Changelog#
Here you can find upgrade changes in between releases and upgrade instructions.
Unreleased breaking changes#
This Helm chart provides development releases, and as we merge breaking changes in pull requests, this list should be updated.
4.0#
4.0.0-beta.4 - 2024-10-11#
ldapauthenticator was said to be bumped from version 1.3.2 to 2.0.0b2 in the 4.0.0-beta.1 release, but wasn’t. With this release, it actually is.
Maintenance and upkeep improvements#
Update ldapauthenticator from 1.3.2 to 2.0.0.b2 #3544 (@manics, @consideRatio)
Update oauthenticator from 17.0.0 to 17.1.0 #3542 (@consideRatio, @jrdnbradford)
Bump to kubespawner from 7.0.0b2 to 7.0.0b3 #3541 (@consideRatio, @manics)
Update library/traefik version from v3.1.5 to v3.1.6 #3540 (@jupyterhub-bot, @manics)
Contributors to this release#
The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.
(GitHub contributors page for this release)
@consideRatio (activity) | @jrdnbradford (activity) | @jupyterhub-bot (activity) | @manics (activity)
4.0.0-beta.3 - 2024-10-03#
New features added#
add appProtocol to hub service definition #3534 (@colinlodter, @consideRatio)
Bugs fixed#
fix default pvc mounting with kubespawner 7 #3537 (@minrk, @consideRatio)
Maintenance and upkeep improvements#
Update library/traefik version from v3.1.4 to v3.1.5 #3535 (@jupyterhub-bot, @consideRatio)
Contributors to this release#
The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.
(GitHub contributors page for this release)
@colinlodter (activity) | @consideRatio (activity) | @jupyterhub-bot (activity) | @minrk (activity)
4.0.0-beta.2 - 2024-10-02#
Breaking changes#
Python 3.12 is now used in the chart’s images
Maintenance and upkeep improvements#
kubespawner 7.0.0b2 #3529 (@minrk, @consideRatio)
Update jupyterhub from 5.1.0 to 5.2.0 #3527 (@jupyterhub-bot, @consideRatio)
Use python 3.12 instead of 3.11 in built images #3526 (@consideRatio, @manics)
Other merged PRs#
This changelog entry omits automated PRs, for example those updating dependencies in: images, github actions, pre-commit hooks. For a full list of changes, see the full comparison.
Contributors to this release#
The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.
(GitHub contributors page for this release)
@consideRatio (activity) | @jupyterhub-bot (activity) | @manics (activity) | @minrk (activity)
4.0.0-beta.1 - 2024-10-01#
This release updates JupyterHub itself from version 4 to 5, and the dependencies
jupyterhub-kubespawner
, oauthenticator
, and ldapauthenticator
to a new
major version.
We will provide an upgrade guide for 3 to 4 before the final release, but for now please read the summary of breaking changes below, and the linked changelogs.
Breaking changes#
The chart now require Kubernetes 1.28+, up from 1.23+
KubeSpawner is upgraded one major version from 6.2.0 to 7.0.0b1
Refer to the KubeSpawner changelog for details and pay attention to the entries for KubeSpawner version 7.0.0b1.
JupyterHub 4.1.6 has been upgraded to 5.1.0
Refer to the JupyterHub changelog for details and pay attention to the entries for JupyterHub version 5.0.0.
OAuthenticator 16.3.1 has been upgraded to 17.0.0
If you are using an OAuthenticator based authenticator class (GitHubOAuthenticator, GoogleOAuthenticator, …), refer to the OAuthenticator changelog for details and pay attention to the entries for JupyterHub version 17.0.0.
LDAPAuthenticator 1.3.2 has been upgraded to 2.0.0b2
If you are using this authenticator class, refer to the LDAPAuthenticator changelog for details and pay attention to the entries for LDAPAuthenticator version 2.0.0.
Notable dependencies updated#
Dependency |
Version in 3.3.8 |
Version in 4.0.0-beta.1 |
Changelog link |
Note |
---|---|---|---|---|
4.1.6 |
5.1.0 |
Run in the |
||
6.2.0 |
7.0.0b1 |
Run in the |
||
16.3.1 |
17.0.0 |
Run in the |
||
1.3.2 |
2.0.0b2 |
Run in the |
||
1.6.2 |
1.6.2 |
Run in the |
||
1.2.0 |
1.3.0 |
Run in the |
||
1.0.0 |
1.0.0 |
Run in the |
||
1.3.1 |
1.4.0 |
Run in the |
||
4.6.1 |
4.6.2 |
Run in the |
||
v2.11.0 |
v3.1.4 |
Run in the |
||
v1.26.15 |
v1.30.5 |
Run in the |
For a detailed list of Python dependencies in the hub
Pod’s Docker image,
inspect the images/hub/requirements.txt file and use its git history to see
what changes between tagged versions.
New features added#
Add oauthenticator googlegroups extras and cleanup dependencies #3523 (@consideRatio, @manics)
Add
ingress.extraPaths
config #3492 (@alxyok, @consideRatio, @manics)Add
singleuser.storage.dynamic.subPath
config #3468 (@benz0li, @consideRatio, @manics)Add recommended chart labels alongside old labels (
app.kubernetes.io/...
,helm.sh/chart
) #3404 (@consideRatio, @manics)
Enhancements made#
Maintenance and upkeep improvements#
user-scheduler: update kube-scheduler binary from 1.28.14 to 1.30.5 #3514 (@consideRatio)
Drop support for k8s 1.26-1.27 #3508 (@consideRatio)
Bump debian distribution for images #3457 (@SchutteJan, @manics)
Bump pip-tools to v7 used by ci/refreeze script updating requirements.txt files #3455 (@consideRatio)
Documentation improvements#
Add backdated upgrade guide for 2 to 3 #3521 (@manics, @consideRatio)
debugging: remove old (now misleading) example #3487 (@manics, @consideRatio)
RTD custom domain changes #3461 (@manics, @consideRatio)
docs: small fixes #3415 (@buti1021, @consideRatio)
Continuous integration improvements#
ci: configure automatic bump of kube-scheduler to version 1.30.x #3517 (@consideRatio)
Other merged PRs#
This changelog entry omits automated PRs, for example those updating dependencies in: images, github actions, pre-commit hooks. For a full list of changes, see the full comparison.
Contributors to this release#
The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.
(GitHub contributors page for this release)
@alxyok (activity) | @benz0li (activity) | @buti1021 (activity) | @consideRatio (activity) | @jash2105 (activity) | @jupyterhub-bot (activity) | @Khoi16 (activity) | @lahwaacz (activity) | @manics (activity) | @minrk (activity) | @samyuh (activity) | @SchutteJan (activity) | @snickell (activity)
3.3#
3.3.8 - 2024-07-31#
This release updates JupyterHub from 4.1.5 to 4.1.6, which is a security release documented in JupyterHub changelog like this:
4.1.6 is a security release, fixing CVE-2024-41942. All JupyterHub deployments are encouraged to upgrade, but only those with users having the
admin:users
scope are affected. The full advisory will be published 7 days after the release.
Maintenance and upkeep improvements#
Update jupyterhub from 4.1.5 to 4.1.6 #3471 (@jupyterhub-bot, @consideRatio)
3.3.7 - 2024-04-09#
Maintenance and upkeep improvements#
Update jupyterhub from 4.1.4 to 4.1.5 #3390 (@jupyterhub-bot, @consideRatio)
3.3.6 - 2024-03-30#
Maintenance and upkeep improvements#
Update jupyterhub from 4.1.3 to 4.1.4 #3384 (@jupyterhub-bot, @consideRatio)
3.3.5 - 2024-03-26#
Maintenance and upkeep improvements#
Update jupyterhub from 4.1.2 to 4.1.3 #3381 (@jupyterhub-bot, @consideRatio)
3.3.4 - 2024-03-25#
Maintenance and upkeep improvements#
Update jupyterhub from 4.1.1 to 4.1.2 #3378 (@jupyterhub-bot, @consideRatio)
3.3.3 - 2024-03-23#
Maintenance and upkeep improvements#
Update jupyterhub from 4.1.0 to 4.1.1 #3375 (@jupyterhub-bot, @consideRatio)
unpin pycurl #3371 (@minrk, @consideRatio)
3.3.2 - 2024-03-20#
Bugs fixed#
network-tools image: pin alpine 3.18 for legacy iptables #3369 (@consideRatio)
3.3.1 - 2024-03-20#
Bugs fixed#
hub image: downgrade to use pycurl with functional wheel #3365 (@consideRatio)
3.3.0 - 2024-03-20#
If you are upgrading from 3.0.x
A bug in KubeSpawner 5.0-6.0 present in z2jh 3.0.0-3.0.3 made user server pods risk be orphaned by JupyterHub, making them run indefinitely and cause unnecessary cloud costs.
Read more about how to clean up these user server pods in this forum post.
This release updates JupyterHub from 4.0.2 to 4.1.0 and OAuthenticator from 16.2.1 to 16.3.0. Both updates provide security patches. For more information, see JupyterHub’s changelog and OAuthenticator’s changelog.
Bugs fixed#
Fix previously ignored revisionHistoryLimit config #3357 (@SchutteJan, @consideRatio)
Maintenance and upkeep improvements#
Update oauthenticator from 16.2.1 to 16.3.0 #3363 (@jupyterhub-bot, @consideRatio)
Update jupyterhub from 4.0.2 to 4.1.0 #3362 (@jupyterhub-bot, @minrk)
Remove additional comma in compare-values-schema-content.py #3350 (@ya0guang, @consideRatio)
Update kube-scheduler version from v1.26.11 to v1.26.15 #3301,#3312,#3324,#3344,#3359,d83ae04b (@consideRatio, @jupyterhub-bot, @manics)
Update library/traefik version from v2.10.5 to v2.11.0 #3283,#3295,#3343 (@jupyterhub-bot, @consideRatio)
Documentation improvements#
Fix documented example for proxy.chp.extraCommandLineFlags #3337 (@consideRatio, @manics)
docs: fix storageclass link’s anchor #3322 (@consideRatio)
update openshift documentation #3273 (@WilliamHoltam, @manics)
Continuous integration improvements#
ci: update kube-scheduler binary’s minor version to bump #3323 (@consideRatio)
ci: update circleci workflow for arm64, test with latest k3s #3313 (@consideRatio, @manics)
Contributors to this release#
The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.
(GitHub contributors page for this release)
@consideRatio (activity) | @jupyterhub-bot (activity) | @Kyrremann (activity) | @manics (activity) | @minrk (activity) | @SchutteJan (activity) | @StefanVanDyck (activity) | @WilliamHoltam (activity) | @ya0guang (activity) | @yuvipanda (activity)
3.2#
3.2.1 - 2023-11-27#
Maintenance and upkeep improvements#
Update oauthenticator from 16.2.0 to 16.2.1 #3278 (@consideRatio)
3.2.0 - 2023-11-27#
If you are upgrading from 3.0.x
A bug in KubeSpawner 5.0-6.0 present in z2jh 3.0.0-3.0.3 made user server pods risk be orphaned by JupyterHub, making them run indefinitely and cause unnecessary cloud costs.
Read more about how to clean up these user server pods in this forum post.
Default image registry changed to Quay.io#
We now publish the chart’s docker images to both Quay.io and Docker Hub and the chart is from now configured to use the images at Quay.io by default. Previous releases of images (excluding pre-releases) has been copied over to Quay.io as well.
The change is to ensure that images can be pulled without a Docker Hub rate limit even if the JupyterHub organization on Docker Hub wouldn’t be sponsored by Docker Hub in the future, something we need to apply for each year.
Enhancements made#
Pull images from
singleuser.profileList
found inprofile_options.choices
#3217 (@manfuin, @consideRatio, @yuvipanda)
Maintenance and upkeep improvements#
Update jupyterhub/configurable-http-proxy version from 4.6.0 to 4.6.1 #3275 (@jupyterhub-bot, @consideRatio)
Publish to Docker Hub alongside Quay.io #3272 (@consideRatio, @minrk)
Update oauthenticator from 16.1.1 to 16.2.0, kubespawner from 6.1.0 to 6.2.0, and kubernetes-asyncio from 27.6.0 to 28.2.1 #3270 (@jupyterhub-bot, @consideRatio)
Update kube-scheduler version from v1.26.9 to v1.26.11 #3269, #3255 (@jupyterhub-bot, @consideRatio)
Use quay.io as source of docker images #3254 (@yuvipanda, @minrk, @manics, @mathbunnyru)
Update library/traefik version from v2.10.4 to v2.10.5 #3248 (@jupyterhub-bot, @consideRatio)
Documentation improvements#
Document k8s cluster setup using minikube (for learning and development) #3260 (@rgaiacs, @consideRatio)
Move note box to before list of cloud providers. #3259 (@rgaiacs, @consideRatio)
Continuous integration improvements#
ci: fetch stable/dev releases using helm show to avoid cache issues #3256 (@consideRatio)
Contributors to this release#
The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.
(GitHub contributors page for this release)
@consideRatio (activity) | @elferherrera (activity) | @jupyterhub-bot (activity) | @manfuin (activity) | @manics (activity) | @mathbunnyru (activity) | @minrk (activity) | @rgaiacs (activity) | @vizeit (activity) | @yuvipanda (activity)
3.1#
3.1.0 - 2023-09-29#
Post-upgrade action recommended
A bug in KubeSpawner 5.0-6.0 present in z2jh 3.0.0-3.0.3 made user server pods risk be orphaned by JupyterHub, making them run indefinitely and cause unnecessary cloud costs.
Read more about how to clean up these user server pods in this forum post.
Notable dependencies updated#
Dependency |
Version in 3.0.3 |
Version in 3.1.0 |
Changelog link |
Note |
---|---|---|---|---|
6.0.0 |
6.1.0 |
Run in the |
||
16.0.7 |
16.1.0 |
Run in the |
||
4.5.6 |
4.6.0 |
Run in the |
Dependency updates#
Update jupyterhub/configurable-http-proxy version from 4.5.6 to 4.6.0 #3224 (@jupyterhub-bot, @manics)
Update kube-scheduler version from v1.26.8 to v1.26.9 #3220 (@jupyterhub-bot, @manics)
Update oauthenticator from 16.0.7 to 16.1.0, and kubespawner from 6.0.0 to 6.1.0 #3234 (@jupyterhub-bot, @consideRatio)
Update kubernetes_asyncio from 25.11.0 to 26.9.0 #3233 (@jupyterhub-bot, @consideRatio)
Update kubernetes_asyncio from 24.2.3 to 25.11.0 #3228 (@jupyterhub-bot, @consideRatio)
Documentation improvements#
docs: fix changelog date entry for 3.0.3 #3211 (@consideRatio)
Contributors to this release#
The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.
(GitHub contributors page for this release)
@consideRatio (activity) | @manics (activity) | @shaneknapp (activity) | @yuvipanda (activity)
3.0#
3.0.3 - 2023-08-29#
Includes a bugfix from the OAuthenticator project for users of
GoogleOAuthenticator with hosted_domain
and admin_users
configured. See the
oauthenticator changelog for details.
Bugs fixed#
Update oauthenticator from 16.0.6 to 16.0.7 #3207 (@jupyterhub-bot, @consideRatio)
3.0.2 - 2023-08-17#
Includes a bugfix from the OAuthenticator project for users that have
enable_auth_state
enabled with the Google, Globus, or BitBucket OAuthenticator
class. See the oauthenticator changelog for details.
Bugs fixed#
Update oauthenticator from 16.0.5 to 16.0.6 #3203 (@jupyterhub-bot, @consideRatio)
3.0.1 - 2023-08-15#
Bugs fixed#
Update oauthenticator from 16.0.4 to 16.0.5 and tornado from 6.3.2 to 6.3.3 #3199 (@jupyterhub-bot, @consideRatio)
Documentation improvements#
docs: fix the jupyterhub managed service example’s networking rules #3200 (@Ph0tonic, @consideRatio)
Contributors to this release#
The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.
3.0.0 - 2023-08-11#
This release updates JupyterHub itself and several dependencies to a new major version, please read the breaking changes below before upgrading.
Breaking changes since beta releases
Since 3.0.0-beta.1 OAuthenticator was upgraded, and since 3.0.0-beta.3 default networking rules related to establishing connections to DNS ports changed slightly.
Breaking changes#
K8s 1.23 is now required.
The Helm chart’s provided images now use Python 3.11 instead of Python 3.9.
JupyterHub 3.0.0 is upgraded to 4.0.2.
Please refer to the JupyterHub changelog for details, but note that this upgrade doesn’t require user servers to be restarted or that the user environments have version 4 of
jupyterhub
(PyPI) orjupyterhub-base
(conda-forge).
KubeSpawner 4.2.0 is upgraded to 6.0.0
Please read to the KubeSpawner changelog’s breaking changes and be aware that configuring
singleuser.extraEnv
is to configureKubeSpawner.environment
, and to configuresingleuser.profileList
is to configureKubeSpawner.profile_list
.
OAuthenticator 15.1.0 is upgraded to 16.0.4.
If you are using a JupyterHub Authenticator class from this project, please read to the OAuthenticator changelog’s breaking changes before upgrading this Helm chart.
TmpAuthenticator 0.6 is upgraded to 1.0.0
If you are using this JupyterHub Authenticator class, please read to the TmpAuthenticator changelog’s breaking changes before upgrading this Helm chart.
Predefined NetworkPolicy egress allow rules
dnsPortsCloudMetadataServer
anddnsPortsKubeSystemNamespace
are introduced and enabled by default for the chart’s NetworkPolicy resources.
Notable dependencies updated#
Dependency |
Version in 2.0.0 |
Version in 3.0.0 |
Changelog link |
Note |
---|---|---|---|---|
3.0.0 |
4.0.2 |
Run in the |
||
4.2.0 |
6.0.0 |
Run in the |
||
15.1.0 |
16.0.4 |
Run in the |
||
1.3.2 |
1.3.2 |
Run in the |
||
1.2.0 |
1.6.1 |
Run in the |
||
1.1.0 |
1.2.0 |
Run in the |
||
0.6 |
1.0.0 |
Run in the |
||
1.2.1 |
1.2.1 |
Run in the |
||
4.5.3 |
4.5.6 |
Run in the |
||
v2.8.4 |
v2.10.4 |
Run in the |
||
v1.23.10 |
v1.26.7 |
Run in the |
For a detailed list of Python dependencies in the hub
Pod’s Docker image,
inspect the images/hub/requirements.txt file and use its git history to see
what changes between tagged versions.
New features added#
Add and enable two egressAllowRules to ensure DNS access #3179 (@consideRatio, @yuvipanda, @vizeit)
Add a jupyterhub/k8s-hub-slim image alongside jupyterhub/k8s-hub #2920 (@consideRatio)
Enhancements made#
Allow
enabled
config, for use by charts depending on this chart conditionally #3162 (@monoakg, @consideRatio, @manics)
Bugs fixed#
Fix bugs related to installing chart multiple times in the same namespace #3032 (@HoseonRyu)
Maintenance and upkeep improvements#
maint: restrict allowed config with blockWithIpTables, add misc docs #3192 (@consideRatio, @minrk)
Update kubespawner 5.0.0 to 6.0.0, tmpauthenticator 0.6 to 1.0.0, nativeauthenticator 1.2.0 to 1.2.1, ltiauthenticator 1.5.0 to 1.5.1 #3129 (@jupyterhub-bot)
Update kube-scheduler in user-scheduler from 1.25.9 to 1.26.4 #3114 (@consideRatio)
Bump to kubespawner 5.0.0 and tornado 6.3 #3095 (@jupyterhub-bot)
Drop support for k8s 1.22 #3092 (@consideRatio)
refactor: rename schema.yaml to values.schema.yaml #3090 (@consideRatio)
dependabot: monthly updates of github actions #3085 (@consideRatio)
Bump to 3.0.0-0.dev #3084 (@yuvipanda)
Refactor of image-awaiter’s dockerfile #3078 (@alekseyolg)
Update jupyterhub from 3.1.1 to 4.0.0b1 #3045 (@jupyterhub-bot)
Drop support for k8s 1.21 #3041 (@consideRatio)
pre-commit: add flake8 and fix details #2940 (@consideRatio)
Drop support for k8s 1.20 #2936 (@consideRatio)
Upgrade from python 3.9 to 3.11 in hub and singleuser-sample for performance #2919 (@yuvipanda)
Switch from deprecated k8s.gcr.io to registry.k8s.io #2910 (@consideRatio)
secret sync image: use python 3.9 #2886 (@consideRatio)
values.yaml: fix link to configurable-http-proxy releases #2881 (@manics)
Documentation improvements#
Add deprecation warning for
kube-lego
(https certificates) #3186 (@Ph0tonic, @consideRatio)docs: let auth docs link to authenticator specific docs #3151 (@consideRatio)
Enhance keycloak configuration example #3142 (@LucasVanHaaren)
Show default value in configuration reference #3138 (@manics)
Remove double word cluster in installation.md #3119 (@cbowman0)
Clarify
hub.config
can configure KubeSpawner and more #3104 (@JunaidChaudry)docs: fix readme badge for tests #3094 (@consideRatio)
DOC: Fix invalid names in configuration examples #3069 (@ChristofKaufmann)
Replace microk8s with generic self-hosted doc #3055 (@manics)
Revert https://app.gitter.im/#/room/#jupyterhub_jupyterhub:gitter.im … #3050 (@manics)
Use jupyterhub docs
stable
instead oflatest
#3049 (@manics)docs: Replace most permanent-redirects from linkcheck #3048 (@manics)
docs: user-env default image is not base-image #3047 (@manics)
docs: Update custom image docs to reflect root requirement #3003 (@pnasrat)
Documentation fix for running k8s-singleuser-sample locally #3002 (@pnasrat)
note at line 554 did not render correctly #2987 (@aaronjnewman)
docs: AWS master node size needs to be larger than micro #2956 (@arunppsg)
docs: update of readthedocs config and docs/source/conf.py #2909 (@consideRatio)
docs: Remove unreleased reverted change from 2.0.0 release changelog #2893 (@Uular)
docs: backfill early changelog entries based on git tags and github releases #2862 (@consideRatio)
Continuous integration improvements#
ci: fix deprecation of set-output and use ubuntu 22.04 and py311 #3068 (@consideRatio)
ci: fix for redirect to hub.jupyter.org #3015 (@consideRatio)
ci: fix vuln-scan regression following set-output deprecation #2984 (@consideRatio)
ci: fix deprecation of set-output in github workflows #2943 (@consideRatio)
ci: minimize yamllint-config.yaml’s complexity #2939 (@consideRatio)
ci: minor refactoring/updates of tools #2938 (@consideRatio)
ci: bump docker action versions to v2 from v2.x.y #2914 (@consideRatio)
ci: enable buildkit for vuln scan workflow as needed for –mount #2885 (@consideRatio)
ci: Auto-create GitHub release when repo is tagged #2883 (@manics)
Contributors to this release#
The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.
(GitHub contributors page for this release)
@aaronjnewman (activity) | @alekseyolg (activity) | @arunppsg (activity) | @betatim (activity) | @bjornjorgensen (activity) | @cbowman0 (activity) | @choldgraf (activity) | @ChristofKaufmann (activity) | @consideRatio (activity) | @dasantonym (activity) | @DeepSkyWonder (activity) | @ebebpl (activity) | @HoseonRyu (activity) | @iandesj (activity) | @IceS2 (activity) | @JunaidChaudry (activity) | @jupyterhub-bot (activity) | @kanor1306 (activity) | @LucasVanHaaren (activity) | @manics (activity) | @mathbunnyru (activity) | @mdlincoln (activity) | @minrk (activity) | @monoakg (activity) | @Ph0tonic (activity) | @pnasrat (activity) | @Uular (activity) | @vizeit (activity) | @xcompass (activity) | @yuvipanda (activity)
2.0#
2.0.0 - 2022-09-09#
Highlights#
Z2JH 2.0.0 is the first major release since 1.0.0 was released in June 2021, and contains major upgrades to all JupyterHub components, including a jump directly from JupyterHub 1 to JupyterHub 3.
JupyterHub 2 and 3 includes new RBAC support allowing fine-grained access control to hub services and servers.
JupyterLab, the next-generation Notebook interface, is now the default interface seen by users. This brings a full development environment with a large number of extensions developed by the Jupyter community.
This release also includes several smaller changes that help Z2JH interface better with the rest of the Jupyter community such as not overriding a Docker image’s command, and using standard Helm chart parameter names to match with other Helm charts. Although these are breaking changes they will greatly improve the maintainability of the JupyterHub chart in future, and should also make it easier for new users to get started.
Security: breaking change to *.networkPolicy.egress
#
If you have configured any of:
hub.networkPolicy.egress
proxy.chp.networkPolicy.egress
proxy.traefik.networkPolicy.egress
singleuser.networkPolicy.egress
you must review your configuration as additional default egress routes have been added. See Security: breaking change to *.networkPolicy.egress for details.
Upgrade instructions#
Please read through all breaking changes, then follow the upgrading guide.
Breaking changes#
These breaking changes have been made relative to the 1.* series of Z2JH releases:
Security: breaking change to
*.networkPolicy.egress
JupyterHub upgraded from 1.x to 3.x along with related hub components
JupyterLab and Jupyter Server is now the default singleuser application
Configuration in
jupyterhub_config.d
has a higher priority thanhub.config
#2457User scheduler plugin configuration has changed to match
kubescheduler.config.k8s.io/v1beta3
#2590Kubernetes version 1.20+ is required #2635
hub.fsGid
is replaced byhub.podSecurityContext
#2720Hub image is based on Debian instead of Ubuntu #2733
Disabling RBAC requires setting multiple properties,
rbac.enable
is removed #2736 #2739
For information on how to update your configuration see the Major upgrade: 1.* to 2.* guide.
Notable dependencies updated#
Dependency |
Version in 1.2.0 |
Version in 2.0.0 |
Changelog link |
Note |
---|---|---|---|---|
1.4.2 |
3.0.0 |
Run in the |
||
1.1.0 |
4.2.0 |
Run in the |
||
14.2.0 |
15.1.0 |
Run in the |
||
1.3.2 |
1.3.2 |
Run in the |
||
1.0.0 |
1.2.0 |
Run in the |
||
0.0.7 |
1.1.0 |
Run in the |
||
1.1 |
1.2.1 |
Run in the |
||
4.5.0 |
4.5.3 |
Run in the |
||
v2.4.11 |
v2.8.4 |
Run in the |
||
v1.19.13 |
v1.23.10 |
- |
Run in the |
For a detailed list of Python dependencies in the hub
Pod’s Docker image, inspect the images/hub/requirements.txt file and use its git history to see what changes between tagged versions.
New features added#
Add
labels
config forscheduling.userScheduler
,scheduling.userPlaceholder
, andprePuller
#2791 (@ruben-rodriguez)Add scheduling.userScheduler.annotations #2763 (@joncotton)
Add scheduling.userPlaceholder.annotations #2762 (@joncotton)
Add
.create
and.name
to serviceAccount config, and decouplerbac.enable
from the service accounts #2736 (@dingobar, @consideRatio, @desaintmartin)breaking: add hub.podSecurityContext, remove hub.fsGid #2720 (@consideRatio, @yuvipanda)
Add singleuser.allowPrivilegeEscalation for KubeSpawner 2+ #2713 (@consideRatio, @yuvipanda)
Add
proxy.traefik.extraInitContainers
config #2670 (@gregingenii, @yuvipanda)Support idle culler –cull-admin-users #2578 (@manics, @consideRatio)
Unset
singleuser.cmd
, previouslyjupyterhub-singleuser
, to instead rely on the image’s CMD by default #2449 (@minrk, @consideRatio, @manics, @meeseeksmachine)
Enhancements made#
Enable parent chart’s (binderhub etc) to use imagePullSecrets helper #2546 (@consideRatio, @manics)
Add hub.loadRoles configuration #2405 (@consideRatio, @manics)
Add ingress.ingressClassName config option #2403 (@consideRatio)
Bugs fixed#
Fix user-scheduler backward compatibility for AWS EKS #2807 (@a3626a)
Fix for PDBs in k8s 1.20 #2727 (@consideRatio, @geoffo-dev)
Enable image-puller pods to evict user-placeholder pods #2681 (@consideRatio, @yuvipanda, @a3626a)
Fix failure to respect proxy.secretSync.resources configuration #2628 (@jhowton-restor3d, @consideRatio)
Remove typo “ in schema.yaml #2603 (@manics, @consideRatio)
match config load priority for jupyterhub_config.d files and hub.extraConfig #2457 (@minrk, @consideRatio, @MLobo1997)
idle-culler: fix the new restricted scopes to include read:servers #2446 (@consideRatio, @snickell)
Add config singleuser.networkTools.resources - all containers must have configurable resources #2439 (@consideRatio)
Fix implementation of restricted scopes for jupyterhub-idle-culler #2434 (@consideRatio)
Fix proxy pod’s liveness/readiness probes to be fully configurable #2421 (@consideRatio, @mriedem)
Maintenance and upkeep improvements#
hub image: remove workaround for ruamel.yaml.clib on aarch64 #2846 (@consideRatio)
Make the singleuser-sample image use python:3.9-slim-bullseye as a base image to retain arm64 support #2845 (@minrk)
Restore jupyterhub-singleuser as the default command #2820 (@minrk)
Reverted unreleased breaking change: Default to using the container image’s command instead of
jupyterhub-singleuser
#2449
Adjust kerning on large JupyterHub in NOTES.txt #2787 (@manics)
hub image: remove wheel building aarch64 workaround for pycryptodomex #2766 (@consideRatio)
hub image: downgrade to ltiauthenticator 1.2.0 #2741 (@consideRatio)
breaking, maint: replace rbac.enabled with rbac.create #2739 (@consideRatio, @yuvipanda)
breaking: hub image ubuntu->debian, py38->py39,
build-essential
removed,--build-arg PIP_OVERRIDES=...
removed, images/hub/dependencies removed #2733 (@consideRatio, @yuvipanda, @minrk)maint: update import statement for py310 compatibility #2732 (@consideRatio)
maint: add pre-commit isort hook, and let pyupgrade assume py38+ in hub container #2730 (@consideRatio, @yuvipanda)
Bump versions of image-awaiter dependencies #2725 (@yuvipanda, @consideRatio)
maint: cleanup deprecation warning introduced in 0.10.0 (assume users upgrade to v2 from v1) #2719 (@consideRatio)
Update pause version from 3.6 to 3.7 #2700 (@github-actions, @consideRatio)
Update kube-scheduler version from v1.23.4 to v1.23.6 #2699 (@github-actions, @consideRatio)
Update library/traefik version to v2.6.6 #2695 (@github-actions, @consideRatio)
Require k8s 1.20+ and small cleanups based on assuming it #2635 (@consideRatio, @yuvipanda)
Use chart logo from https://jupyterhub.github.io/helm-chart #2604 (@manics, @consideRatio)
Update user-scheduler’s kube-scheduler binary and config when in k8s clusters versioned >=1.21 #2590 (@consideRatio, @manics)
image-awaiter: fix known vulns. by updating to golang:1.17 in image build stage #2562 (@nreith, @consideRatio)
Improved nodeSelector formatting in template #2554 (@ostapkonst, @consideRatio)
Remove workaround to have PriorityClass resources as helm hooks #2526 (@consideRatio)
deps: update traefik, kube-scheduler, and pause image #2524 (@consideRatio)
refactor: move doc to docs, use _build instead of build #2521 (@consideRatio, @manics)
breaking: add …networkPolicy.egressAllowRules and don’t allow singleuser pods to access PrivateIPv4 addresses by default #2508 (@yuvipanda, @consideRatio, @manics, @minrk, @choldgraf)
Update with changes introduced in 1.1.4 security patch #2459 (@consideRatio, @minrk)
Add missing default values for proxy pod’s probes #2423 (@consideRatio, @mriedem)
Update NOTES.txt #2411 (@consideRatio, @yuvipanda)
Use f-strings instead of the % pattern #2408 (@consideRatio, @manics)
Remove breaking change messages relevant for upgrading to 1.0.0 #2397 (@consideRatio, @yuvipanda)
Pin jupyterhub==2.0.0b1 and refreeze dependencies #2396 (@consideRatio)
Tighten permissions for jupyterhub-idle-culler #2395 (@consideRatio, @minrk, @manics)
pre-commit: add and run pyupgrade #2394 (@consideRatio)
Documentation improvements#
Update docs to reflect Azure 2022 process #2823 (@Sieboldianus)
docs: fix misc link redirects #2816 (@consideRatio)
Replace jhub with
for consistency #2815 (@rickwierenga) Add breaking KubeSpawner changes to upgrade-1-to-2 #2810 (@manics)
docs: fix most broken links in changelog #2790 (@consideRatio)
Fix
redirected permanently
linkcheck apart from changelog #2789 (@manics)docs: remove broken links and use https over http in a few #2775 (@consideRatio)
docs: transition rST based glossary to MyST #2770 (@consideRatio)
docs: move changelog from pure markdown to sphinx based docs #2769 (@consideRatio)
docs: update notes about building wheels in build stage #2742 (@consideRatio)
Fix link to authentication guide when viewed via GitHub’s UI #2740 (@jdmcbr, @consideRatio)
Add opengraph tags #2717 (@manics, @consideRatio, @choldgraf)
docs: how to adjust profile_list dynamically based on user etc #2697 (@consideRatio, @choldgraf)
proxy.service.type
: link directly to k8s docs #2672 (@manics, @consideRatio)docs: Remove a false promise regarding CHOWN_HOME #2640 (@dmigo, @yuvipanda)
Fix broken internal references in docs #2600 (@consideRatio)
docs: fix syntax error in note directive #2568 (@sunu, @consideRatio)
Corrected datascience to Data Science. #2560 (@Adam-Antios, @consideRatio)
docs: fix broken anchor in link #2547 (@consideRatio)
Use chart logo from this repo #2544 (@manics, @consideRatio)
Replace zone to allowedTopologies #2543 (@kindomLee, @consideRatio)
DOC: Expand IAM abbreviation for comprehensibility #2535 (@raybellwaves, @consideRatio)
Don’t pin example jupyter/minimal-notebook #2522 (@manics, @consideRatio)
Link to Discourse instead of the mailing list #2519 (@manics, @consideRatio)
DOC: add extra AWS ssh info #2518 (@raybellwaves, @manics, @consideRatio)
docs: document
singleuser.someConfig
by linking toKubeSpawner.some_config
docs #2517 (@manics, @consideRatio)Document how to disable some labextensions with config #2516 (@yuvipanda, @consideRatio)
DOC: instructions for role creation in AWS #2514 (@raybellwaves, @consideRatio)
Update MetalLB section in step-zero-microk8s.md #2511 (@wyphan, @consideRatio)
Fix docs typo #2489 (@mriedem, @consideRatio)
Add changelog for 1.2.0 #2480 (@consideRatio)
docs: fix syntax errors with directives #2478 (@consideRatio)
docs: fix failure to show correct version #2474 (@consideRatio)
Fix indentation in local-storage-dir.yaml #2443 (@timotk, @consideRatio)
auth rework: update forgotten documentation #2438 (@abdelq, @consideRatio)
Minor fixes to the Microk8s documentation #2436 (@mike-matera, @consideRatio)
Fixes broken link in chart docs #2432 (@joraff, @consideRatio)
Retrospectively add breaking change to changelog entry 0.10.0 #2410 (@consideRatio, @manics)
Update links that redirected #2409 (@consideRatio, @manics)
example configurations for UI choices #2398 (@minrk, @consideRatio, @manics, @willingc)
Add changelog for 1.1.3 #2361 (@consideRatio, @sgibson91)
Documenting Microk8s cluster type. #2334 (@mike-matera, @consideRatio)
Continuous integration improvements#
ci: workaround intermittent test failures pending upstream fix in k3s #2800 (@consideRatio)
ci: fix permissions for vuln scan workflow #2754 (@consideRatio)
ci: revert mistakenly added temp debugging change #2753 (@consideRatio)
ci: add a refreeze requirements.txt job and use dedicated gha env #2748 (@consideRatio)
ci: reduce frequency of gha/vuln bumps #2729 (@consideRatio)
ci: don’t trigger 2x tests on bump automation PRs #2711 (@consideRatio)
ci: use jupyterhub-bot PAT to trigger github workflow on opened PRs #2709 (@consideRatio, @sgibson91)
ci: fix syntax error in dependabot config #2707 (@consideRatio)
ci: followup tweaks to dependency bumping automation #2703 (@consideRatio, @sgibson91)
ci: automatically bump kube-scheduler and pause image tags #2698 (@consideRatio, @sgibson91)
ci: add automation to bump jupyterhub version and refreeze deps while doing it #2696 (@consideRatio, @sgibson91)
ci: add automation to update chp and traefik images #2694 (@consideRatio, @sgibson91)
ci: add support bot #2618 (@manics, @consideRatio, @minrk)
ci: remove conditional tmate debugging session action #2584 (@consideRatio, @manics)
ci: test against k8s 1.23 #2548 (@consideRatio)
ci: remove workaround installing six #2527 (@consideRatio)
ci: vuln-scan, adjust to changes in trivy’s json output #2463 (@consideRatio)
ci: don’t re-install yq - its already available #2440 (@consideRatio)
ci: don’t run twice for pre-commit PRs #2425 (@consideRatio)
ci: update shellcheck #2420 (@consideRatio, @manics)
ci: refresh circleci config #2418 (@consideRatio, @manics)
ci: test against k8s 1.22 #2404 (@consideRatio)
ci: use PVCs when testing upgrades #2401 (@manics, @consideRatio)
ci: remove no longer needed arm test adjustment #2376 (@consideRatio, @manics)
Contributors to this release#
(GitHub contributors page for this release)
@a3626a | @abdelq | @Adam-Antios | @alex-g-tejada | @AlexChung1995 | @BertR | @betatim | @bjornarfjelldal | @chancez | @choldgraf | @consideRatio | @cslovell | @delamart | @dependabot | @dhirschfeld | @dingobar | @dmigo | @Economax | @ellisonbg | @GeorgianaElena | @gregingenii | @gsemet | @jdmcbr | @jhowton-restor3d | @joncotton | @joraff | @jupyterhub-bot | @kindomLee | @lucianolacurcia | @lud0v1c | @manics | @matthew-brett | @mcberma | @mgobec | @mike-matera | @minrk | @MLobo1997 | @mriedem | @nreith | @ostapkonst | @pre-commit-ci | @pvanliefland | @raybellwaves | @remche | @rickwierenga | @ruben-rodriguez | @sgibson91 | @Sieboldianus | @snickell | @srggrs | @sunu | @theomper | @timotk | @willingc | @wyphan | @yuvipanda
1.2#
1.2.0 - 2021-11-04#
Security release! Updates JupyterHub to 1.5 to address a moderate security vulnerability affecting JupyterLab users, where logout may not always fully clear credentials from the browser if multiple sessions are open at the time.
A few small features are backported from the upcoming 2.0 release as well. See the release notes for more.
Because the vulnerability is in the single-user environment, you can get the fix in existing deployments by upgrading JupyterHub to 1.5 in your user environment without updating the rest of your chart.
Similarly, upgrading the chart without also upgrading JupyterHub to 1.5 in your user environment will not fix the vulnerability.
JupyterHub 1.5 in the user environment is fully compatible with a Hub running 1.4, and vice versa.
1.1#
1.1.4 - 2021-10-28#
Security release! 1.1.4 release fixes a critical security vulnerability in jupyterhub-firstuse authenticator. If you are not using firstuseauthenticator, you are not affected.
1.1.3 - 2021-08-25#
Maintenance and upkeep improvements#
refactor: remove redundant trimSuffix of new lines after toYaml #2358 (@consideRatio)
build(deps): bump pycurl from 7.44.0 to 7.44.1 in /images/hub #2352 (@dependabot)
build(deps): bump oauthenticator from 14.1.0 to 14.2.0 in /images/hub #2350 (@dependabot)
build(deps): bump pycurl from 7.43.0.6 to 7.44.0 in /images/hub #2347 (@dependabot)
Documentation improvements#
Add docs on GitHub team authentication #2349 (@j0nnyr0berts)
Contributors to this release#
1.1.2 - 2021-08-05#
Bugs fixed#
Documentation improvements#
docs: fix weird helm upgrade example #2331 (@hiroki-sawano)
Contributors to this release#
1.1.1 - 2021-07-22#
Bugs fixed#
fix hub.services schema regression from 1.1.0 #2327 (@consideRatio)
Continuous integration improvements#
ci: misc fixes post 1.1.0 #2326 (@consideRatio)
1.1.0 - 2021-07-21#
Highlights#
hub.services api tokens are now generated
The Helm chart now automatically seeds registered services under
hub.services
with an api token. This is especially helpful for Helm charts depending on this Helm chart such asbinderhub
ordaskhub
, for more details see thehub.services
entry in the configuration reference.Full arm64 compatebility
The Helm chart is fully arm64 compatible, even the
singleuser.image
that previously wasn’t.
Breaking changes#
This breaking change only concerns someone that has configured
hub.services.<some-key>.name=<some-name>
so that <some-key>
is different
from <some-name>
. In that case, the key in the k8s Secret exposing the
registered service’s api token is now named hub.services.<some-key>.apiToken
instead of hub.services.<some-name>.apiToken
.
Notable dependencies updated#
Dependency |
Version in 1.0.0 |
Version in 1.1.0 |
Changelog link |
Note |
---|---|---|---|---|
1.4.1 |
1.4.2 |
Run in the |
||
1.0.0 |
1.1.0 |
Run in the |
||
14.0.0 |
14.1.0 |
Run in the |
||
1.3.2 |
1.3.2 |
Run in the |
||
1.0.0 |
1.0.0 |
Run in the |
||
0.0.7 |
0.0.7 |
Run in the |
||
1.1 |
1.1 |
- |
Run in the |
|
4.4.0 |
4.5.0 |
Run in the |
||
v2.4.8 |
v2.4.11 |
Run in the |
||
v1.19.11 |
v1.19.13 |
- |
Run in the |
For a detailed list of how Python dependencies have change in the hub
Pod’s Docker image, inspect the images/hub/requirements.txt file.
New features added#
Enhancements made#
Add support for arm64 in singleuser-sample image #2316 (@consideRatio)
Seed hub.services’ apiTokens #2312 (@consideRatio)
Bugs fixed#
Allow CHP to function in a IPv4 only and/or IPv6 only context #2318 (@consideRatio)
fix schema: accept proxy.traefik.extra[Static|Dynamic]Config #2317 (@consideRatio)
fix: bug if z2jh is used as a dependency with an alias #2310 (@consideRatio)
Fix failure to set imagePullSecrets for user-placeholder pods (scheduling.userPlaceholder.image config added) #2293 (@michaellzc)
Maintenance and upkeep improvements#
build(deps): bump jupyterhub-kubespawner from 1.0.0 to 1.1.0 in /images/hub #2324 (@dependabot)
Bump CHP version to 4.5.0 #2321 (@consideRatio)
build(deps): bump oauthenticator from 14.0.0 to 14.1.0 in /images/hub #2320 (@dependabot)
Bump patch version of: traefik, kube-scheduler, pause #2315 (@consideRatio)
build(deps): bump jupyterhub from 1.4.1 to 1.4.2 in /images/hub #2314 (@dependabot)
Remove deprecation logic for hub.extraConfig as a string #2307 (@consideRatio)
hub image: run apt-get upgrade by default to patch known vulns #2304 (@consideRatio)
Documentation improvements#
Add changelog for 1.0.1 #2287 (@consideRatio)
Docs clarification culling behavior and configs #2267 (@cdibble)
Continuous integration improvements#
ci: improve lint-and-validate-values.yaml coverage #2309 (@consideRatio)
Contributors to this release#
(GitHub contributors page for this release)
@cdibble | @consideRatio | @jtrouth | @mallman | @manics | @michaellzc | @minrk | @yuvipanda
1.0#
1.0.1 - 2021-06-25#
Bugs fixed#
Relax extraEnv schema to allow for array values #2289 (@consideRatio)
Relax hub.db.type schema to accept unknown database types #2285 (@consideRatio)
templates: quote namespace in case they are only contain numbers #2284 (@consideRatio)
Fix fullnameOverride for Ingress & PriorityClass resources #2251 (@v1r7u)
Maintenance and upkeep improvements#
Bump traefik from 2.4.8 to 2.4.9 #2288 (@consideRatio)
singleuser-sample image: bump base image to reduce known vulns #2286 (@consideRatio)
schema: force labels and annotations to be strings #2283 (@consideRatio)
build(deps): bump nbgitpuller from 0.10.0 to 0.10.1 in /images/singleuser-sample #2279 (@dependabot)
hub image: add sqlalchemy-cocroachdb dependency #2262 (@weisdd)
build(deps): bump psycopg2-binary from 2.8.6 to 2.9.1 in /images/hub #2259 (@dependabot)
build(deps): bump nbgitpuller from 0.9.0 to 0.10.0 in /images/singleuser-sample #2247 (@dependabot)
Documentation improvements#
docs: de-hardcode mentioned minimum helm version #2272 (@consideRatio)
added AWS EKS cluster scaling/auto-scaling documentation for z2jh #2268 (@cdibble)
Add participation in study notice to readme #2248 (@sgibson91)
Update 1.0.0-beta.1 changelog entry to 1.0.0 #2245 (@consideRatio)
Continuous integration improvements#
Transition to use pre-commit hook in jupyterhub/chartpress #2278 (@consideRatio)
Contributors to this release#
(GitHub contributors page for this release)
@cdibble | @consideRatio | @dependabot | @enolfc | @manics | @minrk | @sgibson91 | @v1r7u | @weisdd
1.0.0 - 2021-06-09#
This release includes a security announcement, breaking changes, several new features, and more. Please read through this to be able to help yourself and others upgrade successfully.
As of the 1.0.0 version of this Helm chart, we aim to follow SemVer 2 versioning scheme where breaking changes, new features, and small bugfixes will increment the three version numbers.
Highlights#
arm64 compatible images
All images except the user image (
singleuser.image
) now support the arm64 architecture. This allows this Helm chart to be installable on a RaspberryPi based k8s cluster.hub.extraFiles
andsingleuser.extraFiles
Have you wanted to mount various files to the hub pod or the user pods, such as a configuration file or similar? While this could be done by creating a dedicated ConfigMap that was mounted etc before, you don’t need to go through that trouble.
Read more in the configuration reference.
Automatic secret generation
Are you explicitly passing
proxy.secretToken
,hub.config.CryptKeeper.keys
,hub.config.JupyterHub.cookie_secret
? Do it one more time when upgrading to 1.0.0! After that, they will be stored away in a k8s Secret and reused.If you install 1.0.0 from scratch, those will be automatically generated for you if you don’t specify them.
Smoother helm upgrades
prePuller.hook.pullOnlyOnChanges
is now available and enabled by default, which only intercepts ahelm upgrade
by pulling images if they have changed since the last upgrade.The
proxy
pod were sometimes restarted when it wasn’t needed and that could cause needless disruptions for users. This is now fixed.
fullnameOverride
andnameOverride
These options let you control the naming of the k8s resources created by the Helm chart, but should not be used unless you install from scratch.
Read more in the configuration reference.
Referencing resources from a parent Helm chart’s templates
Are you a developer of a Helm chart that depends on this Helm chart, and you want to reference a k8s resource by name from one of your Helm templates?
Learn how to do it the recommended way by reading this documentation.
Security announcement#
The documentation for how to setup a Amazon EKS cluster included an insecure
step that would give anyone access to the Kubernetes cluster. If you have
followed these instructions between 0.7.0-beta.1
and 0.11.1
, please see the
this post in the Jupyter forum.
Breaking changes#
Kubernetes 1.17+ and Helm 3.5+ are now required
Helm 3 (3.5+) is now required. Helm 2 reached end of life last year and we have started relying on Helm 3.5 specific features.
Kubernetes 1.17+ is now required. It helped us avoid maintaining two separate sets of implementations for the the user-scheduler.
Schema validation of chart config (#2033, #2200)
The Helm chart now bundles with a
values.schema.json
file that will validate all use of the Helm chart during template rendering. If the Helm chart’s passed values doesn’t comply with the schema, thenhelm
will error before the k8s api-server has become involved and anything has changed in the k8s cluster.The most common validation errors are:
Unrecognized config values
For example if you have misspelled something.
Note that if you want to pass your custom values for inspection by custom logic in the hub pod, then you should pass these values via the
custom
config section where anything will be accepted.Recognized config values with the wrong type
For example if you have passed a numerical value to a configuration that expected a string.
Breaking changes to config (#2211)
As the Helm chart has evolved over time, configuration options have been renamed and changed in various ways. With the release of 1.0.0, we enforce a transition from various old configuration options to new that have previously been ignored or accepted.
If you are using outdated configuration options you will be informed about it before any changes have been made to your deployment of the Helm chart.
Default resource requests are no longer set (#2034, #2226)
The helm chart now follows a common Helm chart practice by not setting default resource requests or limits.
To help in this transition, there is documentation with some guidance on setting explicit resource requests available here.
If you want to restore the previous behavior, you can explicitly set the resource requests like below.
hub: resources: requests: cpu: 200m memory: 512Mi proxy: chp: resources: requests: cpu: 200m memory: 512Mi scheduling: userScheduler: resources: requests: cpu: 50m memory: 256Mi prePuller: resources: requests: cpu: 0 memory: 0 hook: resources: requests: cpu: 0 memory: 0
KubeSpawner and deletion of PVCs (jupyterhub#3337, kubespawner#475)
Deleting a user in JupyterHub’s admin interface (/hub/admin) or removing a named server will now lead to the deletion of the user’s or named server’s dynamically created PVC resource if there was one.
To opt out of this behavior and retain the current behavior where dynamically created PVC resources will remain, set
KubeSpawner.delete_pvc
tofalse
.hub: config: KubeSpawner: delete_pvc: false
Note that this feature relies on both KubeSpawner 1.0.0+ and JupyterHub 1.4.1+ which are included in this release.
hub.existingSecret is reworked (#2042)
See the documentation and pull request #2042 for more details.
configurable-http-proxy statsd metrics removed (#2231)
statsd metrics have been removed in configurable-http-proxy. This will only affect administrators who have overridden the CHP command line arguments as statsd is not supported in the Helm chart. Support for Prometheus metrics will be added in a future release.
Notable dependencies updated#
Dependency |
Version in 0.11.0 |
Version in 1.0.0 |
Changelog link |
Note |
---|---|---|---|---|
1.3.0 |
1.4.1 |
Run in the |
||
0.15.0 |
1.0.0 |
Run in the |
||
0.12.3 |
14.0.0 |
Run in the |
||
1.3.2 |
1.3.2 |
Run in the |
||
1.0.0 |
1.0.0 |
Run in the |
||
0.0.6 |
0.0.7 |
Run in the |
||
1.0 |
1.1 |
- |
Run in the |
|
4.2.2 |
4.4.0 |
Run in the |
||
v2.3.7 |
v2.4.8 |
Run in the |
||
v1.19.7 |
v1.19.11 |
- |
Run in the |
For a detailed list of how Python dependencies have change in the hub
Pod’s Docker image, inspect the images/hub/requirements.txt file.
New features added#
Enable opt-out of hub.jupyter.org/dedicated tolerations #2101 (@kafonek)
Add prePuller.hook.pullOnlyOnChanges flag #2066 (@consideRatio)
values.schema.json ships with chart and configuration reference now covers all options #2033 (@consideRatio)
Allow extraFiles to be injected to hub / singleuser pods and automatically load config in /usr/local/etc/jupyterhub_config.d #2006 (@consideRatio)
Seed secrets (proxy.secretToken, etc) so they don’t have to be manually generated #1993 (@consideRatio)
Support fullnameOverride / nameOverride and reference resources by named templates #1923 (@consideRatio)
Enhancements made#
Add …serviceAccount.annotations config for our k8s ServiceAccounts #2236 (@AndreaGiardini)
allow override of CHP defaultTarget, errorTarget #2079 (@minrk)
Don’t restart the proxy pod with each deploy #2077 (@yuvipanda)
Add option to disable http port on LoadBalancer service #2061 (@tkislan)
Add artificathub.io annotations to Chart.yaml before publishing #2045 (@consideRatio)
Make use of hub.existingSecret sustainable #2042 (@consideRatio)
Allow ingress.hosts to be omitted for a more generic rule #2027 (@consideRatio)
Also pull singleuser.initContainers with pre-puller #1992 (@consideRatio)
Bugs fixed#
fix: prePuller.hook.pullOnlyOnChanges didn’t work, now it does #2174 (@consideRatio)
Fix mixup of hook/continuous-image-puller following recent PR #2100 (@consideRatio)
Fix schema validation for Spawner.cpu/memory limits/guarantees #2070 (@consideRatio)
Support setting resources to null to omit them #2055 (@consideRatio)
pdb: default to maxUnavailable=1 instead of minAvailable=1 #2039 (@consideRatio)
fix: imagePullSecret.enabled to work alongside imagePullSecret.create #2038 (@consideRatio)
hub image build: fix use of PIP_OVERRIDES arg #2036 (@remche)
fix: load only .py files in jupyterhub_config.d folder #2023 (@consideRatio)
Followup fixes to seed secrets PR (#1993) #2016 (@consideRatio)
fix: set tolerations to predefined labels on core pods #2007 (@consideRatio)
Maintenance and upkeep improvements#
Test against k8s 1.21 and avoid deprecation warning for old k8s api policy/v1beta1 #2243 (@consideRatio)
singleuser-sample: update base image #2213 (@consideRatio)
Remove deprecated logic and emit clear messages #2211 (@consideRatio)
refactor: stop manual hex-to-bytes conversion #2209 (@consideRatio)
schema: added details to hub|singleuser.extraFiles #2198 (@consideRatio)
Remove extraneous command from secret-sync image #2182 (@manics)
maint: revert a workaround to make our priorityclass resources helm hooks #2180 (@consideRatio)
enable prePuller.hook.pullOnlyOnChanges by default #2179 (@consideRatio)
inline comment: info about the state used by prePuller.hook.pullOnlyOnChanges #2173 (@consideRatio)
images/hub - a regular run of script: hub/images/dependencies freeze –upgrade #2168 (@consideRatio)
build(deps): bump rsa from 4.6 to 4.7.2 in /images/hub #2167 (@dependabot)
Update NOTES.txt, including removing “alpha” designation #2165 (@manics)
docs: fix docs build for breaking change in sphinx redirection extension #2156 (@consideRatio)
Allow hub pod to manage k8s Secrets/Services for KubeSpawner.internal_ssl #2065 (@thomasv314)
Don’t set default resource requests #2034 (@yuvipanda)
cleanup: remove mistakenly added artifactshub.io config file #2010 (@consideRatio)
refactor: consistently use toYaml with annotations/labels #2008 (@consideRatio)
Require k8s 1.17+ to reduce complexity #2005 (@consideRatio)
refactor: systematically prefer use of with in templates #2003 (@consideRatio)
Specify prometheus.io/port for hub service #2000 (@yuvipanda)
Autoformat bash scripts, yaml files, and markdown files with pre-commit #1996 (@manics)
Remove deprecated user-scheduler config #1995 (@consideRatio)
Require Helm 3 to allow for enhancements #1994 (@consideRatio)
Remove unused nameField helper in _helpers.tpl #1991 (@consideRatio)
Documentation improvements#
docs: fix broken link #2230 (@consideRatio)
docs: add documentation about resource requests #2226 (@consideRatio)
docs: fix syntax error in markdown table #2225 (@consideRatio)
Minor documentation fixes #2206 (@consideRatio)
Add changelog for 1.0.0-beta.1 #2175 (@consideRatio)
docs: we require helm3 not helm2 #2159 (@consideRatio)
fix cluster name for DO installation instructions #2134 (@RyanQuey)
update k8 version for DO to currently available version #2133 (@RyanQuey)
Include customisation under “Administrator Guide” #2123 (@manics)
Update postgres db url dialect in schema docs #2105 (@mriedem)
Don’t hard-code an old tag in customizing/user-environment.md #2090 (@manics)
Fix spawner env injection example. #2062 (@danielballan)
docs: helm3 compliance, avoid specification of chart versions #2054 (@consideRatio)
doc: Update installation docs to refer to current latest version #2040 (@spenczar)
docs: package chart specific README.md with the chart #2035 (@consideRatio)
values.schema.json ships with chart and configuration reference now covers all options #2033 (@consideRatio)
Fix schema.yaml jsonschema syntax errors #2031 (@consideRatio)
Continuous integration improvements#
ci: update publish/test-chart workflow triggers #2212 (@consideRatio)
ci: print pip packages versions for debugging #2210 (@consideRatio)
ci: vuln-scan update, less dedicated actions + warning instead of error #2188 (@consideRatio)
ci: fix permissions of PR creating action #2186 (@consideRatio)
docs/ci: run template tests against least known supported helm version and document that version #2181 (@consideRatio)
ci: accept 1 pod restart but not 2, test against k8s 1.21 #2169 (@consideRatio)
ci: precautions for security, update github_token permissions, pin actions #2163 (@consideRatio)
ci: update network tests as jupyter.org IPs changed #2162 (@consideRatio)
ci: Set author and pin SHA in vuln-scan workflow PR #2153 (@manics)
publish workflow: build amd64 and arm64 prerequisites added #2144 (@consideRatio)
docs/ci: revert docutils pin, myst-parser fixed issue #2141 (@consideRatio)
docs: fix rtd build by pinning docutils #2140 (@consideRatio)
ci: increase test timeout for test reliability #2083 (@consideRatio)
ci: stop accepting test failures in k8s 1.20 #2060 (@consideRatio)
vuln-scan: fix all fixable vulns, and bugfix automation, and bump singleuser-sample #2052 (@consideRatio)
ci: fix Chart.yaml annotations for artifacthub.io image scanning #2049 (@consideRatio)
ci: install pyyaml before publishing to generate json schema #2037 (@consideRatio)
ci: use jupyterhub/action-k8s-await-workloads #2021 (@consideRatio)
ci: stop using –long as chartpress 1.0.0 makes it not needed #2018 (@consideRatio)
ci: use yq to parse version from Chart.yaml and save ~30 seconds #2017 (@consideRatio)
ci: accept k8s 1.20 failures until 1.20.3 is out #2004 (@consideRatio)
Contributors to this release#
(GitHub contributors page for this release)
@agnewp | @bbockelm | @betatim | @choldgraf | @consideRatio | @damianavila | @danielballan | @dependabot | @dhirschfeld | @github-actions | @jabbera | @jgwerner | @kafonek | @manics | @meeseeksmachine | @mhwasil | @michzimny | @MickeyShnaiderman-RecoLabs | @minrk | @mriedem | @NerdSec | @pcfens | @pvanliefland | @remche | @roelbaz | @rommeld | @RyanQuey | @spenczar | @support | @thomasv314 | @tkislan | @willingc | @yobome | @yuvipanda
0.11#
0.11.1 - 2021-01-15#
This release fixes a regression in the Ingress resource and a bump of jupyterhub-nativeauthenticator from 0.0.6 to 0.0.7.
Bugs fixed#
fix: fix of ingress regression and improved testing (@consideRatio)
Maintenance and upkeep improvements#
build(deps): bump jupyterhub-nativeauthenticator from 0.0.6 to 0.0.7 in /images/hub #1988 (@dependabot)
0.11.0 - 2021-01-14#
Please read the security announcement and the breaking changes below, and also note that this is the last release supporting Helm 2 and k8s versions lower than 1.16.
Security announcement#
This release contains the patched version of jupyterhub/oauthenticator which contained a security issue that influenced version 0.10.0 - 0.10.5 (but not 0.10.6) of this Helm chart.
Please don’t use versions 0.10.0 - 0.10.5 and upgrade to 0.10.6 or later. If you are using OAuthenticator, please check your list of users and delete any unauthorized users who may have logged in during usage of version 0.10.0 - 10.10.5.
See the published security advisory for more information, and refer to this forum post to share insights that can be useful to others.
Breaking changes#
auth
configuration moves tohub.config
- #1943Helm chart configuration under
auth
is now no longer supported. If you make ahelm upgrade
usingauth
configuration, the upgrade will abort before any changes are made to the k8s cluster and you will be provided with the equivalent configuration using the new system underhub.config
.By default, the printed equivalent configuration is censored as it can contain secrets that shouldn’t be exposed. By passing
--global.safeToShowValues=true
you can get an uncensored version.Pod Disruption Budget’s now disabled by default - #1938
A Pod Disruption Budget (PDB) for the hub and proxy pods were created by default before, but will by default not be created from now on. The consequence of this is that the pods now can get evicted.
Eviction will happen as part of
kubectl drain
on a node, or by a cluster autoscaler removing a underused node.
Notable dependencies updated#
Dependency |
Version in 0.10.6 |
Version in 0.11.0 |
Changelog link |
Note |
---|---|---|---|---|
1.2.2 |
1.3.0 |
Run in the |
||
0.14.1 |
0.15.0 |
Run in the |
||
0.12.1 |
0.12.3 |
Run in the |
||
1.3.2 |
1.3.2 |
Run in the |
||
0.4.0 |
1.0.0 |
Run in the |
||
0.0.6 |
0.0.6 |
Run in the |
||
1.0 |
1.0 |
- |
Run in the |
|
4.2.2 |
4.2.2 |
Run in the |
||
v2.3.2 |
v2.3.7 |
Run in the |
||
v1.19.2 |
v1.19.7 |
- |
Run in the |
For a detailed list of how Python dependencies have change in the hub
Pod’s Docker image, inspect the images/hub/requirements.txt file.
Enhancements made#
ci: automatically scan and patch our images for known vulnerabilities #1942 (@consideRatio)
Bugs fixed#
Fix failure to block insecure metadata server IP #1950 (@consideRatio)
Enable hub livenessProbe by default and relax hub/proxy probes #1941 (@consideRatio)
Disable PDBs for hub/proxy, add PDB for autohttps, and relocate config proxy.pdb to proxy.chp.pdb #1938 (@consideRatio)
Maintenance and upkeep improvements#
dep: bump traefik (autohttps pod) from v2.3.2 to v2.3.7 #1986 (@consideRatio)
k8s: update Ingress / PriorityClass apiVersions #1983 (@consideRatio)
dep: bump kube-scheduler from 1.19.2 to 1.19.7 #1981 (@consideRatio)
singleuser-sample image: bump jupyerhub to 1.3.0 #1961 (@consideRatio)
build(deps): bump jupyterhub from 1.2.2 to 1.3.0 in /images/hub #1959 (@dependabot)
hub image: bump jupyterhub-kubespawner from 0.14.1 to 0.15.0 in /images/hub #1946 (@dependabot)
Helm template linting - remove extra space #1945 (@DArtagan)
hub image: bump jupyterhub-hmacauthenticator from 0.1 to 1.0 in /images/hub #1944 (@dependabot)
add hub.config passthrough and use it for all auth config #1943 (@consideRatio)
hub image: bump ltiauthenticator to 1.0.0 and oauthenticator to 0.12.3 #1932 (@consideRatio)
Documentation improvements#
docs: 100% MyST Markdown #1974 (@consideRatio)
docs: remove unused config of esoteric sphinx builders #1969 (@consideRatio)
docs: fix the dynamically set version of chart/jupyterhub #1968 (@consideRatio)
Fixes link to authentication guide from user-management.md #1955 (@arokem)
Adds cli command for finding the k8s version on Azure. #1954 (@arokem)
Continuous integration improvements#
ci: accept helm lint –strict failure, but ensure GitHub UI warns #1985 (@consideRatio)
ci: replace kubeval with helm template –validate #1984 (@consideRatio)
ci: use extracted github action for namespace report #1980 (@consideRatio)
ci: add another upgrade test and provide a template rendering diff #1978 (@consideRatio)
ci: linkcheck rework: avoid duplicated build, add colors, make it fail loud #1976 (@consideRatio)
ci: run tests conditionally on changed paths #1975 (@consideRatio)
ci: use k3s-channel instead of k3s-version #1973 (@consideRatio)
ci: full_namespace_report improvements for restartCount > 0 #1971 (@consideRatio)
pre-commit: chartpress –reset on Chart.yaml/values.yaml changes #1970 (@consideRatio)
ci: full_namespace_report function improved #1967 (@consideRatio)
ci: dependabot, add notes to config, fix singleuser-sample config #1966 (@consideRatio)
ci: let pytest keep running even if one test has failed #1965 (@consideRatio)
ci: help dependabot only trigger one set of tests #1964 (@consideRatio)
ci: remove yaml anchors from dependabot config #1963 (@consideRatio)
ci: Test against k8s 1.20 #1956 (@consideRatio)
ci: vuln scan fix #1953 (@consideRatio)
ci: let dependabot update used GitHub action’s versions #1949 (@consideRatio)
ci: let dependabot update jupyterhub, replace JUPYTERHUB_VERSION with PIP_OVERRIDES #1948 (@consideRatio)
ci: automatically scan and patch our images for known vulnerabilities #1942 (@consideRatio)
ci: fix of intermittent netpol test failure #1933 (@consideRatio)
Contributors to this release#
(GitHub contributors page for this release)
@arokem | @betatim | @chicocvenancio | @choldgraf | @consideRatio | @DArtagan | @dependabot | @github-actions | @manics | @minrk | @naterush | @rokroskar | @yuvipanda
0.10#
0.10.6 - 2020-11-27#
This release is a security workaround for jupyterhub/oauthenticator described in https://github.com/jupyterhub/oauthenticator/security/advisories/GHSA-384w-5v3f-q499.
Please don’t use versions 0.10.0 - 0.10.5 and upgrade to 0.10.6 or later. If any users have been authorized during usage of 0.10.0 - 0.10.5 who should not have been, they must be deleted via the API or admin interface, per the documentation.
0.10.5 - 2020-11-27#
This release bumps the JupyterHub version from 1.2.1 to 1.2.2. See JupyterHub’s changelog for more information.
Bugs fixed#
image: bump JupyterHub to 1.2.2 from 1.2.1 for bugfixes #1924 (@consideRatio)
Maintenance and upkeep improvements#
Contributors to this release#
0.10.4 - 2020-11-21#
A patch release to patch a bug in the dependency oauthenticator that made users have their servers spawn before they had the chance to choose a server configuration if c.KubeSpawner.profile_list was configured.
Bugs fixed#
hub image: bump oauthenticator and prometheus-client #1918 (@consideRatio)
Contributors to this release#
0.10.3 - 2020-11-16#
This release contain minor enhancements and bugfix in a dependency that could have resulted in unwanted hub pod restarts. Helm 2.16+ has been explicitly required, which it should had been already in 0.10.0.
Please be aware that Helm 2 has reached its end of life and won’t get any security patches any more. We aim to drop support of Helm 2 soon to be able to rely on Helm 3 features.
Enhancements made#
Configurable resource requests for hook-image-awaiter #1906 (@consideRatio)
Add use_lookup_dn_username parameter for LDAP #1903 (@JarnoRFB)
Allow exposing extra ports in autohttps/traefik deployment #1901 (@yuvipanda)
prePuller.extraTolerations added for the image-puller daemonsets #1883 (@jerkern)
Bugs fixed#
hub image: kubernetes 12.0.1, nativeauth 0.0.6, tornado 6.1 #1912 (@consideRatio)
Maintenance and upkeep improvements#
hub image: kubernetes 12.0.1, nativeauth 0.0.6, tornado 6.1 #1912 (@consideRatio)
Require helm v2.16.0 explicitly and minor CI updates #1911 (@consideRatio)
CI: make upgrades more robust and skip 1m precautionary sleep #1904 (@consideRatio)
CI: publish with helpful commit message #1898 (@consideRatio)
Avoid harmless error in user-scheduler #1895 (@consideRatio)
removal: contributors script #1669 (@consideRatio)
Documentation improvements#
Update jupyterhub extension documentation to specify namespace #1909 (@plant99)
DOCS: Adding note on limit to guarantee ratio #1897 (@choldgraf)
Changelog for 0.10.2 #1893 (@consideRatio)
Contributors to this release#
(GitHub contributors page for this release)
@betatim | @choldgraf | @consideRatio | @JarnoRFB | @jerkern | @manics | @minrk | @plant99 | @tirumerla | @yuvipanda
0.10.2 - 2020-10-30#
A bugfix release to add securityContext configuration on all the containers in the image-puller pods, which can be needed when a k8s PodSecurityPolicy is forcing pods to startup as non-root users.
Note that whoever need to comply with a strict PodSecurityPolicy will also need to --set singleuser.cloudMetadata.blockWithIptables=false
, but should read this documentation before doing so.
Bugs fixed#
Add securityContext to all image-puller pods’ containers #1892 (@consideRatio)
Documentation improvements#
Changelog for 0.10.1 #1890 (@consideRatio)
Contributors to this release#
0.10.1 - 2020-10-30#
A bugfix release simply updating JupyterHub to 1.2.1. JupyterHub 1.2.1 fixes a regression related to registered JupyterHub services using the oauth_no_confirm
configuration.
Bugs fixed#
Maintenance and upkeep improvements#
Fix CI that broke as assumptions changed about latest published version #1887 (@consideRatio)
Documentation improvements#
Update changelog for 0.10.0 release #1886 (@consideRatio)
Contributors to this release#
0.10.0 - 2020-10-29#
This release makes the deployment more robust, and enhances users ability to configure the Helm chart in general. Some defaults have been changed allowing the Helm chart to easier comply with PodSecurityPolicies by default.
Breaking changes:#
KubeSpawner was updated to include a breaking change influencing users of named servers.
Security fix: CVE-2020-15110 / GHSA-v7m9-9497-p9gr. When named-servers are enabled, certain username patterns, depending on authenticator, could allow collisions. The default named-server template is changed to prevent collisions, meaning that upgrading will lose associations of named-servers with their PVCs if the default templates are used. Data should not be lost (old PVCs will be ignored, not deleted), but will need manual migration to new PVCs prior to deletion of old PVCs.
Anyone relying on configuration in the
proxy.https
section are now explicitly required to setproxy.https.enabled
totrue
.Anyone using
hub.imagePullSecret
orsingleuser.imagePullSecret
should now instead use the chart wideimagePullSecret
with the same syntax which will be helping all the JupyterHub pod’s get images from a private image registry. For more information, see the configuration reference.Predefined Kubernetes NetworkPolicies are now created by default, explicitly describing allowed incoming (ingress) and outgoing (egress) network communication for the hub, proxy, and user pods. These
NetworkPolicy
resources are very permissive on the outgoing traffic (egress), but is limiting the incoming traffic to what is known to be needed.Note that these NetworkPolicies only influence network communication in a Kubernetes cluster if a NetworkPolicy controller enforce them, such as Calico.
Also note that if network policies are enforced, you can safely stop actively blocking access to so called cloud metadata servers for the user pods by setting
singleuser.cloudMetadata.blockWithIptables=false
.See the security documentation and the configuration reference for more details.
The Helm chart configuration
proxy.networkPolicy
has been removed,proxy.chp.networkPolicy
(proxy pod) andproxy.traefik.networkPolicy
(autohttps pod) must be used instead.The Helm chart configuration
proxy.containerSecurityContext
is renamed toproxy.chp.containerSecurityContext
.The k8s ConfigMap
hub-config
k8s Secrethub-secret
are now merged intohub-secret
, which will affect anyone who use thehub.existingSecret
option.
Release highlights#
Environment variables in pods with K8S config. An ability to configure environment variables in pods with a k8s native syntax has been added. This allows you to reference and mount a field in a k8s Secret as an environment variable for example. For more information, read about extraEnv in the configuration reference.
Configure secrets for all pods via the helm chart. imagePullSecrets for all the pods in the Helm chart can now be configured chart wide. See the configuration reference about imagePullSecret and imagePullSecrets for more details.
Pod security is easier to use and configure. Deploying the Helm chart in a cluster with a PodSecurityPolicy active is now easier, because the pods’ containers now have
securityContext
set on them to run with relatively low permissions which are also configurable if needed.More reliable TLS certificates. The
autohttps
pod that is running to acquire TLS certificates ifproxy.https.type=letsencrypt
is now more reliably acquiring certificates. If you currently have such issue, dokubectl delete deploy/autohttps
andkubectl delete secret proxy-public-tls-acme
and then deploy the Helm chart again withhelm upgrade
.
Notable dependencies updated#
Dependency |
Version in previous release |
Version in this release |
Changelog link |
Note |
---|---|---|---|---|
1.1.0 |
1.2.0 |
Run in the |
||
0.11.1 |
0.14.1 |
Run in the |
||
0.11.0 |
0.12.0 |
Run in the |
||
1.3.0 |
1.3.2 |
Run in the |
||
0.4.0 |
0.4.0 |
Run in the |
||
0.0.5 |
0.0.5 |
Run in the |
||
- |
v1.0 |
- |
Run in the |
|
4.2.1 |
4.2.2 |
Run in the |
||
v2.1 |
v2.3.2 |
Run in the |
||
v1.13.12 |
v1.19.2 |
- |
Run in the |
For a detailed list of how Python dependencies have change in the hub
Pod’s
Docker image, inspect the images/hub/requirements.txt file.
Enhancements made#
Allow adding extra labels to the traefik pod #1862 (@yuvipanda)
Add proxy.service.extraPorts to add ports to the k8s Service proxy-public #1852 (@yuvipanda)
netpol: allowedIngressPorts and interNamespaceAccessLabels config added with defaults retaining 0.9.1 current behavior #1842 (@consideRatio)
hub.command and hub.args configuration added #1840 (@cbanek)
Add nodeSelector and tolerations config for all pods of Helm chart #1827 (@stevenstetzler)
Added config prePuller.pullProfileListImages #1818 (@consideRatio)
Added config option: proxy.chp.extraCommandLineFlags #1813 (@consideRatio)
Set container securityContext by default #1798 (@consideRatio)
Support chart wide and pod specific config of imagePullSecrets #1794 (@consideRatio)
Added proxy.chp.extraEnv and proxy.traefik.extraEnv configuration #1784 (@agrahamlincoln)
Remove memory / cpu limits for pre-puller #1780 (@yuvipanda)
Add additional liveness and readiness probe properties #1767 (@rmoe)
Minimal and explicit resource requests for image-puller pods #1764 (@consideRatio)
hook-image-puller: -pod-scheduling-wait-duration flag added for reliability during helm upgrades #1763 (@consideRatio)
Make continuous image puller pods evictable #1762 (@consideRatio)
hub.extraEnv / singleuser.extraEnv in dict format to support k8s EnvVar spec #1757 (@consideRatio)
Add config for hub/proxy/autohttps container’s securityContext #1708 (@mriedem)
fix: intentionally error on missing Let’s Encrypt contact email configuration #1701 (@consideRatio)
Tweaking readiness/liveness probe: faster startup #1671 (@consideRatio)
Tighten and flesh out networkpolicies #1670 (@consideRatio)
DX: k3s/k3d instead of kind & CI: autohttps testing #1664 (@consideRatio)
autohttps: instant secret-sync shutdown #1659 (@consideRatio)
Use DNS names instead of IPv4 addresses to be IPv6 friendly #1643 (@stv0g)
autohttps: traefik’s config now configurable and in YAML #1636 (@consideRatio)
Feat: autohttps readinessProbe for quicker validated startup and shutdown #1633 (@consideRatio)
switching to myst markdown in docs #1628 (@choldgraf)
Bind proxy on IPv4 and IPv6 for dual stack support #1624 (@stv0g)
Do not hardcode IPv4 localhost address for IPv6 compatibility #1623 (@stv0g)
Allow configuration of Kuberspawner’s pod_name_template #1144 (@tmshn)
Bugs fixed#
Bump KubeSpawner to 0.14.1 to fix a bug in 0.14.0 about image_pull_secrets #1868 (@consideRatio)
netpol: allowedIngressPorts and interNamespaceAccessLabels config added with defaults retaining 0.9.1 current behavior #1842 (@consideRatio)
user-scheduler: let image locality etc matter again #1837 (@consideRatio)
Add retryable HTTP client to image-awaiter #1830 (@bleggett)
prePuller: fix recently introduced regression #1817 (@consideRatio)
userScheduler: only render associated PDB resource if userScheduler itself is enabled #1812 (@consideRatio)
Fix same functionality for proxy.traefik.extraEnv as other extraEnv #1808 (@consideRatio)
Set container securityContext by default #1798 (@consideRatio)
Relax hook-image-puller to make upgrades more reliable #1787 (@consideRatio)
Updates to user-scheduler’s coupling to the kube-scheduler binary #1778 (@consideRatio)
https: Only expose port 443 if we really have HTTPS on #1758 (@yuvipanda)
jupyterhub existing image pull secret configuration load bug fixed #1727 (@mpolatcan)
fix: jupyterhub services without apiToken was ignored #1721 (@consideRatio)
fix: autohttps cert acquisition stability fixed #1719 (@consideRatio)
Enable the user scheduler to pay attention to CSI volume count #1699 (@rschroll)
secret-sync: selective write to secret / functional logs #1678 (@consideRatio)
Tighten and flesh out networkpolicies #1670 (@consideRatio)
Maintenance and upkeep improvements#
Update Travis CI badge following .org -> com migration #1882 (@consideRatio)
Remove globus_sdk and update various Docker images #1881 (@consideRatio)
Complementary fix to recent aesthetics PR #1878 (@consideRatio)
Helm template aesthetics fixes #1877 (@consideRatio)
Bump OAuthenticator to 0.12.0 from 0.11.0 #1874 (@consideRatio)
Dependency: bump proxy pods image of CHP to 4.2.2 for bugfixes and docker image dependency updates #1873 (@consideRatio)
Pin Traefik to v2.3.2 for cert acquisition stability #1859 (@consideRatio)
CI: Add logs for autohttps pod on failure to debug intermittent issue #1855 (@consideRatio)
CI: Try to improve test stability and autohttps cert aquisition reliability #1854 (@consideRatio)
CI: bump k3s and helm versions #1848 (@consideRatio)
Add dependabot config to update dependencies automatically #1844 (@jgwerner)
Add schema.yaml and validate.py to .helmignore #1832 (@consideRatio)
CI: reorder ci jobs to provide relevant feedback quickly #1828 (@consideRatio)
Revert recent removal of image-pulling related to cloudMetadata blocker #1826 (@consideRatio)
Add maintainers / owners to register with Artifact Hub #1820 (@consideRatio)
CI: fix RTD builds on push to master #1816 (@consideRatio)
deprecation: warn when proxy.https is modified and proxy.https.enabled=true #1807 (@consideRatio)
Soft deprecate singleuser.cloudMetadata.enabled in favor of blockWithIptables #1805 (@consideRatio)
hub livenessProbe: bump from 1m to 3m delay before probes are sent #1804 (@consideRatio)
hub image: bump kubespawner to 0.14.0 #1802 (@consideRatio)
ci: bump helm to 3.3.2 and test with k8s 1.19 also #1783 (@consideRatio)
user-scheduler: tweak modern configuration #1782 (@consideRatio)
Update to newer version of ‘pause’ container #1781 (@yuvipanda)
Remove memory / cpu limits for pre-puller #1780 (@yuvipanda)
Updates to user-scheduler’s coupling to the kube-scheduler binary #1778 (@consideRatio)
hub: Switch base image to latest LTS #1772 (@yuvipanda)
CI: Add test for singleuser.extraEnv #1769 (@consideRatio)
Bump KubeSpawner to 0.13.0 #1768 (@consideRatio)
CI: always publish helm chart on push to master #1765 (@consideRatio)
Bump traefik (autohttps pod) to v2.3 #1756 (@consideRatio)
Update JupyterHub’s python package dependencies #1752 (@jgwerner)
Fix travis by pinning docker python package version #1743 (@chancez)
k8s api compatibility: add conditional to ingress apiVersion #1718 (@davidsmf)
Upgrade libc to patch vulnerability in hub img #1715 (@meneal)
Autohttps reliability fix: bump traefik version #1714 (@consideRatio)
k8s-hub img rebuild -> dependencies refrozen #1713 (@consideRatio)
removing circleci #1711 (@choldgraf)
Complexity reduction - combine passthrough values.yaml data in hub-config (k8s configmap) to hub-secret (k8s secret) #1682 (@consideRatio)
secret-sync: selective write to secret / functional logs #1678 (@consideRatio)
DX: k3s/k3d instead of kind & CI: autohttps testing #1664 (@consideRatio)
cleanup: remove old deploy secret #1661 (@consideRatio)
RTD build fix: get correct version of sphinx #1658 (@consideRatio)
Force sphinx>=2,<3 for myst_parser #1657 (@consideRatio)
Use idle culler from jupyterhub-idle-culler package #1648 (@yuvipanda)
Refactor: reference ports by name instead of repeating the number #1645 (@consideRatio)
DX: refactor helm template #1635 (@consideRatio)
CI: fix sphinx warnings turned into errors #1634 (@consideRatio)
Dep: Bump deploy/autohttps’s traefik to v2.2 #1632 (@consideRatio)
DX: more recognizable port numbers #1631 (@consideRatio)
Documentation improvements#
Add back Helm chart badge for latest pre-release (alpha, beta) #1879 (@consideRatio)
docs: fix edit button, so it doesn’t go to a 404 page #1864 (@consideRatio)
Fix link to Hub23 docs #1860 (@sgibson91)
Provide links to Hub23 deployment guide #1850 (@sgibson91)
docs: clarify user-placeholder resource requests #1835 (@consideRatio)
Remove mistakenly introduced artifact #1824 (@consideRatio)
fixing broken links #1823 (@choldgraf)
README.md: badges for the helm chart repo to go directly to the relevant view #1815 (@consideRatio)
Docs: fix some sphinx warnings #1796 (@consideRatio)
Fix legacy version in DigitalOcean Kubernetes setup doc #1788 (@subwaymatch)
Add terraform resources to the community resources section #1776 (@salvis2)
Docs: fixes to outdated links found by the linkchecker #1770 (@consideRatio)
Leave a comment about where HUBSERVICE* values come from #1766 (@mriedem)
Unindent lines to fix the bug in “Specify certificate through Secret resource” #1755 (@salvis2)
Fix broken link to Jupyter contributor guide #1729 (@sgibson91)
docs: myst-parser deprecation adjustment #1723 (@consideRatio)
docs: fix linkcheck warning #1720 (@consideRatio)
Docs: fix squeezed logo, broken links, and strip unused CSS and templates #1710 (@consideRatio)
Add documentation to create a Kubernetes cluster on OVH #1704 (@jtpio)
DX: final touches on CONTRIBUTING.md #1696 (@consideRatio)
Update Google auth to use a list for hosted_domain #1695 (@petebachant)
Simplify setting up JupyterLab as default #1690 (@yuvipanda)
Use –num-nodes instead of –size to resize gcloud cluster #1688 (@aculich)
docs: fix broken links #1687 (@consideRatio)
Change helm chart version in setup documentation #1685 (@ivanpokupec)
Docs: assume usage of helm3 over deprecated helm2 #1684 (@GeorgianaElena)
removal: Vagrant for local dev #1668 (@consideRatio)
docs: fixed links #1666 (@consideRatio)
DX: k3s/k3d instead of kind & CI: autohttps testing #1664 (@consideRatio)
Reference static ip docs #1663 (@GeorgianaElena)
Docs: remove too outdated cost-calculator #1660 (@consideRatio)
Update create service principle command. #1654 (@superyaniv)
proxy.service.type: Default is different from hub.service.type #1647 (@manics)
Fix broken links in the Reference documentation #1639 (@bibz)
AWS documentation fixes #1564 (@metonymic-smokey)
add Auth0 configuration documentation #1436 (@philvarner)
Contributors to this release#
A huge warm thank you for the collaborative effort in this release! Below we celebrate this specific GitHub repositories contributors, but we have reason to be thankful to soo many other contributors in the projects we depend on! Thank you everyone!
(GitHub contributors page for this release)
@01100010011001010110010101110000 | @ablekh | @aculich | @adi413 | @agrahamlincoln | @aguinaldoabbj | @Aisuko | @akaszynski | @albertmichaelj | @alexmorley | @amanda-tan | @arpitsri3 | @asubb | @aydintd | @bebosudo | @BertR | @betatim | @betolink | @bibz | @bleggett | @cam72cam | @carat64 | @cbanek | @cboettig | @chancez | @chicocvenancio | @choldgraf | @chrisroat | @clkao | @conet | @consideRatio | @craig-willis | @cslovell | @dalonlobo | @dalssaso | @danroliver | @DarkBlaez | @davidsmf | @deinal | @dimm0 | @dkipping | @dmpe | @donotpush | @duongnt | @easel | @echarles | @Edward-liang | @eric-leblouch | @erinfry6 | @etheleon | @farzadz | @filippo82 | @frankgu968 | @frouzbeh | @GeorgianaElena | @GergelyKalmar | @gsemet | @Guanzhou-Ke | @Gungo | @h4gen | @harsimranmaan | @hdimitriou | @hickst | @hnykda | @hqwl159 | @IamViditAgarwal | @ilhaan | @ivanpokupec | @jacobtomlinson | @jahstreet | @JarnoRFB | @jeremievallee | @jgerardsimcock | @jgwerner | @josibake | @JPMoresmau | @jreadey | @jtlz2 | @jtpio | @julienchastang | @jzf2101 | @kinow | @kristofmartens | @kyprifog | @leolb-aphp | @loki1978 | @ltupin | @lxylxy123456 | @manics | @mathematicalmichael | @meeseeksmachine | @meneal | @metonymic-smokey | @mhwasil | @minrk | @mjuric | @moorepants | @mpolatcan | @mriedem | @mrocklin | @NerdSec | @nscozzaro | @openthings | @pcfens | @perllaghu | @petebachant | @peterrmah | @philvarner | @prateekkhera | @rabernat | @RAbraham | @remche | @rkdarst | @rkevin-arch | @rmoe | @rnestler | @rschroll | @rubdos | @ryanlovett | @salvis2 | @sampathkethineedi | @scivm | @Sefriol | @sgibson91 | @sgloutnikov | @shenghu | @snickell | @sstarcher | @stefansedich | @stevenstetzler | @stv0g | @subwaymatch | @summerswallow-whi | @superyaniv | @support | @suryag10 | @TiemenSch | @tirumerla | @tjcrone | @tmshn | @TomasBeuzen | @tracek | @verdurin | @vindvaki | @vishwesh5 | @welcome | @willingc | @yuvipanda | @zxcGrace
0.9#
0.9.0 - 2020-04-15#
Release summary#
This Helm chart release is mainly a maintenance release featuring the latest JupyterHub (1.1.0) and authenticators along with bug fixes and some additional helpful configuration options.
Noteworthy:
An issue with automatic acquisition of HTTPS certificates has been resolved since 0.9.0-beta.3.
Fixed a compatibility issue with Kubernetes 1.16+
The
images/hub/requirements.txt
file in this repo can now be used to track what specific version has been used at any point in time.jupyterhub-nativeauthenticator added to the JupyterHub Docker image.
Bumped dependencies:
jupyterhub version 1.1.0
jupyterhub-ldapauthenticator version 1.3.0
jupyterhub-kubespawner version 0.11.1
oauthenticator version 0.11.0
kubernetes version 10.0.1
Upgrade instructions (IMPORTANT)#
If you are using Helm 2, upgrade to the latest Helm 2 version. And if you are using Helm 3, upgrade to the latest Helm 3 version.
Upgrading to Helm 3 from Helm 2 requires additional steps not covered here, so for now please stay with your current major version of helm (2 or 3).
# Figure out what version you currently have locally, you should use # release of the same major version you have used before. helm version
Install either the latest Helm 2 or Helm 3 depending on what major version you currently had worked with.
# verify you successfully upgraded helm helm version # if you just upgraded helm 2, also upgrade tiller helm init --upgrade --service-account=tiller
Use
--cleanup-on-fail
when usinghelm upgrade
.Helm can enter a problematic state by a
helm
install or upgrade process which started creating Kubernetes resources, but then didn’t finish at all or didn’t finish successfully. It can cause resources created that helm will later come in conflict with.To mitigate this, we suggest always using
--cleanup-on-fail
with this Helm chart, it is a solid behavior that reduce a lot of head ache.If you use
--wait
, or--atomic
which implies--wait
: do not manually cancel the upgrade!If you would abort the upgrade when using
--wait
and Kubernetes resources has been created, resources will have been created that can cause conflict with future upgrades and require you to manually clean them up.Delete resources that could cause issues before upgrading.
# replace <NAMESPACE> below with where jupyterhub is installed kubectl delete -n <NAMESPACE> clusterrole,clusterrolebinding,role,rolebinding,serviceaccount,deployment,configmap,service -l component=autohttps
Troubleshooting upgrade#
If you get an error similar to the one below, it is a symptom of having
attempted a helm upgrade
that failed where helm lost track of some newly
created resources. A good solution is to delete all of these resources and try
again.
# replace <NAMESPACE> below with where jupyterhub is installed
kubectl delete -n <NAMESPACE> clusterrole,clusterrolebinding,role,rolebinding,serviceaccount,deployment,configmap,service -l component=autohttps
To avoid this in the future, use --cleanup-on-fail
with the helm upgrade
command. It is not a fool proof way to avoid it, but . And note that even if that flag is used, an interupption for example during --wait
or --atomic
which implies --wait
, be
aware of an interruption while waiting can very likely cause this to arise on
the following upgrade attempt.
error: kind ConfigMap with the name "traefik-proxy-config" already exists in the cluster and wasn't defined in the previous release. Before upgrading, please either delete the resource from the cluster or remove it from the chart
Dependency updates#
Bump configurable-http-proxy image #1598 (@consideRatio)
fix: Bump to base-notebook with JH 1.1.0 etc #1588 (@bitnik)
Maintenance#
Docs: refactor/docs for local development of docs #1617 (@consideRatio)
[MRG] sphinx: linkcheck in travis (allowed to fail) #1611 (@manics)
pydata theme #1608 (@choldgraf)
Small typo fix in doc #1591 (@sebastianpfischer)
init helm and tiller with history-max settings #1587 (@bitnik)
0.9.0-beta.4 - 2020-02-26#
Added#
Add nativeauthenticator to hub image #1583 (@consideRatio)
Add option to remove named server when culling #1558 (@betatim)
Dependency updates#
Fixed#
Fix removing of named servers when culled #1567 (@consideRatio)
Maintenance#
Added gitlab URL #1577 (@metonymic-smokey)
Add contributor badge #1559 (@GeorgianaElena)
Trying to clean up formatting #1555 (@jeremycadams)
Remove unneeded directive in traefik config #1554 (@yuvipanda)
0.9.0-beta.3 - 2020-01-17#
Dependency updates#
Bump chartpress for Helm 3 compatible dev releases #1542 (@consideRatio)
Fixed#
Replace kube-lego + nginx ingress with traefik #1539 (@yuvipanda)
Maintenance#
Update step zero for Azure docs with commands to setup an VNet and network policy #1527 (@sgibson91)
Made GCP docs of compute zone names generic #1431 (@metonymic-smokey)
0.9.0-beta.2 - 2019-12-26#
Fixed#
Fix major breaking change if all HTTPS options was disabled introduced just before beta.1 #1534 (@dirkcgrunwald)
0.9.0-beta.1 - 2019-12-26#
Some highlights of relevance for this release are:
The default configuration is now catering to autoscaling clusters where nodes can be added and removed, as compared to fixed clusters where there is only a fixed amount of nodes. Set
scheduling.userScheduler.enabled
to false if you are on a fixed size cluster.Kubernetes 1.16 compatibility achieved
Updated dependencies
jupyterhub==1.1.0b1
kubernetes==0.10.1
kubespawner==0.11.1
oauthenticator==0.10.0
Added#
Added ability to configure liveness/readiness probes on the hub/proxy #1480 (@mrow4a)
Added ability to use an existing/shared image pull secret for hub and image pullers #1426 (@LaurentGoderre)
Added ability to configure the proxy’s load balancer service’s access restrictions (
loadBalancerSourceRanges
) #1418 (@GergelyKalmar)Added
user-scheduler
pod->node scheduling policy configuration #1409 (@yuvipanda)Added ability to add additional ingress rules to k8s NetworkPolicy resources #1380 (@yuvipanda)
Enabled the continuous image puller by default #1276 (@consideRatio)
Added ability to configure initContainers of the hub pod #1274 (@scottyhq)
Added ability to use an existing jupyterhub configuration k8s secret for hub (not recommended) #1142 (@koen92)
Added use of liveness/readinessProbe by default #1004 (@tmshn)
Dependency updates#
Bump JupyterHub to 1.1.0b1 #1533 (@consideRatio)
Re-add ltiauthenticator 0.4.0 to hub image #1519 (@consideRatio)
Fix hub image dependency versions, disable ltiauthenticator, use chartpress==0.5.0 #1518 (@consideRatio)
Update hub image dependencies and RELEASE.md regarding dependencies #1484 (@consideRatio)
Bump kubespawner to 0.11.1 for spawner progress bugfix #1502 (@consideRatio)
Updated hub image dependencies #1484 (@consideRatio)
Updated kube-scheduler binary used by user-scheduler, kubespawner, kubernetes python client, and oauthenticator #1483 (@consideRatio)
Bump CHP to 4.2.0 - we get quicker chart upgrades now #1481 (@consideRatio)
Bump singleuser-sample #1473 (@consideRatio)
Bump python-kubernetes to 9.0._ (later also to 10.0._) #1454 (@clkao)
Bump tmpauthenticator to 0.6 (needed for jupyterhub 1.0) #1299 (@manics)
Include jupyter-firstuseauthenticator. #1288 (@danielballan)
Bump jupyterhub to 1.0.0 (later also to a post 1.0.0 commit) #1263 (@minrk)
Bump CHP image to 4.1.0 from 3.0.0 (later to 4.2.0) #1246 (@consideRatio)
Bump jupyterhub to 1.0b2 (later to an post 1.0.0 commit) #1224 (@minrk)
Fixed#
Workaround upstream kubernetes issue regarding https health check #1531 (@sstarcher)
User-scheduler RBAC permissions for local-path-provisioner + increase robustness of hub.baseUrl interaction with the hub deployments health endpoint #1530 (@cutiechi)
Fixing #1300 User-scheduler doesn’t work with rancher/local-path-provisioner #1516 (@cgiraldo)
Move z2jh.py to a python and linux distribution agnostic path #1478 (@mrow4a)
Bugfix for proxy upgrade strategy in PR #1401 #1404 (@consideRatio)
Use recreate CHP proxy pod’s deployment strategy #1401 (@consideRatio)
Proxy deployment: Change probes to https port #1378 (@chicocvenancio)
Readiness and liveness probes re-added #1361 (@consideRatio)
Use 443 as https port or redirection. FIX #806 #1341 (@chicocvenancio)
Revert “Configure liveness/readinessProbe” #1356 (@consideRatio)
Ensure helm chart configuration is passed to JupyterHub where needed #1338 (@bitnik)
Make proxy redirect to the service port 443 instead of the container port 8443 #1337 (@LucidNeko)
Disable becoming root inside hub and proxy containers #1280 (@yuvipanda)
Configure KubeSpawner with the
singleuser.image.pullPolicy
properly #1248 (@vmarkovtsev)Supply
hub.runAsUser
for the hub at the container level instead of the pod level #1240 (@tmc)Relax HSTS requirement on subdomains #1219 (@yuvipanda)
Maintenance#
typo #1529 (@raybellwaves)
Missing page link for our RBAC documentation #1508 #1514 (@n3o-Bhushan)
Correction of warnings from: make html #1513 (@consideRatio)
Fixing URL for user-management documentation #1511 #1512 (@n3o-Bhushan)
DOC: fixing authentication link in user customization guide #1510 (@n3o-Bhushan)
DOC: fix kubernetes setup link #1505 (@raybellwaves)
Update changelog for 0.9.0-beta.1 #1503 (@consideRatio)
Avoid rate limiting for k8s resource validation #1485 (@consideRatio)
Switching to the Pandas Sphinx theme #1472 (@choldgraf)
Add vi / less to hub image #1471 (@yuvipanda)
Added existing pull secrets changes from PR #1426 to schema #1461 (@sgloutnikov)
Chart upgrade tests #1459 (@consideRatio)
Replaced broken links in authentication document #1449 #1457 (@n3o-Bhushan)
Fix typo in home page of docs #1456 (@celine168)
Use helm 2.15.1 #1453 (@consideRatio)
Support CD with git tags #1450 (@consideRatio)
Added Laurent Goderre as contributor #1443 (@LaurentGoderre)
Note about future hard deprecation #1441 (@consideRatio)
CI rework - use kind, validate->test->publish, contrib and release rework #1422 (@consideRatio)
Mounting jupyterhub_config.py etc. #1407 (@consideRatio)
Ignore venv files #1388 (@GeorgianaElena)
Added example for populating notebook user home directory #1382 (@gareth-j)
Fix typo in jupyterhub_config.py comment #1376 (@loganlinn)
Instructions for adding GPUs and increasing shared memory #1358 (@tlkh)
Add py-spy to hub image #1327 (@yuvipanda)
Changing Azure Container Service to Azure Kubernetes Service #1322 (@seanmck)
add explanation for lifecycle_hooks in kubespawner_override #1309 (@clancychilds)
Fix azure cli VMSSPreview feature register command #1298 (@dazzag24)
Update Dockerfile to JH 1.0 #1291 (@vilhelmen)
Fix a couple of mistakes in Google Kubernetes instructions #1290 (@astrofrog)
Suggest quotes around tag. #1289 (@danielballan)
hub: Add useful debugging tools to hub image #1279 (@yuvipanda)
Clean up a line in the CI logs #1278 (@consideRatio)
Fix prePuller.extraImages linting etc #1275 (@consideRatio)
Fixed minor bug in google pricing calculator #1264 (@noahbjohnson)
[MRG] Update to Docs: Deploying an Autoscaling Kubernetes cluster on Azure #1258 (@sgibson91)
Update to Docs: Add Azure scale command to Expanding/Contracting Cluster section #1256 (@sgibson91)
removing extra buttons #1254 (@choldgraf)
Adjusts whitespace for a code block in AWS instructions. #1237 (@arokem)
Change heading of multiple-profiles section #1236 (@moschlar)
Added OAuth callback URL to keycloak OIDC example #1232 (@sgloutnikov)
Updated notes, pod status to Running #1231 (@sgloutnikov)
Updated AWS EKS region-availability statement. #1223 (@javabrett)
Fix the default value of lifecycleHooks #1218 (@consideRatio)
Update user-environment.rst #1217 (@manycoding)
Add Digital Ocean Cloud Instructions for Kubernetes #1192 (@alexmorley)
0.8#
0.8.2 - 2019-04-01#
Bumped the underlying JupyterHub to 0.9.6.
0.8.1 - 2019-03-28#
Bumped the underlying JupyterHub to 0.9.5.
0.8.0 - Richie Benaud - 2019-01-24#
This release contains JupyterHub version 0.9.4. It requires Kubernetes >= 1.11 and Helm >= 2.11.0. See the Helm Chart repository for a list of relevant dependencies for all Helm Chart versions.
It contains new features, additional configuration options, and bug fixes.
Upgrading from 0.7#
To upgrade your cluster:
backup your hub-db-dir persistent volume and previous configuration files, to be safe
read changes here and make any needed updates to your configuration
upgrade the chart:
helm repo update helm upgrade $RELEASE –force –version 0.8.0 –values config.yaml
The --force
flag allows deletion and recreation of objects
that have certain changes, such as different labels,
which are forbidden otherwise.
Breaking changes#
Github organisation OAuth:
auth.github.org_whitelist
has been renamed toauth.github.orgWhitelist
to be consistent with helm’s camelCase style
Troubleshooting#
If you encounter issues with upgrades, check for changed configuration in this document, and make sure your config is up to date.
If you aren’t able to get the upgrade to work, you can rollback to a previous version with:
helm rollback $RELEASE
Feel free to ping us on gitter if you have problems or questions.
New Features#
Easier user-selectable profiles upon login#
Profile information is now passed through to KubeSpawner. This means you can specify multiple user profiles that users can select from when they log in. (#402)
Configurable image pull secrets#
Improvements to the Helm Chart to let users specify private information that lets the Hub pull from private Docker registries. New information includes Kubernetes Secrets, an email field, large JSON blobs in the password field (required in order to pull from a private gcr.io registry from an external cluster).
It also ensures that the image puller DaemonSets have the same credentials to pull the images.
(thanks to @AlexMorreale) #851
Improved user scheduling and resource management#
#891
Want to make your autoscheduler work efficiently? Then you should schedule pods to pack tight instead of spread out. The user scheduler accomplishes this.
Pod priority and User placeholders - #929
Want to scale up before users arrive so they don’t end up waiting for the node to pull an image of several gigabytes in size? By adding a configurable fixed amount of user placeholder pods with a lower pod priority than real user pods, we can accomplish this. It requires k8s v1.11 though.
preferScheduleNextToRealUsers - improves autoscaling - #930 This setting slightly improves the ability for a cluster autoscaler to scale down by increasing the likelihood of user placeholders being left alone on a node rather than real users. Real users can’t be moved around while user placeholder pods can
Minor upgrades and development improvements#
Update jupyterhub to 0.9.4
Update kubespawner to 0.10.1
Allow setting of storage labels - #924
Tolerations for node taints - #925
Making the core and user pods affinity have configurable presets - #927
Improved linting and validation + CI integration - #844
Improved CI tests - #846
Cleanup of orphaned files - #842 Two files were left unused in the repo.
cull.maxAge bugfix - #853
cull.maxAge
previously didn’t influence the culler service, as the value was never consumed. This is fixed by a single one line commit in a PR.No more duplicates of puller pods - #854 Nobody wants pods running that does nothing. By using the new
before-hook-creation
value for thedeletion-policy
Helm hook together with a single name for our Helm hook resources, we can ensure never having orphaned image pullers.Remove pod-culler image - #890 #919 Before JupyterHub 0.9 the pod-culler was a standalone pod with a custom image. But now it is a internal service of the JupyterHub pod, so in this PR we slim the remnant code.
Upgrade to k8s 1.9 APIs - #920 Migrate to more stable K8s resource APIs from
beta
.Update of the singleuser-sample image - #888
git
andnbgitpuller
are now available by defaultSwitch to using a StatefulSet for the Hub * The Hub should perhaps be a StatefulSet rather than a Deployment as it tends to be tied to a PV that can only be mounted by one single Hub. See this issue: https://github.com/helm/charts/issues/1863
Show users deprecation and error messages when they use certain deprecated configuration (e.g.
hub.extraConfig
as a single string) or incompatible combinations.Updates to the guide - #850
Updates to inline documentation - #939
Richie Benaud(https://www.cricket.com.au/players/richie-benaud/gvp5xSjUp0q6Qd7IM5TbCg)#
(excerpt from https://www.cricket.com.au/players/richie-benaud/gvp5xSjUp0q6Qd7IM5TbCg)
Possibly the most iconic man in Australian cricket, Richie Benaud enjoyed a career spanning nearly 70 years in the game. On the field, he scored 767 runs at 19.66 in his 27 matches against England, while he also picked up 83 wickets. Off the field, he has been just as important. His commentary has been second to none since making his radio debut in 1960.
While playing for Australia, fans flocked to the cricket to watch Benaud led sides dominate whoever they played. The late 1950’s to early 1960’s was a golden period in Australian cricket, with players such as Simpson, Lawry and Harvey scoring runs, while Benaud and Davidson did the damage with the ball.
Richie Benaud was responsible for resurrecting cricket in this country. The world was changing at that time, and so was cricket. It was being shown on television for the first time, while radio coverage was becoming more advanced. Benaud felt he had a duty to the Australian public to make the game more entertaining. Sure, you could argue that the 1961 series was dull, but at least Australia retained the Ashes. Nobody will forget the tied Test against the West Indies, or Benaud’s audacious move to bowl around the wicket in Manchester.
Benaud is credited with popularising the tactics we see today. Huddles after a wicket were born in the Benaud era. Declaring just before stumps in a bid to steal a late wicket was something he thrived upon. Bowling into the rough is now seen as common practice.
Benaud was also prepared to try new things with the ball. He worked very hard on perfecting his wrong’un, the flipper and the top-spinner. His leg-spinner even had variety to it, making him one of the most complete tweakers at the time.
His leadership earned him respect immediately. Players loved being guided the likeable larrikin from Penrith. He looked after everyone both as a team, but also on an individual basis. His teammates trusted his innovative ideas, while he trusted them to execute them to the fullest.
For most Australians, summer means cricket. And cricket means hearing the dulcet tones of their favourite commentator, Richie Benaud. From the cream coloured suit, to the witty repartee with his colleagues, Benaud is the complete package
Contributors#
This release wouldn’t have been possible without the wonderful contributors to the zero-to-jupyterhub, and KubeSpawner repos. We’d like to thank everyone who contributed in any form - Issues, commenting on issues, PRs and reviews since the last Zero to JupyterHub release.
(Frank) Yu Cheng Gu 1160300422-RenQJ 1kastner 2efper A. Tan Aadi Deshpande abremirata28 AcademicAdmin Adam Huffman Adrian Wilke Akanksha Bhardwaj Akhil Lawrence Al Johri AlbanWende Alejandro del Castillo Aleksandr Blekh Alex Morreale Alex Newman Alexander Comerford Alexander Sadleir amangarg96 Amirahmad Khordadi Andreas Hilboll andregouveiasantana Andrew Andrew Catellier angelikamukhina Anton Khodak arcady-genkin Ariel Rokem Arne Küderle atne2008 awalther Ben Zipperer Beneath Benjamin Egelund-Müller BertR bharathwgl bing-he bjyxmas bpoettinger Brad Skaggs Braden Brian E. Granger Bruno P. Kinoshita brynjsmith Calvin Canh Tran camer314 Carol Willing Caspian cfoisy-osisoft ChanakyaBandara chang-zhijie Chao Wang Chen Zhiwei Chester Li Chia-liang Kao Chris Holdgraf Chris Seal Christian Alis Christian Mesh chrlunden Clancy Childs Clemens Tolboom cmw2196 Cody Scott Craig Willis cristofercri Curtis Maves cybertony Daisuke Taniwaki Dalon Lobo danamer Daniel Bachler Daniel Chalef Daniel Hnyk danielpcs Danny H DataVictorEngineer Dave Hirschfeld Dave Porter David Andersen David John Gagne Davide Deleted user Denis Shestakov Dennis Kipping Derek Ludwig DerekHeldtWerle DewinGoh Diogo djknight1 DmitrII Gerasimenko Doug Blank Dr. Di Prodi Dr. Zoltán Katona Dylan Nelson ebebpl Eliran Bivas eode Eran Pinhas eric-leblouch ericblau Erik LaBianca Erik Sundell Ermakov Petr erolosty Evan Savage Evert Rol Ezequiel Gioia fahadabbas91 farzadz foxlisimulation frouzbeh Félix-Antoine Fortin Gabriel Abdalla Cavalcante Gabriel Fair Gaetan Semet Gang Chen Gary Lucas Georgiana Elena gerroon Giuseppe Attardi Glen A Knight Gonzalo Fernandez ordas Guilherme Oenning Guo Zhang gweis Gábor Lipták Hagen Hoferichter hani1814 Hans Permana hhuuggoo hichemken HT-Moh HuangHenghua HuiWang Ian Carroll Ian Stuart Ivan Brezina J Forde J Gerard j08rebelo Jacob Matuskey Jacob Tomlinson Jaime Ferrando Huertas James Swineson jameshgrn Jan Niederau Jason Belsky Jason Hu Jason Rigby jason4zhu Jeff Whitworth Jeffrey Bush jeffwji Jessica B. Hamrick jfleury-eidos Ji Ma Jiren Jin jiyer2016 jlc175 jmabry jmchandonia jmf Joe Hamman Joerg Klein John Chase John Readey John Shojaei Jonathan Terhorst Jordan Miller Josh Bode Joshua Milas JP Moresmau jpays Juan Cruz-Benito Julian Rüth Julien Chastang Justin Ray Vrooman Jürgen Hermann Kah Mun kangzebin Kelly L. Rowland Kenan Erdogan Kerwin Sun kevbutler Kevin Bates khawarhere kide007 Kim-Seonghyeon kishitaku0630 Koshmaar Koustuv Sinha krinsman Kristian Gregorius Hustad Kristiyan KSHITIJA SAHARAN Kuriakin Zeng Kyla Harper Lachlan Musicman Laurent Abbal Leo Gallucci Leopold Talirz Li-Xian Chen Lisa Stillwell ljb445300387 Loïc Antoine Gombeaud Loïc Estève Lucas Durand Lukasz Tracewski m.fab Ma mangecoeur Manish Kushwaha Marc Illien marinalopez2110 Mark Mirmelstein Marlene Silva Marchena Martin Gergov Martin Zugnoni Marvin Solano Marwan Baghdad Matthias Bussonnier Matthias Klan Matthias Lee Matthieu Boileau Max Mensing mdivk Meesam Shah Michael Carroll Michael Huttner Michael Lovci Michael McCarthy Michael Milligan Michael Pilosov michec81 Mike Croucher MikeSpark Min RK MisterZ Moritz Kirschner Moritz Schlarb moskiGithub mpolidori mrclttnz MubashirullahD Muhammad-Imtiaz mxcheng2011 myidealab Naineel Shah narala558 newturok Ney Torres Nic Wayand Nico Bellack nifuki Nils Werner not4everybody NotSharath nschiraldi Nujjy oscar6echo Paperone80 Patafix Paul Mazzuca Paul Shealy Paulo Roberto de Oliveira Castro Pav K payalbhatia Peter Parente Peter Reid Phil Elson Phil Fenstermacher Philipp Kats phpdistiller phxedmond Piotr Pouria Hadjibagheri powerLeePlus Pratik Lal pydeepak Qcy R. C. Thomas raghav130593 Rahul Sharma Rama Krishna Jinka RBALAJI5 rbq Richard C Gerkin Richard Darst Richard Huntrods richyanicky Rob Nagler robin robotsp rothwewi rushikeshraut777 Ryan Ryan Abernathey Ryan Lovett Ryan McGuire rzuidhof Saiprasad Balasubramanian Sam Manzer samRddhimat Santosh Saranya411 Scott Crooks sdementen SeaDude SergeyK1 Shannon Shi Pengcheng shibbas Shinichi TAMURA Shiva1789 sidebo Sigurður Baldursson Simon Li Sindre Gulseth SivaMaplelabs sjillidimudi skruse smoulderme Solaris Spencer Ogden sreekanthmg Steven B Steven Silvester StudyQuant Subhash Suchit summerswallow summerswallow-whi Søren Fuglede Jørgensen Taewon Tania Allard Taposh Dutta Roy techie879 ThibTrip Thomas Mendoza thomas-rabiller-azimut Thong Kuah thongnnguyen Tim Crone Tim Head Timothy Griffiths Timothy Liu Todd Gamblin Tom Tomer Leibovich tregin Tren Huang Tuhina Chatterjee Tyler Gregory Uday Udit Arora Vasu Gaur Victor Lopez Vidit Agarwal VidJa Vincent Feng vishal49naik49 Vivek Vivek Rai vivekbiet Vlad-Mihai Sima Volker Braun wangcong Wangsoo Kim whositwhatnow Will Will Starms Willem Pienaar Xavier Lange YborBorn YizTian Yoav Tzelnick YoongHM yugushihuang Yuvi Panda Yuze Ma Zac Flamig Zach Day Zachary Sailer Zafer Cesur zmkhazi zneudl 田进 邱雨波 高彦涛
0.7#
0.7.0 - Alex Blackwell - 2018-09-03#
This release contains JupyterHub version 0.9.2, additional configuration options and various bug fixes.
IMPORTANT: This upgrade will require your users to stop their work at some point and have their pod restarted. You may want to give them a heads up ahead of time or do it during nighttime if none are active then.
Upgrading from v0.6#
If you are running v0.5
of the chart, you should upgrade to v0.6
first
before upgrading to 0.7.0
. You can find out what version you are using by
running helm list
.
Follow the steps below to upgrade from v0.6
to 0.7.0
.
1. (Optional) Ensure the hub’s and users’ data isn’t lost#
This step is optional, but a recommended safeguard when the hub’s and users’ data is considered important. The changes makes the PersistentVolumes (PVs), which represent storage (user data and hub database) remain even if the PersistentVolumeClaims (PVCs) are deleted. The downside of this is that it requires you to perform manual cleanup of PVs when you want to stop spending money for the storage.
# The script is a saftey measure and patches your PersistentVolumes (PV) to
# not be garbage collected if the PersistentVolumeClaim (PVC) are deleted.
NAMESPACE=<YOUR-NAMESPACE>
# Ensure the hub's and users' data isn't lost
hub_and_user_pvs=($(kubectl get persistentvolumeclaim --no-headers --namespace $NAMESPACE | awk '{print $3}'))
for pv in ${hub_and_user_pvs[@]};
do
kubectl patch persistentvolume $pv --patch '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}'
done
2. Update Helm (v2.9.1+ required)#
# Update helm
curl https://raw.githubusercontent.com/kubernetes/helm/HEAD/scripts/get | bash
# Update tiller (on the cluster)
helm init --upgrade --service-account=tiller
# Verify the update
# NOTE: you may need to cancel and re-run the command, it should work within 30
# seconds.
helm version
# VERIFY: Did it return both the client and server version?
# Client: &version.Version{SemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"}
# Server: &version.Version{SemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"}
3. (Optional) Clean up pre-puller resources#
The pre-puller component of v0.6 could leave leftover resources after it finished, instead of cleaning up after itself. This script removes the pre-puller resources created by v0.6.
# This script will delete resources that were meant to be temporary
# The bug that caused this is fixed in version 0.7.0 of the Helm chart
NAMESPACE=<YOUR-NAMESPACE>
resource_types="daemonset,serviceaccount,clusterrole,clusterrolebinding,job"
for bad_resource in $(kubectl get $resource_types --namespace $NAMESPACE | grep '/pre-pull' | awk '{print $1}');
do
kubectl delete $bad_resource --namespace $NAMESPACE --now
done
kubectl delete $resource_types --selector hub.jupyter.org/deletable=true --namespace $NAMESPACE --now
4. (Recommended) Clean up problematic revisions in your Helm release#
This step is recommended due to bugs in Helm that could cause your JupyterHub
Helm chart installation (release) to get stuck in an invalid state.
The symptoms are often that helm upgrade
commands fail with the reason that some resource does or doesn’t exist.
# Look up the name of your Helm release (installation of a Helm chart)
helm list
# Store the name of the Helm release
RELEASE_NAME=<YOUR-RELEASE-NAME>
# Give yourself an overview of this release's revisions
helm history $RELEASE_NAME
# Check if you have multiple revisions in a DEPLOYED status (a bug), or if you
# have old PENDING_UPGRADES or FAILED revisions (may be problematic).
helm history $RELEASE_NAME | grep --extended-regexp "DEPLOYED|FAILED|PENDING_UPGRADE"
# If you have multiple revisions in DEPLOYED status, this script will clean up
# all configmaps except the latest with DEPLOYED status.
deployed_revisions=($(helm history $RELEASE_NAME | grep DEPLOYED | awk '{print $1}'))
for revision in ${deployed_revisions[@]::${#deployed_revisions[@]}-1};
do
kubectl delete configmap $RELEASE_NAME.v$revision --namespace kube-system
done
# It seems plausible that upgrade failures could have to do with revisions
# having a PENDING_UPGRADE or FAILED status in the revision history. To delete
# them run the following command.
kubectl delete configmap --selector "NAME=$RELEASE_NAME,STATUS in (FAILED,PENDING_UPGRADE)" --namespace kube-system
5. Perform the upgrade#
IMPORTANT: Do not miss out on the --force
flag!
--force
is required due to changes in labelling of jupyterhub resources
in 0.7.
Helm cannot upgrade from the labelling scheme in 0.6 to that in 0.7 without --force
, which deletes and recreates the deployments.
RELEASE_NAME=<YOUR-RELEASE-NAME>
NAMESPACE=<YOUR-NAMESPACE>
helm repo add jupyterhub https://hub.jupyter.org/helm-chart/
helm repo update
# NOTE: We need the --force flag to allow recreation of resources that can't be
# upgraded to the new state by a patch.
helm upgrade $RELEASE_NAME jupyterhub/jupyterhub --install \
--force \
--version=0.7.0 \
--namespace=$NAMESPACE \
--values config.yaml \
--timeout 1800
6. Manage active users#
Active users with running pods must restart their pods. If they don’t the next
time they attempt to access their server they may end up with {“error”: “invalid_redirect_uri”, “error_description”: “Invalid redirect URI”}
.
You have the power to force this to happen, but it will abort what they are
doing right now. If you want them to be able to do it in their own pace, you
could use the /hub/admin
path and shut them down manually when they are done.
NAMESPACE=<YOUR-NAMESPACE>
# Inspect what users are currently running
kubectl get pod --selector component=singleuser-server --namespace $NAMESPACE
# Force all of them to shutdown their servers, and ensure the hub gets to
# realize that happened through a restart.
kubectl delete pod --selector component=singleuser-server --namespace $NAMESPACE
kubectl delete pod --selector component=hub --namespace $NAMESPACE
Troubleshooting - Cleanup of cluster#
If things fail, you can try the following before installing the chart. If you decide to take these steps, we recommend step 1 is taken first in order to not loose data and that you ensure the old data is made available by the troubleshooting step below.
RELEASE_NAME=<YOUR-RELEASE-NAME>
# WARNING: Deletes everything installed by the Helm chart!
# WARNING: If you have not changed the reclaim policy of the hub in step 1, the
# hub never be able to remember anything about past users. Also note
# that even if you have taken step 1, you must also make the PVs become
# `Available` again before the hub starts up again.
# NOTE: This does not include user pods or user storage PVCs as they have been
# indirectly created by KubeSpawner
helm delete $RELEASE_NAME --purge
# WARNING: Deletes everything within the namespace!
# WARNING: If you have not changed the reclaim policy of the hub and users in
# step 1, the hub's stored information about the users and the user's
# storage will be lost forever. Also note that even if you have taken
# step 1, you must also make the hub and users PVs become `Available`
# before the hub and users startup again.
kubectl delete namespace <YOUR-NAMESPACE>
If you took these steps and step 1, you should probably right now continue with
the next troubleshooting section about making Released
PVs Available
for
reuse.
Troubleshooting - Make Released
PVs Available
for reuse#
If you followed step 1 and 2, you can after cleanup of a cluster reuse the old hub’s and users’ storage if you do this step before you installs the Helm chart again.
In more technical words: if you have deleted PVCs such as hub-db-dir
or
claim-anyusername
, their PVs will end in a Released
state assuming they had
a reclaimPolicy
set to Retain
. To make use of these PVs again, we must make
them Available
for the to future PVCs that needs a PV to bind to.
NAMESPACE=<YOUR-NAMESPACE>
# Ensure the hub's and users' PVs are made `Available` again
hub_and_user_pvs=($(kubectl get persistentvolume | grep -E "Released.+$NAMESPACE/(hub-db-dir|claim-)" | awk '{print $1}'))
for pv in ${hub_and_user_pvs[@]};
do
kubectl patch persistentvolume $pv --patch '{"spec":{"claimRef":{"uid":null}}}}'
done
# Ensure you don't have any PVCs in the lost state
lost_pvcs=($(kubectl get persistentvolumeclaim --namespace $NAMESPACE | grep -E "(hub-db-dir|claim-).+Lost" | awk '{print $1}'))
for pvc in ${lost_pvcs[@]};
do
echo kubectl delete persistentvolumeclaim $pvc --namespace $NAMESPACE
done
Contributors#
A. Tan Aaron Culich abhismvit AC AcademicAdmin Adam Grant Adam Huffman Adam Thornton Adam Tilghman Adam-Origamiiris Afreen Rahman agustaf agustiin aisensiy Ajay Changulani Akhil Lawrence akkibatra Alan King Albert J. de Vera Alejandro del Castillo Alejandro Gastón Alvarez Aleksandr Blekh Alex Leith Alex Marandon Alex Mellnik Alex Moore Alex Morreale Alex Tasioulis Alexander Alexander Hendorf Alexander Kruzhkov Alexander Morley Alexander Schwartzberg Allen Downey AlphaSRE Alramzey amangarg96 Amirahmad Khordadi Amit Rathi Analect anasos Andre Celere Andrea Abelli Andrea Turrini Andrea Zonca Andreas Heider Andrew Berger Andrew Melo andrewcheny András Tóth André Luiz Diniz Andy Berner Andy Doddington angus evans Anirudh Vyas Ankit Ankit Sharma ankit2894 Anthony Suen Anton Akhmerov Antonino Ingargiola Antonio Serrano AranVinkItility Arda Aytekin Ariel Balter Ariel Rokem arkroop Arthur arthur Arthur Koziel ArvinSiChuan aseishas at-cchaloux atullo2 Bastian Greshake Tzovaras bbarney213 bbrauns Ben Chuanlong Du Benjamin Paz Benoit Rospars BerserkerTroll BhagyasriYella bhavybarca Birgetit bitnik Borislav Aymaliev Botty Dimanov Brad Skaggs Brandon Sharitt Brent Brian E. Granger Brian Ray Bruce Beauchamp Bruce Chiarelli Byă Camilla Camilo Núñez Fernández Cara carluri Carol Willing Caspian chack05 chang-zhijie chaomaer chaoyue729 Charles Forelle chenyg0911 Chester Li Chia-liang Kao Chico Venancio Chris Fournier Chris Holdgraf Chris Seal Chris Van Pelt Christiaan Swanepoel Christian Alis Christian Hotz-Behofsits Christian Mesh Christian Moscardi Christine Banek Christopher Hench ckbhatt Claudius Mbemba cloud-science Cody Scott Cord Cory Johns cqzlxl Craig Willis Curtis Maves cyberquasar cybertony cyberyor Daisuke Taniwaki daleshsd Dan Allan Dan Hoerst Dan Lidral-Porter Daniel Daniel Morrison danielmaitre danielrychel Dario Romero darky2004 DataVictorEngineer Dave Aitken Dave Hirschfeld David Bath David Doherty David Kügler David Maxson David Napier David Pérez Comendador David Pérez-Suárez David Sanftenberg Davide deep-42-thought Deleted user DerekHeldtWerle Dhawal Patel disimone DmitrII Gerasimenko Dmitry Mishin Dominic Suciu Don Kelly Doug Holt Dragos Cojocari dturaev Dwight Townsend Dylan Lentini Eamon Keane Eddy Elbrink Emmanuel Gomez Enol Fernández epoch1970 Eric Charles Erik Sundell Ermakov Petr ernestmartinez EtienneDesticourt Evan Evan Van Dam Evert Rol eylenth Ezequiel Gioia fahadabbas91 Faras Sadek forbxy Francisco Zamora-Martinez FU Zhipeng Fyodor Félix-Antoine Fortin G YASHASVI Gaetan Semet Gaëtan Lehmann gbrahmi George Jose Gerben Welter Gerhard Burger GladysNalvarte Glen A Knight Graham Dumpleton grant-guo GRC Guillaume EB guimou Guo Zhang gweis Hagen Hoferichter hanbeibei hani1814 Hans Petter Bieker happytest143 Hassan Mudassir Helder Rodrigues hemantasingh Henddher Pedroza hjclub123 huhuhang Hunter Jackson Ian Indrajeet Singh ironv IssacPan Ivan Grbavac J Forde J Gerard Jacob Tomlinson James Curtin James Davidheiser James Londal James Veitch Jan Kalo Jason Kuruzovich Jason Williams jason4zhu javin-gn Jeremie Vallee Jeremy Lewi Jeremy Tuloup Jerry Schuman Jesse Cai Jesse Kinkead Jesse Zhang Jessica Wong Jim Basney Jim Hendricks Jiri Kuncar jlsimms jm2004 Joakim JocelynDelalande Joe Hamman Joel Pfaff John Kaltenbach John Readey johnbotsis johnkpark johnpaulantony Jonas Adler Jonathan Jonathan Brant Jonathan Wheeler jonny86 Joost W. Döbken Jose Manuel Monsalve Diaz Josh Barnes Josh Temple João Barreto jpolchlo JPUnD Juan Cabanela Julien Chastang Jurian Kuyvenhoven Justin Holmes Justin Moen justkar4u JYang25 Jürgen Hermann kakzhetak kaliko Kam Kasravi Kannan Kumar karthikpitchaimani Kenneth Lyons Kevin P. Fleming kevkid Kirill Dubovikov Knarfux Ko Ohashi krinsman KrisL Kristiyan lambertjosh Lars Biemans Leo Gallucci leolurunhe Leopold Talirz LeoPsidom lfzyx lgc019 Lifubang liusztc09 liuzhliang llancellotti lmerli84 loginoff Louis Garman Luca De Feo Luca Grazioli Lucas Durand Lucas Kushner Lukasz Lempart Lukasz Tracewski Lutz Behnke M Pacer Maciej Sawicki madsi1m mak-aravind Malin Aandahl Manjukb Marc BUFFAT marciocourense Marco Pleines Marcus Hunger Marcus Levine Mario Campos Marius van Niekerk Mark Mirmelstein marmaduke woodman Martin Forde Martín Anzorena maryamdev Mas mascarom Mathew Blonc Matt Hansen Matteo Ipri matthdan Matthew Bray Matthew Rocklin Matthias Bussonnier Matthias Klan mattvw Max Joseph Maxim Moinat mdivk Mereep merlin1608 Micah Micah Smith Michael Huttner Michael Milligan Michael Ransley michec81 Michele Bertasi Miguel Caballer Mike Hamer Min RK MincingWords MisterZ mohanamurali7 Mohit Monica Dessole moskiGithub mrkjones1979 mzilinski n3f Naeem Rashid Naineel Shah NaizEra nauhpc ndiy Neelanshu92 Nehemiah I. Dacres Neth Six ngokhoa96 Nick Brown Nickolaus D. Saint nickray Nico Bellack Nicolas M. Thiéry Nikolay Dandanov Nikolay Voronchikhin niveau0 Norman Gray ogre0403 Ola Tarkowska oneklc OpenThings ormskirk77 P.J. Little Pat W Patafix Paul Adams Paul Laskowski Paul Mazzuca Paulo Roberto de Oliveira Castro Pav K pedrovgp pekosro Peter Majchrak pgarapon Phil Fenstermacher philippschw Phuong Cao picca Pierre Accorsi Pinakibiswasdevops Pius Nyakoojo pjamason Pouria Hadjibagheri Prabhu Kasinathan Pramod Rizal Pranay Hasan Yerra Prateek prateek2408 Prerak Mody Przybyszo psnx pydo pyjones1 R. C. Thomas Rachidramadan1990 radudragusin Rafael Ladislau Rafael Mejia raghu20ram raja Ramin Ranjit Raphael Nestler RaRam Raviraju Vysyaraju reddyvenu Ricardo Rocha Rich Signell Richard Caunt Richard Darst Richard England Richard Ting Rizwan Saeed Rob Robert Casey Robert Drysdale Robert Jiang Robert Schroll robin Robin Robin Scheibler roemer2201 Rok Roškar Roman Gorodeckij roversne Roy Wedge Royi Rui Zhang Ruslan Usifov Ryan Abernathey Ryan Lovett rydeng sabarnwa sabyasm sadanand25 Sam Manzer Sambaiah Kilaru samy Sangram Gaikwad sanjaydatasciencedojo Sanmati Jain saransha Saranya411 sarath145p Satendra Kumar saurav maharjan saurs saurav SB sbailey-auro Scott Crooks Scott Sanderson SeaDude semanticyongjia serlina Seshadri Ramaswami shalan7 Shana Matthews Shannon Shantanu Singh Shengxin Huang shilpam11 Shiva Prasanth shreddd Shuo YU Sigurður Baldursson Simon Li Sirawit Pongnakintr SivaMaplelabs smiller5678 srican srini_b Stanislav Nazmutdinov stczwd Stefano Nicotri Stefano Taschini Stephanie Gott Stephen Lecrenski Stephen Pascoe Stephen Sackett Steven Silvester Stéphane Pouyllau sudheer0553 Sugu Sougoumarane Suman Addanki summerswallow summerswallow-whi sundeepChandhoke Sunip Mukherjee svzdvdoptum swgong Sylvain Desroziers syutbai T. George tankeryang TapasSpark Tassos Sarbanes teddy Kossoko tgamal Thomas Ashish Cherian Thomas Kluyver Thomas Mendoza thongnnguyen Thoralf Gutierrez Tim Crone Tim Freund Tim Head Tim Kennell Jr. Tim Klever Tim Shi TimKreuzer Tirthankar Chakravarty titansmc Tobias Morville tobiaskaestner Tom Davidson Tom Kwong Tom O’Connor Tomas Barton Tommaso Fabbri Tyler Erickson tzujan uday2002 Umar Sikander UsDAnDreS Vaclav Pavlin Varun M S Victor Paraschiv vishwesh5 Vladimir Kozhukalov vpvijay87 W. wangaiwudi Wei Hao weih1121 weimindong2016 whitebluecloud whositwhatnow will Will Starms William H William Hosford wtsyang XIAHUALOU xuhuijun Y-L-18 yee379 yeisonseverinopucv Yiding Yifan Li yougha54 Youri Noel Nelson yuandongfang Yueqi Wang yugushihuang Yuhi Ishikura Yuval Kalugny Yuvi Panda Zac Flamig Zachary Sailer Zachary Zhao ZachGlassman zaf Zafer Cesur zearaujo07 Zeb Nicholls Zelphir Kaltstahl ZenRay zero zeusal Zhongyi Zhou (Joe) Yuan ziedbouf zlshi zmkhazi Zoltan Fedor zyc Øystein Efterdal 孙永乐 张旭 武晨光 陈镇秋
0.6#
0.6 - Ellyse Perry - 2017-01-29#
This release is primarily focused on better support for Autoscaling, Microsoft Azure support & better default security. There are also a number of bug fixes and configurability improvements!
Breaking changes#
Pre-puller configuration#
In prior versions (v0.5), if you wanted to disable the pre-puller, you would use:
prePuller:
enabled: false
Now, to disable the pre-puller, you need to use:
prePuller:
hook:
enabled: false
See the pre-puller docs for more info!
Upgrading from 0.5#
This release does not require any special steps to upgrade from v0.5. See the upgrade documentation for general upgrading steps.
If you are running v0.4 of the chart, you should upgrade to v0.5 first
before upgrading to v0.6. You can find out what version you are using
by running helm list
.
Troubleshooting#
If your helm upgrade fails due to the error no Ingress with the name "jupyterhub-internal" found
,
you may be experiencing a helm bug. To work
around this, run kubectl --namespace=<YOUR-NAMESPACE> delete ingress jupyterhub-internal
and
re-run the helm upgrade
command. Note that this will cause a short unavailability of your hub
over HTTPS, which will resume normal availability once the deployment upgrade completes.
New Features#
More secure by default#
z2jh is more secure by default with 0.6. We now block access to cloud security metadata endpoints by default.
See the security documentation for more details. It has seen a number of improvements, and we recommend you read through it!
Autoscaling improvements#
Some cloud providers support the kubernetes node autoscaler, which can add / remove nodes depending on how much your cluster is being used. In this release, we made a few changes to let z2jh interact better with the autoscaler!
Configure z2jh to ‘pack’ your users onto nodes, rather than ‘spread’ them across nodes.
A ‘continuous’ pre-puller that allows user images to be pulled on new nodes easily, leading to faster startup times for users on new nodes. ([link])
Hub and Proxy pod will not be disrupted by autoscaler, by using PodDisruptionBudgets. The Hub & Proxy will also stick together if possible, thus minimizing the number of nodes that can not be downsized by the autoscaler.
There is more work to be done for good autoscaling support, but this is a good start!
Better Azure support#
Azure’s new managed Kubernetes service (AKS) is much better supported by this version!
We have much better documentation on using z2jh with Azure!
We rewrote our pre-puller so it works on Azure (previously it did not)
Azure AKS is still in preview mode, so be aware of that before using it in any production workloads!
See the setting up Kubernetes on Microsoft AKS section for more information.
Better configurability#
We now have better documentation and bug fixes for configurability!
extraConfig
can be a dictionary instead of just a string. This helps when you have to split yourconfig.yaml
into multiple files for complex deploymentsHow user storage works by default is better documented
Reading config in
extraConfig
fromextraConfigMap
now actually works!You can configure the URL that users are directed to after they log in. This allows defaulting users to JupyterLab
You can pre-pull multiple images now, for custom configuration that needs multiple images
Better instructions on pre-populating your user’s filesystem using nbgitpuller
Ellyse Perry#
(excerpt from https://www.cricket.com.au/players/ellyse-perry/1aMxKNyEOUiJqhq7N5Tlwg)
Arguably the best athlete in Australia, Ellyse Perry’s profile continues to rise with the dual cricket and soccer international having played World Cups for both sports.
Perry became the youngest Australian ever to play senior international cricket when she made her debut in the second ODI of the Rose Bowl Series in Darwin in July 2007 before her 17th birthday.
She went on to make her domestic debut in the 2007-08 Women’s National Cricket League season, taking 2-29 from 10 overs in her first match.
Since her national debut, Perry has become a regular fixture for the Southern Stars, playing in the 2009 ICC Women’s World Cup and the ICC Women’s World Twenty20 in the same year.
Leading Australia’s bowling attack, Perry played a crucial role in the ICC Women’s World Twenty20 Final in the West Indies in 2010.
The match came down to the wire, with New Zealand requiring five runs off the last ball to claim the title. Under immense pressure, Perry bowled the final ball of the tournament, which New Zealand’s Sophie Devine struck straight off the bat.
The talented footballer stuck out her boot to deflect the ball to Lisa Sthalekar at mid-on, securing the trophy for Australia. Perry’s figures of 3-18 in the final saw her take home the Player of the Match award.
Perry featured prominently in Australia’s three-peat of World T20 victories, selected for the Team of the Tournament in 2012 and 2014.
She was named ICC Female Cricketer of the Year in 2017.
Contributors#
This release wouldn’t have been possible without the wonderful contributors to the zero-to-jupyterhub, and KubeSpawner repos. We’d like to thank everyone who contributed in any form - Issues, commenting on issues, PRs and reviews since the last Zero to JupyterHub release.
In alphabetical order,
0.5#
0.5 - Hamid Hassan - 2017-12-05#
JupyterHub 0.8, HTTPS & scalability.
Upgrading from 0.4#
See the upgrade documentation for upgrade steps.
New Features#
JupyterHub 0.8#
JupyterHub 0.8 is full of new features - see CHANGELOG for more details. Specific features made to benefit this chart are:
No more ‘too many redirects’ errors at scale.
Lots of performance improvements, we now know we can handle up to 4k active users
Concurrent spawn limits (set via
hub.concurrentSpawnLimit
) can be used to limit the concurrent number of users who can try to launch on the hub at any given time. This can be tuned to avoid crashes when hundreds of users try to launch at the same time. It gives them a friendly error message + asks them to try later, rather than spinning forever.Active Server limit (set via
hub.activeServerLimit
) can be used to limit the total number of active users that can be using the hub at any given time. This allows admins to control the size of their clusters.Memory limits & guarantees (set via
singleuser.memory
) can now contain fractional units. So you can say0.5G
instead of having to use512M
.
And lots more!
Much easier HTTPS#
It is our responsibility as software authors to make it very easy for admins to set up HTTPS for their users. v0.5 makes this much easier than v0.4. You can find the new instructions here and they are much simpler!
You can also now use your own HTTPS certificates & keys rather than using Let’s Encrypt.
More authenticators supported#
The following new authentication providers have been added:
GitLab
CILogon
Globus
You can also set up a whitelist of users by adding to the list in auth.whitelist.users
.
Easier customization of jupyterhub_config.py
#
You can always put extra snippets of jupyterhub_config.py
configuration in
hub.extraConfig
. Now you can also add extra environment variables to the hub
in hub.extraEnv
and extra configmap items via hub.extraConfigMap
. ConfigMap
items can be arbitrary YAML, and you can read them via the get_config
function in
your hub.extraConfig
. This makes it cleaner to customize the hub’s config in
ways that’s not yet possible with config.yaml.
Hub Services support#
You can also add external JupyterHub Services
by adding them to hub.services
. Note that you are still responsible for actually
running the service somewhere (perhaps as a deployment object).
More customization options for user server environments#
More options have been added under singleuser
to help you customize the environment
that the user is spawned in. You can change the uid / gid of the user with singleuser.uid
and singleuser.fsGid
, mount extra volumes with singleuser.storage.extraVolumes
&
singleuser.storage.extraVolumeMounts
and provide extra environment variables with
singleuser.extraEnv
.
Hamid Hassan#
Hamid Hassan is a fast bowler who currently plays for the Afghanistan National Cricket Team. With nicknames ranging from “Afghanistan’s David Beckham” to “Rambo”, he is considered by many to be Afghanistan’s first Cricket Superhero. Currently known for fast (145km/h+) deliveries, cartwheeling celebrations, war painted face and having had to flee Afghanistan as a child to escape from war. He says he plays because “We are ambassadors for our country and we want to show the world that Afghanistan is not like people recognise it by terrorists and these things. We want them to know that we have a lot of talent as well”
Contributors#
This release wouldn’t have been possible without the wonderful contributors to the zero-to-jupyterhub-k8s, JupyterHub, KubeSpawner and OAuthenticator repos. We’d like to thank everyone who contributed in any form - Issues, commenting on issues, PRs and reviews since the last Zero to JupyterHub release.
In alphabetical order,
0.4#
0.4 - Akram - 2017-06-23#
Stability, HTTPS & breaking changes.
Installation and upgrades#
We recommend that you delete prior versions of the package and install the latest version. If you are very familiar with Kubernetes, you can upgrade from an older version, but we still suggest deleting and recreating your installation.
Breaking changes#
The name of a user pod and a dynamically created home directory PVC (PersistentVolumeClaim) no longer include the
userid
in them by default. If you are using dynamic PVCs forhome
directories (which is the default), you will need to manually rename these directories before upgrading. Otherwise, new PVCs will be created, and users might freak out when viewing the newly created directory and think that their home directory appears empty.See PR #56 on what needs to change.
A StorageClass is no longer created by default. This shouldn’t affect most new installs, since most cloud provider installations have a default (as of Kubernetes 1.6). If you are using an older version of Kubernetes, the easiest thing to do is to upgrade to a newer version. If not, you can create a StorageClass manually and everything should continue to work.
token.proxy
is removed. Useproxy.secretToken
instead. If yourconfig.yaml
contains something that looks like the following:token: proxy: <some-secret>
you should change that to:
proxy: secretToken: <some-secret>
Added#
Added GitHub Authentication support, thanks to Jason Kuruzovich.
Added Ingress support! If your cluster already has Ingress support (with automatic Let’s Encrypt support, perhaps), you can easily use that now.
We now add a label to user pods / PVCs with their usernames.
Support using a static PVC for user
home
directories or for the hub database. This makes this release usable with clusters where you only have one NFS share that must be used for the whole hub.PostgreSQL is now a supported hub database backend provider.
You can set annotations & labels on the proxy-public service now.
Changed#
We now use the official configurable http proxy (CHP) as the proxy, rather than the unofficial nchp. This should be a no-op (or require no changes) for the most part. JupyterHub errors might display a nicer error page.
The version of KubeSpawner uses the official Kubernetes python client rather than pycurl. This helps with scalability a little.
Removed#
The deprecated
createNamespace
parameter no longer works, alongside the deprecatedname
parameter. You probably weren’t using these anyway - they were kept only for backwards compatibility with very early versions.
Contributors#
This release made possible by the awesome work of the following contributors (in alphabetical order):
<3
Akram#
Wasim Akram (وسیم اکرم) is considered by many to be the greatest pace bowler of all time and a founder of the fine art of reverse swing bowling.
0.3#
0.3.1 - 2017-05-19#
KubeSpawner updates.
KubeSpawner has gained several new features, thanks to the work of Daniel Rodriguez and ktongsc! Specifically, we have support for init containers, node selectors, pod lifecycle hooks, etc. These can be used with the extraConfig override for now
Add easy ability to specify pod lifecycle hooks via the helm chart!
0.3 - 2017-05-15#
Deployer UX fixes.
No need to restart hub manually after some changes - it is automatically restarted now. You can disable an automatic restart of hub after an upgrade with the following:
Finding out the current helm release’s revision
Adding ‘–set revisionOverride=
’ to your upgrade command.
Only do this if you know exactly what you are doing :)
Base images for everything upgraded to ubuntu 17.04. We can define the support lifecycle for the helm chart in the future, and decide on the base images at that point.
Add a timestamp to the job name for the pre-puller job. This prevents having to manually delete it when an install fails and has to be tried again. Because the Release Revision hadn’t changed when the upgrade fails, trying again will cause it to fail with a ‘job already exists’ error. Adding the Timestamp to job name should hopefully fix that
0.2#
0.2 - 2017-05-01#
Minor cleanups and features.
Get rid of cull pod, move it inside the hub pod as a managed service
Set a default 1G memory guarantee for user pods
Allow setting a static global password for Dummy Authenticator
Allow setting extra static environment variables for user pods from the helm config
Upgrade kubespawner version (no major functional changes)
0.1#
0.1 - 2017-04-10#
Initial Public Release.