Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add changelog for KubeSpawner 2.0.0 #547

Merged
merged 5 commits into from
Nov 28, 2021
Merged

Add changelog for KubeSpawner 2.0.0 #547

Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
2a21bd7
Add changelog for KubeSpawner 2.0.0
consideRatio Nov 19, 2021
a7158c1
Mention how to get sudo back
yuvipanda Nov 19, 2021
db62f4c
Apply suggestions from code review
consideRatio Nov 20, 2021
9a57ea0
Apply suggestions from code review
consideRatio Nov 22, 2021
6dcc8d5
Update release date for 2.0.0
consideRatio Nov 28, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions docs/source/changelog.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,31 @@

## [Unreleased]

## 2.0

### 2.0.0 - 2021-11-22
consideRatio marked this conversation as resolved.
Show resolved Hide resolved

#### Breaking changes

A breaking change was introduced in [#545](https://github.com/jupyterhub/kubespawner/pull/545), making the default value of `allow_privilege_escalation` be `False`. This means a user can't use `sudo` unless `allow_privilege_escalation` is explicitly set to `True`. The JupyterHub user Pod that KubeSpawner creates will have a container with a `securityContext` that has `allowPrivilegeEscalation` set to `false` by default.

For reference, the following can be read about `allowPrivilegeEscalation` in [Kubernetes official documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/):

> AllowPrivilegeEscalation: Controls whether a process can gain more privileges than its parent process. This bool directly controls whether the `no_new_privs` flag gets set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as `Privileged` OR 2) has `CAP_SYS_ADMIN`.

To revert to the previous behavior, set `allow_privilege_escalation` explicitly to `None`.
consideRatio marked this conversation as resolved.
Show resolved Hide resolved
consideRatio marked this conversation as resolved.
Show resolved Hide resolved

#### Bugs fixed

- Default allow_privilege_escalation to False [#545](https://github.com/jupyterhub/kubespawner/pull/545) ([@yuvipanda](https://github.com/yuvipanda))
- Ensure that the \_start_future attribute exists. [#541](https://github.com/jupyterhub/kubespawner/pull/541) ([@athornton](https://github.com/athornton))

#### Contributors to this release

([GitHub contributors page for this release](https://github.com/jupyterhub/kubespawner/graphs/contributors?from=2021-11-03&to=2021-11-19&type=c))

[@athornton](https://github.com/search?q=repo%3Ajupyterhub%2Fkubespawner+involves%3Aathornton+updated%3A2021-11-03..2021-11-19&type=Issues) | [@minrk](https://github.com/search?q=repo%3Ajupyterhub%2Fkubespawner+involves%3Aminrk+updated%3A2021-11-03..2021-11-19&type=Issues) | [@mriedem](https://github.com/search?q=repo%3Ajupyterhub%2Fkubespawner+involves%3Amriedem+updated%3A2021-11-03..2021-11-19&type=Issues) | [@welcome](https://github.com/search?q=repo%3Ajupyterhub%2Fkubespawner+involves%3Awelcome+updated%3A2021-11-03..2021-11-19&type=Issues) | [@yuvipanda](https://github.com/search?q=repo%3Ajupyterhub%2Fkubespawner+involves%3Ayuvipanda+updated%3A2021-11-03..2021-11-19&type=Issues)

## 1.1

### [1.1.2] - 2021-11-03
Expand Down