> For the complete documentation index, see [llms.txt](https://docs.platform9.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.platform9.com/release-notes/april-2026-release.md).

# April 2026 Release

The latest release of Private Cloud Director includes new features, usability improvements, and resolved issues to enhance product stability and performance.

#### **New Features**

**ISO-Based Hypervisor Host Onboarding (Beta Release)**

Private Cloud Director now supports an ISO-based hypervisor host onboarding flow based on Rocky Linux. Booting from the ISO guides the user through OS installation, followed by Private Cloud Director onboarding for the host in a unified user experience.

**Rocky Linux 10.1 Hypervisor Host Support**

Hypervisor hosts running Rocky Linux 10.1 can now be onboarded and managed in Platform9 Private Cloud Director. GPUs are not presently supported on hypervisor hosts running Rocky Linux. VMs can be cold-migrated from hypervisor hosts running Ubuntu 22.04 or 24.04 to Rocky Linux 10.1 for cluster conversion from Ubuntu to Rocky Linux. Live migration from Ubuntu to Rocky Linux is not supported.

**Install from ISO Wizard for VM Creation**

A new Install from ISO option is available in the VM creation wizard, enabling Windows and Linux operating systems to be installed directly from the UI without CLI workarounds.

**ISO File Mounting to Existing VMs**

Users can now attach an ISO image to a running VM directly from the UI, exposing it as a virtual CD/DVD drive.

**Optional Hostname Field for VM Creation**

The VM creation flow now provides a separate, optional input field for the OS-level hostname, decoupling it from the VM display name. The field defaults to the VM display name but can be edited independently. This allows administrators to use descriptive display names for searchability while assigning short, standards-compliant hostnames to the guest OS.

**User-Friendly Volume Naming During VM Creation**

Block Storage volumes created during VM provisioning can now be assigned user-defined names. This makes it easier for storage administrators to identify volumes on the backend array and track their association with specific VMs.

**HPE Nimble Block Storage Driver Support**

Added support for configuring the HPE Nimble FC and iSCSI Block Storage driver from the <code class="expression">space.vars.PRODUCT\_NAME</code> UI. Administrators can select either driver directly from the Storage Driver dropdown instead of using the Custom driver option, and the corresponding configuration fields are populated automatically.

**Live Migration and DRR Support for vTPM VMs**

VMs configured with vTPM now support live migration, Dynamic Resource Rebalancing (DRR), and maintenance mode operations from the UI. vTPM state and data persist across the migration, and the VM remains in the Active state throughout the process, matching the behavior of standard VMs.

**Refined Block Storage Backend Configuration Parameters**

The Block Storage backend configuration UI now reflects the updated mandatory and optional parameters for supported storage backends like NetApp, Tintri, Pure Storage, HPE, and others.

**Live Migration Interface Option in Host Configuration**

Host configuration now includes a dedicated network interface option for VM live migration traffic. Administrators can specify which interface handles VM live migration traffic, separating it from other host traffic types.

**Token-Based pcdctl RC for SSO Users**

The pcdctl RC file generated under API Access in the UI for SSO-authenticated users now embeds the current Identity Service auth token directly instead of a password variable. SSO users can use the generated RC file directly with the pcdctl CLI without separately authenticating through saml2pf9.

**Application Credentials Access for Non-Admin Users**

Self-service and Read-only users can now view and create Application Credentials from the UI. Self Service users can create credentials with the Self Service or Read-only role, Read-only users can create credentials with the Read-only role, and Admin users can create credentials with any role. This enables broader programmatic access for non-admin users.

**On-Premises Kubernetes Management Plane**

Customers can now deploy a Kubernetes management plane in on-premises and Community Edition environments. The `airctl` CLI has been updated to support lifecycle operations — install, upgrade, and other management tasks — for the Kubernetes management plane.

**Backup and Restore for Air-Gapped Kubernetes Deployments**

Added the ability to back up and restore Kubernetes clusters in air-gapped on-premises deployments, enabling disaster recovery workflows in environments without external connectivity.

**Public Cluster API for Kubernetes Management Plane**

The Kubernetes management plane now exposes a public Cluster API for all cluster lifecycle operations — create, scale, upgrade, and delete. Cluster topology is managed through a standard API, eliminating the need to interact with lower-level infrastructure templates.

#### **Enhancements to Virtualization on Private Cloud Director**

**Per-Backend Storage Capacity Visibility**

The storage backends view now displays capacity, volume count, and VM count on each backend row, enabling administrators to compare utilization across backends. The Block Storage section also displays available and used storage capacity broken down by volume backend type.

**VM Search by Metadata Value**

The VM search bar now supports searching by metadata value. Only one metadata key-value pair is supported per search.

**Critical Storage Information in the UI**

Block Storage details now surface per-host IQN and WWN identifiers to aid in storage issue triaging. The volume details page shows both the Storage Service management host and the hypervisor host serving the volume, and the volume list view includes dedicated columns for each. The host details page lists all volumes attached to that host as a hypervisor.

**Grafana Dashboard Improvements**

Two new Grafana dashboards are now available: Block Storage Capacity & Health and Hypervisor Network Interfaces. These dashboards provide visibility into Block Storage consumption and per-host, per-interface bandwidth usage to aid in monitoring and debugging.

**Corrected Memory and Storage Utilization Metrics**

Resource utilization metrics for memory and storage now reflect consistent data across all hypervisor hosts, preventing utilization values from appearing greater than allocated values. Allocation and usage data are now both derived from the same set of hosts.

**Total Disk Capacity in VM Configuration Overview**

The VM Configuration Overview section now displays the total disk capacity consumed by a VM. This value represents the sum of all volume sizes attached to the VM, complementing the existing per-volume breakdown.

#### Enhancements to Kubernetes on Private Cloud Director

**Unified Public API for All Cluster Operations**

All cluster operations — creating clusters, editing clusters, and adding or deleting node groups — are now performed through the public Cluster API. Bring Your Own Host (BYOH) cluster creation also uses the public API. During migration, editing and node group management for older clusters continue to use the previous method until migration is complete.

**Application Credential Management Moved to Backend**

Application credentials (id-ref and cloud-config) and secrets are no longer created from the UI. This logic has been moved to the backend, improving security and reducing UI complexity.

**SSH Key Selection for Node Groups**

An SSH key field has been added to the cluster creation modal, allowing users to specify an SSH key during node group provisioning. SSH key selection is optional — clusters continue to function if the key is later removed from Nova.

**`kubectl exec`/`attach`/`cp` via WebSocket through VCP Proxy**

`kubectl exec`, `kubectl attach`, and `kubectl cp` commands using the WebSocket executor (`WebSocketExecutor`) are now supported through the Envoy-based VCP Proxy.

**Minor Enhancements**

* A step-by-step progress screen now appears after every operation involving creating, editing, or adding a cluster or node group.
* Multiple minor enhancements have been made to the Cluster Role Bindings page for improved usability.
* The tenant table has been removed from the create cluster modal and relocated to the cluster dashboard, streamlining the cluster creation workflow.

#### **Upgrade Notes**

**Helm Ownership Metadata for the victoria-metrics-cluster-vmselect Ingress**

In this release, the Helm chart manages the `victoria-metrics-cluster-vmselect` Ingress. If you created this Ingress manually in an earlier release, the resource lacks the Helm ownership metadata required for adoption, and `airctl upgrade` fails with the following error:

```
UPGRADE FAILED: Unable to continue with update: Ingress "victoria-metrics-cluster-vmselect" exists and cannot be imported into the current release: invalid ownership metadata
```

To prevent this failure, perform the following check before upgrading:

1. Check whether the Ingress exists in the region namespace. Replace `<REGION_NAMESPACE>` with the namespace for the region you are upgrading.

```bash
   kubectl get ingress victoria-metrics-cluster-vmselect -n <REGION_NAMESPACE>
```

If no Ingress is returned, no further action is required.

2. If the Ingress exists, apply one of the following options before running `airctl upgrade`:
   * Patch the existing Ingress with the Helm ownership label:

```bash
     kubectl label ingress victoria-metrics-cluster-vmselect app.kubernetes.io/managed-by=Helm -n <REGION_NAMESPACE> --overwrite
```

* Delete the existing Ingress so Helm recreates it during the upgrade:

```bash
     kubectl delete ingress victoria-metrics-cluster-vmselect -n <REGION_NAMESPACE>
```

**vTPM Live-Migration Prerequisites**

For existing Private Cloud Director deployments with vTPM VMs, follow the prerequisites below for vTPM live-migration support:

* Ensure that the `swtpm` user has the same UID across all hosts. You can check it by running `getent passwd swtpm`.
* Manually align the `swtpm` UID/GID to the same value (`64130`) on all hosts and re-`chown` all files in the `/var/lib/libvirt/swtpm` directory to that UID/GID.
* If the directory `/var/lib/swtpm-localca` is present, ensure it is `chown`ed by `pf9:pf9group`.

#### **Bug Fixes**

**Infrastructure Management**

* In case of host upgrade failures, the system now retries with exponential backoff, waiting up to 15 minutes before failing.
* VM console sessions are now secured with per-VM VNC passwords and restricted to the hypervisor's IP address, preventing unauthenticated direct access to VNC ports. VMs created before this change fall back to unauthenticated VNC access until they are stopped and restarted.
* The `pcdctl deauthorize-node` and `pcdctl decommission-node` commands now accept an `--mfa` flag, allowing MFA-enabled admin accounts to authenticate successfully. Previously, omitting this option caused a 401 authentication failure with no clear indication that an MFA token was required.

**Storage Service**

* Stale lock files in `/opt/pf9/pf9-cindervolume-base/state` can now be removed using `pcdctl manage volume util clean_locks` on the affected Storage Service host. Run `pcdctl-setup` first to ensure the latest pcdctl is installed.
* Volumes can now be attached to image-backed (ephemeral root disk) VMs via the API. A previous restriction blocked this operation, affecting Rubrik backup and restore workflows and potentially other third-party integrations that rely on attaching volumes to ephemeral VMs.

**Self-Hosted PCD**

* The `--region` flag in airctl commands is now case-insensitive, accepting any capitalization of the region name. Previously, commands such as `status` and `backup` required an exact case match, returning a "region not found" error for mismatched input.
* The Image Library service endpoint is now correctly restored during a region-specific backup/restore operation. Previously, the endpoint was removed and repopulated with an incorrect value, blocking VM creation and certificate acceptance for the Image Library service.

**PCD User Interface**

* Floating IP assignment now works correctly when two ports on separate networks share the same fixed IP address.
* The VMHA role status in the Infrastructure → Clusters view now correctly reflects the applied state when the role has been applied to all nodes in a cluster. Previously, the status was incorrectly shown as not applied even when VMHA was fully configured.
* Host connectivity status is now consistent between the cluster hosts view and the host health page. Previously, hosts could appear healthy on the cluster hosts page while showing a converging state on the host health page, causing confusion during troubleshooting.

**Kubernetes on Private Cloud Director**

* Clusters created by a user remain functional even after that user is removed from the tenant.
* Node groups no longer get stuck in a "scaling up" state when the creator user or their SSH key is deleted.
* Clusters are no longer stuck in a "scaling up" state when the ID reference or cloud-config fails to be created by the UI.
* Application credentials required for provisioning a cluster are no longer visible in the user's dashboard.
* Clusters created by SSO users no longer get stuck in a "scaling up" state due to application secret creation errors.
* The cluster creation dialog no longer shows a misleading "No flavors available" message during the brief period while flavors load.
* Resolved an issue where a blank page was displayed when an API failure occurred and the response data was undefined.
* The "Download kubeconfig" button is now only shown after the control plane is available, preventing premature download attempts that would fail.

#### **Known Limitations**

* For volume-based Windows VMs, if the C: drive is not the last partition, it is not resized to the volume's full size. Use partition management tools to adjust the partition layout in the golden image before creating the VM.
  * When a Windows VM is created from a volume that is larger than the source image, the C: drive retains the image size rather than expanding to the full volume size. The unallocated space is visible in disk management but requires manual intervention or a cloudbase-init volume-extension plugin to reclaim.

#### **Known Issues**

* In some environments, OVN logical switch port backing the metadata network has its type set to an empty value instead of `localport`, preventing VMs from reaching the metadata service during cloud-init. To resolve this, please contact Platform9 Support for assistance.
* Hotplug-enabled Windows 11 VMs may report the `HOTPLUG_MEMORY_MAX` value as the active memory before the first reboot, rather than the configured `HOTPLUG_MEMORY` value. Rebooting the VM corrects the reported memory value.
* Pure Storage iSCSI port discovery fails when hypervisor hosts use a VLAN interface over an LACP bond for storage connectivity. This is caused by a known upstream Block Storage driver bug.
* `kubectl exec`, `kubectl attach`, and `kubectl cp` (and any applications using the client-go `SPDYExecutor`) will not work through the VCP Proxy. SPDY streaming upgrades are not supported and will not be added. Use the WebSocket-based executor (`WebSocketExecutor`) as an alternative.
* vTPM live migration is not supported for VMs running on Ubuntu 24.04 hosts. Use cold migration instead.
* The Clusters list tooltip may show all prerequisites as unmet when a cluster has VM HA disabled, and the Cluster details page can block the Enable action even when prerequisites are met. Workaround: use the Edit Cluster dialog, which evaluates each cluster individually and shows correct status, to review prerequisites and enable VM HA.
* Enabling memory hot plug on Windows VMs causes continuous memory growth on the host. Seen on Windows Server 2019 and 2022, host memory utilization climbs toward 99 percent. It is recommended to avoid enabling hot plug on Windows VMs until a fix ships.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.platform9.com/release-notes/april-2026-release.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.