2022

v1.17¶

26 August, 2022

Upstream Kubernetes¶

Proxy Support for vSphere Clusters¶

Users can now configure and use a network proxy for vSphere based Kubernetes clusters.

Infra GitOps for vSphere Clusters¶

Infra GitOps workflows are now supported for vSphere based upstream Kubernetes clusters. With this, users can use declarative cluster specs to perform both Day-1 (provisioning) and Day-2 (scaling, upgrades) operations on these clusters. The exact same RCTL CLI command can be used for both Day-1 and Day-2 operations.

Provision, Scale, Upgrade, Update Blueprint

rctl apply -f cluster.yaml

Amazon EKS¶

Taints & Tolerations for System Components¶

Administrators can configure taints and tolerations for the system components (i.e. k8s mgmt operator and managed services) so that the associated k8s resources are only provisioned to specific nodegroups.

Example EKS cluster specifications to enable this are available in our public Git repository for examples

Unified Cluster Spec YAML¶

Users can now use a "unified declarative cluster specification" both for Day-1 operations (i.e. provision EKS cluster) and Day-2 operations (i.e. scale, upgrade etc.).

Custom AMI for Bottlerocket and Windows¶

Custom AMIs are now supported for Bottlerocket and Windows based AMI.

AWS Secrets Manager Integration (Beta)¶

The turnkey integration (beta) for Amazon EKS CLusters with AWS Secrets Manager has been enhanced based on customer feedback.

• Admins now have an option to configure rotation interval for secrets
• Configuration wizard has been enhanced to add support for SecretProviderClass resource
• Support for annotating the service account with role ARN - this is for scenarios where the application owner needs to create the service account based on already created IRSA as part of the application deployment

Network Policy Service¶

A new service focused on enabling "network policies" across a fleet of clusters is now available in the platform for all customers. Once enabled, Cilium is automatically installed and configured on the target clusters as a chained CNI using cluster blueprints.

Users have visibility into network flows for their clusters and applications directly in the web console (i.e. traffic into cluster, traffic between pods, traffic between namespaces, traffic out of cluster). Administrators can configure and enforce declarative network policies scoped to a cluster or a namespace.

Blueprints¶

Dashboard for Minimal Blueprint¶

The integrated Kubernetes resources dashboard no longer requires the Visibility & Monitoring addon. Users can now remotely and securely access the integrated k8s resources dashboard even if their clusters are configured to use the minimal blueprint or a custom blueprint with the visibility and monitoring addon disabled.

Golden Blueprint¶

Organizations now have the ability to create and manage a customized organization baseline blueprint aka. golden blueprint. Custom cluster blueprints can then be created on top of the golden blueprint ensuring that downstream business units and teams will always have custom cluster blueprints guaranteed to have the required addons from the golden blueprint.

YAML Overrides for Addons¶

Users can now configure overrides for YAML based addons to dynamically customize blueprint deployments on different clusters.

Workloads¶

YAML Overrides¶

Users can now configure overrides for YAML based workloads to dynamically customize workload deployments on different clusters.

RCTL CLI Enhancements¶

Templating¶

Users that use the declarative "rctl apply -f file.yaml" command can now use templates to dynamically generate spec files. This will help users avoid having to invest in the development and maintenance of complex, fragile scripts to parameterize input across 100s of YAML files.

Here is an illustrative example of a template for a "project".

# Generated: {{now.UTC.Format "2006-01-02T15:04:05UTC"}}
#      With: {{command_line}}
{{ $p := . }}{{ range $count := IntSlice .StartIndex .Count }}
apiVersion: system.k8smgmt.io/v3
kind: Project
metadata:
  name: {{ $p.Name }}-{{ $count }}
spec:
  clusterResourceQuota:
    configMaps: "{{ $p.ClusterQuota.ConfigMaps }}"
    cpuLimits: {{ $p.ClusterQuota.CpuLimits }}
    cpuRequests: {{ $p.ClusterQuota.CpuRequests }}
    memoryLimits: {{ $p.ClusterQuota.MemoryLimits }}
    memoryRequests: {{ $p.ClusterQuota.MemoryRequests }}
    storageRequests: {{ $p.ClusterQuota.StorageRequests }}
  default: false
  defaultClusterNamespaceQuota:
    configMaps: "{{ $p.NamespaceQuota.ConfigMaps }}"
    cpuLimits: {{ $p.NamespaceQuota.CpuLimits }}
    cpuRequests: {{ $p.NamespaceQuota.CpuRequests }}
    memoryLimits: {{ $p.NamespaceQuota.MemoryLimits }}
    memoryRequests: {{ $p.NamespaceQuota.MemoryRequests }}
    storageRequests: "{{ $p.NamespaceQuota.StorageRequests }}"
---
{{end}}

Declarative Models¶

All supported resources now support a declarative approach (i.e. rctl apply -f file.yaml). The controller will automatically determine the changes to current state and bring the resources to the specified state.

Note that customers can continue using the legacy imperative commands in addition to the recommended declarative approach.

rctl apply -f everything.yaml

GitOps¶

In-place Upgrades of Agent¶

Administrators can now perform one click, in-place upgrades for GitOps Agents on versions ≥ 1.17.

RBAC¶

Workspace Admin role¶

Workspace Admins can now create pipelines for deploying applications.

Catalog¶

Additions to System Catalog¶

The System Catalog has been updated to add support for the following repositories.

Terraform Provider¶

The terraform provider has been updated to add new resources and existing resources have been enhanced. Click here for more details.

Bug Fixes¶

v1.16¶

29 July, 2022

Upstream Kubernetes¶

Lifecycle management on VMware vSphere¶

It is now possible for users to provision clusters on vSphere natively with Cluster API (CAPI) while keeping the platform's core capabilities consistent and similar to other cluster types.

Windows Worker nodes¶

Calico CNI support is now available for Windows worker nodes. Support for consul has also been added to make Windows worker nodes aware of master node expansion.

Storage¶

Encryption support is now available for Rook-Ceph based storage. An option has also been provided to clean up disks consumed by Ceph.

Amazon EKS¶

Lifecycle management for brownfield EKS clusters¶

Users can now manage both Rafay provisioned as well as imported EKS clusters (brownfield) using the same APIs, RCTL apply, GitOps System Sync and Terraform scripts. The platform has been enhanced to enable the following capabilities for imported/brownfield clusters:

• Retrieval of information for control plane and managed node groups
• Expansion and scaling infrastructure
• Post provisioning operations such as upgrades

Custom AMIs¶

Users leveraging the cluster specification file to manage the node groups can now apply custom AMIs to node groups. This can be done via RCTL Apply, Terraform and GitOps System sync.

Resource tags for clusters and node groups¶

Users can now update cluster and node group level tags post the provisioning process.

IRSA¶

Users can now create service accounts using a cluster specification file both at the time of and post provisioning of a cluster. This can be done via RCTL Apply, Terraform and GitOps.

Infra GitOps¶

Secrets for Terraform based Infrastructure Provisioner¶

Infrastructure Provisioners require secrets to run the Terraform scripts. A new first-class object called Pipeline Secret Groups is now available within the platform to make it simpler for users to securely attach secrets to the Infrastructure Provisioner.

RBAC and SSO¶

Using IDP with multiple orgs (tenants)¶

SSO integration within the platform has now been enhanced to allow customers to register and use the same IDP across multiple orgs (tenants). This allows customers to own and operate multiple orgs (tenants) as necessary while ensuring that they are able to satisfy their internal compliance requirements.

Catalog¶

Additions to System Catalog¶

The System Catalog has been updated to add support for the following:

Dashboard¶

Create k8s Resources¶

Administrators are now provided with intuitive workflows to quickly and efficiently "create" CronJobs and Jobs Kubernetes resources directly from the inline Kubernetes resources dashboard.

Audit Logs¶

Audit logs have been enhanced across the platform with an intention to provide additional contextual information to users.

Terraform Provider¶

The terraform provider has been updated to add new resources and existing resources have been enhanced. Click here for more details.

Bug Fixes¶

Known Issues¶

Known issues are typically ephemeral and should be resolved in an upcoming patch.

v1.15¶

24 Jun, 2022

Upstream Kubernetes¶

Kubernetes v1.24¶

New upstream clusters can be provisioned based on Kubernetes v1.24.x. Existing upstream Kubernetes clusters managed by the controller can be upgraded in-place to Kubernetes v1.24.2.

CNCF Conformance¶

Upstream Kubernetes clusters based on Kubernetes v1.24 (and prior Kubernetes versions) are fully CNCF conformant.

Kubernetes Patch Releases¶

Existing upstream Kubernetes clusters managed by the controller can be updated in-place to the latest Kubernetes patches for supported versions (v1.23.8, v1.22.11, v1.21.14)

Reset Cluster¶

For bare metal and VM-based clusters (especially single-node clusters), administrators can reset the cluster's state. This workflow allows administrators to provision Kubernetes from scratch without having to delete and recreate the cluster in their project.

Managed Storage in HA Mode¶

For bare metal and VM-based clusters, administrators can now deploy and operate Rook/Ceph based managed storage in a Highly Available (HA) configuration.

Amazon EKS¶

Cluster Template Role¶

A new "cluster template user" role is now available that allows operations teams to enable a true self-service experience for internal users without sacrificing governance and control. Users with this role can only provision EKS clusters based on approved cluster templates in their project.

Infra GitOps - Custom AMI Upgrades¶

The existing RCTL CLI based Infra GitOps capability has been enhanced to add support for custom AMI upgrades. With this, administrators can

• Replace the AMI ID in their EKS Cluster spec files with the new AMI ID and
• Perform "rctl apply -f clusterspec.yaml".

The controller will detect the user's intention and automatically upgrade the cluster's node groups to the new AMI ID.

Infra GitOps - k8s Upgrades for Specific Node Groups¶

The existing RCTL CLI based Infra GitOps capability has been enhanced to add support for performing k8s upgrades for specific node groups. With this, administrators can

• Update the k8s version for a specific node group in their EKS cluster spec files with the new version
• Perform "rctl apply -f clusterspec.yaml".

The controller will detect the user's intention and automatically upgrade the node groups to the Kubernetes version

Catalog¶

Additions to System Catalog¶

The System Catalog has been updated to add support for the following:

Custom Catalogs¶

Administrators can now create and manage "custom catalogs" for workloads and add-ons allowing them to provide internal users a curated "Enterprise Catalog" experience.

Sharing Custom Catalogs¶

Custom catalogs can be shared with All or Select projects in the Org. This enables a central architecture team to create and manage "enterprise catalogs" and share them with downstream projects.

Disable System Catalog¶

Org Admins can optionally disable the default "system catalogs" ensuring that only applications from custom catalogs can be used.

Cluster Blueprint¶

Sync Performance for Minimal Blueprint¶

The cluster blueprint reconciliation process has been tuned and optimized for minimal blueprints and is now significantly faster.

Dashboard¶

Create k8s Resources¶

Administrators are now provided with intuitive workflows to quickly and efficiently "create" Deployments, DaemonSets, and StatefulSets Kubernetes resources directly from the inline Kubernetes resources dashboard.

GitOps¶

Webhook for BitBucket¶

Automation pipelines can now be triggered using webhooks from BitBucket (self hosted or SaaS). This adds to existing webhook support for GitHub and GitLab.

Catalog for Workload Templates¶

Workload templates can now be created based on applications from the system or custom catalogs.

Share Workload Templates¶

Workload templates can now be shared across projects enabling "developer productivity" and "governance"

Terraform Provider¶

The terraform provider has been updated to add new resources and existing resources have been enhanced. Click here for more details.

Secrets Management¶

AWS Secrets Manager Integration (Beta)¶

Users can leverage a new turnkey integration with AWS Secrets Manager for securing application secrets. This is available as a beta feature.

Deprecation¶

PSP Support¶

In alignment with the upcoming end of support for PSPs in Kubernetes, turnkey support for PSPs has been deprecated. New clusters, blueprints and namespaces will no longer support the use of PSPs.

Customers are strongly encouraged to adopt compelling alternatives such as the OPA Gatekeeper integration. Turnkey Gatekeeper policies providing a superset of capabilities relative to PSP are available here.

Managed Log Aggregation Add-On¶

The managed log aggregation add-on (based on Fluentd) in the cluster blueprint has been deprecated and will be removed in the near future. Users are recommended to migrate to next generation alternatives such as Fluentbit based on the integrated catalog.

Bug Fixes¶

Known Issues¶

Known issues are typically ephemeral and should be resolved in an upcoming patch.

v1.14¶

27 May, 2022

Upstream Kubernetes¶

Cluster Provisioning UX¶

An enhanced and updated user experience is now provided initial provisioning of upstream Kubernetes clusters. This providing users with a detailed view into status and progress. They are also provided with inline debug and diagnostic capabilities for the configured cluster blueprint components.

Coexist with Customer's Salt Minion¶

The controller managed salt minion on the upstream k8s cluster master and worker nodes can now operate side-by-side with a customer's existing salt stack infrastructure.

Amazon EKS¶

GitOps for EKS Lifecycle Management¶

Lifecycle of Amazon EKS Clusters can now be managed using GitOps with the integrated System Sync automation framework. This feature ensures that the state of the EKS cluster is "always in sync" with the declarative cluster spec in the configured Git repository. With this feature:

• Users can use the convenience of the web console to configure and provision an EKS cluster and have the controller automatically generate and bootstrap the configured Git repository with the EKS cluster's declarative cluster specification.

• Users can make changes to the EKS cluster using the convenience of the web console and the changes to the cluster spec will be automatically written back to the configured Git repository.

Catalog for Blueprint Addons¶

Addons for cluster blueprints can now be sourced from a curated system catalog with popular addons. Lifecycle of the "catalog" based addons can be managed using the console, RCTL CLI and GitOps System Sync.

Catalog for Workloads¶

Developers can configure and deploy workloads for popular applications (e.g. MySQl database etc) via a curated system catalog. Lifecycle of the "catalog" based workloads can be managed using the console, RCTL CLI and GitOps System Sync.

Workloads¶

Workloads by Cluster Name¶

The workload dashboard has been enhanced to display the name of the cluster where workload is currently deployed. The user experience has been updated to support both "single" and "multi cluster" deployment scenarios.

Security¶

Workspace Admin¶

A new role supporting an intermediate level of "soft multitenancy" is now available allowing administrators to offload certain administrative functionality to application users without losing control and governance.

The Workspace Admin feature enables "self service" for application teams by providing an intermediate level of multi-tenancy beyond Kubernetes namespaces.

Workspace admins:

• Can create and manage their own namespaces on clusters in a project
• Cannot access namespaces they do not manage or have access via any channel including zero trust kubectl
• Can be assigned resource quotas that are actively enforced

Watch a video showcasing the workspace administration feature

Policy Management¶

Users limited to specific namespaces (e.g. developers) are now provided centralized visibility and access to OPA Gatekeeper policy violations for resources in their namespaces.

Dashboards¶

Create k8s Resources¶

Administrators are now provided with intuitive workflows to quickly and efficiently "create" Ingress, Service and PVC Kubernetes resources directly from the inline Kubernetes resources dashboard.

Cluster View for Project Admins¶

Users with a "Project Admin" role are now provided visibility into clusters in their project. Specifically, they have access to the following:

• Kubernetes Resources Dashboard
• Utilization details

Known Issues¶

v1.13¶

29 April, 2022

Upstream Kubernetes¶

Windows Worker Nodes¶

Support for seamless addition/removal of Windows worker nodes. Support for hitless, in-place Kubernetes upgrades for Windows worker nodes. With this enhancement, users can now provision and operate Upstream Kubernetes clusters with worker nodes based on multiple architectures.

• Linux/amd64 and/or
• Linux/arm64 and/or
• Windows/amd64 architectures

This allows for deployment and operations of heterogeneous application types on the same Kubernetes cluster enabling "consolidation of infrastructure". Users can containerize legacy Windows applications and deploy them to Kubernetes clusters enabling "acceleration of migration of legacy applications" to Kubernetes.

Click here for more details.

Watch a video showcasing the experience of adding a Windows Worker node to an existing cluster. You will also see what the user experience is to deploy and operate a Windows workload to the remote windows worker node.

Amazon EKS¶

CNI Custom Networking¶

Turnkey support for CNI custom networking for the AWS VPC CNI plugin enabling large enterprises to address CIDR block availability related issues for their AWS VPCs. More here and here.

Watch a video showcasing how to configure and provision an EKS cluster with custom networking.

Cluster Templates Enhancements¶

Cluster templates can now be shared across projects. Templates have been enhanced to support overrides for complex objects. Administrators can also now identify and list clusters based on a specific cluster template. More here

k8s 1.22¶

New Amazon EKS clusters can be provisioned based on Kubernetes 1.22. Existing clusters can be upgraded in-place to Kubernetes 1.22.

Watch a video showcasing the user experience of performing in-place upgrades of Amazon EKS clusters from k8s 1.21.x to 1.22.x

Clusters and Node Groups by AMI ID¶

Organizations can now use a Swagger API to quickly identify EKS clusters and node groups based on a specified "AMI ID" across all projects spanning multiple AWS accounts. Click here for more details.

Blueprints¶

Minimal Blueprint¶

The AWS node termination handler is no longer automatically deployed to EKS clusters when the "Minimal Blueprint" is used as the base blueprint. This allows organizations to bring their own customized versions of the AWS node termination handler as part of their cluster blueprints.

Disable Versions¶

Administrators can now enable/disable specific versions of a cluster blueprint. This prevents users from accidentally using outdated/deprecated versions of a blueprint. When a specific blueprint version is disabled, a visible warning and upgrade prompt is displayed on the cluster card for cluster administrators.

Dashboards¶

Create k8s Resources¶

Administrators are now provided with intuitive workflows to quickly and efficiently "create" ConfigMaps and Secret type of Kubernetes resources directly from the inline Kubernetes resources dashboard.

Click here to learn more.

Zero Trust Kubectl¶

Users are now shown connection establishment status on the web shell to the remote Kubernetes cluster (a) when they open it for the first time and (b) when the session expires.

GitOps¶

GitOps support has been added for the following resources: Role, Group and Cluster Overrides.

Bug Fixes¶

Known Issues¶

Known issues are typically ephemeral and should be resolved in an upcoming patch.

v1.12¶

01 April, 2022

Upstream Kubernetes¶

EKS-D Provisioning¶

Amazon EKS-D based Kubernetes cluster provisioning workflows have been streamlined and optimized. More here.

Managed Storage¶

In addition to existing Local PV and Distributed Storage (based on GlusterFS), customers can now use CNCF graduated Rook Ceph based distributed storage as a managed storage option. More here.

Amazon EKS¶

Wait Option for RCTL CLI based Infra Operations¶

A "blocking" wait option is now available in the RCTL CLI for "long running" infrastructure operations such as cluster provisioning, cluster scaling, addition and removal of nodes etc. More here.

Managed Node Group Upgrades with Custom AMI¶

Admins can now update managed nodegroups by specifying node-ami for custom AMIs.

Dashboards¶

Kubernetes Resources¶

The integrated Kubernetes resources dashboard (available for both cluster administrators and developers) now provides the means for authorized users to perform additional lifecycle operations for all k8s resources (Edit YAML, Download YAML, Describe) on remote clusters directly from the console.

Developers can use the "describe" option for their Ingress and PVCs to quickly verify if there are issues with the underlying Ingress Controller or PVs. More here.

Blueprints¶

Fleet Upgrades¶

Users can now perform controlled and automated upgrades of blueprints on a fleet of clusters. More here.

GitOps¶

Docker Form Factor for Agent¶

A Docker form factor for the agent (CD/Repository) is now available. This provides users the means to deploy the agent in their networks without the need for a k8s cluster. More here.

Policy Management¶

Centralized Aggregation of Violations¶

All policy (Managed OPA Gatekeeper) violations are automatically aggregated centrally at the controller and made available to administrators via intuitive dashboards, workflows and APIs. More here.

RCTL CLI¶

The RCTL CLI has been updated for users to fully automate the entire lifecyle of policy management for the integrated OPA Gatekeeper service. More here.

RBAC and SSO¶

Group Assignment for IdP Users¶

Admins can now use the RCTL CLI to progammatically assign IdP users to a Group allowing them to fully automate workflows. More here.

Integrations¶

HashiCorp Vault¶

In addition to using the web console, customers can now automate integration with Vault on managed clusters using the RCTL CLI. More here.

Terraform Provider¶

The terraform provider has been updated with intuitive examples and improved documentation.

Bug Fixes¶

Known Issues¶

v1.11¶

25 February, 2022

Upstream Kubernetes¶

Kubernetes Versions¶

New upstream Kubernetes clusters can be provisioned based on Kubernetes v1.23. Existing upstream Kubernetes clusters on older versions can be upgraded to Kubernetes v1.23. Latest patch releases for Kubernetes v1.22, v1.21 and v1.20 are also available.

Updated OVA and QCOW Images¶

Refreshed OVA and QCOW2 images for the pre-packaged clusters are now available with security updates and latest software images. More on OVA and on QCOW2.

Amazon EKS¶

Bottlerocket - Managed Node Groups¶

Support for provisioning and ongoing operations of managed node groups based on Bottlerocket AMIs.

List of In-Use AMI ID¶

Across the organization or the projects, authorized users can identify the list of the AMI Images associated with the node groups of EKS clusters. This helps to quickly detect the outdated AMI IDs and prioritize upgrades. More here.

Cluster Blueprints¶

Status and Progress¶

Decoupled status and progress for infrastructure and blueprint/addon during cluster provisioning for Amazon EKS and Azure AKS clusters (coming soon for upstream k8s provisioning!). This provides users with a detailed, fine-grained view into how things are progressing and allows them to quickly zero in on the specific issue causing failures. More here.

Decoupled Lifecycle for Managed Add-ons¶

Customers now have fine-grained control over how/when managed add-ons in custom blueprints are updated.

Change Log for Managed Add-on Versions¶

Customers have visibility into the change log of managed addons in base blueprint versions. This allows them to understand which add-on changed and when.

CLI for Charts and Values from Different Repos¶

The RCTL CLI has been enhanced to support addons with Helm charts and values.yaml files from different repositories. More here.

Dashboards¶

k8s Resource Dashboards¶

The embedded, inline k8s resource dashboards for both clusters (used by Ops/SRE users) and workloads (used by developers) have been streamlined for near real-time retrieval and presentation of data to users. More here and here.

Workloads¶

Status and Progress¶

The RCTL CLI has been enhanced with an “option” to provide detailed "status" and "progress updates" for associated k8s resources associated with a workload. Customers that embed RCTL CLI in their automation pipelines can now retrieve and present detailed workload deployment status and progress updates as part of their pipeline output to developers. More here.

Per Container Resource Sizing in Workload Wizard¶

The workload wizard has been enhanced to provide support for separate sizing options for container requests and limits. More here.

Mount same Volume to Multiple Paths¶

The workload wizard has been enhanced to support mounting the same volume to multiple paths as part of same workload. More here.

CLI for Charts and Values from Different Repos¶

The RCTL CLI has been enhanced to support Helm 3 workloads with charts and values.yaml files from different repositories. More here.

Integrations¶

Self-Signed Cert for Vault Integration¶

Customers can now use self-signed certificates for integration with HashiCorp Vault. More here.

Partner Operations Console¶

Create Org¶

In addition to programmatic ways to create and manage Orgs, Partner Admins can now also create and approve new Orgs directly using a workflow in the Partner Ops Console. More here.

Bug Fixes¶

v1.10¶

28 January, 2022

Amazon EKS¶

Cluster Templates¶

For non-production environments, it can be extremely effective to "empower and enable" developers with the ability to provision and use infrastructure resources such as compute, network and clusters for testing and deploying their applications. However, typically Operations and Security teams also need control over "which infrastructure resources are created" and "where they are created" for various reasons like cost management, security policies and governance.

A cluster template for Amazon EKS

• Enables Ops/SRE teams to enable "self service" operations for cluster lifecycle operations to developers (cluster admin role) without losing control over governance and policy.
• Allows the Infrastructure admins to specify and ecncapsulate the freedom/restriction for infrastructure resource creation.
• Abstracts the details of the resource creation by exposing limited configuration for the user to deal with.
• Is a preset configuration that can be used to replicate infrastructure resources.

More here

RCTL for AWS Wavelength¶

The RCTL CLI now supports full lifecycle management of AWS Wavelength node groups using declarative cluster specs.

More here

Upstream Kubernetes¶

Hard Failure for DNS Preflight¶

Conjurer based provisioning will now block provisioning if collisions/conflicts are detected on the node with DNS preflight checks.

Dashboards¶

Cluster Dashboard¶

The cluster card in the web console has been enhanced to also display the number of nodes "by type" (master, worker).

Workloads¶

For Helm 3 workloads, developers can source chart and values.yaml files from different repositories. For example, the chart can be sourced from a public Bitnami repository and the "custom" values.yaml file can be sourced from a private Git repository.

Cluster Blueprints¶

Multiple Repos for Addons¶

For Helm 3 addons in a cluster blueprint, administrators can source the chart and values.yaml files from different repositories. For example, the chart can be sourced from a public Bitnami repository and the "custom" values.yaml file can be sourced from a private Git repository.

Status and Progress Enhancements¶

A significantly enhanced user experience for cluster blueprint updates on all cluster types.

Imported Clusters¶

Admins will have access to rich and detailed status and progress during the initial cluster import process into the controller.

Zero Trust Kubectl¶

Users with API only privileges cannot login into the web console. Currently, they can download their kubeconfig file programmatically using the RCTL CLI. Org Admin privileges can now download the kubeconfig file for users with "API only" privileges from the Web Console as well.

Vault Integration¶

The integration with HashiCorp Vault has been enhanced to support retrieval of "All secrets from the configured path" and (a) Render to a file or (b) Create environment variables. This enhancement enables users to retrieve all secrets in a single pass resulting in dramatically simplified workflows for the developer.

RCTL CLI Enhancements¶

Users of the RCTL CLI now have the option to wait and block for long running operations such as "namespace publish" and "workload publish". The wait and block operational approach can potentially help simplify the logic in a customer's automation pipeline.

Partner Operations Console¶

Disable Self Service Sign Up¶

White labeled partners that do not have an inhouse process to handle self service sign up workflows can now optionally request that self service sign up workflows be disabled.

Bug Fixes¶