Release 2026.02.01

Infrastructure Component Upgrades

Traefik v3

• Upgraded to Traefik v3.6.7
• CRD API group migrated from traefik.containo.us to traefik.io
• Migration script handles both Helm-managed and application-created IngressRoutes, Middlewares, TLSOptions, and TLSStores across all namespaces

OpenSearch

• Migrated log storage to OpenSearch 2.19.0
• All resource names change from elasticsearch-* to opensearch-*
• Init container now uses the saturnK8sUtils image instead of the Elasticsearch image
• Values keys renamed: replicas.elasticsearch to replicas.opensearch, computeResources.elasticsearch to computeResources.opensearch

PostgreSQL 18

• Blue-green migration strategy: old and new Postgres run side-by-side during migration
• Migration script performs pg_dumpall | psql, re-hashes passwords for scram-sha-256 compatibility, patches secrets to point to the new instance, and verifies table counts
• Three-phase deployment: current version, both running, new version only
• Includes dry-run mode

API Standardization

Significant work was done to standardize the Saturn Cloud API across all routes. The frontend API client is now auto-generated from the backend’s OpenAPI spec, replacing the hand-maintained client with type-safe generated TypeScript.

Pagination

All list endpoints now use consistent cursor-based pagination with prev_key/next_key instead of mixed pagination styles. Affected endpoints include workspaces, deployments, jobs, Dask clusters, images, image tags, groups, invitations, orgs, secrets, service accounts, shared folders, SSH keys, subscriptions, tokens, users, and recipes.

Breaking Changes

• Logs endpoints (/api/{workspaces,deployments,jobs,dask_clusters}/{id}/logs): logs field changed from a string to a list of objects with metadata per log line
• Viewer endpoints (/api/{workspaces,deployments}/{id}/viewers): Removed user_id/group_id/name/avatar_url fields, replaced with identity nested schema. POST now returns only the newly created viewer.
• SSH key endpoints: Renamed from /api/ssh-private-keys and /api/ssh-public-keys (hyphenated) to /api/ssh_private_keys and /api/ssh_public_keys (underscored). Old endpoints are deprecated. List keys renamed from sshkeys to ssh_private_keys/ssh_public_keys.
• Users endpoint (/api/users): Replaced q query parameter with structured query schema. Removed org_id query parameter.
• External repos: Removed private field (was always true).
• Resource recipes (/api/resource_recipes): Removed entirely.

Deprecations

• PUT replaced by PATCH on: workspaces routes, deployment routes, Dask cluster routes, shared folders, service accounts, user preferences
• /api/base_images deprecated in favor of /api/images?is_base=true
• /api/invitations/{id}/approve and /api/invitations/{id}/reject deprecated in favor of PATCH /api/invitations/{id}
• /api/service_accounts/entitlements deprecated in favor of /api/service_account_entitlements
• /api/user/org-memberships deprecated in favor of /api/user/owners

Other API Changes

• /api/deployments/info and /api/jobs/info separated into distinct endpoints
• Dask clusters: job_id separated from deployment_id in request/response schemas
• Recipes: spec.secrets.type renamed to spec.secrets.attachment_type
• Service accounts: POST response no longer wraps object in a service_account key
• User preferences: user_id parameter removed (current user only)
• /api/user GET: removed info key (use /api/info instead)

Nuxt UI v4

• Frontend upgraded to Nuxt v4 and Nuxt UI v4
• Complete visual refresh of all UI components (modals, sidebars, navigation, forms, page headers)

Resource Form Improvements

• Resource create/edit forms reorganized into a unified component structure
• “Advanced settings” checkbox removed; all settings are visible by default
• Environment variables use a structured key-value table input
• Paginated select components for large lists

Pod Summary API

• Pod data extracted from runtime summaries into a dedicated paginated pod_summaries API
• Polling interval scales with collection size for large pod sets
• Reduces API response sizes for deployments with many pods

Resource Type Standardization

• Resource types consolidated: JUPYTER_WORKSPACE and RSTUDIO_WORKSPACE merged into WORKSPACE, DASK_CLUSTER renamed to DASK
• Database migration updates usage_limits and resource_status tables in-place

Database Index Optimization

• Added partial indexes optimized for paginated queries across 12+ tables
• Replaces old composite COALESCE-based indexes with conditional partial indexes

Frontend UX

• Org switching works without navigating back to dashboard
• Standardized page headers across all pages
• Resource status no longer flickers briefly after starting a resource
• Subscription info cached in a Pinia store to reduce redundant API calls
• Improved show/hide password toggle behavior
• Improved responsiveness of log viewer pages
• Navigation items filtered by disabled state

Bug Fixes

• Fixed multi-cluster job unscheduling leaving orphaned CronJobs on remote clusters
• Fixed operator token refresh always using managerURI from env instead of the configured source
• Added startup probe to operator deployment
• Fixed excess ReplicaSet accumulation in operator

Operator

• All component images (Calico, OpenSearch, Postgres18) now flow through the operator’s top-level images config
• AWS region wired through to cluster-autoscaler
• RBAC expanded for Calico staged policy resources, Traefik nodes/configmaps, and cluster-autoscaler volumeattachments/resourceclaims
• New scripts/migrate.sh handles Traefik CRD migration and Postgres upgrade with dry-run support
• New scripts/upgrade-eks.py for incremental EKS cluster version upgrades

Security Updates

• Updated cryptography, marshmallow, authlib, deepdiff (Python)
• Updated lodash, webpack, h3, devalue, nuxt (JavaScript)
• User creation no longer sets dummy passwords; uses null for OAuth-only users