JupyterHub the Helm chart version 0.11.0 is now released! 
Thank you all contributors to this release! Here are those that specifically contributed in the Z2JH repository, while many more have also contributed in project this JupyterHub distribution depends on, such as JupyterHub, KubeSpawner, OAuthenticator, Configurable-HTTP-proxy, and open source projects outside the JupyterHub organization. This is made possible by a large collaboration, thank you everyone! 
Contributors to this release
@arokem | @betatim | @chicocvenancio | @choldgraf | @consideRatio | @DArtagan | @manics | @minrk | @naterush | @rokroskar | @yuvipanda
0.11.0 - Changelog
Please read the security announcement and the breaking changes below, and
also note that this is the last release supporting Helm 2 and k8s versions lower
than 1.16.
Security announcement
This release contains the patched version of jupyterhub/oauthenticator which contained a security issue that influenced version 0.10.0 - 0.10.5 (but not 0.10.6) of this Helm chart.
Please don’t use versions 0.10.0 - 0.10.5 and upgrade to 0.10.6 or later. If you are using OAuthenticator, please check your list of users and delete any unauthorized users who may have logged in during usage of version 0.10.0 - 10.10.5.
See the published security advisory for more information, and refer to this forum post to share insights that can be useful to others.
Breaking changes
-
authconfiguration moves tohub.config- #1943Helm chart configuration under
authis now no longer supported. If you make ahelm upgradeusingauthconfiguration, the upgrade will abort before any changes are made to the k8s cluster and you will be provided with the equivalent configuration using the new system underhub.config.By default, the printed equivalent configuration is censored as it can contain secrets that shouldn’t be exposed. By passing
--global.safeToShowValues=trueyou can get an uncensored version. -
Pod Disruption Budget’s now disabled by default - #1938
A Pod Disruption Budget (PDB) for the hub and proxy pods were created by default before, but will by default not be created from now on. The consequence of this is that the pods now can get evicted.
Eviction will happen as part of
kubectl drainon a node, or by a cluster autoscaler removing a underused node.
Notable dependencies updated
| Dependency | Version in 0.10.6 | Version in 0.11.0 | Changelog link | Note |
|---|---|---|---|---|
| jupyterhub | 1.2.2 | 1.3.0 | Changelog | Run in the hub pod |
| kubespawner | 0.14.1 | 0.15.0 | Changelog | Run in the hub pod |
| oauthenticator | 0.12.1 | 0.12.3 | Changelog | Run in the hub pod |
| ldapauthenticator | 1.3.2 | 1.3.2 | Changelog | Run in the hub pod |
| ltiauthenticator | 0.4.0 | 1.0.0 | Changelog | Run in the hub pod |
| nativeauthenticator | 0.0.6 | 0.0.6 | Changelog | Run in the hub pod |
| jupyterhub-idle-culler | 1.0 | 1.0 | - | Run in the hub pod |
| configurable-http-proxy | 4.2.2 | 4.2.2 | Changelog | Run in the proxy pod |
| traefik | v2.3.2 | v2.3.7 | Changelog | Run in the autohttps pod |
| kube-scheduler | v1.19.2 | v1.19.7 | - | Run in the user-scheduler pod(s) |
For a detailed list of how Python dependencies have change in the hub Pod’s Docker image, inspect the images/hub/requirements.txt file.
Enhancements made
- ci: automatically scan and patch our images for known vulnerabilities #1942 (@consideRatio)
Bugs fixed
- Fix failure to block insecure metadata server IP #1950 (@consideRatio)
- Enable hub livenessProbe by default and relax hub/proxy probes #1941 (@consideRatio)
- Disable PDBs for hub/proxy, add PDB for autohttps, and relocate config proxy.pdb to proxy.chp.pdb #1938 (@consideRatio)
This post left out some PRs about maintenance, documentation, and continuous integration. The full changelog is available here.