Merge branch 'main' into wip-slug

minrk · Jun 12, 2024 · d6be9f5 · d6be9f5
2 parents 7bac57c + 25928f8
commit d6be9f5
Show file tree

Hide file tree

Showing 25 changed files with 1,559 additions and 495 deletions.
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -28,8 +28,8 @@ jobs:
     runs-on: ubuntu-22.04
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-python@v4
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: "3.10"
 
@@ -46,7 +46,7 @@ jobs:
       # ref: https://github.com/pypa/gh-action-pypi-publish
       - name: publish to pypi
         if: startsWith(github.ref, 'refs/tags/')
-        uses: pypa/gh-action-pypi-publish@v1.8.6
+        uses: pypa/gh-action-pypi-publish@release/v1
         with:
           user: __token__
           password: ${{ secrets.pypi_password }}
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -50,19 +50,19 @@ jobs:
               kubernetes_asyncio==24.2.3
 
           # Test with modern python and k8s versions
-          - python: "3.9"
-            k3s: stable
-          - python: "3.10"
-            k3s: latest
+          - python: "3.11"
+            k3s: v1.27
+          - python: "3.12"
+            k3s: v1.28
 
           # Test with latest python and JupyterHub in main branch
-          - python: "3.11"
+          - python: "3.X"
             k3s: latest
             test_dependencies: git+https://github.com/jupyterhub/jupyterhub
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-python@v4
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: "${{ matrix.python }}"
 
@@ -76,7 +76,7 @@ jobs:
       # though.
       #
       # ref: https://github.com/jupyterhub/action-k3s-helm/
-      - uses: jupyterhub/action-k3s-helm@v3
+      - uses: jupyterhub/action-k3s-helm@v4
         with:
           k3s-channel: ${{ matrix.k3s }}
           metrics-enabled: false
@@ -93,4 +93,4 @@ jobs:
         if: always()
 
       # ref: https://github.com/codecov/codecov-action
-      - uses: codecov/codecov-action@v3
+      - uses: codecov/codecov-action@v4
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -11,35 +11,35 @@
 repos:
   # Autoformat: Python code, syntax patterns are modernized
   - repo: https://github.com/asottile/pyupgrade
-    rev: v3.4.0
+    rev: v3.15.2
     hooks:
       - id: pyupgrade
         args:
           - --py37-plus
 
   # Autoformat: Python code
   - repo: https://github.com/pycqa/isort
-    rev: 5.12.0
+    rev: 5.13.2
     hooks:
       - id: isort
 
   # Autoformat: Python code
   - repo: https://github.com/psf/black
-    rev: 23.3.0
+    rev: 24.4.2
     hooks:
       - id: black
 
   # Autoformat: markdown, yaml
   - repo: https://github.com/pre-commit/mirrors-prettier
-    rev: v3.0.0-alpha.9-for-vscode
+    rev: v4.0.0-alpha.8
     hooks:
       - id: prettier
         # Don't run prettier on our jinja2 template files. We run djlint instead
         exclude: "kubespawner/templates/.*\\.html"
 
   # Misc...
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v4.6.0
     # ref: https://github.com/pre-commit/pre-commit-hooks#hooks-available
     hooks:
       # Autoformat: Makes sure files end in a newline and only a newline.
@@ -57,13 +57,13 @@ repos:
 
   # Lint: Python code
   - repo: https://github.com/PyCQA/flake8
-    rev: "6.0.0"
+    rev: "7.0.0"
     hooks:
       - id: flake8
 
   # Lint our jinja2 templates
   - repo: https://github.com/Riverside-Healthcare/djLint
-    rev: v1.30.2
+    rev: v1.34.1
     hooks:
       - id: djlint-jinja
         files: "kubespawner/templates/.*\\.html"

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -81,14 +81,14 @@ rules on your computer. We will now walk you through the steps to get going:
 
     ```bash
     # Linux
-    sudo ip route add 172.17.0.0/16 via $(minikube ip)
+    sudo ip route add $(kubectl get node minikube -o jsonpath="{.spec.podCIDR}") via $(minikube ip)
     # later on you can undo this with
-    sudo ip route del 172.17.0.0/16
+    sudo ip route del $(kubectl get node minikube -o jsonpath="{.spec.podCIDR}")
 
     # MACOS
-    sudo route -n add -net 172.17.0.0/16 $(minikube ip)
+    sudo route -n add -net $(kubectl get node minikube -o jsonpath="{.spec.podCIDR}") $(minikube ip)
     # later on you can undo this with
-    sudo route delete -net 172.17.0.0
+    sudo route delete -net $(kubectl get node minikube -o jsonpath="{.spec.podCIDR}")
     ```
 
     ### Troubleshooting

diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@
 [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/jupyterhub/kubespawner/test.yaml?logo=github&label=tests)](https://github.com/jupyterhub/kubespawner/actions)
 [![Code coverage](https://codecov.io/gh/jupyterhub/kubespawner/branch/main/graph/badge.svg)](https://codecov.io/gh/jupyterhub/kubespawner)
 
-The _kubespawner_ (also known as JupyterHub Kubernetes Spawner) enables JupyterHub to spawn
+The _kubespawner_ (also known as the JupyterHub Kubernetes Spawner) enables JupyterHub to spawn
 single-user notebook servers on a [Kubernetes](https://kubernetes.io/)
 cluster.
 

diff --git a/docs/source/changelog.md b/docs/source/changelog.md
@@ -4,13 +4,99 @@
 
 ## [Unreleased]
 
-#### Breaking changes
+### [6.2.0] - 2023-11-23
 
-- JupyterHub 4 is now required by KubeSpawner.
-  [#726](https://github.com/jupyterhub/kubespawner/pull/726)
-- Versions of K8s older than 1.24 are no longer supported, KubeSpawner may still
-  work but this is not guaranteed.
-  [#726](https://github.com/jupyterhub/kubespawner/pull/726)
+#### New features added
+
+- Add `k8s_api_verify_ssl` config [#801](https://github.com/jupyterhub/kubespawner/pull/801) ([@devenami](https://github.com/devenami), [@yuvipanda](https://github.com/yuvipanda))
+
+#### Bugs fixed
+
+- Omit ImagePullPolicy by default [#807](https://github.com/jupyterhub/kubespawner/pull/807) ([@yuvipanda](https://github.com/yuvipanda), [@GeorgianaElena](https://github.com/GeorgianaElena), [@minrk](https://github.com/minrk))
+- typo in reflector failure message [#798](https://github.com/jupyterhub/kubespawner/pull/798) ([@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio))
+- make sure futures can be cancelled [#797](https://github.com/jupyterhub/kubespawner/pull/797) ([@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio))
+
+#### Maintenance and upkeep improvements
+
+- update_k8s_model: log override at info not warn [#808](https://github.com/jupyterhub/kubespawner/pull/808) ([@manics](https://github.com/manics), [@consideRatio](https://github.com/consideRatio))
+- Update comment about why we save pod_name in db state [#806](https://github.com/jupyterhub/kubespawner/pull/806) ([@yuvipanda](https://github.com/yuvipanda), [@consideRatio](https://github.com/consideRatio))
+- Pull default image from quay.io, not dockerhub [#800](https://github.com/jupyterhub/kubespawner/pull/800) ([@yuvipanda](https://github.com/yuvipanda), [@consideRatio](https://github.com/consideRatio))
+
+#### Documentation improvements
+
+- docs: fix outdated k8s api reference links [#809](https://github.com/jupyterhub/kubespawner/pull/809) ([@consideRatio](https://github.com/consideRatio))
+- Dynamically retrieve podCIDR for routing in CONTRIBUTING [#793](https://github.com/jupyterhub/kubespawner/pull/793) ([@yuvipanda](https://github.com/yuvipanda), [@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio))
+- docs: add detail to internal_ssl + fix typos [#790](https://github.com/jupyterhub/kubespawner/pull/790) ([@byteMuncher0x](https://github.com/byteMuncher0x), [@consideRatio](https://github.com/consideRatio), [@yuvipanda](https://github.com/yuvipanda))
+
+#### Continuous integration improvements
+
+- ci: update python and k8s versions to test with, include py312 [#810](https://github.com/jupyterhub/kubespawner/pull/810) ([@consideRatio](https://github.com/consideRatio))
+
+#### Contributors to this release
+
+The following people contributed discussions, new ideas, code and documentation contributions, and review.
+See [our definition of contributors](https://github-activity.readthedocs.io/en/latest/#how-does-this-tool-define-contributions-in-the-reports).
+
+([GitHub contributors page for this release](https://github.com/jupyterhub/kubespawner/graphs/contributors?from=2023-09-28&to=2023-11-23&type=c))
+
+@byteMuncher0x ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fkubespawner+involves%3AbyteMuncher0x+updated%3A2023-09-28..2023-11-23&type=Issues)) | @consideRatio ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fkubespawner+involves%3AconsideRatio+updated%3A2023-09-28..2023-11-23&type=Issues)) | @devenami ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fkubespawner+involves%3Adevenami+updated%3A2023-09-28..2023-11-23&type=Issues)) | @GeorgianaElena ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fkubespawner+involves%3AGeorgianaElena+updated%3A2023-09-28..2023-11-23&type=Issues)) | @manics ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fkubespawner+involves%3Amanics+updated%3A2023-09-28..2023-11-23&type=Issues)) | @minrk ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fkubespawner+involves%3Aminrk+updated%3A2023-09-28..2023-11-23&type=Issues)) | @yuvipanda ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fkubespawner+involves%3Ayuvipanda+updated%3A2023-09-28..2023-11-23&type=Issues))
+
+## 6.1
+
+### [6.1.0] - 2023-09-28
+
+```{warning}
+If you have been using z2jh 3.0 or KubeSpawner 5.0-6.0, you may have _orphaned
+user server pods_ due to a now fixed bug, these are pods that are running but
+inaccessible by users because JupyterHub doesn't understand they are running.
+
+These should be cleaned up to avoid incurring pointless costs. For more
+information about this, see [this forum post].
+
+[this forum post]: https://discourse.jupyter.org/t/how-to-cleanup-orphaned-user-pods-after-bug-in-z2jh-3-0-and-kubespawner-6-0/21677
+```
+
+This release comes bugfixes, a performance improvement, and a new feature part
+of {attr}`.KubeSpawner.profile_list`. `profile_list`'s sub-config
+`profile_options` can now be include `unlisted_choice` that enables JupyterHub
+users to not just select a pre-defined choice, but to provide free text input.
+This can for example enable users to start any image they'd like, or any image
+matching a provided regular expression.
+
+#### New features added
+
+- Allow dropdown text for unlisted choice to be configurable [#777](https://github.com/jupyterhub/kubespawner/pull/777) ([@batpad](https://github.com/batpad), [@consideRatio](https://github.com/consideRatio))
+- Allow end user to select a choice different from list of available choices in profile_list [#735](https://github.com/jupyterhub/kubespawner/pull/735) ([@batpad](https://github.com/batpad), [@GeorgianaElena](https://github.com/GeorgianaElena), [@consideRatio](https://github.com/consideRatio), [@yuvipanda](https://github.com/yuvipanda), [@ranchodeluxe](https://github.com/ranchodeluxe), [@jbusecke](https://github.com/jbusecke), [@echarles](https://github.com/echarles))
+
+#### Enhancements made
+
+- improve efficiency of reflector [#755](https://github.com/jupyterhub/kubespawner/pull/755) ([@juliantaylor](https://github.com/juliantaylor), [@yuvipanda](https://github.com/yuvipanda), [@minrk](https://github.com/minrk))
+- only log pod names, not all pod contents when reflector has issues [#746](https://github.com/jupyterhub/kubespawner/pull/746) ([@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio))
+
+#### Bugs fixed
+
+- Don't sort keys by default in tojson when rendering profile forms [#787](https://github.com/jupyterhub/kubespawner/pull/787) ([@yuvipanda](https://github.com/yuvipanda), [@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio))
+- Support lists and dicts as values in `kubespawner_override` [#785](https://github.com/jupyterhub/kubespawner/pull/785) ([@yuvipanda](https://github.com/yuvipanda), [@consideRatio](https://github.com/consideRatio), [@minrk](https://github.com/minrk))
+- Fix for unlisted_choice, docstring updates, and misc refactoring [#773](https://github.com/jupyterhub/kubespawner/pull/773) ([@consideRatio](https://github.com/consideRatio), [@GeorgianaElena](https://github.com/GeorgianaElena))
+- only strip trailing '-' if it was added by a template variable [#770](https://github.com/jupyterhub/kubespawner/pull/770) ([@minrk](https://github.com/minrk), [@manics](https://github.com/manics))
+- [bufix] Allow POST requests without profile_options specified (defaults will be used) [#769](https://github.com/jupyterhub/kubespawner/pull/769) ([@GeorgianaElena](https://github.com/GeorgianaElena), [@consideRatio](https://github.com/consideRatio), [@yuvipanda](https://github.com/yuvipanda))
+- [bugfix] Using unlisted_choice a second time doesn't work [#766](https://github.com/jupyterhub/kubespawner/pull/766) ([@GeorgianaElena](https://github.com/GeorgianaElena), [@consideRatio](https://github.com/consideRatio), [@yuvipanda](https://github.com/yuvipanda))
+- Expand only environment variables set via Spawner.environment [#759](https://github.com/jupyterhub/kubespawner/pull/759) ([@yuvipanda](https://github.com/yuvipanda), [@consideRatio](https://github.com/consideRatio))
+- return poll status after first load finish [#742](https://github.com/jupyterhub/kubespawner/pull/742) ([@ivyxjc](https://github.com/ivyxjc), [@minrk](https://github.com/minrk), [@consideRatio](https://github.com/consideRatio), [@danilopeixoto](https://github.com/danilopeixoto))
+
+#### Maintenance and upkeep improvements
+
+- Rework of profile_list backend validation for readability and details [#774](https://github.com/jupyterhub/kubespawner/pull/774) ([@consideRatio](https://github.com/consideRatio), [@GeorgianaElena](https://github.com/GeorgianaElena))
+- Reword docstring to match new reality [#771](https://github.com/jupyterhub/kubespawner/pull/771) ([@yuvipanda](https://github.com/yuvipanda), [@consideRatio](https://github.com/consideRatio))
+
+#### Contributors to this release
+
+The following people contributed discussions, new ideas, code and documentation contributions, and review.
+See [our definition of contributors](https://github-activity.readthedocs.io/en/latest/#how-does-this-tool-define-contributions-in-the-reports).
+
+([GitHub contributors page for this release](https://github.com/jupyterhub/kubespawner/graphs/contributors?from=2023-05-31&to=2023-09-28&type=c))
+
+@batpad ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fkubespawner+involves%3Abatpad+updated%3A2023-05-31..2023-09-28&type=Issues)) | @consideRatio ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fkubespawner+involves%3AconsideRatio+updated%3A2023-05-31..2023-09-28&type=Issues)) | @danilopeixoto ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fkubespawner+involves%3Adanilopeixoto+updated%3A2023-05-31..2023-09-28&type=Issues)) | @echarles ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fkubespawner+involves%3Aecharles+updated%3A2023-05-31..2023-09-28&type=Issues)) | @GeorgianaElena ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fkubespawner+involves%3AGeorgianaElena+updated%3A2023-05-31..2023-09-28&type=Issues)) | @ivyxjc ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fkubespawner+involves%3Aivyxjc+updated%3A2023-05-31..2023-09-28&type=Issues)) | @jbusecke ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fkubespawner+involves%3Ajbusecke+updated%3A2023-05-31..2023-09-28&type=Issues)) | @juliantaylor ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fkubespawner+involves%3Ajuliantaylor+updated%3A2023-05-31..2023-09-28&type=Issues)) | @manics ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fkubespawner+involves%3Amanics+updated%3A2023-05-31..2023-09-28&type=Issues)) | @minrk ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fkubespawner+involves%3Aminrk+updated%3A2023-05-31..2023-09-28&type=Issues)) | @ranchodeluxe ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fkubespawner+involves%3Aranchodeluxe+updated%3A2023-05-31..2023-09-28&type=Issues)) | @yuvipanda ([activity](https://github.com/search?q=repo%3Ajupyterhub%2Fkubespawner+involves%3Ayuvipanda+updated%3A2023-05-31..2023-09-28&type=Issues))
 
 ## 6.0
 
@@ -777,7 +863,9 @@ Change highlights:
 - Update Kubernetes Python client to 6.0 (supporting Kubernetes 1.10 APIs)
 - Numerous bugfixes
 
-[unreleased]: https://github.com/jupyterhub/kubespawner/compare/6.0.0...HEAD
+[unreleased]: https://github.com/jupyterhub/kubespawner/compare/6.2.0...HEAD
+[6.2.0]: https://github.com/jupyterhub/kubespawner/compare/6.1.0...6.2.0
+[6.1.0]: https://github.com/jupyterhub/kubespawner/compare/6.0.0...6.1.0
 [6.0.0]: https://github.com/jupyterhub/kubespawner/compare/5.0.0...6.0.0
 [5.0.0]: https://github.com/jupyterhub/kubespawner/compare/4.3.0...5.0.0
 [4.3.0]: https://github.com/jupyterhub/kubespawner/compare/4.2.0...4.3.0

diff --git a/docs/source/index.md b/docs/source/index.md
@@ -2,7 +2,7 @@
 
 # Kubespawner
 
-The _kubespawner_ (also known as JupyterHub Kubernetes Spawner) enables JupyterHub to spawn
+The _kubespawner_ (also known as the JupyterHub Kubernetes Spawner) enables JupyterHub to spawn
 single-user notebook servers on a [Kubernetes](https://kubernetes.io/)
 cluster.
 

diff --git a/docs/source/ssl.md b/docs/source/ssl.md
@@ -1,13 +1,25 @@
 # Internal SSL
 
-JupyterHub 1.0 introduces internal_ssl configuration for encryption and authentication of all internal communication.
+JupyterHub 1.0 introduces the internal_ssl configuration for encryption and authentication of all internal communication via mutual TLS.
 
-Kubespawner can mount the internal_ssl certificates as Kubernetes secrets into the jupyter user's pod.
+If enabled, the Kubespawner will mount the internal_ssl certificates as Kubernetes secrets into the jupyter user's pod.
 
 ## Setup
 
+To enable, use the following settings:
+
 ```
 c.JupyterHub.internal_ssl = True
 
 c.JupyterHub.spawner_class = 'kubespawner.KubeSpawner'
 ```
+
+Further configuration can be specified with the following (listed with their default values):
+
+```
+c.KubeSpawner.secret_name_template = "jupyter-{username}{servername}"
+
+c.KubeSpawner.secret_mount_path =  "/etc/jupyterhub/ssl/"
+```
+
+The Kubespawner sets the `JUPYTERHUB_SSL_KEYFILE`, `JUPYTERHUB_SSL_CERTFILE` and `JUPYTERHUB_SSL_CLIENT_CA` environment variables, with the appropriate paths, on the user's notebook server.