Skip to main content

Release Notes

tip

Are you looking for the release notes for a specific version of Palette? Use the version selector below to navigate to the release notes of the desired version.

Select...

September 1, 2025 - Release 4.7.16

Bug Fixes

  • Fixed an issue where Azure IaaS clusters configured with fullyPrivateAddressing failed to deploy.

August 21, 2025 - Release 4.7.15

Bug Fixes

  • Fixed an issue that prevented HTTP-Proxies from being correctly applied when configured in Local UI prior to cluster creation.
  • Fixed an issue that prevented certain hubble-system pods from being scheduled when upgrading self-hosted Palette and VerteX VMware vSphere installations from 4.6.x to 4.7.x.
  • Fixed an issue that caused the Palette Terminal User Interface (TUI) on Edge hosts to restart after entering DNS Configuration details.
  • Fixed a UI issue where the Virtual Machine Dashboard Connect button disappeared for Virtual Machine Orchestrator (VMO) clusters after switching between Proxied and Direct access in the applied Virtual Machine Orchestrator pack.
  • Fixed a UI issue where Edge host tags were not displayed in the Tags drop-down menu on the Clusters > Edge Hosts tab of Palette.

Automation

Features

Bug Fixes

  • Fixed a spectrocloud_sso Terraform resource issue where preferred_email was not an accepted value for oidc.email.

August 17, 2025 - Release 4.7.13

Security Notices

Palette Enterprise

Breaking Changes

  • Availability zones are now required when creating MAAS node pools.
    • For MAAS clusters deployed prior to Palette version 4.7.13, selecting an availability zone is required when creating a new node pool; however, selecting an availability zone is not required when modifying an existing node pool, as modifying availability zones post-cluster deployment will trigger a node pool repave.
    • For MAAS clusters deployed prior to 4.7.13, we recommend creating a new node pool with an availability zone selected and migrating existing workloads to the new node pool when convenient. For guidance on migrating workloads, refer to the Taints and Tolerations guide.

Features

  • Amazon EKS node customization is now supported for custom AMIs, such as Amazon Linux 2 (AL2) and Amazon Linux 2023 (AL2023). This feature allows you to provide pre- and post-kubeadm commands for AL2, and provide user data customization in the form of shell scripts for AL2023. This functionality is provided through the Kubernetes EKS pack.

    Refer to the Node Customization section of the Kubernetes EKS pack for configurable options available for these AMIs. For general guidance on deploying EKS clusters, refer to the Create and Manage AWS EKS Cluster guide.

  • Palette now provides a new platform setting for automatic cluster role bindings. This feature allows Palette to automatically apply the appropriate Kubernetes cluster role bindings based on user roles, ensuring that Role-Based Access Control (RBAC) permissions are consistently applied for all deployed clusters.
  • Technical preview feature badgeTechnical preview feature badge Palette now supports Canonical Kubernetes using the Ubuntu for Canonical Kubernetes OS pack. This feature currently supports the creation of MAAS clusters with Canonical Kubernetes version 1.32. Refer to the MAAS Architecture page for further details.
  • Workspace resource quotas and namespace resource quotas now support GPU limits. This feature currently supports Nvidia GPUs only.
  • Palette now supports the AI pack type. This category streamlines the grouping and finding of AI-related packs. Refer to the Packs List to search and filter packs.

Improvements

  • Nodes provisioned through Karpenter are now visible in Palette and supported for read-only operations, such as billing and monitoring. However, Day-2 operations are not supported. Refer to Karpenter Support for more details.
  • Technical preview feature badgeTechnical preview feature badge A technical preview banner is now displayed on all Artifact Studio pages.

Bug Fixes

  • Fixed an issue that caused errors on message broker pods after upgrading self-hosted Palette installations to version 4.7.4 or later.
  • Fixed an issue that caused validation errors to appear when adding an Amazon ECR hosted in AWS GovCloud to Palette.
  • Fixed an issue that caused self-hosted Palette installations to allow passing open redirects in URLs using the returnTo parameter.
  • Fixed an issue that caused multiple repeated creations and reconciliations of Spectro Proxy pack resources.
  • Fixed an issue that caused sprig template functions to fail when being used together with system and tenant scope macros.
  • Fixed an issue that caused the worker nodes of MAAS clusters to be repaved in parallel.
  • Fixed an issue that caused certificates to be incorrectly updated in cluster Kubeconfig files after certificate updates.

Edge

info

The CanvOS version corresponding to the 4.7.13 Palette release is 4.7.9.

Improvements

  • Remote shell has now exited Tech Preview and is ready for production workloads.

Bug Fixes

  • Fixed an issue that caused the creation of locally deployed clusters to fail when adding a custom stylus.path to the user-data file.
  • Fixed an issue that prevented Kubernetes upgrades from being applied to the control plane nodes of agent mode clusters.
  • Fixed an issue that caused single-node Local UI clusters configured with add-on packs to be stuck in the Provisioning state.
  • Fixed an issue that caused Palette to report single-node Edge clusters with invalid kube-vip configurations as Healthy, even though they were unreachable.

VerteX

Features

  • Includes all Palette features, improvements, breaking changes, and deprecations in this release. Refer to the Palette section for more details.

Automation

info

Check out the CLI Tools page to find the compatible version of the Palette CLI.

Features

  • All cluster Terraform resources now support the gpu_limit and gpu_provider fields to enforce GPU resource limits. For more information, refer to the Spectro Cloud Terraform provider documentation. The Terraform resource spectrocloud_workspace now also supports these configurations.
  • Terraform version 0.24.1 of the Spectro Cloud Terraform provider is available. For more details, refer to the Terraform provider release page.
  • Crossplane version 0.24.1 of the Spectro Cloud Crossplane provider is now available.

Bug Fixes

  • Fixed an issue that prevented the taints configuration from being correctly applied to the spectrocloud_cluster_custom_cloud Terraform resource.
  • Fixed an issue that caused the spectrocloud_cluster_profile Terraform resource to create invalid objects when cluster profile variables are not correctly initialized before creation.

Virtual Machine Orchestrator (VMO)

Features

Packs

Pack Notes

  • The Spectro Addon Repo registry has been removed from Palette multi-tenant SaaS. Refer to the Default Registries for the list of registries available to all SaaS tenants.

OS

Pack NameNew Version
Ubuntu for Canonical K8s (MAAS)22.04

Kubernetes

Pack NameNew Version
Canonical Kubernetes1.32
GKE1.32
Palette eXtended Kubernetes1.32.6
Palette eXtended Kubernetes1.31.10
Palette eXtended Kubernetes1.30.14
Palette eXtended Kubernetes Edge (PXK-E)1.33.3
Palette eXtended Kubernetes Edge (PXK-E)1.32.6
Palette eXtended Kubernetes Edge (PXK-E)1.31.10
Palette eXtended Kubernetes Edge (PXK-E)1.30.14
Palette Optimized Canonical1.33.2
Palette Optimized Canonical1.32.6
Palette Optimized K3s1.33.3
Palette Optimized K3s1.32.6
Palette Optimized K3s1.31.10
Palette Optimized K3s1.30.14
Palette Optimized RKE21.33.3
Palette Optimized RKE21.32.6
Palette Optimized RKE21.31.10
Palette Optimized RKE21.30.14
RKE21.32.6
RKE21.31.10
RKE21.30.14

CNI

Pack NameNew Version
Calico3.30.2
Calico (Azure)3.30.2
Cilium CNI (Canonical K8s)1.16.3

CSI

Pack NameNew Version
Amazon EBS CSI1.46.0
Amazon EFS2.1.9
Azure Disk CSI Driver1.33.2
Longhorn1.9.0
vSphere CSI3.5.0

Add-on Packs

Pack NameNew Version
Amazon EFS2.1.9
AWS Application Loadbalancer2.13.3
AWS Cluster Autoscaler Helm1.33.0
Cilium Tetragon1.4.1
ExternalDNS0.18.0
Flux22.16.2
Longhorn1.9.0
Multus CNI Plugin2.2.18
Nvidia GPU Operator25.3.1
Open Policy Agent3.19.2
VMO Namespace Management1.0.3

FIPS Packs

Pack NameNew Version
Azure Disk CSI Driver1.33.2
Calico3.30.2
Calico (Azure)3.30.2
Palette eXtended Kubernetes1.32.6
Palette eXtended Kubernetes1.31.10
Palette eXtended Kubernetes1.30.14
Palette eXtended Kubernetes Edge (PXK-E)1.33.3
Palette eXtended Kubernetes Edge (PXK-E)1.32.6
Palette eXtended Kubernetes Edge (PXK-E)1.31.10
Palette eXtended Kubernetes Edge (PXK-E)1.30.14
Palette Optimized RKE21.33.3
Palette Optimized RKE21.32.6
Palette Optimized RKE21.31.10
Palette Optimized RKE21.30.14
RKE21.32.6
RKE21.31.10
RKE21.30.14
vSphere CSI3.5.0

August 4, 2025 - Release 4.7.8

Bug Fixes

  • Fixed an issue that caused EKS clusters using custom AMI images to be stuck in the Provisioning status.
  • Fixed an issue that prevented Palette from honoring the cluster.kubevipArgs.vip_ddns value on clusters that use kube-vip to provide a virtual IP address for Edge clusters. Refer to the Publish Cluster Services with Kube-vip guide for further information.

July 31, 2025 - Release 4.7.7

Improvements

Bug Fixes

  • Fixed an issue that caused certificates added through the Registry Connect pack to be incorrectly added on Edge clusters.
  • Fixed an issue that caused registry mapping rules to be incorrectly applied for registries configured using the Registry Connect pack.
  • Fixed an issue that caused masked cluster profile variable values to be displayed as plain text in Edge Management API calls.

July 23, 2025 - Release 4.7.4

Bug Fixes

  • Fixed an issue where the Palette agent failed to start when using a MAAS PCG with the maas-preferred-subnet ConfigMap.

July 19, 2025 - Release 4.7.0 - 4.7.3

Security Notices

Palette Enterprise

Breaking Changes

  • The log fetcher API endpoints now only support creating and retrieving logs from the following log paths:

    • /var/log
    • /var/log/syslog
    • /var/log/cloud-init

    All other log paths are now unsupported.

    In addition, log downloads are only permitted from the following namespaces:

    • kube-system
    • cluster-<cluster-uid>

  • The Palette UI now supports the configuration of custom Amazon Linux 2023 (AL2023) and Amazon Linux 2 (AL2) AMIs for AWS EKS nodes. Previously, default AMI types were configured using node labels. EKS clusters previously deployed with Enable Nodepool Customization enabled and AMI node labels will be repaved upon upgrading to version 4.7.3. AWS EKS clusters that did not specify an AMI type will now use AL2_X86_64 by default. Refer to the Create and Manage AWS EKS Cluster guide for the updated configuration process.

Features

  • Technical preview feature badgeTechnical preview feature badge The Palette Management Appliance is a new method to install self-hosted Palette in your infrastructure environment. It provides a simple and efficient way to deploy Palette using an ISO file. The Palette Management Appliance is available for VMware, Bare Metal, and Machine as a Service (MAAS) environments.

  • Technical preview feature badgeTechnical preview feature badge The Artifact Studio is a new platform for obtaining bundles, packs, and installers relating to Palette Enterprise and Palette VerteX. It provides a single source for these artifacts, which you can download and then upload to your registries.

  • Self-hosted Palette now supports the configuration of a classification banner. System administrators can set the banner text and color through the system console. Refer to the Banners guide for further guidance.

  • All ZST bundles, ISO files, and images in Spectro Cloud-owned registries are now signed using Cosign, ensuring artifacts are traceable, tamper-evident, and aligned with modern compliance frameworks. Generated keys use the FIPS-compliant ECDSA-P256 cryptographic algorithm for the signature and SHA256 for hashes; keys are stored in PEM-encoded PKCS8 format. Refer to the Artifact Signatures guide for further information.

Improvements

  • Palette now supports Azure Entra ID authentication for Azure Blob Storage for Azure IaaS and AKS cluster provisioning. Palette still uses Shared Access Signature (SAS) by default, but if your Azure environment has restrictions that block SAS, Entra ID is automatically used instead.

    To enable this feature, the following DataActions have been added to the dynamic and static Azure IaaS permission sets:

    • Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read
    • Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write

    These additional permissions are not required for AKS. Refer to the Required Permissions guide for all required permissions.

Bug Fixes

  • Fixed an issue that caused the certificate renewal job to fail once clusters provisioned with Kubernetes 1.28 or older are updated to Kubernetes 1.29.
  • Fixed an issue that caused resource reconciliation to fail when deleting a pack whose resources have already been removed.
  • Fixed an issue that restricted cluster tags from containing numbers, spaces, and the following special characters: _, ., :, /, =, +, -, and @.
  • Fixed an issue that caused cluster health events to be incorrectly reported in Palette after partial broker service outages.

Edge

info

The CanvOS version corresponding to the 4.7.3 Palette release is 4.7.2.

Improvements

  • Palette now provides enhanced support for upgrades to Palette Optimized Canonical. This improvement ensures successful upgrades between minor and patch versions on connected and airgapped Edge clusters.
  • Remote shell temporary user credentials and the remote shell tunnel are now removed after 24 hours of inactivity. The removal of inactive tunnels and credentials reduces the risk of unauthorized access and helps maintain an efficient system.
  • The Palette UI now partially obfuscates Edge host registration tokens. Users must manually reveal the full token using a toggle.
  • Edge Management API has now exited Tech Preview and is ready for production workloads.
  • Cluster Definition has now exited Tech Preview and is ready for production workloads.

Bug Fixes

  • Fixed an issue that prevented Edge clusters with multi-hyphen Helm chart names from provisioning.
  • Fixed an issue that caused the containerd sync job to perform unnecessary file copying and I/O operations on disconnected Edge clusters.
  • Fixed an issue that caused API calls to add Edge cluster nodes to fail.
  • Fixed an issue that caused proxy certificates to be incorrectly shown in Local UI.
  • Fixed an issue that caused the connection configuration validation in the Palette UI to fail for certain valid endpoints and registration tokens.
  • Fixed an issue that caused commands to the API delete endpoint to reset Edge hosts actively being provisioned to an Edge cluster.
  • Fixed an issue that caused the /usr/local directory on Edge nodes to be repeatedly resized.
  • Fixed an issue that prevented new certificates from being reconciled in clusters provisioned with a certificate that has recently expired.
  • Fixed an issue that prevented the migration of resources from the system-upgrade namespace to the system-upgrade-<cluster-uid> namespace.
  • Fixed an issue that caused Palette to incorrectly report the status of successfully installed packs.
  • Fixed an issue that caused pods related to agent mode cluster upgrades to get stuck in a Terminating state.
  • Fixed an issue that caused Palette to incorrectly report certificate errors on Edge clusters.
  • Fixed an issue that caused continuous retries on malformed bundles during the deployment of Edge clusters instead of initializing a fresh pack download.
  • Fixed an issue that caused Kube-vip arguments to be incorrectly reconciled after cluster creation.

VerteX

Features

  • Technical preview feature badgeTechnical preview feature badge The VerteX Management Appliance is a new method to install Palette VerteX in your infrastructure environment. It provides a simple and efficient way to deploy Palette VerteX using an ISO file. The VerteX Management Appliance is available for VMware, Bare Metal, and Machine as a Service (MAAS) environments. Refer to the VerteX Management Appliance guide for further information.

  • The Artifact Studio is a new platform for obtaining bundles, packs, and installers relating to Palette Enterprise and Palette VerteX. It provides a single source for these artifacts, which you can download and then upload to your registries. Refer to the Artifact Studio guide for further information.

  • The Zot registry is now supported as a primary registry for clusters managed by VerteX. Refer to Deploy Cluster with a Primary Registry for more information.

  • Includes all Palette features, improvements, breaking changes, and deprecations in this release. Refer to the Palette section for more details.

Automation

info

Check out the CLI Tools page to find the compatible version of the Palette CLI.

Breaking Changes

Features

  • The content build command of the Palette CLI now includes the --exclude-profiles flag. This flag allows you to exclude content such as images, charts, or raw files present in the listed profiles from the generated content bundle. Additionally, content bundles are now saved to the <current-directory>/output/content-bundle/ directory by default; you can override this location by using the --output flag. Refer to the Content command reference page for further information.
  • Terraform version 0.23.8 of the Spectro Cloud Terraform provider is available. For more details, refer to the Terraform provider release page.
  • Crossplane version 0.23.9 of the Spectro Cloud Crossplane provider is available. The provider now includes support for public cloud, VMware, and Canonical MAAS clusters.

Improvements

  • The Terraform resource spectrocloud_macros now supports the terraform import command. For more information, refer to the Spectro Cloud Terraform provider documentation.
  • The Terraform resource spectrocloud_cluster_profile now resolves the pack_uid based on the registry_uid, tag, and name fields. For more information, refer to the Spectro Cloud Terraform provider documentation.

Bug Fixes

Virtual Machine Orchestrator (VMO)

Improvements

  • Configuration adjustments have been made to improve the compatibility of the Virtual Machine Orchestrator with self-hosted Palette installations. This includes the ability to configure a private CA certificate for secure communication. Refer to the Configure Private CA Certificate guide for more details.

  • The KubeVirt version in use is now v1.5.0. Other components of the VMO pack have also been upgraded, enhancing system reliability and security.

Packs

Pack Notes

  • Palette VerteX now supports Zot OCI-native container image registries through the Zot Registry pack.

Kubernetes

Pack NameNew Version
Palette Optimized Canonical1.33.0
Palette Optimized K3s1.33.1
Palette Optimized K3s1.32.4
Palette Optimized K3s1.31.8
Palette Optimized K3s1.30.12
Palette eXtended Kubernetes1.32.4
Palette eXtended Kubernetes1.31.8
Palette eXtended Kubernetes1.30.12
Palette eXtended Kubernetes Edge (PXK-E)1.33.1
Palette eXtended Kubernetes Edge (PXK-E)1.32.4
Palette eXtended Kubernetes Edge (PXK-E)1.31.8
Palette eXtended Kubernetes Edge (PXK-E)1.30.12
Palette Optimized RKE21.33.1
Palette Optimized RKE21.32.4
Palette Optimized RKE21.31.8
Palette Optimized RKE21.30.12
RKE21.32.7
RKE21.31.8
RKE21.30.12

CNI

Pack NameNew Version
AWS VPC CNI (Helm)1.19.5
Calico3.30.1
Calico (Azure)3.30.1
Calico (FIPS)3.30.1
Cilium1.17.4
Cilium1.16.10
Flannel0.27.0
Flannel0.26.7

CSI

Pack NameNew Version
Amazon EBS CSI1.43.0
Amazon EFS2.1.7
Amazon EFS2.1.8
Longhorn1.8.1
Piraeus Operator2.8.1
Portworx3.3.1
vSphere CSI3.4.0

Add-on Packs

Pack NameNew Version
AWS Application Loadbalancer2.13.2
Amazon EFS2.1.7
Amazon EFS2.1.8
Argo CD8.0.1
Argo CD7.9.0
ExternalDNS0.16.1
External Secrets Operator0.17.0
Istio1.26.0
Istio1.25.1
Kong2.48.0
MetalLB0.15.2
Nginx1.12.2
Open Policy Agent3.18.3
Open Observe0.14.7
Open Telemetry0.127.0
PostgreSQL1.22.1
Reloader1.4.2
Vault0.30.0

FIPS Packs

Pack NameNew Version
AWS VPC CNI (Helm)1.19.5
Calico3.30.1
Calico (FIPS)3.30.1
Cilium1.17.4
Palette eXtended Kubernetes1.32.4
Palette eXtended Kubernetes1.31.8
Palette eXtended Kubernetes1.30.12
Palette eXtended Kubernetes Edge (PXK-E)1.33.1
Palette eXtended Kubernetes Edge (PXK-E)1.32.4
Palette eXtended Kubernetes Edge (PXK-E)1.31.8
Palette eXtended Kubernetes Edge (PXK-E)1.30.12
Palette Optimized RKE21.33.1
Palette Optimized RKE21.32.4
Palette Optimized RKE21.31.8
Palette Optimized RKE21.30.12
Piraeus Operator2.8.1
RKE21.32.7
RKE21.31.8
RKE21.30.12
vSphere CSI3.4.0