Skip to content

Commit

Permalink
add more docs, ci tests and fix discovered issues
Browse files Browse the repository at this point in the history
  • Loading branch information
AlexMapley committed Nov 17, 2023
1 parent c35e9a5 commit 63eab6f
Show file tree
Hide file tree
Showing 13 changed files with 437 additions and 47 deletions.
2 changes: 1 addition & 1 deletion charts/_templates.gotmpl
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ R and Python packages that Data Scientists need to create and share data product
Data Scientists use [RStudio Workbench](https://www.rstudio.com/products/workbench/) to analyze data and create data
products using R and Python.
{{- else if eq .Name "posit-chronicle" -}}
IT Administrators and Business Users use [Posit Chronicle](https://www.rstudio.com/products/chronicle/) to aggregate and monitor
IT Administrators and Business Users use Posit Chronicle](https://www.rstudio.com/chronicle/) to aggregate and monitor
posit product usage.
{{- end -}}
{{- end }}
Expand Down
2 changes: 1 addition & 1 deletion charts/posit-chronicle/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
apiVersion: v2
name: chronicle
name: posit-chronicle
description: Helm chart for the Chronicle Server
version: 0.1.0
appVersion: 2023.11.0
Expand Down
2 changes: 1 addition & 1 deletion charts/posit-chronicle/LICENSE
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# MIT License

Copyright (c) 2023 Posit PBC
Copyright (c) 2023 Posit Software PBC

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
Expand Down
6 changes: 2 additions & 4 deletions charts/posit-chronicle/Makefile
Original file line number Diff line number Diff line change
@@ -1,9 +1,7 @@
lint:
helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/empty-values.yaml .
helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/simple-values.yaml .
helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/complex-values.yaml .

template:
helm template -f ci/simple-values.yaml .

template-debug:
helm template -f ci/simple-values.yaml --debug .
helm template -f ci/complex-values.yaml . --debug
3 changes: 2 additions & 1 deletion charts/posit-chronicle/NEWS.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
# 0.1.0

- Initial release
- Migrated from a private repo, and integrated with rstudio helm shared libraries
- Migrated from a private repo, and integrated with rstudio helm shared libraries
- Add ci components and starting documentation
204 changes: 204 additions & 0 deletions charts/posit-chronicle/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,204 @@
# Posit Chronicle

![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: 2023.11.0](https://img.shields.io/badge/AppVersion-2023.11.0-informational?style=flat-square)

#### _Helm chart for the Chronicle Server_

IT Administrators and Business Users use Posit Chronicle](https://www.rstudio.com/chronicle/) to aggregate and monitor
posit product usage.

## For Production

To ensure a stable production deployment, please:

* Ensure you "pin" the version of the Helm chart that you are using. You can do
this using the `helm dependency` command and the associated "Chart.lock" files
or the `--version` flag. **IMPORTANT: This protects you from breaking changes**
* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check
for breaking changes
* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking
changes, as well as documentation below on how to use the chart

## Installing the Chart

To install the chart with the release name `my-release` at version 0.1.0:

```bash
helm repo add rstudio https://helm.rstudio.com
helm upgrade --install my-release rstudio/posit-chronicle --version=0.1.0
```

To explore other chart versions, take a look at:
```
helm search repo rstudio/posit-chronicle -l
```

## Usage

The Chronicle chart is meant to be used in tandem with other workbench and connect instances.
To enable the chronicle agent, additional values will have to be passed to your
workbench and connect values.

Here's some example agent helm values to run the agent sidecar in workbench:

```yaml
pod:
...
sidecar:
- name: chronicle-agent
image: posit-chronicle:latest
volumeMounts:
- name: CHRONICLE_PRODUCT_CLUSTER_ID
value: "posit-cluster-1"
- name: logs
mountPath: "/var/lib/rstudio-server/audit"
env:
- name: CHRONICLE_SERVER_ADDRESS
value: "http://chronicle-server.default.svc.cluster.local"
...
```

And here's some example agent helm values for connect, where we utilize an api key stored as a k8s secret
to scrape the connect rest server:

```yaml
pod:
...
sidecar:
- name: chronicle-agent
image: posit-chronicle:latest
env:
- name: CHRONICLE_PRODUCT_CLUSTER_ID
value: "posit-cluster-1"
- name: CHRONICLE_SERVER_ADDRESS
value: "http://chronicle-server.default.svc.cluster.local"
- name: CONNECT_API_KEY
valueFrom:
secretKeyRef:
name: connect
key: apikey
```
Note that it will be up to the user to provision that connect api key Kubernetes secret.
## Storage Configuration
Chronicle can be configured to store its data in a local kubernetes volime, in S3,
or in both.
The default configuration uses a local volume, which is suitable if you'd like to
access and analyze the data within your cluster:
``` yaml
config:
localStorage:
enabled: true
location: "./chronicle-data"
retentionPeriod: "30d"
```
RetentionPeriod accepts a duration string input. 0 implies infinite retention, disabling file expiration.
For example:
1s for 1 second, 5m for 5 minutes, 12h for 12 hours, 7d for one week, 365d for one year, 0 for unbound retention.
Units shorter than seconds or longer than days, such as milliseconds and weeks, are not supported.
You can disable local storage by setting `localStorage.enabled` to `false`, and you can enable S3
storage by setting `S3Storage.enabled` to `true`. Enabling both is also acceptable,
and the server will store to both places. When using S3, you must also set the `S3Storage.Bucket`
parameter, like so:

``` yaml
config:
s3Storage:
enabled: true
bucket: "posit-chronicle"
prefix: ""
profile: ""
region: "us-east-2"
```

If you are running on EKS, we strongly suggest using [IAM Roles for Service
Accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html)
to manage the credentials needed to access S3. In this scenario, once you have
[created an IAM
role](https://docs.aws.amazon.com/eks/latest/userguide/create-service-account-iam-policy-and-role.html),
you can use this role as an annotation on the existing Service Account:

``` yaml
serviceaccount:
enabled: false
# -- Additional annotations to add to the chronicle-server serviceaccount
annotations: {
eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here
}
# -- Additional labels to add to the chronicle-server serviceaccount
labels: {}
```

If you are unable to use IAM Roles for Service Accounts, there are any number of
alternatives for injecting AWS credentials into a container. As a fallback, the
s3 storage config allows specifying a profile:

``` yaml
config:
s3Storage:
enabled: true
bucket: "posit-chronicle"
prefix: ""
profile: "my-aws-account"
region: "us-east-2"
```

## Values

| Key | Type | Default | Description |
|-----|------|---------|-------------|
| config.http.listen | string | `":5252"` | |
| config.https.certificate | string | `""` | |
| config.https.enabled | bool | `false` | |
| config.https.key | string | `""` | |
| config.https.listen | string | `":443"` | |
| config.localStorage.enabled | bool | `true` | |
| config.localStorage.location | string | `"./chronicle-data"` | |
| config.localStorage.retentionPeriod | string | `"30d"` | |
| config.logging.serviceLog | string | `"STDOUT"` | |
| config.logging.serviceLogFormat | string | `"TEXT"` | |
| config.logging.serviceLogLevel | string | `"INFO"` | |
| config.metrics.enabled | bool | `true` | |
| config.profiling.enabled | bool | `false` | |
| config.profiling.listen | string | `":3030"` | |
| config.s3Storage.bucket | string | `"posit-chronicle"` | |
| config.s3Storage.compactionEnabled | bool | `false` | |
| config.s3Storage.enabled | bool | `false` | |
| config.s3Storage.prefix | string | `""` | |
| config.s3Storage.profile | string | `""` | |
| config.s3Storage.region | string | `"us-east-2"` | |
| config.tracing.address | string | `""` | |
| config.tracing.enabled | bool | `false` | |
| image.imagePullPolicy | string | `"Always"` | |
| image.repository | string | `"935931255537.dkr.ecr.us-east-2.amazonaws.com/chronicle"` | |
| image.tag | string | `"latest"` | |
| pod.affinity | object | `{}` | A map used verbatim as the pod's "affinity" definition |
| pod.annotations | object | `{}` | Additional annotations to add to the chronicle-server pods |
| pod.args[0] | string | `"start"` | |
| pod.args[1] | string | `"-c"` | |
| pod.args[2] | string | `"/opt/chronicle/config.gcfg"` | |
| pod.command | string | `"/chronicle"` | |
| pod.env | list | `[]` | Optional environment variables |
| pod.labels | object | `{}` | Additional labels to add to the chronicle-server pods |
| pod.nodeSelector | object | `{}` | A map used verbatim as the pod's "nodeSelector" definition |
| pod.rest.port | int | `5252` | |
| pod.tolerations | list | `[]` | An array used verbatim as the pod's "tolerations" definition |
| replicas | int | `1` | The number of replica pods to maintain for this service |
| service.rest.annotations | object | `{}` | Additional annotations to add to the chronicle-server service |
| service.rest.labels | object | `{}` | Additional labels to add to the chronicle-server service |
| service.rest.port | int | `80` | The port to use for the REST service |
| service.rest.targetPort | int | `5252` | The port to forward REST requests to on the pod. Also see pod.port |
| serviceaccount.annotations | object | `{}` | Additional annotations to add to the chronicle-server serviceaccount |
| serviceaccount.enabled | bool | `false` | |
| serviceaccount.labels | object | `{}` | Additional labels to add to the chronicle-server serviceaccount |
| storage.persistentVolumeSize | string | `"1Gi"` | |

----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3)

116 changes: 114 additions & 2 deletions charts/posit-chronicle/README.md.gotmpl
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,124 @@

{{ template "rstudio.install" . }}

# Usage
## Usage

The chronicle chart is meant to be used in tandem with other workbench and connect instances.
The Chronicle chart is meant to be used in tandem with other workbench and connect instances.
To enable the chronicle agent, additional values will have to be passed to your
workbench and connect values.

Here's some example agent helm values to run the agent sidecar in workbench:

```yaml
pod:
...
sidecar:
- name: chronicle-agent
image: posit-chronicle:latest
volumeMounts:
- name: CHRONICLE_PRODUCT_CLUSTER_ID
value: "posit-cluster-1"
- name: logs
mountPath: "/var/lib/rstudio-server/audit"
env:
- name: CHRONICLE_SERVER_ADDRESS
value: "http://chronicle-server.default.svc.cluster.local"
...
```

And here's some example agent helm values for connect, where we utilize an api key stored as a k8s secret
to scrape the connect rest server:

```yaml
pod:
...
sidecar:
- name: chronicle-agent
image: posit-chronicle:latest
env:
- name: CHRONICLE_PRODUCT_CLUSTER_ID
value: "posit-cluster-1"
- name: CHRONICLE_SERVER_ADDRESS
value: "http://chronicle-server.default.svc.cluster.local"
- name: CONNECT_API_KEY
valueFrom:
secretKeyRef:
name: connect
key: apikey
```

Note that it will be up to the user to provision that connect api key Kubernetes secret.

## Storage Configuration

Chronicle can be configured to store its data in a local kubernetes volime, in S3,
or in both.

The default configuration uses a local volume, which is suitable if you'd like to
access and analyze the data within your cluster:

``` yaml
config:
localStorage:
enabled: true
location: "./chronicle-data"
retentionPeriod: "30d"
```

RetentionPeriod accepts a duration string input. 0 implies infinite retention, disabling file expiration.
For example:
1s for 1 second, 5m for 5 minutes, 12h for 12 hours, 7d for one week, 365d for one year, 0 for unbound retention.
Units shorter than seconds or longer than days, such as milliseconds and weeks, are not supported.


You can disable local storage by setting `localStorage.enabled` to `false`, and you can enable S3
storage by setting `S3Storage.enabled` to `true`. Enabling both is also acceptable,
and the server will store to both places. When using S3, you must also set the `S3Storage.Bucket`
parameter, like so:

``` yaml
config:
s3Storage:
enabled: true
bucket: "posit-chronicle"
prefix: ""
profile: ""
region: "us-east-2"
```

If you are running on EKS, we strongly suggest using [IAM Roles for Service
Accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html)
to manage the credentials needed to access S3. In this scenario, once you have
[created an IAM
role](https://docs.aws.amazon.com/eks/latest/userguide/create-service-account-iam-policy-and-role.html),
you can use this role as an annotation on the existing Service Account:

``` yaml
serviceaccount:
enabled: false
# -- Additional annotations to add to the chronicle-server serviceaccount
annotations: {
eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here
}
# -- Additional labels to add to the chronicle-server serviceaccount
labels: {}
```

If you are unable to use IAM Roles for Service Accounts, there are any number of
alternatives for injecting AWS credentials into a container. As a fallback, the
s3 storage config allows specifying a profile:

``` yaml
config:
s3Storage:
enabled: true
bucket: "posit-chronicle"
prefix: ""
profile: "my-aws-account"
region: "us-east-2"
```


{{ template "chart.valuesSection" . }}

{{ template "helm-docs.versionFooter" . }}
Loading

0 comments on commit 63eab6f

Please sign in to comment.