Supported Environments
Supported environments and operational requirements for upstream Kubernetes (MKS) on bare metal and VMs.
Operating Systems¶
| Operating System | Control plane | Worker nodes |
|---|---|---|
| AlmaLinux 9 (64-bit) | Yes | Yes |
| RHEL 8.x (64-bit) | Yes | Yes |
| RHEL 9.1 and 9.2 (64-bit) | Yes | Yes |
| RHEL 10 (64-bit) | Yes | Yes |
| Rocky Linux 9 (64-bit) | Yes | Yes |
| Ubuntu 20.04 LTS (64-bit) (EOL) | Yes | Yes |
| Ubuntu 22.04 LTS (64-bit) | Yes | Yes |
| Ubuntu 24.04 LTS (64-bit) | Yes | Yes |
| Windows Server 2019 (64-bit) | No | Yes |
| Windows Server 2022 (64-bit) | No | Yes |
| Flatcar Linux 4081 | Yes | Yes |
RHEL kernel
On RHEL-based systems, kernel 4.18 is not supported with Kubernetes 1.33 and above. Kernel 4.19 is the recommended 4.x LTS option; 5.x and 6.x kernels are preferred for Kubernetes 1.33+.
Windows workers
Windows worker nodes require Kubernetes v1.23.x or higher and the Calico CNI. Canal and Cilium are not supported with Windows workers.
Hypervisors¶
MKS on VMs is hypervisor-agnostic. The following have been validated for provisioning and lifecycle management:
- VMware vSphere (v7.x, v8.x)
- Microsoft Hyper-V
- Nutanix AOS (v6.5.x LTS, v6.8.x)
- OpenStack (2023.1 Antelope, 2023.2 Bobcat, 2024.1 Caracal)
- VirtualBox (v7.0.x, v6.1.x)
Kubernetes versions¶
Rafay supports four minor Kubernetes versions at a time. When a new minor version is added, the oldest supported minor version is removed. Upgrade clusters regularly to stay on supported versions.
Supported minor versions¶
| Version | End of standard support | Added in controller release |
|---|---|---|
| v1.36.x | N/A | v4.1 Update 7 |
| v1.35.x | 25 Feb 2027 | v4.0 Update 4 |
| v1.34.x | 27 Oct 2026 | v3.7 |
| v1.33.x | 28 Jun 2026 | v3.5 |
| v1.32.x (deprecated) | 28 Feb 2026 | v3.1 |
| v1.31.x (EOL) | 28 Oct 2025 | v2.10 |
| v1.30.x (EOL) | 28 Jun 2025 | v2.7 |
| v1.29.x (EOL) | 28 Feb 2025 | v2.4 |
| v1.28.x (EOL) | 28 Oct 2024 | v2.0 |
| v1.27.x (EOL) | 28 Jun 2024 | v1.27 |
| v1.26.x (EOL) | 28 Feb 2024 | v1.25 |
| v1.25.x (EOL) | 27 Oct 2023 | v1.19 |
| v1.24.x (EOL) | 28 Jul 2023 | v1.15 |
| v1.23.x (EOL) | 28 Feb 2023 | v1.11 |
Note
Kubernetes 1.32.x reaches upstream end of life on 28 Feb 2026. Rafay will continue to support it for a transition period so customers can migrate to a supported minor version.
Patch versions¶
Default patches are shown in the UI when provisioning or upgrading. Deprecated patches are labeled (deprecated) and appear when Show deprecated Kubernetes patch versions is enabled.
| Minor | Default patch | Deprecated patches |
|---|---|---|
| v1.36 | v1.36.0 | — |
| v1.35 | v1.35.4 | v1.35.0 |
| v1.34 | v1.34.7 | v1.34.3, v1.34.1 |
| v1.33 | v1.33.11 | v1.33.7, v1.33.5 |
| v1.32 | — | v1.32.13, v1.32.11, v1.32.9 |
Use the default patch for each minor version (for example, v1.35.4 for 1.35). Deprecated patches are for migration and upgrade testing only.
Platform versioning¶
Each platform version bundles cluster components (CRI, etcd, agents) for consistent upgrades. Platform version v1.3.0 is the latest and the default for new cluster creation.
Component versions¶
| Component | v1.3.0 (latest) | v1.2.0 | v1.1.0 (deprecated) |
|---|---|---|---|
| CRI | 2.3.0 | 2.0.4 | 2.0.4 |
| etcd | 3.5.24 | 3.5.24 | 3.5.21 |
| Cluster Utils | 2.0.0 | 2.0.0 | 2.0.0 |
| Orchestration Agent | 3006.12 | 3006.12 | 3006.12 |
| Orchestration Proxy | 1.10.1 | 1.10.1 | 1.10.1 |
Platform version summary¶
| Version | Status | Notes |
|---|---|---|
| v1.3.0 | Latest (default) | Default for new cluster creation; required for Kubernetes v1.36. CRI 2.3.0 is the minimum containerd version for v1.36. |
| v1.2.0 | Active | Required for Kubernetes v1.35 and default patches v1.35.4, v1.34.7, v1.33.11. etcd 3.5.24 is required for Kubernetes 1.35+. |
| v1.1.0 | Deprecated | Migration only. See component table above. |
| v1.0.0 | Deprecated | Migration only. |
| v0.1.0 | Deprecated | Reference label for clusters created before platform versioning. Upgrade to v1.2.0 (direct upgrade from v0.1.0 is supported). |
Deprecated platform versions (v1.1.0, v1.0.0, v0.1.0) are labeled (deprecated) in the UI. Enable Show deprecated platform versions to select them.
Node management and cluster upgrades¶
Prerequisites¶
- Control plane: 8 OCPUs (16 vCPUs), 32 GB memory
- Workers: 1 OCPU (2 vCPUs), 4 GB memory
Recommendations¶
- Add or remove nodes in batches of up to 100
- If some nodes fail during upgrade, the retry mechanism upgrades the remainder
Important
Qualified for up to 500 nodes and 10,000 pods.
Container networking (CNI)¶
| CNI | Notes |
|---|---|
| Cilium | Recommended for Linux nodes |
| Calico | Recommended for Linux and Windows nodes |
| Canal | Calico + Flannel |
| Flannel | Deprecated; not recommended for new clusters |
CPU, memory, and architecture¶
- Control plane: Linux/x64 and Linux/arm64
- Workers: Linux/x64, Linux/arm64, or Windows/x64
- Full ARM support on Ubuntu 22.04 and 24.04 LTS (default and default-upstream blueprints)
Minimal blueprint¶
| Resource | Minimum |
|---|---|
| vCPUs per node | 2 |
| Memory per node | 4 GB |
default-upstream blueprint¶
Single-node cluster:
| Resource | Minimum | Cores |
|---|---|---|
| vCPUs per node | 2 | 4 |
| Memory per node | 16 GB | — |
HA cluster:
| Resource | Minimum | Cores |
|---|---|---|
| vCPUs per node | 2 | 4 |
| Memory per node | 16 GB | — |
Important
Allow extra capacity if you deploy blueprints with monitoring, storage, or other add-ons. To switch from default-upstream to another blueprint after provisioning, delete workload deployments and workload PVCs first.
GPU¶
NVIDIA GPUs compatible with Kubernetes are supported. See GPU overview.
Container runtime¶
Clusters use containerd (CRI) instead of Dockershim (removed from Kubernetes 1.20+). In-place Kubernetes upgrades also move nodes to containerd; plan for workload restarts.
Inter-node networking¶
Multi-node clusters require node-to-node connectivity across all UDP/TCP ports.
Control plane¶
| Protocol | Direction | Ports | Purpose |
|---|---|---|---|
| TCP | Inbound | 6443 | API server |
| TCP | Inbound | 2379-2380 | etcd |
| TCP | Inbound | 10250, 10255 | kubelet |
| TCP | Inbound | 10259, 10251 | scheduler |
| TCP | Inbound | 10257, 10252 | controller-manager |
| UDP | Inbound | 8285 | Flannel |
| TCP | Inbound | 30000-32767 | NodePort (if exposed on control plane) |
| TCP | Inbound | 9099 | Calico |
| TCP | Inbound | 5656 | OpenEBS Local PV |
| UDP | Inbound | 4789 | VXLAN |
Workers¶
| Protocol | Direction | Ports | Purpose |
|---|---|---|---|
| TCP | Inbound | 10250, 10255 | kubelet |
| TCP | Inbound | 30000-32767 | NodePort |
| UDP | Inbound | 8285, 8472 | Flannel |
| TCP | Inbound | 8500 | Consul |
| UDP | Inbound | 8600 | Consul |
| TCP/UDP | Inbound | 8301 | Consul |
| TCP | Inbound | 9099 | Calico |
| TCP | Inbound | 5656 | OpenEBS Local PV |
| UDP | Inbound | 4789 | VXLAN |
Forward proxy¶
Configure when nodes cannot reach the controller directly and must use a non-transparent proxy.
Storage¶
Turnkey storage options in the cluster blueprint simplify PersistentVolume management on bare metal and VMs.
Local PV¶
Required storage class.
- OpenEBS on bare metal and VMs
- Amazon EBS on EC2 (requires IAM role for dynamic provisioning)
Suited for: workloads with built-in replication (MongoDB, Redis, Cassandra, Postgres), high local throughput, or single-node/edge clusters without shared storage.
Distributed storage¶
Optional Rook-Ceph for highly available shared storage and pod rescheduling across workers.
Important
GlusterFS-based managed storage was deprecated in Q1 2022 and EOL in Q1 2023.
Storage requirements¶
Root disk¶
Used for container images, Kubernetes binaries, etcd, Consul, system packages, and logs (rotated via logrotate).
- Raw, unformatted
- Minimum 50 GB; recommended 100 GB+
Note
On a single-node cluster, reserve about 30 GB for platform data and 20 GB for workload PVCs unless you plan additional capacity.
Secondary disk¶
Optional; required only for Rook-Ceph. Dedicated to workload PVCs.
- Raw, unformatted
- Minimum 50 GB per node; recommended 100 GB+