May
Welcome to our changelog! 🚀
Stay updated on the latest changes and improvements in nullplatform.
✨ Configurable HTTP ports for Containers scopes
Not every application binds to 8080, and some need to expose more than one HTTP listener. Containers scopes can now bind the main HTTP listener to any port and expose extra HTTP ports alongside it, all from the Exposed Ports section of the scope form.
What you get:
- A configurable
main_http_port(default8080, range1024to65535). Nullplatform threads it through the Service, Ingress, container port, and health probes automatically. - HTTP support for
additional_ports, each with its own Service and Ingress. Extra ports become reachable over HTTPS at the same hostname, with SSL terminated at the ALB using the existing wildcard certificate.
The change is fully backward-compatible: scopes that don't set a main port keep using 8080, and existing GRPC additional ports keep working without changes.
👉 See the Configurable HTTP ports docs.
✨ Tunable CPU and memory limits for Containers scopes
Containers scopes now let you set CPU and memory limits independently from requests, so an application can request more resources than its steady-state baseline. The fields live under the ADVANCED → Resources tab and both default to Same as request.
This is an advanced knob with real trade-offs. Raising a limit above its request drops the pod from the Guaranteed to the Burstable QoS class, changing how Kubernetes schedules, throttles, and evicts it. The new page walks through each risk: QoS downgrade, memory overcommit and OOMKill, and CPU throttling. For most workloads, sticking to the default behavior remains the safer choice.
👉 See the CPU and memory limits docs.
✨ WAF protection for Static files scopes
Static files scopes can now attach an existing AWS WAF WebACL to their CloudFront distribution, adding managed rules, rate limiting, and request filtering in front of your assets. The feature is opt-in and adds no IAM overhead unless enabled.
Set aws_security = "waf" and the WebACL name in your scope-configurations provider, or use the Security tab in the UI. Attaching, swapping, or detaching a WebACL is always an in-place update: the distribution ID stays stable and there's no downtime.
Only AWS WAFv2 WebACLs with scope=CLOUDFRONT in us-east-1, in the same account as the agent, are supported. The scope references an existing WebACL by name and never creates or modifies WAF resources.
👉 See the WAF protection docs.
✨ Conditional firing for entity hooks
You can now fire an entity hook only when the event that triggered it matches specific conditions, for example only when a deployment switches traffic to 100%. Instead of filtering the hook itself, you filter the notification channel the hook delivers through, using the same filters mechanism already available for Slack, HTTP, and agent notifications.
The framework injects the triggering operation's request_body into the notification context, so channel filters can match on any field from the API request that fired the hook.
👉 See the Conditional hook firing docs.
✨ Reference namespace and account in your specifications
The additionalKeywords jq context used by specifications now exposes the parent namespace and account of the resolved entity, alongside the existing application, scope, and service data. Both are derived automatically from the NRN cascade, so no extra parameter is needed to reference values like .namespace.slug or .account.slug in your dynamic schemas.
���👉 See the External fields docs.
✨ CLI 2.7.0
We've released version 2.7.0 of the nullplatform CLI, with a new command option and a bug fix.
What's new in CLI 2.7.0:
np account read --show-deletednow lets you read deleted accounts.- Fixed
np service-action exechanging when the command's stdout exceeded 64 KB.
Install the latest version:
curl https://cli.nullplatform.com/install.sh | sh
👉 See the CLI docs for more info.
That's all for May, from the nullplatform team! ❤️