Skip to main content

Release Notes

tip

Are you looking for the release notes for a specific version of Palette? Use the version selector below to navigate to the release notes of the desired version.

Select...

August 16, 2025 - Release 4.7.X

Security Notices

Palette Enterprise

Breaking Changes

  • Availability zones are now required when creating MAAS node pools.
    • For MAAS clusters deployed prior to Palette version 4.7.a, selecting an availability zone is required when creating a new node pool; however, selecting an availability zone is not required when modifying an existing node pool, as modifying availability zones post-cluster deployment will trigger a node pool repave.
    • For MAAS clusters deployed prior to 4.7.a, we recommend creating a new node pool with an availability zone selected and migrating existing workloads to the new node pool when convenient. For guidance on migrating workloads, refer to the Taints and Tolerations guide.

Features

  • Amazon EKS node customization is now supported for custom AMIs, such as Amazon Linux 2 (AL2) and Amazon Linux 2023 (AL2023). This feature allows you to provide pre- and post-kubeadm commands for AL2, and provide user data customization in the form of shell scripts for AL2023. This functionality is provided through the Kubernetes EKS pack.

    Refer to the Node Customization section of the Kubernetes EKS pack for configurable options available for these AMIs. For general guidance on deploying EKS clusters, refer to the Create and Manage AWS EKS Cluster guide.

Improvements

  • Nodes provisioned through Karpenter are now visible in Palette and supported for read-only operations, such as billing and monitoring. However, Day-2 operations are not supported.

Deprecations and Removals

Edge

Features

Improvements

Bug Fixes

VerteX

Features

  • Includes all Palette features, improvements, breaking changes, and deprecations in this release. Refer to the Palette section for more details.

Automation

info

Check out the CLI Tools page to find the compatible version of the Palette CLI.

Features

Improvements

Docs and Education

Packs

Pack Notes

OS

Pack NameNew Version

Kubernetes

Pack NameNew Version

CNI

Pack NameNew Version

CSI

Pack NameNew Version

Add-on Packs

Pack NameNew Version

FIPS Packs

Pack NameNew Version

Deprecations and Removals

August 4, 2025 - Release 4.7.8

Bug Fixes

  • Fixed an issue that caused EKS clusters using custom AMI images to be stuck in the Provisioning status.
  • Fixed an issue that prevented Palette from honoring the cluster.kubevipArgs.vip_ddns value on clusters that use kube-vip to provide a virtual IP address for Edge clusters. Refer to the Publish Cluster Services with Kube-vip guide for further information.

July 31, 2025 - Release 4.7.7

Improvements

Bug Fixes

  • Fixed an issue that caused certificates added through the Registry Connect pack to be incorrectly added on Edge clusters.
  • Fixed an issue that caused registry mapping rules to be incorrectly applied for registries configured using the Registry Connect pack.
  • Fixed an issue that caused masked cluster profile variable values to be displayed as plain text in Edge Management API calls.

July 23, 2025 - Release 4.7.4

Bug Fixes

  • Fixed an issue where the Palette agent failed to start when using a MAAS PCG with the maas-preferred-subnet ConfigMap.

July 19, 2025 - Release 4.7.0 - 4.7.3

Security Notices

Palette Enterprise

Breaking Changes

  • The log fetcher API endpoints now only support creating and retrieving logs from the following log paths:

    • /var/log
    • /var/log/syslog
    • /var/log/cloud-init

    All other log paths are now unsupported.

    In addition, log downloads are only permitted from the following namespaces:

    • kube-system
    • cluster-<cluster-uid>

  • The Palette UI now supports the configuration of custom Amazon Linux 2023 (AL2023) and Amazon Linux 2 (AL2) AMIs for AWS EKS nodes. Previously, default AMI types were configured using node labels. EKS clusters previously deployed with Enable Nodepool Customization enabled and AMI node labels will be repaved upon upgrading to version 4.7.3. AWS EKS clusters that did not specify an AMI type will now use AL2_X86_64 by default. Refer to the Create and Manage AWS EKS Cluster guide for the updated configuration process.

Features

  • Technical preview feature badgeTechnical preview feature badge The Palette Management Appliance is a new method to install self-hosted Palette in your infrastructure environment. It provides a simple and efficient way to deploy Palette using an ISO file. The Palette Management Appliance is available for VMware, Bare Metal, and Machine as a Service (MAAS) environments.

  • Technical preview feature badgeTechnical preview feature badge The Artifact Studio is a new platform for obtaining bundles, packs, and installers relating to Palette Enterprise and Palette VerteX. It provides a single source for these artifacts, which you can download and then upload to your registries.

  • Self-hosted Palette now supports the configuration of a classification banner. System administrators can set the banner text and color through the system console. Refer to the Banners guide for further guidance.

  • All ZST bundles, ISO files, and images in Spectro Cloud-owned registries are now signed using Cosign, ensuring artifacts are traceable, tamper-evident, and aligned with modern compliance frameworks. Generated keys use the FIPS-compliant ECDSA-P256 cryptographic algorithm for the signature and SHA256 for hashes; keys are stored in PEM-encoded PKCS8 format. Refer to the Artifact Signatures guide for further information.

Improvements

  • Palette now supports Azure Entra ID authentication for Azure Blob Storage for Azure IaaS and AKS cluster provisioning. Palette still uses Shared Access Signature (SAS) by default, but if your Azure environment has restrictions that block SAS, Entra ID is automatically used instead.

    To enable this feature, the following DataActions have been added to the dynamic and static Azure IaaS permission sets:

    • Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read
    • Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write

    These additional permissions are not required for AKS. Refer to the Required Permissions guide for all required permissions.

Bug Fixes

  • Fixed an issue that caused the certificate renewal job to fail once clusters provisioned with Kubernetes 1.28 or older are updated to Kubernetes 1.29.
  • Fixed an issue that caused resource reconciliation to fail when deleting a pack whose resources have already been removed.
  • Fixed an issue that restricted cluster tags from containing numbers, spaces, and the following special characters: _, ., :, /, =, +, -, and @.
  • Fixed an issue that caused cluster health events to be incorrectly reported in Palette after partial broker service outages.

Edge

info

The CanvOS version corresponding to the 4.7.3 Palette release is 4.7.2.

Improvements

  • Palette now provides enhanced support for upgrades to Palette Optimized Canonical. This improvement ensures successful upgrades between minor and patch versions on connected and airgapped Edge clusters.
  • Remote shell temporary user credentials and the remote shell tunnel are now removed after 24 hours of inactivity. The removal of inactive tunnels and credentials reduces the risk of unauthorized access and helps maintain an efficient system.
  • The Palette UI now partially obfuscates Edge host registration tokens. Users must manually reveal the full token using a toggle.
  • Edge Management API has now exited Tech Preview and is ready for production workloads.
  • Cluster Definition has now exited Tech Preview and is ready for production workloads.

Bug Fixes

  • Fixed an issue that prevented Edge clusters with multi-hyphen Helm chart names from provisioning.
  • Fixed an issue that caused the containerd sync job to perform unnecessary file copying and I/O operations on disconnected Edge clusters.
  • Fixed an issue that caused API calls to add Edge cluster nodes to fail.
  • Fixed an issue that caused proxy certificates to be incorrectly shown in Local UI.
  • Fixed an issue that caused the connection configuration validation in the Palette UI to fail for certain valid endpoints and registration tokens.
  • Fixed an issue that caused commands to the API delete endpoint to reset Edge hosts actively being provisioned to an Edge cluster.
  • Fixed an issue that caused the /usr/local directory on Edge nodes to be repeatedly resized.
  • Fixed an issue that prevented new certificates from being reconciled in clusters provisioned with a certificate that has recently expired.
  • Fixed an issue that prevented the migration of resources from the system-upgrade namespace to the system-upgrade-<cluster-uid> namespace.
  • Fixed an issue that caused Palette to incorrectly report the status of successfully installed packs.
  • Fixed an issue that caused pods related to agent mode cluster upgrades to get stuck in a Terminating state.
  • Fixed an issue that caused Palette to incorrectly report certificate errors on Edge clusters.
  • Fixed an issue that caused continuous retries on malformed bundles during the deployment of Edge clusters instead of initializing a fresh pack download.
  • Fixed an issue that caused Kube-vip arguments to be incorrectly reconciled after cluster creation.

VerteX

Features

  • Technical preview feature badgeTechnical preview feature badge The VerteX Management Appliance is a new method to install Palette VerteX in your infrastructure environment. It provides a simple and efficient way to deploy Palette VerteX using an ISO file. The VerteX Management Appliance is available for VMware, Bare Metal, and Machine as a Service (MAAS) environments. Refer to the VerteX Management Appliance guide for further information.

  • The Artifact Studio is a new platform for obtaining bundles, packs, and installers relating to Palette Enterprise and Palette VerteX. It provides a single source for these artifacts, which you can download and then upload to your registries. Refer to the Artifact Studio guide for further information.

  • The Zot registry is now supported as a primary registry for clusters managed by VerteX. Refer to Deploy Cluster with a Primary Registry for more information.

  • Includes all Palette features, improvements, breaking changes, and deprecations in this release. Refer to the Palette section for more details.

Automation

info

Check out the CLI Tools page to find the compatible version of the Palette CLI.

Breaking Changes

Features

  • The content build command of the Palette CLI now includes the --exclude-profiles flag. This flag allows you to exclude content such as images, charts, or raw files present in the listed profiles from the generated content bundle. Additionally, content bundles are now saved to the <current-directory>/output/content-bundle/ directory by default; you can override this location by using the --output flag. Refer to the Content command reference page for further information.
  • Terraform version 0.23.8 of the Spectro Cloud Terraform provider is available. For more details, refer to the Terraform provider release page.
  • Crossplane version 0.23.9 of the Spectro Cloud Crossplane provider is available. The provider now includes support for public cloud, VMware, and Canonical MAAS clusters.

Improvements

  • The Terraform resource spectrocloud_macros now supports the terraform import command. For more information, refer to the Spectro Cloud Terraform provider documentation.
  • The Terraform resource spectrocloud_cluster_profile now resolves the pack_uid based on the registry_uid, tag, and name fields. For more information, refer to the Spectro Cloud Terraform provider documentation.

Bug Fixes

Virtual Machine Orchestrator (VMO)

Improvements

  • Configuration adjustments have been made to improve the compatibility of the Virtual Machine Orchestrator with self-hosted Palette installations. This includes the ability to configure a private CA certificate for secure communication. Refer to the Configure Private CA Certificate guide for more details.

  • The KubeVirt version in use is now v1.5.0. Other components of the VMO pack have also been upgraded, enhancing system reliability and security.

Packs

Pack Notes

  • Palette VerteX now supports Zot OCI-native container image registries through the Zot Registry pack.

Kubernetes

Pack NameNew Version
Palette Optimized Canonical1.33.0
Palette Optimized K3s1.33.1
Palette Optimized K3s1.32.4
Palette Optimized K3s1.31.8
Palette Optimized K3s1.30.12
Palette eXtended Kubernetes1.32.4
Palette eXtended Kubernetes1.31.8
Palette eXtended Kubernetes1.30.12
Palette eXtended Kubernetes Edge (PXK-E)1.33.1
Palette eXtended Kubernetes Edge (PXK-E)1.32.4
Palette eXtended Kubernetes Edge (PXK-E)1.31.8
Palette eXtended Kubernetes Edge (PXK-E)1.30.12
Palette Optimized RKE21.33.1
Palette Optimized RKE21.32.4
Palette Optimized RKE21.31.8
Palette Optimized RKE21.30.12
RKE21.32.7
RKE21.31.8
RKE21.30.12

CNI

Pack NameNew Version
AWS VPC CNI (Helm)1.19.5
Calico3.30.1
Calico (Azure)3.30.1
Calico (FIPS)3.30.1
Cilium1.17.4
Cilium1.16.10
Flannel0.27.0
Flannel0.26.7

CSI

Pack NameNew Version
Amazon EBS CSI1.43.0
Amazon EFS2.1.7
Amazon EFS2.1.8
Longhorn1.8.1
Piraeus Operator2.8.1
Portworx3.3.1
vSphere CSI3.4.0

Add-on Packs

Pack NameNew Version
AWS Application Loadbalancer2.13.2
Amazon EFS2.1.7
Amazon EFS2.1.8
Argo CD8.0.1
Argo CD7.9.0
ExternalDNS0.16.1
External Secrets Operator0.17.0
Istio1.26.0
Istio1.25.1
Kong2.48.0
MetalLB0.15.2
Nginx1.12.2
Open Policy Agent3.18.3
Open Observe0.14.7
Open Telemetry0.127.0
PostgreSQL1.22.1
Reloader1.4.2
Vault0.30.0

FIPS Packs

Pack NameNew Version
AWS VPC CNI (Helm)1.19.5
Calico3.30.1
Calico (FIPS)3.30.1
Cilium1.17.4
Palette eXtended Kubernetes1.32.4
Palette eXtended Kubernetes1.31.8
Palette eXtended Kubernetes1.30.12
Palette eXtended Kubernetes Edge (PXK-E)1.33.1
Palette eXtended Kubernetes Edge (PXK-E)1.32.4
Palette eXtended Kubernetes Edge (PXK-E)1.31.8
Palette eXtended Kubernetes Edge (PXK-E)1.30.12
Palette Optimized RKE21.33.1
Palette Optimized RKE21.32.4
Palette Optimized RKE21.31.8
Palette Optimized RKE21.30.12
Piraeus Operator2.8.1
RKE21.32.7
RKE21.31.8
RKE21.30.12
vSphere CSI3.4.0