v4.1 Update 7 - SaaS¶

28 May, 2026

Upstream Kubernetes for Bare Metal and VMs¶

The features in this section are for Rafay's Kubernetes Distribution (aka Rafay MKS).

Kubernetes v1.36¶

New Rafay MKS clusters based on upstream Kubernetes can now be provisioned with Kubernetes v1.36. Existing clusters managed by the controller can be upgraded in-place to Kubernetes v1.36.

To learn more, read our blog: Kubernetes v1.36 for Rafay MKS

Benefit

Run workloads on the latest upstream Kubernetes release with in-place upgrades, without reprovisioning clusters.

Patch version updates

This release adds the following Kubernetes patch versions:

v1.35.4 — Kubernetes 1.35
v1.34.7 — Kubernetes 1.34
v1.33.11 — Kubernetes 1.33

By default, the console shows the latest active patch versions (including v1.36.0 for Kubernetes 1.36). Rafay recommends these for new clusters and upgrades.

Deprecated Kubernetes patch versions

Older patch versions remain available when Show deprecated Kubernetes patch versions is enabled in the cluster provisioning UI. These versions are marked (deprecated) and can be selected for new cluster creation as well as for migration scenarios where you need to align with an existing cluster. Rafay still recommends the latest active patch versions for new cluster deployments.

v1.35.0, v1.34.3, v1.34.1, v1.33.7, v1.33.5, v1.32.13, v1.32.11, v1.32.9

Platform version 1.3.0

Platform version v1.3.0 is now available and is the default for Kubernetes v1.36 and for other supported Kubernetes versions that include the updated container runtime (CRI v2.3.0). Older platform versions remain available for migration and compatibility.

Note

Rafay recommends using the latest active Kubernetes patch version together with the latest platform version for new clusters and upgrades.

For the full Kubernetes and platform version support matrix, see Support Matrix.

CLI (RCTL)¶

Enhanced Logging for Large Clusters¶

RCTL logging has been enhanced to provide clearer, more detailed output when managing clusters with large node counts.

Benefit

Speeds up troubleshooting and automation debugging for large-scale cluster operations by surfacing more actionable log detail from the CLI.

Bug Fixes¶

The following bug fixes are included in the v4.1 Update 7 release:

Bug ID	Description
RC-45095	MKS: Fixed an issue where migration to the CNI VAI blueprint failed when pulling the Helm chart from the Helm repository.
RC-49603	Fleet Plan: Fixed an issue where Fleet Plan runs for Environment Manager environments failed when initiated by SSO-authenticated users.
RC-48209	Workloads: Fixed an issue where debug logs for the partner transaction status publisher workload did not include snapshot information.
RC-49502	Workloads: Fixed an issue with the workload publish status structure when a workload is in the deploy state.

v4.1 Update 6 - SaaS¶

14 May, 2026

Azure AKS¶

Bootstrap VM Image Support Across Subscriptions¶

AKS cluster provisioning now supports bootstrap VM images hosted in an Azure subscription other than the subscription where the cluster is deployed. This includes images published to shared Azure Compute Galleries used for centralized golden-image management.

Benefit

Lets platform teams maintain bootstrap VM images in a central subscription while deploying AKS clusters across multiple subscriptions, without duplicating images in every target subscription.

Workloads¶

Publish and Unpublish Status Improvements¶

This release improves visibility into workload publish and unpublish operations with clearer status reporting and additional logging throughout the lifecycle. These updates make it easier to track operation progress and diagnose issues when workloads are published or unpublished.

Benefit

Reduces ambiguity during workload lifecycle operations and speeds up troubleshooting with more actionable status details and logs.

Bug Fixes¶

The following bug fix is included in the v4.1 Update 6 release:

Bug ID	Description
RC-49352	GitOps System Sync: Fixed an issue where the system sync pipeline could not retrieve details from previous jobs.

v1.1.64 - Terraform Provider¶

14 May, 2026

An updated version of the Terraform provider is now available.

The following bug fix is included in this release:

Bug ID	Description
RC-49335	Terraform Provider: Fixed an issue where `rafay_groupassociation` failed on apply instead of detecting drift when referenced groups were deleted externally. The resource now recreates the group and association cleanly on a subsequent `terraform apply`.

v4.1 Update 5 - SaaS¶

07 May, 2026

Amazon EKS¶

Multiple Control Plane Security Groups During Cluster Provisioning¶

You can now attach multiple control plane security groups during Amazon EKS cluster provisioning. Previously, only a single control plane security group was supported.

Example cluster spec configuration:

vpc:
  clusterEndpoints:
    privateAccess: true
    publicAccess: true
  controlPlaneSecurityGroupIDs:
    - sg-1xxxxxxx
    - sg-2xxxxxxx
    - sg-3xxxxxxx
  nat:
    gateway: Single
  subnets:
    private:
      subnet-003a8fb895010a199:
        id: subnet-1xxxxxxx
      subnet-0620572cf6768edb7:
        id: subnet-2xxxxxxx
    public:
      subnet-08c3d171dc4dfba34:
        id: subnet-3xxxxxxx
      subnet-0257882896d37ebcc:
        id: subnet-4xxxxxxx

Benefit

Improves control plane network security flexibility by allowing environment-specific segmentation and access controls at cluster creation time.

Azure AKS¶

RHEL Support for Bootstrap VM Configuration¶

This release adds support for using RHEL images in AKS bootstrap VM configuration. Previously, only Ubuntu images were supported.

Example bootstrap VM configuration:

bootstrap_vm_params {
  vm_size = "Standard_B4ms"
  image {
    id        = "/subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.Compute/galleries/<gallery>/images/<image-definition>/versions/<version>"
    os_state  = "Generalized"
    os_family = "rhel"
  }
}

Benefit

Enables organizations that standardize on RHEL to align AKS bootstrap infrastructure with enterprise OS, compliance, and hardening requirements.

Note

Both enhancements are currently supported via RCTL, Terraform, API, System Sync, and Save & Customize.
Form-based UI support is not available yet and will be added in a future release.

Bug Fixes¶

The following bug fixes are included in the v4.1 Update 5 release:

Bug ID	Description
RC-48851	AKS: Fixed an issue where `autoScalerProfile` was not updating in the cluster configuration.
RC-48889	EKS: Fixed an issue where undesired GitOps events were being triggered for EKS clusters.
RC-49169	GKE: Fixed validation to enforce GCP's maximum cluster name length limit of 39 characters.
RC-48920	Fixed an issue where workspace admins could not create registry secrets on shared clusters through the UI.
RC-49073	MKS: Fixed an issue where platform upgrade from `v1.1.0` to `v1.2.0` failed with ETCD stuck in pending state after a successful Kubernetes upgrade from `1.33` to `1.34`.

v1.1.63 - Terraform Provider¶

07 May, 2026

An updated version of the Terraform provider is now available.

The following enhancement is included in this release:

rafay_aks_cluster: Added support for RHEL bootstrap VM configuration via the os_family field (RHEL). For an example with this field, see aks_cluster_v3.

rafay_eks_cluster: Added support for multiple control plane security groups during EKS cluster provisioning via control_plane_security_group_ids (list of strings). For an example with this field, see eks_cluster.