nx1-deployer image
v1.14.0New features
New features recently added to the NexusOne platform.AutoML feature engineering
You can now delete a feature engineering proposal using the Delete a feature engineering proposal endpoint.AutoML training
You can now check the live status of multiple training jobs in a single call using the Bulk reconcile job statuses endpoint.Crew templates
You can now run Crew configuration templates using the Run template endpoint.Data migration
You can now manage the full lifecycle of a data migration between storage formats or files using the following endpoints:- Cancel an in-progress migration run
- Create and trigger a data migration run
- Get a presigned URL for the migration report
- Get data migration run detail
- Get the config used for a migration run
- List data migration runs
- Poll run status with task progress
- Soft-delete a data migration run
- Validate a migration request without creating a run
Data shares
You can now manage access to Gravitino shared datasets with Keycloak realm roles using the following endpoints:- Attach realm roles to a client
- Detach a realm role from a client
- List assignable realm roles
- List realm roles attached to a client
Documents
You can now delete a document or browse DataHub tags, glossary-terms, and domains to use when classifying documents, using the following endpoints:New Keycloak roles
The following roles are now available in NexusOne and you can assign them to users:- AutoML roles
nx1_automl_admin: Manage AutoML pipelines and model deploymentsnx1_automl_user: Run feature engineering workflows and deploy ML models
- Data migration roles
nx1_migration_admin: Run data migrations and manage data policiesnx1_migration_ops: Manage and monitor data migration operationsnx1_migration_user: View data migration run status
- Document management roles
nx1-document-admin: Upload and manage user documents, tied to DataHubnx1-document-user: Upload and classify documents, tied to DataHub
- LLM Router roles
nx1_llm_admin: Configure routing rules and monitor the LLM router via the dashboardnx1_llm_user: Send requests to LLM models via the LLM routernx1_airouter_admin: Manage and update AI router settingsnx1_airouter_viewer: View AI router settings
- Shared Trino role
trino-admin: Manage Trino queries and catalogs across all users
Identity
You can now verify your resolved identity and Keycloak roles, or check authorization at the Envoy/nginx proxy level, using the following endpoints:Infrastructure configuration
You can now manage infrastructure configuration, test Airflow connections, and retrieve default values for migration runs using the following endpoints:- Get current infrastructure configuration
- Get run-level default variables for wizard pre-population
- Test a specific Airflow connection
- Update infrastructure configuration variables
Kyuubi high availability
Kyuubi now runs across multiple pod replicas, so there’s no single point of failure. Engine-level query authentication is on by default, so only authorized users can access your query sessions.NX1 LLM router
The NX1 LLM router is a new Envoy-based gateway for managing AI traffic. It supports the following:- Policy-based routing
- Semantic caching
- Request auditing
/v1/chat/completions format. Clients such as the OpenAI
SDK, LangChain, or LlamaIndex can send requests directly to the router. Anthropic Claude is the
default backend. A NexusOne administrator can also configure a self-hosted Ollama model instead.
Contact one if you need to.
Policy management
You can now manage Apache Ranger data access policies and sync Keycloak groups using the following endpoints:- Create a new Keycloak group and sync to Ranger
- Create or update a single Ranger policy
- Create or update many Ranger policies in one request
- Delete a Ranger policy
- Download an .xlsx starter template for the bulk-create endpoint
- Get a single Ranger policy
- List Keycloak usernames
- List policy labels currently used in the service
- List Ranger groups
- List Ranger policies
- Parse an .xlsx into row dicts for client-side preview before submit
- Ranger service-def slice
Tools
You can now browse the full catalog of available AI agent tools, grouped by category, using the List agent tool catalog endpoint.Bug fixes
Fixes to issues affecting apps or features on the NexusOne platform.Metastore hardened base image
Metastore now ships on a hardened base image with no known CVEs at build time.Enhancements
Enhancements to existing app features on the NexusOne platform.Multiple S3 gateway instances
You can now run multiple S3 gateway instances, each backed by Amazon S3, HDFS, or Azure storage. HDFS support includes Kerberos authentication and namenode metadata-server failover. Instances scale based on traffic demand when Kubernetes Event-driven Autoscaling (KEDA) is available. Otherwise, they fall back to Horizontal Pod Autoscaler (HPA).Standalone Ranger authorization service
Ranger policy enforcement now runs as its own namespace-scoped service in NexusOne. As a result, other components in your tenant can share it. It used to run as a sidecar bundled inside the NexusOne S3 gateway service.Trino S3 spooling and nested namespaces
Trino now supports client protocol spooling, which buffers large query results in S3 so clients can retrieve them without holding an open connection. It also supports nested namespaces in the Iceberg REST catalog, giving you more flexibility in how you organize your data.Gravitino
Gravitino integrates directly with the new Ranger Authorization service for access control on data shares.Upgrades
Version upgrades to existing apps on the NexusOne platform.Airflow v3.2.2 upgrade
Airflow now runs v3.2.2, with the UI now using the NX1 branded UI color palette.
Apache Superset v6.1 upgrade
Apache Superset now runs the v6.1 build, with the UI now using the NX1 branded UI color palette.
DataHub v1.4.0.3-nx1 upgrade
DataHub now runs v1.4.0.3-nx1, and includes CVE remediation and bundled pip packages for source connectors.
Gravitino v1.2.7 upgrade
Gravitino now runs v1.2.7. Access to your data catalogs is now enforced through Ranger, which gives you
fine-grained control over who can see what.
Kyuubi v1.11.3 upgrade
Kyuubi now runs v1.11.3.
Metastore v3.0.13 upgrade
Metastore now runs v3.0.13, built on a hardened base image with no known CVEs at build time.
Portal and NLP v1.637 upgrade
The NexusOne portal and its backend API, NLP, now run v1.637, with policy management and data
migration capabilities enabled.
NLP API calls to S3 now also use a configured region. Previously, S3 operations could fail if
your S3 bucket was outside the default region.
Spark v3.5.6-nx1.21 upgrade
Spark now runs v3.5.6-nx1.21.
