress.kubernetes.io/proxy-body-size field allows you to configure the request body size limit of the Nginx ingress controller deployed by Palette.

Bug Fixes

  • Fixed an issue that caused the Palette API to fail to update the metadata.machineUid field after nodes are repaved during Kubernetes upgrades.
  • Fixed an issue that caused Palette to fail to update the controlPlaneEndpoint field when applying updates on MAAS clusters.
  • Fixed an issue that prevented Palette from removing cert-renewal-plan resources that are no longer required for automatic resource upgrades.
  • Fixed an issue that caused deployment failures for EKS clusters with both ImageSwap enabled and the .
  • Fixed an issue that prevented Palette from correctly assigning users to teams if the team was not listed on the first page in Users & Teams > Teams.
  • Fixed an issue that prevented Palette from correctly applying configuration updates specified in manifest files for ally and palette-controller-manager resources on newly created clusters.
  • Fixed an issue that prevented Palette from masking API responses containing cloud account fields.
  • Fixed an issue that prevented AKS clusters with static placement from deploying with custom VNets.
  • Fixed an issue where cluster profile changes were intermittently not propagated to workload clusters due to a race condition in the image resolution process.
  • The image imageswap-init:v1.5.3-spectro-4.7.a was recreated due to a missing dependency.

Edge

:::info

The CanvOS version corresponding to the 4.8.21 Palette release is 4.8.8.

:::

Features

  • Local UI now supports network settings configuration without needing to restart the cluster. You can configure network interface controllers (NICs), virtual local area network (VLAN) interfaces, bonds, and bridges. Refer to the Configure Network Interfaces in Local UI for more information.
  • The EdgeForge workflow now enables the creation of MAAS-compatible images. Refer to Build MAAS Image to learn how to create custom MAAS images for Palette Edge and Deploy Edge Hosts on MAAS for step-by-step instructions on uploading images to MAAS and deploying Edge hosts using the MAAS UI.
  • The EdgeForge workflow now supports the creation of images that support Edge cluster deployment on Amazon EC2. The aws-cloud-image target takes a CanvOS raw disk image and imports it into AWS, creating and registering an Amazon Machine Image (AMI) that can be used to launch EC2 instances. Refer to the Build AWS Cloud Images guide for further information.

Improvements

  • Trusted Boot has exited Tech Preview and is now ready for production workloads.
  • The versions 1.32.8 and 1.33.3 have been updated to use etcd as the datastore, replacing k8s-dqlite.
  • The Edge Terminal User Interface (TUI) has been upgraded to Kairos version 3.5.9. The TUI now allows you to customize the color scheme and disable advanced settings, such as user accounts and SSH keys.
  • Graphics Processing Unit (GPU) specifications for Edge hosts can now be retrieved for non-Nvidia devices and devices without the nvidia-smi command-line interface (CLI) installed. Palette automatically displays GPU information for Edge hosts with certain GPU vendor-model combinations; for other GPUs, Palette sources the information using the vendor-specific driver or CLI installed on the Edge host. If GPU information cannot be pulled automatically, users can provide GPU information manually via the user-data file (Appliance and Agent mode) or with a custom-hardware-specs-lookup.json file (Appliance mode only). Refer to Prepare User Data and Argument Files for more information.
  • A new FORCE_INTERACTIVE_INSTALL flag has been added to the .arg file. When enabled, the Palette Edge Interactive Installer is selected by default in the GRUB menu on first boot, allowing manual disk selection for ISO-based installations.

Deprecations and Removals

  • The stylus.installationMode Edge Installer Configuration flag is no longer available. Use the stylus.managementMode flag instead, which has two allowed values: central, which means the Edge host is connected to Palette, and local, which means the Edge host has no connection to a Palette instance. Refer to the Prepare User Data guide for further information.

Bug Fixes

  • Fixed an issue that caused Local UI to display a Running status while pack updates were still being applied.
  • Fixed an issue that caused some CoreDNS pods to enter the CrashLoopBackOff state on Edge clusters whose hosts run Ubuntu 24.04 with a Unified Kernel Image (UKI).
  • Fixed an issue that caused stale User Data Protocol (UDP) sessions to appear in the conntrack table on Edge hosts that have been disconnected and reconnected from the Local Area Network (LAN) cable.
  • Fixed an issue that caused Edge reset operations to fail on nodes whose COS_PERSISTENT partition is LUKS-encrypted.

VerteX

Features

Virtual Machine Orchestrator (VMO)

Improvements

  • The KubeVirt version has been upgraded to v1.7. Other components of the VMO pack have also been upgraded, enhancing system reliability and security.
  • The Virtual Machine Orchestrator (VMO) now supports the persistent EFI parameter, enhancing support for airgapped use cases. Previously, VM creation only supported Secure Boot under bootloader.efi and omitted persistent.

Bug Fixes

  • Fixed an issue that caused VM migration to fail due to Missing smm: true errors on VMs with secure boot enabled.

Automation

:::info

Check out the CLI Tools page to find the compatible version of the Palette CLI.

:::

Features

Improvements

  • Palette CLI version 4.8.5 now includes the --acknowledge-banner flag on the login command, allowing CI/CD environments to skip manual banner acceptance.
  • The cluster resources of the Spectro Cloud Terraform provider now support configuring additional annotations and labels, as well machine pool update strategies. Additionally, the cluster resources now support time zone configuration, ensuring that maintenance tasks like upgrades execute at the appropriate local time for the cluster.
  • The spectrocloud_registry_oci resource now includes the wait_for_sync field, allowing you to wait for the OCI registry to complete its initial synchronization before marking the resource as created or updated. This operation is supported for Zarf and Helm registries.

Packs

Pack Notes

  • version 1.34 now supports the configuration of pod CIDR and service ClusterIP ranges.
Pack Name Layer Non-FIPS FIPS New Version
Amazon EBS CSI CSI 1.53.0
AWS Application Loadbalancer Add-on 2.17.0
AWS Cluster Autoscaler Add-on 1.35.0
Argo CD CSI 9.1.7
Argo CD CSI 9.1.6
Argo CD CSI 9.1.4
Calico CNI 3.31.3
Cert Manager Add-on 1.19.1
Cilium CNI 1.18.4
Crossplane Add-on 2.1.1
External DNS Add-on 0.19.0
External Secrets Add-on 1.2.0
External Secrets Add-on 1.1.1
Flux2 Add-on 2.17.2
GCE Persistent Disk CSI CSI 1.22.5
Istio Add-on 1.28.2
Karpenter Add-on 1.8.3
Kubernetes (AKS) Kubernetes 1.34
Local Path Provisioner CSI 0.0.32
Reloader Add-on 1.4.12
Reloader Add-on 1.4.11
Nginx Add-on 1.14.1
Palette eXtended Kubernetes - Edge Kubernetes 1.33.6
Palette eXtended Kubernetes - Edge Kubernetes 1.32.10
Palette eXtended Kubernetes - Edge Kubernetes 1.31.14
Prometheus Agent Add-on 27.51.0
Prometheus Operator Add-on 80.4.2
Zot Registry Add-on 0.1.89-rev1

Deprecations and Removals

  • pack versions 1.1.0, 1.7.1, and 1.9.1 are now deprecated. Upgrade your workloads to use Cert Manager pack version 1.19.1 or later.
  • The and packs are now deprecated. This is due to the archiving of upstream projects.

December 30, 2025 - Release 4.8.16

The following component updates are applicable to this release:

Improvements

  • The process of deploying AWS EKS clusters using has been streamlined. Users no longer need to disable the kube-proxy and aws-node DaemonSets or update the charts.cilium.k8sServiceHost parameter during deployment. Refer to Create and Manage AWS EKS Cluster for the updated deployment process.
  • Two subnets can now be configured for MAAS LXD workload clusters using the Kubernetes layer of your MAAS cluster profile. One subnet is designed for the preboot execution environment (PXE), which is used for the initial booting and provisioning of LXD virtual machines. The other subnet is used to configure static IP addresses for workload traffic. Refer to Create and Manage MAAS Clusters Using LXD VMs for more information.

Bug Fixes

  • Fixed an issue where cluster profile updates were not applied to clusters until restarting the cluster-management-agent pod.
  • Fixed an issue where CoreDNS entered a crash loop after node reboots in Rocky Linux RKE2 FIPS clusters.
  • Fixed a compatibility issue between the and packs.

Packs

Pack Notes

  • pack version 1.33 is now available. Due to a known issue, if configuring Palette as your Identity Provider (IdP), you must add identityProviderConfigName: "eks-oidc" to the Kubernetes layer of your cluster profile.

    managedControlPlane:
  oidcIdentityProvider:
    identityProviderConfigName: "eks-oidc"

December 19, 2025 - Component Updates {#component-updates-2025-51}

The following components have been updated for Palette version 4.8.6 - 4.8.12.

Component Version
Spectro Cloud Terraform provider 0.26.2
Spectro Cloud Crossplane provider 0.26.2
Palette Management Appliance 4.8.12
VerteX Management Appliance 4.8.12

Bug Fixes

  • Fixed an issue that caused duplicate cluster packs errors to appear when Terraform spectrocloud_cluster_profile updates triggered API validation errors.

Packs

Pack Notes

  • pack version 1.18.1 now supports configuring HTTP access. Refer to the pack tab for further information.

  • Users can now use Ubuntu 22.04 on VMware, Azure, and MAAS clusters using the FIPS pack version 1.33.5.

Pack Name Layer Non-FIPS FIPS New Version
Calico CNI 3.31.2
Harbor Add-on 1.18.1
Istio Add-on 1.28.1
Kong Add-on 3.0.0
Prometheus Agent Add-on 27.49.0
Prometheus Operator Add-on 79.11.0
Spectro Kubernetes Dashboard Add-on 7.13.0
Ubuntu (Azure) OS 22.04
Ubuntu (MAAS) OS 22.04
Ubuntu (vSphere) OS 22.04

December 17, 2025 - Release 4.8.12

The following component updates are applicable to this release:

Features

  • The Spectro Cloud Terraform provider and Spectro Cloud Crossplane provider now support CloudStack.

    • The spectrocloud_cloudaccount_apache_cloudstack data source supports the creation of CloudStack cloud accounts.
    • The spectrocloud_cluster_apache_cloudstack resource supports configuration and deployment of CloudStack clusters.

Improvements

  • The default timeout of Local UI JWT tokens has been reduced to 15 minutes. Additionally, tokens are now revoked upon log out.
  • The dependencies of the imageswap and imageswap-init Palette images were updated to the latest versions, ensuring that they have the latest security patches. Additionally, the ubuntu-systemd image has been removed from Palette.
  • The performance of the /clusterprofiles Palette API endpoint has been improved.

Bug Fixes

  • Fixed an issue that caused EKS clusters to fail to provision due to missing retry logic for trust policy ConfigMaps.
  • Fixed an issue that caused Day-2 operations to fail on Palette Edge clusters configured with external provider registries in the pack.
  • Fixed an issue that caused add-on deployments provisioned through the Spectro Cloud Crossplane provider to remain in an unrecoverable, unhealthy state following a deployment error, even after fixing the root cause.
  • Fixed an issue that prevented the pack from being available to CloudStack clusters.
  • Fixed an issue that prevented agent mode from retaining network configurations after boot.
  • Fixed an issue that caused an incorrect version of the palette-agent image to be referenced by the Palette ally service.
  • Fixed an issue that prevented the Delete action from correctly displaying for cluster templates in the Palette UI.
  • Fixed an issue that caused the CloudStack PCG type to appear under Tenant Settings even though it was disabled using a system administration feature flag.

Packs

Pack Notes

  • The following packs support CloudStack deployment:
    • Ubuntu 24.04
    • Palette eXtended Kubernetes versions 1.31.14, 1.32.10, and 1.33.6
    • Calico 3.30.3-rev1
    • CloudStack CSI 2.5.0
Pack Name Layer Non-FIPS FIPS New Version
Azure Disk Storage 1.33.7
External Secrets Operator Add-on 1.1.0
GCE Persistent Disk CSI Storage 1.22.4
Nvidia GPU Operator Add-on 25.10.1
Palette eXtended Kubernetes Kubernetes 1.33.6
Palette eXtended Kubernetes Kubernetes 1.32.10
Palette eXtended Kubernetes Kubernetes 1.31.14
Prometheus Agent Add-on 27.47.0
Prometheus Operator Add-on 79.8.2
Volume Snapshot Controller Add-on 8.4.0
vSphere CSI Storage 3.6.0

December 12, 2025 - Component Updates {#component-updates-2025-50}

The following components have been updated for Palette version 4.8.6 - 4.8.9.

Component Version
Palette Management Appliance 4.8.10
VerteX Management Appliance 4.8.10

Review the active known issues that affect this component update on the Known Issues page.

Bug Fixes

  • Fixed an issue that caused stylus to incorrectly map some image references.

December 5, 2025 - Component Updates {#component-updates-2025-49}

The following components have been updated for Palette version 4.8.6 - 4.8.9.

Improvements

Packs

Pack Notes

  • The pack now supports the overlay networking model using the Overlay preset.
  • The pack now supports the configuration of custom service CIDRs. Refer to the pack tab for further information.
  • The pack now supports the configuration of custom pod CIDRs. Refer to the pack tab for further information.
Pack Name Layer Non-FIPS FIPS New Version
Amazon EFS Add-on 2.1.15
AWS Application Loadbalancer Add-on 2.16.0
AWS VPC CNI Add-on 1.20.4
Azure Disk CSI 1.33.6
Calico CNI 3.31.2
Calico Network Policy Add-on 3.31.2
KAI Scheduler Add-on 0.10.0
KubeRay Operator Add-on 1.5.1
Open Policy Agent Add-on 3.21.0
Prometheus Agent Add-on 27.45.0
Prometheus Operator Add-on 79.5.0
Ubuntu (GCP) OS 24.04
Zot Registry Add-on 0.1.89

December 5, 2025 - Release 4.8.9

The following component updates are applicable to this release:

Bug Fixes

  • Fixed an issue that caused Palette's cluster-management-agent service to continually restart on data center clusters due to a duplicate CloudStack cloud type introduced by Palette 4.8.6.

November 28, 2025 - Component Updates {#component-updates-2025-48}

The following components have been updated for Palette version 4.8.6 - 4.8.8.

Packs

Pack Name Layer Non-FIPS FIPS New Version
Amazon EFS CSI 2.1.14
Argo CD CSI 9.1.0
External Secrets Operator Add-on 1.0.0
GCE Persistent Disk CSI CSI 1.21.0
GCE Persistent Disk CSI CSI 1.20.2
Istio Add-on 1.28.0
Karpenter Add-on 1.8.2
Nginx Add-on 1.14.0
Piraeus Operator CSI 2.10.1

November 26, 2025 - Release 4.8.8

The following component updates are applicable to this release:

Improvements

Bug Fixes

  • Fixed an issue that caused errors with the internal MongoDB database when upgrading the self-hosted Palette or VerteX installation from 4.7.29 to 4.8.6.
  • Fixed an issue that prevented Edge cluster events from being displayed in the Palette Events tab.
  • Fixed an issue that caused VerteX 4.8.6 to fail to install due to crashing LINSTOR pods.
  • Fixed an issue that caused a duplicate CloudStack cloud type to appear in the custom cloud types API endpoint after upgrading Palette to 4.8.6, resulting in API and validation conflicts.

November 22, 2025 - Release 4.8.0 - 4.8.6 {#release-notes-4.8.0}

The following component updates are applicable to this release:

Security Notices

Palette Enterprise {#palette-enterprise-4.8.0}

Breaking Changes {#breaking-changes-4.8.0}

Features

  • EKS Pod Identity is now a supported authentication method for AWS cloud accounts. This secure authentication mechanism allows Kubernetes pods to assume IAM roles with temporary, automatically refreshed credentials, eliminating the need for long-lived AWS credentials.

    This method is only available for self-hosted Palette and Palette VerteX instances deployed on Amazon EKS clusters. Refer to the Add AWS Accounts guide for more information.

  • Cluster profile variables now support the multiline input type and the Base64 format. This improvement allows users to leverage cluster profile variables for use cases such as saving multiline YAML specifications and storing encoded keys for use during cluster creation.

Improvements

  • Project tags are now displayed in the Project Overview page and the Tenant Admin > Projects page in Palette. This improvement allows users to identify projects based on their tags. Refer to the Project Tags section for more information.

  • Palette now provides the ability to upgrade the vCluster version of your virtual clusters, allowing you to leverage newly introduced features without having to create new cluster groups or migrate workloads. Refer to the Upgrade Cluster Groups guide for further information.

  • Palette has now implemented a mechanism for evacuating and migrating the control planes for MAAS clusters using LXD VMs, reducing high-availability risks during host repaves. This improvement is critical for Day-2 lifecycle operations such as upgrades or repaves.

  • The Palette Management Appliance and VerteX Management Appliance now include the latest Terminal User Interface (TUI). For more details, refer to Initial Edge Host Configuration with Palette TUI.

  • Certificate renewal for clusters provisioned using and can now be triggered externally from Kubernetes. This is applicable for both Edge and public cloud clusters.

Bug Fixes

  • Fixed an issue that caused Palette UI errors related to YAML marshalling when accepting cluster profile updates for cluster profiles configured using the pack.

  • Fixed an issue that prevented ipclaim resources from being deleted when repaving VMware clusters.

  • Fixed an issue that prevented the Palette UI from displaying metrics for EKS clusters due to incorrect security group rules.

  • Fixed an issue that prevented rotated IAM keys in AWS cloud accounts from being updated on deployed AWS clusters.

Edge

:::info

The CanvOS version corresponding to the 4.8.6 Palette release is 4.8.1.

:::

Improvements

  • The Terminal User Interface (TUI) is now always enabled and features a new landing page that displays system information. It also adds support for configuring Virtual Local Area Networks (VLANs). The stylus.includeTui flag in user-data has been deprecated as a result of these changes. For more details, refer to Initial Edge Host Configuration with Palette TUI.

  • CanvOS now provides support for FIPS-compiled Ubuntu 22.04. This is important for users who want to enforce FIPS 140-3 compliance.

Bug Fixes

  • Fixed an issue that caused pack reconciliation to fail in locally managed Edge clusters provisioned with cluster profiles containing duplicate packs.

VerteX

Features

  • Includes all Palette features, improvements, breaking changes, and deprecations in this release. Refer to the Palette section for more details.

Automation

:::info

Check out the CLI Tools page to find the compatible version of the Palette CLI.

:::

Features

Bug Fixes

Docs and Education

  • The new Find Breaking Changes for Palette Upgrades page contains an interactive component that allows users to list breaking changes between two Palette releases. Use it as guidance for upgrading dedicated SaaS or self-hosted Palette and Palette VerteX installations.

Packs

Deprecations and Removals

Pack Notes

  • The pack version 1.0.1 now supports CPU, memory, and storage resource quota specifications.
Pack Name Layer Non-FIPS FIPS New Version
Amazon EBS CSI CSI 1.51.0
Calico CNI 3.31.0
Crossplane Add-on 2.0.1
External Secrets Operator Add-on 0.20.4
Flux2 Add-on 2.17.1
Kgateway Add-on 2.2.1
Prometheus Agent Add-on 27.42.1
Prometheus - Grafana Add-on 79.0.1
Reloader Add-on 1.4.10
Spectro RBAC Add-on 1.0.1
Ubuntu (Azure) OS 24.04
Ubuntu (vSphere) OS 24.04