- Support recent version of kubernetes client library (21.7.0) that introduced a breaking change #558 (@athornton)
(GitHub contributors page for this release)
@athornton | @consideRatio | @minrk | @yuvipanda
A breaking change was introduced in #545, making the default value of allow_privilege_escalation
be False
. This means a user can't use sudo
unless allow_privilege_escalation
is explicitly set to True
. The JupyterHub user Pod that KubeSpawner creates will have a container with a securityContext
that has allowPrivilegeEscalation
set to false
by default.
For reference, the following can be read about allowPrivilegeEscalation
in Kubernetes official documentation:
AllowPrivilegeEscalation: Controls whether a process can gain more privileges than its parent process. This bool directly controls whether the
no_new_privs
flag gets set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run asPrivileged
OR 2) hasCAP_SYS_ADMIN
.
To revert to the previous behavior of using the cluster's default, set allow_privilege_escalation
explicitly to None
.
- Default allow_privilege_escalation to False #545 (@yuvipanda)
- Ensure that the _start_future attribute exists. #541 (@athornton)
(GitHub contributors page for this release)
@athornton | @minrk | @mriedem | @welcome | @yuvipanda
1.1.2 - 2021-11-03
- Fix race condition between spawn() calling _start() and progress() #511 (@consideRatio)
- Rename master to main #535 (@consideRatio)
- Remove .pylintrc config #534 (@consideRatio)
- Warn about cli args being ignored when KubeSpawner.cmd is not set #533 (@minrk)
- ci: misc fixes, don't run tests on markdown changes, etc #539 (@consideRatio)
- docs: require sphinx >=2 #538 (@consideRatio)
- [pre-commit.ci] pre-commit autoupdate #537 (@pre-commit-ci)
- Update our docs config #536 (@consideRatio)
- [pre-commit.ci] pre-commit autoupdate #530 (@pre-commit-ci)
(GitHub contributors page for this release)
@athornton | @consideRatio | @manics | @minrk | @pre-commit-ci | @yuvipanda
1.1.1 - 2021-10-04
- Terminate process correctly from reflector thread #525 (@yuvipanda)
- [pre-commit.ci] pre-commit autoupdate #526 (@pre-commit-ci)
(GitHub contributors page for this release)
1.1.0 - 2021-07-21
- Expand username etc. in configured service_account #518 (@consideRatio)
- Sort env to reliably expand nested env references #510 (@consideRatio)
- Ensure to omit empty lists in security contexts #517 (@consideRatio)
- Generalize omit_namespace functionality #514 (@droctothorpe)
- Remove unneeded dep #508 (@dhirschfeld)
- [KubeIngressProxy] Set configuration before instantiating reflectors #515 (@droctothorpe)
(GitHub contributors page for this release)
@consideRatio | @dhirschfeld | @droctothorpe | @mggger | @yuvipanda
1.0.0 - 2021-05-14
This release is the continuation of version 0.16.1 and could have been 0.17.0 in practice. We opted to release 1.0.0 as it enables us to communicate changes according to SemVer. Using SemVer versioning, a change in each of the three version numbers (major.minor.patch) represents a different kind of change.
- When using KubeSpawner 1.0.0 or later together with JupyterHub 1.4.1 or later,
deleting a JupyterHub user or deleting (not just stopping) a named server will
lead to removing the associated PVC resource. To opt out of this behavior set
the
delete_pvc
configuration toFalse
.
- Allow configuration of kubernetes client's options: ssl_ca_cert, host #494 (@kafonek)
- add method to delete namespaced PVC in spawner base class #475 (@nsshah1288)
- Add MANIFEST.in (LICENCE, README.md) #495 (@dhirschfeld)
- ci: test against recent k8s versions and misc workflow updates #506 (@consideRatio)
(GitHub contributors page for this release)
@cbanek | @consideRatio | @dhirschfeld | @jabbera | @kafonek | @manics | @meeseeksmachine | @minrk | @nsshah1288 | @octavd
0.16.1 - 2021-03-01
0.16.0 - 2021-02-26
- Add pod_security_context and container_security_context config #480 (@cyrilcros)
- Allow mounting of service account token to be configurable (automount_service_account_token) #476 (@dtaniwaki)
- Add user namespace support #458 (@athornton)
- Support internal_ssl #409 (@minrk)
- Fix failure to create a PVC being logged as failure to create a Pod #481 (@mriedem)
- handle pod url changes in poll #408 (@minrk)
- Refactor: remove a third way to name the same thing in make_pod's parameters #483 (@consideRatio)
- pre-commit: use prettier as autoformatter (markdown, yaml) #482 (@consideRatio)
- fix some spurious additions in tests #474 (@minrk)
- adopt black (via pre-commit) for code formatting #473 (@minrk)
- remove duplicated secret_mount_path definition #472 (@minrk)
- [KubeIngressProxy] Fixes following changes to k8s resource reflectors #484 (@remche)
- [KubeIngressProxy] allow singleuser pods to use IPv6 addresses #403 (@stv0g)
(GitHub contributors page for this release)
@athornton | @betatim | @clkao | @consideRatio | @cyrilcros | @dhirschfeld | @dtaniwaki | @lresende | @manics | @meeseeksmachine | @minrk | @mriedem | @remche | @shanestarcher-okta | @stv0g | @tirumerla | @yuvipanda
0.15.0 - 2020-10-15
- Expand storage selector #463 (@dtaniwaki)
- Add pod_connect_ip config regarding how kubespawner reach the pod #460 (@dtaniwaki)
- [Feature] Add AllowPrivilegeEscalation to container's securityContext #450 (@captnbp)
- Wrap concurrent.futures Future in polling function #467 (@ondave)
- Let uid/gid/fs_gid default to None instead of 0 #453 (@consideRatio)
- action-k3s-helm was moved to jupyterhub #465 (@manics)
- Don't run tests on unsupported k8s client versions #464 (@yuvipanda)
- Migrate from travis to GitHub actions #459 (@consideRatio)
- Cleanup JS patch of JupyterHub 0.8 HTML not needed in 0.9+ #455 (@consideRatio)
(GitHub contributors page for this release)
@athornton | @betatim | @captnbp | @celine168 | @clkao | @consideRatio | @DarkmatterVale | @dkipping | @dtaniwaki | @erolosty | @gcavalcante8808 | @gsemet | @gweis | @h4gen | @joelpfaff | @manics | @meeseeksmachine | @minrk | @ondave | @ryanlovett | @stefanvangastel | @support | @tjcrone | @welcome | @yuvipanda
0.14.1 - 2020-10-23
- KubeSpawner.image_pull_secrets malfunctions in 0.14.0 - this fixes it #451 (@johnhoman)
- CI: bump to kubernetes client v12, and test k8s 1.19 also #449 (@consideRatio)
(GitHub contributors page for this release)
@consideRatio | @johnhoman | @rkdarst | @welcome | @yuvipanda
0.14.0 - 2020-10-05
- Allow image_pull_secrets config to be specified the k8s native way #442 (@consideRatio)
- Access containerStatuses key with get() #441 (@rmoe)
- Allow pod to spawn if the PVC specified already exists #438 (@gravenimage)
- Add timeout and retry to create_namespaced_pod #433 (@gravenimage)
- Fix KubeIngressProxy.get_all_routes for 0.13 #430 (@remche)
- Manage regexp syntax deprecation #445 (@consideRatio)
- Python 3.6+ migration: async in 3.5 and async with yeild in 3.6 #444 (@consideRatio)
- Add an explicit dependency on urllib3 #437 (@yuvipanda)
- Delete remnant now unused parts in spawner.py #382 (@bitnik)
0.13.0 - 2020-09-20
Noteworthy for this release are: performance improvements, Kubernetes native environment variable specification, the possibility to run multiple JupyterHub's in the same namespace.
The following changes probably won't break typical usage of KubeSpawner, but could for example break logic to customized the progress page JupyerHub displays while spawning a Kubernetes pod for the user.
- The Kubernetes EventsReflector, which is providing the KubeSpawner instances with information about Kubernetes Events describing events for other resources, is now exposing events as python dictionaries rather than
V1Event
objects.V1Event
is defined in the kubernetes-client/python library as a representation of a Kubernetes Event. - KubeSpawner's
.progress
method implementation (jupyterhub/jupyterhub#1771) which is generating a formattedmessage
as well as a KubeSpawner specificraw_event
entry now returns theraw_event
as a Python dictionary with entries formatted incamelCase
where the keys were formatted insnake_case
.
- Support EnvVar's with 'valueFrom' as well as with 'value' #426 (@consideRatio)
- Breaking change / performance: don't make kubernetes-client deserialize k8s events into objects #424 (@rmoe)
- Add component_label property to support multiple hub instances in the… #418 (@harsimranmaan)
- Breaking change / performance: don't make kubernetes-client deserialize k8s events into objects #424 (@rmoe)
- Log thread pool worker count on init #420 (@mriedem)
- CI: test k8s 1.18 and require success, publish without test, bump minikube #417 (@consideRatio)
@abinet | @chancez | @consideRatio | @harsimranmaan | @meeseeksmachine | @mriedem | @rmoe | @shenghu | @welcome | @yuvipanda | @zlanyi
This list of contributors were generated by github-activity
according to these criteria.
0.12.0 - 2020-07-17
- Security fix: CVE-2020-15110 / GHSA-v7m9-9497-p9gr. When named-servers are enabled, certain username patterns, depending on authenticator, could allow collisions. The default named-server template is changed to prevent collisions, meaning that upgrading will lose associations of named-servers with their PVCs if the default templates are used. Data should not be lost (old PVCs will be ignored, not deleted), but will need manual migration to new PVCs prior to deletion of old PVCs.
- Add
slugs
field for selecting profiles in API, instead of indices. #401 (@stv0g) - Expose
__version__
in kubespawner module #383 (@consideRatio) - log a warning if unrecognized user_options are provided #389 (@minrk)
- Fix ingress compatibility with kubernetes >= 0.10. kubernetes >= 0.10 is now required. #402 (@BertR)
- Fix progress serialization #381 (@consideRatio)
- Typos in storage capacity #384 (@TkTech)
- Typos in profile_list help #411 (@mriedem)
- Fix CI builds #394 (@consideRatio)
- use bump2version and add release documentation #376 (@consideRatio)
- improve development documentation #377 (@consideRatio)
- test with JupyterHub master #380 (@consideRatio)
- update contributing guide #391 (@betatim)
0.11.1 consists of a small bugfix that made the progress reporting break.
- Fix spawn progress events now showing up due to failure to serialize #381 (@consideRatio)
- Don't require deploy job to also run tests #379 (@consideRatio)
0.11.0 features minor feature additions, compatebility measures, and fixes. KubeSpawner now require Python 3.5 and is no longer actively tested against Kubernetes clusters versioned 1.10 as before, but is now being tested against version 1.12-1.16 with the python kubernetes client library version 8-11 that is compatible with k8s 1.11-1.15.
- Add
KubeSpawner.storage_selector
for matching persistent volume using storage selector. #338 (@GrahamDumpleton) - Provide
raw_event
in spawner progress #361 (@clkao) - Add
{username}
expansion to extra_pod_config #321 (@cgiraldo) - Configurable
delete_grace_period
#310 (@arturozv)
- Scope security context to container from pod where it is possible #334 (@shoelsch)
- Permit storage class to be empty string. #337 (@GrahamDumpleton)
- Fix pod name prefix escaping for named servers #309 (@dmarth)
- Always load user_options #301 (@minrk)
- using user_options in kubespawner #285 (@hhuuggoo)
- Allow None on UID and GID #286 (@dtaniwaki)
- CI reworked, support modern k8s high resolution timestamps, event monitoring is made more reliable, kubernetes=>8 required, python>=3.6 required, inline docs added #368 (@consideRatio)
- Fix for Kubernetes 1.16 regarding datetime comparison #362 (@consideRatio)
- More idiomatic python syntax #356 (@AnotherCodeArtist)
- Compatibility with kubernetes, jupyterhub prereleases #314 (@minrk)
- compatibility with kubernetes 9.0 #294 (@minrk)
- Pin kubernetes version to 8.0 #292 (@yuvipanda)
- Iteration of local development instructions #377 (@consideRatio)
- Add RELEASE.md and utilize bump2version #376 (@consideRatio)
- Fix docs build #371 (@consideRatio)
- [MRG]: Travis pypi: only use pre for nightly #369 (@manics)
- Add relevant badges to README.md #365 (@consideRatio)
- Update SETUP.md instructions to match current state of JupyterHub #353 (@yuvipanda)
- codecov badge #312 (@choldgraf)
- Update documentation regarding run_as_gid behavior #297 (@kevin-bates)
- build docs with python 3.6 #295 (@minrk)
- making kubespawner docs links more discoverable #287 (@choldgraf)
0.10.1 - 2018-12-11
0.10.1 is a tiny bugfix release, fixing regressions in 0.10.0.
- Fix deprecation of
KubeSpawner.hub_connect_ip
, which caused errors in 0.10 when the deprecated config was used.
0.10.0 - 2018-12-05
0.10.0 is a small release, with minor changes and fixes.
- Deprecate
KubeSpawner.image_spec
configuration in favor of standardKubeSpawner.image
.image_spec
continues to work with deprecation warnings - Stop pinning an exact kubernetes client version; instead, require kubernetes client >= 7. If desired, pinning should be done in images/installations
- Expand username template variables in extra_containers
- Set pod restart policy to OnFailure, so that notebook servers that terminate themselves cleanly do not restart automatically
- Formally deprecate
KubeSpawner.hub_connect_ip
andKubeSpawner.hub_connect_ip
in favor ofJupyterHub.hub_connect_ip
, available in jupyterhub >= 0.8
0.9.0 - 2018-09-03
KubeSpawner 0.9.0 is a big release of KubeSpawner.
Change highlights:
- Require Kubernetes >= 1.6
- Require JupyterHub >= 0.8
- Require Python >= 3.5
- Expose lots more Kubernetes options
- Support configuration profiles via :attr:
.KubeSpawner.profile_list
- Support Kubernetes events for the progress API in JupyterHub 0.9.
- Update Kubernetes Python client to 6.0 (supporting Kubernetes 1.10 APIs)
- Numerous bugfixes