Changes in KubeSpawner

Contents

Changes in KubeSpawner#

Unreleased#

7.0#

7.0.0 - 2024-10-25#

(full changelog)

Breaking changes#

New features added#

Enhancements made#

Bugs fixed#

Maintenance and upkeep improvements#

Documentation improvements#

Contributors to this release#

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@consideRatio (activity) | @d-gol (activity) | @dolfinus (activity) | @harsimranmaan (activity) | @jabbera (activity) | @josefhandl (activity) | @jwclark (activity) | @krassowski (activity) | @manics (activity) | @minrk (activity) | @moschlar (activity) | @Ph0tonic (activity) | @sgaist (activity) | @shenghu (activity) | @sunu (activity) | @willh-cmyk (activity) | @yuvipanda (activity)

6.2.0 - 2023-11-23#

New features added#

Bugs fixed#

Maintenance and upkeep improvements#

Documentation improvements#

Continuous integration improvements#

  • ci: update python and k8s versions to test with, include py312 #810 (@consideRatio)

Contributors to this release#

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@byteMuncher0x (activity) | @consideRatio (activity) | @devenami (activity) | @GeorgianaElena (activity) | @manics (activity) | @minrk (activity) | @yuvipanda (activity)

6.1#

6.1.0 - 2023-09-28#

Warning

If you have been using z2jh 3.0 or KubeSpawner 5.0-6.0, you may have orphaned user server pods due to a now fixed bug, these are pods that are running but inaccessible by users because JupyterHub doesn’t understand they are running.

These should be cleaned up to avoid incurring pointless costs. For more information about this, see this forum post.

This release comes bugfixes, a performance improvement, and a new feature part of KubeSpawner.profile_list. profile_list’s sub-config profile_options can now be include unlisted_choice that enables JupyterHub users to not just select a pre-defined choice, but to provide free text input. This can for example enable users to start any image they’d like, or any image matching a provided regular expression.

New features added#

Enhancements made#

Bugs fixed#

Maintenance and upkeep improvements#

Contributors to this release#

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@batpad (activity) | @consideRatio (activity) | @danilopeixoto (activity) | @echarles (activity) | @GeorgianaElena (activity) | @ivyxjc (activity) | @jbusecke (activity) | @juliantaylor (activity) | @manics (activity) | @minrk (activity) | @ranchodeluxe (activity) | @yuvipanda (activity)

6.0#

6.0.0 - 2023-05-31#

Breaking changes#

  • Versions of K8s older than 1.24 are no longer officially supported, KubeSpawner still likely works but this is not guaranteed through tests. #726

  • jupyterhub 4+ and kubernetes_asyncio 24.2.3+ is now required. #726

New features added#

  • Allow building more complex profile_list templates #724 (@yuvipanda)

Bugs fixed#

  • [KubeIngressProxy] Do not try to escape None #731 (@dolfinus)

  • Select profile if any of its choices are interacted with #729 (@batpad)

Maintenance and upkeep improvements#

  • Require jupyterhub 4+, currently latest kubernetes_asyncio, and stop testing k8s 1.23 #726 (@consideRatio)

Documentation improvements#

Contributors to this release#

(GitHub contributors page for this release)

@batpad | @consideRatio | @dolfinus | @manics | @pre-commit-ci | @yuvipanda

5.0#

5.0.0 - 2023-04-19#

Breaking changes#

  • Versions of K8s older than 1.23 are no longer supported, KubeSpawner may still work but this is not guaranteed. #718

  • KubeSpawner.environment now reserve the symbols { and } for use by variable expansion. To retain existing behavior, replace { and } with {{ and }} respectively. #642

  • KubeSpawner.profile_list’s kubespawner_override behavior has changed to merge instead of replace dictionary based configuration. #650

    More about kubespawner_override behavior change

    If for example KubeSpawner.node_selector is set to {"a": "a"}, and kubespawner_override to {"node_selector": {"b": "b"}}, then the resulting node_selector configuration becomes {"a": "a", "b": "b"}. Before KubeSpawner 5 it would have become {"b": "b"}.

    Since only KubeSpawner.common_labels has a non empty dictionary by default in either KubeSpawner or the JupyterHub Helm chart, this is likely only to be an issue for users that first have configured one of these values and then expect it to be entirely replaced in kubespawner_override.

    To conclude if this is a breaking change to your deployment, audit use of kubespawner_override to replace rather than merge KubeSpawner’s dictionary based configuration that is listed below.

    common_labels
    environment
    extra_annotations
    extra_container_config
    extra_labels
    extra_pod_config
    extra_resource_guarantees
    extra_resource_limits
    lifecycle_hooks
    node_selector
    storage_extra_annotations
    storage_extra_labels
    storage_selector
    user_namespace_annotations
    user_namespace_labels
    
  • The pod label hub.jupyter.org/servername is now given a escaped servername as value. #694

New features added#

  • Allow to watch multiple namespaces at the same time #678 (@dolfinus)

  • [KubeIngressProxy] Add KubeIngressProxy.ingress_class_name #668 (@dolfinus)

  • [KubeIngressProxy] Add KubeIngressProxy.ingress_specifications #667 (@dolfinus)

  • [KubeIngressProxy] Add reuse_existing_services option #656 (@dolfinus)

  • [KubeIngressProxy] Add ingress_extra_annotations and ingress_extra_labels #655 (@dolfinus)

  • Expand environment variables #642 (@dolfinus)

Bugs fixed#

  • Fix error message when default profile is missing options #704 (@holzman)

  • Escape pod label hub.jupyter.org/servername (pod annotation remains unescaped) #694 (@yuvipanda)

  • Save dns_name between restarts #677 (@dolfinus)

  • Save the namespace between restarts #657 (@totycro)

  • Fix hard-coded component label for services_enabled=True #654 (@dolfinus)

  • Let kubespawner_override merge instead of replace dictionaries #650 (@yuvipanda)

Maintenance and upkeep improvements#

  • Drop support for k8s 1.20-1.22 (stop testing against it) #718 (@consideRatio)

  • dependabot: monthly updates of github actions #713 (@consideRatio)

  • Add test to restore pod name from previous spawner state after JupyterHub restart #682 (@dolfinus)

  • Add test to spawn a pod in a separate namespace #681 (@dolfinus)

  • Avoid class state by passing relevant config to PodReflector on instanciation #672 (@dolfinus)

  • maint: pyproject.toml, hatchling, tbump, .readthedocs.yaml updates #666 (@consideRatio)

Documentation improvements#

Continuous integration improvements#

Contributors to this release#

(GitHub contributors page for this release)

@consideRatio | @dependabot | @dolfinus | @droctothorpe | @GeorgianaElena | @holzman | @jbusecke | @manics | @meeseeksmachine | @minrk | @pre-commit-ci | @shaneknapp | @totycro | @welcome | @yuvipanda

4.3#

4.3.0 - 2022-11-03#

New features added#

  • [KubeIngressProxy] Add common_labels option and expand username etc #653 (@dolfinus)

  • Add after_pod_created_hook #644 (@dolfinus)

  • Add storage_extra_annotations configuration, used when PVCs are created #630 (@TomHellier)

  • Add user_namespace_labels and user_namespace_annotations for use with enable_user_namespaces #612 (@zv0n)

Enhancements made#

  • Allow profile_options callable to be async #640 (@yuvipanda)

  • Set first value in profile-options as default when none is specified #631 (@GeorgianaElena)

  • Add “http” as a name to created k8s Services’ port (required by Istio) #614 (@ddebeau)

Bugs fixed#

Documentation improvements#

Continuous integration improvements#

Contributors to this release#

(GitHub contributors page for this release)

@abkfenris | @consideRatio | @ddebeau | @dolfinus | @GeorgianaElena | @manics | @minrk | @nikhiljha | @pre-commit-ci | @sgibson91 | @TomHellier | @welcome | @yuvipanda | @zv0n

4.2#

4.2.0 - 2022-08-29#

New features added#

  • Add storage_extra_annotations configuration, used when PVCs are created #630 (@TomHellier)

  • Add user_namespace_labels and user_namespace_annotations for use with enable_user_namespaces #612 (@zv0n)

Enhancements made#

  • Add “http” as a name to created k8s Services’ port (required by Istio) #614 (@ddebeau)

Bugs fixed#

Continuous integration#

  • ci: add dependabot to bump github action versions, and bump them #624 (@consideRatio)

Contributors to this release#

(GitHub contributors page for this release)

@abkfenris | @consideRatio | @ddebeau | @GeorgianaElena | @minrk | @nikhiljha | @sgibson91 | @TomHellier | @zv0n

4.1#

4.1.0 - 2022-05-19#

New features added#

  • Support dropdown list choices for profile_list profiles via profile_options #607 (@yuvipanda)

Maintenance and upkeep improvements#

Contributors to this release#

(GitHub contributors page for this release)

@consideRatio | @keniseli | @pre-commit-ci | @rabernat | @yuvipanda

4.0#

4.0.0 - 2022-04-23#

Breaking changes#

  • Support for use against k8s 1.17-1.19 is no longer maintained, please upgrade to k8s 1.20+ to ensure function.

  • If you have configured c.JupyterHub.proxy_class to use KubeIngressProxy, please read the notes in #598 along with the disclaimer for use of this JupyterHub proxy class.

New features added#

  • Add services_enabled to create a k8s Service for each user pod (enables use with Istio mTLS) #522 (@JJ11teen)

Bugs fixed#

  • [KubeIngressProxy] breaking: Migrate to networking.k8s.io/v1 api for Ingress resources #598 (@consideRatio)

Maintenance and upkeep improvements#

Continuous integration#

Contributors to this release#

(GitHub contributors page for this release)

@agt | @consideRatio | @JJ11teen | @yuvipanda | @zflamig

3.0#

3.0.2 - 2022-03-15#

Bugs fixed#

Maintenance and upkeep improvements#

Documentation improvements#

Contributors to this release#

(GitHub contributors page for this release)

@choldgraf | @consideRatio | @ondave | @yuvipanda

3.0.1 - 2022-03-14#

Bugs fixed#

3.0.0 - 2022-03-14#

This release replaces a synchronous Kubernetes client library with an async alternative, allowing the use of native Python async features.

Breaking changes#

  • Support for Python 3.6 dropped

  • The configuration k8s_api_threadpool_workers is removed as we don’t create threads any more, but now instead relies on scheduling everything to run in an event loop.

  • A dependency on the library kubernetes is replaced with a dependency on the library kubernetes_asyncio.

  • Methods considered internal to Kubespawner are now prefixed with _.

Maintenance and upkeep improvements#

Documentation improvements#

Contributors to this release#

(GitHub contributors page for this release)

@athornton | @choldgraf | @clkao | @consideRatio | @GeorgianaElena | @manics | @minrk | @rccern | @welcome | @yuvipanda

2.0#

2.0.1 - 2022-02-15#

Maintenance and upkeep improvements#

  • Support recent version of kubernetes client library (21.7.0) that introduced a breaking change #558 (@athornton)

Contributors to this release#

(GitHub contributors page for this release)

@athornton | @consideRatio | @minrk | @yuvipanda

2.0.0 - 2021-11-28#

Breaking changes#

A breaking change was introduced in #545, making the default value of allow_privilege_escalation be False. This means a user can’t use sudo unless allow_privilege_escalation is explicitly set to True. The JupyterHub user Pod that KubeSpawner creates will have a container with a securityContext that has allowPrivilegeEscalation set to false by default.

For reference, the following can be read about allowPrivilegeEscalation in Kubernetes official documentation:

AllowPrivilegeEscalation: Controls whether a process can gain more privileges than its parent process. This bool directly controls whether the no_new_privs flag gets set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged OR 2) has CAP_SYS_ADMIN.

To revert to the previous behavior of using the cluster’s default, set allow_privilege_escalation explicitly to None.

Bugs fixed#

Contributors to this release#

(GitHub contributors page for this release)

@athornton | @minrk | @mriedem | @welcome | @yuvipanda

1.1#

1.1.2 - 2021-11-03#

Bugs fixed#

  • Fix race condition between spawn() calling _start() and progress() #511 (@consideRatio)

Maintenance and upkeep improvements#

Other merged PRs#

Contributors to this release#

(GitHub contributors page for this release)

@athornton | @consideRatio | @manics | @minrk | @pre-commit-ci | @yuvipanda

1.1.1 - 2021-10-04#

Bugs fixed#

Continuous integration#

Contributors to this release#

(GitHub contributors page for this release)

@consideRatio | @yuvipanda

1.1.0 - 2021-07-21#

Enhancements made#

Bugs fixed#

Maintenance and upkeep improvements#

Documentation improvements#

  • Fix the errors followed by the contributing steps #509 (@mggger)

Other merged PRs#

  • [KubeIngressProxy] Set configuration before instantiating reflectors #515 (@droctothorpe)

Contributors to this release#

(GitHub contributors page for this release)

@consideRatio | @dhirschfeld | @droctothorpe | @mggger | @yuvipanda

1.0#

1.0.0 - 2021-05-14#

This release is the continuation of version 0.16.1 and could have been 0.17.0 in practice. We opted to release 1.0.0 as it enables us to communicate changes according to SemVer. Using SemVer versioning, a change in each of the three version numbers (major.minor.patch) represents a different kind of change.

Breaking changes#

  • When using KubeSpawner 1.0.0 or later together with JupyterHub 1.4.1 or later, deleting a JupyterHub user or deleting (not just stopping) a named server will lead to removing the associated PVC resource. To opt out of this behavior set the delete_pvc configuration to False.

New features added#

  • Allow configuration of kubernetes client’s options: ssl_ca_cert, host #494 (@kafonek)

  • add method to delete namespaced PVC in spawner base class #475 (@nsshah1288)

Enhancements made#

Maintenance and upkeep improvements#

Documentation improvements#

Continuous integration#

  • ci: test against recent k8s versions and misc workflow updates #506 (@consideRatio)

Contributors to this release#

(GitHub contributors page for this release)

@cbanek | @consideRatio | @dhirschfeld | @jabbera | @kafonek | @manics | @meeseeksmachine | @minrk | @nsshah1288 | @octavd

0.16#

0.16.1 - 2021-03-01#

Bugs fixed#

Contributors to this release#

@minrk

0.16.0 - 2021-02-26#

Enhancements made#

  • Add pod_security_context and container_security_context config #480 (@cyrilcros)

  • Allow mounting of service account token to be configurable (automount_service_account_token) #476 (@dtaniwaki)

  • Add user namespace support #458 (@athornton)

  • Support internal_ssl #409 (@minrk)

Bugs fixed#

  • Fix failure to create a PVC being logged as failure to create a Pod #481 (@mriedem)

  • handle pod url changes in poll #408 (@minrk)

Maintenance and upkeep improvements#

  • Refactor: remove a third way to name the same thing in make_pod’s parameters #483 (@consideRatio)

  • pre-commit: use prettier as autoformatter (markdown, yaml) #482 (@consideRatio)

  • fix some spurious additions in tests #474 (@minrk)

  • adopt black (via pre-commit) for code formatting #473 (@minrk)

  • remove duplicated secret_mount_path definition #472 (@minrk)

Other merged PRs#

  • [KubeIngressProxy] Fixes following changes to k8s resource reflectors #484 (@remche)

  • [KubeIngressProxy] allow singleuser pods to use IPv6 addresses #403 (@stv0g)

Contributors to this release#

(GitHub contributors page for this release)

@athornton | @betatim | @clkao | @consideRatio | @cyrilcros | @dhirschfeld | @dtaniwaki | @lresende | @manics | @meeseeksmachine | @minrk | @mriedem | @remche | @shanestarcher-okta | @stv0g | @tirumerla | @yuvipanda

0.15#

0.15.0 - 2020-10-15#

Enhancements made#

  • Expand storage selector #463 (@dtaniwaki)

  • Add pod_connect_ip config regarding how kubespawner reach the pod #460 (@dtaniwaki)

  • [Feature] Add AllowPrivilegeEscalation to container’s securityContext #450 (@captnbp)

Bugs fixed#

Maintenance and upkeep improvements#

Contributors to this release#

(GitHub contributors page for this release)

@athornton | @betatim | @captnbp | @celine168 | @clkao | @consideRatio | @DarkmatterVale | @dkipping | @dtaniwaki | @erolosty | @gcavalcante8808 | @gsemet | @gweis | @h4gen | @joelpfaff | @manics | @meeseeksmachine | @minrk | @ondave | @ryanlovett | @stefanvangastel | @support | @tjcrone | @welcome | @yuvipanda

0.14#

0.14.1 - 2020-10-23#

Bugs fixed#

  • KubeSpawner.image_pull_secrets malfunctions in 0.14.0 - this fixes it #451 (@johnhoman)

Maintenance and upkeep improvements#

Contributors to this release#

(GitHub contributors page for this release)

@consideRatio | @johnhoman | @rkdarst | @welcome | @yuvipanda

0.14.0 - 2020-10-05#

Enhancements made#

  • Allow image_pull_secrets config to be specified the k8s native way #442 (@consideRatio)

Bugs fixed#

Maintenance and upkeep improvements#

0.13#

0.13.0 - 2020-09-20#

Noteworthy for this release are: performance improvements, Kubernetes native environment variable specification, the possibility to run multiple JupyterHub’s in the same namespace.

Breaking changes#

The following changes probably won’t break typical usage of KubeSpawner, but could for example break logic to customized the progress page JupyerHub displays while spawning a Kubernetes pod for the user.

  • The Kubernetes EventsReflector, which is providing the KubeSpawner instances with information about Kubernetes Events describing events for other resources, is now exposing events as python dictionaries rather than V1Event objects. V1Event is defined in the kubernetes-client/python library as a representation of a Kubernetes Event.

  • KubeSpawner’s .progress method implementation (https://github.com/jupyterhub/jupyterhub/pull/1771) which is generating a formatted message as well as a KubeSpawner specific raw_event entry now returns the raw_event as a Python dictionary with entries formatted in camelCase where the keys were formatted in snake_case.

New#

  • Support EnvVar’s with ‘valueFrom’ as well as with ‘value’ #426 (@consideRatio)

  • Breaking change / performance: don’t make kubernetes-client deserialize k8s events into objects #424 (@rmoe)

  • Add component_label property to support multiple hub instances in the… #418 (@harsimranmaan)

Fixes#

  • Breaking change / performance: don’t make kubernetes-client deserialize k8s events into objects #424 (@rmoe)

Maintenance#

  • Log thread pool worker count on init #420 (@mriedem)

  • CI: test k8s 1.18 and require success, publish without test, bump minikube #417 (@consideRatio)

Contributors to this release#

@abinet | @chancez | @consideRatio | @harsimranmaan | @meeseeksmachine | @mriedem | @rmoe | @shenghu | @welcome | @yuvipanda | @zlanyi

This list of contributors were generated by github-activity according to these criteria.

0.12#

0.12.0 - 2020-07-17#

Security#

  • Security fix: CVE-2020-15110 / GHSA-v7m9-9497-p9gr. When named-servers are enabled, certain username patterns, depending on authenticator, could allow collisions. The default named-server template is changed to prevent collisions, meaning that upgrading will lose associations of named-servers with their PVCs if the default templates are used. Data should not be lost (old PVCs will be ignored, not deleted), but will need manual migration to new PVCs prior to deletion of old PVCs.

New features#

  • Add slugs field for selecting profiles in API, instead of indices. #401 (@stv0g)

  • Expose __version__ in kubespawner module #383 (@consideRatio)

  • log a warning if unrecognized user_options are provided #389 (@minrk)

Fixes#

Maintenance#

0.11#

[0.11.1] - 2019-11-29#

0.11.1 consists of a small bugfix that made the progress reporting break.

Fixes#

  • Fix spawn progress events now showing up due to failure to serialize #381 (@consideRatio)

Maintenance#

[0.11.0] - 2019-11-28#

0.11.0 features minor feature additions, compatebility measures, and fixes. KubeSpawner now require Python 3.5 and is no longer actively tested against Kubernetes clusters versioned 1.10 as before, but is now being tested against version 1.12-1.16 with the python kubernetes client library version 8-11 that is compatible with k8s 1.11-1.15.

New#

Fixes#

Compatibility#

  • CI reworked, support modern k8s high resolution timestamps, event monitoring is made more reliable, kubernetes=>8 required, python>=3.6 required, inline docs added #368 (@consideRatio)

  • Fix for Kubernetes 1.16 regarding datetime comparison #362 (@consideRatio)

  • More idiomatic python syntax #356 (@AnotherCodeArtist)

  • Compatibility with kubernetes, jupyterhub prereleases #314 (@minrk)

  • compatibility with kubernetes 9.0 #294 (@minrk)

  • Pin kubernetes version to 8.0 #292 (@yuvipanda)

Maintenance#

0.10#

0.10.1 - 2018-12-11#

0.10.1 is a tiny bugfix release, fixing regressions in 0.10.0.

  • Fix deprecation of KubeSpawner.hub_connect_ip, which caused errors in 0.10 when the deprecated config was used.

0.10.0 - 2018-12-05#

0.10.0 is a small release, with minor changes and fixes.

  • Deprecate KubeSpawner.image_spec configuration in favor of standard KubeSpawner.image. image_spec continues to work with deprecation warnings

  • Stop pinning an exact kubernetes client version; instead, require kubernetes client >= 7. If desired, pinning should be done in images/installations

  • Expand username template variables in extra_containers

  • Set pod restart policy to OnFailure, so that notebook servers that terminate themselves cleanly do not restart automatically

  • Formally deprecate KubeSpawner.hub_connect_ip and KubeSpawner.hub_connect_ip in favor of JupyterHub.hub_connect_ip, available in jupyterhub >= 0.8

0.9#

0.9.0 - 2018-09-03#

KubeSpawner 0.9.0 is a big release of KubeSpawner.

Change highlights:

  • Require Kubernetes >= 1.6

  • Require JupyterHub >= 0.8

  • Require Python >= 3.5

  • Expose lots more Kubernetes options

  • Support configuration profiles via :attr:.KubeSpawner.profile_list

  • Support Kubernetes events for the progress API in JupyterHub 0.9.

  • Update Kubernetes Python client to 6.0 (supporting Kubernetes 1.10 APIs)

  • Numerous bugfixes