Skip to main content

Anyscale operator for Kubernetes release notes

View Markdown

Anyscale operator for Kubernetes release notes

This page documents changes to the Anyscale operator for Kubernetes, which Anyscale distributes as the anyscale-operator Helm chart. Each version lists new features, configuration changes, and bug fixes.

For the Helm chart configuration reference, see Kubernetes Helm configuration reference. For the complete commit-level changelog of any version, and for releases before 1.4.0, see the Anyscale operator releases on GitHub. The monthly platform release notes also record operator releases. See All platform release notes.

Version 1.7.1 release notes

Version 1.7.1 is available as of June 23, 2026. This release is backward-compatible and recommended for all users.

Bug fixes

  • Fixed an Azure Marketplace offer that rendered an incorrect role name.
  • Updated the operator's Amazon Linux 2023 base image to 2023.11.20260526.0.

Version 1.7.0 release notes

Version 1.7.0 is available as of June 3, 2026. This release is backward-compatible and recommended for all users. It adds validations that surface errors in operator installation and upgrade early.

New features

  • Readiness probe: The operator now exposes /readyz on port 8081, and the Helm Deployment configures a matching readinessProbe. helm install --wait and helm upgrade --wait no longer return success while the operator is still starting up or crash-looping.
  • Instance-type validation hook: A new pre-install and pre-upgrade Helm hook validates the planned instance-types ConfigMap against the control plane and fails the release on invalid types. Set workloads.instanceTypes.validationHook.enabled to false when the control plane isn't reachable at install time. See Instance types.

Bug fixes

  • Fixed a bug where operator setups without instance types, such as declarative-only setups, failed at startup.

Version 1.6.0 release notes

Version 1.6.0 is available as of June 1, 2026.

New features

  • Operator security context: A new operator.securityContext field acts as a passthrough that sets the PodSecurityContext for the operator.

Version 1.5.1 release notes

Version 1.5.1 is available as of April 15, 2026.

Bug fixes

  • S3 path addressing style: Fixed a bug where setting .Values.global.aws.s3.usePathStyle or .Values.credentialMount.aws.createSecret.addressingStyle: path made the operator use S3 path addressing style but not the workloads it manages. The operator and its managed workloads now consistently use path addressing style when either setting is enabled.
  • Proxy environment variables: Fixed a bug where the operator ignored values set by HTTPS_PROXY, HTTP_PROXY, and NO_PROXY.

Version 1.5.0 release notes

Version 1.5.0 is available as of March 18, 2026.

New features

  • Gateway API support: The operator now supports the Kubernetes Gateway API with envoy and istio controllers. See Networking configuration.

Bug fixes

  • Kueue deadlock: Fixed an issue where terminating a workload while a pod was in the SchedulingGated state caused a deadlock during pod and workload cleanup.

Version 1.4.2 release notes

Version 1.4.2 is available as of March 12, 2026.

New features

  • Cross-namespace permission checks: The operator now runs Kubernetes permission checks across all namespaces defined in the workloads.managedNamespaces configuration. Status details show which namespaces the operator verified. View these details in the Anyscale console or with anyscale cloud status.

Version 1.4.1 release notes

Version 1.4.1 is available as of February 19, 2026. This release is backward-compatible and recommended for all users.

New features

  • AWS credential mount: You can now set the S3 signature version in the AWS credential mounting utility. The setting applies to the operator and all workloads it manages.

Bug fixes

  • Fixed a bug where the operator presented its client ID instead of its principal ID when verifying an Azure cloud, which caused anyscale cloud verify to fail.
  • Fixed a race condition in the Kueue integration where the operator couldn't remove the workload custom resource.

Version 1.4.0 release notes

Version 1.4.0 is available as of February 11, 2026. This release is backward-compatible, with one potential breaking change noted below, and recommended for all users.

Behavior changes

warning

Process tracing: SYS_PTRACE is now enabled by default for all Ray containers the operator manages, so you can profile Ray processes and view actor flamegraphs and stack traces. This is a potential breaking change. If your cluster restricts the SYS_PTRACE capability, leaving this enabled can block the operator from creating pods and disrupt running workloads when autoscaling adds pods. Set workloads.enableProcessTracing to false to disable it. See Workload features.

New features

  • AWS credential mount: You can now set the S3 addressing style in the AWS credential mounting utility. The setting applies to the operator and all workloads it manages. See AWS credential mounting.

Bug fixes

  • Kueue: Fixed pods being recreated while waiting in the LocalQueue when the compute config sets multiple regions.
  • Sanitized the workload name label to prevent invalid label values.
  • Added logic to force-delete pods stuck in the terminating state. For Kueue, this requires permission to delete Kueue workload custom resources.
  • Fixed missing service token validation and header-based service version canary for Anyscale services in Kubernetes clusters that use the Gateway API.