Skip to content

Aug

v3.6 - SaaS

09 Aug, 2025

Upstream Kubernetes for Bare Metal and VMs

Certificate Rotation Reliability Enhancement

Problem: In certain edge cases, kubelet failed to restart after certificate renewal during the certificate rotation process, preventing new certificates from taking effect.

Solution: Enhanced the internal workflow to ensure kubelet automatically restarts, guaranteeing certificate rotation workflow completes successfully without cluster impact.

Benefit

Improved reliability of certificate rotation process with automatic kubelet restart handling for edge cases.

RCTL Enhancement: Task ID Retrieval

When applying a cluster using rctl apply cluster -f <file>, a Taskset ID is returned to track provisioning progress. However, if this Taskset ID is lost (due to terminal disconnect, user error, etc.), there was no supported method to retrieve it for clusters still under provisioning.

Added new RCTL command to retrieve the Task ID for ongoing cluster operations:

./rctl get clustertaskset <cluster name>

Prerequisite

You need to download the new RCTL binary to use this feature.

Benefit

This command helps track the status of long-running cluster provisions and troubleshoot cluster creation failures.

Deprecation

Component Status Details
Ubuntu 20.04 Deprecated No longer supported for new cluster provisioning due to EOL

Google GKE Enhancements

Kubernetes v1.33 Support

In this release, Kubernetes v1.33 is supported for both provisioning and upgrades.

GKE 1.33 Support

GKE Control Plane Auto-Upgrade Handling

Recently, GKE started automatically upgrading control planes for clusters, including those not enrolled in release channels, which caused reconciliation issues leading to memory pressure on the GKE driver pod.

Enhanced handling of GKE control plane auto-upgrades with improved version management capabilities:

  • Seamless compatibility with GKE's automatic control plane upgrades
  • New SYNC VERSION functionality to align cluster configurations with GKE-managed versions
  • Enhanced UI showing both desired and actual control plane versions with timestamps

For Declarative Cluster Management

  • YAML-based clusters can be synchronized by updating the cluster specification to match the current GKE control plane version
  • Existing clusters should update their configuration to reflect the version automatically upgraded by GKE

Sync Version Button

Note

The SYNC VERSION button will no longer appear once the desired and actual versions are in sync.

Version Sync Complete

Benefit

Seamlessly stay in sync with GKE’s automatic control plane upgrades using enhanced version visibility and one-click synchronization option.

OPA Gatekeeper

v3.19.1 Support

Added support for OPA Gatekeeper v3.19.1 in this release. This new version includes the latest security patches and feature enhancements for policy enforcement.

Version

Benefit

Enhanced security and policy management capabilities with the latest OPA Gatekeeper version.

Namespace

Ephemeral Storage Resource Quota Limits

Added support for configuring ephemeral storage limits as resource quotas in namespaces. This enhancement allows administrators to set and enforce ephemeral storage constraints to prevent resource exhaustion.

Benefit

Improved resource management and cost control through ephemeral storage quota enforcement at the namespace level.

Note

Configuration will only be available initially through non-UI interfaces.

Environment Manager

Staggered Deployments

Previously, deployment randomization within a defined schedule window was available only through non-UI interfaces; this capability is now being extended to support configuration directly via the UI.

Benefit

Easy setup of randomized rollout windows directly from the UI.

Staggered Deployments

Cost Management

Chargeback reports

Chargeback summary reports aggregated by namespace now support custom label-based metadata enrichment. Users can define specific label keys (e.g., team, cost_center) in the report configuration. These labels will be reflected as additional columns in the generated report.

For example, in a multi-tenant cluster where namespaces are labeled with team and cost_center, the report will include these columns and populate them with the corresponding label values for each namespace.

Benefit

Enables inclusion of metadata, improving the effectiveness of chargeback reporting for multi-tenant clusters.

Note

Configuration will only be available initially through non-UI interfaces.

Chargeback Report

Agent

Centralized Configuration

Previously, agent configurations such as CPU/Memory limits, engine agent workers was available only through non-UI interfaces; this can now be managed directly via the UI.

Benefit

UI-based configuration for agents.

Agent

Security

The latest agent release includes security enhancements to address potential vulnerabilities.

Catalog: System Template Enhancements

System Resource Templates

Overrides

In certain scenarios, overriding default resource template configurations is necessary. Examples include:

  • Configuring an approval step during the OpenTofu Plan phase before apply
  • Specifying a custom driver when an SSH key is required to interface with VM infrastructure

With this enhancement, overrides can now be configured specifically for system resource templates during the setup of custom environment templates, offering greater flexibility and control.

Benefit

Enables customization of system resource templates to meet specific customer requirements.

Restricting Access

To support organizational governance, a new configuration setting has been introduced at the organization level to restrict the use of System Resource Templates.

When this restriction is enabled, only Org Admins will be allowed to use system resource templates for building environment templates. For non-admin roles, system templates will no longer appear in dropdowns during environment template creation.

System RT

Benefit

Improves governance by allowing organizations to restrict system template usage to Org Admins only.

UX improvements

This update introduces several UX improvements, including:

  • Clear visual distinction between system and custom resource templates on the Resource Templates listing page.

System RT

  • Improved clarity when selecting resource templates during Environment Template configuration, with system and custom templates visually differentiated.

System RT

Benefit

Enhances usability with clear visual cues to distinguish system and custom resource templates during selection and configuration.

EKS Region Support

Added support for AWS Region ap-east-2 in the EKS region list.

Platform Version Field for MKS System Template

Added Platform Version field for VMware and upstream Kubernetes MKS system templates to update core upstream MKS cluster components like etcd, CRI, and node agent. Refer to Platform Versioning documentation for more details.

New Fields for MKS System Template

Added the following Configuration fields for VMware and upstream Kubernetes MKS system templates:

  • Enable Kata Deployment
  • Enable OPA-gatekeeper Deployment
  • OPA Excluded Namespaces
  • OPA Constraint Template YAML
  • OPA Constraints YAML

System Template Cluster UX Enhancement

In this release, we have added some minor enhancements to improve the UX and better differentiate clusters created through system templates.

Enhanced UX for System Template Clusters:

  • Clear Cluster Type Identification: Clusters created through system templates now display as actual clusters with a "Template" label instead of showing as imported clusters
  • Dashboard Integration: System template clusters with their type and label are now properly displayed in the dashboard
  • Kubernetes Version Display: The cluster card also shows the Kubernetes version for better visibility for these clusters on the cluster card

System Template Cluster

Dashboard UI

Bug Fixes

Bug ID Component Description
RC-41175 Backup & Restore Fixed error when clicking "Backup data agent" button
RC-41244 GitOps System Sync Resolved pipeline getting stuck in progress state with queued jobs
RC-41805 Application Workloads Fixed incorrect workload status display in the application workload debug window
RC-42696 Fleet Workflow Resolved fleet workflow sync issues where hook progress got stuck due to large hook output in Fleet Plan
RC-42835 kubectl Access Fixed kubectl access enable/disable functionality not working properly for read-only roles
RC-43269 EKS LCM Fixed an 'ERROR #22001 – value too long' issue encountered during access entry creation

v1.1.50 - Terraform Provider

09 Aug, 2025

The latest version of the Rafay Terraform provider includes the following:

Feature Enhancements

Updated documentation for the following resources:

  • rafay_project and rafay_namespace Covers details around Ephemeral Storage resource quota configuration.

  • rafay_environment_template and rafay_resource_template Guidance added for configuring overrides for catalog templates

  • rafay_chargeback_group
    Covers details around adding labels with namespace based configuration for summary chargeback reports

Bug Fixes/Improvements

Bug ID Description
RC-41802 Terraform execution now fails if a connectivity issue is detected
RC-42913 Resolved issues with Terraform environment template parent block overrides that prevented state refresh/import and creation of templates when using long JSON values
RC-38166 Introduced Terraform support for inline config contexts in both resource and environment templates, along with updated documentation