Skip to content

v1.1.56 - Terraform Provider

The latest version of the Rafay Terraform provider includes enhancements and new features for the following resources:

rafay_eks_cluster: Enhanced with improved stability and diff handling across the entire EKS cluster resource configuration, including node groups and other cluster settings. The resource now supports an optional map-based structure (node_groups_map, managed_nodegroups_map) that resolves many diff-related and ordering issues and enables smoother configuration updates. Migration is optional but recommended. See Terraform Migration Guide for details.

Important

This change will not impact your existing state or break any functionality. Existing configurations continue to work without any breaking changes. You may see warnings in terraform plan, but these are informational only and will not affect your infrastructure.

rafay_mks_cluster: Added support for kubelet configuration overrides at cluster and node levels. Supports both traditional key-value arguments and structured KubeletConfiguration YAML, enabling fine-grained control over kubelet behavior. Refer to this example for implementation details.

rafay_workloadtemplate: Added ability to create Helm workloads from Git repositories with separate sources for chart/default values and override values.

rafay_blueprint: Added ability to disable AWS node termination handler using the disable_aws_node_termination_handler flag. See example usage for details.

rafay_fleetplan: Added Fleet Plan support for Environment Manager templates, enabling scalable bulk operations and day 2 management for self-service deployed environments. Supports bulk operations across multiple environments using filters (projects, templates, labels) for actions such as variable updates, template version upgrades, and resource operations. Refer to Environment-based Fleet Plans documentation for reference.

Important

Choose a single management method for day 2 operations—either Infrastructure as Code (IaC), Environment Templates, or Fleet Plan. Mixing management methods (e.g., performing some operations via Environment Templates and others via Fleet Plan) can cause conflicts and should be avoided.

Bug Fixes

The following bug fixes have been addressed in this Terraform provider release:

Bug ID Description
RC-32884 EKS: Fixed issue where terraform plan incorrectly shows diff for nodegroup subnets, but apply completes successfully.
RC-35037 EKS: Fixed issue where terraform plan incorrectly shows diff when new addon resources are added without modifying existing resources.
RC-35721 EKS: Fixed issue where terraform plan incorrectly detects diff in tags field when attaching policy v2 to managed addons.
RC-35820 EKS: Fixed issue where VPC-CNI managed addon reorders attach policy v2 JSON content on each terraform plan/apply.
RC-40370 EKS: Fixed issue preventing Fargate Profile creation via Terraform.
RC-40807 EKS: Fixed issue where list element reordering incorrectly triggers diff detection.

v4.0-SaaS

This release has been promoted to version 4.0 due to the inclusion of several major platform capabilities, such as OIDC-based IDP integration and fleet-based workflows for Environment Manager.

Upstream Kubernetes

Kubelet Configuration

Benefit

Provides fine-grained control over node behavior, enabling customers to tune kubelet behavior for performance, security, and workload-specific requirements at scale.

This release adds support for configuring any valid upstream Kubernetes KubeletConfiguration parameter using the official Kubernetes KubeletConfiguration API.

Kubelet settings can be customized at:

  • Cluster level – applied uniformly across all nodes
  • Node level – overrides cluster-level settings for matching fields

Both of the following configuration methods are supported:

  • Traditional key-value kubelet arguments
  • Structured KubeletConfiguration YAML, allowing access to the full upstream configuration surface

When both cluster and node-level configurations are defined:

  • Node-level settings take precedence for overlapping fields
  • Cluster-level settings apply to fields not explicitly overridden
  • Each node receives a merged configuration based on this priority model

Node-Level Kubelet Configuration

To configure kubelet settings at the node level, navigate to the nodes section configuration and select the Kubelet Config option.

Node Kubelet Option

Specify the kubelet args using either key-value arguments or structured YAML configuration.

Node Kubelet Config

Cluster-Level Kubelet Configuration

To apply kubelet settings uniformly across all nodes, configure the settings at the cluster level at Configuration tab.

Cluster Kubelet Config

Google Kubernetes Engine (GKE)

Control Plane Endpoint Visibility

Benefit

Improves operational visibility and troubleshooting by making control plane details easily accessible to platform and security teams.

This release adds UI support to display GKE control plane endpoint IP addresses directly in the console.

GKE Control Plane Endpoint

Amazon EKS

Managed Addons

The Network Flow Monitoring Agent addon is now supported for EKS clusters across all interfaces (UI, CLI, RCTL, and Terraform).

EKS Addon

IDP Integration

OIDC Support

Benefit

Expands identity provider compatibility enabling customers to integrate with a broader set of cloud-native and SaaS IDPs.

Prior to this release, the platform supported SAML-based IDP integrations only. This release introduces first-class support for OIDC-based IDPs, allowing customers to integrate identity providers that rely on OpenID Connect.

Key characteristics:

  • OIDC workflows align closely with existing SAML-based workflows
  • Role assignment and access controls remain consistent

OIDC

Fleet Plan

Benefit

Enables scalable, reliable, and repeatable management of large numbers of environments through centralized, policy-driven operations.

The Fleet Plan capability previously available only for standalone cluster objects under the Infrastructure tab has been enhanced in this release.

Key changes:

  • New dedicated tab – Fleet Plan has been moved out of the Infrastructure tab and is now available as a separate Fleet Plan tab in the console for improved visibility and access
  • Environment Manager support – Fleet Plan now extends to Environment Templates, enabling fleet-based operations across environments provisioned via Environment Manager
  • Standalone cluster support – Existing support for standalone cluster objects remains unchanged

Environment Manager

Environment Fleet Management allows users to:

  • Perform bulk operations across multiple environments in parallel
  • Target environments using filters such as projects, templates, and labels
  • Apply common actions including variable updates, template version upgrades, and resource operations
  • Track progress and outcomes across the fleet

Example use cases:

  • Updating a resource (e.g., RDS engine version) due to end of support
  • Phased rollout of Kubernetes cluster upgrades provisioned via Environment Manager
  • Shutting down environments not based on approved templates
  • Rolling out fixes for vulnerable add-ons across managed environments

For more information, see Fleet Plan.

Fleet Plan

Email Notifications

Benefit

Improves operational awareness and reduces manual follow-ups by delivering timely, contextual notifications to the right stakeholders.

A new notification hook framework has been added to resource and environment templates.

This enables automated email notifications for events such as:

  • Successful environment deployments
  • Environment or resource deployment failures

The notification framework supports:

  • Custom sender and recipient configuration
  • Custom subject and body
  • Use of expressions and variables to generate context-aware content

Email notifications

Blueprints & Add-ons

Regex Support for Add-on Overrides

Benefit

Reduces ongoing maintenance by allowing override rules to automatically apply to future compatible add-on versions.

This release adds regex-based version matching for add-on overrides, building on version-scoped overrides introduced in v3.7.

Regex support

Node Termination Handler Add-on (Amazon EKS Only)

Benefit

Gives customers explicit control over managed system add-ons to align with custom node lifecycle or disruption-handling strategies.

The Node Termination Handler add-on can now be disabled during Blueprint configuration under Managed System Add-Ons.
If not explicitly disabled, the add-on remains enabled by default.

Node Termination Handler

GitOps System Sync

Annotations Support

Benefit

Allows teams to attach operational context and metadata to cluster objects, improving documentation and governance.

Annotations are now supported for Amazon EKS and Google GKE cluster objects, extending existing annotation support for blueprints and add-ons.

Workloads

Git Path for Values Files

Benefit

Improves GitOps flexibility by allowing reusable and centralized configuration management for workload templates.

The Git Path option for specifying values files is now supported for workload templates.

Git Path

Unpublish Support via RCTL

Benefit

Enables full lifecycle management of workloads through automation-friendly CLI workflows.

RCTL now supports unpublishing v3 workloads, standardizing workload lifecycle operations via CLI.

Deprecations

Infrastructure Provisioner

Support for the Infrastructure Provisioner stage in GitOps pipelines has been removed. This capability is superseded by the Environment Manager framework.

Bitnami Catalog

Support for the Bitnami public catalog will be removed in v4.1 due to upstream changes: https://github.com/bitnami/charts/issues/35164

Customers are advised to migrate to upstream repositories as detailed in this blog post.

Ingress NGINX

Support for Ingress NGINX will be removed in v4.2 following community retirement of the project.

Migration guidance detailed here.

Bug Fixes

Bug ID Description
RC-44551 Workloads: Improved timeout handling to support repositories up to 1 GB in size.
RC-43296 GitOps System Sync: Fixed an issue where consecutive commits were not processed correctly.
RC-43138 Workloads: Fixed an issue where the workload Git Path field appeared blank when revisiting the configuration page.
RC-40290 Backup/Restore: Fixed an issue where the NodeInstanceRole was missing in the IAM service account created for Velero backups.
RC-39669 RBAC: Fixed an issue where users with both Infrastructure Read-Only and Namespace Admin roles could view container registries.

v3.7 Update 7 - SaaS

13 Jan, 2026

Environment Manager

The following enhancements have been added to Environment Manager:

  1. Form-Based Rendering for JSON Input Variables - JSON-based input variables now support form-based rendering and conditional logic, providing a more intuitive user experience when working with complex variable structures. For more information, refer to the Form-Based Parameter Configuration section in the Environment Manager documentation.

  2. Dynamic Config Contexts - Configure and use dynamic Config Contexts with custom input to share environment templates across multiple projects while maintaining project-level configuration isolation. Learn more in the Custom Config Contexts documentation.

  3. Selective Variable Display - Platform administrators can now control which variables are displayed during environment launch and upon completion of a run, simplifying the user interface and improving the experience for end users.