Skip to content

Latest commit

 

History

History
2248 lines (1975 loc) · 112 KB

CHANGELOG.md

File metadata and controls

2248 lines (1975 loc) · 112 KB
Raw

Changelog

Here you can find upgrade changes in between releases and upgrade instructions.

[0.9]

[0.9.1] - 2020-07-17

This is a security fix, patching CVE-2020-15110 / GHSA-v7m9-9497-p9gr in KubeSpawner 0.11, only affecting some deployments with allow_named_servers enabled (not default):

When named-servers are enabled, certain username patterns, depending on authenticator, could allow collisions with other usernames and named servers. The default named-server template is changed to prevent collisions, meaning that upgrading will lose associations of named-servers with their PVCs if the default templates are used. Data should not be lost (old PVCs should be ignored, not deleted), but will need manual migration to new PVCs prior to deletion of old PVCs.

[0.9.0] - 2020-04-15

Release summary

This Helm chart release is mainly a maintenance release featuring the latest JupyterHub (1.1.0) and authenticators along with bug fixes and some additional helpful configuration options.

Noteworthy:

  • An issue with automatic acquisition of HTTPS certificates has been resolved since 0.9.0-beta.3.
  • Fixed a compatibility issue with Kubernetes 1.16+
  • The images/hub/requirements.txt file in this repo can now be used to track what specific version has been used at any point in time.
  • jupyterhub-nativeauthenticator added to the JupyterHub Docker image.

Bumped dependencies:

  • jupyterhub version 1.1.0
  • jupyterhub-ldapauthenticator version 1.3.0
  • jupyterhub-kubespawner version 0.11.1
  • oauthenticator version 0.11.0
  • kubernetes version 10.0.1

Upgrade instructions (IMPORTANT)

  1. If you are using Helm 2, upgrade to the latest Helm 2 version. And if you are using Helm 3, upgrade to the latest Helm 3 version.

    Upgrading to Helm 3 from Helm 2 requires additional steps not covered here, so for now please stay with your current major version of helm (2 or 3).

    # Figure out what version you currently have locally, you should use
# release of the same major version you have used before.
helm version

    Install either the latest Helm 2 or Helm 3 depending on what major version you currently had worked with.

    # verify you successfully upgraded helm
helm version

# if you just upgraded helm 2, also upgrade tiller
helm init --upgrade --service-account=tiller

  2. Use --cleanup-on-fail when using helm upgrade.

    Helm can enter a problematic state by a helm install or upgrade process which started creating Kubernetes resources, but then didn't finish at all or didn't finish successfully. It can cause resources created that helm will later come in conflict with.

    To mitigate this, we suggest always using --cleanup-on-fail with this Helm chart, it is a solid behavior that reduce a lot of head ache.

  3. If you use --wait, or --atomic which implies --wait: do not manually cancel the upgrade!

    If you would abort the upgrade when using --wait and Kubernetes resources has been created, resources will have been created that can cause conflict with future upgrades and require you to manually clean them up.

  4. Delete resources that could cause issues before upgrading.

    # replace <NAMESPACE> below with where jupyterhub is installed
kubectl delete -n <NAMESPACE> clusterrole,clusterrolebinding,role,rolebinding,serviceaccount,deployment,configmap,service -l component=autohttps

Troubleshooting upgrade

If you get an error similar to the one below, it is a symptom of having attempted a helm upgrade that failed where helm lost track of some newly created resources. A good solution is to delete all of these resources and try again.

# replace <NAMESPACE> below with where jupyterhub is installed
kubectl delete -n <NAMESPACE> clusterrole,clusterrolebinding,role,rolebinding,serviceaccount,deployment,configmap,service -l component=autohttps

To avoid this in the future, use --cleanup-on-fail with the helm upgrade command. It is not a fool proof way to avoid it, but . And note that even if that flag is used, an interupption for example during --wait or --atomic which implies --wait, be aware of an interruption while waiting can very likely cause this to arise on the following upgrade attempt.

error: kind ConfigMap with the name "traefik-proxy-config" already exists in
the cluster and wasn't defined in the previous release. Before upgrading,
please either delete the resource from the cluster or remove it from the chart

Dependency updates

Maintenance

[0.9.0-beta.4] - 2020-02-26

Added

Dependency updates

Fixed

Maintenance

[0.9.0-beta.3] - 2020-01-17

Dependency updates

Fixed

Maintenance

[0.9.0-beta.2] - 2019-12-26

Fixed

  • Fix major breaking change if all HTTPS options was disabled introduced just before beta.1 #1534 (@dirkcgrunwald)

[0.9.0-beta.1] - 2019-12-26

Some highlights of relevance for this release are:

  • The default configuration is now catering to autoscaling clusters where nodes can be added and removed, as compared to fixed clusters where there is only a fixed amount of nodes. Set scheduling.userScheduler.enabled to false if you are on a fixed size cluster.
  • Kubernetes 1.16 compatibility achieved
  • Updated dependencies
    • jupyterhub==1.1.0b1
    • kubernetes==0.10.1
    • kubespawner==0.11.1
    • oauthenticator==0.10.0

Added

  • Added ability to configure liveness/readiness probes on the hub/proxy #1480 (@mrow4a)
  • Added ability to use an existing/shared image pull secret for hub and image pullers #1426 (@LaurentGoderre)
  • Added ability to configure the proxy's load balancer service's access restrictions (loadBalancerSourceRanges) #1418 (@GergelyKalmar)
  • Added user-scheduler pod->node scheduling policy configuration #1409 (@yuvipanda)
  • Added ability to add additional ingress rules to k8s NetworkPolicy resources #1380 (@yuvipanda)
  • Enabled the continuous image puller by default #1276 (@consideRatio)
  • Added ability to configure initContainers of the hub pod #1274 (@scottyhq)
  • Enabled the user-scheduler by default #1272 (@minrk)
  • Added ability to use an existing jupyterhub configuration k8s secret for hub (not recommended) #1142 (@koen92)
  • Added use of liveness/readinessProbe by default #1004 (@tmshn)

Dependency updates

Fixed

  • Workaround upstream kubernetes issue regarding https health check #1531 (@sstarcher)
  • User-scheduler RBAC permissions for local-path-provisioner + increase robustness of hub.baseUrl interaction with the hub deployments health endpoint #1530 (@cutiechi)
  • Fixing #1300 User-scheduler doesn't work with rancher/local-path-provisioner #1516 (@cgiraldo)
  • Move z2jh.py to a python and linux distribution agnostic path #1478 (@mrow4a)
  • Bugfix for proxy upgrade strategy in PR #1401 #1404 (@consideRatio)
  • Use recreate CHP proxy pod's deployment strategy #1401 (@consideRatio)
  • Proxy deployment: Change probes to https port #1378 (@chicocvenancio)
  • Readiness and liveness probes re-added #1361 (@consideRatio)
  • Use 443 as https port or redirection. FIX #806 #1341 (@chicocvenancio)
  • Revert "Configure liveness/readinessProbe" #1356 (@consideRatio)
  • Ensure helm chart configuration is passed to JupyterHub where needed #1338 (@bitnik)
  • Make proxy redirect to the service port 443 instead of the container port 8443 #1337 (@LucidNeko)
  • Disable becoming root inside hub and proxy containers #1280 (@yuvipanda)
  • Configure KubeSpawner with the singleuser.image.pullPolicy properly #1248 (@vmarkovtsev)
  • Supply hub.runAsUser for the hub at the container level instead of the pod level #1240 (@tmc)
  • Relax HSTS requirement on subdomains #1219 (@yuvipanda)

Maintenance

[0.8]

[0.8.2] - 2019-04-01

Bumped the underlying JupyterHub to 0.9.6.

[0.8.1] - 2019-03-28

Bumped the underlying JupyterHub to 0.9.5.

[0.8.0] - Richie Benaud - 2019-01-24

This release contains JupyterHub version 0.9.4. It requires Kubernetes >= 1.11 and Helm >= 2.11.0. See the Helm Chart repository for a list of relevant dependencies for all Helm Chart versions.

It contains new features, additional configuration options, and bug fixes.

Upgrading from 0.7

To upgrade your cluster:

  1. backup your hub-db-dir persistent volume and previous configuration files, to be safe

  2. read changes here and make any needed updates to your configuration

  3. upgrade the chart:

    helm repo update helm upgrade $RELEASE --force --version 0.8.0 --values config.yaml

The --force flag allows deletion and recreation of objects that have certain changes, such as different labels, which are forbidden otherwise.

Breaking changes

  • Github organisation OAuth: auth.github.org_whitelist has been renamed to auth.github.orgWhitelist to be consistent with helm's camelCase style

Troubleshooting

If you encounter issues with upgrades, check for changed configuration in this document, and make sure your config is up to date.

If you aren't able to get the upgrade to work, you can rollback to a previous version with:

helm rollback $RELEASE

Feel free to ping us on gitter if you have problems or questions.

New Features

Easier user-selectable profiles upon login

Profile information is now passed through to KubeSpawner. This means you can specify multiple user profiles that users can select from when they log in. (#402)

Configurable image pull secrets

Improvements to the Helm Chart to let users specify private information that lets the Hub pull from private Docker registries. New information includes Kubernetes Secrets, an email field, large JSON blobs in the password field (required in order to pull from a private gcr.io registry from an external cluster).

It also ensures that the image puller DaemonSets have the same credentials to pull the images.

(thanks to @AlexMorreale) #851

Improved user scheduling and resource management

#891

Want to make your autoscheduler work efficiently? Then you should schedule pods to pack tight instead of spread out. The user scheduler accomplishes this.

  • Pod priority and User placeholders - #929

Want to scale up before users arrive so they don't end up waiting for the node to pull an image of several gigabytes in size? By adding a configurable fixed amount of user placeholder pods with a lower pod priority than real user pods, we can accomplish this. It requires k8s v1.11 though.

  • preferScheduleNextToRealUsers - improves autoscaling - #930 This setting slightly improves the ability for a cluster autoscaler to scale down by increasing the likelihood of user placeholders being left alone on a node rather than real users. Real users can't be moved around while user placeholder pods can

Minor upgrades and development improvements

  • Update jupyterhub to 0.9.4
  • Update kubespawner to 0.10.1
  • Allow setting of storage labels - #924
  • Tolerations for node taints - #925
  • Making the core and user pods affinity have configurable presets - #927
  • Improved linting and validation + CI integration - #844
  • Improved CI tests - #846
  • Cleanup of orphaned files - #842 Two files were left unused in the repo.
  • cull.maxAge bugfix - #853 cull.maxAge previously didn't influence the culler service, as the value was never consumed. This is fixed by a single one line commit in a PR.
  • No more duplicates of puller pods - #854 Nobody wants pods running that does nothing. By using the new before-hook-creation value for the deletion-policy Helm hook together with a single name for our Helm hook resources, we can ensure never having orphaned image pullers.
  • Remove pod-culler image - #890 #919 Before JupyterHub 0.9 the pod-culler was a standalone pod with a custom image. But now it is a internal service of the JupyterHub pod, so in this PR we slim the remnant code.
  • Upgrade to k8s 1.9 APIs - #920 Migrate to more stable K8s resource APIs from beta.
  • Update of the singleuser-sample image - #888 git and nbgitpuller are now available by default
  • Switch to using a StatefulSet for the Hub * The Hub should perhaps be a StatefulSet rather than a Deployment as it tends to be tied to a PV that can only be mounted by one single Hub. See this issue: helm/charts#1863
  • Show users deprecation and error messages when they use certain deprecated configuration (e.g. hub.extraConfig as a single string) or incompatible combinations.
  • Updates to the guide - #850
  • Updates to inline documentation - #939

Richie Benaud

(excerpt from https://www.cricket.com.au/players/richie-benaud/gvp5xSjUp0q6Qd7IM5TbCg)

Possibly the most iconic man in Australian cricket, Richie Benaud enjoyed a career spanning nearly 70 years in the game. On the field, he scored 767 runs at 19.66 in his 27 matches against England, while he also picked up 83 wickets. Off the field, he has been just as important. His commentary has been second to none since making his radio debut in 1960.

While playing for Australia, fans flocked to the cricket to watch Benaud led sides dominate whoever they played. The late 1950’s to early 1960’s was a golden period in Australian cricket, with players such as Simpson, Lawry and Harvey scoring runs, while Benaud and Davidson did the damage with the ball.

Richie Benaud was responsible for resurrecting cricket in this country. The world was changing at that time, and so was cricket. It was being shown on television for the first time, while radio coverage was becoming more advanced. Benaud felt he had a duty to the Australian public to make the game more entertaining. Sure, you could argue that the 1961 series was dull, but at least Australia retained the Ashes. Nobody will forget the tied Test against the West Indies, or Benaud’s audacious move to bowl around the wicket in Manchester.

Benaud is credited with popularising the tactics we see today. Huddles after a wicket were born in the Benaud era. Declaring just before stumps in a bid to steal a late wicket was something he thrived upon. Bowling into the rough is now seen as common practice.

Benaud was also prepared to try new things with the ball. He worked very hard on perfecting his wrong’un, the flipper and the top-spinner. His leg-spinner even had variety to it, making him one of the most complete tweakers at the time.

His leadership earned him respect immediately. Players loved being guided the likeable larrikin from Penrith. He looked after everyone both as a team, but also on an individual basis. His teammates trusted his innovative ideas, while he trusted them to execute them to the fullest.

For most Australians, summer means cricket. And cricket means hearing the dulcet tones of their favourite commentator, Richie Benaud. From the cream coloured suit, to the witty repartee with his colleagues, Benaud is the complete package

Contributors

This release wouldn't have been possible without the wonderful contributors to the zero-to-jupyterhub, and KubeSpawner repos. We'd like to thank everyone who contributed in any form - Issues, commenting on issues, PRs and reviews since the last Zero to JupyterHub release.

(Frank) Yu Cheng Gu 1160300422-RenQJ 1kastner 2efper A. Tan Aadi Deshpande abremirata28 AcademicAdmin Adam Huffman Adrian Wilke Akanksha Bhardwaj Akhil Lawrence Al Johri AlbanWende Alejandro del Castillo Aleksandr Blekh Alex Morreale Alex Newman Alexander Comerford Alexander Sadleir amangarg96 Amirahmad Khordadi Andreas Hilboll andregouveiasantana Andrew Andrew Catellier angelikamukhina Anton Khodak arcady-genkin Ariel Rokem Arne Küderle atne2008 awalther Ben Zipperer Beneath Benjamin Egelund-Müller BertR bharathwgl bing-he bjyxmas bpoettinger Brad Skaggs Braden Brian E. Granger Bruno P. Kinoshita brynjsmith Calvin Canh Tran camer314 Carol Willing Caspian cfoisy-osisoft ChanakyaBandara chang-zhijie Chao Wang Chen Zhiwei Chester Li Chia-liang Kao Chris Holdgraf Chris Seal Christian Alis Christian Mesh chrlunden Clancy Childs Clemens Tolboom cmw2196 Cody Scott Craig Willis cristofercri Curtis Maves cybertony Daisuke Taniwaki Dalon Lobo danamer Daniel Bachler Daniel Chalef Daniel Hnyk danielpcs Danny H DataVictorEngineer Dave Hirschfeld Dave Porter David Andersen David John Gagne Davide Deleted user Denis Shestakov Dennis Kipping Derek Ludwig DerekHeldtWerle DewinGoh Diogo djknight1 DmitrII Gerasimenko Doug Blank Dr. Di Prodi Dr. Zoltán Katona Dylan Nelson ebebpl Eliran Bivas eode Eran Pinhas eric-leblouch ericblau Erik LaBianca Erik Sundell Ermakov Petr erolosty Evan Savage Evert Rol Ezequiel Gioia fahadabbas91 farzadz foxlisimulation frouzbeh Félix-Antoine Fortin Gabriel Abdalla Cavalcante Gabriel Fair Gaetan Semet Gang Chen Gary Lucas Georgiana Elena gerroon Giuseppe Attardi Glen A Knight Gonzalo Fernandez ordas Guilherme Oenning Guo Zhang gweis Gábor Lipták Hagen Hoferichter hani1814 Hans Permana hhuuggoo hichemken HT-Moh HuangHenghua HuiWang Ian Carroll Ian Stuart Ivan Brezina J Forde J Gerard j08rebelo Jacob Matuskey Jacob Tomlinson Jaime Ferrando Huertas James Swineson jameshgrn Jan Niederau Jason Belsky Jason Hu Jason Rigby jason4zhu Jeff Whitworth Jeffrey Bush jeffwji Jessica B. Hamrick jfleury-eidos Ji Ma Jiren Jin jiyer2016 jlc175 jmabry jmchandonia jmf Joe Hamman Joerg Klein John Chase John Readey John Shojaei Jonathan Terhorst Jordan Miller Josh Bode Joshua Milas JP Moresmau jpays Juan Cruz-Benito Julian Rüth Julien Chastang Justin Ray Vrooman Jürgen Hermann Kah Mun kangzebin Kelly L. Rowland Kenan Erdogan Kerwin Sun kevbutler Kevin Bates khawarhere kide007 Kim-Seonghyeon kishitaku0630 Koshmaar Koustuv Sinha krinsman Kristian Gregorius Hustad Kristiyan KSHITIJA SAHARAN Kuriakin Zeng Kyla Harper Lachlan Musicman Laurent Abbal Leo Gallucci Leopold Talirz Li-Xian Chen Lisa Stillwell ljb445300387 Loïc Antoine Gombeaud Loïc Estève Lucas Durand Lukasz Tracewski m.fab Ma mangecoeur Manish Kushwaha Marc Illien marinalopez2110 Mark Mirmelstein Marlene Silva Marchena Martin Gergov Martin Zugnoni Marvin Solano Marwan Baghdad Matthias Bussonnier Matthias Klan Matthias Lee Matthieu Boileau Max Mensing mdivk Meesam Shah Michael Carroll Michael Huttner Michael Lovci Michael McCarthy Michael Milligan Michael Pilosov michec81 Mike Croucher MikeSpark Min RK MisterZ Moritz Kirschner Moritz Schlarb moskiGithub mpolidori mrclttnz MubashirullahD Muhammad-Imtiaz mxcheng2011 myidealab Naineel Shah narala558 newturok Ney Torres Nic Wayand Nico Bellack nifuki Nils Werner not4everybody NotSharath nschiraldi Nujjy oscar6echo Paperone80 Patafix Paul Mazzuca Paul Shealy Paulo Roberto de Oliveira Castro Pav K payalbhatia Peter Parente Peter Reid Phil Elson Phil Fenstermacher Philipp Kats phpdistiller phxedmond Piotr Pouria Hadjibagheri powerLeePlus Pratik Lal pydeepak Qcy R. C. Thomas raghav130593 Rahul Sharma Rama Krishna Jinka RBALAJI5 rbq Richard C Gerkin Richard Darst Richard Huntrods richyanicky Rob Nagler robin robotsp rothwewi rushikeshraut777 Ryan Ryan Abernathey Ryan Lovett Ryan McGuire rzuidhof Saiprasad Balasubramanian Sam Manzer samRddhimat Santosh Saranya411 Scott Crooks sdementen SeaDude SergeyK1 Shannon Shi Pengcheng shibbas Shinichi TAMURA Shiva1789 sidebo Sigurður Baldursson Simon Li Sindre Gulseth SivaMaplelabs sjillidimudi skruse smoulderme Solaris Spencer Ogden sreekanthmg Steven B Steven Silvester StudyQuant Subhash Suchit summerswallow summerswallow-whi Søren Fuglede Jørgensen Taewon Tania Allard Taposh Dutta Roy techie879 ThibTrip Thomas Mendoza thomas-rabiller-azimut Thong Kuah thongnnguyen Tim Crone Tim Head Timothy Griffiths Timothy Liu Todd Gamblin Tom Tomer Leibovich tregin Tren Huang Tuhina Chatterjee Tyler Gregory Uday Udit Arora Vasu Gaur Victor Lopez Vidit Agarwal VidJa Vincent Feng vishal49naik49 Vivek Vivek Rai vivekbiet Vlad-Mihai Sima Volker Braun wangcong Wangsoo Kim whositwhatnow Will Will Starms Willem Pienaar Xavier Lange YborBorn YizTian Yoav Tzelnick YoongHM yugushihuang Yuvi Panda Yuze Ma Zac Flamig Zach Day Zachary Sailer Zafer Cesur zmkhazi zneudl 田进 邱雨波 高彦涛

0.7.0 - Alex Blackwell - 2018-09-03

This release contains JupyterHub version 0.9.2, additional configuration options and various bug fixes.

IMPORTANT: This upgrade will require your users to stop their work at some point and have their pod restarted. You may want to give them a heads up ahead of time or do it during nighttime if none are active then.

Upgrading from v0.6

If you are running v0.5 of the chart, you should upgrade to v0.6 first before upgrading to 0.7.0. You can find out what version you are using by running helm list.

Follow the steps below to upgrade from v0.6 to 0.7.0.

1. (Optional) Ensure the hub's and users' data isn't lost

This step is optional, but a recommended safeguard when the hub's and users' data is considered important. The changes makes the PersistentVolumes (PVs), which represent storage (user data and hub database) remain even if the PersistentVolumeClaims (PVCs) are deleted. The downside of this is that it requires you to perform manual cleanup of PVs when you want to stop spending money for the storage.

# The script is a saftey measure and patches your PersistentVolumes (PV) to
# not be garbage collected if the PersistentVolumeClaim (PVC) are deleted.
NAMESPACE=<YOUR-NAMESPACE>

# Ensure the hub's and users' data isn't lost
hub_and_user_pvs=($(kubectl get persistentvolumeclaim --no-headers --namespace $NAMESPACE | awk '{print $3}'))
for pv in ${hub_and_user_pvs[@]};
do
    kubectl patch persistentvolume $pv --patch '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}'
done

2. Update Helm (v2.9.1+ required)

# Update helm
curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get | bash

# Update tiller (on the cluster)
helm init --upgrade --service-account=tiller

# Verify the update
# NOTE: you may need to cancel and re-run the command, it should work within 30
#       seconds.
helm version
# VERIFY: Did it return both the client and server version?
# Client: &version.Version{SemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"}
# Server: &version.Version{SemVer:"v2.10.0", GitCommit:"9ad53aac42165a5fadc6c87be0dea6b115f93090", GitTreeState:"clean"}

3. (Optional) Clean up pre-puller resources

The pre-puller component of v0.6 could leave leftover resources after it finished, instead of cleaning up after itself. This script removes the pre-puller resources created by v0.6.

# This script will delete resources that were meant to be temporary
# The bug that caused this is fixed in version 0.7.0 of the Helm chart
NAMESPACE=<YOUR-NAMESPACE>

resource_types="daemonset,serviceaccount,clusterrole,clusterrolebinding,job"
for bad_resource in $(kubectl get $resource_types --namespace $NAMESPACE | grep '/pre-pull' | awk '{print $1}');
do
    kubectl delete $bad_resource --namespace $NAMESPACE --now
done

kubectl delete $resource_types --selector hub.jupyter.org/deletable=true --namespace $NAMESPACE --now

4. (Recommended) Clean up problematic revisions in your Helm release

This step is recommended due to bugs in Helm that could cause your JupyterHub Helm chart installation (release) to get stuck in an invalid state. The symptoms are often that helm upgrade commands fail with the reason that some resource does or doesn't exist.

# Look up the name of your Helm release (installation of a Helm chart)
helm list

# Store the name of the Helm release
RELEASE_NAME=<YOUR-RELEASE-NAME>

# Give yourself an overview of this release's revisions
helm history $RELEASE_NAME

# Check if you have multiple revisions in a DEPLOYED status (a bug), or if you
# have old PENDING_UPGRADES or FAILED revisions (may be problematic).
helm history $RELEASE_NAME | grep --extended-regexp "DEPLOYED|FAILED|PENDING_UPGRADE"

# If you have multiple revisions in DEPLOYED status, this script will clean up
# all configmaps except the latest with DEPLOYED status.
deployed_revisions=($(helm history $RELEASE_NAME | grep DEPLOYED | awk '{print $1}'))
for revision in ${deployed_revisions[@]::${#deployed_revisions[@]}-1};
do
    kubectl delete configmap $RELEASE_NAME.v$revision --namespace kube-system
done

# It seems plausible that upgrade failures could have to do with revisions
# having a PENDING_UPGRADE or FAILED status in the revision history. To delete
# them run the following command.
kubectl delete configmap --selector "NAME=$RELEASE_NAME,STATUS in (FAILED,PENDING_UPGRADE)" --namespace kube-system

5. Perform the upgrade

IMPORTANT: Do not miss out on the --force flag! --force is required due to changes in labelling of jupyterhub resources in 0.7. Helm cannot upgrade from the labelling scheme in 0.6 to that in 0.7 without --force, which deletes and recreates the deployments.

RELEASE_NAME=<YOUR-RELEASE-NAME>
NAMESPACE=<YOUR-NAMESPACE>

helm repo add jupyterhub https://jupyterhub.github.io/helm-chart/
helm repo update

# NOTE: We need the --force flag to allow recreation of resources that can't be
#       upgraded to the new state by a patch.
helm upgrade $RELEASE_NAME jupyterhub/jupyterhub --install \
    --force \
    --version=0.7.0 \
    --namespace=$NAMESPACE \
    --values config.yaml \
    --timeout 1800

6. Manage active users

Active users with running pods must restart their pods. If they don't the next time they attempt to access their server they may end up with {“error”: “invalid_redirect_uri”, “error_description”: “Invalid redirect URI”}.

You have the power to force this to happen, but it will abort what they are doing right now. If you want them to be able to do it in their own pace, you could use the /hub/admin path and shut them down manually when they are done.

NAMESPACE=<YOUR-NAMESPACE>

# Inspect what users are currently running
kubectl get pod --selector component=singleuser-server --namespace $NAMESPACE

# Force all of them to shutdown their servers, and ensure the hub gets to
# realize that happened through a restart.
kubectl delete pod --selector component=singleuser-server --namespace $NAMESPACE
kubectl delete pod --selector component=hub --namespace $NAMESPACE

Troubleshooting - Cleanup of cluster

If things fail, you can try the following before installing the chart. If you decide to take these steps, we recommend step 1 is taken first in order to not loose data and that you ensure the old data is made available by the troubleshooting step below.

RELEASE_NAME=<YOUR-RELEASE-NAME>

# WARNING: Deletes everything installed by the Helm chart!
# WARNING: If you have not changed the reclaim policy of the hub in step 1, the
#          hub never be able to remember anything about past users. Also note
#          that even if you have taken step 1, you must also make the PVs become
#          `Available` again before the hub starts up again.
# NOTE: This does not include user pods or user storage PVCs as they have been
#       indirectly created by KubeSpawner
helm delete $RELEASE_NAME --purge

# WARNING: Deletes everything within the namespace!
# WARNING: If you have not changed the reclaim policy of the hub and users in
#          step 1, the hub's stored information about the users and the user's
#          storage will be lost forever. Also note that even if you have taken
#          step 1, you must also make the hub and users PVs become `Available`
#          before the hub and users startup again.
kubectl delete namespace <YOUR-NAMESPACE>

If you took these steps and step 1, you should probably right now continue with the next troubleshooting section about making Released PVs Available for reuse.

Troubleshooting - Make Released PVs Available for reuse

If you followed step 1 and 2, you can after cleanup of a cluster reuse the old hub's and users' storage if you do this step before you installs the Helm chart again.

In more technical words: if you have deleted PVCs such as hub-db-dir or claim-anyusername, their PVs will end in a Released state assuming they had a reclaimPolicy set to Retain. To make use of these PVs again, we must make them Available for the to future PVCs that needs a PV to bind to.

NAMESPACE=<YOUR-NAMESPACE>

# Ensure the hub's and users' PVs are made `Available` again
hub_and_user_pvs=($(kubectl get persistentvolume | grep -E "Released.+$NAMESPACE/(hub-db-dir|claim-)" | awk '{print $1}'))
for pv in ${hub_and_user_pvs[@]};
do
    kubectl patch persistentvolume $pv --patch '{"spec":{"claimRef":{"uid":null}}}}'
done

# Ensure you don't have any PVCs in the lost state
lost_pvcs=($(kubectl get persistentvolumeclaim --namespace $NAMESPACE | grep -E "(hub-db-dir|claim-).+Lost" | awk '{print $1}'))
for pvc in ${lost_pvcs[@]};
do
    echo kubectl delete persistentvolumeclaim $pvc --namespace $NAMESPACE
done

Contributors

A. Tan Aaron Culich abhismvit AC AcademicAdmin Adam Grant Adam Huffman Adam Thornton Adam Tilghman Adam-Origamiiris Afreen Rahman agustaf agustiin aisensiy Ajay Changulani Akhil Lawrence akkibatra Alan King Albert J. de Vera Alejandro del Castillo Alejandro Gastón Alvarez Aleksandr Blekh Alex Leith Alex Marandon Alex Mellnik Alex Moore Alex Morreale Alex Tasioulis Alexander Alexander Hendorf Alexander Kruzhkov Alexander Morley Alexander Schwartzberg Allen Downey AlphaSRE Alramzey amangarg96 Amirahmad Khordadi Amit Rathi Analect anasos Andre Celere Andrea Abelli Andrea Turrini Andrea Zonca Andreas Heider Andrew Berger Andrew Melo andrewcheny András Tóth André Luiz Diniz Andy Berner Andy Doddington angus evans Anirudh Vyas Ankit Ankit Sharma ankit2894 Anthony Suen Anton Akhmerov Antonino Ingargiola Antonio Serrano AranVinkItility Arda Aytekin Ariel Balter Ariel Rokem arkroop Arthur arthur Arthur Koziel ArvinSiChuan aseishas at-cchaloux atullo2 Bastian Greshake Tzovaras bbarney213 bbrauns Ben Chuanlong Du Benjamin Paz Benoit Rospars BerserkerTroll BhagyasriYella bhavybarca Birgetit bitnik Borislav Aymaliev Botty Dimanov Brad Skaggs Brandon Sharitt Brent Brian E. Granger Brian Ray Bruce Beauchamp Bruce Chiarelli Byă Camilla Camilo Núñez Fernández Cara carluri Carol Willing Caspian chack05 chang-zhijie chaomaer chaoyue729 Charles Forelle chenyg0911 Chester Li Chia-liang Kao Chico Venancio Chris Fournier Chris Holdgraf Chris Seal Chris Van Pelt Christiaan Swanepoel Christian Alis Christian Hotz-Behofsits Christian Mesh Christian Moscardi Christine Banek Christopher Hench ckbhatt Claudius Mbemba cloud-science Cody Scott Cord Cory Johns cqzlxl Craig Willis Curtis Maves cyberquasar cybertony cyberyor Daisuke Taniwaki daleshsd Dan Allan Dan Hoerst Dan Lidral-Porter Daniel Daniel Morrison danielmaitre danielrychel Dario Romero darky2004 DataVictorEngineer Dave Aitken Dave Hirschfeld David Bath David Doherty David Kügler David Maxson David Napier David Pérez Comendador David Pérez-Suárez David Sanftenberg Davide deep-42-thought Deleted user DerekHeldtWerle Dhawal Patel disimone DmitrII Gerasimenko Dmitry Mishin Dominic Suciu Don Kelly Doug Holt Dragos Cojocari dturaev Dwight Townsend Dylan Lentini Eamon Keane Eddy Elbrink Emmanuel Gomez Enol Fernández epoch1970 Eric Charles Erik Sundell Ermakov Petr ernestmartinez EtienneDesticourt Evan Evan Van Dam Evert Rol eylenth Ezequiel Gioia fahadabbas91 Faras Sadek forbxy Francisco Zamora-Martinez FU Zhipeng Fyodor Félix-Antoine Fortin G YASHASVI Gaetan Semet Gaëtan Lehmann gbrahmi George Jose Gerben Welter Gerhard Burger GladysNalvarte Glen A Knight Graham Dumpleton grant-guo GRC Guillaume EB guimou Guo Zhang gweis Hagen Hoferichter hanbeibei hani1814 Hans Petter Bieker happytest143 Hassan Mudassir Helder Rodrigues hemantasingh Henddher Pedroza hjclub123 huhuhang Hunter Jackson Ian Indrajeet Singh ironv IssacPan Ivan Grbavac J Forde J Gerard Jacob Tomlinson James Curtin James Davidheiser James Londal James Veitch Jan Kalo Jason Kuruzovich Jason Williams jason4zhu javin-gn Jeremie Vallee Jeremy Lewi Jeremy Tuloup Jerry Schuman Jesse Cai Jesse Kinkead Jesse Zhang Jessica Wong Jim Basney Jim Hendricks Jiri Kuncar jlsimms jm2004 Joakim JocelynDelalande Joe Hamman Joel Pfaff John Kaltenbach John Readey johnbotsis johnkpark johnpaulantony Jonas Adler Jonathan Jonathan Brant Jonathan Wheeler jonny86 Joost W. Döbken Jose Manuel Monsalve Diaz Josh Barnes Josh Temple João Barreto jpolchlo JPUnD Juan Cabanela Julien Chastang Jurian Kuyvenhoven Justin Holmes Justin Moen justkar4u JYang25 Jürgen Hermann kakzhetak kaliko Kam Kasravi Kannan Kumar karthikpitchaimani Kenneth Lyons Kevin P. Fleming kevkid Kirill Dubovikov Knarfux Ko Ohashi krinsman KrisL Kristiyan lambertjosh Lars Biemans Leo Gallucci leolurunhe Leopold Talirz LeoPsidom lfzyx lgc019 Lifubang liusztc09 liuzhliang llancellotti lmerli84 loginoff Louis Garman Luca De Feo Luca Grazioli Lucas Durand Lucas Kushner Lukasz Lempart Lukasz Tracewski Lutz Behnke M Pacer Maciej Sawicki madsi1m mak-aravind Malin Aandahl Manjukb Marc BUFFAT marciocourense Marco Pleines Marcus Hunger Marcus Levine Mario Campos Marius van Niekerk Mark Mirmelstein marmaduke woodman Martin Forde Martín Anzorena maryamdev Mas mascarom Mathew Blonc Matt Hansen Matteo Ipri matthdan Matthew Bray Matthew Rocklin Matthias Bussonnier Matthias Klan mattvw Max Joseph Maxim Moinat mdivk Mereep merlin1608 Micah Micah Smith Michael Huttner Michael Milligan Michael Ransley michec81 Michele Bertasi Miguel Caballer Mike Hamer Min RK MincingWords MisterZ mohanamurali7 Mohit Monica Dessole moskiGithub mrkjones1979 mzilinski n3f Naeem Rashid Naineel Shah NaizEra nauhpc ndiy Neelanshu92 Nehemiah I. Dacres Neth Six ngokhoa96 Nick Brown Nickolaus D. Saint nickray Nico Bellack Nicolas M. Thiéry Nikolay Dandanov Nikolay Voronchikhin niveau0 Norman Gray ogre0403 Ola Tarkowska oneklc OpenThings ormskirk77 P.J. Little Pat W Patafix Paul Adams Paul Laskowski Paul Mazzuca Paulo Roberto de Oliveira Castro Pav K pedrovgp pekosro Peter Majchrak pgarapon Phil Fenstermacher philippschw Phuong Cao picca Pierre Accorsi Pinakibiswasdevops Pius Nyakoojo pjamason Pouria Hadjibagheri Prabhu Kasinathan Pramod Rizal Pranay Hasan Yerra Prateek prateek2408 Prerak Mody Przybyszo psnx pydo pyjones1 R. C. Thomas Rachidramadan1990 radudragusin Rafael Ladislau Rafael Mejia raghu20ram raja Ramin Ranjit Raphael Nestler RaRam Raviraju Vysyaraju reddyvenu Ricardo Rocha Rich Signell Richard Caunt Richard Darst Richard England Richard Ting Rizwan Saeed Rob Robert Casey Robert Drysdale Robert Jiang Robert Schroll robin Robin Robin Scheibler roemer2201 Rok Roškar Roman Gorodeckij roversne Roy Wedge Royi Rui Zhang Ruslan Usifov Ryan Abernathey Ryan Lovett rydeng sabarnwa sabyasm sadanand25 Sam Manzer Sambaiah Kilaru samy Sangram Gaikwad sanjaydatasciencedojo Sanmati Jain saransha Saranya411 sarath145p Satendra Kumar saurav maharjan saurs saurav SB sbailey-auro Scott Crooks Scott Sanderson SeaDude semanticyongjia serlina Seshadri Ramaswami shalan7 Shana Matthews Shannon Shantanu Singh Shengxin Huang shilpam11 Shiva Prasanth shreddd Shuo YU Sigurður Baldursson Simon Li Sirawit Pongnakintr SivaMaplelabs smiller5678 srican srini_b Stanislav Nazmutdinov stczwd Stefano Nicotri Stefano Taschini Stephanie Gott Stephen Lecrenski Stephen Pascoe Stephen Sackett Steven Silvester Stéphane Pouyllau sudheer0553 Sugu Sougoumarane Suman Addanki summerswallow summerswallow-whi sundeepChandhoke Sunip Mukherjee svzdvdoptum swgong Sylvain Desroziers syutbai T. George tankeryang TapasSpark Tassos Sarbanes teddy Kossoko tgamal Thomas Ashish Cherian Thomas Kluyver Thomas Mendoza thongnnguyen Thoralf Gutierrez Tim Crone Tim Freund Tim Head Tim Kennell Jr. Tim Klever Tim Shi TimKreuzer Tirthankar Chakravarty titansmc Tobias Morville tobiaskaestner Tom Davidson Tom Kwong Tom O'Connor Tomas Barton Tommaso Fabbri Tyler Erickson tzujan uday2002 Umar Sikander UsDAnDreS Vaclav Pavlin Varun M S Victor Paraschiv vishwesh5 Vladimir Kozhukalov vpvijay87 W. wangaiwudi Wei Hao weih1121 weimindong2016 whitebluecloud whositwhatnow will Will Starms William H William Hosford wtsyang XIAHUALOU xuhuijun Y-L-18 yee379 yeisonseverinopucv Yiding Yifan Li yougha54 Youri Noel Nelson yuandongfang Yueqi Wang yugushihuang Yuhi Ishikura Yuval Kalugny Yuvi Panda Zac Flamig Zachary Sailer Zachary Zhao ZachGlassman zaf Zafer Cesur zearaujo07 Zeb Nicholls Zelphir Kaltstahl ZenRay zero zeusal Zhongyi Zhou (Joe) Yuan ziedbouf zlshi zmkhazi Zoltan Fedor zyc Øystein Efterdal 孙永乐 张旭 武晨光 陈镇秋

[0.6] - Ellyse Perry - 2017-01-29

This release is primarily focused on better support for Autoscaling, Microsoft Azure support & better default security. There are also a number of bug fixes and configurability improvements!

Breaking changes

Pre-puller configuration

In prior versions (v0.5), if you wanted to disable the pre-puller, you would use:

prePuller:
  enabled: false

Now, to disable the pre-puller, you need to use:

prePuller:
  hook:
    enabled: false

See the pre-puller docs for more info!

Upgrading from 0.5

This release does not require any special steps to upgrade from v0.5. See the upgrade documentation for general upgrading steps.

If you are running v0.4 of the chart, you should upgrade to v0.5 first before upgrading to v0.6. You can find out what version you are using by running helm list.

Troubleshooting

If your helm upgrade fails due to the error no Ingress with the name "jupyterhub-internal" found, you may be experiencing a helm bug. To work around this, run kubectl --namespace=<YOUR-NAMESPACE> delete ingress jupyterhub-internal and re-run the helm upgrade command. Note that this will cause a short unavailability of your hub over HTTPS, which will resume normal availability once the deployment upgrade completes.

New Features

More secure by default

z2jh is more secure by default with 0.6. We now block access to cloud security metadata endpoints by default.

See the security documentation for more details. It has seen a number of improvements, and we recommend you read through it!

Autoscaling improvements

Some cloud providers support the kubernetes node autoscaler, which can add / remove nodes depending on how much your cluster is being used. In this release, we made a few changes to let z2jh interact better with the autoscaler!

  • Configure z2jh to 'pack' your users onto nodes, rather than 'spread' them across nodes.
  • A 'continuous' pre-puller that allows user images to be pulled on new nodes easily, leading to faster startup times for users on new nodes. ([link])
  • Hub and Proxy pod will not be disrupted by autoscaler, by using PodDisruptionBudgets. The Hub & Proxy will also stick together if possible, thus minimizing the number of nodes that can not be downsized by the autoscaler.

There is more work to be done for good autoscaling support, but this is a good start!

Better Azure support

Azure's new managed Kubernetes service (AKS) is much better supported by this version!

  • We have much better documentation on using z2jh with Azure!
  • We rewrote our pre-puller so it works on Azure (previously it did not)

Azure AKS is still in preview mode, so be aware of that before using it in any production workloads!

See the setting up Kubernetes on Microsoft AKS section for more information.

Better configurability

We now have better documentation and bug fixes for configurability!

  • extraConfig can be a dictionary instead of just a string. This helps when you have to split your config.yaml into multiple files for complex deployments
  • How user storage works by default is better documented
  • Reading config in extraConfig from extraConfigMap now actually works!
  • You can configure the URL that users are directed to after they log in. This allows defaulting users to JupyterLab
  • You can pre-pull multiple images now, for custom configuration that needs multiple images
  • Better instructions on pre-populating your user's filesystem using nbgitpuller

Ellyse Perry

(excerpt from https://www.cricket.com.au/players/ellyse-perry/1aMxKNyEOUiJqhq7N5Tlwg)

Arguably the best athlete in Australia, Ellyse Perry’s profile continues to rise with the dual cricket and soccer international having played World Cups for both sports.

Perry became the youngest Australian ever to play senior international cricket when she made her debut in the second ODI of the Rose Bowl Series in Darwin in July 2007 before her 17th birthday.

She went on to make her domestic debut in the 2007-08 Women’s National Cricket League season, taking 2-29 from 10 overs in her first match.

Since her national debut, Perry has become a regular fixture for the Southern Stars, playing in the 2009 ICC Women’s World Cup and the ICC Women’s World Twenty20 in the same year.

Leading Australia’s bowling attack, Perry played a crucial role in the ICC Women’s World Twenty20 Final in the West Indies in 2010.

The match came down to the wire, with New Zealand requiring five runs off the last ball to claim the title. Under immense pressure, Perry bowled the final ball of the tournament, which New Zealand’s Sophie Devine struck straight off the bat.

The talented footballer stuck out her boot to deflect the ball to Lisa Sthalekar at mid-on, securing the trophy for Australia. Perry’s figures of 3-18 in the final saw her take home the Player of the Match award.

Perry featured prominently in Australia's three-peat of World T20 victories, selected for the Team of the Tournament in 2012 and 2014.

She was named ICC Female Cricketer of the Year in 2017.

Contributors

This release wouldn't have been possible without the wonderful contributors to the zero-to-jupyterhub, and KubeSpawner repos. We'd like to thank everyone who contributed in any form - Issues, commenting on issues, PRs and reviews since the last Zero to JupyterHub release.

In alphabetical order,

[0.5] - Hamid Hassan - 2017-12-05

JupyterHub 0.8, HTTPS & scalability.

Upgrading from 0.4

See the upgrade documentation for upgrade steps.

New Features

JupyterHub 0.8

JupyterHub 0.8 is full of new features - see CHANGELOG for more details. Specific features made to benefit this chart are:

  1. No more 'too many redirects' errors at scale.
  2. Lots of performance improvements, we now know we can handle up to 4k active users
  3. Concurrent spawn limits (set via hub.concurrentSpawnLimit) can be used to limit the concurrent number of users who can try to launch on the hub at any given time. This can be tuned to avoid crashes when hundreds of users try to launch at the same time. It gives them a friendly error message + asks them to try later, rather than spinning forever.
  4. Active Server limit (set via hub.activeServerLimit) can be used to limit the total number of active users that can be using the hub at any given time. This allows admins to control the size of their clusters.
  5. Memory limits & guarantees (set via singleuser.memory) can now contain fractional units. So you can say 0.5G instead of having to use 512M.

And lots more!

Much easier HTTPS

It is our responsibility as software authors to make it very easy for admins to set up HTTPS for their users. v0.5 makes this much easier than v0.4. You can find the new instructions here and they are much simpler!

You can also now use your own HTTPS certificates & keys rather than using Let's Encrypt.

More authenticators supported

The following new authentication providers have been added:

  1. GitLab
  2. CILogon
  3. Globus

You can also set up a whitelist of users by adding to the list in auth.whitelist.users.

Easier customization of jupyterhub_config.py

You can always put extra snippets of jupyterhub_config.py configuration in hub.extraConfig. Now you can also add extra environment variables to the hub in hub.extraEnv and extra configmap items via hub.extraConfigMap. ConfigMap items can be arbitrary YAML, and you can read them via the get_config function in your hub.extraConfig. This makes it cleaner to customize the hub's config in ways that's not yet possible with config.yaml.

Hub Services support

You can also add external JupyterHub Services by adding them to hub.services. Note that you are still responsible for actually running the service somewhere (perhaps as a deployment object).

More customization options for user server environments

More options have been added under singleuser to help you customize the environment that the user is spawned in. You can change the uid / gid of the user with singleuser.uid and singleuser.fsGid, mount extra volumes with singleuser.storage.extraVolumes & singleuser.storage.extraVolumeMounts and provide extra environment variables with singleuser.extraEnv.

Hamid Hassan

Hamid Hassan is a fast bowler who currently plays for the Afghanistan National Cricket Team. With nicknames ranging from "Afghanistan's David Beckham" to "Rambo", he is considered by many to be Afghanistan's first Cricket Superhero. Currently known for fast (145km/h+) deliveries, cartwheeling celebrations, war painted face and having had to flee Afghanistan as a child to escape from war. He says he plays because "We are ambassadors for our country and we want to show the world that Afghanistan is not like people recognise it by terrorists and these things. We want them to know that we have a lot of talent as well"

Contributors

This release wouldn't have been possible without the wonderful contributors to the zero-to-jupyterhub, JupyterHub, KubeSpawner and OAuthenticator repos. We'd like to thank everyone who contributed in any form - Issues, commenting on issues, PRs and reviews since the last Zero to JupyterHub release.

In alphabetical order,

[0.4] - Akram - 2017-06-23

Stability, HTTPS & breaking changes.

Installation and upgrades

We recommend that you delete prior versions of the package and install the latest version. If you are very familiar with Kubernetes, you can upgrade from an older version, but we still suggest deleting and recreating your installation.

Breaking changes

  • The name of a user pod and a dynamically created home directory PVC (PersistentVolumeClaim) no longer include the userid in them by default. If you are using dynamic PVCs for home directories (which is the default), you will need to manually rename these directories before upgrading. Otherwise, new PVCs will be created, and users might freak out when viewing the newly created directory and think that their home directory appears empty.

    See PR #56 on what needs to change.

  • A StorageClass is no longer created by default. This shouldn't affect most new installs, since most cloud provider installations have a default (as of Kubernetes 1.6). If you are using an older version of Kubernetes, the easiest thing to do is to upgrade to a newer version. If not, you can create a StorageClass manually and everything should continue to work.

  • token.proxy is removed. Use proxy.secretToken instead. If your config.yaml contains something that looks like the following:

    token:
    proxy: <some-secret>

    you should change that to:

    proxy:
    secretToken: <some-secret>

Added

  • Added GitHub Authentication support, thanks to Jason Kuruzovich.
  • Added Ingress support! If your cluster already has Ingress support (with automatic Let's Encrypt support, perhaps), you can easily use that now.
  • We now add a label to user pods / PVCs with their usernames.
  • Support using a static PVC for user home directories or for the hub database. This makes this release usable with clusters where you only have one NFS share that must be used for the whole hub.
  • PostgreSQL is now a supported hub database backend provider.
  • You can set annotations & labels on the proxy-public service now.

Changed

  • We now use the official configurable http proxy (CHP) as the proxy, rather than the unofficial nchp. This should be a no-op (or require no changes) for the most part. JupyterHub errors might display a nicer error page.
  • The version of KubeSpawner uses the official Kubernetes python client rather than pycurl. This helps with scalability a little.

Removed

  • The deprecated createNamespace parameter no longer works, alongside the deprecated name parameter. You probably weren't using these anyway - they were kept only for backwards compatibility with very early versions.

Contributors

This release made possible by the awesome work of the following contributors (in alphabetical order):

<3

Akram

Wasim Akram (وسیم اکرم) is considered by many to be the greatest pace bowler of all time and a founder of the fine art of reverse swing bowling.

0.3

[0.3.1] - 2017-05-19

KubeSpawner updates. Release note

[0.3] - 2017-05-15

Deployer UX fixes. Release note

[0.2] - 2017-05-01

Minor cleanups and features. Release note

[0.1] - 2017-04-10

Initial Public Release. Release note