Here you can find upgrade changes in between releases and upgrade instructions.
Security release! Updates JupyterHub to 1.5 to address a moderate security vulnerability affecting JupyterLab users, where logout may not always fully clear credentials from the browser if multiple sessions are open at the time.
A few small features are backported from the upcoming 2.0 release as well. See the release notes for more.
Because the vulnerability is in the single-user environment, you can get the fix in existing deployments by upgrading JupyterHub to 1.5 in your user environment without updating the rest of your chart.
Similarly, upgrading the chart without also upgrading JupyterHub to 1.5 in your user environment will not fix the vulnerability.
JupyterHub 1.5 in the user environment is fully compatible with a Hub running 1.4, and vice versa.
Security release! 1.1.4 release fixes a critical security vulnerability in jupyterhub-firstuse authenticator. If you are not using firstuseauthenticator, you are not affected.
- refactor: remove redundant trimSuffix of new lines after toYaml #2358 (@consideRatio)
- build(deps): bump pycurl from 7.44.0 to 7.44.1 in /images/hub #2352 (@dependabot)
- build(deps): bump oauthenticator from 14.1.0 to 14.2.0 in /images/hub #2350 (@dependabot)
- build(deps): bump pycurl from 7.43.0.6 to 7.44.0 in /images/hub #2347 (@dependabot)
- Add docs on GitHub team authentication #2349 (@j0nnyr0berts)
(GitHub contributors page for this release)
@consideRatio | @j0nnyr0berts | @manics
- docs: fix weird helm upgrade example #2331 (@hiroki-sawano)
(GitHub contributors page for this release)
@consideRatio | @hiroki-sawano | @manics | @MridulS
- fix hub.services schema regression from 1.1.0 #2327 (@consideRatio)
- ci: misc fixes post 1.1.0 #2326 (@consideRatio)
-
hub.services api tokens are now generated
The Helm chart now automatically seeds registered services under
hub.services
with an api token. This is especially helpful for Helm charts depending on this Helm chart such asbinderhub
ordaskhub
, for more details see thehub.services
entry in the configuration reference. -
Full arm64 compatebility
The Helm chart is fully arm64 compatible, even the
singleuser.image
that previously wasn't.
This breaking change only concerns someone that has configured
hub.services.<some-key>.name=<some-name>
so that <some-key>
is different
from <some-name>
. In that case, the key in the k8s Secret exposing the
registered service's api token is now named hub.services.<some-key>.apiToken
instead of hub.services.<some-name>.apiToken
.
Dependency | Version in 1.0.0 | Version in 1.1.0 | Changelog link | Note |
---|---|---|---|---|
jupyterhub | 1.4.1 | 1.4.2 | Changelog | Run in the hub pod |
kubespawner | 1.0.0 | 1.1.0 | Changelog | Run in the hub pod |
oauthenticator | 14.0.0 | 14.1.0 | Changelog | Run in the hub pod |
ldapauthenticator | 1.3.2 | 1.3.2 | Changelog | Run in the hub pod |
ltiauthenticator | 1.0.0 | 1.0.0 | Changelog | Run in the hub pod |
nativeauthenticator | 0.0.7 | 0.0.7 | Changelog | Run in the hub pod |
jupyterhub-idle-culler | 1.1 | 1.1 | - | Run in the hub pod |
configurable-http-proxy | 4.4.0 | 4.5.0 | Changelog | Run in the proxy pod |
traefik | v2.4.8 | v2.4.11 | Changelog | Run in the autohttps pod |
kube-scheduler | v1.19.11 | v1.19.13 | - | Run in the user-scheduler pod(s) |
For a detailed list of how Python dependencies have change in the hub
Pod's Docker image, inspect the images/hub/requirements.txt file.
- Add support for arm64 in singleuser-sample image #2316 (@consideRatio)
- Seed hub.services' apiTokens #2312 (@consideRatio)
- Add ingress.pathType config #2305 (@jtrouth)
- Allow CHP to function in a IPv4 only and/or IPv6 only context #2318 (@consideRatio)
- fix schema: accept proxy.traefik.extra[Static|Dynamic]Config #2317 (@consideRatio)
- fix: bug if z2jh is used as a dependency with an alias #2310 (@consideRatio)
- Fix failure to set imagePullSecrets for user-placeholder pods (scheduling.userPlaceholder.image config added) #2293 (@michaellzc)
- build(deps): bump jupyterhub-kubespawner from 1.0.0 to 1.1.0 in /images/hub #2324 (@dependabot)
- Bump CHP version to 4.5.0 #2321 (@consideRatio)
- build(deps): bump oauthenticator from 14.0.0 to 14.1.0 in /images/hub #2320 (@dependabot)
- Bump patch version of: traefik, kube-scheduler, pause #2315 (@consideRatio)
- build(deps): bump jupyterhub from 1.4.1 to 1.4.2 in /images/hub #2314 (@dependabot)
- Remove deprecation logic for hub.extraConfig as a string #2307 (@consideRatio)
- hub image: run apt-get upgrade by default to patch known vulns #2304 (@consideRatio)
- Add changelog for 1.0.1 #2287 (@consideRatio)
- Docs clarification culling behavior and configs #2267 (@cdibble)
- ci: improve lint-and-validate-values.yaml coverage #2309 (@consideRatio)
- ci: Arm64 circleci test #2302 (@manics)
(GitHub contributors page for this release)
@cdibble | @consideRatio | @jtrouth | @mallman | @manics | @michaellzc | @minrk | @yuvipanda
- Relax extraEnv schema to allow for array values #2289 (@consideRatio)
- Relax hub.db.type schema to accept unknown database types #2285 (@consideRatio)
- templates: quote namespace in case they are only contain numbers #2284 (@consideRatio)
- Corrected scheduler rbac custom naming #2276 (@v1r7u)
- Fix fullnameOverride for Ingress & PriorityClass resources #2251 (@v1r7u)
- Bump traefik from 2.4.8 to 2.4.9 #2288 (@consideRatio)
- singleuser-sample image: bump base image to reduce known vulns #2286 (@consideRatio)
- schema: force labels and annotations to be strings #2283 (@consideRatio)
- build(deps): bump nbgitpuller from 0.10.0 to 0.10.1 in /images/singleuser-sample #2279 (@dependabot)
- hub image: add sqlalchemy-cocroachdb dependency #2262 (@weisdd)
- build(deps): bump psycopg2-binary from 2.8.6 to 2.9.1 in /images/hub #2259 (@dependabot)
- build(deps): bump nbgitpuller from 0.9.0 to 0.10.0 in /images/singleuser-sample #2247 (@dependabot)
- docs: de-hardcode mentioned minimum helm version #2272 (@consideRatio)
- added AWS EKS cluster scaling/auto-scaling documentation for z2jh #2268 (@cdibble)
- Update installation.md #2249 (@enolfc)
- Add participation in study notice to readme #2248 (@sgibson91)
- Update 1.0.0-beta.1 changelog entry to 1.0.0 #2245 (@consideRatio)
- Transition to use pre-commit hook in jupyterhub/chartpress #2278 (@consideRatio)
- Remove pre-commit from GHA #2273 (@minrk)
(GitHub contributors page for this release)
@cdibble | @consideRatio | @dependabot | @enolfc | @manics | @minrk | @sgibson91 | @v1r7u | @weisdd
This release includes a security announcement, breaking changes, several new features, and more. Please read through this to be able to help yourself and others upgrade successfully.
As of the 1.0.0 version of this Helm chart, we aim to follow SemVer 2 versioning scheme where breaking changes, new features, and small bugfixes will increment the three version numbers.
-
arm64 compatible images
All images except the user image (
singleuser.image
) now support the arm64 architecture. This allows this Helm chart to be installable on a RaspberryPi based k8s cluster. -
hub.extraFiles
andsingleuser.extraFiles
Have you wanted to mount various files to the hub pod or the user pods, such as a configuration file or similar? While this could be done by creating a dedicated ConfigMap that was mounted etc before, you don't need to go through that trouble.
Read more in the configuration reference.
-
Automatic secret generation
Are you explicitly passing
proxy.secretToken
,hub.config.CryptKeeper.keys
,hub.config.JupyterHub.cookie_secret
? Do it one more time when upgrading to 1.0.0! After that, they will be stored away in a k8s Secret and reused.If you install 1.0.0 from scratch, those will be automatically generated for you if you don't specify them.
-
Smoother helm upgrades
-
prePuller.hook.pullOnlyOnChanges
is now available and enabled by default, which only intercepts ahelm upgrade
by pulling images if they have changed since the last upgrade. -
The
proxy
pod were sometimes restarted when it wasn't needed and that could cause needless disruptions for users. This is now fixed.
-
-
fullnameOverride
andnameOverride
These options let you control the naming of the k8s resources created by the Helm chart, but should not be used unless you install from scratch.
Read more in the configuration reference.
-
Referencing resources from a parent Helm chart's templates
Are you a developer of a Helm chart that depends on this Helm chart, and you want to reference a k8s resource by name from one of your Helm templates?
Learn how to do it the recommended way by reading this documentation.
The documentation for how to setup a Amazon EKS cluster included an insecure
step that would give anyone access to the Kubernetes cluster. If you have
followed these instructions between 0.7.0-beta.1
and 0.11.1
, please see the
this post in the Jupyter forum.
-
Kubernetes 1.17+ and Helm 3.5+ are now required
Helm 3 (3.5+) is now required. Helm 2 reached end of life last year and we have started relying on Helm 3.5 specific features.
Kubernetes 1.17+ is now required. It helped us avoid maintaining two separate sets of implementations for the the user-scheduler.
-
Schema validation of chart config (#2033, #2200)
The Helm chart now bundles with a
values.schema.json
file that will validate all use of the Helm chart during template rendering. If the Helm chart's passed values doesn't comply with the schema, thenhelm
will error before the k8s api-server has become involved and anything has changed in the k8s cluster.The most common validation errors are:
-
Unrecognized config values
For example if you have misspelled something.
Note that if you want to pass your custom values for inspection by custom logic in the hub pod, then you should pass these values via the
custom
config section where anything will be accepted. -
Recognized config values with the wrong type
For example if you have passed a numerical value to a configuration that expected a string.
-
-
Breaking changes to config (#2211)
As the Helm chart has evolved over time, configuration options have been renamed and changed in various ways. With the release of 1.0.0, we enforce a transition from various old configuration options to new that have previously been ignored or accepted.
If you are using outdated configuration options you will be informed about it before any changes have been made to your deployment of the Helm chart.
-
Default resource requests are no longer set (#2034, #2226)
The helm chart now follows a common Helm chart practice by not setting default resource requests or limits.
To help in this transition, there is documentation with some guidance on setting explicit resource requests available here.
If you want to restore the previous behavior, you can explicitly set the resource requests like below.
hub: resources: requests: cpu: 200m memory: 512Mi proxy: chp: resources: requests: cpu: 200m memory: 512Mi scheduling: userScheduler: resources: requests: cpu: 50m memory: 256Mi prePuller: resources: requests: cpu: 0 memory: 0 hook: resources: requests: cpu: 0 memory: 0
-
KubeSpawner and deletion of PVCs (jupyterhub#3337, kubespawner#475)
Deleting a user in JupyterHub's admin interface (/hub/admin) or removing a named server will now lead to the deletion of the user's or named server's dynamically created PVC resource if there was one.
To opt out of this behavior and retain the current behavior where dynamically created PVC resources will remain, set
KubeSpawner.delete_pvc
tofalse
.hub: config: KubeSpawner: delete_pvc: false
Note that this feature relies on both KubeSpawner 1.0.0+ and JupyterHub 1.4.1+ which are included in this release.
-
hub.existingSecret is reworked (#2042)
See the documentation and pull request #2042 for more details.
-
configurable-http-proxy statsd metrics removed (#2231)
statsd metrics have been removed in configurable-http-proxy. This will only affect administrators who have overridden the CHP command line arguments as statsd is not supported in the Helm chart. Support for Prometheus metrics will be added in a future release.
Dependency | Version in 0.11.0 | Version in 1.0.0 | Changelog link | Note |
---|---|---|---|---|
jupyterhub | 1.3.0 | 1.4.1 | Changelog | Run in the hub pod |
kubespawner | 0.15.0 | 1.0.0 | Changelog | Run in the hub pod |
oauthenticator | 0.12.3 | 14.0.0 | Changelog | Run in the hub pod |
ldapauthenticator | 1.3.2 | 1.3.2 | Changelog | Run in the hub pod |
ltiauthenticator | 1.0.0 | 1.0.0 | Changelog | Run in the hub pod |
nativeauthenticator | 0.0.6 | 0.0.7 | Changelog | Run in the hub pod |
jupyterhub-idle-culler | 1.0 | 1.1 | - | Run in the hub pod |
configurable-http-proxy | 4.2.2 | 4.4.0 | Changelog | Run in the proxy pod |
traefik | v2.3.7 | v2.4.8 | Changelog | Run in the autohttps pod |
kube-scheduler | v1.19.7 | v1.19.11 | - | Run in the user-scheduler pod(s) |
For a detailed list of how Python dependencies have change in the hub
Pod's Docker image, inspect the images/hub/requirements.txt file.
- hub.service.extraPorts config option #2148 (@kafonek)
- Publish Arm64 compatible images #2125 (@manics)
- Enable opt-out of hub.jupyter.org/dedicated tolerations #2101 (@kafonek)
- Add prePuller.hook.pullOnlyOnChanges flag #2066 (@consideRatio)
- values.schema.json ships with chart and configuration reference now covers all options #2033 (@consideRatio)
- Allow extraFiles to be injected to hub / singleuser pods and automatically load config in /usr/local/etc/jupyterhub_config.d #2006 (@consideRatio)
- Seed secrets (proxy.secretToken, etc) so they don't have to be manually generated #1993 (@consideRatio)
- Support fullnameOverride / nameOverride and reference resources by named templates #1923 (@consideRatio)
- Add ...serviceAccount.annotations config for our k8s ServiceAccounts #2236 (@AndreaGiardini)
- upload chart as github artifact #2086 (@minrk)
- allow override of CHP defaultTarget, errorTarget #2079 (@minrk)
- Don't restart the proxy pod with each deploy #2077 (@yuvipanda)
- Add option to disable http port on LoadBalancer service #2061 (@tkislan)
- Add artificathub.io annotations to Chart.yaml before publishing #2045 (@consideRatio)
- Make use of hub.existingSecret sustainable #2042 (@consideRatio)
- Allow ingress.hosts to be omitted for a more generic rule #2027 (@consideRatio)
- Also pull singleuser.initContainers with pre-puller #1992 (@consideRatio)
- fix: prePuller.hook.pullOnlyOnChanges didn't work, now it does #2174 (@consideRatio)
- Fix mixup of hook/continuous-image-puller following recent PR #2100 (@consideRatio)
- Fix schema validation for Spawner.cpu/memory limits/guarantees #2070 (@consideRatio)
- Support setting resources to null to omit them #2055 (@consideRatio)
- pdb: default to maxUnavailable=1 instead of minAvailable=1 #2039 (@consideRatio)
- fix: imagePullSecret.enabled to work alongside imagePullSecret.create #2038 (@consideRatio)
- hub image build: fix use of PIP_OVERRIDES arg #2036 (@remche)
- fix: load only .py files in jupyterhub_config.d folder #2023 (@consideRatio)
- Followup fixes to seed secrets PR (#1993) #2016 (@consideRatio)
- fix: set tolerations to predefined labels on core pods #2007 (@consideRatio)
- Test against k8s 1.21 and avoid deprecation warning for old k8s api policy/v1beta1 #2243 (@consideRatio)
- Rename master branch to main #2217 (@manics)
- singleuser-sample: update base image #2213 (@consideRatio)
- Remove deprecated logic and emit clear messages #2211 (@consideRatio)
- refactor: stop manual hex-to-bytes conversion #2209 (@consideRatio)
- schema: added details to hub|singleuser.extraFiles #2198 (@consideRatio)
- Remove extraneous command from secret-sync image #2182 (@manics)
- maint: revert a workaround to make our priorityclass resources helm hooks #2180 (@consideRatio)
- enable prePuller.hook.pullOnlyOnChanges by default #2179 (@consideRatio)
- inline comment: info about the state used by prePuller.hook.pullOnlyOnChanges #2173 (@consideRatio)
- images/hub - a regular run of script: hub/images/dependencies freeze --upgrade #2168 (@consideRatio)
- build(deps): bump rsa from 4.6 to 4.7.2 in /images/hub #2167 (@dependabot)
- Update NOTES.txt, including removing "alpha" designation #2165 (@manics)
- docs: fix docs build for breaking change in sphinx redirection extension #2156 (@consideRatio)
- Allow hub pod to manage k8s Secrets/Services for KubeSpawner.internal_ssl #2065 (@thomasv314)
- Don't set default resource requests #2034 (@yuvipanda)
- cleanup: remove mistakenly added artifactshub.io config file #2010 (@consideRatio)
- refactor: consistently use toYaml with annotations/labels #2008 (@consideRatio)
- Require k8s 1.17+ to reduce complexity #2005 (@consideRatio)
- refactor: systematically prefer use of with in templates #2003 (@consideRatio)
- Specify prometheus.io/port for hub service #2000 (@yuvipanda)
- Autoformat bash scripts, yaml files, and markdown files with pre-commit #1996 (@manics)
- Remove deprecated user-scheduler config #1995 (@consideRatio)
- Require Helm 3 to allow for enhancements #1994 (@consideRatio)
- Remove unused nameField helper in _helpers.tpl #1991 (@consideRatio)
- docs: fix broken link #2230 (@consideRatio)
- docs: add documentation about resource requests #2226 (@consideRatio)
- docs: fix syntax error in markdown table #2225 (@consideRatio)
- Remove setup-helm2.md #2216 (@manics)
- Add debug.enabled to admin debugging doc #2215 (@manics)
- Minor documentation fixes #2206 (@consideRatio)
- Add changelog for 1.0.0-beta.1 #2175 (@consideRatio)
- docs: we require helm3 not helm2 #2159 (@consideRatio)
- fix cluster name for DO installation instructions #2134 (@RyanQuey)
- update k8 version for DO to currently available version #2133 (@RyanQuey)
- Include customisation under "Administrator Guide" #2123 (@manics)
- Update index.md #2122 (@rommeld)
- Correct the AKS GPU Link in documentation #2109 (@jabbera)
- Update postgres db url dialect in schema docs #2105 (@mriedem)
- Don't hard-code an old tag in customizing/user-environment.md #2090 (@manics)
- [DOC] Satisfy linkcheck #2080 (@minrk)
- Fix spawner env injection example. #2062 (@danielballan)
- update a markdown syntax error #2058 (@yobome)
- docs: helm3 compliance, avoid specification of chart versions #2054 (@consideRatio)
- doc: Update installation docs to refer to current latest version #2040 (@spenczar)
- docs: package chart specific README.md with the chart #2035 (@consideRatio)
- values.schema.json ships with chart and configuration reference now covers all options #2033 (@consideRatio)
- Fix schema.yaml jsonschema syntax errors #2031 (@consideRatio)
- ci: update publish/test-chart workflow triggers #2212 (@consideRatio)
- ci: print pip packages versions for debugging #2210 (@consideRatio)
- ci: vuln-scan update, less dedicated actions + warning instead of error #2188 (@consideRatio)
- ci: fix permissions of PR creating action #2186 (@consideRatio)
- docs/ci: run template tests against least known supported helm version and document that version #2181 (@consideRatio)
- ci: accept 1 pod restart but not 2, test against k8s 1.21 #2169 (@consideRatio)
- ci: precautions for security, update github_token permissions, pin actions #2163 (@consideRatio)
- ci: update network tests as jupyter.org IPs changed #2162 (@consideRatio)
- ci: Set author and pin SHA in vuln-scan workflow PR #2153 (@manics)
- publish workflow: build amd64 and arm64 prerequisites added #2144 (@consideRatio)
- docs/ci: revert docutils pin, myst-parser fixed issue #2141 (@consideRatio)
- docs: fix rtd build by pinning docutils #2140 (@consideRatio)
- ci: increase test timeout for test reliability #2083 (@consideRatio)
- ci: stop accepting test failures in k8s 1.20 #2060 (@consideRatio)
- vuln-scan: fix all fixable vulns, and bugfix automation, and bump singleuser-sample #2052 (@consideRatio)
- ci: fix Chart.yaml annotations for artifacthub.io image scanning #2049 (@consideRatio)
- ci: install pyyaml before publishing to generate json schema #2037 (@consideRatio)
- ci: use jupyterhub/action-k8s-await-workloads #2021 (@consideRatio)
- ci: stop using --long as chartpress 1.0.0 makes it not needed #2018 (@consideRatio)
- ci: use yq to parse version from Chart.yaml and save ~30 seconds #2017 (@consideRatio)
- ci: accept k8s 1.20 failures until 1.20.3 is out #2004 (@consideRatio)
(GitHub contributors page for this release)
@agnewp | @bbockelm | @betatim | @choldgraf | @consideRatio | @damianavila | @danielballan | @dependabot | @dhirschfeld | @github-actions | @jabbera | @jgwerner | @kafonek | @manics | @meeseeksmachine | @mhwasil | @michzimny | @MickeyShnaiderman-RecoLabs | @minrk | @mriedem | @NerdSec | @pcfens | @pvanliefland | @remche | @roelbaz | @rommeld | @RyanQuey | @spenczar | @support | @thomasv314 | @tkislan | @willingc | @yobome | @yuvipanda
This release fixes a regression in the Ingress resource and a bump of jupyterhub-nativeauthenticator from 0.0.6 to 0.0.7.
- fix: fix of ingress regression and improved testing (@consideRatio)
- build(deps): bump jupyterhub-nativeauthenticator from 0.0.6 to 0.0.7 in /images/hub #1988 (@dependabot)
Please read the security announcement and the breaking changes below, and also note that this is the last release supporting Helm 2 and k8s versions lower than 1.16.
This release contains the patched version of jupyterhub/oauthenticator which contained a security issue that influenced version 0.10.0 - 0.10.5 (but not 0.10.6) of this Helm chart.
Please don't use versions 0.10.0 - 0.10.5 and upgrade to 0.10.6 or later. If you are using OAuthenticator, please check your list of users and delete any unauthorized users who may have logged in during usage of version 0.10.0 - 10.10.5.
See the published security advisory for more information, and refer to this forum post to share insights that can be useful to others.
-
auth
configuration moves tohub.config
- #1943Helm chart configuration under
auth
is now no longer supported. If you make ahelm upgrade
usingauth
configuration, the upgrade will abort before any changes are made to the k8s cluster and you will be provided with the equivalent configuration using the new system underhub.config
.By default, the printed equivalent configuration is censored as it can contain secrets that shouldn't be exposed. By passing
--global.safeToShowValues=true
you can get an uncensored version. -
Pod Disruption Budget's now disabled by default - #1938
A Pod Disruption Budget (PDB) for the hub and proxy pods were created by default before, but will by default not be created from now on. The consequence of this is that the pods now can get evicted.
Eviction will happen as part of
kubectl drain
on a node, or by a cluster autoscaler removing a underused node.
Dependency | Version in 0.10.6 | Version in 0.11.0 | Changelog link | Note |
---|---|---|---|---|
jupyterhub | 1.2.2 | 1.3.0 | Changelog | Run in the hub pod |
kubespawner | 0.14.1 | 0.15.0 | Changelog | Run in the hub pod |
oauthenticator | 0.12.1 | 0.12.3 | Changelog | Run in the hub pod |
ldapauthenticator | 1.3.2 | 1.3.2 | Changelog | Run in the hub pod |
ltiauthenticator | 0.4.0 | 1.0.0 | Changelog | Run in the hub pod |
nativeauthenticator | 0.0.6 | 0.0.6 | Changelog | Run in the hub pod |
jupyterhub-idle-culler | 1.0 | 1.0 | - | Run in the hub pod |
configurable-http-proxy | 4.2.2 | 4.2.2 | Changelog | Run in the proxy pod |
traefik | v2.3.2 | v2.3.7 | Changelog | Run in the autohttps pod |
kube-scheduler | v1.19.2 | v1.19.7 | - | Run in the user-scheduler pod(s) |
For a detailed list of how Python dependencies have change in the hub
Pod's Docker image, inspect the images/hub/requirements.txt file.
- ci: automatically scan and patch our images for known vulnerabilities #1942 (@consideRatio)
- Fix failure to block insecure metadata server IP #1950 (@consideRatio)
- Enable hub livenessProbe by default and relax hub/proxy probes #1941 (@consideRatio)
- Disable PDBs for hub/proxy, add PDB for autohttps, and relocate config proxy.pdb to proxy.chp.pdb #1938 (@consideRatio)
- dep: bump traefik (autohttps pod) from v2.3.2 to v2.3.7 #1986 (@consideRatio)
- k8s: update Ingress / PriorityClass apiVersions #1983 (@consideRatio)
- dep: bump kube-scheduler from 1.19.2 to 1.19.7 #1981 (@consideRatio)
- singleuser-sample image: bump jupyerhub to 1.3.0 #1961 (@consideRatio)
- build(deps): bump jupyterhub from 1.2.2 to 1.3.0 in /images/hub #1959 (@dependabot)
- Vulnerability patch in network-tools #1947 (@github-actions)
- hub image: bump jupyterhub-kubespawner from 0.14.1 to 0.15.0 in /images/hub #1946 (@dependabot)
- Helm template linting - remove extra space #1945 (@DArtagan)
- hub image: bump jupyterhub-hmacauthenticator from 0.1 to 1.0 in /images/hub #1944 (@dependabot)
- add hub.config passthrough and use it for all auth config #1943 (@consideRatio)
- hub image: bump ltiauthenticator to 1.0.0 and oauthenticator to 0.12.3 #1932 (@consideRatio)
- bump oauthenticator to 0.12.2 #1925 (@minrk)
- docs: 100% MyST Markdown #1974 (@consideRatio)
- docs: remove unused config of esoteric sphinx builders #1969 (@consideRatio)
- docs: fix the dynamically set version of chart/jupyterhub #1968 (@consideRatio)
- Adds a linebreak #1957 (@arokem)
- Fixes link to authentication guide from user-management.md #1955 (@arokem)
- Adds cli command for finding the k8s version on Azure. #1954 (@arokem)
- ci: accept helm lint --strict failure, but ensure GitHub UI warns #1985 (@consideRatio)
- ci: replace kubeval with helm template --validate #1984 (@consideRatio)
- ci: use extracted github action for namespace report #1980 (@consideRatio)
- ci: add another upgrade test and provide a template rendering diff #1978 (@consideRatio)
- ci: linkcheck rework: avoid duplicated build, add colors, make it fail loud #1976 (@consideRatio)
- ci: run tests conditionally on changed paths #1975 (@consideRatio)
- ci: use k3s-channel instead of k3s-version #1973 (@consideRatio)
- ci: full_namespace_report improvements for restartCount > 0 #1971 (@consideRatio)
- pre-commit: chartpress --reset on Chart.yaml/values.yaml changes #1970 (@consideRatio)
- ci: full_namespace_report function improved #1967 (@consideRatio)
- ci: dependabot, add notes to config, fix singleuser-sample config #1966 (@consideRatio)
- ci: let pytest keep running even if one test has failed #1965 (@consideRatio)
- ci: help dependabot only trigger one set of tests #1964 (@consideRatio)
- ci: remove yaml anchors from dependabot config #1963 (@consideRatio)
- ci: Test against k8s 1.20 #1956 (@consideRatio)
- ci: vuln scan fix #1953 (@consideRatio)
- ci: let dependabot update used GitHub action's versions #1949 (@consideRatio)
- ci: let dependabot update jupyterhub, replace JUPYTERHUB_VERSION with PIP_OVERRIDES #1948 (@consideRatio)
- ci: automatically scan and patch our images for known vulnerabilities #1942 (@consideRatio)
- ci: action-k3s-helm was moved to jupyterhub #1939 (@manics)
- ci: fix of intermittent netpol test failure #1933 (@consideRatio)
(GitHub contributors page for this release)
@arokem | @betatim | @chicocvenancio | @choldgraf | @consideRatio | @DArtagan | @dependabot | @github-actions | @manics | @minrk | @naterush | @rokroskar | @yuvipanda
This release is a security workaround for jupyterhub/oauthenticator described in https://github.com/jupyterhub/oauthenticator/security/advisories/GHSA-384w-5v3f-q499.
Please don't use versions 0.10.0 - 0.10.5 and upgrade to 0.10.6 or later. If any users have been authorized during usage of 0.10.0 - 0.10.5 who should not have been, they must be deleted via the API or admin interface, per the documentation.
This release bumps the JupyterHub version from 1.2.1 to 1.2.2. See JupyterHub's changelog for more information.
- image: bump JupyterHub to 1.2.2 from 1.2.1 for bugfixes #1924 (@consideRatio)
(GitHub contributors page for this release)
A patch release to patch a bug in the dependency oauthenticator that made users have their servers spawn before they had the chance to choose a server configuration if c.KubeSpawner.profile_list was configured.
- hub image: bump oauthenticator and prometheus-client #1918 (@consideRatio)
(GitHub contributors page for this release)
This release contain minor enhancements and bugfix in a dependency that could have resulted in unwanted hub pod restarts. Helm 2.16+ has been explicitly required, which it should had been already in 0.10.0.
Please be aware that Helm 2 has reached its end of life and won't get any security patches any more. We aim to drop support of Helm 2 soon to be able to rely on Helm 3 features.
- Configurable resource requests for hook-image-awaiter #1906 (@consideRatio)
- Add use_lookup_dn_username parameter for LDAP #1903 (@JarnoRFB)
- Allow exposing extra ports in autohttps/traefik deployment #1901 (@yuvipanda)
- prePuller.extraTolerations added for the image-puller daemonsets #1883 (@jerkern)
- hub image: kubernetes 12.0.1, nativeauth 0.0.6, tornado 6.1 #1912 (@consideRatio)
- hub image: kubernetes 12.0.1, nativeauth 0.0.6, tornado 6.1 #1912 (@consideRatio)
- Require helm v2.16.0 explicitly and minor CI updates #1911 (@consideRatio)
- CI: make upgrades more robust and skip 1m precautionary sleep #1904 (@consideRatio)
- CI: publish with helpful commit message #1898 (@consideRatio)
- Replace Travis with GitHub workflow #1896 (@manics)
- Avoid harmless error in user-scheduler #1895 (@consideRatio)
- removal: contributors script #1669 (@consideRatio)
- Update jupyterhub extension documentation to specify namespace #1909 (@plant99)
- DOCS: Adding note on limit to guarantee ratio #1897 (@choldgraf)
- Changelog for 0.10.2 #1893 (@consideRatio)
(GitHub contributors page for this release)
@betatim | @choldgraf | @consideRatio | @JarnoRFB | @jerkern | @manics | @minrk | @plant99 | @tirumerla | @yuvipanda
A bugfix release to add securityContext configuration on all the containers in the image-puller pods, which can be needed when a k8s PodSecurityPolicy is forcing pods to startup as non-root users.
Note that whoever need to comply with a strict PodSecurityPolicy will also need to --set singleuser.cloudMetadata.blockWithIptables=false
, but should read this documentation before doing so.
- Add securityContext to all image-puller pods' containers #1892 (@consideRatio)
- Changelog for 0.10.1 #1890 (@consideRatio)
(GitHub contributors page for this release)
A bugfix release simply updating JupyterHub to 1.2.1. JupyterHub 1.2.1 fixes a regression related to registered JupyterHub services using the oauth_no_confirm
configuration.
- Use JupyterHub 1.2.1 - fixes regression for external JH services' oauth_no_confirm config #1889 (@minrk)
- Fix CI that broke as assumptions changed about latest published version #1887 (@consideRatio)
- Update changelog for 0.10.0 release #1886 (@consideRatio)
(GitHub contributors page for this release)
This release makes the deployment more robust, and enhances users ability to configure the Helm chart in general. Some defaults have been changed allowing the Helm chart to easier comply with PodSecurityPolicies by default.
-
KubeSpawner was updated to include a breaking change influencing users of named servers.
Security fix: CVE-2020-15110 / GHSA-v7m9-9497-p9gr. When named-servers are enabled, certain username patterns, depending on authenticator, could allow collisions. The default named-server template is changed to prevent collisions, meaning that upgrading will lose associations of named-servers with their PVCs if the default templates are used. Data should not be lost (old PVCs will be ignored, not deleted), but will need manual migration to new PVCs prior to deletion of old PVCs.
-
Anyone relying on configuration in the
proxy.https
section are now explicitly required to setproxy.https.enabled
totrue
. -
Anyone using
hub.imagePullSecret
orsingleuser.imagePullSecret
should now instead use the chart wideimagePullSecret
with the same syntax which will be helping all the JupyterHub pod's get images from a private image registry. For more information, see the configuration reference. -
Predefined Kubernetes NetworkPolicies are now created by default, explicitly describing allowed incoming (ingress) and outgoing (egress) network communication for the hub, proxy, and user pods. These
NetworkPolicy
resources are very permissive on the outgoing traffic (egress), but is limiting the incoming traffic to what is known to be needed.Note that these NetworkPolicies only influence network communication in a Kubernetes cluster if a NetworkPolicy controller enforce them, such as Calico.
Also note that if network policies are enforced, you can safely stop actively blocking access to so called cloud metadata servers for the user pods by setting
singleuser.cloudMetadata.blockWithIptables=false
.See the security documentation and the configuration reference for more details.
-
The Helm chart configuration
proxy.networkPolicy
has been removed,proxy.chp.networkPolicy
(proxy pod) andproxy.traefik.networkPolicy
(autohttps pod) must be used instead. -
The Helm chart configuration
proxy.containerSecurityContext
is renamed toproxy.chp.containerSecurityContext
. -
The k8s ConfigMap
hub-config
k8s Secrethub-secret
are now merged intohub-secret
, which will affect anyone who use thehub.existingSecret
option.
- Environment variables in pods with K8S config. An ability to configure environment variables in pods with a k8s native syntax has been added. This allows you to reference and mount a field in a k8s Secret as an environment variable for example. For more information, read about extraEnv in the configuration reference.
- Configure secrets for all pods via the helm chart. imagePullSecrets for all the pods in the Helm chart can now be configured chart wide. See the configuration reference about imagePullSecret and imagePullSecrets for more details.
- Pod security is easier to use and configure. Deploying the Helm chart in a cluster with a PodSecurityPolicy active is now
easier, because the pods' containers now have
securityContext
set on them to run with relatively low permissions which are also configurable if needed. - More reliable TLS certificates. The
autohttps
pod that is running to acquire TLS certificates ifproxy.https.type=letsencrypt
is now more reliably acquiring certificates. If you currently have such issue, dokubectl delete deploy/autohttps
andkubectl delete secret proxy-public-tls-acme
and then deploy the Helm chart again withhelm upgrade
.
Dependency | Version in previous release | Version in this release | Changelog link | Note |
---|---|---|---|---|
jupyterhub | 1.1.0 | 1.2.0 | Changelog | Run in the hub pod |
kubespawner | 0.11.1 | 0.14.1 | Changelog | Run in the hub pod |
oauthenticator | 0.11.0 | 0.12.0 | Changelog | Run in the hub pod |
ldapauthenticator | 1.3.0 | 1.3.2 | Changelog | Run in the hub pod |
ltiauthenticator | 0.4.0 | 0.4.0 | Changelog | Run in the hub pod |
nativeauthenticator | 0.0.5 | 0.0.5 | Changelog | Run in the hub pod |
jupyterhub-idle-culler | - | v1.0 | - | Run in the hub pod |
configurable-http-proxy | 4.2.1 | 4.2.2 | Changelog | Run in the proxy pod |
traefik | v2.1 | v2.3.2 | Changelog | Run in the autohttps pod |
kube-scheduler | v1.13.12 | v1.19.2 | - | Run in the user-scheduler pod(s) |
For a detailed list of how Python dependencies have change in the hub
Pod's
Docker image, inspect the images/hub/requirements.txt file.
- Allow adding extra labels to the traefik pod #1862 (@yuvipanda)
- Add proxy.service.extraPorts to add ports to the k8s Service proxy-public #1852 (@yuvipanda)
- netpol: allowedIngressPorts and interNamespaceAccessLabels config added with defaults retaining 0.9.1 current behavior #1842 (@consideRatio)
- hub.command and hub.args configuration added #1840 (@cbanek)
- Add nodeSelector and tolerations config for all pods of Helm chart #1827 (@stevenstetzler)
- Added config prePuller.pullProfileListImages #1818 (@consideRatio)
- Added config option: proxy.chp.extraCommandLineFlags #1813 (@consideRatio)
- Set container securityContext by default #1798 (@consideRatio)
- Support chart wide and pod specific config of imagePullSecrets #1794 (@consideRatio)
- Added proxy.chp.extraEnv and proxy.traefik.extraEnv configuration #1784 (@agrahamlincoln)
- Remove memory / cpu limits for pre-puller #1780 (@yuvipanda)
- Add additional liveness and readiness probe properties #1767 (@rmoe)
- Minimal and explicit resource requests for image-puller pods #1764 (@consideRatio)
- hook-image-puller: -pod-scheduling-wait-duration flag added for reliability during helm upgrades #1763 (@consideRatio)
- Make continuous image puller pods evictable #1762 (@consideRatio)
- hub.extraEnv / singleuser.extraEnv in dict format to support k8s EnvVar spec #1757 (@consideRatio)
- Add config for hub/proxy/autohttps container's securityContext #1708 (@mriedem)
- Add annotations to image puller pods #1702 (@duongnt)
- fix: intentionally error on missing Let's Encrypt contact email configuration #1701 (@consideRatio)
- Add services API tokens in hub-secret #1689 (@betatim)
- Tweaking readiness/liveness probe: faster startup #1671 (@consideRatio)
- Tighten and flesh out networkpolicies #1670 (@consideRatio)
- DX: k3s/k3d instead of kind & CI: autohttps testing #1664 (@consideRatio)
- autohttps: instant secret-sync shutdown #1659 (@consideRatio)
- Use DNS names instead of IPv4 addresses to be IPv6 friendly #1643 (@stv0g)
- autohttps: traefik's config now configurable and in YAML #1636 (@consideRatio)
- Feat: autohttps readinessProbe for quicker validated startup and shutdown #1633 (@consideRatio)
- switching to myst markdown in docs #1628 (@choldgraf)
- Bind proxy on IPv4 and IPv6 for dual stack support #1624 (@stv0g)
- Do not hardcode IPv4 localhost address for IPv6 compatibility #1623 (@stv0g)
- enable network policy by default #1271 (@minrk)
- Allow configuration of Kuberspawner's pod_name_template #1144 (@tmshn)
- Bump KubeSpawner to 0.14.1 to fix a bug in 0.14.0 about image_pull_secrets #1868 (@consideRatio)
- netpol: allowedIngressPorts and interNamespaceAccessLabels config added with defaults retaining 0.9.1 current behavior #1842 (@consideRatio)
- user-scheduler: let image locality etc matter again #1837 (@consideRatio)
- Add retryable HTTP client to image-awaiter #1830 (@bleggett)
- prePuller: fix recently introduced regression #1817 (@consideRatio)
- userScheduler: only render associated PDB resource if userScheduler itself is enabled #1812 (@consideRatio)
- Fix same functionality for proxy.traefik.extraEnv as other extraEnv #1808 (@consideRatio)
- Set container securityContext by default #1798 (@consideRatio)
- Relax hook-image-puller to make upgrades more reliable #1787 (@consideRatio)
- Updates to user-scheduler's coupling to the kube-scheduler binary #1778 (@consideRatio)
- https: Only expose port 443 if we really have HTTPS on #1758 (@yuvipanda)
- jupyterhub existing image pull secret configuration load bug fixed #1727 (@mpolatcan)
- fix: jupyterhub services without apiToken was ignored #1721 (@consideRatio)
- fix: autohttps cert acquisition stability fixed #1719 (@consideRatio)
- Enable the user scheduler to pay attention to CSI volume count #1699 (@rschroll)
- secret-sync: selective write to secret / functional logs #1678 (@consideRatio)
- Tighten and flesh out networkpolicies #1670 (@consideRatio)
- use jupyterhub 1.2.0 #1884 (@minrk)
- Update Travis CI badge following .org -> com migration #1882 (@consideRatio)
- Remove globus_sdk and update various Docker images #1881 (@consideRatio)
- Complementary fix to recent aesthetics PR #1878 (@consideRatio)
- Helm template aesthetics fixes #1877 (@consideRatio)
- Added rediraffe redirecgtion #1876 (@NerdSec)
- Bump OAuthenticator to 0.12.0 from 0.11.0 #1874 (@consideRatio)
- Dependency: bump proxy pods image of CHP to 4.2.2 for bugfixes and docker image dependency updates #1873 (@consideRatio)
- Pin Traefik to v2.3.2 for cert acquisition stability #1859 (@consideRatio)
- CI: Add logs for autohttps pod on failure to debug intermittent issue #1855 (@consideRatio)
- CI: Try to improve test stability and autohttps cert aquisition reliability #1854 (@consideRatio)
- CI: bump k3s and helm versions #1848 (@consideRatio)
- Add dependabot config to update dependencies automatically #1844 (@jgwerner)
- try out jupyterhub 1.2.0b1 #1841 (@minrk)
- Remove unnecessary Dockerfile build step #1833 (@bleggett)
- Add schema.yaml and validate.py to .helmignore #1832 (@consideRatio)
- CI: reorder ci jobs to provide relevant feedback quickly #1828 (@consideRatio)
- Revert recent removal of image-pulling related to cloudMetadata blocker #1826 (@consideRatio)
- Add maintainers / owners to register with Artifact Hub #1820 (@consideRatio)
- CI: fix RTD builds on push to master #1816 (@consideRatio)
- deprecation: warn when proxy.https is modified and proxy.https.enabled=true #1807 (@consideRatio)
- Soft deprecate singleuser.cloudMetadata.enabled in favor of blockWithIptables #1805 (@consideRatio)
- hub livenessProbe: bump from 1m to 3m delay before probes are sent #1804 (@consideRatio)
- hub image: bump kubespawner to 0.14.0 #1802 (@consideRatio)
- ci: bump helm to 3.3.2 and test with k8s 1.19 also #1783 (@consideRatio)
- user-scheduler: tweak modern configuration #1782 (@consideRatio)
- Update to newer version of 'pause' container #1781 (@yuvipanda)
- Remove memory / cpu limits for pre-puller #1780 (@yuvipanda)
- Updates to user-scheduler's coupling to the kube-scheduler binary #1778 (@consideRatio)
- hub: Switch base image to latest LTS #1772 (@yuvipanda)
- CI: Add test for singleuser.extraEnv #1769 (@consideRatio)
- Bump KubeSpawner to 0.13.0 #1768 (@consideRatio)
- CI: always publish helm chart on push to master #1765 (@consideRatio)
- Bump traefik (autohttps pod) to v2.3 #1756 (@consideRatio)
- Update JupyterHub's python package dependencies #1752 (@jgwerner)
- Fix travis by pinning docker python package version #1743 (@chancez)
- update kubespawner to 0.12 #1722 (@minrk)
- k8s api compatibility: add conditional to ingress apiVersion #1718 (@davidsmf)
- Upgrade libc to patch vulnerability in hub img #1715 (@meneal)
- Autohttps reliability fix: bump traefik version #1714 (@consideRatio)
- k8s-hub img rebuild -> dependencies refrozen #1713 (@consideRatio)
- removing circleci #1711 (@choldgraf)
- Complexity reduction - combine passthrough values.yaml data in hub-config (k8s configmap) to hub-secret (k8s secret) #1682 (@consideRatio)
- secret-sync: selective write to secret / functional logs #1678 (@consideRatio)
- DX: k3s/k3d instead of kind & CI: autohttps testing #1664 (@consideRatio)
- cleanup: remove old deploy secret #1661 (@consideRatio)
- RTD build fix: get correct version of sphinx #1658 (@consideRatio)
- Force sphinx>=2,<3 for myst_parser #1657 (@consideRatio)
- Use idle culler from jupyterhub-idle-culler package #1648 (@yuvipanda)
- Refactor: reference ports by name instead of repeating the number #1645 (@consideRatio)
- DX: refactor helm template #1635 (@consideRatio)
- CI: fix sphinx warnings turned into errors #1634 (@consideRatio)
- Dep: Bump deploy/autohttps's traefik to v2.2 #1632 (@consideRatio)
- DX: more recognizable port numbers #1631 (@consideRatio)
- Add back Helm chart badge for latest pre-release (alpha, beta) #1879 (@consideRatio)
- Added rediraffe redirecgtion #1876 (@NerdSec)
- docs: fix edit button, so it doesn't go to a 404 page #1864 (@consideRatio)
- Fix link to Hub23 docs #1860 (@sgibson91)
- Provide links to Hub23 deployment guide #1850 (@sgibson91)
- docs: clarify user-placeholder resource requests #1835 (@consideRatio)
- Change doc structure #1825 (@NerdSec)
- Remove mistakenly introduced artifact #1824 (@consideRatio)
- fixing broken links #1823 (@choldgraf)
- README.md: badges for the helm chart repo to go directly to the relevant view #1815 (@consideRatio)
- Docs: fix some sphinx warnings #1796 (@consideRatio)
- Fix legacy version in DigitalOcean Kubernetes setup doc #1788 (@subwaymatch)
- Add terraform resources to the community resources section #1776 (@salvis2)
- Docs: fixes to outdated links found by the linkchecker #1770 (@consideRatio)
- Leave a comment about where HUBSERVICE* values come from #1766 (@mriedem)
- Unindent lines to fix the bug in "Specify certificate through Secret resource" #1755 (@salvis2)
- [Documentation] Authenticating with Auth0 #1736 (@asubb)
- Docs/schema.yaml patches #1735 (@rubdos)
- Fix broken link to Jupyter contributor guide #1729 (@sgibson91)
- Fix link #1728 (@JarnoRFB)
- docs: myst-parser deprecation adjustment #1723 (@consideRatio)
- docs: fix linkcheck warning #1720 (@consideRatio)
- Docs: fix squeezed logo, broken links, and strip unused CSS and templates #1710 (@consideRatio)
- Add documentation to create a Kubernetes cluster on OVH #1704 (@jtpio)
- DX: final touches on CONTRIBUTING.md #1696 (@consideRatio)
- Update Google auth to use a list for hosted_domain #1695 (@petebachant)
- Simplify setting up JupyterLab as default #1690 (@yuvipanda)
- Use --num-nodes instead of --size to resize gcloud cluster #1688 (@aculich)
- docs: fix broken links #1687 (@consideRatio)
- Change helm chart version in setup documentation #1685 (@ivanpokupec)
- Docs: assume usage of helm3 over deprecated helm2 #1684 (@GeorgianaElena)
- removal: Vagrant for local dev #1668 (@consideRatio)
- docs: fixed links #1666 (@consideRatio)
- DX: k3s/k3d instead of kind & CI: autohttps testing #1664 (@consideRatio)
- Reference static ip docs #1663 (@GeorgianaElena)
- Docs: remove too outdated cost-calculator #1660 (@consideRatio)
- Update create service principle command. #1654 (@superyaniv)
- proxy.service.type: Default is different from hub.service.type #1647 (@manics)
- Fix user storage customization variable #1640 (@bibz)
- Fix broken links in the Reference documentation #1639 (@bibz)
- Update index.rst #1629 (@deinal)
- AWS documentation fixes #1564 (@metonymic-smokey)
- add Auth0 configuration documentation #1436 (@philvarner)
A huge warm thank you for the collaborative effort in this release! Below we celebrate this specific GitHub repositories contributors, but we have reason to be thankful to soo many other contributors in the projects we depend on! Thank you everyone!
(GitHub contributors page for this release)
@01100010011001010110010101110000 | @ablekh | @aculich | @adi413 | @agrahamlincoln | @aguinaldoabbj | @Aisuko | @akaszynski | @albertmichaelj | @alexmorley | @amanda-tan | @arpitsri3 | @asubb | @aydintd | @bebosudo | @BertR | @betatim | @betolink | @bibz | @bleggett | @cam72cam | @carat64 | @cbanek | @cboettig | @chancez | @chicocvenancio | @choldgraf | @chrisroat | @clkao | @conet | @consideRatio | @craig-willis | @cslovell | @dalonlobo | @dalssaso | @danroliver | @DarkBlaez | @davidsmf | @deinal | @dimm0 | @dkipping | @dmpe | @donotpush | @duongnt | @easel | @echarles | @Edward-liang | @eric-leblouch | @erinfry6 | @etheleon | @farzadz | @filippo82 | @frankgu968 | @frouzbeh | @GeorgianaElena | @GergelyKalmar | @gsemet | @Guanzhou-Ke | @Gungo | @h4gen | @harsimranmaan | @hdimitriou | @hickst | @hnykda | @hqwl159 | @IamViditAgarwal | @ilhaan | @ivanpokupec | @jacobtomlinson | @jahstreet | @JarnoRFB | @jeremievallee | @jgerardsimcock | @jgwerner | @josibake | @JPMoresmau | @jreadey | @jtlz2 | @jtpio | @julienchastang | @jzf2101 | @kinow | @kristofmartens | @kyprifog | @leolb-aphp | @loki1978 | @ltupin | @lxylxy123456 | @manics | @mathematicalmichael | @meeseeksmachine | @meneal | @metonymic-smokey | @mhwasil | @minrk | @mjuric | @moorepants | @mpolatcan | @mriedem | @mrocklin | @NerdSec | @nscozzaro | @openthings | @pcfens | @perllaghu | @petebachant | @peterrmah | @philvarner | @prateekkhera | @rabernat | @RAbraham | @remche | @rkdarst | @rkevin-arch | @rmoe | @rnestler | @rschroll | @rubdos | @ryanlovett | @salvis2 | @sampathkethineedi | @scivm | @Sefriol | @sgibson91 | @sgloutnikov | @shenghu | @snickell | @sstarcher | @stefansedich | @stevenstetzler | @stv0g | @subwaymatch | @summerswallow-whi | @superyaniv | @support | @suryag10 | @TiemenSch | @tirumerla | @tjcrone | @tmshn | @TomasBeuzen | @tracek | @verdurin | @vindvaki | @vishwesh5 | @welcome | @willingc | @yuvipanda | @zxcGrace
This Helm chart release is mainly a maintenance release featuring the latest JupyterHub (1.1.0) and authenticators along with bug fixes and some additional helpful configuration options.
Noteworthy:
- An issue with automatic acquisition of HTTPS certificates has been resolved since 0.9.0-beta.3.
- Fixed a compatibility issue with Kubernetes 1.16+
- The
images/hub/requirements.txt
file in this repo can now be used to track what specific version has been used at any point in time. - jupyterhub-nativeauthenticator added to the JupyterHub Docker image.
Bumped dependencies:
- jupyterhub version 1.1.0
- jupyterhub-ldapauthenticator version 1.3.0
- jupyterhub-kubespawner version 0.11.1
- oauthenticator version 0.11.0
- kubernetes version 10.0.1
-
If you are using Helm 2, upgrade to the latest Helm 2 version. And if you are using Helm 3, upgrade to the latest Helm 3 version.
Upgrading to Helm 3 from Helm 2 requires additional steps not covered here, so for now please stay with your current major version of helm (2 or 3).
# Figure out what version you currently have locally, you should use # release of the same major version you have used before. helm version
Install either the latest Helm 2 or Helm 3 depending on what major version you currently had worked with.
# verify you successfully upgraded helm helm version # if you just upgraded helm 2, also upgrade tiller helm init --upgrade --service-account=tiller
-
Use
--cleanup-on-fail
when usinghelm upgrade
.Helm can enter a problematic state by a
helm
install or upgrade process which started creating Kubernetes resources, but then didn't finish at all or didn't finish successfully. It can cause resources created that helm will later come in conflict with.To mitigate this, we suggest always using
--cleanup-on-fail
with this Helm chart, it is a solid behavior that reduce a lot of head ache. -
If you use
--wait
, or--atomic
which implies--wait
: do not manually cancel the upgrade!If you would abort the upgrade when using
--wait
and Kubernetes resources has been created, resources will have been created that can cause conflict with future upgrades and require you to manually clean them up. -
Delete resources that could cause issues before upgrading.
# replace <NAMESPACE> below with where jupyterhub is installed kubectl delete -n <NAMESPACE> clusterrole,clusterrolebinding,role,rolebinding,serviceaccount,deployment,configmap,service -l component=autohttps
If you get an error similar to the one below, it is a symptom of having
attempted a helm upgrade
that failed where helm lost track of some newly
created resources. A good solution is to delete all of these resources and try
again.
# replace <NAMESPACE> below with where jupyterhub is installed
kubectl delete -n <NAMESPACE> clusterrole,clusterrolebinding,role,rolebinding,serviceaccount,deployment,configmap,service -l component=autohttps
To avoid this in the future, use --cleanup-on-fail
with the helm upgrade
command. It is not a fool proof way to avoid it, but . And note that even if that flag is used, an interupption for example during --wait
or --atomic
which implies --wait
, be
aware of an interruption while waiting can very likely cause this to arise on
the following upgrade attempt.
error: kind ConfigMap with the name "traefik-proxy-config" already exists in the cluster and wasn't defined in the previous release. Before upgrading, please either delete the resource from the cluster or remove it from the chart
- Bump configurable-http-proxy image #1598 (@consideRatio)
- fix: Bump to base-notebook with JH 1.1.0 etc #1588 (@bitnik)
- Docs: refactor/docs for local development of docs #1617 (@consideRatio)
- [MRG] sphinx: linkcheck in travis (allowed to fail) #1611 (@manics)
- [MRG] Sphinx: warnings are errors #1610 (@manics)
- pydata theme #1608 (@choldgraf)
- Small typo fix in doc #1591 (@sebastianpfischer)
- [MRG] Pin sphinx theme #1589 (@manics)
- init helm and tiller with history-max settings #1587 (@bitnik)
- Changelog for 0.9.0-beta.4 #1585 (@manics)
- freeze environment in hub image #1562 (@minrk)
- Add nativeauthenticator to hub image #1583 (@consideRatio)
- Add option to remove named server when culling #1558 (@betatim)
- jupyterhub-ldapauthenticator==1.3 #1576 (@manics)
- First-class azuread support, oauth 0.11 #1563 (@minrk)
- simplify hub-requirements #1560 (@minrk)
- Bump to base-notebook with JH 1.1.0 etc #1549 (@consideRatio)
- Fix removing of named servers when culled #1567 (@consideRatio)
- Added gitlab URL #1577 (@metonymic-smokey)
- Fix reference doc link #1570 (@clkao)
- Add contributor badge #1559 (@GeorgianaElena)
- Trying to clean up formatting #1555 (@jeremycadams)
- Remove unneeded directive in traefik config #1554 (@yuvipanda)
- Added documentation of secret https mode #1553 (@RossRKK)
- Helm 3 preview #1543 (@manics)
- Deploy jupyterhub 1.1.0 stable #1548 (@minrk)
- Bump chartpress for Helm 3 compatible dev releases #1542 (@consideRatio)
- Replace kube-lego + nginx ingress with traefik #1539 (@yuvipanda)
- Update step zero for Azure docs with commands to setup an VNet and network policy #1527 (@sgibson91)
- Fix duplicate docs label #1544 (@manics)
- Made GCP docs of compute zone names generic #1431 (@metonymic-smokey)
- Fix major breaking change if all HTTPS options was disabled introduced just before beta.1 #1534 (@dirkcgrunwald)
Some highlights of relevance for this release are:
- The default configuration is now catering to autoscaling clusters where nodes
can be added and removed, as compared to fixed clusters where there is only a
fixed amount of nodes. Set
scheduling.userScheduler.enabled
to false if you are on a fixed size cluster. - Kubernetes 1.16 compatibility achieved
- Updated dependencies
- jupyterhub==1.1.0b1
- kubernetes==0.10.1
- kubespawner==0.11.1
- oauthenticator==0.10.0
- Added ability to configure liveness/readiness probes on the hub/proxy #1480 (@mrow4a)
- Added ability to use an existing/shared image pull secret for hub and image pullers #1426 (@LaurentGoderre)
- Added ability to configure the proxy's load balancer service's access restrictions (
loadBalancerSourceRanges
) #1418 (@GergelyKalmar) - Added
user-scheduler
pod->node scheduling policy configuration #1409 (@yuvipanda) - Added ability to add additional ingress rules to k8s NetworkPolicy resources #1380 (@yuvipanda)
- Enabled the continuous image puller by default #1276 (@consideRatio)
- Added ability to configure initContainers of the hub pod #1274 (@scottyhq)
- Enabled the user-scheduler by default #1272 (@minrk)
- Added ability to use an existing jupyterhub configuration k8s secret for hub (not recommended) #1142 (@koen92)
- Added use of liveness/readinessProbe by default #1004 (@tmshn)
- Bump JupyterHub to 1.1.0b1 #1533 (@consideRatio)
- Update JupyterHub version #1524 (@bitnik)
- Re-add ltiauthenticator 0.4.0 to hub image #1519 (@consideRatio)
- Fix hub image dependency versions, disable ltiauthenticator, use chartpress==0.5.0 #1518 (@consideRatio)
- Update hub image dependencies and RELEASE.md regarding dependencies #1484 (@consideRatio)
- Bump kubespawner to 0.11.1 for spawner progress bugfix #1502 (@consideRatio)
- Updated hub image dependencies #1484 (@consideRatio)
- Updated kube-scheduler binary used by user-scheduler, kubespawner, kubernetes python client, and oauthenticator #1483 (@consideRatio)
- Bump CHP to 4.2.0 - we get quicker chart upgrades now #1481 (@consideRatio)
- Bump singleuser-sample #1473 (@consideRatio)
- Bump python-kubernetes to 9.0._ (later also to 10.0._) #1454 (@clkao)
- Bump tmpauthenticator to 0.6 (needed for jupyterhub 1.0) #1299 (@manics)
- Include jupyter-firstuseauthenticator. #1288 (@danielballan)
- Bump jupyterhub to 1.0.0 (later also to a post 1.0.0 commit) #1263 (@minrk)
- Bump CHP image to 4.1.0 from 3.0.0 (later to 4.2.0) #1246 (@consideRatio)
- Bump oauthenticator 0.8.2 (later to 0.10.0) #1239 (@minrk)
- Bump jupyterhub to 1.0b2 (later to an post 1.0.0 commit) #1224 (@minrk)
- Workaround upstream kubernetes issue regarding https health check #1531 (@sstarcher)
- User-scheduler RBAC permissions for local-path-provisioner + increase robustness of hub.baseUrl interaction with the hub deployments health endpoint #1530 (@cutiechi)
- Fixing #1300 User-scheduler doesn't work with rancher/local-path-provisioner #1516 (@cgiraldo)
- Move z2jh.py to a python and linux distribution agnostic path #1478 (@mrow4a)
- Bugfix for proxy upgrade strategy in PR #1401 #1404 (@consideRatio)
- Use recreate CHP proxy pod's deployment strategy #1401 (@consideRatio)
- Proxy deployment: Change probes to https port #1378 (@chicocvenancio)
- Readiness and liveness probes re-added #1361 (@consideRatio)
- Use 443 as https port or redirection. FIX #806 #1341 (@chicocvenancio)
- Revert "Configure liveness/readinessProbe" #1356 (@consideRatio)
- Ensure helm chart configuration is passed to JupyterHub where needed #1338 (@bitnik)
- Make proxy redirect to the service port 443 instead of the container port 8443 #1337 (@LucidNeko)
- Disable becoming root inside hub and proxy containers #1280 (@yuvipanda)
- Configure KubeSpawner with the
singleuser.image.pullPolicy
properly #1248 (@vmarkovtsev) - Supply
hub.runAsUser
for the hub at the container level instead of the pod level #1240 (@tmc) - Relax HSTS requirement on subdomains #1219 (@yuvipanda)
- typo #1529 (@raybellwaves)
- fix link to Helm chart best practices #1523 (@rpwagner)
- Adding Globus to the list of users #1522 (@rpwagner)
- Missing page link for our RBAC documentation #1508 #1514 (@n3o-Bhushan)
- Correction of warnings from: make html #1513 (@consideRatio)
- Fixing URL for user-management documentation #1511 #1512 (@n3o-Bhushan)
- DOC: fixing authentication link in user customization guide #1510 (@n3o-Bhushan)
- DOC: fix kubernetes setup link #1505 (@raybellwaves)
- Update changelog for 0.9.0-beta.1 #1503 (@consideRatio)
- Fix broken link in architecture.rst #1488 (@amcnicho)
- Bump kind to 0.6.0 and kindest/node versions #1487 (@clkao)
- Avoid rate limiting for k8s resource validation #1485 (@consideRatio)
- Switching to the Pandas Sphinx theme #1472 (@choldgraf)
- Add vi / less to hub image #1471 (@yuvipanda)
- Added existing pull secrets changes from PR #1426 to schema #1461 (@sgloutnikov)
- Chart upgrade tests #1459 (@consideRatio)
- Replaced broken links in authentication document #1449 #1457 (@n3o-Bhushan)
- Fix typo in home page of docs #1456 (@celine168)
- Use helm 2.15.1 #1453 (@consideRatio)
- Support CD with git tags #1450 (@consideRatio)
- Added Laurent Goderre as contributor #1443 (@LaurentGoderre)
- Note about future hard deprecation #1441 (@consideRatio)
- Fix link formatting for ingress.enabled #1438 (@jtpio)
- CI rework - use kind, validate->test->publish, contrib and release rework #1422 (@consideRatio)
- Mounting jupyterhub_config.py etc. #1407 (@consideRatio)
- Ignore venv files #1388 (@GeorgianaElena)
- Added example for populating notebook user home directory #1382 (@gareth-j)
- Fix typo in jupyterhub_config.py comment #1376 (@loganlinn)
- Fixed formatting error in links #1363 (@tlkh)
- Instructions for adding GPUs and increasing shared memory #1358 (@tlkh)
- delete redundant prepuller documentation #1348 (@bitnik)
- Add py-spy to hub image #1327 (@yuvipanda)
- Changing Azure Container Service to Azure Kubernetes Service #1322 (@seanmck)
- add explanation for lifecycle_hooks in kubespawner_override #1309 (@clancychilds)
- Update chart version to 0.8.2 in the docs #1304 (@jtpio)
- Fix azure cli VMSSPreview feature register command #1298 (@dazzag24)
- Unbreak git build #1294 (@joshbode)
- Update Dockerfile to JH 1.0 #1291 (@vilhelmen)
- Fix a couple of mistakes in Google Kubernetes instructions #1290 (@astrofrog)
- Suggest quotes around tag. #1289 (@danielballan)
- hub: Add useful debugging tools to hub image #1279 (@yuvipanda)
- Clean up a line in the CI logs #1278 (@consideRatio)
- Fix prePuller.extraImages linting etc #1275 (@consideRatio)
- Fixed minor bug in google pricing calculator #1264 (@noahbjohnson)
- [MRG] Update to Docs: Deploying an Autoscaling Kubernetes cluster on Azure #1258 (@sgibson91)
- Update to Docs: Add Azure scale command to Expanding/Contracting Cluster section #1256 (@sgibson91)
- removing extra buttons #1254 (@choldgraf)
- test appVersion in Chart.yaml #1238 (@minrk)
- Adjusts whitespace for a code block in AWS instructions. #1237 (@arokem)
- Change heading of multiple-profiles section #1236 (@moschlar)
- Suggest Discourse in issue template #1234 (@manics)
- Added OAuth callback URL to keycloak OIDC example #1232 (@sgloutnikov)
- Updated notes, pod status to Running #1231 (@sgloutnikov)
- Updated AWS EKS region-availability statement. #1223 (@javabrett)
- Fix the default value of lifecycleHooks #1218 (@consideRatio)
- Update user-environment.rst #1217 (@manycoding)
- Add Digital Ocean Cloud Instructions for Kubernetes #1192 (@alexmorley)
Bumped the underlying JupyterHub to 0.9.6.
Bumped the underlying JupyterHub to 0.9.5.
[0.8.0] - Richie Benaud - 2019-01-24
This release contains JupyterHub version 0.9.4. It requires Kubernetes >= 1.11 and Helm >= 2.11.0. See the Helm Chart repository for a list of relevant dependencies for all Helm Chart versions.
It contains new features, additional configuration options, and bug fixes.
To upgrade your cluster:
-
backup your hub-db-dir persistent volume and previous configuration files, to be safe
-
read changes here and make any needed updates to your configuration
-
upgrade the chart:
helm repo update helm upgrade $RELEASE --force --version 0.8.0 --values config.yaml
The --force
flag allows deletion and recreation of objects
that have certain changes, such as different labels,
which are forbidden otherwise.
- Github organisation OAuth:
auth.github.org_whitelist
has been renamed toauth.github.orgWhitelist
to be consistent with helm's camelCase style
If you encounter issues with upgrades, check for changed configuration in this document, and make sure your config is up to date.
If you aren't able to get the upgrade to work, you can rollback to a previous version with:
helm rollback $RELEASE
Feel free to ping us on gitter if you have problems or questions.
Profile information is now passed through to KubeSpawner. This means you can specify multiple user profiles that users can select from when they log in. (#402)
Improvements to the Helm Chart to let users specify private information that lets the Hub pull from private Docker registries. New information includes Kubernetes Secrets, an email field, large JSON blobs in the password field (required in order to pull from a private gcr.io registry from an external cluster).
It also ensures that the image puller DaemonSets have the same credentials to pull the images.
(thanks to @AlexMorreale) #851
#891
Want to make your autoscheduler work efficiently? Then you should schedule pods to pack tight instead of spread out. The user scheduler accomplishes this.
- Pod priority and User placeholders - #929
Want to scale up before users arrive so they don't end up waiting for the node to pull an image of several gigabytes in size? By adding a configurable fixed amount of user placeholder pods with a lower pod priority than real user pods, we can accomplish this. It requires k8s v1.11 though.
- preferScheduleNextToRealUsers - improves autoscaling - #930 This setting slightly improves the ability for a cluster autoscaler to scale down by increasing the likelihood of user placeholders being left alone on a node rather than real users. Real users can't be moved around while user placeholder pods can
- Update jupyterhub to 0.9.4
- Update kubespawner to 0.10.1
- Allow setting of storage labels - #924
- Tolerations for node taints - #925
- Making the core and user pods affinity have configurable presets - #927
- Improved linting and validation + CI integration - #844
- Improved CI tests - #846
- Cleanup of orphaned files - #842 Two files were left unused in the repo.
- cull.maxAge bugfix - #853
cull.maxAge
previously didn't influence the culler service, as the value was never consumed. This is fixed by a single one line commit in a PR. - No more duplicates of puller pods - #854
Nobody wants pods running that does nothing. By using the new
before-hook-creation
value for thedeletion-policy
Helm hook together with a single name for our Helm hook resources, we can ensure never having orphaned image pullers. - Remove pod-culler image - #890 #919 Before JupyterHub 0.9 the pod-culler was a standalone pod with a custom image. But now it is a internal service of the JupyterHub pod, so in this PR we slim the remnant code.
- Upgrade to k8s 1.9 APIs - #920
Migrate to more stable K8s resource APIs from
beta
. - Update of the singleuser-sample image - #888
git
andnbgitpuller
are now available by default - Switch to using a StatefulSet for the Hub * The Hub should perhaps be a StatefulSet rather than a Deployment as it tends to be tied to a PV that can only be mounted by one single Hub. See this issue: helm/charts#1863
- Show users deprecation and error messages when they use certain deprecated
configuration (e.g.
hub.extraConfig
as a single string) or incompatible combinations. - Updates to the guide - #850
- Updates to inline documentation - #939
(excerpt from https://www.cricket.com.au/players/richie-benaud/gvp5xSjUp0q6Qd7IM5TbCg)
Possibly the most iconic man in Australian cricket, Richie Benaud enjoyed a career spanning nearly 70 years in the game. On the field, he scored 767 runs at 19.66 in his 27 matches against England, while he also picked up 83 wickets. Off the field, he has been just as important. His commentary has been second to none since making his radio debut in 1960.
While playing for Australia, fans flocked to the cricket to watch Benaud led sides dominate whoever they played. The late 1950’s to early 1960’s was a golden period in Australian cricket, with players such as Simpson, Lawry and Harvey scoring runs, while Benaud and Davidson did the damage with the ball.
Richie Benaud was responsible for resurrecting cricket in this country. The world was changing at that time, and so was cricket. It was being shown on television for the first time, while radio coverage was becoming more advanced. Benaud felt he had a duty to the Australian public to make the game more entertaining. Sure, you could argue that the 1961 series was dull, but at least Australia retained the Ashes. Nobody will forget the tied Test against the West Indies, or Benaud’s audacious move to bowl around the wicket in Manchester.
Benaud is credited with popularising the tactics we see today. Huddles after a wicket were born in the Benaud era. Declaring just before stumps in a bid to steal a late wicket was something he thrived upon. Bowling into the rough is now seen as common practice.
Benaud was also prepared to try new things with the ball. He worked very hard on perfecting his wrong’un, the flipper and the top-spinner. His leg-spinner even had variety to it, making him one of the most complete tweakers at the time.
His leadership earned him respect immediately. Players loved being guided the likeable larrikin from Penrith. He looked after everyone both as a team, but also on an individual basis. His teammates trusted his innovative ideas, while he trusted them to execute them to the fullest.
For most Australians, summer means cricket. And cricket means hearing the dulcet tones of their favourite commentator, Richie Benaud. From the cream coloured suit, to the witty repartee with his colleagues, Benaud is the complete package
This release wouldn't have been possible without the wonderful contributors to the zero-to-jupyterhub, and KubeSpawner repos. We'd like to thank everyone who contributed in any form - Issues, commenting on issues, PRs and reviews since the last Zero to JupyterHub release.
(Frank) Yu Cheng Gu 1160300422-RenQJ 1kastner 2efper A. Tan Aadi Deshpande abremirata28 AcademicAdmin Adam Huffman Adrian Wilke Akanksha Bhardwaj Akhil Lawrence Al Johri AlbanWende Alejandro del Castillo Aleksandr Blekh Alex Morreale Alex Newman Alexander Comerford Alexander Sadleir amangarg96 Amirahmad Khordadi Andreas Hilboll andregouveiasantana Andrew Andrew Catellier angelikamukhina Anton Khodak arcady-genkin Ariel Rokem Arne Küderle atne2008 awalther Ben Zipperer Beneath Benjamin Egelund-Müller BertR bharathwgl bing-he bjyxmas bpoettinger Brad Skaggs Braden Brian E. Granger Bruno P. Kinoshita brynjsmith Calvin Canh Tran camer314 Carol Willing Caspian cfoisy-osisoft ChanakyaBandara chang-zhijie Chao Wang Chen Zhiwei Chester Li Chia-liang Kao Chris Holdgraf Chris Seal Christian Alis Christian Mesh chrlunden Clancy Childs Clemens Tolboom cmw2196 Cody Scott Craig Willis cristofercri Curtis Maves cybertony Daisuke Taniwaki Dalon Lobo danamer Daniel Bachler Daniel Chalef Daniel Hnyk danielpcs Danny H DataVictorEngineer Dave Hirschfeld Dave Porter David Andersen David John Gagne Davide Deleted user Denis Shestakov Dennis Kipping Derek Ludwig DerekHeldtWerle DewinGoh Diogo djknight1 DmitrII Gerasimenko Doug Blank Dr. Di Prodi Dr. Zoltán Katona Dylan Nelson ebebpl Eliran Bivas eode Eran Pinhas eric-leblouch ericblau Erik LaBianca Erik Sundell Ermakov Petr erolosty Evan Savage Evert Rol Ezequiel Gioia fahadabbas91 farzadz foxlisimulation frouzbeh Félix-Antoine Fortin Gabriel Abdalla Cavalcante Gabriel Fair Gaetan Semet Gang Chen Gary Lucas Georgiana Elena gerroon Giuseppe Attardi Glen A Knight Gonzalo Fernandez ordas Guilherme Oenning Guo Zhang gweis Gábor Lipták Hagen Hoferichter hani1814 Hans Permana hhuuggoo hichemken HT-Moh HuangHenghua HuiWang Ian Carroll Ian Stuart Ivan Brezina J Forde J Gerard j08rebelo Jacob Matuskey Jacob Tomlinson Jaime Ferrando Huertas James Swineson jameshgrn Jan Niederau Jason Belsky Jason Hu Jason Rigby jason4zhu Jeff Whitworth Jeffrey Bush jeffwji Jessica B. Hamrick jfleury-eidos Ji Ma Jiren Jin jiyer2016 jlc175 jmabry jmchandonia jmf Joe Hamman Joerg Klein John Chase John Readey John Shojaei Jonathan Terhorst Jordan Miller Josh Bode Joshua Milas JP Moresmau jpays Juan Cruz-Benito Julian Rüth Julien Chastang Justin Ray Vrooman Jürgen Hermann Kah Mun kangzebin Kelly L. Rowland Kenan Erdogan Kerwin Sun kevbutler Kevin Bates khawarhere kide007 Kim-Seonghyeon kishitaku0630 Koshmaar Koustuv Sinha krinsman Kristian Gregorius Hustad Kristiyan KSHITIJA SAHARAN Kuriakin Zeng Kyla Harper Lachlan Musicman Laurent Abbal Leo Gallucci Leopold Talirz Li-Xian Chen Lisa Stillwell ljb445300387 Loïc Antoine Gombeaud Loïc Estève Lucas Durand Lukasz Tracewski m.fab Ma mangecoeur Manish Kushwaha Marc Illien marinalopez2110 Mark Mirmelstein Marlene Silva Marchena Martin Gergov Martin Zugnoni Marvin Solano Marwan Baghdad Matthias Bussonnier Matthias Klan Matthias Lee Matthieu Boileau Max Mensing mdivk Meesam Shah Michael Carroll Michael Huttner Michael Lovci Michael McCarthy Michael Milligan Michael Pilosov michec81 Mike Croucher MikeSpark Min RK MisterZ Moritz Kirschner Moritz Schlarb moskiGithub mpolidori mrclttnz MubashirullahD Muhammad-Imtiaz mxcheng2011 myidealab Naineel Shah narala558 newturok Ney Torres Nic Wayand Nico Bellack nifuki Nils Werner not4everybody NotSharath nschiraldi Nujjy oscar6echo Paperone80 Patafix Paul Mazzuca Paul Shealy Paulo Roberto de Oliveira Castro Pav K payalbhatia Peter Parente Peter Reid Phil Elson Phil Fenstermacher Philipp Kats phpdistiller phxedmond Piotr Pouria Hadjibagheri powerLeePlus Pratik Lal pydeepak Qcy R. C. Thomas raghav130593 Rahul Sharma Rama Krishna Jinka RBALAJI5 rbq Richard C Gerkin Richard Darst Richard Huntrods richyanicky Rob Nagler robin robotsp rothwewi rushikeshraut777 Ryan Ryan Abernathey Ryan Lovett Ryan McGuire rzuidhof Saiprasad Balasubramanian Sam Manzer samRddhimat Santosh Saranya411 Scott Crooks sdementen SeaDude SergeyK1 Shannon Shi Pengcheng shibbas Shinichi TAMURA Shiva1789 sidebo Sigurður Baldursson Simon Li Sindre Gulseth SivaMaplelabs sjillidimudi skruse smoulderme Solaris Spencer Ogden sreekanthmg Steven B Steven Silvester StudyQuant Subhash Suchit summerswallow summerswallow-whi Søren Fuglede Jørgensen Taewon Tania Allard Taposh Dutta Roy techie879 ThibTrip Thomas Mendoza thomas-rabiller-azimut Thong Kuah thongnnguyen Tim Crone Tim Head Timothy Griffiths Timothy Liu Todd Gamblin Tom Tomer Leibovich tregin Tren Huang Tuhina Chatterjee Tyler Gregory Uday Udit Arora Vasu Gaur Victor Lopez Vidit Agarwal VidJa Vincent Feng vishal49naik49 Vivek Vivek Rai vivekbiet Vlad-Mihai Sima Volker Braun wangcong Wangsoo Kim whositwhatnow Will Will Starms Willem Pienaar Xavier Lange YborBorn YizTian Yoav Tzelnick YoongHM yugushihuang Yuvi Panda Yuze Ma Zac Flamig Zach Day Zachary Sailer Zafer Cesur zmkhazi zneudl 田进 邱雨波 高彦涛
0.7.0 - Alex Blackwell - 2018-09-03
This release contains JupyterHub version 0.9.2, additional configuration options and various bug fixes.
IMPORTANT: This upgrade will require your users to stop their work at some point and have their pod restarted. You may want to give them a heads up ahead of time or do it during nighttime if none are active then.
If you are running v0.5
of the chart, you should upgrade to v0.6
first
before upgrading to 0.7.0
. You can find out what version you are using by
running helm list
.
Follow the steps below to upgrade from v0.6
to 0.7.0
.
This step is optional, but a recommended safeguard when the hub's and users' data is considered important. The changes makes the PersistentVolumes (PVs), which represent storage (user data and hub database) remain even if the PersistentVolumeClaims (PVCs) are deleted. The downside of this is that it requires you to perform manual cleanup of PVs when you want to stop spending money for the storage.
# The script is a saftey measure and patches your PersistentVolumes (PV) to
# not be garbage collected if the PersistentVolumeClaim (PVC) are deleted.
NAMESPACE=<YOUR-NAMESPACE>
# Ensure the hub's and users' data isn't lost
hub_and_user_pvs=($(kubectl get persistentvolumeclaim --no-headers --namespace $NAMESPACE | awk '{print $3}'))
for pv in ${hub_and_user_pvs[@]};
do
kubectl patch persistentvolume $pv --patch '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}'
done
# Update helm
curl https://raw.githubusercontent.com/kubernetes/helm/HEAD/scripts/get | bash
# Update tiller (on the cluster)
helm init --upgrade --service-account=tiller
# Verify the update
# NOTE: you may need to cancel and re-run the command, it should work within 30
# seconds.
helm version
# VERIFY: Did it return both the client and server version?
# Client: &version.Version{SemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"}
# Server: &version.Version{SemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"}
The pre-puller component of v0.6 could leave leftover resources after it finished, instead of cleaning up after itself. This script removes the pre-puller resources created by v0.6.
# This script will delete resources that were meant to be temporary
# The bug that caused this is fixed in version 0.7.0 of the Helm chart
NAMESPACE=<YOUR-NAMESPACE>
resource_types="daemonset,serviceaccount,clusterrole,clusterrolebinding,job"
for bad_resource in $(kubectl get $resource_types --namespace $NAMESPACE | grep '/pre-pull' | awk '{print $1}');
do
kubectl delete $bad_resource --namespace $NAMESPACE --now
done
kubectl delete $resource_types --selector hub.jupyter.org/deletable=true --namespace $NAMESPACE --now
This step is recommended due to bugs in Helm that could cause your JupyterHub
Helm chart installation (release) to get stuck in an invalid state.
The symptoms are often that helm upgrade
commands fail with the reason that some resource does or doesn't exist.
# Look up the name of your Helm release (installation of a Helm chart)
helm list
# Store the name of the Helm release
RELEASE_NAME=<YOUR-RELEASE-NAME>
# Give yourself an overview of this release's revisions
helm history $RELEASE_NAME
# Check if you have multiple revisions in a DEPLOYED status (a bug), or if you
# have old PENDING_UPGRADES or FAILED revisions (may be problematic).
helm history $RELEASE_NAME | grep --extended-regexp "DEPLOYED|FAILED|PENDING_UPGRADE"
# If you have multiple revisions in DEPLOYED status, this script will clean up
# all configmaps except the latest with DEPLOYED status.
deployed_revisions=($(helm history $RELEASE_NAME | grep DEPLOYED | awk '{print $1}'))
for revision in ${deployed_revisions[@]::${#deployed_revisions[@]}-1};
do
kubectl delete configmap $RELEASE_NAME.v$revision --namespace kube-system
done
# It seems plausible that upgrade failures could have to do with revisions
# having a PENDING_UPGRADE or FAILED status in the revision history. To delete
# them run the following command.
kubectl delete configmap --selector "NAME=$RELEASE_NAME,STATUS in (FAILED,PENDING_UPGRADE)" --namespace kube-system
IMPORTANT: Do not miss out on the --force
flag!
--force
is required due to changes in labelling of jupyterhub resources
in 0.7.
Helm cannot upgrade from the labelling scheme in 0.6 to that in 0.7 without --force
, which deletes and recreates the deployments.
RELEASE_NAME=<YOUR-RELEASE-NAME>
NAMESPACE=<YOUR-NAMESPACE>
helm repo add jupyterhub https://jupyterhub.github.io/helm-chart/
helm repo update
# NOTE: We need the --force flag to allow recreation of resources that can't be
# upgraded to the new state by a patch.
helm upgrade $RELEASE_NAME jupyterhub/jupyterhub --install \
--force \
--version=0.7.0 \
--namespace=$NAMESPACE \
--values config.yaml \
--timeout 1800
Active users with running pods must restart their pods. If they don't the next
time they attempt to access their server they may end up with {“error”: “invalid_redirect_uri”, “error_description”: “Invalid redirect URI”}
.
You have the power to force this to happen, but it will abort what they are
doing right now. If you want them to be able to do it in their own pace, you
could use the /hub/admin
path and shut them down manually when they are done.
NAMESPACE=<YOUR-NAMESPACE>
# Inspect what users are currently running
kubectl get pod --selector component=singleuser-server --namespace $NAMESPACE
# Force all of them to shutdown their servers, and ensure the hub gets to
# realize that happened through a restart.
kubectl delete pod --selector component=singleuser-server --namespace $NAMESPACE
kubectl delete pod --selector component=hub --namespace $NAMESPACE
If things fail, you can try the following before installing the chart. If you decide to take these steps, we recommend step 1 is taken first in order to not loose data and that you ensure the old data is made available by the troubleshooting step below.
RELEASE_NAME=<YOUR-RELEASE-NAME>
# WARNING: Deletes everything installed by the Helm chart!
# WARNING: If you have not changed the reclaim policy of the hub in step 1, the
# hub never be able to remember anything about past users. Also note
# that even if you have taken step 1, you must also make the PVs become
# `Available` again before the hub starts up again.
# NOTE: This does not include user pods or user storage PVCs as they have been
# indirectly created by KubeSpawner
helm delete $RELEASE_NAME --purge
# WARNING: Deletes everything within the namespace!
# WARNING: If you have not changed the reclaim policy of the hub and users in
# step 1, the hub's stored information about the users and the user's
# storage will be lost forever. Also note that even if you have taken
# step 1, you must also make the hub and users PVs become `Available`
# before the hub and users startup again.
kubectl delete namespace <YOUR-NAMESPACE>
If you took these steps and step 1, you should probably right now continue with
the next troubleshooting section about making Released
PVs Available
for
reuse.
If you followed step 1 and 2, you can after cleanup of a cluster reuse the old hub's and users' storage if you do this step before you installs the Helm chart again.
In more technical words: if you have deleted PVCs such as hub-db-dir
or
claim-anyusername
, their PVs will end in a Released
state assuming they had
a reclaimPolicy
set to Retain
. To make use of these PVs again, we must make
them Available
for the to future PVCs that needs a PV to bind to.
NAMESPACE=<YOUR-NAMESPACE>
# Ensure the hub's and users' PVs are made `Available` again
hub_and_user_pvs=($(kubectl get persistentvolume | grep -E "Released.+$NAMESPACE/(hub-db-dir|claim-)" | awk '{print $1}'))
for pv in ${hub_and_user_pvs[@]};
do
kubectl patch persistentvolume $pv --patch '{"spec":{"claimRef":{"uid":null}}}}'
done
# Ensure you don't have any PVCs in the lost state
lost_pvcs=($(kubectl get persistentvolumeclaim --namespace $NAMESPACE | grep -E "(hub-db-dir|claim-).+Lost" | awk '{print $1}'))
for pvc in ${lost_pvcs[@]};
do
echo kubectl delete persistentvolumeclaim $pvc --namespace $NAMESPACE
done
A. Tan Aaron Culich abhismvit AC AcademicAdmin Adam Grant Adam Huffman Adam Thornton Adam Tilghman Adam-Origamiiris Afreen Rahman agustaf agustiin aisensiy Ajay Changulani Akhil Lawrence akkibatra Alan King Albert J. de Vera Alejandro del Castillo Alejandro Gastón Alvarez Aleksandr Blekh Alex Leith Alex Marandon Alex Mellnik Alex Moore Alex Morreale Alex Tasioulis Alexander Alexander Hendorf Alexander Kruzhkov Alexander Morley Alexander Schwartzberg Allen Downey AlphaSRE Alramzey amangarg96 Amirahmad Khordadi Amit Rathi Analect anasos Andre Celere Andrea Abelli Andrea Turrini Andrea Zonca Andreas Heider Andrew Berger Andrew Melo andrewcheny András Tóth André Luiz Diniz Andy Berner Andy Doddington angus evans Anirudh Vyas Ankit Ankit Sharma ankit2894 Anthony Suen Anton Akhmerov Antonino Ingargiola Antonio Serrano AranVinkItility Arda Aytekin Ariel Balter Ariel Rokem arkroop Arthur arthur Arthur Koziel ArvinSiChuan aseishas at-cchaloux atullo2 Bastian Greshake Tzovaras bbarney213 bbrauns Ben Chuanlong Du Benjamin Paz Benoit Rospars BerserkerTroll BhagyasriYella bhavybarca Birgetit bitnik Borislav Aymaliev Botty Dimanov Brad Skaggs Brandon Sharitt Brent Brian E. Granger Brian Ray Bruce Beauchamp Bruce Chiarelli Byă Camilla Camilo Núñez Fernández Cara carluri Carol Willing Caspian chack05 chang-zhijie chaomaer chaoyue729 Charles Forelle chenyg0911 Chester Li Chia-liang Kao Chico Venancio Chris Fournier Chris Holdgraf Chris Seal Chris Van Pelt Christiaan Swanepoel Christian Alis Christian Hotz-Behofsits Christian Mesh Christian Moscardi Christine Banek Christopher Hench ckbhatt Claudius Mbemba cloud-science Cody Scott Cord Cory Johns cqzlxl Craig Willis Curtis Maves cyberquasar cybertony cyberyor Daisuke Taniwaki daleshsd Dan Allan Dan Hoerst Dan Lidral-Porter Daniel Daniel Morrison danielmaitre danielrychel Dario Romero darky2004 DataVictorEngineer Dave Aitken Dave Hirschfeld David Bath David Doherty David Kügler David Maxson David Napier David Pérez Comendador David Pérez-Suárez David Sanftenberg Davide deep-42-thought Deleted user DerekHeldtWerle Dhawal Patel disimone DmitrII Gerasimenko Dmitry Mishin Dominic Suciu Don Kelly Doug Holt Dragos Cojocari dturaev Dwight Townsend Dylan Lentini Eamon Keane Eddy Elbrink Emmanuel Gomez Enol Fernández epoch1970 Eric Charles Erik Sundell Ermakov Petr ernestmartinez EtienneDesticourt Evan Evan Van Dam Evert Rol eylenth Ezequiel Gioia fahadabbas91 Faras Sadek forbxy Francisco Zamora-Martinez FU Zhipeng Fyodor Félix-Antoine Fortin G YASHASVI Gaetan Semet Gaëtan Lehmann gbrahmi George Jose Gerben Welter Gerhard Burger GladysNalvarte Glen A Knight Graham Dumpleton grant-guo GRC Guillaume EB guimou Guo Zhang gweis Hagen Hoferichter hanbeibei hani1814 Hans Petter Bieker happytest143 Hassan Mudassir Helder Rodrigues hemantasingh Henddher Pedroza hjclub123 huhuhang Hunter Jackson Ian Indrajeet Singh ironv IssacPan Ivan Grbavac J Forde J Gerard Jacob Tomlinson James Curtin James Davidheiser James Londal James Veitch Jan Kalo Jason Kuruzovich Jason Williams jason4zhu javin-gn Jeremie Vallee Jeremy Lewi Jeremy Tuloup Jerry Schuman Jesse Cai Jesse Kinkead Jesse Zhang Jessica Wong Jim Basney Jim Hendricks Jiri Kuncar jlsimms jm2004 Joakim JocelynDelalande Joe Hamman Joel Pfaff John Kaltenbach John Readey johnbotsis johnkpark johnpaulantony Jonas Adler Jonathan Jonathan Brant Jonathan Wheeler jonny86 Joost W. Döbken Jose Manuel Monsalve Diaz Josh Barnes Josh Temple João Barreto jpolchlo JPUnD Juan Cabanela Julien Chastang Jurian Kuyvenhoven Justin Holmes Justin Moen justkar4u JYang25 Jürgen Hermann kakzhetak kaliko Kam Kasravi Kannan Kumar karthikpitchaimani Kenneth Lyons Kevin P. Fleming kevkid Kirill Dubovikov Knarfux Ko Ohashi krinsman KrisL Kristiyan lambertjosh Lars Biemans Leo Gallucci leolurunhe Leopold Talirz LeoPsidom lfzyx lgc019 Lifubang liusztc09 liuzhliang llancellotti lmerli84 loginoff Louis Garman Luca De Feo Luca Grazioli Lucas Durand Lucas Kushner Lukasz Lempart Lukasz Tracewski Lutz Behnke M Pacer Maciej Sawicki madsi1m mak-aravind Malin Aandahl Manjukb Marc BUFFAT marciocourense Marco Pleines Marcus Hunger Marcus Levine Mario Campos Marius van Niekerk Mark Mirmelstein marmaduke woodman Martin Forde Martín Anzorena maryamdev Mas mascarom Mathew Blonc Matt Hansen Matteo Ipri matthdan Matthew Bray Matthew Rocklin Matthias Bussonnier Matthias Klan mattvw Max Joseph Maxim Moinat mdivk Mereep merlin1608 Micah Micah Smith Michael Huttner Michael Milligan Michael Ransley michec81 Michele Bertasi Miguel Caballer Mike Hamer Min RK MincingWords MisterZ mohanamurali7 Mohit Monica Dessole moskiGithub mrkjones1979 mzilinski n3f Naeem Rashid Naineel Shah NaizEra nauhpc ndiy Neelanshu92 Nehemiah I. Dacres Neth Six ngokhoa96 Nick Brown Nickolaus D. Saint nickray Nico Bellack Nicolas M. Thiéry Nikolay Dandanov Nikolay Voronchikhin niveau0 Norman Gray ogre0403 Ola Tarkowska oneklc OpenThings ormskirk77 P.J. Little Pat W Patafix Paul Adams Paul Laskowski Paul Mazzuca Paulo Roberto de Oliveira Castro Pav K pedrovgp pekosro Peter Majchrak pgarapon Phil Fenstermacher philippschw Phuong Cao picca Pierre Accorsi Pinakibiswasdevops Pius Nyakoojo pjamason Pouria Hadjibagheri Prabhu Kasinathan Pramod Rizal Pranay Hasan Yerra Prateek prateek2408 Prerak Mody Przybyszo psnx pydo pyjones1 R. C. Thomas Rachidramadan1990 radudragusin Rafael Ladislau Rafael Mejia raghu20ram raja Ramin Ranjit Raphael Nestler RaRam Raviraju Vysyaraju reddyvenu Ricardo Rocha Rich Signell Richard Caunt Richard Darst Richard England Richard Ting Rizwan Saeed Rob Robert Casey Robert Drysdale Robert Jiang Robert Schroll robin Robin Robin Scheibler roemer2201 Rok Roškar Roman Gorodeckij roversne Roy Wedge Royi Rui Zhang Ruslan Usifov Ryan Abernathey Ryan Lovett rydeng sabarnwa sabyasm sadanand25 Sam Manzer Sambaiah Kilaru samy Sangram Gaikwad sanjaydatasciencedojo Sanmati Jain saransha Saranya411 sarath145p Satendra Kumar saurav maharjan saurs saurav SB sbailey-auro Scott Crooks Scott Sanderson SeaDude semanticyongjia serlina Seshadri Ramaswami shalan7 Shana Matthews Shannon Shantanu Singh Shengxin Huang shilpam11 Shiva Prasanth shreddd Shuo YU Sigurður Baldursson Simon Li Sirawit Pongnakintr SivaMaplelabs smiller5678 srican srini_b Stanislav Nazmutdinov stczwd Stefano Nicotri Stefano Taschini Stephanie Gott Stephen Lecrenski Stephen Pascoe Stephen Sackett Steven Silvester Stéphane Pouyllau sudheer0553 Sugu Sougoumarane Suman Addanki summerswallow summerswallow-whi sundeepChandhoke Sunip Mukherjee svzdvdoptum swgong Sylvain Desroziers syutbai T. George tankeryang TapasSpark Tassos Sarbanes teddy Kossoko tgamal Thomas Ashish Cherian Thomas Kluyver Thomas Mendoza thongnnguyen Thoralf Gutierrez Tim Crone Tim Freund Tim Head Tim Kennell Jr. Tim Klever Tim Shi TimKreuzer Tirthankar Chakravarty titansmc Tobias Morville tobiaskaestner Tom Davidson Tom Kwong Tom O'Connor Tomas Barton Tommaso Fabbri Tyler Erickson tzujan uday2002 Umar Sikander UsDAnDreS Vaclav Pavlin Varun M S Victor Paraschiv vishwesh5 Vladimir Kozhukalov vpvijay87 W. wangaiwudi Wei Hao weih1121 weimindong2016 whitebluecloud whositwhatnow will Will Starms William H William Hosford wtsyang XIAHUALOU xuhuijun Y-L-18 yee379 yeisonseverinopucv Yiding Yifan Li yougha54 Youri Noel Nelson yuandongfang Yueqi Wang yugushihuang Yuhi Ishikura Yuval Kalugny Yuvi Panda Zac Flamig Zachary Sailer Zachary Zhao ZachGlassman zaf Zafer Cesur zearaujo07 Zeb Nicholls Zelphir Kaltstahl ZenRay zero zeusal Zhongyi Zhou (Joe) Yuan ziedbouf zlshi zmkhazi Zoltan Fedor zyc Øystein Efterdal 孙永乐 张旭 武晨光 陈镇秋
[0.6] - Ellyse Perry - 2017-01-29
This release is primarily focused on better support for Autoscaling, Microsoft Azure support & better default security. There are also a number of bug fixes and configurability improvements!
In prior versions (v0.5), if you wanted to disable the pre-puller, you would use:
prePuller:
enabled: false
Now, to disable the pre-puller, you need to use:
prePuller:
hook:
enabled: false
See the pre-puller docs for more info!
This release does not require any special steps to upgrade from v0.5. See the upgrade documentation for general upgrading steps.
If you are running v0.4 of the chart, you should upgrade to v0.5 first
before upgrading to v0.6. You can find out what version you are using
by running helm list
.
If your helm upgrade fails due to the error no Ingress with the name "jupyterhub-internal" found
,
you may be experiencing a helm bug. To work
around this, run kubectl --namespace=<YOUR-NAMESPACE> delete ingress jupyterhub-internal
and
re-run the helm upgrade
command. Note that this will cause a short unavailability of your hub
over HTTPS, which will resume normal availability once the deployment upgrade completes.
z2jh is more secure by default with 0.6. We now block access to cloud security metadata endpoints by default.
See the security documentation for more details. It has seen a number of improvements, and we recommend you read through it!
Some cloud providers support the kubernetes node autoscaler, which can add / remove nodes depending on how much your cluster is being used. In this release, we made a few changes to let z2jh interact better with the autoscaler!
- Configure z2jh to 'pack' your users onto nodes, rather than 'spread' them across nodes.
- A 'continuous' pre-puller that allows user images to be pulled on new nodes easily, leading to faster startup times for users on new nodes. ([link])
- Hub and Proxy pod will not be disrupted by autoscaler, by using PodDisruptionBudgets. The Hub & Proxy will also stick together if possible, thus minimizing the number of nodes that can not be downsized by the autoscaler.
There is more work to be done for good autoscaling support, but this is a good start!
Azure's new managed Kubernetes service (AKS) is much better supported by this version!
- We have much better documentation on using z2jh with Azure!
- We rewrote our pre-puller so it works on Azure (previously it did not)
Azure AKS is still in preview mode, so be aware of that before using it in any production workloads!
See the setting up Kubernetes on Microsoft AKS section for more information.
We now have better documentation and bug fixes for configurability!
extraConfig
can be a dictionary instead of just a string. This helps when you have to split yourconfig.yaml
into multiple files for complex deployments- How user storage works by default is better documented
- Reading config in
extraConfig
fromextraConfigMap
now actually works! - You can configure the URL that users are directed to after they log in. This allows defaulting users to JupyterLab
- You can pre-pull multiple images now, for custom configuration that needs multiple images
- Better instructions on pre-populating your user's filesystem using nbgitpuller
(excerpt from https://www.cricket.com.au/players/ellyse-perry/1aMxKNyEOUiJqhq7N5Tlwg)
Arguably the best athlete in Australia, Ellyse Perry’s profile continues to rise with the dual cricket and soccer international having played World Cups for both sports.
Perry became the youngest Australian ever to play senior international cricket when she made her debut in the second ODI of the Rose Bowl Series in Darwin in July 2007 before her 17th birthday.
She went on to make her domestic debut in the 2007-08 Women’s National Cricket League season, taking 2-29 from 10 overs in her first match.
Since her national debut, Perry has become a regular fixture for the Southern Stars, playing in the 2009 ICC Women’s World Cup and the ICC Women’s World Twenty20 in the same year.
Leading Australia’s bowling attack, Perry played a crucial role in the ICC Women’s World Twenty20 Final in the West Indies in 2010.
The match came down to the wire, with New Zealand requiring five runs off the last ball to claim the title. Under immense pressure, Perry bowled the final ball of the tournament, which New Zealand’s Sophie Devine struck straight off the bat.
The talented footballer stuck out her boot to deflect the ball to Lisa Sthalekar at mid-on, securing the trophy for Australia. Perry’s figures of 3-18 in the final saw her take home the Player of the Match award.
Perry featured prominently in Australia's three-peat of World T20 victories, selected for the Team of the Tournament in 2012 and 2014.
She was named ICC Female Cricketer of the Year in 2017.
This release wouldn't have been possible without the wonderful contributors to the zero-to-jupyterhub, and KubeSpawner repos. We'd like to thank everyone who contributed in any form - Issues, commenting on issues, PRs and reviews since the last Zero to JupyterHub release.
In alphabetical order,
- Aaron Culich
- Anirudh Ramanathan
- Antoine Dao
- BerserkerTroll
- Carol Willing
- Chris Holdgraf
- Christian Mesh
- Erik Sundell
- forbxy
- Graham Dumpleton
- gweis
- Ian Allison
- Jason Kuruzovich
- Jesse Kinkead
- madanam1
- Matthew Rocklin
- Matthias Bussonnier
- Min RK
- Ryan Lovett
- Simon Li
- Steve Buckingham
- Steven Normore
- Tim Head
- Yuvi Panda
- ZachGlassman
[0.5] - Hamid Hassan - 2017-12-05
JupyterHub 0.8, HTTPS & scalability.
See the upgrade documentation for upgrade steps.
JupyterHub 0.8 is full of new features - see CHANGELOG for more details. Specific features made to benefit this chart are:
- No more 'too many redirects' errors at scale.
- Lots of performance improvements, we now know we can handle up to 4k active users
- Concurrent spawn limits (set via
hub.concurrentSpawnLimit
) can be used to limit the concurrent number of users who can try to launch on the hub at any given time. This can be tuned to avoid crashes when hundreds of users try to launch at the same time. It gives them a friendly error message + asks them to try later, rather than spinning forever. - Active Server limit (set via
hub.activeServerLimit
) can be used to limit the total number of active users that can be using the hub at any given time. This allows admins to control the size of their clusters. - Memory limits & guarantees (set via
singleuser.memory
) can now contain fractional units. So you can say0.5G
instead of having to use512M
.
And lots more!
It is our responsibility as software authors to make it very easy for admins to set up HTTPS for their users. v0.5 makes this much easier than v0.4. You can find the new instructions here and they are much simpler!
You can also now use your own HTTPS certificates & keys rather than using Let's Encrypt.
The following new authentication providers have been added:
- GitLab
- CILogon
- Globus
You can also set up a whitelist of users by adding to the list in auth.whitelist.users
.
You can always put extra snippets of jupyterhub_config.py
configuration in
hub.extraConfig
. Now you can also add extra environment variables to the hub
in hub.extraEnv
and extra configmap items via hub.extraConfigMap
. ConfigMap
items can be arbitrary YAML, and you can read them via the get_config
function in
your hub.extraConfig
. This makes it cleaner to customize the hub's config in
ways that's not yet possible with config.yaml.
You can also add external JupyterHub Services
by adding them to hub.services
. Note that you are still responsible for actually
running the service somewhere (perhaps as a deployment object).
More options have been added under singleuser
to help you customize the environment
that the user is spawned in. You can change the uid / gid of the user with singleuser.uid
and singleuser.fsGid
, mount extra volumes with singleuser.storage.extraVolumes
&
singleuser.storage.extraVolumeMounts
and provide extra environment variables with
singleuser.extraEnv
.
Hamid Hassan is a fast bowler who currently plays for the Afghanistan National Cricket Team. With nicknames ranging from "Afghanistan's David Beckham" to "Rambo", he is considered by many to be Afghanistan's first Cricket Superhero. Currently known for fast (145km/h+) deliveries, cartwheeling celebrations, war painted face and having had to flee Afghanistan as a child to escape from war. He says he plays because "We are ambassadors for our country and we want to show the world that Afghanistan is not like people recognise it by terrorists and these things. We want them to know that we have a lot of talent as well"
This release wouldn't have been possible without the wonderful contributors to the zero-to-jupyterhub, JupyterHub, KubeSpawner and OAuthenticator repos. We'd like to thank everyone who contributed in any form - Issues, commenting on issues, PRs and reviews since the last Zero to JupyterHub release.
In alphabetical order,
- Aaron Culich
- abeche
- Abhinandan Dubey
- Adam Thornton
- Adrin Jalali
- Aidis Stukas
- Aleksandr Blekh
- Alessandro Vozza
- Alex Hilson
- Analect
- Andrea Zonca
- Andreas
- Andrew Berger
- András Tóth
- angrylandmammal
- Anirudh Ramanathan
- Antonino Ingargiola
- apachipa
- Ariel Rokem
- astrodb
- Ayushi Agarwal
- batchku
- bbhopesh
- Bill Major
- Brad Svee
- Brian E. Granger
- BrianVanEtten
- calz1
- Camilo Núñez Fernández
- Carol Willing
- Chris Holdgraf
- Christian Barra
- Christian Moscardi
- Christophe Lecointe
- Christopher Hench
- Christopher Ostrouchov
- ckbhatt
- Cody Scott
- Colin Goldberg
- daleshsd
- danroliver
- Dave Hirschfeld
- David
- Davide
- deisi
- Dennis Pfisterer
- Dennis Verspuij
- Diogo
- dmceballosg
- Dominic Follett-Smith
- Doug Blank
- Enol Fernández
- Erik Sundell
- erolosty
- FalseProtagonist
- fmilano1975
- Forrest Collman
- Fred Mitchell
- Gil Forsyth
- Goutham Balaraman
- gryslik
- gweis
- haasad
- hani1814
- Hanno Rein
- harschware
- Ian Allison
- Isaiah Leonard
- J Forde
- Jacob Tomlinson
- jai11
- jbmarcille
- Jeet Shah
- Jeroen Vuurens
- Jessica B. Hamrick
- jiamicu
- jiancai1992
- jm2004
- joefromct
- John Haley
- jonny86
- Joshua Milas
- JoshuaC3
- João Vítor Amaro
- Justin Ray Vrooman
- Keith Callenberg
- KenB
- Kenneth Lyons
- krak3nnn
- Kristiyan
- Kuisong Tong
- kuldeepyadav
- Kyle Kelley
- lcfcefyn
- Leo Gallucci
- lesiano
- Lorena A. Barba
- lrob
- Lukasz Tracewski
- Mahesh Vangala
- Marco Sirabella
- marcostrullato
- Marius van Niekerk
- MarkusTeufelberger
- Matt Koken
- Matteo Cerutti
- Matthias Bussonnier
- Michael Li
- Mike
- MikeM
- Min RK
- misolietavec
- Moiz Sajid
- Morgan Jones
- mraky
- mrinmoyprasad
- nabriis
- Nickolaus D. Saint
- Nocturnal316
- Olivier Cloarec
- Pedro Henriques dos Santos Teixeira
- Pranay Hasan Yerra
- prof-schacht
- Puneet Jindal
- R. C. Thomas
- ramonberger
- Randy Guthrie
- Richard Caunt
- richmoore1962
- Rishika Sinha
- Robert Wlodarczyk
- Ruben Orduz
- Ryan Lovett
- Ryan Wang
- rydeng
- SarunasG
- Saul Shanabrook
- Scott Calabrese Barton
- Scott Sanderson
- Simon Li
- Stefano Nicotri
- surma-lodur
- Sven Mayer
- swigicat
- SY_Wang
- Thomas Kluyver
- Thomas Mendoza
- Tim Head
- toddpfaff
- Tom O'Connor
- toncek87
- Tony
- Travis Sturzl
- Tyler Cloutier
- uday2002
- Udita Bose
- uttamkumar123
- will
- Wilmer Ramirez
- xgdgsc
- Yan Zhao
- Yinan Li
- yoryicopo
- Yu-Hang "Maxin" Tang
- Yuvi Panda
- Zachary Ogren
- Zhenwen Zhang
- Zoltan Fedor
[0.4] - Akram - 2017-06-23
Stability, HTTPS & breaking changes.
We recommend that you delete prior versions of the package and install the latest version. If you are very familiar with Kubernetes, you can upgrade from an older version, but we still suggest deleting and recreating your installation.
-
The name of a user pod and a dynamically created home directory PVC (PersistentVolumeClaim) no longer include the
userid
in them by default. If you are using dynamic PVCs forhome
directories (which is the default), you will need to manually rename these directories before upgrading. Otherwise, new PVCs will be created, and users might freak out when viewing the newly created directory and think that their home directory appears empty.See PR #56 on what needs to change.
-
A StorageClass is no longer created by default. This shouldn't affect most new installs, since most cloud provider installations have a default (as of Kubernetes 1.6). If you are using an older version of Kubernetes, the easiest thing to do is to upgrade to a newer version. If not, you can create a StorageClass manually and everything should continue to work.
-
token.proxy
is removed. Useproxy.secretToken
instead. If yourconfig.yaml
contains something that looks like the following:token: proxy: <some-secret>
you should change that to:
proxy: secretToken: <some-secret>
- Added GitHub Authentication support, thanks to Jason Kuruzovich.
- Added Ingress support! If your cluster already has Ingress support (with automatic Let's Encrypt support, perhaps), you can easily use that now.
- We now add a label to user pods / PVCs with their usernames.
- Support using a static PVC for user
home
directories or for the hub database. This makes this release usable with clusters where you only have one NFS share that must be used for the whole hub. - PostgreSQL is now a supported hub database backend provider.
- You can set annotations & labels on the proxy-public service now.
- We now use the official configurable http proxy (CHP) as the proxy, rather than the unofficial nchp. This should be a no-op (or require no changes) for the most part. JupyterHub errors might display a nicer error page.
- The version of KubeSpawner uses the official Kubernetes python client rather than pycurl. This helps with scalability a little.
- The deprecated
createNamespace
parameter no longer works, alongside the deprecatedname
parameter. You probably weren't using these anyway - they were kept only for backwards compatibility with very early versions.
This release made possible by the awesome work of the following contributors (in alphabetical order):
<3
Wasim Akram (وسیم اکرم) is considered by many to be the greatest pace bowler of all time and a founder of the fine art of reverse swing bowling.
KubeSpawner updates. Release note
Deployer UX fixes. Release note
Minor cleanups and features. Release note
Initial Public Release. Release note