Skip to content

CANFAR Science Platform Release 2026.2

June 11, 2026

CSP 2026.2

📢 Upcoming Infrastructure Upgrade

Over the next few months, the CANFAR Science Platform is moving to new hardware. We will transition all users from our existing compute and storage infrastructure to a new, faster, and more reliable cluster.

What is changing?

  • Compute — sessions and batch jobs will run on new hardware with faster CPUs, more memory per node, and improved GPU availability.
  • Storage — your home and project spaces (/arc) are moving to a new storage system with better performance and more capacity.

What stays the same?

  • Your account, your container images, and the way you log in.
  • Your data. Everything in home and project directories will be migrated.

Nothing to do yet

There is no action required right now. Watch your inbox over the coming weeks for the detailed migration schedule and step-by-step guidance.

✨ New Features

  • New Science Portal UI with improved mobile device experience.
  • CARTA 5.1.0 available.

🐍 Python Client & CLI Improvements

Configuration Reset Required

This release moves the CANFAR client to a new revision controlled configuration format. After upgrading, you will be required to re-login,

rm ~/.canfar/config.yaml
canfar login cadc

That single command authenticates you, discovers available Science Platform servers, and selects one.

  • New login flowcanfar login is now the one front door for authentication. Pass your identity provider directly, or run it bare to pick from a list:

    # Log in to CADC directly
    canfar login cadc
    # Or choose your identity provider interactively
    canfar login
    

    The same flow is available at package level for scripts and notebooks:

    import canfar
    canfar.login("cadc")
    canfar.server.use("canfar")
    
  • Manage identities and servers — new canfar auth and canfar server command groups let you inspect and switch authentication and servers without editing config files:

    canfar login srcnet      # Login with SRCNet
    canfar auth              # show active authentication
    canfar auth ls           # list all saved identities
    canfar auth use srcnet   # switch identity provider
    canfar server ls         # list servers for the active identity
    canfar server use canSRC # pick a server
    

    The CLI remembers the last valid server for each identity provider, so switching back and forth is seamless.

  • Script-friendly machine output--json and --yaml are now supported on auth, server, ps and config commands. Output is clean, stable-keyed data on stdout — errors and diagnostics go to stderr — so piping into tools like jq is safe,

    canfar config get active.server --json
    
  • Scientist session names — sessions launched without an explicit --name now get memorable defaults like einstein, curie, or ramanujan instead of random word pairs.

🐛 Platform Fixes

  • Enabled the deletion of non-empty user storage folders through the Storage UI
  • CANFAR CLI and Python Library:
    • The active-server banner (@<server-name>) now appears only in human-readable output, never in JSON/YAML, keeping machine output safe to pipe.
    • Documentation and docstring examples corrected to match the implemented code signatures.
    • canfar.helpers.distributed (chunk, stripe) batch helpers documented with corrected, runnable examples.
  • The skaha service is enjoying some optimizations that should help speed up session creation
    • Now relies on the Cavern self-allocation for new users.
    • Small internal optimizations where effort was previously wasted.
  • Cavern - Now enables the ability for new users to "self-allocate". Permissions are controlled either by Group setting, or using the SRCNet Permissions API.
  • See the new Helm Chart configuration for allocation authorization.

⚙️ Technical Changes

  • Science Portal UI/UX components are now based on a modern technology stack: Next.js, TypeScript, and React. This will simplify and expedite our capability to iterate and improve the portal components in the future.
  • Readiness checks added for all session types. Sessions aren't put in the 'Running' state until session initialization procedures are complete.
  • CARTA 5.1.0 with psrecord available (Requires CanfarSP 2026.2)
  • CANFAR CLI and Python Library

    Compatibility Notes

    • canfar context has been removed. Use canfar authand canfar server commands instead.
    • canfar auth login is deprecated and will be removed in a future release. Switch to canfar login.
    • Persisted client configuration now uses an explicit version: 1 schema.
    • canfar.authentication and canfar.server Python modules provide noninteractive helpers for authentication and server discovery, validation, and selection in scripts.
    • Runtime token/certificate skip saved-auth expiry hooks — no false AuthExpiredError with stale x509 config (#115).
  • Bug Fix: Removal of fsGroupChangePolicy and fsGroup - Ensures that kubernetes will avoid performing a recursive permission modification on job startup.

📦 Deployment Notes

  • Improved and simplified deployment documentation
    • Complexity of matching keys between skaha and cavern no longer required
    • Improved Kueue deployment documentation
  • The CANFAR Portal Branding Logo is now configurable
  • Deployers have the option to configure skaha and cavern to use the SRCNet Permissions API for authorization decisions.
  • For updated deployment instructions, refer to the OpenCADC Deployments repository.
  • Looking for a reference deployment to get past a deployment issue? You can now see what canSRC deploys as our ArgoCD Application.

Potential Breaking Changes

  • The skaha service is the only one that requires a Service Account as it will interact with the Kubernetes Cluster. The skaha helm chartserviceAccountName value will be required to be converted to the new serviceAccount object:

    # Old Helm Configuration
    deployment:
      skaha:
        serviceAccountName: skaha
    # New Helm Configuration
    serviceAccount:
      name: skaha
      create: false
    

  • Beware of maintaining RBAC rules through Helm Charts. Changes have been made to make the charts a little more ArgoCD friendly.

    rbac:
      create: true
      clusterRole:
        create: true
    
    The deployment.skaha.sessions.limitRange and deployment.skaha.sessions.kueue also maintain their own RBAC settings. See science platform helm chart for full options.

  • If Cavern was previously installed with a local PostgreSQL in the cluster, it may now require authentication provided. This can be done with a secret, or just setup username and password. The UWS database is volatile. See cavern helm chart for more information.

🔖 Releases

Python Client & CLI

Component Version
canfar 1.4+

Helm Charts & Container Images

Component Helm Chart Version Container Image
base 0.4.0 N/A
cavern 0.10.0 0.10.0
skaha 1.6.0 1.3.0
posix-mapper 0.5.0 0.3.2
science-portal 2.0.0 2.0.0
storage-ui 0.9.0 1.4.3

See detailed upgrade and deployment guidance for administrators and operators. These docs are going through an overhaul and are expected to improve significantly over the coming months.

💬 Contact & Support

For any questions about this release, or for information relating to CANFAR issues or deployment support, head over to the CANFAR Discord Server or please contact us at support@canfar.net.


Built with ❤ at CADC