Skip to content

mlflow-1.10.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 21 Jun 17:35
mlflow-1.10.0
95d8d12
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Changelog

  • Added: Add optional image digest support for immutable image pulls

  • Added: Add optional MinIO subchart for S3-compatible artifact storage without external dependencies

  • Added: Add uvicorn-opts support with log-level merging; uvicorn is now the default server for log injection instead of gunicorn

  • Security: Enable readOnlyRootFilesystem and add built-in tmp emptyDir volume to harden container filesystem

  • Fixed: Default keyOfAccessKeyId and keyOfSecretAccessKey to standard AWS key names so existingSecret works when only name is provided

  • Security: Automatically inject MLFLOW_SERVER_ALLOWED_HOSTS from ingress hosts to prevent DNS rebinding attacks

  • Changed: Document azure-identity requirement for AKS Managed Identity; workaround is AZURE_STORAGE_CONNECTION_STRING via extraEnvVars

  • Security: Automatically inject MLFLOW_SERVER_CORS_ALLOWED_ORIGINS from ingress hosts (https when TLS configured, http otherwise) to prevent CORS-based cross-origin attacks

  • Added: Add serverAllowedHosts and corsAllowedOrigins list values that append to ingress auto-detected entries; duplicates are removed and a lone wildcard entry collapses the list to just *

  • Fixed: Auto-configure auth PostgreSQL backend from the Bitnami postgresql subchart when postgresql.enabled is true and auth.enabled is true, fixing missing database_uri templating reported in v0.7.4

  • Added: Add serverHost value to make the MLflow server network interface binding configurable; defaults to 0.0.0.0 and can be set to 127.0.0.1 for sidecar proxy deployments

  • Added: Add backendStore.mssql.connectionUrl to support Azure Active Directory and MSI authentication for MSSQL by accepting a full SQLAlchemy connection URL; bypasses host/port/database/user/password when set

  • Added: Add backendStore.mssql.existingConnectionUrlSecret (name and key) to store credential-bearing MSSQL connection URLs in a Kubernetes Secret; takes priority over connectionUrl when set

  • Fixed: Fix ini-file-initializer init container referencing the missing mlflow-auth-admin-secret when ldapAuth is enabled without auth; now uses cp instead of sed and skips all secret env vars for LDAP-only deployments

  • Fixed: Clarify that service.name sets the port protocol name in spec.ports[].name, not the Service resource name; add guidance to use nameOverride or fullnameOverride to rename the Service resource

  • Added: Add extraDeploy value to render arbitrary extra Kubernetes objects alongside the chart; supports Helm templating via tpl

  • Added: Add priorityClassName value to set pod scheduling priority class

  • Added: Add deploymentAnnotations value to annotate the Deployment resource metadata; enables tooling that discovers deployments via metadata.annotations

  • Fixed: Add mutual-exclusivity fail guard for auth and ldapAuth — both cannot be enabled simultaneously

  • Fixed: Correct schema defaults for service.port, auth.configPath, securityContext UIDs, and auth.enabled boolean type; normalize legacy template calls to include in deployment.yaml

Assets 4
Loading