Skip to main content
Version: v1.1.x

Release Notes

May 13, 2026 - Version 1.1.0

Breaking Changes

  • PaletteAI 1.1.0 makes Traefik the default bundled ingress controller in place of ingress-nginx. The ingress-nginx sub-chart remains in the mural chart but is disabled by default; existing installations that explicitly enable it continue to work. Helm-based installations that do not delegate Custom Resource Definition (CRD) management to Flux must install the Traefik CRDs manually before upgrading.

    kubectl apply --filename https://raw.githubusercontent.com/traefik/traefik/v3.6/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml

  • Definition Revisions are now named with a type prefix to disambiguate revisions when listed across resource types. Existing references such as definitionRef values in Workload Profiles and Workloads continue to resolve, but external automation that compares Definition Revision names verbatim must be updated.

  • Profile Bundles authored in PaletteAI Studio now use an updated schema: applicationProfile has been renamed to workloadProfile, paletteProfile has been renamed to clusterProfile, and the older compositions structure has been replaced with InfrastructureVariants and AddonVariants to align with the ProfileBundle CRD. Bundles authored against the previous schema must be updated to align with the new schema before import.

  • The deletionPolicy field has moved from individual cluster variants onto the spec of App Deployments, Model Deployments, and Compute Pools so deletion semantics are configured once per resource rather than per variant. The previous location is still read as a fallback, but new manifests should set it at the spec level.

Upgrade Notes

  • Before upgrading from PaletteAI 1.0.x, manually install the Traefik CRDs using the command in Breaking Changes. This is not required for all-in-one installations, or for environments where the mural Helm release is managed using Flux with .spec.upgrade.crds set to CreateReplace.

  • Upgrade the mural-crds chart before upgrading the mural chart. The 1.1 release introduces new and modified CRDs (Tenant admission configuration, shared-with-projects support on multiple kinds, Workload systemOutputs, Compute Config conditions) that must be present before the controllers reconcile.

  • Set global.instanceName on the hub before upgrading. The hub value now propagates to spoke clusters so spoke metrics carry the unique PaletteAI installation name. This is required when multiple PaletteAI installations report metrics to the same Prometheus instance.

  • After upgrading, verify the migration state using the PaletteAI CLI paletteai migrate command. The migration state is now tracked in a ConfigMap, so any migration that failed during upgrade can be retried without manual intervention. Refer to Migrations for details.

Features

  • Tenant admins can now author Tenant-scoped configuration via new tabs on the Tenant Settings page. These configurations can be shared with selected Projects through sharedWithProjects and locked to prevent overrides at the Project level. This removes per-Project configuration drift and lets Tenant admins enforce a consistent policy across the organization. Refer to Create Tenants for setup details.

  • Tenant admins now have a central location at Tenant Settings to set model defaults across all Projects under a Tenant. If necessary, admins can allow per-Project overrides and view model settings from a Project's point of view.

  • PaletteAI now tracks GPU reservations at the Tenant scope, per-Project GPU limits, and oversubscription so Tenant-scoped and Project-scoped Compute Pools draw from separately delimited pools. Tenant admins can guarantee Project-level GPU allocations without one Project exhausting resources reserved for another.

  • Tenants can now configure admission rules that govern which namespaces workload resources may be created in on spoke clusters, with defaulting and validation applied through the PaletteAI controller. This is useful for restricting where Tenant-scoped workloads may run on shared spoke clusters.

  • A new Tenant Overview page summarizes Projects, compute footprint, and policy posture in a single view, allowing Tenant admins to assess the state of their organization at a glance.

  • Tenant admins can now define integrations (such as HuggingFace and NVIDIA) once at the Tenant scope and use the new Settings Ref tab in Tenant Settings to control which Projects may consume them and whether Projects may override the configured values. Effective settings expose the originating scope (Tenant or Project) so Project users can identify where each integration came from.

  • Cluster admins can now control which Compute Pool options appear in the App Deployment and Model Deployment wizards using eight new global.featureFlags Helm values. Four flags (enableCreateSharedComputePoolOnAppDeployment, enableCreateSharedComputePoolOnModelDeployment, enableCreateDedicatedComputePoolOnAppDeployment, enableCreateDedicatedComputePoolOnModelDeployment) gate whether end users can create new Compute Pools inline, and four flags (enableDeployAppToSharedComputePool, enableDeployAppToDedicatedComputePool, enableDeployModelToSharedComputePool, enableDeployModelToDedicatedComputePool) gate whether end users can deploy to existing shared or dedicated Compute Pools. This is useful for organizations that require all Compute Pools to be provisioned and selected through a separate, governed workflow.

  • Workloads now expose system outputs (such as Project name, Tenant name, hub instance name, and spoke cluster name) so Definitions can reference these values without operators wiring them in by hand. This is useful for naming, labels, and telemetry that need to vary by Project or cluster.

  • Profile Bundles are now displayed and edited consistently across the surfaces where they appear, including the App Deployment wizard, Compute Pool creation, the bundle list view, and the bundle drawer.

  • Profile Bundles can now be imported from a tarball directly in the PaletteAI UI. Additional enhancements allow base64 and offline logo support so Profile Bundle imagery renders correctly in air-gapped environments.

  • Operators can now clean up stale Workload Profile and Definition revisions without deleting the whole resource, reducing clutter in long-lived Projects.

  • The Definition editor center panel now auto-populates when editing Components.

  • Tenant admins can now clone a Project to stand up a new Project from a known-good baseline without rebuilding settings, integrations, and access.

  • Operators can now clone a custom Model Deployment from its view page, iterating on a deployment configuration without rebuilding it from scratch. Validation, steps, and pre-fill are handled across the wizard.

  • Operators can now clone a specific version of a Workload Profile directly from its view page, branching a Workload Profile without reconstructing variables and Profile Bundle references.

  • The PaletteAI UI now supports multiline variables through a dedicated text input field for values such as keys, certificates, and scripts that previously required workarounds.

  • Operators can now dry-run a Workload Profile, validating it before committing to a cluster and catching schema and reference errors early instead of at apply time.

  • The PaletteAI CLI now includes a mirror command with mirror export-images and mirror export-pack subcommands, plus --archive and --extra-image flags. The mirror command is the supported path for staging container images and Packs into air-gapped environments.

  • The PaletteAI CLI now includes a --version flag for support diagnostics.

  • paletteai studio import now accepts relative paths, supports infrastructure add-on imports, and populates ProfileBundle.tags, annotations, logo, and deletionPolicy at import time so imported bundles arrive with metadata intact rather than requiring a follow-up edit.

  • All Flux components now accept optional namespace overrides, and the system namespace is no longer hard-coded in chart values.

Improvements

  • The Compute Pool experience has been enhanced with additional tooltips, Resource Group Day-2 support, scaling policy visibility, GPU family drop-downs, and more.

  • The Workload Profile experience has been improved with an all-versions table, version revisit support, and clearer priority labels.

  • Additional safeguards are now in place when attempting to delete a Project, including a dialog window confirming Project deletion, warnings when a repository is in use, and per-Project permission checks.

  • The integration settings flow has been unified into a single Deployment settings form. Integration secret updates no longer persist masked values without re-entry, and explicit deletion of an integration also removes its secrets.

  • Profile Bundle filtering across the PaletteAI UI has been improved: invalid bundle combinations are blocked in the builder, infrastructure-typed bundles are omitted where they do not apply, and bundles are filtered by variant and Workload Profile type consistently.

  • Compute Pool Day-2 updates now persist Workload Profile variables for infrastructure-typed Profile Bundles, and Workload Profile variables sync with Profile Bundle variables on removal.

  • Scaling reliability has been improved with refined CPU and GPU Prometheus queries, deterministic compute ordering, allocated-node drift detection and correction, and Day-2 Compute Pool operations that no longer retrigger scaling cool-down periods.

  • The spoke controller now uses watches in place of timed reconciles, enabling faster reaction to spoke changes.

  • Tables in the PaletteAI UI now fill the available vertical space and keep their headers visible while scrolling. Login input heights have also been increased for accessibility.

  • The Project overview has been revamped with reusable generic filters in drawers and a refactored UX across overview cards.

  • App Deployment and Model Deployment overview pages now link directly to the associated Compute Pool.

  • Security has been hardened: axios has been updated to 1.15.1, nanoid has been replaced with crypto.randomUUID, Redux has been removed, and shared component dependencies have been bumped to clear CVEs flagged in the PaletteAI UI.

  • Audit log emission is now non-blocking, so audit pipeline pauses cannot stall the reconcile loop.

  • Controller error messages no longer expose API keys or JWT tokens in plain text.

Bug Fixes

  • Fixed an issue that prevented Compute Pools from being created when selecting a Profile Bundle without Definition Revisions.

  • Fixed an issue where the Profile Bundle version dropdown did not render correctly in the Compute Pool creation wizard.

  • Fixed an issue where failed or deleting Compute Pools could be selected as an existing Compute Pool.

  • Fixed an issue where a Compute Pool could be marked as deleted before its underlying Palette cluster was fully deleted.

  • Fixed an issue where Compute Pool creation did not handle invalid settings correctly.

  • Fixed an issue where Compute Pool deletion did not handle pools that still had compute attached.

  • Fixed an issue where Workload Deployment Configs generated from pinned Workload Profile references did not load and persist variables correctly.

  • Fixed an issue where the Variables step did not handle Workload Profile references that include an @version suffix.

  • Fixed an issue where inline variables defined on a Profile Bundle were rejected.

  • Fixed an issue where Workload Profile variables did not override Profile Bundle variables in the documented direction.

  • Fixed an issue where Profile Bundle variable input was not validated before save.

  • Fixed an issue where condition messages from Workloads did not sync into the aggregated Workload Deployment status.

  • Fixed an issue where Workload Deployment overall failure was not determined from priority phases.

  • Fixed an issue where inapplicable Workload Deployment Config conditions were not pruned from status.

  • Fixed an issue where Model Deployments using NVIDIA NIMs did not handle their variables correctly.

  • Fixed an issue where Cluster Profile variables were not scoped per profile.

  • Fixed an issue where Palette pack type imports did not fall back to Open Container Initiative (OCI) registries when a NotFound response was returned.

  • Fixed an issue where Project deletion did not clean up the Project namespace.

  • Fixed an issue where protected Project namespaces could be deleted.

  • Fixed an issue where Project namespace resources did not apply scope and owner labels.

  • Fixed an issue where pre-existing Project namespaces were not patched with the correct Project and Tenant labels.

  • Fixed an issue where cross-Project namespace usage was not blocked with explicit validation.

  • Fixed an issue where Workloads could be created with invalid target Workload metadata.

  • Fixed an issue where a scaling policy could be configured for a single-node cluster.

  • Fixed an issue where Workload and Workload Deployment OCI artifacts were not garbage collected on deletion.

  • Fixed an issue where a Workload Deployment could not be deleted when its meta-reference Workload Profile was no longer present.

  • Fixed an issue where existing spoke namespaces were overwritten by Open Cluster Management (OCM) or Flux.

  • Fixed an issue where the spoke controller could not load objects when the Flux inventory was empty.

  • Fixed an issue that prevented spoke Workload deletion when the Deleting phase was not preserved during parsing.

  • Fixed an issue where Profile Bundle deletion failed when the Palette integration was missing.

  • Fixed an issue where the Project admin role was missing delete permissions.

  • Fixed an issue where dashboards could break when brand logos were served from external image hosts.

  • Fixed an issue where cluster details displayed an unknown intent.

  • Fixed an issue where Workload Profile types did not load consistently from both system and Project namespaces when creating, editing, or cloning Profile Bundles.

  • Fixed an issue where AIWorkload cluster variants were not validated by webhook.

  • Fixed an issue where Workload Profile homogeneity across shared variants was not enforced by webhook.

  • Fixed an issue where AddonVariant resources were not automatically named.

  • Fixed an issue where duplicate Workload Profiles could be created per variant.

  • Fixed an issue where shared clusters did not support multiple virtual IPs (VIPs).

  • Fixed an issue where the spoke controller read the Helm release secret from a mounted volume rather than the Kubernetes API.

  • Fixed an issue where variable inputs in the Workload Profile UI moved the cursor to the end after each keystroke.

  • Fixed an issue where context extensions did not resolve while rendering Definitions.

  • Fixed an issue where the Definition editor could corrupt CUE persisted from the UI.

  • Fixed an issue where Workloads could not be dry-run validated on hub-only clusters.

  • Fixed an issue where valid Pack archives were rejected during import because OCI manifests did not align with known-good archives.

  • Fixed an issue where inline counter badges did not render inline correctly.

  • Fixed an issue where drawer status display truncated long values.

  • Fixed an issue where Fleet overview card calculations reported incorrect totals.

  • Fixed an issue where navigation on the Cluster Profile page left stale state.

  • Fixed an issue where the toast notification shown when bundle deletion failed reported an incorrect error.

  • Fixed an issue where the Workload Profile version selector dropdown rendered behind sibling elements.

  • Fixed an issue where the review page version display did not show the correct version string.