Upcoming
Important
This page will be periodically updated with features that are scheduled to roll into Rafay's Preview environment as part of upcoming releases. Learn more about Previews. Learn about our recent releases.
Navigate to our public roadmap for details on what we are working on for future releases.
Release Information¶
| Version | Environment | Release Date |
|---|---|---|
| v3.6 | SaaS Preview | July 29th, 2025 |
Upstream Kubernetes for Bare Metal and VMs¶
Certificate Rotation Reliability Enhancement¶
Problem: In certain edge cases, kubelet failed to restart after certificate renewal during the certificate rotation process, preventing new certificates from taking effect.
Solution: Enhanced the internal workflow to ensure kubelet automatically restarts, guaranteeing certificate rotation workflow completes successfully without cluster impact.
Benefit
Improved reliability of certificate rotation process with automatic kubelet restart handling for edge cases.
RCTL Enhancement: Task ID Retrieval¶
When applying a cluster using rctl apply cluster -f <file>, a Taskset ID is returned to track provisioning progress. However, if this Taskset ID is lost (due to terminal disconnect, user error, etc.), there was no supported method to retrieve it for clusters still under provisioning.
Added new RCTL command to retrieve the Task ID for ongoing cluster operations:
./rctl get clustertaskset <cluster name>
Prerequisite
You need to download the new RCTL binary to use this feature.
Benefit
This command helps track the status of long-running cluster provisions and troubleshoot cluster creation failures.
Deprecation¶
| Component | Status | Details |
|---|---|---|
| Ubuntu 20.04 | Deprecated | No longer supported for new cluster provisioning due to EOL |
Google GKE Enhancements¶
Kubernetes v1.33 Support¶
In this release, Kubernetes v1.33 is supported for both provisioning and upgrades.
GKE Control Plane Auto-Upgrade Handling¶
Recently, GKE started automatically upgrading control planes for clusters, including those not enrolled in release channels, which caused reconciliation issues leading to memory pressure on the GKE driver pod.
Enhanced handling of GKE control plane auto-upgrades with improved version management capabilities:
- Seamless compatibility with GKE's automatic control plane upgrades
- New SYNC VERSION functionality to align cluster configurations with GKE-managed versions
- Enhanced UI showing both desired and actual control plane versions with timestamps
For Declarative Cluster Management¶
- YAML-based clusters can be synchronized by updating the cluster specification to match the current GKE control plane version
- Existing clusters should update their configuration to reflect the version automatically upgraded by GKE
Note
The SYNC VERSION button will no longer appear once the desired and actual versions are in sync.
Benefit
Seamlessly stay in sync with GKE’s automatic control plane upgrades using enhanced version visibility and one-click synchronization option.
OPA Gatekeeper¶
v3.19.1 Support¶
Added support for OPA Gatekeeper v3.19.1 in this release. This new version includes the latest security patches and feature enhancements for policy enforcement.
Benefit
Enhanced security and policy management capabilities with the latest OPA Gatekeeper version.
Namespace¶
Ephemeral Storage Resource Quota Limits¶
Added support for configuring ephemeral storage limits as resource quotas in namespaces. This enhancement allows administrators to set and enforce ephemeral storage constraints to prevent resource exhaustion.
Benefit
Improved resource management and cost control through ephemeral storage quota enforcement at the namespace level.
Note
Configuration will only be available initially through non-UI interfaces.
Environment Manager¶
Staggered Deployments¶
Previously, deployment randomization within a defined schedule window was available only through non-UI interfaces; this capability is now being extended to support configuration directly via the UI.
Benefit
Easy setup of randomized rollout windows directly from the UI.
Agent¶
Centralized Configuration¶
Previously, agent configurations such as CPU/Memory limits, engine agent workers was available only through non-UI interfaces; this can now be managed directly via the UI.
Benefit
UI-based configuration for agents.
Security¶
The latest agent release includes security enhancements to address potential vulnerabilities.
Catalog: System Template Enhancements¶
System Resource Templates¶
Overrides¶
In certain scenarios, overriding default resource template configurations is necessary. Examples include:
- Configuring an approval step during the OpenTofu Plan phase before apply
- Specifying a custom driver when an SSH key is required to interface with VM infrastructure
With this enhancement, overrides can now be configured specifically for system resource templates during the setup of custom environment templates, offering greater flexibility and control.
Benefit
Enables customization of system resource templates to meet specific customer requirements.
Restricting Access¶
To support organizational governance, a new configuration setting has been introduced at the organization level to restrict the use of System Resource Templates.
When this restriction is enabled, only Org Admins will be allowed to use system resource templates for building environment templates. For non-admin roles, system templates will no longer appear in dropdowns during environment template creation.
Benefit
Improves governance by allowing organizations to restrict system template usage to Org Admins only.
UX improvements¶
This update introduces several UX improvements, including:
- Clear visual distinction between system and custom resource templates on the Resource Templates listing page.
- Improved clarity when selecting resource templates during Environment Template configuration, with system and custom templates visually differentiated.
Benefit
Enhances usability with clear visual cues to distinguish system and custom resource templates during selection and configuration.
EKS Region Support¶
Added support for AWS Region ap-east-2 in the EKS region list.
Platform Version Field for MKS System Template¶
Added Platform Version field for VMware and upstream Kubernetes MKS system templates to update core upstream MKS cluster components like etcd, CRI, and node agent. Refer to Platform Versioning documentation for more details.
New Fields for MKS System Template¶
Added the following Configuration fields for VMware and upstream Kubernetes MKS system templates:
- Enable Kata Deployment
- Enable OPA-gatekeeper Deployment
- OPA Excluded Namespaces
- OPA Constraint Template YAML
- OPA Constraints YAML
System Template Cluster UX Enhancement¶
In this release, we have added some minor enhancements to improve the UX and better differentiate clusters created through system templates.
Enhanced UX for System Template Clusters:
- Clear Cluster Type Identification: Clusters created through system templates now display as actual clusters with a "Template" label instead of showing as imported clusters
- Dashboard Integration: System template clusters with their type and label are now properly displayed in the dashboard
- Kubernetes Version Display: The cluster card also shows the Kubernetes version for better visibility for these clusters on the cluster card
Bug Fixes¶
| Bug ID | Component | Description |
|---|---|---|
| RC-41175 | Backup & Restore | Fixed error when clicking "Backup data agent" button |
| RC-41244 | GitOps System Sync | Resolved pipeline getting stuck in progress state with queued jobs |
| RC-41805 | Application Workloads | Fixed incorrect workload status display in the application workload debug window |
| RC-42696 | Fleet Workflow | Resolved fleet workflow sync issues where hook progress got stuck due to large hook output in Fleet Plan |
| RC-42835 | kubectl Access | Fixed kubectl access enable/disable functionality not working properly for read-only roles |