From cebaaf6fefdb66a6a9876e857dcbab18c4d16786 Mon Sep 17 00:00:00 2001 From: edavidaja Date: Tue, 7 May 2024 13:12:35 -0400 Subject: [PATCH 001/284] updated posit-docs extension --- _environment | 2 + .../posit-dev/posit-docs/_extension.yml | 49 +++---- .../posit-docs/assets/_analytics.html | 40 ++++++ .../assets/images/posit-guide-dm.svg | 1 + .../assets/images/posit-guide-ltmd.svg | 1 + .../assets/images/posit-guide-open-dm.svg | 1 + .../assets/images/posit-guide-open-ltmd.svg | 1 + .../assets/images/posit-logo-black-TM.svg | 2 +- _extensions/posit-dev/posit-docs/theme.scss | 121 +++++++++++++++++- _quarto.yml | 32 ++++- images/favicon.svg | 21 +++ images/posit-guide-dm.svg | 1 + images/posit-guide-ltmd.svg | 1 + images/posit-guide-open-dm.svg | 1 + images/posit-guide-open-ltmd.svg | 1 + images/posit-icon-fullcolor.svg | 22 ++++ images/posit-logo-black-TM.svg | 1 + images/posit-logo-fullcolor-TM.svg | 1 + 18 files changed, 256 insertions(+), 43 deletions(-) create mode 100644 _environment create mode 100644 _extensions/posit-dev/posit-docs/assets/_analytics.html create mode 100644 _extensions/posit-dev/posit-docs/assets/images/posit-guide-dm.svg create mode 100644 _extensions/posit-dev/posit-docs/assets/images/posit-guide-ltmd.svg create mode 100644 _extensions/posit-dev/posit-docs/assets/images/posit-guide-open-dm.svg create mode 100644 _extensions/posit-dev/posit-docs/assets/images/posit-guide-open-ltmd.svg create mode 100644 images/favicon.svg create mode 100644 images/posit-guide-dm.svg create mode 100644 images/posit-guide-ltmd.svg create mode 100644 images/posit-guide-open-dm.svg create mode 100644 images/posit-guide-open-ltmd.svg create mode 100644 images/posit-icon-fullcolor.svg create mode 100644 images/posit-logo-black-TM.svg create mode 100644 images/posit-logo-fullcolor-TM.svg diff --git a/_environment b/_environment new file mode 100644 index 00000000..3f26336d --- /dev/null +++ b/_environment @@ -0,0 +1,2 @@ +CURRENT_YEAR=2024 +PRODUCT_VERSION=2024.x diff --git a/_extensions/posit-dev/posit-docs/_extension.yml b/_extensions/posit-dev/posit-docs/_extension.yml index 4b25a124..5e7f0b4d 100644 --- a/_extensions/posit-dev/posit-docs/_extension.yml +++ b/_extensions/posit-dev/posit-docs/_extension.yml @@ -1,42 +1,33 @@ title: posit-docs -author: Ashley Henry -version: 0.2.0 -quarto-requred: ">=1.3.340" +author: Ashley Henry, David Aja, Aron Atkins +version: 3.0.0 +quarto-required: ">=1.3.340" contributes: project: project: type: website website: - title: favicon: "assets/images/favicon.svg" bread-crumbs: true navbar: pinned: true logo: "assets/images/posit-icon-fullcolor.svg" logo-alt: "Posit Documentation" - sidebar: - style: "floating" - collapse-level: 1 - search: true - pinned: false - page-footer: - left: - - text: © 2024 Posit Software, PBC - url: "https://posit.co" - center: | - Posit Product 12345 - right: - - icon: book - href: https://docs.posit.co - - icon: question-circle-fill - href: https://support.posit.co/hc/en-us - - icon: lightbulb-fill - href: https://solutions.posit.co - formats: - html: - theme: [theme.scss] - link-external-icon: true - link-external-newwindow: true - toc: true - toc-expand: true + - icon: "list" + menu: + - text: "docs.posit.co" + href: "https://docs.posit.co" + - text: "Posit Support" + href: "https://support.posit.co/hc/en-us/" + search: + copy-button: true + show-item-context: true + format: + html: + theme: [theme.scss] + link-external-icon: true + link-external-newwindow: true + toc: true + toc-expand: true + include-in-header: "assets/_analytics.html" diff --git a/_extensions/posit-dev/posit-docs/assets/_analytics.html b/_extensions/posit-dev/posit-docs/assets/_analytics.html new file mode 100644 index 00000000..6ba70366 --- /dev/null +++ b/_extensions/posit-dev/posit-docs/assets/_analytics.html @@ -0,0 +1,40 @@ + + diff --git a/_extensions/posit-dev/posit-docs/assets/images/posit-guide-dm.svg b/_extensions/posit-dev/posit-docs/assets/images/posit-guide-dm.svg new file mode 100644 index 00000000..b0c67d11 --- /dev/null +++ b/_extensions/posit-dev/posit-docs/assets/images/posit-guide-dm.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/_extensions/posit-dev/posit-docs/assets/images/posit-guide-ltmd.svg b/_extensions/posit-dev/posit-docs/assets/images/posit-guide-ltmd.svg new file mode 100644 index 00000000..f2c33c23 --- /dev/null +++ b/_extensions/posit-dev/posit-docs/assets/images/posit-guide-ltmd.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/_extensions/posit-dev/posit-docs/assets/images/posit-guide-open-dm.svg b/_extensions/posit-dev/posit-docs/assets/images/posit-guide-open-dm.svg new file mode 100644 index 00000000..d6b0e2b2 --- /dev/null +++ b/_extensions/posit-dev/posit-docs/assets/images/posit-guide-open-dm.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/_extensions/posit-dev/posit-docs/assets/images/posit-guide-open-ltmd.svg b/_extensions/posit-dev/posit-docs/assets/images/posit-guide-open-ltmd.svg new file mode 100644 index 00000000..77464c09 --- /dev/null +++ b/_extensions/posit-dev/posit-docs/assets/images/posit-guide-open-ltmd.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/_extensions/posit-dev/posit-docs/assets/images/posit-logo-black-TM.svg b/_extensions/posit-dev/posit-docs/assets/images/posit-logo-black-TM.svg index b85676de..3b159987 100644 --- a/_extensions/posit-dev/posit-docs/assets/images/posit-logo-black-TM.svg +++ b/_extensions/posit-dev/posit-docs/assets/images/posit-logo-black-TM.svg @@ -1 +1 @@ - \ No newline at end of file + \ No newline at end of file diff --git a/_extensions/posit-dev/posit-docs/theme.scss b/_extensions/posit-dev/posit-docs/theme.scss index bad2b7b1..418bd8b4 100644 --- a/_extensions/posit-dev/posit-docs/theme.scss +++ b/_extensions/posit-dev/posit-docs/theme.scss @@ -18,6 +18,11 @@ $posit-burgundy-1:#78384F; $posit-burgundy-2:#542938; $primary: $posit-blue; + +// Feature preview heading colors +$preview-header: #EE6331; /* posit orange, contrast: 8.45 */ +$preview-header-border: darken($preview-header, 5%); + // scss-docs-end color-variables // Typography @@ -75,6 +80,26 @@ $list-group-color: $primary !default; font-weight: 500; } +/* Style for the version included in the website title */ +.navbar-title small { + font-size: 14px; + display: block; + padding-left: 1em; +} + +/* Posit logo - navbar or footer */ +#footer-right-posit-logo { + width: 70px; + min-width: 70px; +} + +#footer-right-logo { + width: 20px; + min-width: 20px; + margin-left: -3px !important; + margin-right: -3px !important; +} + .nav-link { font-family: $font-family-monospace; text-transform: uppercase; @@ -98,22 +123,37 @@ $list-group-color: $primary !default; font-family: $font-family-sans-serif; } +/* Sidebar and toc */ + +/* Left nav */ +.sidebar-item-container .active { + font-weight: 500; +} + +/* Left nav - letter spacing */ +.sidebar-navigation li a { + letter-spacing: .03em; + font-size: 16px; +} + /* Mini TOC */ .sidebar nav[role=doc-toc]>ul li a { text-transform: none !important; font-family: $font-family-sans-serif; - font-size: 16px; - font-weight: 300 !important; - letter-spacing: .05em !important; + font-weight: 400 !important; + letter-spacing: -0.2px !important; +} + +.sidebar nav[role=doc-toc] ul>li>a.active, .sidebar nav[role=doc-toc] ul>li>ul>li>a.active { + font-weight: 700 !important; } /* Left nav - letter spacing */ .sidebar-navigation li a { - letter-spacing: .03em; - font-size: 16px; + letter-spacing: -0.2px; + line-height: normal; } - /* Posit logo - footer */ #footer-logo { width: 70px; @@ -125,7 +165,74 @@ $list-group-color: $primary !default; min-height: min-content; } +// Font + +/* Body font */ +body { + letter-spacing: -0.2px !important; + } + +// Specialty headers + +/* the feature PREVIEW header */ +.preview-header > h1:after, +.preview-header > h2:after, +.preview-header > h3:after, +.preview-header > h4:after, +header h1 .preview-header { + content: "Preview feature"; + margin-left: 1em; + position: relative; + border-radius: 50rem !important; + top: -0.5em; +} + +.preview-header > h1:after, +.preview-header > h2:after, +.preview-header > h3:after, +.preview-header > h4:after, +header h1 .preview-header, +div span.preview-feature { + color: $preview-header; + border: 1px solid $preview-header-border; + font-weight: 400; + font-size: 9pt !important; + padding: 0rem 0.4rem; +} + +div span.preview-feature { + margin-left: 1em; + text-transform: uppercase; +} + +// Lists + /* List disc colors */ li::marker { - color: $primary; + color: $primary; +} + +/* Callout steps for images with multiple items/steps shown in single image */ +ol.groovyAlpha { + list-style: none; + counter-reset: list-counter; + } + +ol.groovyAlpha li { + counter-increment: list-counter; +} + +ol.groovyAlpha li > p:before { + content: counter(list-counter, lower-alpha); + width: 16px; + height: 16px; + text-align: center; + margin-right: 10px; + color: #fff; + background-color: #fc403b; + display: inline-block; + border-radius: 8px; + font-size: 9px; + line-height: 16px; + vertical-align: middle; } diff --git a/_quarto.yml b/_quarto.yml index 3f2c9fa6..11cd7a54 100644 --- a/_quarto.yml +++ b/_quarto.yml @@ -1,5 +1,8 @@ project: type: posit-docs + pre-render: | + ./helm-docs --chart-search-root=charts --template-files=README.md.gotmpl --template-files=./_templates.gotmpl + ./helm-docs --chart-search-root=other-charts --template-files=README.md.gotmpl --template-files=./_templates.gotmpl render: - charts/rstudio-workbench/README.md - charts/rstudio-workbench/NEWS.md @@ -19,17 +22,34 @@ project: filters: - include-code-files -format: - posit-docs-html: - toc: true - website: title: Posit Helm Charts + site-url: https://docs.posit.co/helm bread-crumbs: true repo-url: https://github.com/rstudio/helm repo-actions: [edit, issue] - page-footer: - center: Posit Helm Charts + page-footer: + left: | + Copyright © 2000-{{< env CURRENT_YEAR >}} Posit Software, PBC. All Rights Reserved. + center: | + Posit Helm Charts {{< env PRODUCT_VERSION >}} + right: + - icon: question-circle-fill + href: "https://support.posit.co/hc/en-us" + - icon: lightbulb-fill + href: "https://solutions.posit.co/" + - text: "" + href: "https://docs.posit.co/" + - text: "" + href: "https://posit.co/" + navbar: + right: + - icon: "list" + menu: + - text: "docs.posit.co" + href: "https://docs.posit.co" + - text: "Posit Support" + href: "https://support.posit.co/hc/en-us/" sidebar: style: "floating" collapse-level: 1 diff --git a/images/favicon.svg b/images/favicon.svg new file mode 100644 index 00000000..d154019f --- /dev/null +++ b/images/favicon.svg @@ -0,0 +1,21 @@ + + + + + + + + + + + + diff --git a/images/posit-guide-dm.svg b/images/posit-guide-dm.svg new file mode 100644 index 00000000..b0c67d11 --- /dev/null +++ b/images/posit-guide-dm.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/images/posit-guide-ltmd.svg b/images/posit-guide-ltmd.svg new file mode 100644 index 00000000..f2c33c23 --- /dev/null +++ b/images/posit-guide-ltmd.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/images/posit-guide-open-dm.svg b/images/posit-guide-open-dm.svg new file mode 100644 index 00000000..d6b0e2b2 --- /dev/null +++ b/images/posit-guide-open-dm.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/images/posit-guide-open-ltmd.svg b/images/posit-guide-open-ltmd.svg new file mode 100644 index 00000000..77464c09 --- /dev/null +++ b/images/posit-guide-open-ltmd.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/images/posit-icon-fullcolor.svg b/images/posit-icon-fullcolor.svg new file mode 100644 index 00000000..ec7f5525 --- /dev/null +++ b/images/posit-icon-fullcolor.svg @@ -0,0 +1,22 @@ + + + + + + diff --git a/images/posit-logo-black-TM.svg b/images/posit-logo-black-TM.svg new file mode 100644 index 00000000..3b159987 --- /dev/null +++ b/images/posit-logo-black-TM.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/images/posit-logo-fullcolor-TM.svg b/images/posit-logo-fullcolor-TM.svg new file mode 100644 index 00000000..30512e6b --- /dev/null +++ b/images/posit-logo-fullcolor-TM.svg @@ -0,0 +1 @@ + \ No newline at end of file From e29a3185db6aced50ed65ca334b75141e31a09d6 Mon Sep 17 00:00:00 2001 From: edavidaja Date: Fri, 10 May 2024 15:40:43 -0400 Subject: [PATCH 002/284] run helm-docs as quarto pre-render --- .github/workflows/chart-doc.yaml | 30 ++++++++++++++++-------------- Justfile | 15 +++++++++------ _quarto.yml | 4 ++-- 3 files changed, 27 insertions(+), 22 deletions(-) diff --git a/.github/workflows/chart-doc.yaml b/.github/workflows/chart-doc.yaml index 249220fe..06e82c12 100644 --- a/.github/workflows/chart-doc.yaml +++ b/.github/workflows/chart-doc.yaml @@ -20,19 +20,22 @@ jobs: with: version: v3.6.3 + - name: install Just + uses: extractions/setup-just@v2 + - name: Install helm-docs env: - version: 1.5.0 + HELM_DOCS_VERSION: 1.13.1 run: | - echo "Installing helm-docs version $version" - curl -L -o helm-docs.tar.gz https://github.com/norwoodj/helm-docs/releases/download/v${version}/helm-docs_${version}_Linux_x86_64.tar.gz - tar -xzvf helm-docs.tar.gz helm-docs - rm -rf helm-docs.tar.gz + just setup + + - name: Install Quarto + uses: quarto-dev/quarto-actions/setup@v2 + with: + version: pre-release - - name: Run helm-docs - run: | - ./helm-docs --chart-search-root=charts --template-files=README.md.gotmpl --template-files=./_templates.gotmpl - ./helm-docs --chart-search-root=other-charts --template-files=README.md.gotmpl --template-files=./_templates.gotmpl + - name: Render Quarto Project + uses: quarto-dev/quarto-actions/render@v2 - name: Commit results run: | @@ -62,13 +65,12 @@ jobs: with: version: v3.6.3 + - name: install Just + uses: extractions/setup-just@v2 + - name: Compute and update dependent files run: | - set -xe - cd ./charts/rstudio-launcher-rbac && helm dependency build && cd - - helm template -n rstudio rstudio-launcher-rbac ./charts/rstudio-launcher-rbac --set removeNamespaceReferences=true > examples/rbac/rstudio-launcher-rbac.yaml - CHART_VERSION=$(helm show chart ./charts/rstudio-launcher-rbac | grep '^version' | cut -d ' ' -f 2) - cp examples/rbac/rstudio-launcher-rbac.yaml examples/rbac/rstudio-launcher-rbac-${CHART_VERSION}.yaml + just rbac - name: Commit results run: | diff --git a/Justfile b/Justfile index 9afbf6f2..3b5fbc64 100644 --- a/Justfile +++ b/Justfile @@ -1,13 +1,16 @@ DIFF := "diff" +HELM_DOCS_VERSION := env_var_or_default("HELM_DOCS_VERSION", "1.13.1") +OS := if os() == "macos" {"Darwin"} else if os() == "linux" {"Linux"} else if os() == "windows" {"Windows"} else {""} +ARCH := if arch() == "aarch64" {"arm64"} else if arch() == "x86_64" {"x86_64"} else {""} setup: #!/bin/bash - # TODO: idempotency - - # TODO: check for macos - mkdir -p ./bin/helm-docs-1.5.0/ - curl -L https://github.com/norwoodj/helm-docs/releases/download/v1.5.0/helm-docs_1.5.0_Darwin_x86_64.tar.gz | tar -xzvf - -C ./bin/helm-docs-1.5.0/ - ln -s $PWD/bin/helm-docs-1.5.0/helm-docs $PWD/bin/helm-docs + set -xe + echo "Installing helm-docs version {{HELM_DOCS_VERSION}}" + mkdir -p bin + curl -L -s https://github.com/norwoodj/helm-docs/releases/download/v{{HELM_DOCS_VERSION}}/helm-docs_{{HELM_DOCS_VERSION}}_{{OS}}_{{ARCH}}.tar.gz -o bin/helm-docs.tar.gz + tar -C ./bin -xz -f bin/helm-docs.tar.gz helm-docs + rm -rf bin/helm-docs.tar.gz update-lock: #!/bin/bash diff --git a/_quarto.yml b/_quarto.yml index 11cd7a54..8554e84c 100644 --- a/_quarto.yml +++ b/_quarto.yml @@ -1,8 +1,8 @@ project: type: posit-docs pre-render: | - ./helm-docs --chart-search-root=charts --template-files=README.md.gotmpl --template-files=./_templates.gotmpl - ./helm-docs --chart-search-root=other-charts --template-files=README.md.gotmpl --template-files=./_templates.gotmpl + ./bin/helm-docs --chart-search-root=charts --template-files=README.md.gotmpl --template-files=./_templates.gotmpl + ./bin/helm-docs --chart-search-root=other-charts --template-files=README.md.gotmpl --template-files=./_templates.gotmpl render: - charts/rstudio-workbench/README.md - charts/rstudio-workbench/NEWS.md From 93ab6e5df3a10dbde4f3f421614ab99823c6508f Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Fri, 10 May 2024 20:31:31 -0400 Subject: [PATCH 003/284] Workbench review --- charts/rstudio-workbench/README.md | 311 ++++++++++++++++------------- examples/workbench/index.qmd | 2 +- index.qmd | 10 +- 3 files changed, 179 insertions(+), 144 deletions(-) diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 9cda63d7..01abf0ab 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,4 +1,7 @@ -# Posit Workbench +--- +title: Posit Workbench +code-overflow: wrap +--- ![Version: 0.7.3](https://img.shields.io/badge/Version-0.7.3-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) @@ -7,19 +10,23 @@ Data Scientists use [Posit Workbench](https://posit.co/products/enterprise/workbench/) to analyze data and create data products using R and Python. -## For Production +## For production -To ensure a stable production deployment, please: +To ensure a stable production deployment: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check - for breaking changes +* "Pin" the version of the Helm chart that you are using. You can do this using the: + * `helm dependency` command *and* the associated "Chart.lock" files *or* + * the `--version` flag. + + ::: {.callout-important} + This protects you from breaking changes. + ::: + +* Before upgrading check for breaking changes using `helm diff upgrade`. * Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart + changes and the documentation below on how to use the chart. -## Installing the Chart +## Installing the chart To install the chart with the release name `my-release` at version 0.7.3: @@ -29,59 +36,65 @@ helm upgrade --install my-release rstudio/rstudio-workbench --version=0.7.3 ``` To explore other chart versions, take a look at: -``` + +```bash helm search repo rstudio/rstudio-workbench -l ``` -## Required Configuration +## Required configuration -This chart requires the following in order to function: +To function, this chart requires the following: -* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. +* A license file, license key, or the address of a running license server. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the home directory for users. - * If `homeStorage.create` is set, a PVC that relies on the default storage class will be created to generate the + * If `homeStorage.create` is set, it creates a Persistent Volume Claim (PVC) that relies on the default storage class to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use - with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend you disable `homeStorage.create` and - create your own `PersistentVolume` and `PersistentVolumeClaim`, then mount them into the container by specifying + with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend that you: + * disable `homeStorage.create` and + create your own `PersistentVolume` and `PersistentVolumeClaim`, then + * mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `homeStorage.name` and `homeStorage.mount`. - * If you cannot use a `PersistentVolume` to properly mount your users' home directories, you'll need to mount your + * If you cannot use a `PersistentVolume` to properly mount your users' home directories, mount your data in the container by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes/#nfs), specified in `pod.volumes` and `pod.volumeMounts`. - * If you cannot use a `Volume` to mount the directories, you'll need to manually mount them during container startup + * If you cannot use a `Volume` to mount the directories, manually mount them during container startup with a mechanism similar to what is described below for joining to auth domains. - * If not using `homeStorage.create`, you'll need to configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions. -* If using load balancing (by setting `replicas > 1`), you will need similar storage defined for `sharedStorage` to + * If not using `homeStorage.create`, configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions. +* If using load balancing (by setting `replicas > 1`), you need similar storage defined for `sharedStorage` to store shared project configuration. However, you can also configure the product to store its shared data underneath `/home` by setting `config.server.rserver\.conf.server-shared-storage-path=/home/some-shared-dir`. * A method to join the deployed `rstudio-workbench` container to your auth domain. The default `rstudio/rstudio-workbench` image has `sssd` installed and started by default. You can include `sssd` configuration in `config.userProvisioning` like so: -```yaml -config: - userProvisioning: - mysssd.conf: - sssd: - config_file_version: 2 - services: nss, pam - domains: rstudio.com - domain/rstudio.com: - id_provider: ldap - auth_provider: ldap -``` + + ```yaml + config: + userProvisioning: + mysssd.conf: + sssd: + config_file_version: 2 + services: nss, pam + domains: rstudio.com + domain/rstudio.com: + id_provider: ldap + auth_provider: ldap + ``` ## Licensing -This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. +This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against directly placing it in your values file. -### License File +### License file We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -`kubectl create secret generic rstudio-workbench-license --from-file=licenses/rstudio-workbench.lic` +```bash +kubectl create secret generic rstudio-workbench-license --from-file=licenses/rstudio-workbench.lic +``` Second, specify the following values: @@ -94,39 +107,48 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -`--set-file license.file.contents=licenses/rstudio-workbench.lic` +```bash +--set-file license.file.contents=licenses/rstudio-workbench.lic +``` -### License Key +### License key -Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. +Set a license key directly in your values file (`license.key`) or during `helm install` with the argument: -### License Server +```bash +--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX +``` -Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. +### License server -## General Principles +Set a license server directly in your values file (`license.server`) or during `helm install` with the argument: + +```bash +--set license.server= +``` + +## General principles - In most places, we opt to pass Helm values directly into ConfigMaps. We automatically translate these into the - valid `.ini` or `.dcf` file formats required by RStudio Workbench. Those config files and their mount locations are - below. -- If you need to modify the jobs launched by RStudio Workbench, you want to use `job-json-overrides`. There is a section on this below - and [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) - on the topic in general. -- The prestart scripts for RStudio Workbench and RStudio Launcher are highly customized to: - - Get the service account information off of the RStudio Workbench pod for use in launching jobs -- RStudio Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter - [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) + valid `.ini` or `.dcf` file formats required by RStudio Workbench. + - Those configuration files and their mount locations are covered in the [Configuration files](#configuration-files) section below. +- If you need to modify the jobs launched by RStudio Workbench, use `job-json-overrides`. + - Review the [Job Json overrides](#job-json-overrides) section on this below. For general information, see [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes). +- The prestart scripts for RStudio Workbench and RStudio Launcher are highly customized to get the service account information off of the RStudio Workbench pod for use in launching jobs. +- RStudio Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter. + - This is described in the + [Monitoring Posit Team Using Prometheus and Graphite](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) support article. ## Configuration files These configuration values all take the form of usual helm values -so you can set the database password with something like: +so you can set the database password with similar to: -``` +```bash ... --set config.secret.database\.conf.password=mypassword ... ``` -The files are converted into configuration files in the necessary format via go-templating. If you want to "in-line" a config file or mount it verbatim, you can use a pattern like: +The files are converted into configuration files, in the required format, via go-templating. If you want to "in-line" a configuration file or mount it verbatim, you can use a pattern like: ```yaml config: @@ -136,87 +158,77 @@ config: ``` The names of files are dynamically used, so you can add new files as needed. Beware that some files have default values, -so moving them can have adverse effects. Also, if you use a different mounting paradigm, you will need to change -the `XDG_CONFIG_DIRS` environment variable - -- Session Configuration - - These configuration files are mounted into the server and - are mounted into the session pods as well. - - `repos.conf`, `rsession.conf`, `notifications.conf` - - located in the `config.session.<< name of file >>` helm values - - mounted at `/mnt/session-configmap/rstudio/` -- Session Secret Configuration +so moving them can have adverse effects. Also, if you use a different mounting paradigm, you need to change +the `XDG_CONFIG_DIRS` environment variable. + +- Session Configuration: + - Configuration files: `repos.conf`, `rsession.conf`, `notifications.conf` + - These configuration files are mounted into the server and + the session pods. + - Located in the `config.session.<< name of file >>` helm values + - Mounted at `/mnt/session-configmap/rstudio/` +- Session Secret Configuration: - These configuration files are mounted into the server and session pods as well - `odbc.ini` and other similar shared secrets - located in `config.sessionSecret.<< name of file>>` helm values - mounted at `/mnt/session-secret/` -- Secret Configuration +- Secret Configuration: - These configuration files are mounted into the server with more restrictive permissions (0600) - `database.conf`, `openid-client-secret`, `databricks.conf` - They are located in the `config.secret.<< name of file >>` helm values - mounted at `/mnt/secret-configmap/rstudio/` -- Server Configuration +- Server Configuration: - These configuration files are mounted into the server (.ini file format) - `rserver.conf`, `launcher.conf`, `jupyter.conf`, `logging.conf` - They are located at `config.server.<< name of file >>` helm values - mounted at `/mnt/configmap/rstudio/` -- Server DCF Configuration +- Server DCF Configuration: - These configuration files are mounted into the server (.dcf file format) - `launcher-mounts`, `launcher-env` - They are located at `config.serverDcf.<< name of file >>` helm values - included at `/mnt/configmap/rstudio/` -- Profiles Configuration +- Profiles Configuration: - These configuration files are mounted into the server (.ini file format) - `launcher.kubernetes.profiles.conf` - They are located at `config.profiles.<< name of file >>` helm values - included at `/mnt/configmap/rstudio/` - - See the `Profiles` section below for more information -- Prestart + - See the [Profiles](#rstudio-profiles) section below for more information +- Prestart: - This is provided by the helm chart in a configmap - It is mounted into the pod at `/scripts/` - `prestart-workbench.bash` is used to start workbench - `prestart-launcher.bash` is used to start launcher -- User Provisioning Configuration - - These configuration files are used for configuring user provisioning (i.e. `sssd`) +- User Provisioning Configuration: + - These configuration files are used for configuring user provisioning (i.e., `sssd`) - Located at `config.userProvisioning.<< name of file >>` helm values - Mounted onto `/etc/sssd/conf.d/` with `0600` permissions by default -- Custom Startup Configuration +- Custom Startup Configuration: - `supervisord` service / unit definition `.conf` files - - Located at `config.startupCustom.<< name of file >>` helm values - - Will use the `.ini` file format, by default + - Use the `.ini` file format, by default - Mounted at `/startup/custom` - - As with all config files above, can override with a verbatim string if desired, like so: -```yaml -config: - startupCustom: - myfile.conf: | - file-used-verbatim -``` -- PAM configuration + - As with all configuration files above, can override with a verbatim string if desired: + - Located at `config.startupCustom.<< name of file >>` helm values: + ```yaml + config: + startupCustom: + myfile.conf: | + file-used-verbatim + ``` +- PAM configuration: - `pam` configuration files - Located at `config.pam.<< name of file >>` helm values - - Will be mounted verbatim as individual files (using `subPath` mounts) at `/etc/pam.d/<< name of file >>` - -### Configuring R and Python repositories - -#### R repositories - -R package repositories can be configured with `config.session.repos.conf`. + - Mounted verbatim as individual files (using `subPath` mounts) at `/etc/pam.d/<< name of file >>` -``` -config: - session: - repos.conf: - CRAN: https://packagemanager.posit.co/cran/__linux__/jammy/latest -``` - -For more information about configuring CRAN repositories in Workbench refer to the [Admin Guide](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories). +### Configuring Python and R repositories #### Python repositories -pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mounted into the session pods it is important that `launcher.useTemplates: true` is set and `pip.conf` settings are listed under `config.session` like in the example below for adding Posit Public Package Manager's PyPI. +pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mounted into the session pods, it is important that: -``` +- `launcher.useTemplates: true` is set +- `pip.conf` settings are listed under `config.session` as shown in the following example for adding Posit Public Package Manager's PyPI: + +```yaml launcher: useTemplates: true @@ -228,29 +240,43 @@ config: trusted-host: packagemanager.posit.co ``` -## User Provisioning +#### R repositories -Provisioning users in RStudio Workbench containers is challenging. Session images have users created automatically (with -consistent UIDs / GIDs), but creating users in the Workbench containers is a responsibility that falls to the -administrator today. +R package repositories can be configured with `config.session.repos.conf`: + +```yaml +config: + session: + repos.conf: + CRAN: https://packagemanager.posit.co/cran/__linux__/jammy/latest +``` + +For more information about configuring CRAN repositories in Workbench, see the [Posit Workbench Administrator Guide's - Package Installation > CRAN repositories](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories) section. + +## User provisioning + +Provisioning users in RStudio Workbench containers is challenging. Session images create users automatically (with +consistent UIDs / GIDs). However, creating users in the Workbench containers is a responsibility that falls to the +administrator. The most common way to provision users is via `sssd`. The [latest RStudio Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) has `sssd` included and running by default (see `userProvisioning` configuration files above). -The other way that this can be managed is via a lightweight "startup service" (runs once at startup and then sleeps forever) +The other way that this can be managed is via a lightweight startup service (runs once at startup and then sleeps forever) or a polling service (checks at regular intervals). Either can be written easily in `bash` or another programming language. -However, it is important to be careful of a few points: + +However, it is important to use caution for the following: - UID / GID consistency: linux usernames and their matching to UID/GID must be consistent across all nodes and across - time. Failing this can cause security issues and access by some users to files they should not be allowed to see -- usernames cannot have `@`. The `@` sign (often used in emails with SSO) is a problem for RStudio Workbench because - some operating systems disallow `@` signs in linux usernames + time. Failing can cause security issues and access by some users to access view they should not be allowed to see. +- Usernames cannot have `@`. The `@` sign (often used in emails with SSO) is a problem for RStudio Workbench because + some operating systems disallow `@` signs in linux usernames. - `supervisord` is configured by default to exit if any of its child processes exit. If you use `config.startupCustom` - to configure a user management service, be careful that it does not exit unnecessarily + to configure a user management service, be careful that it does not exit unnecessarily. We do not provide such a service out of the box because we intend for RStudio Workbench to solve this problem in a -future release. Please get in touch with your account representative if you have feedback or questions about this +future release. Please contact your account representative if you have feedback or questions about this workflow. ### PAM @@ -259,7 +285,7 @@ When starting sessions on RStudio Workbench, PAM configuration is often very imp an authentication mechanism. The RStudio Workbench helm chart allows creating custom PAM files via the `config.pam` values section. -Each key under `config.pam` will become a PAM config file, and will be mounted into `/etc/pam.d/` in the container. For +Each key under `config.pam` becomes a PAM configuration file, and is mounted into `/etc/pam.d/` in the container. For example: ```yaml @@ -279,17 +305,17 @@ Profiles are used to define product behavior (in `.ini` file format) based on us Sections define whether a set of configurations is applied to a user's jobs based on the following criteria: -- if section header is `[*]`, it applies to all users -- if a user's username is `myusername`, the section `[myusername]` will apply to them -- if a user is in the `allusers` group, then the section `[@allusers]` will apply to them +- If section header is `[*]`, it applies to all users. +- If a user's username is `myusername`, the section `[myusername]` applies to them. +- If a user is in the `allusers` group, then the section `[@allusers]` applies to them The product reads configuration from top to bottom and "last-in-wins" for a given configuration value. ### `/etc/rstudio/profiles` -The `/etc/rstudio/profiles` file enables you to tailor the behavior of sessions on a per-user or per-group basis. See the Workbench Admin Guide [User and Group Profiles](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.html) page for more details. +The `/etc/rstudio/profiles` file enables you to tailor the behavior of sessions on a per-user or per-group basis. See the [Posit Workbench Administrator Guide - User and Group Profiles](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.html) page for more information. -In the `values.yaml`, the content of `/etc/rstudio/profiles` should be defined in `config.server.profiles`. For example: +In the `values.yaml`, define the content of `/etc/rstudio/profiles` in `config.server.profiles`. For example: ```yaml config: @@ -312,17 +338,17 @@ session-timeout-minutes=60 ### `/etc/rstudio/launcher.kubernetes.profiles.conf` -The `/etc/rstudio/launcher.kubernetes.profiles.conf` contains the configuration of resource limits by user and group when using the Kubernetes Launcher Plugin. In the `values.yaml`, the content of `/etc/rstudio/launcher.kubernetes.profiles.conf ` should be defined in `config.profiles.launcher.kubernetes.profiles.conf`. The `config.profiles` section has a couple of niceties that are added in by default. +The `/etc/rstudio/launcher.kubernetes.profiles.conf` contains the configuration of resource limits by user and group when using the Kubernetes Launcher Plugin. In the `values.yaml`, define the content of `/etc/rstudio/launcher.kubernetes.profiles.conf ` in the `config.profiles.launcher.kubernetes.profiles.conf` file. The `config.profiles` section has a couple of niceties that are added in by default. -- YAML arrays like the following will be "comma-joined." For instance, the following will become: `some-key=value1,value2` +- YAML arrays like the following becomes "comma-joined." For instance, the following becomes: `some-key=value1,value2` -```yaml -some-key: - - value1 - - value2 -``` + ```yaml + some-key: + - value1 + - value2 + ``` -- The `[*]` section will have arrays "appended" to user and group sections, along with "defaults" defined by the chart. +- The `[*]` section has arrays "appended" to user and group sections, along with "defaults" defined by the chart. For example: @@ -339,6 +365,7 @@ config: - value4 - value5 ``` + Becomes: _/etc/rstudio/launcher.kubernetes.profiles.conf_ @@ -350,23 +377,28 @@ some-key: value1,value2 some-key: value1,value2,value3,value4 ``` -> NOTE: this appending/concatenation/array translation behavior only works with the helm chart +:::{.callout-note} +This appending/concatenation/array translation behavior only works with the helm chart. +::: + +### Job Json overrides -### Job Json Overrides +If you want to customize the job launch process (i.e., how sessions are defined), edit the following configuration: -If you want to customize the job launch process (i.e. how sessions are defined), you will need to edit the following -configuration: - - modify `config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` - - create an array of maps with the following keys: - - `target`: the "target" part of the job spec to replace - - `name`: a unique identifier (ideally with no spaces) that will become a config filename on disk - - `json`: a YAML value that will be translated directly to JSON and injected into the job spec at `target` +- Modify: + ```yaml + config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` + ``` +- Create an array of maps with the following keys: + - `target`: the "target" part of the job spec to replace + - `name`: a unique identifier (ideally with no spaces) becomes a configuration filename on disk. + - `json`: a YAML value that is translated directly to JSON and injected into the job spec at `target`. -Note that several examples are provided +Several examples are provided in [this support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) (however, examples do not use the helm chart syntax there). -Alternatively, you can explore the docs in the [helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md) +Alternatively, you can explore the docs in the [helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md).x ```yaml config: @@ -386,10 +418,11 @@ config: - "two-image:tag ``` -## Sealed Secrets +## Sealed secrets + This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. -To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted. The chart does not support mixing encrypted values with unencrypted values. +To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted (the chart does not support mixing encrypted values with unencrypted values): - `config.secret` - `config.sessionSecret` @@ -397,7 +430,7 @@ To activate the use of `SealedSecret` templates instead of `Secret` templates in - `launcherPem` - `secureCookieKey` (or `global.secureCookieKey`) -Use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key which can be generated via an RSA tool such as helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID which can be generated via a UUID generator such as helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. +Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key, which can be generated via an RSA tool such as helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID, which can be generated via a UUID generator such as helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. ## Values diff --git a/examples/workbench/index.qmd b/examples/workbench/index.qmd index 6b6ec2c0..2a3fb88a 100644 --- a/examples/workbench/index.qmd +++ b/examples/workbench/index.qmd @@ -12,7 +12,7 @@ Before using an example, read through all the comments and ensure you address ea While each example focuses on one or more particular configurations, RStudio Workbench has some standard requirements listed in each example. -Each example will need the following to run correctly: +Each example needs the following to run correctly: - PostgreSQL database specified in the Workbench configuration - License key or file specified diff --git a/index.qmd b/index.qmd index 319ec014..435cdc7b 100644 --- a/index.qmd +++ b/index.qmd @@ -1,13 +1,15 @@ -# Posit Helm Charts +--- +title: Posit Helm Charts +--- [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/rstudio)](https://artifacthub.io/packages/search?repo=rstudio) [![GitHub license](https://img.shields.io/github/license/rstudio/helm.svg)](https://github.com/rstudio/helm/blob/main/LICENSE) ## Usage -1. Install [Helm](https://helm.sh). Please refer to Helm's [documentation](https://helm.sh/docs/) for more information on getting started. +1. Install [Helm](https://helm.sh). Please refer to the [Helm documentation](https://helm.sh/docs/) for more information on getting started. -2. Add the Posit Helm repo: +2. Add the Posit Helm repository: ```console helm repo add rstudio https://helm.rstudio.com @@ -17,4 +19,4 @@ ```console helm search repo rstudio - ``` + ``` \ No newline at end of file From 43fb469045c11165f49fdd6d29b17e84ef2c6e34 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Fri, 10 May 2024 20:54:07 -0400 Subject: [PATCH 004/284] New version of posit theme installed --- _environment | 1 + .../posit-dev/posit-docs/_extension.yml | 54 ++- .../posit-dev/posit-docs/_posit-colors.scss | 37 ++ .../posit-docs/assets/_analytics.html | 40 ++ .../assets/images/exclamation-circle-dm.svg | 4 + .../assets/images/exclamation-circle.svg | 4 + .../assets/images/exclamation-triangle-dm.svg | 4 + .../assets/images/exclamation-triangle.svg | 4 + .../assets/images/info-circle-dm.svg | 4 + .../posit-docs/assets/images/info-circle.svg | 4 + .../assets/images/posit-guide-dm.svg | 1 + .../assets/images/posit-guide-ltmd.svg | 1 + .../assets/images/posit-guide-open-dm.svg | 1 + .../assets/images/posit-guide-open-ltmd.svg | 1 + .../assets/images/posit-logo-black-TM.svg | 2 +- .../posit-dev/posit-docs/theme-dark.scss | 342 ++++++++++++++++ _extensions/posit-dev/posit-docs/theme.scss | 366 +++++++++++++++--- _quarto.yml | 22 +- images/posit-guide-ltmd.svg | 1 + images/posit-icon-fullcolor.svg | 22 ++ 20 files changed, 826 insertions(+), 89 deletions(-) create mode 100644 _environment create mode 100644 _extensions/posit-dev/posit-docs/_posit-colors.scss create mode 100644 _extensions/posit-dev/posit-docs/assets/_analytics.html create mode 100644 _extensions/posit-dev/posit-docs/assets/images/exclamation-circle-dm.svg create mode 100644 _extensions/posit-dev/posit-docs/assets/images/exclamation-circle.svg create mode 100644 _extensions/posit-dev/posit-docs/assets/images/exclamation-triangle-dm.svg create mode 100644 _extensions/posit-dev/posit-docs/assets/images/exclamation-triangle.svg create mode 100644 _extensions/posit-dev/posit-docs/assets/images/info-circle-dm.svg create mode 100644 _extensions/posit-dev/posit-docs/assets/images/info-circle.svg create mode 100644 _extensions/posit-dev/posit-docs/assets/images/posit-guide-dm.svg create mode 100644 _extensions/posit-dev/posit-docs/assets/images/posit-guide-ltmd.svg create mode 100644 _extensions/posit-dev/posit-docs/assets/images/posit-guide-open-dm.svg create mode 100644 _extensions/posit-dev/posit-docs/assets/images/posit-guide-open-ltmd.svg create mode 100644 _extensions/posit-dev/posit-docs/theme-dark.scss create mode 100644 images/posit-guide-ltmd.svg create mode 100644 images/posit-icon-fullcolor.svg diff --git a/_environment b/_environment new file mode 100644 index 00000000..e8b49748 --- /dev/null +++ b/_environment @@ -0,0 +1 @@ +CURRENT_YEAR=2024 \ No newline at end of file diff --git a/_extensions/posit-dev/posit-docs/_extension.yml b/_extensions/posit-dev/posit-docs/_extension.yml index 4b25a124..9f03f0f2 100644 --- a/_extensions/posit-dev/posit-docs/_extension.yml +++ b/_extensions/posit-dev/posit-docs/_extension.yml @@ -1,42 +1,36 @@ title: posit-docs -author: Ashley Henry -version: 0.2.0 -quarto-requred: ">=1.3.340" +author: Ashley Henry, David Aja, Aron Atkins +version: 4.0.1 +quarto-required: ">=1.3.340" contributes: project: project: type: website website: - title: favicon: "assets/images/favicon.svg" bread-crumbs: true navbar: pinned: true logo: "assets/images/posit-icon-fullcolor.svg" - logo-alt: "Posit Documentation" - sidebar: - style: "floating" - collapse-level: 1 - search: true - pinned: false - page-footer: - left: - - text: © 2024 Posit Software, PBC - url: "https://posit.co" - center: | - Posit Product 12345 - + logo-alt: "Posit Documentation" right: - - icon: book - href: https://docs.posit.co - - icon: question-circle-fill - href: https://support.posit.co/hc/en-us - - icon: lightbulb-fill - href: https://solutions.posit.co - formats: - html: - theme: [theme.scss] - link-external-icon: true - link-external-newwindow: true - toc: true - toc-expand: true + - icon: "list" + aria-label: 'Drop-down menu for additional Posit resources' + menu: + - text: "docs.posit.co" + href: "https://docs.posit.co" + - text: "Posit Support" + href: "https://support.posit.co/hc/en-us/" + search: + copy-button: true + show-item-context: true + format: + html: + theme: + light: [theme.scss] + dark: [theme-dark.scss] + link-external-icon: true + link-external-newwindow: true + toc: true + toc-expand: true + include-in-header: "assets/_analytics.html" diff --git a/_extensions/posit-dev/posit-docs/_posit-colors.scss b/_extensions/posit-dev/posit-docs/_posit-colors.scss new file mode 100644 index 00000000..e4bf13a3 --- /dev/null +++ b/_extensions/posit-dev/posit-docs/_posit-colors.scss @@ -0,0 +1,37 @@ +/* Posit Color definitions */ +$posit-blue: #447099; +$posit-light-blue-1: #d1dbe5; +$posit-light-blue-2: #a2b8cb; +$posit-light-blue-3: #7494b1; +$posit-dark-blue-1: #305775; +$posit-dark-blue-2: #213d4f; + +$posit-orange: #ee6331; +$posit-light-orange-1: #edccbf; +$posit-light-orange-2: #eba38c; +$posit-dark-orange-1: #ab4d26; +$posit-dark-orange-2: #80361c; +$posit-dark-orange-3: #451f12; + +$posit-gray: #404041; +$posit-light-gray-1: #c2c2c4; +$posit-light-gray-2: #949494; +$posit-dark-gray-1: #333333; + +$posit-teal: #419599; +$posit-light-teal-1: #c2d9d9; +$posit-light-teal-2: #94bdbf; +$posit-light-teal-3: #70a3a6; +$posit-dark-teal-1: #297075; +$posit-dark-teal-2: #1f4f4f; +$posit-dark-teal-3: #122b2b; + +$posit-green: #72994e; + +$posit-burgundy: #9a4665; +$posit-light-burgundy-1: #d9c4cc; +$posit-light-burgundy-2: #bf96a3; +$posit-light-burgundy-3: #a67380; +$posit-dark-burgundy-1: #78384f; +$posit-dark-burgundy-2: #542938; +$posit-dark-burgundy-3: #2e171f; diff --git a/_extensions/posit-dev/posit-docs/assets/_analytics.html b/_extensions/posit-dev/posit-docs/assets/_analytics.html new file mode 100644 index 00000000..6ba70366 --- /dev/null +++ b/_extensions/posit-dev/posit-docs/assets/_analytics.html @@ -0,0 +1,40 @@ + + diff --git a/_extensions/posit-dev/posit-docs/assets/images/exclamation-circle-dm.svg b/_extensions/posit-dev/posit-docs/assets/images/exclamation-circle-dm.svg new file mode 100644 index 00000000..fbdfd203 --- /dev/null +++ b/_extensions/posit-dev/posit-docs/assets/images/exclamation-circle-dm.svg @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/_extensions/posit-dev/posit-docs/assets/images/exclamation-circle.svg b/_extensions/posit-dev/posit-docs/assets/images/exclamation-circle.svg new file mode 100644 index 00000000..6098c8b2 --- /dev/null +++ b/_extensions/posit-dev/posit-docs/assets/images/exclamation-circle.svg @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/_extensions/posit-dev/posit-docs/assets/images/exclamation-triangle-dm.svg b/_extensions/posit-dev/posit-docs/assets/images/exclamation-triangle-dm.svg new file mode 100644 index 00000000..63db9932 --- /dev/null +++ b/_extensions/posit-dev/posit-docs/assets/images/exclamation-triangle-dm.svg @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/_extensions/posit-dev/posit-docs/assets/images/exclamation-triangle.svg b/_extensions/posit-dev/posit-docs/assets/images/exclamation-triangle.svg new file mode 100644 index 00000000..65d947c9 --- /dev/null +++ b/_extensions/posit-dev/posit-docs/assets/images/exclamation-triangle.svg @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/_extensions/posit-dev/posit-docs/assets/images/info-circle-dm.svg b/_extensions/posit-dev/posit-docs/assets/images/info-circle-dm.svg new file mode 100644 index 00000000..6a5c164d --- /dev/null +++ b/_extensions/posit-dev/posit-docs/assets/images/info-circle-dm.svg @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/_extensions/posit-dev/posit-docs/assets/images/info-circle.svg b/_extensions/posit-dev/posit-docs/assets/images/info-circle.svg new file mode 100644 index 00000000..f4f803ad --- /dev/null +++ b/_extensions/posit-dev/posit-docs/assets/images/info-circle.svg @@ -0,0 +1,4 @@ + + + + diff --git a/_extensions/posit-dev/posit-docs/assets/images/posit-guide-dm.svg b/_extensions/posit-dev/posit-docs/assets/images/posit-guide-dm.svg new file mode 100644 index 00000000..b0c67d11 --- /dev/null +++ b/_extensions/posit-dev/posit-docs/assets/images/posit-guide-dm.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/_extensions/posit-dev/posit-docs/assets/images/posit-guide-ltmd.svg b/_extensions/posit-dev/posit-docs/assets/images/posit-guide-ltmd.svg new file mode 100644 index 00000000..f2c33c23 --- /dev/null +++ b/_extensions/posit-dev/posit-docs/assets/images/posit-guide-ltmd.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/_extensions/posit-dev/posit-docs/assets/images/posit-guide-open-dm.svg b/_extensions/posit-dev/posit-docs/assets/images/posit-guide-open-dm.svg new file mode 100644 index 00000000..d6b0e2b2 --- /dev/null +++ b/_extensions/posit-dev/posit-docs/assets/images/posit-guide-open-dm.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/_extensions/posit-dev/posit-docs/assets/images/posit-guide-open-ltmd.svg b/_extensions/posit-dev/posit-docs/assets/images/posit-guide-open-ltmd.svg new file mode 100644 index 00000000..77464c09 --- /dev/null +++ b/_extensions/posit-dev/posit-docs/assets/images/posit-guide-open-ltmd.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/_extensions/posit-dev/posit-docs/assets/images/posit-logo-black-TM.svg b/_extensions/posit-dev/posit-docs/assets/images/posit-logo-black-TM.svg index b85676de..9121db29 100644 --- a/_extensions/posit-dev/posit-docs/assets/images/posit-logo-black-TM.svg +++ b/_extensions/posit-dev/posit-docs/assets/images/posit-logo-black-TM.svg @@ -1 +1 @@ - \ No newline at end of file + \ No newline at end of file diff --git a/_extensions/posit-dev/posit-docs/theme-dark.scss b/_extensions/posit-dev/posit-docs/theme-dark.scss new file mode 100644 index 00000000..ec1e26d4 --- /dev/null +++ b/_extensions/posit-dev/posit-docs/theme-dark.scss @@ -0,0 +1,342 @@ +/*-- scss:defaults --*/ + +// import font +@import url("https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,500;0,600;0,700;0,800;1,300;1,400;1,500;1,600;1,700;1,800&display=swap"); + +// import shared colors +@import '_posit-colors'; + +/*-- scss:variables --*/ +$primary: $posit-teal; +$dark-md-body: $posit-light-gray-1; +$dark-md-background: #0c1721; + +// Feature preview heading colors +$preview-header: $posit-orange; /* posit orange, contrast: 8.45 */ +$preview-header-border: darken($preview-header, 5%); + +// scss-docs-end color-variables + +// Typography +// Font, line-height, and color for body text, headings, and more. + +//scss-font-start font-variables +$font-family-sans-serif: "Open Sans", "Segoe UI", Roboto, "Helvetica Neue", "Noto Sans", "Liberation Sans", Arial, + sans-serif, system-ui; +$font-family-monospace: "Source Code Pro", monospace; +$font-family-emoji: "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji"; +$font-size-base: 1rem; +// scss-docs-end font-variables + +//font and body color + +$body-color: $dark-md-body; +$popover-bg: $posit-green !default; + +// scss-docs-start font-sizes - seems that I have to keep these in the style sheet? +$h1-font-size: 44px; +$h2-font-size: 28px; +x h1 { + size: $h1-font-size; +} +h2 { + size: $h2-font-size; +} +// scss-docs-end font-sizes + +// Headings +// scss-docs-start headings-variables +$headings-color: #ffffff; +// scss-docs-end headings-variables + +// Customize the navbar +$navbar-bg: lighten($dark-md-background, 5%); +$navbar-fg: #ffffff; + +// CSS overrides + +// Body +// +// Settings for the `` element. + +//$body-color: $posit-green !default; +$body-bg: $dark-md-background !default; // dark mode change + +// Nav and footer + +/* Nav bar */ + +.navbar-title { + color: #ffffff; // dark theme change +} + +.nav-link { + font-family: $font-family-monospace; + text-transform: uppercase; + letter-spacing: 0.03em; + font-size: 14px !important; + font-weight: 500 !important; + color: #fff !important; +} + +.navbar-nav .nav-link.active, +.navbar-nav .nav-link.show { + color: $posit-teal !important; + font-weight: 700 !important; +} + +/* Nav bar right hamburger menu */ + +.dropdown-item:hover, +.dropdown-item:focus { + color: var(--bs-dropdown-link-hover-color); + background-color: #0f1c29 !important; +} + +/* Footer */ + +.nav-footer { + color: #ffffff !important; + border-top: solid $posit-gray 1px; +} + +/* Footer icons */ +.nav-footer a { + color: #ffffff !important; +} + +// Footnotes + +.footnote-back { + color: $posit-light-teal-2; +} + +// Breadcrumbs + +.quarto-title-breadcrumbs .breadcrumb li:last-of-type a { + color: $posit-light-gray-1 !important; +} + +// Page navigation + +.nav-page .nav-page-text { + color: $posit-light-gray-1; +} + +/* Inline code */ +p code:not(.sourceCode), +li code:not(.sourceCode), +td code:not(.sourceCode) { + background-color: #6e768166 !important; + color: #ffffff; +} + +// Code blocks + +/* Code block title*/ + +.quarto-dark .code-with-filename .code-with-filename-file { + background-color: #000000 !important; + border: none; +} + +.code-with-filename strong { + color: #6e9ac3; +} + +/* Code block background */ +$code-block-bg: lighten($dark-md-background, 10%); + +/* Copy button */ + +$btn-code-copy-color: $posit-light-blue-2; +$btn-code-copy-color-active: #ffffff; +$callout-icon-scale: 70%; + +// Tabs and pills + +/* Tabs */ + +.nav-tabs .nav-link.active { + color: $posit-teal !important; +} + +.nav-tabs .nav-link { + text-transform: none !important; + font-family: $font-family-sans-serif; + color: #ffffff !important; +} + +.nav-tabs .nav-link:hover, +.nav-link:focus { + color: $posit-teal !important; +} + +/* Pills */ + +.nav-pills .nav-link.active, +.nav-pills .show > .nav-link { + background-color: $posit-dark-teal-1 !important; +} + +.nav-pills .nav-link:hover, +.nav-link:focus { + isolation: isolate; + // color: $posit-teal !important; + border: none !important; +} + +.nav-pills .nav-link.active, +.nav-link:hover { + color: #ffffff !important; +} + +// Sidebar and toc + +/* Left nav - letter spacing */ +.sidebar-navigation li a { + color: #ffffff; +} + +.sidebar-navigation li a:hover { + color: inherit; +} + +.sidebar-item-container .active, +div.sidebar-item-container .show > .nav-link, +div.sidebar-item-container .sidebar-link > code { + color: $posit-teal !important; +} + +// Lists + +/* List disc colors */ +li::marker { + color: $posit-teal; +} + +// Callouts + +.callout.callout-style-default:not(.no-icon) div.callout-title-container { + color: #ffffff !important; +} + +div.callout.callout-style-default > div.callout-header { + opacity: none; +} + +/* Note */ + +div.callout-note.callout { + border-left-color: $posit-dark-blue-2 !important; + border-right: 1px solid $posit-dark-blue-2 !important; + border-top: 1px solid $posit-dark-blue-2 !important; + border-bottom: 1px solid $posit-dark-blue-2 !important; +} + +div.callout-note .callout-icon::before { + // base64 -i _extensions/posit-docs/assets/images/info-circle-dm.svg + background-image: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxNiIgaGVpZ2h0PSIxNiIgZmlsbD0iIzAwMDAwMCIgY2xhc3M9ImJpIGJpLWluZm8tY2lyY2xlIiB2aWV3Qm94PSIwIDAgMTYgMTYiPgogIDxwYXRoIGQ9Ik04IDE1QTcgNyAwIDEgMSA4IDFhNyA3IDAgMCAxIDAgMTRtMCAxQTggOCAwIDEgMCA4IDBhOCA4IDAgMCAwIDAgMTYiLz4KICA8cGF0aCBkPSJtOC45MyA2LjU4OC0yLjI5LjI4Ny0uMDgyLjM4LjQ1LjA4M2MuMjk0LjA3LjM1Mi4xNzYuMjg4LjQ2OWwtLjczOCAzLjQ2OGMtLjE5NC44OTcuMTA1IDEuMzE5LjgwOCAxLjMxOS41NDUgMCAxLjE3OC0uMjUyIDEuNDY1LS41OThsLjA4OC0uNDE2Yy0uMi4xNzYtLjQ5Mi4yNDYtLjY4Ni4yNDYtLjI3NSAwLS4zNzUtLjE5My0uMzA0LS41MzN6TTkgNC41YTEgMSAwIDEgMS0yIDAgMSAxIDAgMCAxIDIgMCIvPgo8L3N2Zz4=") !important; +} + +div.callout-note.callout-style-default > .callout-header { + background-color: $posit-blue !important; +} + +/* Warning */ + +div.callout-warning.callout { + border-left-color: $posit-dark-orange-2 !important; + border-right: 1px solid $posit-dark-orange-2 !important; + border-top: 1px solid $posit-dark-orange-2 !important; + border-bottom: 1px solid $posit-dark-orange-2 !important; +} + +div.callout-warning .callout-icon::before { + // base64 -i _extensions/posit-docs/assets/images/exclamation-triangle-dm.svg + background-image: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxNiIgaGVpZ2h0PSIxNiIgZmlsbD0iIzAwMDAwMCIgY2xhc3M9ImJpIGJpLWV4Y2xhbWF0aW9uLXRyaWFuZ2xlIiB2aWV3Qm94PSIwIDAgMTYgMTYiPgogIDxwYXRoIGQ9Ik03LjkzOCAyLjAxNkEuMTMuMTMgMCAwIDEgOC4wMDIgMmEuMTMuMTMgMCAwIDEgLjA2My4wMTYuMTUuMTUgMCAwIDEgLjA1NC4wNTdsNi44NTcgMTEuNjY3Yy4wMzYuMDYuMDM1LjEyNC4wMDIuMTgzYS4yLjIgMCAwIDEtLjA1NC4wNi4xLjEgMCAwIDEtLjA2Ni4wMTdIMS4xNDZhLjEuMSAwIDAgMS0uMDY2LS4wMTcuMi4yIDAgMCAxLS4wNTQtLjA2LjE4LjE4IDAgMCAxIC4wMDItLjE4M0w3Ljg4NCAyLjA3M2EuMTUuMTUgMCAwIDEgLjA1NC0uMDU3bTEuMDQ0LS40NWExLjEzIDEuMTMgMCAwIDAtMS45NiAwTC4xNjUgMTMuMjMzYy0uNDU3Ljc3OC4wOTEgMS43NjcuOTggMS43NjdoMTMuNzEzYy44ODkgMCAxLjQzOC0uOTkuOTgtMS43Njd6Ii8+CiAgPHBhdGggZD0iTTcuMDAyIDEyYTEgMSAwIDEgMSAyIDAgMSAxIDAgMCAxLTIgME03LjEgNS45OTVhLjkwNS45MDUgMCAxIDEgMS44IDBsLS4zNSAzLjUwN2EuNTUyLjU1MiAwIDAgMS0xLjEgMHoiLz4KPC9zdmc+") !important; +} + +div.callout-warning.callout-style-default > .callout-header { + background-color: $posit-dark-orange-1 !important; +} + +/* Important */ + +div.callout-important.callout { + border-left-color: $posit-dark-burgundy-2 !important; + border-right: 1px solid $posit-dark-burgundy-2 !important; + border-top: 1px solid $posit-dark-burgundy-2 !important; + border-bottom: 1px solid $posit-dark-burgundy-2 !important; +} + +div.callout-important .callout-icon::before { + // base64 -i _extensions/posit-docs/assets/images/exclamation-circle-dm.svg + background-image: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxNiIgaGVpZ2h0PSIxNiIgZmlsbD0iIzAwMDAwMCIgY2xhc3M9ImJpIGJpLWV4Y2xhbWF0aW9uLWNpcmNsZSIgdmlld0JveD0iMCAwIDE2IDE2Ij4KICA8cGF0aCBkPSJNOCAxNUE3IDcgMCAxIDEgOCAxYTcgNyAwIDAgMSAwIDE0bTAgMUE4IDggMCAxIDAgOCAwYTggOCAwIDAgMCAwIDE2Ii8+CiAgPHBhdGggZD0iTTcuMDAyIDExYTEgMSAwIDEgMSAyIDAgMSAxIDAgMCAxLTIgME03LjEgNC45OTVhLjkwNS45MDUgMCAxIDEgMS44IDBsLS4zNSAzLjUwN2EuNTUyLjU1MiAwIDAgMS0xLjEgMHoiLz4KPC9zdmc+") !important; +} + +div.callout-important.callout-style-default > .callout-header { + background-color: $posit-burgundy !important; +} + +// Tables + +.table > :not(caption) > * > * { + border-top: 2px solid #101e2b; +} + +/* Striped table styles */ + +.table-striped > tbody > tr:nth-of-type(odd) > * { + //--bs-table-bg-type: #001C2B !important; + --bs-table-bg-type: #101e2b !important; +} + +/* Striped table hover */ + +.table-hover > tbody > tr:hover > * { + //--bs-table-color-state: var(--bs-table-hover-color); + --bs-table-bg-state: #001c2b !important; +} + +// Table caption + +.panel-caption, +.figure-caption, +.subfigure-caption, +.table-caption, +figcaption, +caption { + font-size: 1rem; + color: $body-color !important; +} + +// Specialty headers + +/* the feature PREVIEW header */ +.preview-header > h1:after, +.preview-header > h2:after, +.preview-header > h3:after, +.preview-header > h4:after, +header h1 .preview-header, +div span.preview-feature { + background-color: $preview-header; + color: #ffffff; + border: 1px solid $preview-header-border; + font-weight: 600; + font-size: 9pt !important; + padding: 0rem 0.4rem; +} + +div span.preview-feature { + margin-left: 1em; + text-transform: uppercase; +} + +// Specialty lists +// Groovy list - dark mode change + +ol.groovyAlpha li > p:before { + content: counter(list-counter, lower-alpha); + font-weight: 600; +} diff --git a/_extensions/posit-dev/posit-docs/theme.scss b/_extensions/posit-dev/posit-docs/theme.scss index bad2b7b1..169d615b 100644 --- a/_extensions/posit-dev/posit-docs/theme.scss +++ b/_extensions/posit-dev/posit-docs/theme.scss @@ -1,40 +1,37 @@ /*-- scss:defaults --*/ // import font -@import url('https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,500;0,600;0,700;0,800;1,300;1,400;1,500;1,600;1,700;1,800&display=swap'); +@import url("https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,500;0,600;0,700;0,800;1,300;1,400;1,500;1,600;1,700;1,800&display=swap"); + +// import shared colors +@import '_posit-colors'; /*-- scss:variables --*/ +$primary: $posit-blue; -// scss-docs-start color-variables -$posit-blue: #447099; -$posit-dark-blue-1: #305775; -$posit-dark-blue-2: #213D4F; -$posit-orange: #EE6331; -$posit-gray: #404041; -$posit-teal: #419599; -$posit-green: #72994E; -$posit-burgundy:#9A4665; -$posit-burgundy-1:#78384F; -$posit-burgundy-2:#542938; +// Feature preview heading colors +$preview-header: #ee6331; /* posit orange, contrast: 8.45 */ +$preview-header-border: darken($preview-header, 5%); -$primary: $posit-blue; // scss-docs-end color-variables // Typography // Font, line-height, and color for body text, headings, and more. //scss-font-start font-variables -$font-family-sans-serif: "Open Sans", "Segoe UI", Roboto, "Helvetica Neue", "Noto Sans", "Liberation Sans", Arial, sans-serif, system-ui; +$font-family-sans-serif: "Open Sans", "Segoe UI", Roboto, "Helvetica Neue", "Noto Sans", "Liberation Sans", Arial, + sans-serif, system-ui; $font-family-monospace: "Source Code Pro", monospace; $font-family-emoji: "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji"; $font-size-base: 1rem; // scss-docs-end font-variables +//font and body color $body-color: $posit-gray; // scss-docs-start font-sizes -$h1-font-size:44px; -$h2-font-size:28px; +$h1-font-size: 44px; +$h2-font-size: 28px; h1 { size: $h1-font-size; @@ -44,7 +41,6 @@ h2 { } // scss-docs-end font-sizes - // Headings // scss-docs-start headings-variables $headings-font-weight: 300 !important; @@ -64,68 +60,334 @@ $list-group-color: $primary !default; // CSS overrides +// Body +// +// Settings for the `` element. + +/* Body font */ +body { + letter-spacing: -0.2px !important; +} + +// Nav and footer + +/* Navbar */ + .navbar { - box-shadow: 0 0 0.2rem #0000001a, 0 0.1rem 0.4rem #0003; - transition: transform .25s cubic-bezier(.1,.7,.1,1),box-shadow .25s; + box-shadow: + 0 0 0.2rem #0000001a, + 0 0.1rem 0.4rem #0003; + transition: + transform 0.25s cubic-bezier(0.1, 0.7, 0.1, 1), + box-shadow 0.25s; } .navbar-title { - font-family: $font-family-sans-serif; - font-size: $font-size-base; - font-weight: 500; + font-family: $font-family-sans-serif; + font-size: $font-size-base; + font-weight: 500; +} + +/* Style for the version included in the website title */ +.navbar-title small { + font-size: 14px; + display: block; + padding-left: 1em; } .nav-link { - font-family: $font-family-monospace; - text-transform: uppercase; - letter-spacing: .03em; - font-size: 14px !important; - font-weight: 500 !important; + font-family: $font-family-monospace; + text-transform: uppercase; + letter-spacing: 0.03em; + font-size: 14px !important; + font-weight: 500 !important; + color: $posit-gray !important; +} + +.navbar-nav .nav-link.active, +.navbar-nav .nav-link.show { + color: #000000 !important; + font-weight: 700 !important; } +/* Footer */ + .nav-footer { - font-family: $font-family-monospace; - text-transform: uppercase; - font-size: 14px; - border-top: solid #0000001a .01em; - align-items: center !important; + font-family: $font-family-monospace; + text-transform: uppercase; + font-size: 14px; + border-top: solid #0000001a 0.01em; + align-items: center !important; +} + +.nav-footer .nav-footer-center { + min-height: min-content; +} + +/* Footer icons */ + +/* Full Posit logo - currently, unused */ +#footer-right-full-posit-logo { + width: 70px; + min-width: 70px; +} + +/* Posit guide book */ +#footer-right-logo { + width: 24px; + min-width: 24px; + margin-left: -3px !important; + margin-right: -3px !important; + padding-top: 1px; +} + +/* Posit icon fullcolor */ +#footer-right-posit-logo { + width: 18px; + min-width: 18px; + margin-left: -3px !important; + margin-right: -3px !important; + padding-top: 1px; +} + +/* Posit logo - footer +#footer-logo { + width: 70px; + min-width: 70px; } +*/ -/* Tabs */ +.bi-question-circle-fill { + font-size: 18px !important; +} + +.bi-lightbulb-fill { + font-size: 18px !important; +} + +// Footnotes + +.footnote-back { + font-size: 16px !important; + font-weight: 900px !important; + color: $posit-dark-blue-1; +} + +// Tabs and pills + +/* Tabs */ .nav-tabs .nav-link { - text-transform: none !important; - font-family: $font-family-sans-serif; + text-transform: none !important; + font-family: $font-family-sans-serif; + color: $posit-gray !important; } -/* Mini TOC */ -.sidebar nav[role=doc-toc]>ul li a { - text-transform: none !important; - font-family: $font-family-sans-serif; - font-size: 16px; - font-weight: 300 !important; - letter-spacing: .05em !important; +.nav-tabs .nav-link.active, +.nav-tabs .nav-item.show .nav-link { + color: #000000 !important; +} + +.nav-tabs .nav-link:hover, +.nav-link:focus { + color: $posit-blue !important; +} + +/* Pills */ + +.nav-pills { + border: none !important; +} + +.nav-pills, +.panel-underline { + > .nav { + display: flex; + border: none !important; + flex-direction: row; + justify-content: center; + .nav-link { + cursor: pointer; + } + } +} + +.nav-pills > .nav .nav-link { + border: none !important; +} + +.nav-pills, +.panel-underline { + .tab-content { + padding-left: 0; + padding-right: 0; + border: none; + } +} + +.nav-pills .nav-link.active, +.nav-pills .nav-item.show .nav-link { + color: #ffffff !important; +} + +.nav-pills .nav-link:hover, +.nav-link:focus { + isolation: isolate; + color: $posit-blue !important; + border: none !important; +} + +.nav-pills .nav-link.active, +.nav-pills .show > .nav-link { + color: #ffffff !important; +} + +// Sidebar and toc + +/* Left nav */ +.sidebar-item-container .active { + font-weight: 500; } /* Left nav - letter spacing */ .sidebar-navigation li a { - letter-spacing: .03em; - font-size: 16px; + letter-spacing: 0.03em; + font-size: 16px; } +/* Left nav - letter spacing */ +.sidebar-navigation li a { + letter-spacing: -0.2px; + line-height: normal; +} -/* Posit logo - footer */ -#footer-logo { - width: 70px; - min-width: 70px; +/* Mini TOC */ +.sidebar nav[role="doc-toc"] > ul li a { + text-transform: none !important; + font-family: $font-family-sans-serif; + font-weight: 400 !important; + letter-spacing: -0.2px !important; } -/* Footer */ -.nav-footer .nav-footer-center { - min-height: min-content; +.sidebar nav[role="doc-toc"] ul > li > a.active, +.sidebar nav[role="doc-toc"] ul > li > ul > li > a.active { + font-weight: 700 !important; } +// Lists + /* List disc colors */ li::marker { - color: $primary; + color: $primary; +} + +// Callouts + +.callout.callout-style-default:not(.no-icon) div.callout-title-container { + color: $posit-dark-gray-1 !important; +} + +/* Note */ + +div.callout-note.callout { + border-left-color: $posit-blue !important; +} + +div.callout-note .callout-icon::before { + // base64 -i _extensions/posit-docs/assets/images/info-circle.svg + background-image: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxNiIgaGVpZ2h0PSIxNiIgZmlsbD0iIzE3MjEyQiIgY2xhc3M9ImJpIGJpLWluZm8tY2lyY2xlIiB2aWV3Qm94PSIwIDAgMTYgMTYiPgogIDxwYXRoIGQ9Ik04IDE1QTcgNyAwIDEgMSA4IDFhNyA3IDAgMCAxIDAgMTRtMCAxQTggOCAwIDEgMCA4IDBhOCA4IDAgMCAwIDAgMTYiLz4KICA8cGF0aCBkPSJtOC45MyA2LjU4OC0yLjI5LjI4Ny0uMDgyLjM4LjQ1LjA4M2MuMjk0LjA3LjM1Mi4xNzYuMjg4LjQ2OWwtLjczOCAzLjQ2OGMtLjE5NC44OTcuMTA1IDEuMzE5LjgwOCAxLjMxOS41NDUgMCAxLjE3OC0uMjUyIDEuNDY1LS41OThsLjA4OC0uNDE2Yy0uMi4xNzYtLjQ5Mi4yNDYtLjY4Ni4yNDYtLjI3NSAwLS4zNzUtLjE5My0uMzA0LS41MzN6TTkgNC41YTEgMSAwIDEgMS0yIDAgMSAxIDAgMCAxIDIgMCIvPgo8L3N2Zz4=") !important; +} + +div.callout-note.callout-style-default > .callout-header { + background-color: #dce7f2 !important; +} + +/* Warning */ +div.callout-warning.callout { + border-left-color: $posit-orange !important; +} + +div.callout-warning .callout-icon::before { + // base64 -i _extensions/posit-docs/assets/images/exclamation-triangle.svg + background-image: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxNiIgaGVpZ2h0PSIxNiIgZmlsbD0iIzQ1MUYxMiIgY2xhc3M9ImJpIGJpLWV4Y2xhbWF0aW9uLXRyaWFuZ2xlIiB2aWV3Qm94PSIwIDAgMTYgMTYiPgogIDxwYXRoIGQ9Ik03LjkzOCAyLjAxNkEuMTMuMTMgMCAwIDEgOC4wMDIgMmEuMTMuMTMgMCAwIDEgLjA2My4wMTYuMTUuMTUgMCAwIDEgLjA1NC4wNTdsNi44NTcgMTEuNjY3Yy4wMzYuMDYuMDM1LjEyNC4wMDIuMTgzYS4yLjIgMCAwIDEtLjA1NC4wNi4xLjEgMCAwIDEtLjA2Ni4wMTdIMS4xNDZhLjEuMSAwIDAgMS0uMDY2LS4wMTcuMi4yIDAgMCAxLS4wNTQtLjA2LjE4LjE4IDAgMCAxIC4wMDItLjE4M0w3Ljg4NCAyLjA3M2EuMTUuMTUgMCAwIDEgLjA1NC0uMDU3bTEuMDQ0LS40NWExLjEzIDEuMTMgMCAwIDAtMS45NiAwTC4xNjUgMTMuMjMzYy0uNDU3Ljc3OC4wOTEgMS43NjcuOTggMS43NjdoMTMuNzEzYy44ODkgMCAxLjQzOC0uOTkuOTgtMS43Njd6Ii8+CiAgPHBhdGggZD0iTTcuMDAyIDEyYTEgMSAwIDEgMSAyIDAgMSAxIDAgMCAxLTIgME03LjEgNS45OTVhLjkwNS45MDUgMCAxIDEgMS44IDBsLS4zNSAzLjUwN2EuNTUyLjU1MiAwIDAgMS0xLjEgMHoiLz4KPC9zdmc+") !important; +} + +div.callout-warning.callout-style-default > .callout-header { + background-color: #fad8ca !important; +} + +/* Important */ + +div.callout-important.callout { + border-left-color: $posit-burgundy !important; +} + +div.callout-important .callout-icon::before { + // base64 -i _extensions/posit-docs/assets/images/exclamation-circle.svg + background-image: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxNiIgaGVpZ2h0PSIxNiIgZmlsbD0iIzJFMTcxRiIgY2xhc3M9ImJpIGJpLWV4Y2xhbWF0aW9uLWNpcmNsZSIgdmlld0JveD0iMCAwIDE2IDE2Ij4KICA8cGF0aCBkPSJNOCAxNUE3IDcgMCAxIDEgOCAxYTcgNyAwIDAgMSAwIDE0bTAgMUE4IDggMCAxIDAgOCAwYTggOCAwIDAgMCAwIDE2Ii8+CiAgPHBhdGggZD0iTTcuMDAyIDExYTEgMSAwIDEgMSAyIDAgMSAxIDAgMCAxLTIgME03LjEgNC45OTVhLjkwNS45MDUgMCAxIDEgMS44IDBsLS4zNSAzLjUwN2EuNTUyLjU1MiAwIDAgMS0xLjEgMHoiLz4KPC9zdmc+") !important; +} + +div.callout-important.callout-style-default > .callout-header { + background-color: #f2dae3 !important; +} + +// Specialty headers + +/* the feature PREVIEW header */ +.preview-header > h1:after, +.preview-header > h2:after, +.preview-header > h3:after, +.preview-header > h4:after, +header h1 .preview-header { + content: "Preview feature"; + margin-left: 1em; + position: relative; + border-radius: 50rem !important; + top: -0.5em; +} + +.preview-header > h1:after, +.preview-header > h2:after, +.preview-header > h3:after, +.preview-header > h4:after, +header h1 .preview-header, +div span.preview-feature { + color: $preview-header; + border: 1px solid $preview-header-border; + font-weight: 400; + font-size: 9pt !important; + padding: 0rem 0.4rem; +} + +div span.preview-feature { + margin-left: 1em; + text-transform: uppercase; +} + +// Specialty lists + +/* Callout steps for images with multiple items/steps shown in single image */ + +ol.groovyAlpha { + list-style: none; + counter-reset: list-counter; +} + +ol.groovyAlpha li { + counter-increment: list-counter; +} + +ol.groovyAlpha li > p:before { + content: counter(list-counter, lower-alpha); + width: 20px; + height: 20px; + text-align: center; + margin-right: 10px; + color: #fff; + background-color: #fc403b; + display: inline-block; + border-radius: 10px; + font-size: 14px; + line-height: 16px; + vertical-align: middle; } diff --git a/_quarto.yml b/_quarto.yml index 3f2c9fa6..0c8bbe0c 100644 --- a/_quarto.yml +++ b/_quarto.yml @@ -19,17 +19,27 @@ project: filters: - include-code-files -format: - posit-docs-html: - toc: true - website: title: Posit Helm Charts bread-crumbs: true repo-url: https://github.com/rstudio/helm repo-actions: [edit, issue] - page-footer: - center: Posit Helm Charts + page-footer: + left: | + Copyright © 2000-{{< env CURRENT_YEAR >}} Posit Software, PBC. All Rights Reserved. + center: | + Posit Helm Charts + right: + - icon: question-circle-fill + aria-label: 'Link to Posit Support' + href: "https://support.posit.co/hc/en-us" + - icon: lightbulb-fill + aria-label: 'Link to Posit Solutions' + href: "https://solutions.posit.co/" + - text: "" + href: "https://docs.posit.co/" + - text: "" + href: "https://posit.co/" sidebar: style: "floating" collapse-level: 1 diff --git a/images/posit-guide-ltmd.svg b/images/posit-guide-ltmd.svg new file mode 100644 index 00000000..f2c33c23 --- /dev/null +++ b/images/posit-guide-ltmd.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/images/posit-icon-fullcolor.svg b/images/posit-icon-fullcolor.svg new file mode 100644 index 00000000..ec7f5525 --- /dev/null +++ b/images/posit-icon-fullcolor.svg @@ -0,0 +1,22 @@ + + + + + + From 989f77c963f9f97d4ad55ec3589b863846c13157 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Fri, 10 May 2024 20:55:01 -0400 Subject: [PATCH 005/284] Not sure what the start year should be here --- _quarto.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_quarto.yml b/_quarto.yml index 0c8bbe0c..19248660 100644 --- a/_quarto.yml +++ b/_quarto.yml @@ -26,7 +26,7 @@ website: repo-actions: [edit, issue] page-footer: left: | - Copyright © 2000-{{< env CURRENT_YEAR >}} Posit Software, PBC. All Rights Reserved. + Copyright © 2???-{{< env CURRENT_YEAR >}} Posit Software, PBC. All Rights Reserved. center: | Posit Helm Charts right: From 61e6550506a1486e14b365ea5e8320c047515326 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Mon, 13 May 2024 16:44:19 -0400 Subject: [PATCH 006/284] Home page updates --- index.qmd | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.qmd b/index.qmd index 435cdc7b..bc20cc3b 100644 --- a/index.qmd +++ b/index.qmd @@ -11,12 +11,12 @@ title: Posit Helm Charts 2. Add the Posit Helm repository: - ```console + ```{.bash} helm repo add rstudio https://helm.rstudio.com ``` 3. View charts: - ```console + ```{.bash} helm search repo rstudio ``` \ No newline at end of file From 5950a39120d0ed71e14ef6984293aaa02fc327fa Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Mon, 13 May 2024 16:44:36 -0400 Subject: [PATCH 007/284] Initial workbench scrub - Editing pass - Heading changes in Examples --- charts/rstudio-workbench/README.md | 185 ++++++++---------- examples/examples.ejs | 4 +- .../application-configuration/index.qmd | 2 +- .../container-images/custom-images.qmd | 2 +- .../container-images/private-images.qmd | 2 +- 5 files changed, 87 insertions(+), 108 deletions(-) diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 01abf0ab..0acf0ee2 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -5,7 +5,7 @@ code-overflow: wrap ![Version: 0.7.3](https://img.shields.io/badge/Version-0.7.3-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) -#### _Official Helm chart for RStudio Workbench_ +#### _Official Helm chart for Posit Workbench_ Data Scientists use [Posit Workbench](https://posit.co/products/enterprise/workbench/) to analyze data and create data products using R and Python. @@ -45,7 +45,7 @@ helm search repo rstudio/rstudio-workbench -l To function, this chart requires the following: -* A license file, license key, or the address of a running license server. See the [Licensing](#licensing) section below for more details. +* A license file. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the home directory for users. * If `homeStorage.create` is set, it creates a Persistent Volume Claim (PVC) that relies on the default storage class to generate the @@ -84,11 +84,10 @@ To function, this chart requires the following: ## Licensing -This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against directly placing it in your values file. +This chart supports activating the product using a *license file*. -### License file - -We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. +- We recommend *against* directly placing the license file in your values file. +- We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: @@ -111,37 +110,21 @@ Alternatively, license files can be set during `helm install` with the following --set-file license.file.contents=licenses/rstudio-workbench.lic ``` -### License key - -Set a license key directly in your values file (`license.key`) or during `helm install` with the argument: - -```bash ---set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX -``` - -### License server - -Set a license server directly in your values file (`license.server`) or during `helm install` with the argument: - -```bash ---set license.server= -``` - ## General principles - In most places, we opt to pass Helm values directly into ConfigMaps. We automatically translate these into the - valid `.ini` or `.dcf` file formats required by RStudio Workbench. + valid `.ini` or `.dcf` file formats required by Workbench. - Those configuration files and their mount locations are covered in the [Configuration files](#configuration-files) section below. -- If you need to modify the jobs launched by RStudio Workbench, use `job-json-overrides`. +- If you need to modify the jobs launched by Workbench, use `job-json-overrides`. - Review the [Job Json overrides](#job-json-overrides) section on this below. For general information, see [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes). -- The prestart scripts for RStudio Workbench and RStudio Launcher are highly customized to get the service account information off of the RStudio Workbench pod for use in launching jobs. -- RStudio Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter. +- The prestart scripts for Workbench and Posit Job Launcher are highly customized to get the service account information off of the Workbench pod for use in launching jobs. +- Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter. - This is described in the [Monitoring Posit Team Using Prometheus and Graphite](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) support article. ## Configuration files -These configuration values all take the form of usual helm values +These configuration values all take the form of usual Helm values so you can set the database password with similar to: ```bash @@ -161,63 +144,63 @@ The names of files are dynamically used, so you can add new files as needed. Bew so moving them can have adverse effects. Also, if you use a different mounting paradigm, you need to change the `XDG_CONFIG_DIRS` environment variable. -- Session Configuration: - - Configuration files: `repos.conf`, `rsession.conf`, `notifications.conf` - - These configuration files are mounted into the server and - the session pods. - - Located in the `config.session.<< name of file >>` helm values - - Mounted at `/mnt/session-configmap/rstudio/` +- Session Configuration + - These configuration files are mounted into the server and + are mounted into the session pods. + - `repos.conf`, `rsession.conf`, `notifications.conf` + - Located in:
`config.session.<< name of file >>` Helm values + - Mounted at:
`/mnt/session-configmap/rstudio/` - Session Secret Configuration: - - These configuration files are mounted into the server and session pods as well - - `odbc.ini` and other similar shared secrets - - located in `config.sessionSecret.<< name of file>>` helm values - - mounted at `/mnt/session-secret/` + - These configuration files are mounted into the server and session pods. + - `odbc.ini` and other similar shared secrets. + - Located in:
`config.sessionSecret.<< name of file>>` Helm values + - Mounted at:
`/mnt/session-secret/` - Secret Configuration: - - These configuration files are mounted into the server with more restrictive permissions (0600) + - These configuration files are mounted into the server with more restrictive permissions (0600). - `database.conf`, `openid-client-secret`, `databricks.conf` - - They are located in the `config.secret.<< name of file >>` helm values - - mounted at `/mnt/secret-configmap/rstudio/` + - Located in:
`config.secret.<< name of file >>` Helm values + - Mounted at:
`/mnt/secret-configmap/rstudio/` - Server Configuration: - - These configuration files are mounted into the server (.ini file format) + - These configuration files are mounted into the server (.ini file format). - `rserver.conf`, `launcher.conf`, `jupyter.conf`, `logging.conf` - - They are located at `config.server.<< name of file >>` helm values - - mounted at `/mnt/configmap/rstudio/` + - Located at:
`config.server.<< name of file >>` Helm values + - Mounted at:
`/mnt/configmap/rstudio/` - Server DCF Configuration: - - These configuration files are mounted into the server (.dcf file format) + - These configuration files are mounted into the server (.dcf file format). - `launcher-mounts`, `launcher-env` - - They are located at `config.serverDcf.<< name of file >>` helm values - - included at `/mnt/configmap/rstudio/` + - Located at:
`config.serverDcf.<< name of file >>` Helm values + - Included at:
`/mnt/configmap/rstudio/` - Profiles Configuration: - - These configuration files are mounted into the server (.ini file format) + - These configuration files are mounted into the server (.ini file format). - `launcher.kubernetes.profiles.conf` - - They are located at `config.profiles.<< name of file >>` helm values - - included at `/mnt/configmap/rstudio/` - - See the [Profiles](#rstudio-profiles) section below for more information + - They are located at `config.profiles.<< name of file >>` Helm values + - Included at:
`/mnt/configmap/rstudio/` + - See the [Profiles](#rstudio-profiles) section below for more information. - Prestart: - - This is provided by the helm chart in a configmap - - It is mounted into the pod at `/scripts/` - - `prestart-workbench.bash` is used to start workbench - - `prestart-launcher.bash` is used to start launcher + - This is provided by the Helm chart in a configmap. + - It is mounted into the pod at `/scripts/`. + - `prestart-workbench.bash` is used to start workbench. + - `prestart-launcher.bash` is used to start launcher. - User Provisioning Configuration: - - These configuration files are used for configuring user provisioning (i.e., `sssd`) - - Located at `config.userProvisioning.<< name of file >>` helm values - - Mounted onto `/etc/sssd/conf.d/` with `0600` permissions by default + - These configuration files are used for configuring user provisioning (i.e., `sssd`). + - Located at:
`config.userProvisioning.<< name of file >>` Helm values + - Mounted onto:
`/etc/sssd/conf.d/` with `0600` permissions by default. - Custom Startup Configuration: - - `supervisord` service / unit definition `.conf` files - - Use the `.ini` file format, by default - - Mounted at `/startup/custom` - - As with all configuration files above, can override with a verbatim string if desired: - - Located at `config.startupCustom.<< name of file >>` helm values: - ```yaml - config: - startupCustom: - myfile.conf: | - file-used-verbatim - ``` + - `supervisord` service / unit definition `.conf` files. + - Use the `.ini` file format by default. + - Mounted at:
`/startup/custom` + - As with all configuration files above, you can override with a verbatim string if desired: + - Located at:
`config.startupCustom.<< name of file >>` Helm values: + ```yaml + config: + startupCustom: + myfile.conf: | + file-used-verbatim + ``` - PAM configuration: - - `pam` configuration files - - Located at `config.pam.<< name of file >>` helm values - - Mounted verbatim as individual files (using `subPath` mounts) at `/etc/pam.d/<< name of file >>` + - `pam` configuration files. + - Located at:
`config.pam.<< name of file >>` Helm values + - Mounted verbatim as individual files (using `subPath` mounts) at:
`/etc/pam.d/<< name of file >>` ### Configuring Python and R repositories @@ -228,17 +211,17 @@ pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mo - `launcher.useTemplates: true` is set - `pip.conf` settings are listed under `config.session` as shown in the following example for adding Posit Public Package Manager's PyPI: -```yaml -launcher: - useTemplates: true + ```yaml + launcher: + useTemplates: true -config: - session: - pip.conf: - "global": - index-url: https://packagemanager.posit.co/pypi/latest/simple - trusted-host: packagemanager.posit.co -``` + config: + session: + pip.conf: + "global": + index-url: https://packagemanager.posit.co/pypi/latest/simple + trusted-host: packagemanager.posit.co + ``` #### R repositories @@ -255,12 +238,12 @@ For more information about configuring CRAN repositories in Workbench, see the [ ## User provisioning -Provisioning users in RStudio Workbench containers is challenging. Session images create users automatically (with +Provisioning users in Workbench containers is challenging. Session images create users automatically (with consistent UIDs / GIDs). However, creating users in the Workbench containers is a responsibility that falls to the administrator. The most common way to provision users is via `sssd`. -The [latest RStudio Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) +The [latest Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) has `sssd` included and running by default (see `userProvisioning` configuration files above). The other way that this can be managed is via a lightweight startup service (runs once at startup and then sleeps forever) @@ -268,21 +251,22 @@ or a polling service (checks at regular intervals). Either can be written easily However, it is important to use caution for the following: -- UID / GID consistency: linux usernames and their matching to UID/GID must be consistent across all nodes and across - time. Failing can cause security issues and access by some users to access view they should not be allowed to see. -- Usernames cannot have `@`. The `@` sign (often used in emails with SSO) is a problem for RStudio Workbench because - some operating systems disallow `@` signs in linux usernames. -- `supervisord` is configured by default to exit if any of its child processes exit. If you use `config.startupCustom` - to configure a user management service, be careful that it does not exit unnecessarily. +- UID / GID consistency: + - Linux usernames and their matching to UID/GID must be consistent across all nodes and across time. + - Failing can cause security issues and access by some users to access view they should not be allowed to see. +- Usernames cannot have `@`. + - The `@` sign (often used in emails with SSO) is a problem for Workbench because some operating systems disallow `@` signs in linux usernames. +- `supervisord` is configured by default to exit if any of its child processes exit. + - If you use `config.startupCustom` to configure a user management service, be careful that it does not exit unnecessarily. -We do not provide such a service out of the box because we intend for RStudio Workbench to solve this problem in a +We do not provide such a service out of the box because we intend for Workbench to solve this problem in a future release. Please contact your account representative if you have feedback or questions about this workflow. ### PAM -When starting sessions on RStudio Workbench, PAM configuration is often very important, even if PAM is not being used as -an authentication mechanism. The RStudio Workbench helm chart allows creating custom PAM files via the `config.pam` +When starting sessions on Workbench, PAM configuration is often very important, even if PAM is not being used as +an authentication mechanism. The Workbench Helm chart allows creating custom PAM files via the `config.pam` values section. Each key under `config.pam` becomes a PAM configuration file, and is mounted into `/etc/pam.d/` in the container. For @@ -390,15 +374,11 @@ If you want to customize the job launch process (i.e., how sessions are defined) config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` ``` - Create an array of maps with the following keys: - - `target`: the "target" part of the job spec to replace - - `name`: a unique identifier (ideally with no spaces) becomes a configuration filename on disk. - - `json`: a YAML value that is translated directly to JSON and injected into the job spec at `target`. - -Several examples are provided -in [this support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) -(however, examples do not use the helm chart syntax there). + - `target`: The "target" part of the job spec to replace. + - `name`: A unique identifier (ideally with no spaces) becomes a configuration filename on disk. + - `json`: A YAML value that is translated directly to JSON and injected into the job spec at `target`. -Alternatively, you can explore the docs in the [helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md).x +Explore the docs in the [Helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md) for additional information. ```yaml config: @@ -420,7 +400,7 @@ config: ## Sealed secrets -This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. +This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via Helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted (the chart does not support mixing encrypted values with unencrypted values): @@ -430,7 +410,7 @@ To activate the use of `SealedSecret` templates instead of `Secret` templates in - `launcherPem` - `secureCookieKey` (or `global.secureCookieKey`) -Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key, which can be generated via an RSA tool such as helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID, which can be generated via a UUID generator such as helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. +Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key, which can be generated via an RSA tool such as Helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID, which can be generated via a UUID generator such as Helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. ## Values @@ -579,4 +559,3 @@ Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) - diff --git a/examples/examples.ejs b/examples/examples.ejs index 069909a4..4fdf632f 100644 --- a/examples/examples.ejs +++ b/examples/examples.ejs @@ -2,7 +2,7 @@ const postsByCategory = {}; const basicConfigPosts = []; items.forEach(item => { - if (item.category === "Basic Configuration") { + if (item.category === "Basic configuration") { basicConfigPosts.push(item) } else { if (!postsByCategory[item.category]) { @@ -14,7 +14,7 @@ items.forEach(item => { // Basic config first if (basicConfigPosts.length > 0) { %> -

Basic Configuration

+

Basic configuration

    <% basicConfigPosts.forEach(post => { %>
  • diff --git a/examples/workbench/application-configuration/index.qmd b/examples/workbench/application-configuration/index.qmd index 298a98ca..4551a908 100644 --- a/examples/workbench/application-configuration/index.qmd +++ b/examples/workbench/application-configuration/index.qmd @@ -1,5 +1,5 @@ --- -category: "Basic Configuration" +category: "Basic configuration" --- # Configuring Posit Workbench with Recommended Settings diff --git a/examples/workbench/container-images/custom-images.qmd b/examples/workbench/container-images/custom-images.qmd index df55c281..10ec1dab 100644 --- a/examples/workbench/container-images/custom-images.qmd +++ b/examples/workbench/container-images/custom-images.qmd @@ -1,5 +1,5 @@ --- -category: "Container Images" +category: "Container images" --- # Configuring Posit Workbench with Custom Container Images diff --git a/examples/workbench/container-images/private-images.qmd b/examples/workbench/container-images/private-images.qmd index 886c926e..8a74b6cf 100644 --- a/examples/workbench/container-images/private-images.qmd +++ b/examples/workbench/container-images/private-images.qmd @@ -1,5 +1,5 @@ --- -category: "Container Images" +category: "Container images" --- # Configuring Posit Workbench to Access Image Registries Requiring Authentication From d30fd76ddd827d37be8a7b2372c9d9eca6711da3 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Mon, 13 May 2024 20:47:27 -0400 Subject: [PATCH 008/284] trying to standardize the content between the two files where I can --- charts/rstudio-connect/README.md | 77 +++++++++++++++--------------- charts/rstudio-workbench/README.md | 13 +++-- 2 files changed, 45 insertions(+), 45 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index a44de207..f0f5dda9 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -2,7 +2,7 @@ ![Version: 0.6.6](https://img.shields.io/badge/Version-0.6.6-informational?style=flat-square) ![AppVersion: 2024.04.1](https://img.shields.io/badge/AppVersion-2024.04.1-informational?style=flat-square) -#### _Official Helm chart for RStudio Connect_ +#### _Official Helm chart for Posit Connect_ Business Users and Collaborators use R and Python data products on [Posit Connect](https://posit.co/products/enterprise/connect/) that are published by Data Scientists. @@ -12,56 +12,63 @@ that are published by Data Scientists. Helm charts are very useful tools for deploying resources into Kubernetes, however, they do require some familiarity with kubernetes and `helm` itself. Please ensure you have adequate training and IT support before deploying these charts into production environments. Reach out to your account representative -if you need help deciding whether helm is a good choice for your deployment. +if you need help deciding whether Helm is a good choice for your deployment. To ensure reproducibility in your environment and insulate yourself from future changes, please: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use the `helm-diff` plugin and `helm diff upgrade` to check - for breaking changes -* Read [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +* "Pin" the version of the Helm chart that you are using. You can do + this using the: + * `helm dependency` command and the associated "Chart.lock" files _or_ + * the `--version` flag. -## Installing the Chart + :::{.callout-important} + This protects you from breaking changes** + ::: + +* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. + +## Installing the chart To install the chart with the release name `my-release` at version 0.6.6: -```bash +```{.bash} helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/rstudio-connect --version=0.6.6 ``` To explore other chart versions, take a look at: -``` + +```{.bash} helm search repo rstudio/rstudio-connect -l ``` -## Required Configuration +## Required configuration -This chart requires the following in order to function: +To function, this chart requires the following: -* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. +* A license file. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the data directory for Connect. - * If `sharedStorage.create` is set, a PVC that relies on the default storage class will be created to generate the PersistentVolume. + * If `sharedStorage.create` is set, a Persistent Volume Claim (PVC) that relies on the default storage class will be created to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use with `ReadWriteMany` access mode out-of-the-box. - In this case, we recommend you disable `sharedStorage.create` and create your own `PersistentVolume` and `PersistentVolumeClaim`, then - mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `sharedStorage.name` and `sharedStorage.mount`. - * If you cannot use a `PersistentVolume` to properly mount your data directory, you'll need to mount your data in the container - by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes), specified in `pod.volumes` and `pod.volumeMounts`. + In this case, we recommend you: + * Disable `sharedStorage.create` and create your own `PersistentVolume` and `PersistentVolumeClaim`, then + * Mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `sharedStorage.name` and `sharedStorage.mount`. + * If you cannot use a `PersistentVolume` to properly mount your users' home directories, mount your + data in the container by using a + regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes/#nfs), specified in `pod.volumes` + and `pod.volumeMounts`. ## Licensing -This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. - -### License File +This chart supports activating the product using a *license file*. -We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. +- We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -`kubectl create secret generic rstudio-connect-license --from-file=licenses/rstudio-connect.lic` +```{.bash} +kubectl create secret generic rstudio-connect-license --from-file=licenses/rstudio-connect.lic Second, specify the following values: @@ -74,29 +81,23 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -`--set-file license.file.contents=licenses/rstudio-connect.lic` - -### License Key - -Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. - -### License Server - -Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. +```{.bash} +--set-file license.file.contents=licenses/rstudio-connect.lic +``` -## General Principles +## General principles -- In most places, we opt to pass helm values over configmaps. We translate these into the valid `.gcfg` file format +- In most places, we opt to pass Helm values over ConfigMaps. We translate these into the valid `.gcfg` file format required by rstudio-connect. - rstudio-connect does not export many prometheus metrics on its own. Instead, we run a sidecar graphite exporter [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) -## Configuration File +## Configuration file The configuration values all take the form of usual helm values so you can set the database password with something like: -``` +```{.bash} ... --set config.Postgres.Password=mypassword ... ``` diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 0acf0ee2..79dfc3f9 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -23,8 +23,7 @@ To ensure a stable production deployment: ::: * Before upgrading check for breaking changes using `helm diff upgrade`. -* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking - changes and the documentation below on how to use the chart. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. ## Installing the chart @@ -51,9 +50,9 @@ To function, this chart requires the following: * If `homeStorage.create` is set, it creates a Persistent Volume Claim (PVC) that relies on the default storage class to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend that you: - * disable `homeStorage.create` and + * Disable `homeStorage.create` and create your own `PersistentVolume` and `PersistentVolumeClaim`, then - * mount them into the container by specifying + * Mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `homeStorage.name` and `homeStorage.mount`. * If you cannot use a `PersistentVolume` to properly mount your users' home directories, mount your @@ -84,14 +83,14 @@ To function, this chart requires the following: ## Licensing -This chart supports activating the product using a *license file*. +This chart supports activating the product using a *license file*. - We recommend *against* directly placing the license file in your values file. - We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -```bash +```{.bash} kubectl create secret generic rstudio-workbench-license --from-file=licenses/rstudio-workbench.lic ``` @@ -259,7 +258,7 @@ However, it is important to use caution for the following: - `supervisord` is configured by default to exit if any of its child processes exit. - If you use `config.startupCustom` to configure a user management service, be careful that it does not exit unnecessarily. -We do not provide such a service out of the box because we intend for Workbench to solve this problem in a +We do not provide such a service out-of-the box because we intend for Workbench to solve this problem in a future release. Please contact your account representative if you have feedback or questions about this workflow. From f232c5b72dda5fde35471d7a97731737ff3bfded Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Mon, 13 May 2024 20:48:32 -0400 Subject: [PATCH 009/284] helm fix --- charts/rstudio-connect/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index f0f5dda9..f02c37ea 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -94,7 +94,7 @@ required by rstudio-connect. ## Configuration file -The configuration values all take the form of usual helm values +The configuration values all take the form of usual Helm values so you can set the database password with something like: ```{.bash} From 1621561ae5a126be41306ddb88c2d6101b2ec909 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Mon, 13 May 2024 20:53:30 -0400 Subject: [PATCH 010/284] Not sure if these should be formatted or not but I did it just in case --- charts/rstudio-connect/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index f02c37ea..860aaea9 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -88,8 +88,8 @@ Alternatively, license files can be set during `helm install` with the following ## General principles - In most places, we opt to pass Helm values over ConfigMaps. We translate these into the valid `.gcfg` file format -required by rstudio-connect. -- rstudio-connect does not export many prometheus metrics on its own. Instead, we run a sidecar graphite exporter +required by `rstudio-connect`. +- `rstudio-connect` does not export many prometheus metrics on its own. Instead, we run a sidecar graphite exporter [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) ## Configuration file From 6180e699ae90f24e2599c90ea7beb855e254c1e9 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Mon, 13 May 2024 20:57:36 -0400 Subject: [PATCH 011/284] Minor edits to the configuration files --- examples/connect/application-configuration/index.qmd | 2 +- examples/connect/beta-migration/index.qmd | 2 +- examples/connect/container-images/custom-images.qmd | 2 +- examples/connect/container-images/private-images.qmd | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/connect/application-configuration/index.qmd b/examples/connect/application-configuration/index.qmd index 2ceb80c6..c8475c97 100644 --- a/examples/connect/application-configuration/index.qmd +++ b/examples/connect/application-configuration/index.qmd @@ -1,5 +1,5 @@ --- -category: "Basic Configuration" +category: "Basic configuration" --- # Configuring Posit Connect with Recommended Settings diff --git a/examples/connect/beta-migration/index.qmd b/examples/connect/beta-migration/index.qmd index 2993a3eb..99e81200 100644 --- a/examples/connect/beta-migration/index.qmd +++ b/examples/connect/beta-migration/index.qmd @@ -1,5 +1,5 @@ --- -category: "Beta Migration" +category: "Beta migration" --- # Off-Host Execution Beta User Migration diff --git a/examples/connect/container-images/custom-images.qmd b/examples/connect/container-images/custom-images.qmd index 5407c999..0b73badc 100644 --- a/examples/connect/container-images/custom-images.qmd +++ b/examples/connect/container-images/custom-images.qmd @@ -1,5 +1,5 @@ --- -category: "Container Images" +category: "Container images" --- # Configuring Posit Connect with Custom Container Images diff --git a/examples/connect/container-images/private-images.qmd b/examples/connect/container-images/private-images.qmd index 6d387753..cfad496b 100644 --- a/examples/connect/container-images/private-images.qmd +++ b/examples/connect/container-images/private-images.qmd @@ -1,5 +1,5 @@ --- -category: "Container Images" +category: "Container images" --- # Configuring Posit Connect to Access Image Registries Requiring Authentication From f1f8a24ff672a4161c09826c147941d38e2d0916 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Mon, 13 May 2024 21:23:26 -0400 Subject: [PATCH 012/284] Missed heading change --- charts/rstudio-connect/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 860aaea9..bd2bd796 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -7,7 +7,7 @@ Business Users and Collaborators use R and Python data products on [Posit Connect](https://posit.co/products/enterprise/connect/) that are published by Data Scientists. -## Best Practices +## Best practices Helm charts are very useful tools for deploying resources into Kubernetes, however, they do require some familiarity with kubernetes and `helm` itself. Please ensure you have adequate training and From 2f87134bb1db9640f6748bb3cffc59ba40f98a1f Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Mon, 13 May 2024 21:27:03 -0400 Subject: [PATCH 013/284] Start of ppm edits --- charts/rstudio-pm/README.md | 41 +++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index b6f9d265..5e29c092 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -2,46 +2,51 @@ ![Version: 0.5.25](https://img.shields.io/badge/Version-0.5.25-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) -#### _Official Helm chart for RStudio Package Manager_ +#### _Official Helm chart for Posit Package Manager_ IT Administrators use [Posit Package Manager](https://posit.co/products/enterprise/package-manager/) to control and manage R and Python packages that Data Scientists need to create and share data products. -## For Production +## For production -To ensure a stable production deployment, please: +To ensure a stable production deployment: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check - for breaking changes -* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +* "Pin" the version of the Helm chart that you are using. You can do this using the: + * `helm dependency` command *and* the associated "Chart.lock" files *or* + * the `--version` flag. + + ::: {.callout-important} + This protects you from breaking changes. + ::: -## Installing the Chart +* Before upgrading check for breaking changes using `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. + +## Installing the chart To install the chart with the release name `my-release` at version 0.5.25: -```bash +```{.bash} helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.25 ``` To explore other chart versions, take a look at: -``` + +```{.bash} helm search repo rstudio/rstudio-pm -l ``` -## Upgrade Guidance +## Upgrade guidance ### 0.4.0 -- When upgrading to version 0.4.0 or later, the Package Manager service moves from running as `root` to running as - the `rstudio-pm` user (with `uid:gid` `999:999`). A `chown` of persistent storage may be required. We will try to - fix this up automatically. Set `enableMigrations=false` to disable the automatic fixup / hook. +* When upgrading to version 0.4.0 or later, the Package Manager service moves from running as `root` to running as + the `rstudio-pm` user (with `uid:gid` `999:999`) +* A `chown` of persistent storage may be required. The issue has been recorded and the team is working to implement an automatic fix. + * To disable an automatic fixup / hook, set `enableMigrations=false`. -## Required Configuration +## Required configuration This chart requires the following in order to function: From be870e75c1464dcaf9256a4d39c7fc2fc7ffae50 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 14 May 2024 12:33:26 +0000 Subject: [PATCH 014/284] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 83 ++++--- charts/rstudio-workbench/README.md | 379 ++++++++++++++--------------- 2 files changed, 225 insertions(+), 237 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 860aaea9..a44de207 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -2,7 +2,7 @@ ![Version: 0.6.6](https://img.shields.io/badge/Version-0.6.6-informational?style=flat-square) ![AppVersion: 2024.04.1](https://img.shields.io/badge/AppVersion-2024.04.1-informational?style=flat-square) -#### _Official Helm chart for Posit Connect_ +#### _Official Helm chart for RStudio Connect_ Business Users and Collaborators use R and Python data products on [Posit Connect](https://posit.co/products/enterprise/connect/) that are published by Data Scientists. @@ -12,63 +12,56 @@ that are published by Data Scientists. Helm charts are very useful tools for deploying resources into Kubernetes, however, they do require some familiarity with kubernetes and `helm` itself. Please ensure you have adequate training and IT support before deploying these charts into production environments. Reach out to your account representative -if you need help deciding whether Helm is a good choice for your deployment. +if you need help deciding whether helm is a good choice for your deployment. To ensure reproducibility in your environment and insulate yourself from future changes, please: -* "Pin" the version of the Helm chart that you are using. You can do - this using the: - * `helm dependency` command and the associated "Chart.lock" files _or_ - * the `--version` flag. +* Ensure you "pin" the version of the Helm chart that you are using. You can do + this using the `helm dependency` command and the associated "Chart.lock" files + or the `--version` flag. **IMPORTANT: This protects you from breaking changes** +* Before upgrading, to avoid breaking changes, use the `helm-diff` plugin and `helm diff upgrade` to check + for breaking changes +* Read [`NEWS.md`](./NEWS.md) for updates on breaking + changes, as well as documentation below on how to use the chart - :::{.callout-important} - This protects you from breaking changes** - ::: - -* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. -* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. - -## Installing the chart +## Installing the Chart To install the chart with the release name `my-release` at version 0.6.6: -```{.bash} +```bash helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/rstudio-connect --version=0.6.6 ``` To explore other chart versions, take a look at: - -```{.bash} +``` helm search repo rstudio/rstudio-connect -l ``` -## Required configuration +## Required Configuration -To function, this chart requires the following: +This chart requires the following in order to function: -* A license file. See the [Licensing](#licensing) section below for more details. +* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the data directory for Connect. - * If `sharedStorage.create` is set, a Persistent Volume Claim (PVC) that relies on the default storage class will be created to generate the PersistentVolume. + * If `sharedStorage.create` is set, a PVC that relies on the default storage class will be created to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use with `ReadWriteMany` access mode out-of-the-box. - In this case, we recommend you: - * Disable `sharedStorage.create` and create your own `PersistentVolume` and `PersistentVolumeClaim`, then - * Mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `sharedStorage.name` and `sharedStorage.mount`. - * If you cannot use a `PersistentVolume` to properly mount your users' home directories, mount your - data in the container by using a - regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes/#nfs), specified in `pod.volumes` - and `pod.volumeMounts`. + In this case, we recommend you disable `sharedStorage.create` and create your own `PersistentVolume` and `PersistentVolumeClaim`, then + mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `sharedStorage.name` and `sharedStorage.mount`. + * If you cannot use a `PersistentVolume` to properly mount your data directory, you'll need to mount your data in the container + by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes), specified in `pod.volumes` and `pod.volumeMounts`. ## Licensing -This chart supports activating the product using a *license file*. +This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. + +### License File -- We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. +We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -```{.bash} -kubectl create secret generic rstudio-connect-license --from-file=licenses/rstudio-connect.lic +`kubectl create secret generic rstudio-connect-license --from-file=licenses/rstudio-connect.lic` Second, specify the following values: @@ -81,23 +74,29 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -```{.bash} ---set-file license.file.contents=licenses/rstudio-connect.lic -``` +`--set-file license.file.contents=licenses/rstudio-connect.lic` -## General principles +### License Key -- In most places, we opt to pass Helm values over ConfigMaps. We translate these into the valid `.gcfg` file format -required by `rstudio-connect`. -- `rstudio-connect` does not export many prometheus metrics on its own. Instead, we run a sidecar graphite exporter +Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. + +### License Server + +Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. + +## General Principles + +- In most places, we opt to pass helm values over configmaps. We translate these into the valid `.gcfg` file format +required by rstudio-connect. +- rstudio-connect does not export many prometheus metrics on its own. Instead, we run a sidecar graphite exporter [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) -## Configuration file +## Configuration File -The configuration values all take the form of usual Helm values +The configuration values all take the form of usual helm values so you can set the database password with something like: -```{.bash} +``` ... --set config.Postgres.Password=mypassword ... ``` diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 79dfc3f9..9cda63d7 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,31 +1,25 @@ ---- -title: Posit Workbench -code-overflow: wrap ---- +# Posit Workbench ![Version: 0.7.3](https://img.shields.io/badge/Version-0.7.3-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) -#### _Official Helm chart for Posit Workbench_ +#### _Official Helm chart for RStudio Workbench_ Data Scientists use [Posit Workbench](https://posit.co/products/enterprise/workbench/) to analyze data and create data products using R and Python. -## For production +## For Production -To ensure a stable production deployment: +To ensure a stable production deployment, please: -* "Pin" the version of the Helm chart that you are using. You can do this using the: - * `helm dependency` command *and* the associated "Chart.lock" files *or* - * the `--version` flag. - - ::: {.callout-important} - This protects you from breaking changes. - ::: +* Ensure you "pin" the version of the Helm chart that you are using. You can do + this using the `helm dependency` command and the associated "Chart.lock" files + or the `--version` flag. **IMPORTANT: This protects you from breaking changes** +* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check + for breaking changes +* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking + changes, as well as documentation below on how to use the chart -* Before upgrading check for breaking changes using `helm diff upgrade`. -* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. - -## Installing the chart +## Installing the Chart To install the chart with the release name `my-release` at version 0.7.3: @@ -35,64 +29,59 @@ helm upgrade --install my-release rstudio/rstudio-workbench --version=0.7.3 ``` To explore other chart versions, take a look at: - -```bash +``` helm search repo rstudio/rstudio-workbench -l ``` -## Required configuration +## Required Configuration -To function, this chart requires the following: +This chart requires the following in order to function: -* A license file. See the [Licensing](#licensing) section below for more details. +* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the home directory for users. - * If `homeStorage.create` is set, it creates a Persistent Volume Claim (PVC) that relies on the default storage class to generate the + * If `homeStorage.create` is set, a PVC that relies on the default storage class will be created to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use - with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend that you: - * Disable `homeStorage.create` and - create your own `PersistentVolume` and `PersistentVolumeClaim`, then - * Mount them into the container by specifying + with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend you disable `homeStorage.create` and + create your own `PersistentVolume` and `PersistentVolumeClaim`, then mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `homeStorage.name` and `homeStorage.mount`. - * If you cannot use a `PersistentVolume` to properly mount your users' home directories, mount your + * If you cannot use a `PersistentVolume` to properly mount your users' home directories, you'll need to mount your data in the container by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes/#nfs), specified in `pod.volumes` and `pod.volumeMounts`. - * If you cannot use a `Volume` to mount the directories, manually mount them during container startup + * If you cannot use a `Volume` to mount the directories, you'll need to manually mount them during container startup with a mechanism similar to what is described below for joining to auth domains. - * If not using `homeStorage.create`, configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions. -* If using load balancing (by setting `replicas > 1`), you need similar storage defined for `sharedStorage` to + * If not using `homeStorage.create`, you'll need to configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions. +* If using load balancing (by setting `replicas > 1`), you will need similar storage defined for `sharedStorage` to store shared project configuration. However, you can also configure the product to store its shared data underneath `/home` by setting `config.server.rserver\.conf.server-shared-storage-path=/home/some-shared-dir`. * A method to join the deployed `rstudio-workbench` container to your auth domain. The default `rstudio/rstudio-workbench` image has `sssd` installed and started by default. You can include `sssd` configuration in `config.userProvisioning` like so: - - ```yaml - config: - userProvisioning: - mysssd.conf: - sssd: - config_file_version: 2 - services: nss, pam - domains: rstudio.com - domain/rstudio.com: - id_provider: ldap - auth_provider: ldap - ``` +```yaml +config: + userProvisioning: + mysssd.conf: + sssd: + config_file_version: 2 + services: nss, pam + domains: rstudio.com + domain/rstudio.com: + id_provider: ldap + auth_provider: ldap +``` ## Licensing -This chart supports activating the product using a *license file*. +This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. + +### License File -- We recommend *against* directly placing the license file in your values file. -- We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. +We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -```{.bash} -kubectl create secret generic rstudio-workbench-license --from-file=licenses/rstudio-workbench.lic -``` +`kubectl create secret generic rstudio-workbench-license --from-file=licenses/rstudio-workbench.lic` Second, specify the following values: @@ -105,32 +94,39 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -```bash ---set-file license.file.contents=licenses/rstudio-workbench.lic -``` +`--set-file license.file.contents=licenses/rstudio-workbench.lic` + +### License Key + +Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. -## General principles +### License Server + +Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. + +## General Principles - In most places, we opt to pass Helm values directly into ConfigMaps. We automatically translate these into the - valid `.ini` or `.dcf` file formats required by Workbench. - - Those configuration files and their mount locations are covered in the [Configuration files](#configuration-files) section below. -- If you need to modify the jobs launched by Workbench, use `job-json-overrides`. - - Review the [Job Json overrides](#job-json-overrides) section on this below. For general information, see [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes). -- The prestart scripts for Workbench and Posit Job Launcher are highly customized to get the service account information off of the Workbench pod for use in launching jobs. -- Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter. - - This is described in the - [Monitoring Posit Team Using Prometheus and Graphite](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) support article. + valid `.ini` or `.dcf` file formats required by RStudio Workbench. Those config files and their mount locations are + below. +- If you need to modify the jobs launched by RStudio Workbench, you want to use `job-json-overrides`. There is a section on this below + and [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) + on the topic in general. +- The prestart scripts for RStudio Workbench and RStudio Launcher are highly customized to: + - Get the service account information off of the RStudio Workbench pod for use in launching jobs +- RStudio Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter + [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) ## Configuration files -These configuration values all take the form of usual Helm values -so you can set the database password with similar to: +These configuration values all take the form of usual helm values +so you can set the database password with something like: -```bash +``` ... --set config.secret.database\.conf.password=mypassword ... ``` -The files are converted into configuration files, in the required format, via go-templating. If you want to "in-line" a configuration file or mount it verbatim, you can use a pattern like: +The files are converted into configuration files in the necessary format via go-templating. If you want to "in-line" a config file or mount it verbatim, you can use a pattern like: ```yaml config: @@ -140,135 +136,130 @@ config: ``` The names of files are dynamically used, so you can add new files as needed. Beware that some files have default values, -so moving them can have adverse effects. Also, if you use a different mounting paradigm, you need to change -the `XDG_CONFIG_DIRS` environment variable. +so moving them can have adverse effects. Also, if you use a different mounting paradigm, you will need to change +the `XDG_CONFIG_DIRS` environment variable - Session Configuration - These configuration files are mounted into the server and - are mounted into the session pods. + are mounted into the session pods as well. - `repos.conf`, `rsession.conf`, `notifications.conf` - - Located in:
    `config.session.<< name of file >>` Helm values - - Mounted at:
    `/mnt/session-configmap/rstudio/` -- Session Secret Configuration: - - These configuration files are mounted into the server and session pods. - - `odbc.ini` and other similar shared secrets. - - Located in:
    `config.sessionSecret.<< name of file>>` Helm values - - Mounted at:
    `/mnt/session-secret/` -- Secret Configuration: - - These configuration files are mounted into the server with more restrictive permissions (0600). + - located in the `config.session.<< name of file >>` helm values + - mounted at `/mnt/session-configmap/rstudio/` +- Session Secret Configuration + - These configuration files are mounted into the server and session pods as well + - `odbc.ini` and other similar shared secrets + - located in `config.sessionSecret.<< name of file>>` helm values + - mounted at `/mnt/session-secret/` +- Secret Configuration + - These configuration files are mounted into the server with more restrictive permissions (0600) - `database.conf`, `openid-client-secret`, `databricks.conf` - - Located in:
    `config.secret.<< name of file >>` Helm values - - Mounted at:
    `/mnt/secret-configmap/rstudio/` -- Server Configuration: - - These configuration files are mounted into the server (.ini file format). + - They are located in the `config.secret.<< name of file >>` helm values + - mounted at `/mnt/secret-configmap/rstudio/` +- Server Configuration + - These configuration files are mounted into the server (.ini file format) - `rserver.conf`, `launcher.conf`, `jupyter.conf`, `logging.conf` - - Located at:
    `config.server.<< name of file >>` Helm values - - Mounted at:
    `/mnt/configmap/rstudio/` -- Server DCF Configuration: - - These configuration files are mounted into the server (.dcf file format). + - They are located at `config.server.<< name of file >>` helm values + - mounted at `/mnt/configmap/rstudio/` +- Server DCF Configuration + - These configuration files are mounted into the server (.dcf file format) - `launcher-mounts`, `launcher-env` - - Located at:
    `config.serverDcf.<< name of file >>` Helm values - - Included at:
    `/mnt/configmap/rstudio/` -- Profiles Configuration: - - These configuration files are mounted into the server (.ini file format). + - They are located at `config.serverDcf.<< name of file >>` helm values + - included at `/mnt/configmap/rstudio/` +- Profiles Configuration + - These configuration files are mounted into the server (.ini file format) - `launcher.kubernetes.profiles.conf` - - They are located at `config.profiles.<< name of file >>` Helm values - - Included at:
    `/mnt/configmap/rstudio/` - - See the [Profiles](#rstudio-profiles) section below for more information. -- Prestart: - - This is provided by the Helm chart in a configmap. - - It is mounted into the pod at `/scripts/`. - - `prestart-workbench.bash` is used to start workbench. - - `prestart-launcher.bash` is used to start launcher. -- User Provisioning Configuration: - - These configuration files are used for configuring user provisioning (i.e., `sssd`). - - Located at:
    `config.userProvisioning.<< name of file >>` Helm values - - Mounted onto:
    `/etc/sssd/conf.d/` with `0600` permissions by default. -- Custom Startup Configuration: - - `supervisord` service / unit definition `.conf` files. - - Use the `.ini` file format by default. - - Mounted at:
    `/startup/custom` - - As with all configuration files above, you can override with a verbatim string if desired: - - Located at:
    `config.startupCustom.<< name of file >>` Helm values: - ```yaml - config: - startupCustom: - myfile.conf: | - file-used-verbatim - ``` -- PAM configuration: - - `pam` configuration files. - - Located at:
    `config.pam.<< name of file >>` Helm values - - Mounted verbatim as individual files (using `subPath` mounts) at:
    `/etc/pam.d/<< name of file >>` - -### Configuring Python and R repositories - -#### Python repositories - -pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mounted into the session pods, it is important that: - -- `launcher.useTemplates: true` is set -- `pip.conf` settings are listed under `config.session` as shown in the following example for adding Posit Public Package Manager's PyPI: - - ```yaml - launcher: - useTemplates: true + - They are located at `config.profiles.<< name of file >>` helm values + - included at `/mnt/configmap/rstudio/` + - See the `Profiles` section below for more information +- Prestart + - This is provided by the helm chart in a configmap + - It is mounted into the pod at `/scripts/` + - `prestart-workbench.bash` is used to start workbench + - `prestart-launcher.bash` is used to start launcher +- User Provisioning Configuration + - These configuration files are used for configuring user provisioning (i.e. `sssd`) + - Located at `config.userProvisioning.<< name of file >>` helm values + - Mounted onto `/etc/sssd/conf.d/` with `0600` permissions by default +- Custom Startup Configuration + - `supervisord` service / unit definition `.conf` files + - Located at `config.startupCustom.<< name of file >>` helm values + - Will use the `.ini` file format, by default + - Mounted at `/startup/custom` + - As with all config files above, can override with a verbatim string if desired, like so: +```yaml +config: + startupCustom: + myfile.conf: | + file-used-verbatim +``` +- PAM configuration + - `pam` configuration files + - Located at `config.pam.<< name of file >>` helm values + - Will be mounted verbatim as individual files (using `subPath` mounts) at `/etc/pam.d/<< name of file >>` - config: - session: - pip.conf: - "global": - index-url: https://packagemanager.posit.co/pypi/latest/simple - trusted-host: packagemanager.posit.co - ``` +### Configuring R and Python repositories #### R repositories -R package repositories can be configured with `config.session.repos.conf`: +R package repositories can be configured with `config.session.repos.conf`. -```yaml +``` config: session: repos.conf: CRAN: https://packagemanager.posit.co/cran/__linux__/jammy/latest ``` -For more information about configuring CRAN repositories in Workbench, see the [Posit Workbench Administrator Guide's - Package Installation > CRAN repositories](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories) section. +For more information about configuring CRAN repositories in Workbench refer to the [Admin Guide](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories). -## User provisioning +#### Python repositories + +pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mounted into the session pods it is important that `launcher.useTemplates: true` is set and `pip.conf` settings are listed under `config.session` like in the example below for adding Posit Public Package Manager's PyPI. -Provisioning users in Workbench containers is challenging. Session images create users automatically (with -consistent UIDs / GIDs). However, creating users in the Workbench containers is a responsibility that falls to the -administrator. +``` +launcher: + useTemplates: true + +config: + session: + pip.conf: + "global": + index-url: https://packagemanager.posit.co/pypi/latest/simple + trusted-host: packagemanager.posit.co +``` + +## User Provisioning + +Provisioning users in RStudio Workbench containers is challenging. Session images have users created automatically (with +consistent UIDs / GIDs), but creating users in the Workbench containers is a responsibility that falls to the +administrator today. The most common way to provision users is via `sssd`. -The [latest Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) +The [latest RStudio Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) has `sssd` included and running by default (see `userProvisioning` configuration files above). -The other way that this can be managed is via a lightweight startup service (runs once at startup and then sleeps forever) +The other way that this can be managed is via a lightweight "startup service" (runs once at startup and then sleeps forever) or a polling service (checks at regular intervals). Either can be written easily in `bash` or another programming language. +However, it is important to be careful of a few points: -However, it is important to use caution for the following: - -- UID / GID consistency: - - Linux usernames and their matching to UID/GID must be consistent across all nodes and across time. - - Failing can cause security issues and access by some users to access view they should not be allowed to see. -- Usernames cannot have `@`. - - The `@` sign (often used in emails with SSO) is a problem for Workbench because some operating systems disallow `@` signs in linux usernames. -- `supervisord` is configured by default to exit if any of its child processes exit. - - If you use `config.startupCustom` to configure a user management service, be careful that it does not exit unnecessarily. +- UID / GID consistency: linux usernames and their matching to UID/GID must be consistent across all nodes and across + time. Failing this can cause security issues and access by some users to files they should not be allowed to see +- usernames cannot have `@`. The `@` sign (often used in emails with SSO) is a problem for RStudio Workbench because + some operating systems disallow `@` signs in linux usernames +- `supervisord` is configured by default to exit if any of its child processes exit. If you use `config.startupCustom` + to configure a user management service, be careful that it does not exit unnecessarily -We do not provide such a service out-of-the box because we intend for Workbench to solve this problem in a -future release. Please contact your account representative if you have feedback or questions about this +We do not provide such a service out of the box because we intend for RStudio Workbench to solve this problem in a +future release. Please get in touch with your account representative if you have feedback or questions about this workflow. ### PAM -When starting sessions on Workbench, PAM configuration is often very important, even if PAM is not being used as -an authentication mechanism. The Workbench Helm chart allows creating custom PAM files via the `config.pam` +When starting sessions on RStudio Workbench, PAM configuration is often very important, even if PAM is not being used as +an authentication mechanism. The RStudio Workbench helm chart allows creating custom PAM files via the `config.pam` values section. -Each key under `config.pam` becomes a PAM configuration file, and is mounted into `/etc/pam.d/` in the container. For +Each key under `config.pam` will become a PAM config file, and will be mounted into `/etc/pam.d/` in the container. For example: ```yaml @@ -288,17 +279,17 @@ Profiles are used to define product behavior (in `.ini` file format) based on us Sections define whether a set of configurations is applied to a user's jobs based on the following criteria: -- If section header is `[*]`, it applies to all users. -- If a user's username is `myusername`, the section `[myusername]` applies to them. -- If a user is in the `allusers` group, then the section `[@allusers]` applies to them +- if section header is `[*]`, it applies to all users +- if a user's username is `myusername`, the section `[myusername]` will apply to them +- if a user is in the `allusers` group, then the section `[@allusers]` will apply to them The product reads configuration from top to bottom and "last-in-wins" for a given configuration value. ### `/etc/rstudio/profiles` -The `/etc/rstudio/profiles` file enables you to tailor the behavior of sessions on a per-user or per-group basis. See the [Posit Workbench Administrator Guide - User and Group Profiles](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.html) page for more information. +The `/etc/rstudio/profiles` file enables you to tailor the behavior of sessions on a per-user or per-group basis. See the Workbench Admin Guide [User and Group Profiles](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.html) page for more details. -In the `values.yaml`, define the content of `/etc/rstudio/profiles` in `config.server.profiles`. For example: +In the `values.yaml`, the content of `/etc/rstudio/profiles` should be defined in `config.server.profiles`. For example: ```yaml config: @@ -321,17 +312,17 @@ session-timeout-minutes=60 ### `/etc/rstudio/launcher.kubernetes.profiles.conf` -The `/etc/rstudio/launcher.kubernetes.profiles.conf` contains the configuration of resource limits by user and group when using the Kubernetes Launcher Plugin. In the `values.yaml`, define the content of `/etc/rstudio/launcher.kubernetes.profiles.conf ` in the `config.profiles.launcher.kubernetes.profiles.conf` file. The `config.profiles` section has a couple of niceties that are added in by default. +The `/etc/rstudio/launcher.kubernetes.profiles.conf` contains the configuration of resource limits by user and group when using the Kubernetes Launcher Plugin. In the `values.yaml`, the content of `/etc/rstudio/launcher.kubernetes.profiles.conf ` should be defined in `config.profiles.launcher.kubernetes.profiles.conf`. The `config.profiles` section has a couple of niceties that are added in by default. -- YAML arrays like the following becomes "comma-joined." For instance, the following becomes: `some-key=value1,value2` +- YAML arrays like the following will be "comma-joined." For instance, the following will become: `some-key=value1,value2` - ```yaml - some-key: - - value1 - - value2 - ``` +```yaml +some-key: + - value1 + - value2 +``` -- The `[*]` section has arrays "appended" to user and group sections, along with "defaults" defined by the chart. +- The `[*]` section will have arrays "appended" to user and group sections, along with "defaults" defined by the chart. For example: @@ -348,7 +339,6 @@ config: - value4 - value5 ``` - Becomes: _/etc/rstudio/launcher.kubernetes.profiles.conf_ @@ -360,24 +350,23 @@ some-key: value1,value2 some-key: value1,value2,value3,value4 ``` -:::{.callout-note} -This appending/concatenation/array translation behavior only works with the helm chart. -::: +> NOTE: this appending/concatenation/array translation behavior only works with the helm chart -### Job Json overrides +### Job Json Overrides -If you want to customize the job launch process (i.e., how sessions are defined), edit the following configuration: +If you want to customize the job launch process (i.e. how sessions are defined), you will need to edit the following +configuration: + - modify `config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` + - create an array of maps with the following keys: + - `target`: the "target" part of the job spec to replace + - `name`: a unique identifier (ideally with no spaces) that will become a config filename on disk + - `json`: a YAML value that will be translated directly to JSON and injected into the job spec at `target` -- Modify: - ```yaml - config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` - ``` -- Create an array of maps with the following keys: - - `target`: The "target" part of the job spec to replace. - - `name`: A unique identifier (ideally with no spaces) becomes a configuration filename on disk. - - `json`: A YAML value that is translated directly to JSON and injected into the job spec at `target`. +Note that several examples are provided +in [this support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) +(however, examples do not use the helm chart syntax there). -Explore the docs in the [Helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md) for additional information. +Alternatively, you can explore the docs in the [helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md) ```yaml config: @@ -397,11 +386,10 @@ config: - "two-image:tag ``` -## Sealed secrets +## Sealed Secrets +This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. -This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via Helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. - -To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted (the chart does not support mixing encrypted values with unencrypted values): +To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted. The chart does not support mixing encrypted values with unencrypted values. - `config.secret` - `config.sessionSecret` @@ -409,7 +397,7 @@ To activate the use of `SealedSecret` templates instead of `Secret` templates in - `launcherPem` - `secureCookieKey` (or `global.secureCookieKey`) -Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key, which can be generated via an RSA tool such as Helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID, which can be generated via a UUID generator such as Helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. +Use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key which can be generated via an RSA tool such as helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID which can be generated via a UUID generator such as helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. ## Values @@ -558,3 +546,4 @@ Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) + From f94d21b8a92df8a9f85b07564f382c9afc1eef48 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Tue, 14 May 2024 08:35:13 -0400 Subject: [PATCH 015/284] PPM edits --- charts/rstudio-pm/README.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 5e29c092..fde9eb3e 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -136,12 +136,12 @@ should be avoided if at all possible. ## General Principles -- In most places, we opt to pass helm values over configmaps. We translate these into the valid `.gcfg` file format +- In most places, we opt to pass Helm values over configmaps. We translate these into the valid `.gcfg` file format required by rstudio-pm. ## Configuration File -The configuration values all take the form of usual helm values +The configuration values all take the form of usual Helm values so you can set the database password with something like: ``` @@ -202,7 +202,7 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | readinessProbe | object | `{"enabled":true,"failureThreshold":3,"httpGet":{"path":"/__ping__","port":4242},"initialDelaySeconds":3,"periodSeconds":3,"successThreshold":1,"timeoutSeconds":1}` | readinessProbe is used to configure the container's readinessProbe | | replicas | int | `1` | replicas is the number of replica pods to maintain for this service | | resources | object | `{"limits":{"cpu":"2000m","enabled":false,"ephemeralStorage":"200Mi","memory":"4Gi"},"requests":{"cpu":"100m","enabled":false,"ephemeralStorage":"100Mi","memory":"2Gi"}}` | resources define requests and limits for the rstudio-pm pod | -| rootCheckIsFatal | bool | `true` | Whether the check for root accounts in the config file is fatal. This is meant to simplify migration to the new helm chart version. | +| rootCheckIsFatal | bool | `true` | Whether the check for root accounts in the config file is fatal. This is meant to simplify migration to the new Helm chart version. | | rstudioPMKey | bool | `false` | rstudioPMKey is the rstudio-pm key used for the RStudio Package Manager service | | service.annotations | object | `{}` | Annotations for the service, for example to specify [an internal load balancer](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer) | | service.clusterIP | string | `""` | The cluster-internal IP to use with `service.type` ClusterIP | @@ -232,8 +232,7 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | strategy | object | `{"rollingUpdate":{"maxSurge":"100%","maxUnavailable":0},"type":"RollingUpdate"}` | The update strategy used by the main service pod. | | tolerations | list | `[]` | An array used verbatim as the pod's "tolerations" definition | | topologySpreadConstraints | list | `[]` | An array used verbatim as the pod's "topologySpreadConstraints" definition | -| versionOverride | string | `""` | A Package Manager version to override the "tag" for the RStudio Package Manager image. Necessary until https://github.com/helm/helm/issues/8194 | +| versionOverride | string | `""` | A Package Manager version to override the "tag" for the Posit Package Manager image. Necessary until https://github.com/helm/helm/issues/8194 | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) - From 93c1265bb58af4cabad7a722985cafcf91fd9ee4 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 14 May 2024 12:36:27 +0000 Subject: [PATCH 016/284] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 2 +- charts/rstudio-pm/README.md | 50 +++++++++++++++----------------- 2 files changed, 24 insertions(+), 28 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 066cd564..a44de207 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -7,7 +7,7 @@ Business Users and Collaborators use R and Python data products on [Posit Connect](https://posit.co/products/enterprise/connect/) that are published by Data Scientists. -## Best practices +## Best Practices Helm charts are very useful tools for deploying resources into Kubernetes, however, they do require some familiarity with kubernetes and `helm` itself. Please ensure you have adequate training and diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index fde9eb3e..b6f9d265 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -2,51 +2,46 @@ ![Version: 0.5.25](https://img.shields.io/badge/Version-0.5.25-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) -#### _Official Helm chart for Posit Package Manager_ +#### _Official Helm chart for RStudio Package Manager_ IT Administrators use [Posit Package Manager](https://posit.co/products/enterprise/package-manager/) to control and manage R and Python packages that Data Scientists need to create and share data products. -## For production +## For Production -To ensure a stable production deployment: +To ensure a stable production deployment, please: -* "Pin" the version of the Helm chart that you are using. You can do this using the: - * `helm dependency` command *and* the associated "Chart.lock" files *or* - * the `--version` flag. - - ::: {.callout-important} - This protects you from breaking changes. - ::: +* Ensure you "pin" the version of the Helm chart that you are using. You can do + this using the `helm dependency` command and the associated "Chart.lock" files + or the `--version` flag. **IMPORTANT: This protects you from breaking changes** +* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check + for breaking changes +* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking + changes, as well as documentation below on how to use the chart -* Before upgrading check for breaking changes using `helm diff upgrade`. -* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. - -## Installing the chart +## Installing the Chart To install the chart with the release name `my-release` at version 0.5.25: -```{.bash} +```bash helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.25 ``` To explore other chart versions, take a look at: - -```{.bash} +``` helm search repo rstudio/rstudio-pm -l ``` -## Upgrade guidance +## Upgrade Guidance ### 0.4.0 -* When upgrading to version 0.4.0 or later, the Package Manager service moves from running as `root` to running as - the `rstudio-pm` user (with `uid:gid` `999:999`) -* A `chown` of persistent storage may be required. The issue has been recorded and the team is working to implement an automatic fix. - * To disable an automatic fixup / hook, set `enableMigrations=false`. +- When upgrading to version 0.4.0 or later, the Package Manager service moves from running as `root` to running as + the `rstudio-pm` user (with `uid:gid` `999:999`). A `chown` of persistent storage may be required. We will try to + fix this up automatically. Set `enableMigrations=false` to disable the automatic fixup / hook. -## Required configuration +## Required Configuration This chart requires the following in order to function: @@ -136,12 +131,12 @@ should be avoided if at all possible. ## General Principles -- In most places, we opt to pass Helm values over configmaps. We translate these into the valid `.gcfg` file format +- In most places, we opt to pass helm values over configmaps. We translate these into the valid `.gcfg` file format required by rstudio-pm. ## Configuration File -The configuration values all take the form of usual Helm values +The configuration values all take the form of usual helm values so you can set the database password with something like: ``` @@ -202,7 +197,7 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | readinessProbe | object | `{"enabled":true,"failureThreshold":3,"httpGet":{"path":"/__ping__","port":4242},"initialDelaySeconds":3,"periodSeconds":3,"successThreshold":1,"timeoutSeconds":1}` | readinessProbe is used to configure the container's readinessProbe | | replicas | int | `1` | replicas is the number of replica pods to maintain for this service | | resources | object | `{"limits":{"cpu":"2000m","enabled":false,"ephemeralStorage":"200Mi","memory":"4Gi"},"requests":{"cpu":"100m","enabled":false,"ephemeralStorage":"100Mi","memory":"2Gi"}}` | resources define requests and limits for the rstudio-pm pod | -| rootCheckIsFatal | bool | `true` | Whether the check for root accounts in the config file is fatal. This is meant to simplify migration to the new Helm chart version. | +| rootCheckIsFatal | bool | `true` | Whether the check for root accounts in the config file is fatal. This is meant to simplify migration to the new helm chart version. | | rstudioPMKey | bool | `false` | rstudioPMKey is the rstudio-pm key used for the RStudio Package Manager service | | service.annotations | object | `{}` | Annotations for the service, for example to specify [an internal load balancer](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer) | | service.clusterIP | string | `""` | The cluster-internal IP to use with `service.type` ClusterIP | @@ -232,7 +227,8 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | strategy | object | `{"rollingUpdate":{"maxSurge":"100%","maxUnavailable":0},"type":"RollingUpdate"}` | The update strategy used by the main service pod. | | tolerations | list | `[]` | An array used verbatim as the pod's "tolerations" definition | | topologySpreadConstraints | list | `[]` | An array used verbatim as the pod's "topologySpreadConstraints" definition | -| versionOverride | string | `""` | A Package Manager version to override the "tag" for the Posit Package Manager image. Necessary until https://github.com/helm/helm/issues/8194 | +| versionOverride | string | `""` | A Package Manager version to override the "tag" for the RStudio Package Manager image. Necessary until https://github.com/helm/helm/issues/8194 | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) + From 6c276584693292f2293e0b5412c8f01f642ae7b3 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Tue, 14 May 2024 08:37:53 -0400 Subject: [PATCH 017/284] Revert "Update helm-docs and README.md" This reverts commit 93c1265bb58af4cabad7a722985cafcf91fd9ee4. --- charts/rstudio-connect/README.md | 2 +- charts/rstudio-pm/README.md | 50 +++++++++++++++++--------------- 2 files changed, 28 insertions(+), 24 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index a44de207..066cd564 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -7,7 +7,7 @@ Business Users and Collaborators use R and Python data products on [Posit Connect](https://posit.co/products/enterprise/connect/) that are published by Data Scientists. -## Best Practices +## Best practices Helm charts are very useful tools for deploying resources into Kubernetes, however, they do require some familiarity with kubernetes and `helm` itself. Please ensure you have adequate training and diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index b6f9d265..fde9eb3e 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -2,46 +2,51 @@ ![Version: 0.5.25](https://img.shields.io/badge/Version-0.5.25-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) -#### _Official Helm chart for RStudio Package Manager_ +#### _Official Helm chart for Posit Package Manager_ IT Administrators use [Posit Package Manager](https://posit.co/products/enterprise/package-manager/) to control and manage R and Python packages that Data Scientists need to create and share data products. -## For Production +## For production -To ensure a stable production deployment, please: +To ensure a stable production deployment: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check - for breaking changes -* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +* "Pin" the version of the Helm chart that you are using. You can do this using the: + * `helm dependency` command *and* the associated "Chart.lock" files *or* + * the `--version` flag. + + ::: {.callout-important} + This protects you from breaking changes. + ::: -## Installing the Chart +* Before upgrading check for breaking changes using `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. + +## Installing the chart To install the chart with the release name `my-release` at version 0.5.25: -```bash +```{.bash} helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.25 ``` To explore other chart versions, take a look at: -``` + +```{.bash} helm search repo rstudio/rstudio-pm -l ``` -## Upgrade Guidance +## Upgrade guidance ### 0.4.0 -- When upgrading to version 0.4.0 or later, the Package Manager service moves from running as `root` to running as - the `rstudio-pm` user (with `uid:gid` `999:999`). A `chown` of persistent storage may be required. We will try to - fix this up automatically. Set `enableMigrations=false` to disable the automatic fixup / hook. +* When upgrading to version 0.4.0 or later, the Package Manager service moves from running as `root` to running as + the `rstudio-pm` user (with `uid:gid` `999:999`) +* A `chown` of persistent storage may be required. The issue has been recorded and the team is working to implement an automatic fix. + * To disable an automatic fixup / hook, set `enableMigrations=false`. -## Required Configuration +## Required configuration This chart requires the following in order to function: @@ -131,12 +136,12 @@ should be avoided if at all possible. ## General Principles -- In most places, we opt to pass helm values over configmaps. We translate these into the valid `.gcfg` file format +- In most places, we opt to pass Helm values over configmaps. We translate these into the valid `.gcfg` file format required by rstudio-pm. ## Configuration File -The configuration values all take the form of usual helm values +The configuration values all take the form of usual Helm values so you can set the database password with something like: ``` @@ -197,7 +202,7 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | readinessProbe | object | `{"enabled":true,"failureThreshold":3,"httpGet":{"path":"/__ping__","port":4242},"initialDelaySeconds":3,"periodSeconds":3,"successThreshold":1,"timeoutSeconds":1}` | readinessProbe is used to configure the container's readinessProbe | | replicas | int | `1` | replicas is the number of replica pods to maintain for this service | | resources | object | `{"limits":{"cpu":"2000m","enabled":false,"ephemeralStorage":"200Mi","memory":"4Gi"},"requests":{"cpu":"100m","enabled":false,"ephemeralStorage":"100Mi","memory":"2Gi"}}` | resources define requests and limits for the rstudio-pm pod | -| rootCheckIsFatal | bool | `true` | Whether the check for root accounts in the config file is fatal. This is meant to simplify migration to the new helm chart version. | +| rootCheckIsFatal | bool | `true` | Whether the check for root accounts in the config file is fatal. This is meant to simplify migration to the new Helm chart version. | | rstudioPMKey | bool | `false` | rstudioPMKey is the rstudio-pm key used for the RStudio Package Manager service | | service.annotations | object | `{}` | Annotations for the service, for example to specify [an internal load balancer](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer) | | service.clusterIP | string | `""` | The cluster-internal IP to use with `service.type` ClusterIP | @@ -227,8 +232,7 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | strategy | object | `{"rollingUpdate":{"maxSurge":"100%","maxUnavailable":0},"type":"RollingUpdate"}` | The update strategy used by the main service pod. | | tolerations | list | `[]` | An array used verbatim as the pod's "tolerations" definition | | topologySpreadConstraints | list | `[]` | An array used verbatim as the pod's "topologySpreadConstraints" definition | -| versionOverride | string | `""` | A Package Manager version to override the "tag" for the RStudio Package Manager image. Necessary until https://github.com/helm/helm/issues/8194 | +| versionOverride | string | `""` | A Package Manager version to override the "tag" for the Posit Package Manager image. Necessary until https://github.com/helm/helm/issues/8194 | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) - From 016f4e5bc94e261bc0425070be188919130ac71f Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Tue, 14 May 2024 08:41:46 -0400 Subject: [PATCH 018/284] Revert "Merge branch 'ah/editing-pass' of https://github.com/rstudio/helm into ah/editing-pass" This reverts commit 8713b44aabd5648808c214f4d0ffea886bd39ef3, reversing changes made to 2f87134bb1db9640f6748bb3cffc59ba40f98a1f. --- charts/rstudio-connect/README.md | 83 +++---- charts/rstudio-workbench/README.md | 379 +++++++++++++++-------------- 2 files changed, 237 insertions(+), 225 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 066cd564..bd2bd796 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -2,7 +2,7 @@ ![Version: 0.6.6](https://img.shields.io/badge/Version-0.6.6-informational?style=flat-square) ![AppVersion: 2024.04.1](https://img.shields.io/badge/AppVersion-2024.04.1-informational?style=flat-square) -#### _Official Helm chart for RStudio Connect_ +#### _Official Helm chart for Posit Connect_ Business Users and Collaborators use R and Python data products on [Posit Connect](https://posit.co/products/enterprise/connect/) that are published by Data Scientists. @@ -12,56 +12,63 @@ that are published by Data Scientists. Helm charts are very useful tools for deploying resources into Kubernetes, however, they do require some familiarity with kubernetes and `helm` itself. Please ensure you have adequate training and IT support before deploying these charts into production environments. Reach out to your account representative -if you need help deciding whether helm is a good choice for your deployment. +if you need help deciding whether Helm is a good choice for your deployment. To ensure reproducibility in your environment and insulate yourself from future changes, please: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use the `helm-diff` plugin and `helm diff upgrade` to check - for breaking changes -* Read [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +* "Pin" the version of the Helm chart that you are using. You can do + this using the: + * `helm dependency` command and the associated "Chart.lock" files _or_ + * the `--version` flag. -## Installing the Chart + :::{.callout-important} + This protects you from breaking changes** + ::: + +* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. + +## Installing the chart To install the chart with the release name `my-release` at version 0.6.6: -```bash +```{.bash} helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/rstudio-connect --version=0.6.6 ``` To explore other chart versions, take a look at: -``` + +```{.bash} helm search repo rstudio/rstudio-connect -l ``` -## Required Configuration +## Required configuration -This chart requires the following in order to function: +To function, this chart requires the following: -* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. +* A license file. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the data directory for Connect. - * If `sharedStorage.create` is set, a PVC that relies on the default storage class will be created to generate the PersistentVolume. + * If `sharedStorage.create` is set, a Persistent Volume Claim (PVC) that relies on the default storage class will be created to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use with `ReadWriteMany` access mode out-of-the-box. - In this case, we recommend you disable `sharedStorage.create` and create your own `PersistentVolume` and `PersistentVolumeClaim`, then - mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `sharedStorage.name` and `sharedStorage.mount`. - * If you cannot use a `PersistentVolume` to properly mount your data directory, you'll need to mount your data in the container - by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes), specified in `pod.volumes` and `pod.volumeMounts`. + In this case, we recommend you: + * Disable `sharedStorage.create` and create your own `PersistentVolume` and `PersistentVolumeClaim`, then + * Mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `sharedStorage.name` and `sharedStorage.mount`. + * If you cannot use a `PersistentVolume` to properly mount your users' home directories, mount your + data in the container by using a + regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes/#nfs), specified in `pod.volumes` + and `pod.volumeMounts`. ## Licensing -This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. - -### License File +This chart supports activating the product using a *license file*. -We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. +- We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -`kubectl create secret generic rstudio-connect-license --from-file=licenses/rstudio-connect.lic` +```{.bash} +kubectl create secret generic rstudio-connect-license --from-file=licenses/rstudio-connect.lic Second, specify the following values: @@ -74,29 +81,23 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -`--set-file license.file.contents=licenses/rstudio-connect.lic` - -### License Key - -Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. - -### License Server - -Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. +```{.bash} +--set-file license.file.contents=licenses/rstudio-connect.lic +``` -## General Principles +## General principles -- In most places, we opt to pass helm values over configmaps. We translate these into the valid `.gcfg` file format -required by rstudio-connect. -- rstudio-connect does not export many prometheus metrics on its own. Instead, we run a sidecar graphite exporter +- In most places, we opt to pass Helm values over ConfigMaps. We translate these into the valid `.gcfg` file format +required by `rstudio-connect`. +- `rstudio-connect` does not export many prometheus metrics on its own. Instead, we run a sidecar graphite exporter [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) -## Configuration File +## Configuration file -The configuration values all take the form of usual helm values +The configuration values all take the form of usual Helm values so you can set the database password with something like: -``` +```{.bash} ... --set config.Postgres.Password=mypassword ... ``` diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 9cda63d7..79dfc3f9 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,25 +1,31 @@ -# Posit Workbench +--- +title: Posit Workbench +code-overflow: wrap +--- ![Version: 0.7.3](https://img.shields.io/badge/Version-0.7.3-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) -#### _Official Helm chart for RStudio Workbench_ +#### _Official Helm chart for Posit Workbench_ Data Scientists use [Posit Workbench](https://posit.co/products/enterprise/workbench/) to analyze data and create data products using R and Python. -## For Production +## For production -To ensure a stable production deployment, please: +To ensure a stable production deployment: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check - for breaking changes -* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +* "Pin" the version of the Helm chart that you are using. You can do this using the: + * `helm dependency` command *and* the associated "Chart.lock" files *or* + * the `--version` flag. + + ::: {.callout-important} + This protects you from breaking changes. + ::: -## Installing the Chart +* Before upgrading check for breaking changes using `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. + +## Installing the chart To install the chart with the release name `my-release` at version 0.7.3: @@ -29,59 +35,64 @@ helm upgrade --install my-release rstudio/rstudio-workbench --version=0.7.3 ``` To explore other chart versions, take a look at: -``` + +```bash helm search repo rstudio/rstudio-workbench -l ``` -## Required Configuration +## Required configuration -This chart requires the following in order to function: +To function, this chart requires the following: -* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. +* A license file. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the home directory for users. - * If `homeStorage.create` is set, a PVC that relies on the default storage class will be created to generate the + * If `homeStorage.create` is set, it creates a Persistent Volume Claim (PVC) that relies on the default storage class to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use - with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend you disable `homeStorage.create` and - create your own `PersistentVolume` and `PersistentVolumeClaim`, then mount them into the container by specifying + with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend that you: + * Disable `homeStorage.create` and + create your own `PersistentVolume` and `PersistentVolumeClaim`, then + * Mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `homeStorage.name` and `homeStorage.mount`. - * If you cannot use a `PersistentVolume` to properly mount your users' home directories, you'll need to mount your + * If you cannot use a `PersistentVolume` to properly mount your users' home directories, mount your data in the container by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes/#nfs), specified in `pod.volumes` and `pod.volumeMounts`. - * If you cannot use a `Volume` to mount the directories, you'll need to manually mount them during container startup + * If you cannot use a `Volume` to mount the directories, manually mount them during container startup with a mechanism similar to what is described below for joining to auth domains. - * If not using `homeStorage.create`, you'll need to configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions. -* If using load balancing (by setting `replicas > 1`), you will need similar storage defined for `sharedStorage` to + * If not using `homeStorage.create`, configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions. +* If using load balancing (by setting `replicas > 1`), you need similar storage defined for `sharedStorage` to store shared project configuration. However, you can also configure the product to store its shared data underneath `/home` by setting `config.server.rserver\.conf.server-shared-storage-path=/home/some-shared-dir`. * A method to join the deployed `rstudio-workbench` container to your auth domain. The default `rstudio/rstudio-workbench` image has `sssd` installed and started by default. You can include `sssd` configuration in `config.userProvisioning` like so: -```yaml -config: - userProvisioning: - mysssd.conf: - sssd: - config_file_version: 2 - services: nss, pam - domains: rstudio.com - domain/rstudio.com: - id_provider: ldap - auth_provider: ldap -``` -## Licensing + ```yaml + config: + userProvisioning: + mysssd.conf: + sssd: + config_file_version: 2 + services: nss, pam + domains: rstudio.com + domain/rstudio.com: + id_provider: ldap + auth_provider: ldap + ``` -This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. +## Licensing -### License File +This chart supports activating the product using a *license file*. -We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. +- We recommend *against* directly placing the license file in your values file. +- We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -`kubectl create secret generic rstudio-workbench-license --from-file=licenses/rstudio-workbench.lic` +```{.bash} +kubectl create secret generic rstudio-workbench-license --from-file=licenses/rstudio-workbench.lic +``` Second, specify the following values: @@ -94,39 +105,32 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -`--set-file license.file.contents=licenses/rstudio-workbench.lic` - -### License Key - -Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. - -### License Server - -Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. +```bash +--set-file license.file.contents=licenses/rstudio-workbench.lic +``` -## General Principles +## General principles - In most places, we opt to pass Helm values directly into ConfigMaps. We automatically translate these into the - valid `.ini` or `.dcf` file formats required by RStudio Workbench. Those config files and their mount locations are - below. -- If you need to modify the jobs launched by RStudio Workbench, you want to use `job-json-overrides`. There is a section on this below - and [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) - on the topic in general. -- The prestart scripts for RStudio Workbench and RStudio Launcher are highly customized to: - - Get the service account information off of the RStudio Workbench pod for use in launching jobs -- RStudio Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter - [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) + valid `.ini` or `.dcf` file formats required by Workbench. + - Those configuration files and their mount locations are covered in the [Configuration files](#configuration-files) section below. +- If you need to modify the jobs launched by Workbench, use `job-json-overrides`. + - Review the [Job Json overrides](#job-json-overrides) section on this below. For general information, see [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes). +- The prestart scripts for Workbench and Posit Job Launcher are highly customized to get the service account information off of the Workbench pod for use in launching jobs. +- Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter. + - This is described in the + [Monitoring Posit Team Using Prometheus and Graphite](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) support article. ## Configuration files -These configuration values all take the form of usual helm values -so you can set the database password with something like: +These configuration values all take the form of usual Helm values +so you can set the database password with similar to: -``` +```bash ... --set config.secret.database\.conf.password=mypassword ... ``` -The files are converted into configuration files in the necessary format via go-templating. If you want to "in-line" a config file or mount it verbatim, you can use a pattern like: +The files are converted into configuration files, in the required format, via go-templating. If you want to "in-line" a configuration file or mount it verbatim, you can use a pattern like: ```yaml config: @@ -136,130 +140,135 @@ config: ``` The names of files are dynamically used, so you can add new files as needed. Beware that some files have default values, -so moving them can have adverse effects. Also, if you use a different mounting paradigm, you will need to change -the `XDG_CONFIG_DIRS` environment variable +so moving them can have adverse effects. Also, if you use a different mounting paradigm, you need to change +the `XDG_CONFIG_DIRS` environment variable. - Session Configuration - These configuration files are mounted into the server and - are mounted into the session pods as well. + are mounted into the session pods. - `repos.conf`, `rsession.conf`, `notifications.conf` - - located in the `config.session.<< name of file >>` helm values - - mounted at `/mnt/session-configmap/rstudio/` -- Session Secret Configuration - - These configuration files are mounted into the server and session pods as well - - `odbc.ini` and other similar shared secrets - - located in `config.sessionSecret.<< name of file>>` helm values - - mounted at `/mnt/session-secret/` -- Secret Configuration - - These configuration files are mounted into the server with more restrictive permissions (0600) + - Located in:
    `config.session.<< name of file >>` Helm values + - Mounted at:
    `/mnt/session-configmap/rstudio/` +- Session Secret Configuration: + - These configuration files are mounted into the server and session pods. + - `odbc.ini` and other similar shared secrets. + - Located in:
    `config.sessionSecret.<< name of file>>` Helm values + - Mounted at:
    `/mnt/session-secret/` +- Secret Configuration: + - These configuration files are mounted into the server with more restrictive permissions (0600). - `database.conf`, `openid-client-secret`, `databricks.conf` - - They are located in the `config.secret.<< name of file >>` helm values - - mounted at `/mnt/secret-configmap/rstudio/` -- Server Configuration - - These configuration files are mounted into the server (.ini file format) + - Located in:
    `config.secret.<< name of file >>` Helm values + - Mounted at:
    `/mnt/secret-configmap/rstudio/` +- Server Configuration: + - These configuration files are mounted into the server (.ini file format). - `rserver.conf`, `launcher.conf`, `jupyter.conf`, `logging.conf` - - They are located at `config.server.<< name of file >>` helm values - - mounted at `/mnt/configmap/rstudio/` -- Server DCF Configuration - - These configuration files are mounted into the server (.dcf file format) + - Located at:
    `config.server.<< name of file >>` Helm values + - Mounted at:
    `/mnt/configmap/rstudio/` +- Server DCF Configuration: + - These configuration files are mounted into the server (.dcf file format). - `launcher-mounts`, `launcher-env` - - They are located at `config.serverDcf.<< name of file >>` helm values - - included at `/mnt/configmap/rstudio/` -- Profiles Configuration - - These configuration files are mounted into the server (.ini file format) + - Located at:
    `config.serverDcf.<< name of file >>` Helm values + - Included at:
    `/mnt/configmap/rstudio/` +- Profiles Configuration: + - These configuration files are mounted into the server (.ini file format). - `launcher.kubernetes.profiles.conf` - - They are located at `config.profiles.<< name of file >>` helm values - - included at `/mnt/configmap/rstudio/` - - See the `Profiles` section below for more information -- Prestart - - This is provided by the helm chart in a configmap - - It is mounted into the pod at `/scripts/` - - `prestart-workbench.bash` is used to start workbench - - `prestart-launcher.bash` is used to start launcher -- User Provisioning Configuration - - These configuration files are used for configuring user provisioning (i.e. `sssd`) - - Located at `config.userProvisioning.<< name of file >>` helm values - - Mounted onto `/etc/sssd/conf.d/` with `0600` permissions by default -- Custom Startup Configuration - - `supervisord` service / unit definition `.conf` files - - Located at `config.startupCustom.<< name of file >>` helm values - - Will use the `.ini` file format, by default - - Mounted at `/startup/custom` - - As with all config files above, can override with a verbatim string if desired, like so: -```yaml -config: - startupCustom: - myfile.conf: | - file-used-verbatim -``` -- PAM configuration - - `pam` configuration files - - Located at `config.pam.<< name of file >>` helm values - - Will be mounted verbatim as individual files (using `subPath` mounts) at `/etc/pam.d/<< name of file >>` - -### Configuring R and Python repositories + - They are located at `config.profiles.<< name of file >>` Helm values + - Included at:
    `/mnt/configmap/rstudio/` + - See the [Profiles](#rstudio-profiles) section below for more information. +- Prestart: + - This is provided by the Helm chart in a configmap. + - It is mounted into the pod at `/scripts/`. + - `prestart-workbench.bash` is used to start workbench. + - `prestart-launcher.bash` is used to start launcher. +- User Provisioning Configuration: + - These configuration files are used for configuring user provisioning (i.e., `sssd`). + - Located at:
    `config.userProvisioning.<< name of file >>` Helm values + - Mounted onto:
    `/etc/sssd/conf.d/` with `0600` permissions by default. +- Custom Startup Configuration: + - `supervisord` service / unit definition `.conf` files. + - Use the `.ini` file format by default. + - Mounted at:
    `/startup/custom` + - As with all configuration files above, you can override with a verbatim string if desired: + - Located at:
    `config.startupCustom.<< name of file >>` Helm values: + ```yaml + config: + startupCustom: + myfile.conf: | + file-used-verbatim + ``` +- PAM configuration: + - `pam` configuration files. + - Located at:
    `config.pam.<< name of file >>` Helm values + - Mounted verbatim as individual files (using `subPath` mounts) at:
    `/etc/pam.d/<< name of file >>` + +### Configuring Python and R repositories -#### R repositories +#### Python repositories -R package repositories can be configured with `config.session.repos.conf`. +pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mounted into the session pods, it is important that: -``` -config: - session: - repos.conf: - CRAN: https://packagemanager.posit.co/cran/__linux__/jammy/latest -``` +- `launcher.useTemplates: true` is set +- `pip.conf` settings are listed under `config.session` as shown in the following example for adding Posit Public Package Manager's PyPI: -For more information about configuring CRAN repositories in Workbench refer to the [Admin Guide](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories). + ```yaml + launcher: + useTemplates: true -#### Python repositories + config: + session: + pip.conf: + "global": + index-url: https://packagemanager.posit.co/pypi/latest/simple + trusted-host: packagemanager.posit.co + ``` -pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mounted into the session pods it is important that `launcher.useTemplates: true` is set and `pip.conf` settings are listed under `config.session` like in the example below for adding Posit Public Package Manager's PyPI. +#### R repositories -``` -launcher: - useTemplates: true +R package repositories can be configured with `config.session.repos.conf`: +```yaml config: session: - pip.conf: - "global": - index-url: https://packagemanager.posit.co/pypi/latest/simple - trusted-host: packagemanager.posit.co + repos.conf: + CRAN: https://packagemanager.posit.co/cran/__linux__/jammy/latest ``` -## User Provisioning +For more information about configuring CRAN repositories in Workbench, see the [Posit Workbench Administrator Guide's - Package Installation > CRAN repositories](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories) section. -Provisioning users in RStudio Workbench containers is challenging. Session images have users created automatically (with -consistent UIDs / GIDs), but creating users in the Workbench containers is a responsibility that falls to the -administrator today. +## User provisioning + +Provisioning users in Workbench containers is challenging. Session images create users automatically (with +consistent UIDs / GIDs). However, creating users in the Workbench containers is a responsibility that falls to the +administrator. The most common way to provision users is via `sssd`. -The [latest RStudio Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) +The [latest Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) has `sssd` included and running by default (see `userProvisioning` configuration files above). -The other way that this can be managed is via a lightweight "startup service" (runs once at startup and then sleeps forever) +The other way that this can be managed is via a lightweight startup service (runs once at startup and then sleeps forever) or a polling service (checks at regular intervals). Either can be written easily in `bash` or another programming language. -However, it is important to be careful of a few points: -- UID / GID consistency: linux usernames and their matching to UID/GID must be consistent across all nodes and across - time. Failing this can cause security issues and access by some users to files they should not be allowed to see -- usernames cannot have `@`. The `@` sign (often used in emails with SSO) is a problem for RStudio Workbench because - some operating systems disallow `@` signs in linux usernames -- `supervisord` is configured by default to exit if any of its child processes exit. If you use `config.startupCustom` - to configure a user management service, be careful that it does not exit unnecessarily +However, it is important to use caution for the following: + +- UID / GID consistency: + - Linux usernames and their matching to UID/GID must be consistent across all nodes and across time. + - Failing can cause security issues and access by some users to access view they should not be allowed to see. +- Usernames cannot have `@`. + - The `@` sign (often used in emails with SSO) is a problem for Workbench because some operating systems disallow `@` signs in linux usernames. +- `supervisord` is configured by default to exit if any of its child processes exit. + - If you use `config.startupCustom` to configure a user management service, be careful that it does not exit unnecessarily. -We do not provide such a service out of the box because we intend for RStudio Workbench to solve this problem in a -future release. Please get in touch with your account representative if you have feedback or questions about this +We do not provide such a service out-of-the box because we intend for Workbench to solve this problem in a +future release. Please contact your account representative if you have feedback or questions about this workflow. ### PAM -When starting sessions on RStudio Workbench, PAM configuration is often very important, even if PAM is not being used as -an authentication mechanism. The RStudio Workbench helm chart allows creating custom PAM files via the `config.pam` +When starting sessions on Workbench, PAM configuration is often very important, even if PAM is not being used as +an authentication mechanism. The Workbench Helm chart allows creating custom PAM files via the `config.pam` values section. -Each key under `config.pam` will become a PAM config file, and will be mounted into `/etc/pam.d/` in the container. For +Each key under `config.pam` becomes a PAM configuration file, and is mounted into `/etc/pam.d/` in the container. For example: ```yaml @@ -279,17 +288,17 @@ Profiles are used to define product behavior (in `.ini` file format) based on us Sections define whether a set of configurations is applied to a user's jobs based on the following criteria: -- if section header is `[*]`, it applies to all users -- if a user's username is `myusername`, the section `[myusername]` will apply to them -- if a user is in the `allusers` group, then the section `[@allusers]` will apply to them +- If section header is `[*]`, it applies to all users. +- If a user's username is `myusername`, the section `[myusername]` applies to them. +- If a user is in the `allusers` group, then the section `[@allusers]` applies to them The product reads configuration from top to bottom and "last-in-wins" for a given configuration value. ### `/etc/rstudio/profiles` -The `/etc/rstudio/profiles` file enables you to tailor the behavior of sessions on a per-user or per-group basis. See the Workbench Admin Guide [User and Group Profiles](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.html) page for more details. +The `/etc/rstudio/profiles` file enables you to tailor the behavior of sessions on a per-user or per-group basis. See the [Posit Workbench Administrator Guide - User and Group Profiles](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.html) page for more information. -In the `values.yaml`, the content of `/etc/rstudio/profiles` should be defined in `config.server.profiles`. For example: +In the `values.yaml`, define the content of `/etc/rstudio/profiles` in `config.server.profiles`. For example: ```yaml config: @@ -312,17 +321,17 @@ session-timeout-minutes=60 ### `/etc/rstudio/launcher.kubernetes.profiles.conf` -The `/etc/rstudio/launcher.kubernetes.profiles.conf` contains the configuration of resource limits by user and group when using the Kubernetes Launcher Plugin. In the `values.yaml`, the content of `/etc/rstudio/launcher.kubernetes.profiles.conf ` should be defined in `config.profiles.launcher.kubernetes.profiles.conf`. The `config.profiles` section has a couple of niceties that are added in by default. +The `/etc/rstudio/launcher.kubernetes.profiles.conf` contains the configuration of resource limits by user and group when using the Kubernetes Launcher Plugin. In the `values.yaml`, define the content of `/etc/rstudio/launcher.kubernetes.profiles.conf ` in the `config.profiles.launcher.kubernetes.profiles.conf` file. The `config.profiles` section has a couple of niceties that are added in by default. -- YAML arrays like the following will be "comma-joined." For instance, the following will become: `some-key=value1,value2` +- YAML arrays like the following becomes "comma-joined." For instance, the following becomes: `some-key=value1,value2` -```yaml -some-key: - - value1 - - value2 -``` + ```yaml + some-key: + - value1 + - value2 + ``` -- The `[*]` section will have arrays "appended" to user and group sections, along with "defaults" defined by the chart. +- The `[*]` section has arrays "appended" to user and group sections, along with "defaults" defined by the chart. For example: @@ -339,6 +348,7 @@ config: - value4 - value5 ``` + Becomes: _/etc/rstudio/launcher.kubernetes.profiles.conf_ @@ -350,23 +360,24 @@ some-key: value1,value2 some-key: value1,value2,value3,value4 ``` -> NOTE: this appending/concatenation/array translation behavior only works with the helm chart +:::{.callout-note} +This appending/concatenation/array translation behavior only works with the helm chart. +::: -### Job Json Overrides +### Job Json overrides -If you want to customize the job launch process (i.e. how sessions are defined), you will need to edit the following -configuration: - - modify `config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` - - create an array of maps with the following keys: - - `target`: the "target" part of the job spec to replace - - `name`: a unique identifier (ideally with no spaces) that will become a config filename on disk - - `json`: a YAML value that will be translated directly to JSON and injected into the job spec at `target` +If you want to customize the job launch process (i.e., how sessions are defined), edit the following configuration: -Note that several examples are provided -in [this support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) -(however, examples do not use the helm chart syntax there). +- Modify: + ```yaml + config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` + ``` +- Create an array of maps with the following keys: + - `target`: The "target" part of the job spec to replace. + - `name`: A unique identifier (ideally with no spaces) becomes a configuration filename on disk. + - `json`: A YAML value that is translated directly to JSON and injected into the job spec at `target`. -Alternatively, you can explore the docs in the [helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md) +Explore the docs in the [Helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md) for additional information. ```yaml config: @@ -386,10 +397,11 @@ config: - "two-image:tag ``` -## Sealed Secrets -This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. +## Sealed secrets -To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted. The chart does not support mixing encrypted values with unencrypted values. +This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via Helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. + +To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted (the chart does not support mixing encrypted values with unencrypted values): - `config.secret` - `config.sessionSecret` @@ -397,7 +409,7 @@ To activate the use of `SealedSecret` templates instead of `Secret` templates in - `launcherPem` - `secureCookieKey` (or `global.secureCookieKey`) -Use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key which can be generated via an RSA tool such as helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID which can be generated via a UUID generator such as helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. +Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key, which can be generated via an RSA tool such as Helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID, which can be generated via a UUID generator such as Helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. ## Values @@ -546,4 +558,3 @@ Use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) disables ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) - From b04bd80996d7d318e9086cb4be15da85b3515555 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Tue, 14 May 2024 08:59:31 -0400 Subject: [PATCH 019/284] additional readme edits --- charts/rstudio-connect/README.md | 2 +- charts/rstudio-pm/README.md | 45 +++++++++++++----------------- charts/rstudio-workbench/README.md | 7 ++--- 3 files changed, 24 insertions(+), 30 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index bd2bd796..a06044aa 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -63,7 +63,7 @@ To function, this chart requires the following: This chart supports activating the product using a *license file*. -- We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. +We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index fde9eb3e..912d5039 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -50,7 +50,7 @@ helm search repo rstudio/rstudio-pm -l This chart requires the following in order to function: -* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. +* A license file. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the data directory for RSPM. * If `sharedStorage.create` is set, a PVC that relies on the default storage class will be created to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use with `ReadWriteMany` access mode out-of-the-box. @@ -62,15 +62,16 @@ This chart requires the following in order to function: ## Licensing -This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. +This chart supports activating the product using a *license file*. -### License File -We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. +- We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -`kubectl create secret generic rstudio-pm-license --from-file=licenses/rstudio-pm.lic` +```{.bash} +kubectl create secret generic rstudio-pm-license --from-file=licenses/rstudio-pm.lic +``` Second, specify the following values: @@ -83,17 +84,11 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -`--set-file license.file.contents=licenses/rstudio-pm.lic` - -### License Key - -Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. - -### License Server - -Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. +```{.bash} +--set-file license.file.contents=licenses/rstudio-pm.lic +``` -## S3 Configuration +## S3 configuration Package Manager [can be configured to store its data in S3 buckets](https://docs.rstudio.com/rspm/admin/files-directories/#data-destinations), @@ -131,20 +126,20 @@ awsAccessKeyId: your-access-key-id awsSecretAccessKey: your-secret-access-key ``` -Bear in mind that static, long-lived credentials are the least secure option and +Consider that static, long-lived credentials are the least secure option and should be avoided if at all possible. -## General Principles +## General principles -- In most places, we opt to pass Helm values over configmaps. We translate these into the valid `.gcfg` file format -required by rstudio-pm. +In most places, we opt to pass Helm values over ConfigMaps. We translate these into the valid `.gcfg` file format +required by `rstudio-pm`. -## Configuration File +## Configuration file The configuration values all take the form of usual Helm values so you can set the database password with something like: -``` +```{.bash} ... --set config.Postgres.Password=mypassword ... ``` @@ -159,7 +154,7 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | awsAccessKeyId | bool | `false` | awsAccessKeyId is the access key id for s3 access, used also to gate file creation | | awsSecretAccessKey | string | `nil` | awsSecretAccessKey is the secret access key, needs to be filled if access_key_id is | | command | bool | `false` | command is the pod's run command. By default, it uses the container's default | -| config | object | `{"HTTP":{"Listen":":4242"},"Metrics":{"Enabled":true}}` | config is a nested map of maps that generates the rstudio-pm.gcfg file | +| config | object | `{"HTTP":{"Listen":":4242"},"Metrics":{"Enabled":true}}` | config is a nested map of maps that generates the `rstudio-pm`.gcfg file | | enableMigration | bool | `true` | Enable migrations for shared storage (if necessary) using Helm hooks. | | enableSandboxing | bool | `true` | Enable sandboxing of Git builds, which requires elevated security privileges for the Package Manager container. | | extraContainers | list | `[]` | sidecar container list | @@ -190,7 +185,7 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | pod.annotations | object | `{}` | annotations is a map of keys / values that will be added as annotations to the pods | | pod.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":999,"seccompProfile":{"type":"{{ if .Values.enableSandboxing }}Unconfined{{ else }}RuntimeDefault{{ end }}"}}` | the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the main Package Manager container. Evaluated as a template. | | pod.env | list | `[]` | env is an array of maps that is injected as-is into the "env:" component of the pod.container spec | -| pod.labels | object | `{}` | Additional labels to add to the rstudio-pm pods | +| pod.labels | object | `{}` | Additional labels to add to the `rstudio-pm` pods | | pod.lifecycle | object | `{}` | Container [lifecycle hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/) | | pod.securityContext | object | `{}` | the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the pod | | pod.serviceAccountName | string | `""` | Deprecated, use `serviceAccount.name` instead | @@ -201,9 +196,9 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | priorityClassName | string | `""` | The pod's priorityClassName | | readinessProbe | object | `{"enabled":true,"failureThreshold":3,"httpGet":{"path":"/__ping__","port":4242},"initialDelaySeconds":3,"periodSeconds":3,"successThreshold":1,"timeoutSeconds":1}` | readinessProbe is used to configure the container's readinessProbe | | replicas | int | `1` | replicas is the number of replica pods to maintain for this service | -| resources | object | `{"limits":{"cpu":"2000m","enabled":false,"ephemeralStorage":"200Mi","memory":"4Gi"},"requests":{"cpu":"100m","enabled":false,"ephemeralStorage":"100Mi","memory":"2Gi"}}` | resources define requests and limits for the rstudio-pm pod | +| resources | object | `{"limits":{"cpu":"2000m","enabled":false,"ephemeralStorage":"200Mi","memory":"4Gi"},"requests":{"cpu":"100m","enabled":false,"ephemeralStorage":"100Mi","memory":"2Gi"}}` | resources define requests and limits for the `rstudio-pm` pod | | rootCheckIsFatal | bool | `true` | Whether the check for root accounts in the config file is fatal. This is meant to simplify migration to the new Helm chart version. | -| rstudioPMKey | bool | `false` | rstudioPMKey is the rstudio-pm key used for the RStudio Package Manager service | +| rstudioPMKey | bool | `false` | rstudioPMKey is the `rstudio-pm` key used for the RStudio Package Manager service | | service.annotations | object | `{}` | Annotations for the service, for example to specify [an internal load balancer](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer) | | service.clusterIP | string | `""` | The cluster-internal IP to use with `service.type` ClusterIP | | service.loadBalancerIP | string | `""` | The external IP to use with `service.type` LoadBalancer, when supported by the cloud provider | diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 79dfc3f9..a2053022 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -85,8 +85,7 @@ To function, this chart requires the following: This chart supports activating the product using a *license file*. -- We recommend *against* directly placing the license file in your values file. -- We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. +We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: @@ -105,7 +104,7 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -```bash +```{.bash} --set-file license.file.contents=licenses/rstudio-workbench.lic ``` @@ -126,7 +125,7 @@ Alternatively, license files can be set during `helm install` with the following These configuration values all take the form of usual Helm values so you can set the database password with similar to: -```bash +```{.bash} ... --set config.secret.database\.conf.password=mypassword ... ``` From 4538db93a26f70453817e4dd8f34f9488ffa4dcc Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 14 May 2024 12:59:51 +0000 Subject: [PATCH 020/284] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 83 ++++--- charts/rstudio-pm/README.md | 93 +++---- charts/rstudio-workbench/README.md | 376 ++++++++++++++--------------- 3 files changed, 271 insertions(+), 281 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index a06044aa..a44de207 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -2,73 +2,66 @@ ![Version: 0.6.6](https://img.shields.io/badge/Version-0.6.6-informational?style=flat-square) ![AppVersion: 2024.04.1](https://img.shields.io/badge/AppVersion-2024.04.1-informational?style=flat-square) -#### _Official Helm chart for Posit Connect_ +#### _Official Helm chart for RStudio Connect_ Business Users and Collaborators use R and Python data products on [Posit Connect](https://posit.co/products/enterprise/connect/) that are published by Data Scientists. -## Best practices +## Best Practices Helm charts are very useful tools for deploying resources into Kubernetes, however, they do require some familiarity with kubernetes and `helm` itself. Please ensure you have adequate training and IT support before deploying these charts into production environments. Reach out to your account representative -if you need help deciding whether Helm is a good choice for your deployment. +if you need help deciding whether helm is a good choice for your deployment. To ensure reproducibility in your environment and insulate yourself from future changes, please: -* "Pin" the version of the Helm chart that you are using. You can do - this using the: - * `helm dependency` command and the associated "Chart.lock" files _or_ - * the `--version` flag. +* Ensure you "pin" the version of the Helm chart that you are using. You can do + this using the `helm dependency` command and the associated "Chart.lock" files + or the `--version` flag. **IMPORTANT: This protects you from breaking changes** +* Before upgrading, to avoid breaking changes, use the `helm-diff` plugin and `helm diff upgrade` to check + for breaking changes +* Read [`NEWS.md`](./NEWS.md) for updates on breaking + changes, as well as documentation below on how to use the chart - :::{.callout-important} - This protects you from breaking changes** - ::: - -* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. -* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. - -## Installing the chart +## Installing the Chart To install the chart with the release name `my-release` at version 0.6.6: -```{.bash} +```bash helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/rstudio-connect --version=0.6.6 ``` To explore other chart versions, take a look at: - -```{.bash} +``` helm search repo rstudio/rstudio-connect -l ``` -## Required configuration +## Required Configuration -To function, this chart requires the following: +This chart requires the following in order to function: -* A license file. See the [Licensing](#licensing) section below for more details. +* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the data directory for Connect. - * If `sharedStorage.create` is set, a Persistent Volume Claim (PVC) that relies on the default storage class will be created to generate the PersistentVolume. + * If `sharedStorage.create` is set, a PVC that relies on the default storage class will be created to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use with `ReadWriteMany` access mode out-of-the-box. - In this case, we recommend you: - * Disable `sharedStorage.create` and create your own `PersistentVolume` and `PersistentVolumeClaim`, then - * Mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `sharedStorage.name` and `sharedStorage.mount`. - * If you cannot use a `PersistentVolume` to properly mount your users' home directories, mount your - data in the container by using a - regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes/#nfs), specified in `pod.volumes` - and `pod.volumeMounts`. + In this case, we recommend you disable `sharedStorage.create` and create your own `PersistentVolume` and `PersistentVolumeClaim`, then + mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `sharedStorage.name` and `sharedStorage.mount`. + * If you cannot use a `PersistentVolume` to properly mount your data directory, you'll need to mount your data in the container + by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes), specified in `pod.volumes` and `pod.volumeMounts`. ## Licensing -This chart supports activating the product using a *license file*. +This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. + +### License File We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -```{.bash} -kubectl create secret generic rstudio-connect-license --from-file=licenses/rstudio-connect.lic +`kubectl create secret generic rstudio-connect-license --from-file=licenses/rstudio-connect.lic` Second, specify the following values: @@ -81,23 +74,29 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -```{.bash} ---set-file license.file.contents=licenses/rstudio-connect.lic -``` +`--set-file license.file.contents=licenses/rstudio-connect.lic` -## General principles +### License Key -- In most places, we opt to pass Helm values over ConfigMaps. We translate these into the valid `.gcfg` file format -required by `rstudio-connect`. -- `rstudio-connect` does not export many prometheus metrics on its own. Instead, we run a sidecar graphite exporter +Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. + +### License Server + +Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. + +## General Principles + +- In most places, we opt to pass helm values over configmaps. We translate these into the valid `.gcfg` file format +required by rstudio-connect. +- rstudio-connect does not export many prometheus metrics on its own. Instead, we run a sidecar graphite exporter [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) -## Configuration file +## Configuration File -The configuration values all take the form of usual Helm values +The configuration values all take the form of usual helm values so you can set the database password with something like: -```{.bash} +``` ... --set config.Postgres.Password=mypassword ... ``` diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 912d5039..b6f9d265 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -2,55 +2,50 @@ ![Version: 0.5.25](https://img.shields.io/badge/Version-0.5.25-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) -#### _Official Helm chart for Posit Package Manager_ +#### _Official Helm chart for RStudio Package Manager_ IT Administrators use [Posit Package Manager](https://posit.co/products/enterprise/package-manager/) to control and manage R and Python packages that Data Scientists need to create and share data products. -## For production +## For Production -To ensure a stable production deployment: +To ensure a stable production deployment, please: -* "Pin" the version of the Helm chart that you are using. You can do this using the: - * `helm dependency` command *and* the associated "Chart.lock" files *or* - * the `--version` flag. - - ::: {.callout-important} - This protects you from breaking changes. - ::: +* Ensure you "pin" the version of the Helm chart that you are using. You can do + this using the `helm dependency` command and the associated "Chart.lock" files + or the `--version` flag. **IMPORTANT: This protects you from breaking changes** +* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check + for breaking changes +* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking + changes, as well as documentation below on how to use the chart -* Before upgrading check for breaking changes using `helm diff upgrade`. -* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. - -## Installing the chart +## Installing the Chart To install the chart with the release name `my-release` at version 0.5.25: -```{.bash} +```bash helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.25 ``` To explore other chart versions, take a look at: - -```{.bash} +``` helm search repo rstudio/rstudio-pm -l ``` -## Upgrade guidance +## Upgrade Guidance ### 0.4.0 -* When upgrading to version 0.4.0 or later, the Package Manager service moves from running as `root` to running as - the `rstudio-pm` user (with `uid:gid` `999:999`) -* A `chown` of persistent storage may be required. The issue has been recorded and the team is working to implement an automatic fix. - * To disable an automatic fixup / hook, set `enableMigrations=false`. +- When upgrading to version 0.4.0 or later, the Package Manager service moves from running as `root` to running as + the `rstudio-pm` user (with `uid:gid` `999:999`). A `chown` of persistent storage may be required. We will try to + fix this up automatically. Set `enableMigrations=false` to disable the automatic fixup / hook. -## Required configuration +## Required Configuration This chart requires the following in order to function: -* A license file. See the [Licensing](#licensing) section below for more details. +* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the data directory for RSPM. * If `sharedStorage.create` is set, a PVC that relies on the default storage class will be created to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use with `ReadWriteMany` access mode out-of-the-box. @@ -62,16 +57,15 @@ This chart requires the following in order to function: ## Licensing -This chart supports activating the product using a *license file*. +This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. +### License File -- We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. +We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -```{.bash} -kubectl create secret generic rstudio-pm-license --from-file=licenses/rstudio-pm.lic -``` +`kubectl create secret generic rstudio-pm-license --from-file=licenses/rstudio-pm.lic` Second, specify the following values: @@ -84,11 +78,17 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -```{.bash} ---set-file license.file.contents=licenses/rstudio-pm.lic -``` +`--set-file license.file.contents=licenses/rstudio-pm.lic` + +### License Key -## S3 configuration +Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. + +### License Server + +Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. + +## S3 Configuration Package Manager [can be configured to store its data in S3 buckets](https://docs.rstudio.com/rspm/admin/files-directories/#data-destinations), @@ -126,20 +126,20 @@ awsAccessKeyId: your-access-key-id awsSecretAccessKey: your-secret-access-key ``` -Consider that static, long-lived credentials are the least secure option and +Bear in mind that static, long-lived credentials are the least secure option and should be avoided if at all possible. -## General principles +## General Principles -In most places, we opt to pass Helm values over ConfigMaps. We translate these into the valid `.gcfg` file format -required by `rstudio-pm`. +- In most places, we opt to pass helm values over configmaps. We translate these into the valid `.gcfg` file format +required by rstudio-pm. -## Configuration file +## Configuration File -The configuration values all take the form of usual Helm values +The configuration values all take the form of usual helm values so you can set the database password with something like: -```{.bash} +``` ... --set config.Postgres.Password=mypassword ... ``` @@ -154,7 +154,7 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | awsAccessKeyId | bool | `false` | awsAccessKeyId is the access key id for s3 access, used also to gate file creation | | awsSecretAccessKey | string | `nil` | awsSecretAccessKey is the secret access key, needs to be filled if access_key_id is | | command | bool | `false` | command is the pod's run command. By default, it uses the container's default | -| config | object | `{"HTTP":{"Listen":":4242"},"Metrics":{"Enabled":true}}` | config is a nested map of maps that generates the `rstudio-pm`.gcfg file | +| config | object | `{"HTTP":{"Listen":":4242"},"Metrics":{"Enabled":true}}` | config is a nested map of maps that generates the rstudio-pm.gcfg file | | enableMigration | bool | `true` | Enable migrations for shared storage (if necessary) using Helm hooks. | | enableSandboxing | bool | `true` | Enable sandboxing of Git builds, which requires elevated security privileges for the Package Manager container. | | extraContainers | list | `[]` | sidecar container list | @@ -185,7 +185,7 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | pod.annotations | object | `{}` | annotations is a map of keys / values that will be added as annotations to the pods | | pod.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":999,"seccompProfile":{"type":"{{ if .Values.enableSandboxing }}Unconfined{{ else }}RuntimeDefault{{ end }}"}}` | the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the main Package Manager container. Evaluated as a template. | | pod.env | list | `[]` | env is an array of maps that is injected as-is into the "env:" component of the pod.container spec | -| pod.labels | object | `{}` | Additional labels to add to the `rstudio-pm` pods | +| pod.labels | object | `{}` | Additional labels to add to the rstudio-pm pods | | pod.lifecycle | object | `{}` | Container [lifecycle hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/) | | pod.securityContext | object | `{}` | the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the pod | | pod.serviceAccountName | string | `""` | Deprecated, use `serviceAccount.name` instead | @@ -196,9 +196,9 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | priorityClassName | string | `""` | The pod's priorityClassName | | readinessProbe | object | `{"enabled":true,"failureThreshold":3,"httpGet":{"path":"/__ping__","port":4242},"initialDelaySeconds":3,"periodSeconds":3,"successThreshold":1,"timeoutSeconds":1}` | readinessProbe is used to configure the container's readinessProbe | | replicas | int | `1` | replicas is the number of replica pods to maintain for this service | -| resources | object | `{"limits":{"cpu":"2000m","enabled":false,"ephemeralStorage":"200Mi","memory":"4Gi"},"requests":{"cpu":"100m","enabled":false,"ephemeralStorage":"100Mi","memory":"2Gi"}}` | resources define requests and limits for the `rstudio-pm` pod | -| rootCheckIsFatal | bool | `true` | Whether the check for root accounts in the config file is fatal. This is meant to simplify migration to the new Helm chart version. | -| rstudioPMKey | bool | `false` | rstudioPMKey is the `rstudio-pm` key used for the RStudio Package Manager service | +| resources | object | `{"limits":{"cpu":"2000m","enabled":false,"ephemeralStorage":"200Mi","memory":"4Gi"},"requests":{"cpu":"100m","enabled":false,"ephemeralStorage":"100Mi","memory":"2Gi"}}` | resources define requests and limits for the rstudio-pm pod | +| rootCheckIsFatal | bool | `true` | Whether the check for root accounts in the config file is fatal. This is meant to simplify migration to the new helm chart version. | +| rstudioPMKey | bool | `false` | rstudioPMKey is the rstudio-pm key used for the RStudio Package Manager service | | service.annotations | object | `{}` | Annotations for the service, for example to specify [an internal load balancer](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer) | | service.clusterIP | string | `""` | The cluster-internal IP to use with `service.type` ClusterIP | | service.loadBalancerIP | string | `""` | The external IP to use with `service.type` LoadBalancer, when supported by the cloud provider | @@ -227,7 +227,8 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | strategy | object | `{"rollingUpdate":{"maxSurge":"100%","maxUnavailable":0},"type":"RollingUpdate"}` | The update strategy used by the main service pod. | | tolerations | list | `[]` | An array used verbatim as the pod's "tolerations" definition | | topologySpreadConstraints | list | `[]` | An array used verbatim as the pod's "topologySpreadConstraints" definition | -| versionOverride | string | `""` | A Package Manager version to override the "tag" for the Posit Package Manager image. Necessary until https://github.com/helm/helm/issues/8194 | +| versionOverride | string | `""` | A Package Manager version to override the "tag" for the RStudio Package Manager image. Necessary until https://github.com/helm/helm/issues/8194 | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) + diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index a2053022..9cda63d7 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,31 +1,25 @@ ---- -title: Posit Workbench -code-overflow: wrap ---- +# Posit Workbench ![Version: 0.7.3](https://img.shields.io/badge/Version-0.7.3-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) -#### _Official Helm chart for Posit Workbench_ +#### _Official Helm chart for RStudio Workbench_ Data Scientists use [Posit Workbench](https://posit.co/products/enterprise/workbench/) to analyze data and create data products using R and Python. -## For production +## For Production -To ensure a stable production deployment: +To ensure a stable production deployment, please: -* "Pin" the version of the Helm chart that you are using. You can do this using the: - * `helm dependency` command *and* the associated "Chart.lock" files *or* - * the `--version` flag. - - ::: {.callout-important} - This protects you from breaking changes. - ::: +* Ensure you "pin" the version of the Helm chart that you are using. You can do + this using the `helm dependency` command and the associated "Chart.lock" files + or the `--version` flag. **IMPORTANT: This protects you from breaking changes** +* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check + for breaking changes +* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking + changes, as well as documentation below on how to use the chart -* Before upgrading check for breaking changes using `helm diff upgrade`. -* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. - -## Installing the chart +## Installing the Chart To install the chart with the release name `my-release` at version 0.7.3: @@ -35,63 +29,59 @@ helm upgrade --install my-release rstudio/rstudio-workbench --version=0.7.3 ``` To explore other chart versions, take a look at: - -```bash +``` helm search repo rstudio/rstudio-workbench -l ``` -## Required configuration +## Required Configuration -To function, this chart requires the following: +This chart requires the following in order to function: -* A license file. See the [Licensing](#licensing) section below for more details. +* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the home directory for users. - * If `homeStorage.create` is set, it creates a Persistent Volume Claim (PVC) that relies on the default storage class to generate the + * If `homeStorage.create` is set, a PVC that relies on the default storage class will be created to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use - with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend that you: - * Disable `homeStorage.create` and - create your own `PersistentVolume` and `PersistentVolumeClaim`, then - * Mount them into the container by specifying + with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend you disable `homeStorage.create` and + create your own `PersistentVolume` and `PersistentVolumeClaim`, then mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `homeStorage.name` and `homeStorage.mount`. - * If you cannot use a `PersistentVolume` to properly mount your users' home directories, mount your + * If you cannot use a `PersistentVolume` to properly mount your users' home directories, you'll need to mount your data in the container by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes/#nfs), specified in `pod.volumes` and `pod.volumeMounts`. - * If you cannot use a `Volume` to mount the directories, manually mount them during container startup + * If you cannot use a `Volume` to mount the directories, you'll need to manually mount them during container startup with a mechanism similar to what is described below for joining to auth domains. - * If not using `homeStorage.create`, configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions. -* If using load balancing (by setting `replicas > 1`), you need similar storage defined for `sharedStorage` to + * If not using `homeStorage.create`, you'll need to configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions. +* If using load balancing (by setting `replicas > 1`), you will need similar storage defined for `sharedStorage` to store shared project configuration. However, you can also configure the product to store its shared data underneath `/home` by setting `config.server.rserver\.conf.server-shared-storage-path=/home/some-shared-dir`. * A method to join the deployed `rstudio-workbench` container to your auth domain. The default `rstudio/rstudio-workbench` image has `sssd` installed and started by default. You can include `sssd` configuration in `config.userProvisioning` like so: - - ```yaml - config: - userProvisioning: - mysssd.conf: - sssd: - config_file_version: 2 - services: nss, pam - domains: rstudio.com - domain/rstudio.com: - id_provider: ldap - auth_provider: ldap - ``` +```yaml +config: + userProvisioning: + mysssd.conf: + sssd: + config_file_version: 2 + services: nss, pam + domains: rstudio.com + domain/rstudio.com: + id_provider: ldap + auth_provider: ldap +``` ## Licensing -This chart supports activating the product using a *license file*. +This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. + +### License File We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -```{.bash} -kubectl create secret generic rstudio-workbench-license --from-file=licenses/rstudio-workbench.lic -``` +`kubectl create secret generic rstudio-workbench-license --from-file=licenses/rstudio-workbench.lic` Second, specify the following values: @@ -104,32 +94,39 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -```{.bash} ---set-file license.file.contents=licenses/rstudio-workbench.lic -``` +`--set-file license.file.contents=licenses/rstudio-workbench.lic` -## General principles +### License Key + +Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. + +### License Server + +Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. + +## General Principles - In most places, we opt to pass Helm values directly into ConfigMaps. We automatically translate these into the - valid `.ini` or `.dcf` file formats required by Workbench. - - Those configuration files and their mount locations are covered in the [Configuration files](#configuration-files) section below. -- If you need to modify the jobs launched by Workbench, use `job-json-overrides`. - - Review the [Job Json overrides](#job-json-overrides) section on this below. For general information, see [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes). -- The prestart scripts for Workbench and Posit Job Launcher are highly customized to get the service account information off of the Workbench pod for use in launching jobs. -- Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter. - - This is described in the - [Monitoring Posit Team Using Prometheus and Graphite](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) support article. + valid `.ini` or `.dcf` file formats required by RStudio Workbench. Those config files and their mount locations are + below. +- If you need to modify the jobs launched by RStudio Workbench, you want to use `job-json-overrides`. There is a section on this below + and [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) + on the topic in general. +- The prestart scripts for RStudio Workbench and RStudio Launcher are highly customized to: + - Get the service account information off of the RStudio Workbench pod for use in launching jobs +- RStudio Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter + [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) ## Configuration files -These configuration values all take the form of usual Helm values -so you can set the database password with similar to: +These configuration values all take the form of usual helm values +so you can set the database password with something like: -```{.bash} +``` ... --set config.secret.database\.conf.password=mypassword ... ``` -The files are converted into configuration files, in the required format, via go-templating. If you want to "in-line" a configuration file or mount it verbatim, you can use a pattern like: +The files are converted into configuration files in the necessary format via go-templating. If you want to "in-line" a config file or mount it verbatim, you can use a pattern like: ```yaml config: @@ -139,135 +136,130 @@ config: ``` The names of files are dynamically used, so you can add new files as needed. Beware that some files have default values, -so moving them can have adverse effects. Also, if you use a different mounting paradigm, you need to change -the `XDG_CONFIG_DIRS` environment variable. +so moving them can have adverse effects. Also, if you use a different mounting paradigm, you will need to change +the `XDG_CONFIG_DIRS` environment variable - Session Configuration - These configuration files are mounted into the server and - are mounted into the session pods. + are mounted into the session pods as well. - `repos.conf`, `rsession.conf`, `notifications.conf` - - Located in:
    `config.session.<< name of file >>` Helm values - - Mounted at:
    `/mnt/session-configmap/rstudio/` -- Session Secret Configuration: - - These configuration files are mounted into the server and session pods. - - `odbc.ini` and other similar shared secrets. - - Located in:
    `config.sessionSecret.<< name of file>>` Helm values - - Mounted at:
    `/mnt/session-secret/` -- Secret Configuration: - - These configuration files are mounted into the server with more restrictive permissions (0600). + - located in the `config.session.<< name of file >>` helm values + - mounted at `/mnt/session-configmap/rstudio/` +- Session Secret Configuration + - These configuration files are mounted into the server and session pods as well + - `odbc.ini` and other similar shared secrets + - located in `config.sessionSecret.<< name of file>>` helm values + - mounted at `/mnt/session-secret/` +- Secret Configuration + - These configuration files are mounted into the server with more restrictive permissions (0600) - `database.conf`, `openid-client-secret`, `databricks.conf` - - Located in:
    `config.secret.<< name of file >>` Helm values - - Mounted at:
    `/mnt/secret-configmap/rstudio/` -- Server Configuration: - - These configuration files are mounted into the server (.ini file format). + - They are located in the `config.secret.<< name of file >>` helm values + - mounted at `/mnt/secret-configmap/rstudio/` +- Server Configuration + - These configuration files are mounted into the server (.ini file format) - `rserver.conf`, `launcher.conf`, `jupyter.conf`, `logging.conf` - - Located at:
    `config.server.<< name of file >>` Helm values - - Mounted at:
    `/mnt/configmap/rstudio/` -- Server DCF Configuration: - - These configuration files are mounted into the server (.dcf file format). + - They are located at `config.server.<< name of file >>` helm values + - mounted at `/mnt/configmap/rstudio/` +- Server DCF Configuration + - These configuration files are mounted into the server (.dcf file format) - `launcher-mounts`, `launcher-env` - - Located at:
    `config.serverDcf.<< name of file >>` Helm values - - Included at:
    `/mnt/configmap/rstudio/` -- Profiles Configuration: - - These configuration files are mounted into the server (.ini file format). + - They are located at `config.serverDcf.<< name of file >>` helm values + - included at `/mnt/configmap/rstudio/` +- Profiles Configuration + - These configuration files are mounted into the server (.ini file format) - `launcher.kubernetes.profiles.conf` - - They are located at `config.profiles.<< name of file >>` Helm values - - Included at:
    `/mnt/configmap/rstudio/` - - See the [Profiles](#rstudio-profiles) section below for more information. -- Prestart: - - This is provided by the Helm chart in a configmap. - - It is mounted into the pod at `/scripts/`. - - `prestart-workbench.bash` is used to start workbench. - - `prestart-launcher.bash` is used to start launcher. -- User Provisioning Configuration: - - These configuration files are used for configuring user provisioning (i.e., `sssd`). - - Located at:
    `config.userProvisioning.<< name of file >>` Helm values - - Mounted onto:
    `/etc/sssd/conf.d/` with `0600` permissions by default. -- Custom Startup Configuration: - - `supervisord` service / unit definition `.conf` files. - - Use the `.ini` file format by default. - - Mounted at:
    `/startup/custom` - - As with all configuration files above, you can override with a verbatim string if desired: - - Located at:
    `config.startupCustom.<< name of file >>` Helm values: - ```yaml - config: - startupCustom: - myfile.conf: | - file-used-verbatim - ``` -- PAM configuration: - - `pam` configuration files. - - Located at:
    `config.pam.<< name of file >>` Helm values - - Mounted verbatim as individual files (using `subPath` mounts) at:
    `/etc/pam.d/<< name of file >>` - -### Configuring Python and R repositories - -#### Python repositories - -pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mounted into the session pods, it is important that: - -- `launcher.useTemplates: true` is set -- `pip.conf` settings are listed under `config.session` as shown in the following example for adding Posit Public Package Manager's PyPI: - - ```yaml - launcher: - useTemplates: true + - They are located at `config.profiles.<< name of file >>` helm values + - included at `/mnt/configmap/rstudio/` + - See the `Profiles` section below for more information +- Prestart + - This is provided by the helm chart in a configmap + - It is mounted into the pod at `/scripts/` + - `prestart-workbench.bash` is used to start workbench + - `prestart-launcher.bash` is used to start launcher +- User Provisioning Configuration + - These configuration files are used for configuring user provisioning (i.e. `sssd`) + - Located at `config.userProvisioning.<< name of file >>` helm values + - Mounted onto `/etc/sssd/conf.d/` with `0600` permissions by default +- Custom Startup Configuration + - `supervisord` service / unit definition `.conf` files + - Located at `config.startupCustom.<< name of file >>` helm values + - Will use the `.ini` file format, by default + - Mounted at `/startup/custom` + - As with all config files above, can override with a verbatim string if desired, like so: +```yaml +config: + startupCustom: + myfile.conf: | + file-used-verbatim +``` +- PAM configuration + - `pam` configuration files + - Located at `config.pam.<< name of file >>` helm values + - Will be mounted verbatim as individual files (using `subPath` mounts) at `/etc/pam.d/<< name of file >>` - config: - session: - pip.conf: - "global": - index-url: https://packagemanager.posit.co/pypi/latest/simple - trusted-host: packagemanager.posit.co - ``` +### Configuring R and Python repositories #### R repositories -R package repositories can be configured with `config.session.repos.conf`: +R package repositories can be configured with `config.session.repos.conf`. -```yaml +``` config: session: repos.conf: CRAN: https://packagemanager.posit.co/cran/__linux__/jammy/latest ``` -For more information about configuring CRAN repositories in Workbench, see the [Posit Workbench Administrator Guide's - Package Installation > CRAN repositories](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories) section. +For more information about configuring CRAN repositories in Workbench refer to the [Admin Guide](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories). + +#### Python repositories + +pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mounted into the session pods it is important that `launcher.useTemplates: true` is set and `pip.conf` settings are listed under `config.session` like in the example below for adding Posit Public Package Manager's PyPI. + +``` +launcher: + useTemplates: true + +config: + session: + pip.conf: + "global": + index-url: https://packagemanager.posit.co/pypi/latest/simple + trusted-host: packagemanager.posit.co +``` -## User provisioning +## User Provisioning -Provisioning users in Workbench containers is challenging. Session images create users automatically (with -consistent UIDs / GIDs). However, creating users in the Workbench containers is a responsibility that falls to the -administrator. +Provisioning users in RStudio Workbench containers is challenging. Session images have users created automatically (with +consistent UIDs / GIDs), but creating users in the Workbench containers is a responsibility that falls to the +administrator today. The most common way to provision users is via `sssd`. -The [latest Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) +The [latest RStudio Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) has `sssd` included and running by default (see `userProvisioning` configuration files above). -The other way that this can be managed is via a lightweight startup service (runs once at startup and then sleeps forever) +The other way that this can be managed is via a lightweight "startup service" (runs once at startup and then sleeps forever) or a polling service (checks at regular intervals). Either can be written easily in `bash` or another programming language. +However, it is important to be careful of a few points: -However, it is important to use caution for the following: - -- UID / GID consistency: - - Linux usernames and their matching to UID/GID must be consistent across all nodes and across time. - - Failing can cause security issues and access by some users to access view they should not be allowed to see. -- Usernames cannot have `@`. - - The `@` sign (often used in emails with SSO) is a problem for Workbench because some operating systems disallow `@` signs in linux usernames. -- `supervisord` is configured by default to exit if any of its child processes exit. - - If you use `config.startupCustom` to configure a user management service, be careful that it does not exit unnecessarily. +- UID / GID consistency: linux usernames and their matching to UID/GID must be consistent across all nodes and across + time. Failing this can cause security issues and access by some users to files they should not be allowed to see +- usernames cannot have `@`. The `@` sign (often used in emails with SSO) is a problem for RStudio Workbench because + some operating systems disallow `@` signs in linux usernames +- `supervisord` is configured by default to exit if any of its child processes exit. If you use `config.startupCustom` + to configure a user management service, be careful that it does not exit unnecessarily -We do not provide such a service out-of-the box because we intend for Workbench to solve this problem in a -future release. Please contact your account representative if you have feedback or questions about this +We do not provide such a service out of the box because we intend for RStudio Workbench to solve this problem in a +future release. Please get in touch with your account representative if you have feedback or questions about this workflow. ### PAM -When starting sessions on Workbench, PAM configuration is often very important, even if PAM is not being used as -an authentication mechanism. The Workbench Helm chart allows creating custom PAM files via the `config.pam` +When starting sessions on RStudio Workbench, PAM configuration is often very important, even if PAM is not being used as +an authentication mechanism. The RStudio Workbench helm chart allows creating custom PAM files via the `config.pam` values section. -Each key under `config.pam` becomes a PAM configuration file, and is mounted into `/etc/pam.d/` in the container. For +Each key under `config.pam` will become a PAM config file, and will be mounted into `/etc/pam.d/` in the container. For example: ```yaml @@ -287,17 +279,17 @@ Profiles are used to define product behavior (in `.ini` file format) based on us Sections define whether a set of configurations is applied to a user's jobs based on the following criteria: -- If section header is `[*]`, it applies to all users. -- If a user's username is `myusername`, the section `[myusername]` applies to them. -- If a user is in the `allusers` group, then the section `[@allusers]` applies to them +- if section header is `[*]`, it applies to all users +- if a user's username is `myusername`, the section `[myusername]` will apply to them +- if a user is in the `allusers` group, then the section `[@allusers]` will apply to them The product reads configuration from top to bottom and "last-in-wins" for a given configuration value. ### `/etc/rstudio/profiles` -The `/etc/rstudio/profiles` file enables you to tailor the behavior of sessions on a per-user or per-group basis. See the [Posit Workbench Administrator Guide - User and Group Profiles](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.html) page for more information. +The `/etc/rstudio/profiles` file enables you to tailor the behavior of sessions on a per-user or per-group basis. See the Workbench Admin Guide [User and Group Profiles](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.html) page for more details. -In the `values.yaml`, define the content of `/etc/rstudio/profiles` in `config.server.profiles`. For example: +In the `values.yaml`, the content of `/etc/rstudio/profiles` should be defined in `config.server.profiles`. For example: ```yaml config: @@ -320,17 +312,17 @@ session-timeout-minutes=60 ### `/etc/rstudio/launcher.kubernetes.profiles.conf` -The `/etc/rstudio/launcher.kubernetes.profiles.conf` contains the configuration of resource limits by user and group when using the Kubernetes Launcher Plugin. In the `values.yaml`, define the content of `/etc/rstudio/launcher.kubernetes.profiles.conf ` in the `config.profiles.launcher.kubernetes.profiles.conf` file. The `config.profiles` section has a couple of niceties that are added in by default. +The `/etc/rstudio/launcher.kubernetes.profiles.conf` contains the configuration of resource limits by user and group when using the Kubernetes Launcher Plugin. In the `values.yaml`, the content of `/etc/rstudio/launcher.kubernetes.profiles.conf ` should be defined in `config.profiles.launcher.kubernetes.profiles.conf`. The `config.profiles` section has a couple of niceties that are added in by default. -- YAML arrays like the following becomes "comma-joined." For instance, the following becomes: `some-key=value1,value2` +- YAML arrays like the following will be "comma-joined." For instance, the following will become: `some-key=value1,value2` - ```yaml - some-key: - - value1 - - value2 - ``` +```yaml +some-key: + - value1 + - value2 +``` -- The `[*]` section has arrays "appended" to user and group sections, along with "defaults" defined by the chart. +- The `[*]` section will have arrays "appended" to user and group sections, along with "defaults" defined by the chart. For example: @@ -347,7 +339,6 @@ config: - value4 - value5 ``` - Becomes: _/etc/rstudio/launcher.kubernetes.profiles.conf_ @@ -359,24 +350,23 @@ some-key: value1,value2 some-key: value1,value2,value3,value4 ``` -:::{.callout-note} -This appending/concatenation/array translation behavior only works with the helm chart. -::: +> NOTE: this appending/concatenation/array translation behavior only works with the helm chart -### Job Json overrides +### Job Json Overrides -If you want to customize the job launch process (i.e., how sessions are defined), edit the following configuration: +If you want to customize the job launch process (i.e. how sessions are defined), you will need to edit the following +configuration: + - modify `config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` + - create an array of maps with the following keys: + - `target`: the "target" part of the job spec to replace + - `name`: a unique identifier (ideally with no spaces) that will become a config filename on disk + - `json`: a YAML value that will be translated directly to JSON and injected into the job spec at `target` -- Modify: - ```yaml - config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` - ``` -- Create an array of maps with the following keys: - - `target`: The "target" part of the job spec to replace. - - `name`: A unique identifier (ideally with no spaces) becomes a configuration filename on disk. - - `json`: A YAML value that is translated directly to JSON and injected into the job spec at `target`. +Note that several examples are provided +in [this support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) +(however, examples do not use the helm chart syntax there). -Explore the docs in the [Helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md) for additional information. +Alternatively, you can explore the docs in the [helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md) ```yaml config: @@ -396,11 +386,10 @@ config: - "two-image:tag ``` -## Sealed secrets +## Sealed Secrets +This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. -This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via Helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. - -To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted (the chart does not support mixing encrypted values with unencrypted values): +To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted. The chart does not support mixing encrypted values with unencrypted values. - `config.secret` - `config.sessionSecret` @@ -408,7 +397,7 @@ To activate the use of `SealedSecret` templates instead of `Secret` templates in - `launcherPem` - `secureCookieKey` (or `global.secureCookieKey`) -Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key, which can be generated via an RSA tool such as Helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID, which can be generated via a UUID generator such as Helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. +Use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key which can be generated via an RSA tool such as helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID which can be generated via a UUID generator such as helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. ## Values @@ -557,3 +546,4 @@ Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) + From fbd17da6e6e1ad1d80ab0cdb512d77bcd97fa564 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Tue, 14 May 2024 09:04:33 -0400 Subject: [PATCH 021/284] ppm examples --- examples/package-manager/container-images/custom-images.qmd | 2 +- examples/package-manager/container-images/private-images.qmd | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/package-manager/container-images/custom-images.qmd b/examples/package-manager/container-images/custom-images.qmd index ef765035..b8fbb38d 100644 --- a/examples/package-manager/container-images/custom-images.qmd +++ b/examples/package-manager/container-images/custom-images.qmd @@ -1,5 +1,5 @@ --- -category: "Container Images" +category: "Container images" --- # Configuring Posit Package Manager with Custom Container Images diff --git a/examples/package-manager/container-images/private-images.qmd b/examples/package-manager/container-images/private-images.qmd index 5f9dd663..112614eb 100644 --- a/examples/package-manager/container-images/private-images.qmd +++ b/examples/package-manager/container-images/private-images.qmd @@ -1,5 +1,5 @@ --- -category: "Container Images" +category: "Container images" --- # Configuring Posit Package Manager to Access Image Registries Requiring Authentication From 2ba00b07a0e52f1ee5c5ecdbd4f9565891b3d798 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Tue, 14 May 2024 09:12:29 -0400 Subject: [PATCH 022/284] standardizing the before you begin --- charts/rstudio-pm/README.md | 2 +- charts/rstudio-workbench/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 912d5039..c50854a6 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -19,7 +19,7 @@ To ensure a stable production deployment: This protects you from breaking changes. ::: -* Before upgrading check for breaking changes using `helm diff upgrade`. +* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. * Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. ## Installing the chart diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index a2053022..d533e169 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -22,7 +22,7 @@ To ensure a stable production deployment: This protects you from breaking changes. ::: -* Before upgrading check for breaking changes using `helm diff upgrade`. +* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. * Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. ## Installing the chart From 40dc2cc1f3b48a9460abfe6deebeff920bd357c9 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Tue, 14 May 2024 10:07:20 -0400 Subject: [PATCH 023/284] Chronicle edits --- charts/posit-chronicle/README.md | 58 +++++++++++++++++--------------- 1 file changed, 30 insertions(+), 28 deletions(-) diff --git a/charts/posit-chronicle/README.md b/charts/posit-chronicle/README.md index fd9522a1..308f3f3d 100644 --- a/charts/posit-chronicle/README.md +++ b/charts/posit-chronicle/README.md @@ -8,40 +8,43 @@ Chronicle helps data science managers and other stakeholders understand their organization's use of other Posit products, primarily Posit Connect and Workbench. -## For Production +## For production -To ensure a stable production deployment, please: +To ensure a stable production deployment: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check - for breaking changes -* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +* "Pin" the version of the Helm chart that you are using. You can do this using the: + * `helm dependency` command *and* the associated "Chart.lock" files *or* + * the `--version` flag. + + ::: {.callout-important} + This protects you from breaking changes. + ::: -## Installing the Chart +* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. + +## Installing the chart To install the chart with the release name `my-release` at version 0.3.0: -```bash +```{.bash} helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/posit-chronicle --version=0.3.0 ``` To explore other chart versions, take a look at: -``` + +```{.bash} helm search repo rstudio/posit-chronicle -l ``` ## Usage This chart deploys only the Chronicle server and is meant to be used in tandem -with the Workbench and Connect charts. To actually send data to the server, you -will need to run the Chronicle agent as a sidecar container on your -Workbench or Connect server pods by setting `pod.sidecar` in their respective `values.yaml` files +with the Workbench and Connect charts. To send data to the server, run the Chronicle agent as a sidecar container on your +Workbench or Connect server pods by setting `pod.sidecar` in their respective `values.yaml` files. -Here is an example of Helm values to run the agent sidecar in **Workbench**, +Here is an example of Helm values to run the agent sidecar in *Workbench*, where we set up a shared volume between containers for audit logs: ```yaml @@ -65,7 +68,7 @@ pod: value: "http://chronicle-server.default" ``` -And here is an example of Helm values for Connect, where a **Connect** +Here is an example of Helm values for *Connect*, where a Connect API key from a Kubernetes Secret is used to unlock more detailed metrics: ```yaml @@ -83,7 +86,7 @@ pod: key: apikey ``` -Note that it is up to the user to provision this Kubernetes Secret for the +It is up to the user to provision this Kubernetes Secret for the Connect API key. ## Storage Configuration @@ -102,8 +105,7 @@ config: ``` `retentionPeriod` controls how long usage data are kept. For example, `"120m"` -for 120 minutes, `"36h"` for 36 hours, `14d` for two weeks, or `"0"` for unbounded retention. -(Units smaller than seconds or larger than days are not supported.) +for 120 minutes, `"36h"` for 36 hours, `14d` for two weeks, or `"0"` for unbounded retention (units smaller than seconds or larger than days are not supported). You can also persist data to AWS S3 instead of (or in addition to) local storage: @@ -116,7 +118,7 @@ config: Region: "us-east-2" ``` -### Using Iam for S3 +### Using IAM for S3 If you are running on EKS, you can use [IAM Roles for Service Accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) @@ -131,9 +133,9 @@ serviceaccount: eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here ``` -If you are unable to use IAM Roles for Service Accounts, there are any number of +If you are unable to use IAM Roles for Service Accounts, there are many alternatives for injecting AWS credentials into a container. As a fallback, -the S3 storage config allows specifying a profile: +the S3 storage `config` allows specifying a profile: ```yaml config: @@ -144,14 +146,14 @@ config: Region: "us-east-2" ``` -### Needed S3 Policy Permissions +### Needed S3 policy permissions The credentials Chronicle uses for S3 storage must have the following permissions enabled: -- `s3:GetObject` -- `s3:ListBucket` -- `s3:PutObject` -- `s3:DeleteObject` +* `s3:GetObject` +* `s3:ListBucket` +* `s3:PutObject` +* `s3:DeleteObject` ## Values From 1def75f9130f6479efa34132abdd6a887544c52d Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Tue, 14 May 2024 10:07:34 -0400 Subject: [PATCH 024/284] PPM edits --- charts/rstudio-pm/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index c50854a6..dd63295e 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -14,7 +14,7 @@ To ensure a stable production deployment: * "Pin" the version of the Helm chart that you are using. You can do this using the: * `helm dependency` command *and* the associated "Chart.lock" files *or* * the `--version` flag. - + ::: {.callout-important} This protects you from breaking changes. ::: From ababf15d224fdd3ba93045e9d14128f1f91a2668 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Tue, 14 May 2024 10:42:19 -0400 Subject: [PATCH 025/284] trying to "fix" everything --- charts/_templates.gotmpl | 72 ++--- charts/posit-chronicle/README.md | 8 +- charts/rstudio-connect/README.md | 5 +- charts/rstudio-pm/README.md | 5 +- charts/rstudio-workbench/README.md.gotmpl | 317 +++++++++++----------- 5 files changed, 214 insertions(+), 193 deletions(-) diff --git a/charts/_templates.gotmpl b/charts/_templates.gotmpl index bce09a9a..dce4b93c 100644 --- a/charts/_templates.gotmpl +++ b/charts/_templates.gotmpl @@ -40,49 +40,59 @@ Workbench. {{- define "rstudio.disclaimer" }} -## For Production +## For production -To ensure a stable production deployment, please: +To ensure a stable production deployment: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check - for breaking changes -* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +## For production +To ensure a stable production deployment: + +* "Pin" the version of the Helm chart that you are using. You can do this using the: + * `helm dependency` command *and* the associated "Chart.lock" files *or* + * the `--version` flag. + + ::: {.callout-important} + This protects you from breaking changes. + ::: + +* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. {{- end }} {{- define "rstudio.best-practices" }} -## Best Practices +## Best practices Helm charts are very useful tools for deploying resources into Kubernetes, however, they do require some familiarity with kubernetes and `helm` itself. Please ensure you have adequate training and IT support before deploying these charts into production environments. Reach out to your account representative -if you need help deciding whether helm is a good choice for your deployment. +if you need help deciding whether Helm is a good choice for your deployment. To ensure reproducibility in your environment and insulate yourself from future changes, please: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use the `helm-diff` plugin and `helm diff upgrade` to check - for breaking changes -* Read [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +* "Pin" the version of the Helm chart that you are using. You can do + this using the: + * `helm dependency` command and the associated "Chart.lock" files _or_ + * the `--version` flag. + + :::{.callout-important} + This protects you from breaking changes** + ::: + +* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. {{- end }} {{- define "rstudio.install" }} {{- $isDev := (regexMatch "[0-9]+\\.[0-9]+\\.[0-9]+-[a-zA-Z\\.0-9]+" .Version) }} -## Installing the Chart +## Installing the chart To install the chart with the release name `my-release` at version {{ template "chart.version" . }}: -```bash +```{.bash} helm repo add rstudio https://helm.rstudio.com {{- if not $isDev }} helm upgrade --install my-release rstudio/{{ template "chart.name" . }} --version={{ template "chart.version" . }} @@ -95,7 +105,7 @@ helm upgrade --install --devel my-release rstudio/{{ template "chart.name" . }} {{- end }} ``` -To explore other chart versions, take a look at: +To explore other chart versions, look at: ``` helm search repo {{ if $isDev }}--devel {{ end }}rstudio/{{ template "chart.name" . }} -l ``` @@ -106,15 +116,15 @@ helm search repo {{ if $isDev }}--devel {{ end }}rstudio/{{ template "chart.name ## Licensing -This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. - -### License File +This chart supports activating the product using a *license file*. We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -`kubectl create secret generic {{ .Name }}-license --from-file=licenses/{{ .Name }}.lic` +```{.bash} +kubectl create secret generic {{ .Name }}-license --from-file=licenses/{{ .Name }}.lic +``` Second, specify the following values: @@ -127,15 +137,9 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -`--set-file license.file.contents=licenses/{{ .Name }}.lic` - -### License Key - -Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. - -### License Server - -Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. +```{.bash} +--set-file license.file.contents=licenses/{{ .Name }}.lic +``` {{- end }} diff --git a/charts/posit-chronicle/README.md b/charts/posit-chronicle/README.md index 308f3f3d..98feb64e 100644 --- a/charts/posit-chronicle/README.md +++ b/charts/posit-chronicle/README.md @@ -1,4 +1,7 @@ -# Posit Chronicle +--- +title: Posit Chronicle +code-overflow: wrap +--- ![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![AppVersion: 2024.03.0](https://img.shields.io/badge/AppVersion-2024.03.0-informational?style=flat-square) @@ -89,7 +92,7 @@ pod: It is up to the user to provision this Kubernetes Secret for the Connect API key. -## Storage Configuration +## Storage configuration Chronicle can be configured to persist data to a local Kubernetes Volume, AWS S3, or both. @@ -202,4 +205,3 @@ The credentials Chronicle uses for S3 storage must have the following permission ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) - diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index a06044aa..5c6812fb 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,4 +1,7 @@ -# Posit Connect +--- +title: Posit Connect +code-overflow: wrap +--- ![Version: 0.6.6](https://img.shields.io/badge/Version-0.6.6-informational?style=flat-square) ![AppVersion: 2024.04.1](https://img.shields.io/badge/AppVersion-2024.04.1-informational?style=flat-square) diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index dd63295e..d892ff66 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,4 +1,7 @@ -# Posit Package Manager +--- +title: Posit Package Manager +code-overflow: wrap +--- ![Version: 0.5.25](https://img.shields.io/badge/Version-0.5.25-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) diff --git a/charts/rstudio-workbench/README.md.gotmpl b/charts/rstudio-workbench/README.md.gotmpl index b6398432..de45d2d0 100644 --- a/charts/rstudio-workbench/README.md.gotmpl +++ b/charts/rstudio-workbench/README.md.gotmpl @@ -8,62 +8,65 @@ {{ template "rstudio.install" . }} -## Required Configuration +## Required configuration -This chart requires the following in order to function: +To function, this chart requires the following: -* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. +* A license file. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the home directory for users. - * If `homeStorage.create` is set, a PVC that relies on the default storage class will be created to generate the + * If `homeStorage.create` is set, it creates a Persistent Volume Claim (PVC) that relies on the default storage class to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use - with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend you disable `homeStorage.create` and - create your own `PersistentVolume` and `PersistentVolumeClaim`, then mount them into the container by specifying + with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend that you: + * Disable `homeStorage.create` and + create your own `PersistentVolume` and `PersistentVolumeClaim`, then + * Mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `homeStorage.name` and `homeStorage.mount`. - * If you cannot use a `PersistentVolume` to properly mount your users' home directories, you'll need to mount your + * If you cannot use a `PersistentVolume` to properly mount your users' home directories, mount your data in the container by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes/#nfs), specified in `pod.volumes` and `pod.volumeMounts`. - * If you cannot use a `Volume` to mount the directories, you'll need to manually mount them during container startup + * If you cannot use a `Volume` to mount the directories, manually mount them during container startup with a mechanism similar to what is described below for joining to auth domains. - * If not using `homeStorage.create`, you'll need to configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions. -* If using load balancing (by setting `replicas > 1`), you will need similar storage defined for `sharedStorage` to + * If not using `homeStorage.create`, configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions. +* If using load balancing (by setting `replicas > 1`), you need similar storage defined for `sharedStorage` to store shared project configuration. However, you can also configure the product to store its shared data underneath `/home` by setting `config.server.rserver\.conf.server-shared-storage-path=/home/some-shared-dir`. * A method to join the deployed `rstudio-workbench` container to your auth domain. The default `rstudio/rstudio-workbench` image has `sssd` installed and started by default. You can include `sssd` configuration in `config.userProvisioning` like so: -```yaml -config: - userProvisioning: - mysssd.conf: - sssd: - config_file_version: 2 - services: nss, pam - domains: rstudio.com - domain/rstudio.com: - id_provider: ldap - auth_provider: ldap -``` + ```yaml + config: + userProvisioning: + mysssd.conf: + sssd: + config_file_version: 2 + services: nss, pam + domains: rstudio.com + domain/rstudio.com: + id_provider: ldap + auth_provider: ldap + ``` {{ template "rstudio.licensing" . }} -## General Principles +## General principles + +## General principles - In most places, we opt to pass Helm values directly into ConfigMaps. We automatically translate these into the - valid `.ini` or `.dcf` file formats required by RStudio Workbench. Those config files and their mount locations are - below. -- If you need to modify the jobs launched by RStudio Workbench, you want to use `job-json-overrides`. There is a section on this below - and [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) - on the topic in general. -- The prestart scripts for RStudio Workbench and RStudio Launcher are highly customized to: - - Get the service account information off of the RStudio Workbench pod for use in launching jobs -- RStudio Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter - [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) + valid `.ini` or `.dcf` file formats required by Workbench. + - Those configuration files and their mount locations are covered in the [Configuration files](#configuration-files) section below. +- If you need to modify the jobs launched by Workbench, use `job-json-overrides`. + - Review the [Job Json overrides](#job-json-overrides) section on this below. For general information, see [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes). +- The prestart scripts for Workbench and Posit Job Launcher are highly customized to get the service account information off of the Workbench pod for use in launching jobs. +- Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter. + - This is described in the + [Monitoring Posit Team Using Prometheus and Graphite](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) support article. ## Configuration files -These configuration values all take the form of usual helm values +These configuration values all take the form of usual Helm values so you can set the database password with something like: ``` @@ -80,130 +83,133 @@ config: ``` The names of files are dynamically used, so you can add new files as needed. Beware that some files have default values, -so moving them can have adverse effects. Also, if you use a different mounting paradigm, you will need to change -the `XDG_CONFIG_DIRS` environment variable +so moving them can have adverse effects. Also, if you use a different mounting paradigm, you need to change +the `XDG_CONFIG_DIRS` environment variable. - Session Configuration - These configuration files are mounted into the server and - are mounted into the session pods as well. + are mounted into the session pods. - `repos.conf`, `rsession.conf`, `notifications.conf` - - located in the `config.session.<< name of file >>` helm values - - mounted at `/mnt/session-configmap/rstudio/` -- Session Secret Configuration - - These configuration files are mounted into the server and session pods as well - - `odbc.ini` and other similar shared secrets - - located in `config.sessionSecret.<< name of file>>` helm values - - mounted at `/mnt/session-secret/` -- Secret Configuration - - These configuration files are mounted into the server with more restrictive permissions (0600) + - Located in:
    `config.session.<< name of file >>` Helm values + - Mounted at:
    `/mnt/session-configmap/rstudio/` +- Session Secret Configuration: + - These configuration files are mounted into the server and session pods. + - `odbc.ini` and other similar shared secrets. + - Located in:
    `config.sessionSecret.<< name of file>>` Helm values + - Mounted at:
    `/mnt/session-secret/` +- Secret Configuration: + - These configuration files are mounted into the server with more restrictive permissions (0600). - `database.conf`, `openid-client-secret`, `databricks.conf` - - They are located in the `config.secret.<< name of file >>` helm values - - mounted at `/mnt/secret-configmap/rstudio/` -- Server Configuration - - These configuration files are mounted into the server (.ini file format) + - Located in:
    `config.secret.<< name of file >>` Helm values + - Mounted at:
    `/mnt/secret-configmap/rstudio/` +- Server Configuration: + - These configuration files are mounted into the server (.ini file format). - `rserver.conf`, `launcher.conf`, `jupyter.conf`, `logging.conf` - - They are located at `config.server.<< name of file >>` helm values - - mounted at `/mnt/configmap/rstudio/` -- Server DCF Configuration - - These configuration files are mounted into the server (.dcf file format) + - Located at:
    `config.server.<< name of file >>` Helm values + - Mounted at:
    `/mnt/configmap/rstudio/` +- Server DCF Configuration: + - These configuration files are mounted into the server (.dcf file format). - `launcher-mounts`, `launcher-env` - - They are located at `config.serverDcf.<< name of file >>` helm values - - included at `/mnt/configmap/rstudio/` -- Profiles Configuration - - These configuration files are mounted into the server (.ini file format) + - Located at:
    `config.serverDcf.<< name of file >>` Helm values + - Included at:
    `/mnt/configmap/rstudio/` +- Profiles Configuration: + - These configuration files are mounted into the server (.ini file format). - `launcher.kubernetes.profiles.conf` - - They are located at `config.profiles.<< name of file >>` helm values - - included at `/mnt/configmap/rstudio/` - - See the `Profiles` section below for more information -- Prestart - - This is provided by the helm chart in a configmap - - It is mounted into the pod at `/scripts/` - - `prestart-workbench.bash` is used to start workbench - - `prestart-launcher.bash` is used to start launcher -- User Provisioning Configuration - - These configuration files are used for configuring user provisioning (i.e. `sssd`) - - Located at `config.userProvisioning.<< name of file >>` helm values - - Mounted onto `/etc/sssd/conf.d/` with `0600` permissions by default -- Custom Startup Configuration - - `supervisord` service / unit definition `.conf` files - - Located at `config.startupCustom.<< name of file >>` helm values - - Will use the `.ini` file format, by default - - Mounted at `/startup/custom` - - As with all config files above, can override with a verbatim string if desired, like so: -```yaml -config: - startupCustom: - myfile.conf: | - file-used-verbatim -``` -- PAM configuration - - `pam` configuration files - - Located at `config.pam.<< name of file >>` helm values - - Will be mounted verbatim as individual files (using `subPath` mounts) at `/etc/pam.d/<< name of file >>` + - They are located at `config.profiles.<< name of file >>` Helm values + - Included at:
    `/mnt/configmap/rstudio/` + - See the [Profiles](#rstudio-profiles) section below for more information. +- Prestart: + - This is provided by the Helm chart in a configmap. + - It is mounted into the pod at `/scripts/`. + - `prestart-workbench.bash` is used to start workbench. + - `prestart-launcher.bash` is used to start launcher. +- User Provisioning Configuration: + - These configuration files are used for configuring user provisioning (i.e., `sssd`). + - Located at:
    `config.userProvisioning.<< name of file >>` Helm values + - Mounted onto:
    `/etc/sssd/conf.d/` with `0600` permissions by default. +- Custom Startup Configuration: + - `supervisord` service / unit definition `.conf` files. + - Use the `.ini` file format by default. + - Mounted at:
    `/startup/custom` + - As with all configuration files above, you can override with a verbatim string if desired: + - Located at:
    `config.startupCustom.<< name of file >>` Helm values: + ```yaml + config: + startupCustom: + myfile.conf: | + file-used-verbatim + ``` +- PAM configuration: + - `pam` configuration files. + - Located at:
    `config.pam.<< name of file >>` Helm values + - Mounted verbatim as individual files (using `subPath` mounts) at:
    `/etc/pam.d/<< name of file >>` -### Configuring R and Python repositories - -#### R repositories +#### Python repositories -R package repositories can be configured with `config.session.repos.conf`. +pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mounted into the session pods, it is important that: -``` -config: - session: - repos.conf: - CRAN: https://packagemanager.posit.co/cran/__linux__/jammy/latest -``` +- `launcher.useTemplates: true` is set +- `pip.conf` settings are listed under `config.session` as shown in the following example for adding Posit Public Package Manager's PyPI: -For more information about configuring CRAN repositories in Workbench refer to the [Admin Guide](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories). + ```yaml + launcher: + useTemplates: true -#### Python repositories + config: + session: + pip.conf: + "global": + index-url: https://packagemanager.posit.co/pypi/latest/simple + trusted-host: packagemanager.posit.co + ``` -pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mounted into the session pods it is important that `launcher.useTemplates: true` is set and `pip.conf` settings are listed under `config.session` like in the example below for adding Posit Public Package Manager's PyPI. +#### R repositories -``` -launcher: - useTemplates: true +R package repositories can be configured with `config.session.repos.conf`: +```yaml config: session: - pip.conf: - "global": - index-url: https://packagemanager.posit.co/pypi/latest/simple - trusted-host: packagemanager.posit.co + repos.conf: + CRAN: https://packagemanager.posit.co/cran/__linux__/jammy/latest ``` -## User Provisioning +For more information about configuring CRAN repositories in Workbench, see the [Posit Workbench Administrator Guide's - Package Installation > CRAN repositories](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories) section. + +## User provisioning -Provisioning users in RStudio Workbench containers is challenging. Session images have users created automatically (with -consistent UIDs / GIDs), but creating users in the Workbench containers is a responsibility that falls to the -administrator today. +Provisioning users in Workbench containers is challenging. Session images create users automatically (with +consistent UIDs / GIDs). However, creating users in the Workbench containers is a responsibility that falls to the +administrator. The most common way to provision users is via `sssd`. -The [latest RStudio Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) +The [latest Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) has `sssd` included and running by default (see `userProvisioning` configuration files above). -The other way that this can be managed is via a lightweight "startup service" (runs once at startup and then sleeps forever) +The other way that this can be managed is via a lightweight startup service (runs once at startup and then sleeps forever) or a polling service (checks at regular intervals). Either can be written easily in `bash` or another programming language. -However, it is important to be careful of a few points: -- UID / GID consistency: linux usernames and their matching to UID/GID must be consistent across all nodes and across - time. Failing this can cause security issues and access by some users to files they should not be allowed to see -- usernames cannot have `@`. The `@` sign (often used in emails with SSO) is a problem for RStudio Workbench because - some operating systems disallow `@` signs in linux usernames -- `supervisord` is configured by default to exit if any of its child processes exit. If you use `config.startupCustom` - to configure a user management service, be careful that it does not exit unnecessarily +However, it is important to use caution for the following: -We do not provide such a service out of the box because we intend for RStudio Workbench to solve this problem in a -future release. Please get in touch with your account representative if you have feedback or questions about this +- UID / GID consistency: + - Linux usernames and their matching to UID/GID must be consistent across all nodes and across time. + - Failing can cause security issues and access by some users to access view they should not be allowed to see. +- Usernames cannot have `@`. + - The `@` sign (often used in emails with SSO) is a problem for Workbench because some operating systems disallow `@` signs in linux usernames. +- `supervisord` is configured by default to exit if any of its child processes exit. + - If you use `config.startupCustom` to configure a user management service, be careful that it does not exit unnecessarily. + +We do not provide such a service out-of-the box because we intend for Workbench to solve this problem in a +future release. Please contact your account representative if you have feedback or questions about this workflow. ### PAM -When starting sessions on RStudio Workbench, PAM configuration is often very important, even if PAM is not being used as -an authentication mechanism. The RStudio Workbench helm chart allows creating custom PAM files via the `config.pam` +When starting sessions on Workbench, PAM configuration is often very important, even if PAM is not being used as +an authentication mechanism. The Workbench Helm chart allows creating custom PAM files via the `config.pam` values section. -Each key under `config.pam` will become a PAM config file, and will be mounted into `/etc/pam.d/` in the container. For +Each key under `config.pam` becomes a PAM configuration file, and is mounted into `/etc/pam.d/` in the container. For example: ```yaml @@ -217,23 +223,23 @@ config: # will be used verbatim ``` -## RStudio Profiles +## RStudio profiles Profiles are used to define product behavior (in `.ini` file format) based on user and group membership. Sections define whether a set of configurations is applied to a user's jobs based on the following criteria: -- if section header is `[*]`, it applies to all users -- if a user's username is `myusername`, the section `[myusername]` will apply to them -- if a user is in the `allusers` group, then the section `[@allusers]` will apply to them +- If section header is `[*]`, it applies to all users. +- If a user's username is `myusername`, the section `[myusername]` applies to them. +- If a user is in the `allusers` group, then the section `[@allusers]` applies to them The product reads configuration from top to bottom and "last-in-wins" for a given configuration value. ### `/etc/rstudio/profiles` -The `/etc/rstudio/profiles` file enables you to tailor the behavior of sessions on a per-user or per-group basis. See the Workbench Admin Guide [User and Group Profiles](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.html) page for more details. +The `/etc/rstudio/profiles` file enables you to tailor the behavior of sessions on a per-user or per-group basis. See the [Posit Workbench Administrator Guide - User and Group Profiles](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.html) page for more information. -In the `values.yaml`, the content of `/etc/rstudio/profiles` should be defined in `config.server.profiles`. For example: +In the `values.yaml`, define the content of `/etc/rstudio/profiles` in `config.server.profiles`. For example: ```yaml config: @@ -256,17 +262,17 @@ session-timeout-minutes=60 ### `/etc/rstudio/launcher.kubernetes.profiles.conf` -The `/etc/rstudio/launcher.kubernetes.profiles.conf` contains the configuration of resource limits by user and group when using the Kubernetes Launcher Plugin. In the `values.yaml`, the content of `/etc/rstudio/launcher.kubernetes.profiles.conf ` should be defined in `config.profiles.launcher.kubernetes.profiles.conf`. The `config.profiles` section has a couple of niceties that are added in by default. +The `/etc/rstudio/launcher.kubernetes.profiles.conf` contains the configuration of resource limits by user and group when using the Kubernetes Launcher Plugin. In the `values.yaml`, define the content of `/etc/rstudio/launcher.kubernetes.profiles.conf ` in the `config.profiles.launcher.kubernetes.profiles.conf` file. The `config.profiles` section has a couple of niceties that are added in by default. -- YAML arrays like the following will be "comma-joined." For instance, the following will become: `some-key=value1,value2` +- YAML arrays like the following becomes "comma-joined." For instance, the following becomes: `some-key=value1,value2` -```yaml -some-key: - - value1 - - value2 -``` + ```yaml + some-key: + - value1 + - value2 + ``` -- The `[*]` section will have arrays "appended" to user and group sections, along with "defaults" defined by the chart. +- The `[*]` section has arrays "appended" to user and group sections, along with "defaults" defined by the chart. For example: @@ -283,6 +289,7 @@ config: - value4 - value5 ``` + Becomes: _/etc/rstudio/launcher.kubernetes.profiles.conf_ @@ -294,23 +301,24 @@ some-key: value1,value2 some-key: value1,value2,value3,value4 ``` -> NOTE: this appending/concatenation/array translation behavior only works with the helm chart +:::{.callout-note} +This appending/concatenation/array translation behavior only works with the helm chart. +::: -### Job Json Overrides +### Job Json overrides -If you want to customize the job launch process (i.e. how sessions are defined), you will need to edit the following -configuration: - - modify `config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` - - create an array of maps with the following keys: - - `target`: the "target" part of the job spec to replace - - `name`: a unique identifier (ideally with no spaces) that will become a config filename on disk - - `json`: a YAML value that will be translated directly to JSON and injected into the job spec at `target` +If you want to customize the job launch process (i.e., how sessions are defined), edit the following configuration: -Note that several examples are provided -in [this support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) -(however, examples do not use the helm chart syntax there). +- Modify: + ```yaml + config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` + ``` +- Create an array of maps with the following keys: + - `target`: The "target" part of the job spec to replace. + - `name`: A unique identifier (ideally with no spaces) becomes a configuration filename on disk. + - `json`: A YAML value that is translated directly to JSON and injected into the job spec at `target`. -Alternatively, you can explore the docs in the [helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md) +Explore the docs in the [Helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md) for additional information. ```yaml config: @@ -330,10 +338,11 @@ config: - "two-image:tag ``` -## Sealed Secrets -This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. +## Sealed secrets + +This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via Helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. -To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted. The chart does not support mixing encrypted values with unencrypted values. +To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted (the chart does not support mixing encrypted values with unencrypted values): - `config.secret` - `config.sessionSecret` @@ -341,7 +350,7 @@ To activate the use of `SealedSecret` templates instead of `Secret` templates in - `launcherPem` - `secureCookieKey` (or `global.secureCookieKey`) -Use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key which can be generated via an RSA tool such as helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID which can be generated via a UUID generator such as helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. +Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key, which can be generated via an RSA tool such as Helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID, which can be generated via a UUID generator such as Helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. {{ template "chart.valuesSection" . }} From 50a2092b0cbd5d08d335f6e871400993855d40a9 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 14 May 2024 14:44:30 +0000 Subject: [PATCH 026/284] Update helm-docs and README.md --- charts/posit-chronicle/README.md | 49 ++-- charts/rstudio-connect/README.md | 53 ++-- charts/rstudio-launcher-rbac/README.md | 31 ++- charts/rstudio-library/README.md | 25 +- charts/rstudio-pm/README.md | 56 ++-- charts/rstudio-workbench/README.md | 367 +++++++++++++------------ 6 files changed, 301 insertions(+), 280 deletions(-) diff --git a/charts/posit-chronicle/README.md b/charts/posit-chronicle/README.md index 98feb64e..6b9f84d1 100644 --- a/charts/posit-chronicle/README.md +++ b/charts/posit-chronicle/README.md @@ -1,7 +1,4 @@ ---- -title: Posit Chronicle -code-overflow: wrap ---- +# Posit Chronicle ![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![AppVersion: 2024.03.0](https://img.shields.io/badge/AppVersion-2024.03.0-informational?style=flat-square) @@ -15,10 +12,14 @@ Workbench. To ensure a stable production deployment: +## For production + +To ensure a stable production deployment: + * "Pin" the version of the Helm chart that you are using. You can do this using the: * `helm dependency` command *and* the associated "Chart.lock" files *or* * the `--version` flag. - + ::: {.callout-important} This protects you from breaking changes. ::: @@ -35,19 +36,19 @@ helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/posit-chronicle --version=0.3.0 ``` -To explore other chart versions, take a look at: - -```{.bash} +To explore other chart versions, look at: +``` helm search repo rstudio/posit-chronicle -l ``` ## Usage This chart deploys only the Chronicle server and is meant to be used in tandem -with the Workbench and Connect charts. To send data to the server, run the Chronicle agent as a sidecar container on your -Workbench or Connect server pods by setting `pod.sidecar` in their respective `values.yaml` files. +with the Workbench and Connect charts. To actually send data to the server, you +will need to run the Chronicle agent as a sidecar container on your +Workbench or Connect server pods by setting `pod.sidecar` in their respective `values.yaml` files -Here is an example of Helm values to run the agent sidecar in *Workbench*, +Here is an example of Helm values to run the agent sidecar in **Workbench**, where we set up a shared volume between containers for audit logs: ```yaml @@ -71,7 +72,7 @@ pod: value: "http://chronicle-server.default" ``` -Here is an example of Helm values for *Connect*, where a Connect +And here is an example of Helm values for Connect, where a **Connect** API key from a Kubernetes Secret is used to unlock more detailed metrics: ```yaml @@ -89,10 +90,10 @@ pod: key: apikey ``` -It is up to the user to provision this Kubernetes Secret for the +Note that it is up to the user to provision this Kubernetes Secret for the Connect API key. -## Storage configuration +## Storage Configuration Chronicle can be configured to persist data to a local Kubernetes Volume, AWS S3, or both. @@ -108,7 +109,8 @@ config: ``` `retentionPeriod` controls how long usage data are kept. For example, `"120m"` -for 120 minutes, `"36h"` for 36 hours, `14d` for two weeks, or `"0"` for unbounded retention (units smaller than seconds or larger than days are not supported). +for 120 minutes, `"36h"` for 36 hours, `14d` for two weeks, or `"0"` for unbounded retention. +(Units smaller than seconds or larger than days are not supported.) You can also persist data to AWS S3 instead of (or in addition to) local storage: @@ -121,7 +123,7 @@ config: Region: "us-east-2" ``` -### Using IAM for S3 +### Using Iam for S3 If you are running on EKS, you can use [IAM Roles for Service Accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) @@ -136,9 +138,9 @@ serviceaccount: eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here ``` -If you are unable to use IAM Roles for Service Accounts, there are many +If you are unable to use IAM Roles for Service Accounts, there are any number of alternatives for injecting AWS credentials into a container. As a fallback, -the S3 storage `config` allows specifying a profile: +the S3 storage config allows specifying a profile: ```yaml config: @@ -149,14 +151,14 @@ config: Region: "us-east-2" ``` -### Needed S3 policy permissions +### Needed S3 Policy Permissions The credentials Chronicle uses for S3 storage must have the following permissions enabled: -* `s3:GetObject` -* `s3:ListBucket` -* `s3:PutObject` -* `s3:DeleteObject` +- `s3:GetObject` +- `s3:ListBucket` +- `s3:PutObject` +- `s3:DeleteObject` ## Values @@ -205,3 +207,4 @@ The credentials Chronicle uses for S3 storage must have the following permission ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) + diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 8a04dbf9..a2ae0ee1 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,7 +1,4 @@ ---- -title: Posit Connect -code-overflow: wrap ---- +# Posit Connect ![Version: 0.6.6](https://img.shields.io/badge/Version-0.6.6-informational?style=flat-square) ![AppVersion: 2024.04.1](https://img.shields.io/badge/AppVersion-2024.04.1-informational?style=flat-square) @@ -10,33 +7,37 @@ code-overflow: wrap Business Users and Collaborators use R and Python data products on [Posit Connect](https://posit.co/products/enterprise/connect/) that are published by Data Scientists. -## Best Practices +## Best practices Helm charts are very useful tools for deploying resources into Kubernetes, however, they do require some familiarity with kubernetes and `helm` itself. Please ensure you have adequate training and IT support before deploying these charts into production environments. Reach out to your account representative -if you need help deciding whether helm is a good choice for your deployment. +if you need help deciding whether Helm is a good choice for your deployment. To ensure reproducibility in your environment and insulate yourself from future changes, please: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use the `helm-diff` plugin and `helm diff upgrade` to check - for breaking changes -* Read [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +* "Pin" the version of the Helm chart that you are using. You can do + this using the: + * `helm dependency` command and the associated "Chart.lock" files _or_ + * the `--version` flag. -## Installing the Chart + :::{.callout-important} + This protects you from breaking changes** + ::: + +* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. + +## Installing the chart To install the chart with the release name `my-release` at version 0.6.6: -```bash +```{.bash} helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/rstudio-connect --version=0.6.6 ``` -To explore other chart versions, take a look at: +To explore other chart versions, look at: ``` helm search repo rstudio/rstudio-connect -l ``` @@ -56,15 +57,15 @@ This chart requires the following in order to function: ## Licensing -This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. - -### License File +This chart supports activating the product using a *license file*. We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -`kubectl create secret generic rstudio-connect-license --from-file=licenses/rstudio-connect.lic` +```{.bash} +kubectl create secret generic rstudio-connect-license --from-file=licenses/rstudio-connect.lic +``` Second, specify the following values: @@ -77,15 +78,9 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -`--set-file license.file.contents=licenses/rstudio-connect.lic` - -### License Key - -Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. - -### License Server - -Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. +```{.bash} +--set-file license.file.contents=licenses/rstudio-connect.lic +``` ## General Principles diff --git a/charts/rstudio-launcher-rbac/README.md b/charts/rstudio-launcher-rbac/README.md index 313d989f..496581b3 100644 --- a/charts/rstudio-launcher-rbac/README.md +++ b/charts/rstudio-launcher-rbac/README.md @@ -4,28 +4,35 @@ #### _RBAC definition for the RStudio Job Launcher_ -## For Production +## For production -To ensure a stable production deployment, please: +To ensure a stable production deployment: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check - for breaking changes -* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +## For production -## Installing the Chart +To ensure a stable production deployment: + +* "Pin" the version of the Helm chart that you are using. You can do this using the: + * `helm dependency` command *and* the associated "Chart.lock" files *or* + * the `--version` flag. + + ::: {.callout-important} + This protects you from breaking changes. + ::: + +* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. + +## Installing the chart To install the chart with the release name `my-release` at version 0.2.20: -```bash +```{.bash} helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/rstudio-launcher-rbac --version=0.2.20 ``` -To explore other chart versions, take a look at: +To explore other chart versions, look at: ``` helm search repo rstudio/rstudio-launcher-rbac -l ``` diff --git a/charts/rstudio-library/README.md b/charts/rstudio-library/README.md index 86e0ab9d..56a781e8 100644 --- a/charts/rstudio-library/README.md +++ b/charts/rstudio-library/README.md @@ -4,17 +4,24 @@ #### _Helm library helpers for use by official RStudio charts_ -## For Production +## For production -To ensure a stable production deployment, please: +To ensure a stable production deployment: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check - for breaking changes -* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +## For production + +To ensure a stable production deployment: + +* "Pin" the version of the Helm chart that you are using. You can do this using the: + * `helm dependency` command *and* the associated "Chart.lock" files *or* + * the `--version` flag. + + ::: {.callout-important} + This protects you from breaking changes. + ::: + +* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. # Usage diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 9fcaca95..24b0d743 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,7 +1,4 @@ ---- -title: Posit Package Manager -code-overflow: wrap ---- +# Posit Package Manager ![Version: 0.5.25](https://img.shields.io/badge/Version-0.5.25-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) @@ -10,28 +7,35 @@ code-overflow: wrap IT Administrators use [Posit Package Manager](https://posit.co/products/enterprise/package-manager/) to control and manage R and Python packages that Data Scientists need to create and share data products. -## For Production +## For production -To ensure a stable production deployment, please: +To ensure a stable production deployment: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check - for breaking changes -* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +## For production -## Installing the Chart +To ensure a stable production deployment: + +* "Pin" the version of the Helm chart that you are using. You can do this using the: + * `helm dependency` command *and* the associated "Chart.lock" files *or* + * the `--version` flag. + + ::: {.callout-important} + This protects you from breaking changes. + ::: + +* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. + +## Installing the chart To install the chart with the release name `my-release` at version 0.5.25: -```bash +```{.bash} helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.25 ``` -To explore other chart versions, take a look at: +To explore other chart versions, look at: ``` helm search repo rstudio/rstudio-pm -l ``` @@ -60,15 +64,15 @@ This chart requires the following in order to function: ## Licensing -This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. - -### License File +This chart supports activating the product using a *license file*. We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -`kubectl create secret generic rstudio-pm-license --from-file=licenses/rstudio-pm.lic` +```{.bash} +kubectl create secret generic rstudio-pm-license --from-file=licenses/rstudio-pm.lic +``` Second, specify the following values: @@ -81,15 +85,9 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -`--set-file license.file.contents=licenses/rstudio-pm.lic` - -### License Key - -Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. - -### License Server - -Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. +```{.bash} +--set-file license.file.contents=licenses/rstudio-pm.lic +``` ## S3 Configuration diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 9cda63d7..0a5bb0a1 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -7,81 +7,91 @@ Data Scientists use [Posit Workbench](https://posit.co/products/enterprise/workbench/) to analyze data and create data products using R and Python. -## For Production +## For production -To ensure a stable production deployment, please: +To ensure a stable production deployment: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check - for breaking changes -* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +## For production -## Installing the Chart +To ensure a stable production deployment: + +* "Pin" the version of the Helm chart that you are using. You can do this using the: + * `helm dependency` command *and* the associated "Chart.lock" files *or* + * the `--version` flag. + + ::: {.callout-important} + This protects you from breaking changes. + ::: + +* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. + +## Installing the chart To install the chart with the release name `my-release` at version 0.7.3: -```bash +```{.bash} helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/rstudio-workbench --version=0.7.3 ``` -To explore other chart versions, take a look at: +To explore other chart versions, look at: ``` helm search repo rstudio/rstudio-workbench -l ``` -## Required Configuration +## Required configuration -This chart requires the following in order to function: +To function, this chart requires the following: -* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. +* A license file. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the home directory for users. - * If `homeStorage.create` is set, a PVC that relies on the default storage class will be created to generate the + * If `homeStorage.create` is set, it creates a Persistent Volume Claim (PVC) that relies on the default storage class to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use - with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend you disable `homeStorage.create` and - create your own `PersistentVolume` and `PersistentVolumeClaim`, then mount them into the container by specifying + with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend that you: + * Disable `homeStorage.create` and + create your own `PersistentVolume` and `PersistentVolumeClaim`, then + * Mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `homeStorage.name` and `homeStorage.mount`. - * If you cannot use a `PersistentVolume` to properly mount your users' home directories, you'll need to mount your + * If you cannot use a `PersistentVolume` to properly mount your users' home directories, mount your data in the container by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes/#nfs), specified in `pod.volumes` and `pod.volumeMounts`. - * If you cannot use a `Volume` to mount the directories, you'll need to manually mount them during container startup + * If you cannot use a `Volume` to mount the directories, manually mount them during container startup with a mechanism similar to what is described below for joining to auth domains. - * If not using `homeStorage.create`, you'll need to configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions. -* If using load balancing (by setting `replicas > 1`), you will need similar storage defined for `sharedStorage` to + * If not using `homeStorage.create`, configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions. +* If using load balancing (by setting `replicas > 1`), you need similar storage defined for `sharedStorage` to store shared project configuration. However, you can also configure the product to store its shared data underneath `/home` by setting `config.server.rserver\.conf.server-shared-storage-path=/home/some-shared-dir`. * A method to join the deployed `rstudio-workbench` container to your auth domain. The default `rstudio/rstudio-workbench` image has `sssd` installed and started by default. You can include `sssd` configuration in `config.userProvisioning` like so: -```yaml -config: - userProvisioning: - mysssd.conf: - sssd: - config_file_version: 2 - services: nss, pam - domains: rstudio.com - domain/rstudio.com: - id_provider: ldap - auth_provider: ldap -``` -## Licensing + ```yaml + config: + userProvisioning: + mysssd.conf: + sssd: + config_file_version: 2 + services: nss, pam + domains: rstudio.com + domain/rstudio.com: + id_provider: ldap + auth_provider: ldap + ``` -This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. +## Licensing -### License File +This chart supports activating the product using a *license file*. We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -`kubectl create secret generic rstudio-workbench-license --from-file=licenses/rstudio-workbench.lic` +```{.bash} +kubectl create secret generic rstudio-workbench-license --from-file=licenses/rstudio-workbench.lic +``` Second, specify the following values: @@ -94,32 +104,27 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -`--set-file license.file.contents=licenses/rstudio-workbench.lic` - -### License Key - -Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. - -### License Server +```{.bash} +--set-file license.file.contents=licenses/rstudio-workbench.lic +``` -Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. +## General principles -## General Principles +## General principles - In most places, we opt to pass Helm values directly into ConfigMaps. We automatically translate these into the - valid `.ini` or `.dcf` file formats required by RStudio Workbench. Those config files and their mount locations are - below. -- If you need to modify the jobs launched by RStudio Workbench, you want to use `job-json-overrides`. There is a section on this below - and [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) - on the topic in general. -- The prestart scripts for RStudio Workbench and RStudio Launcher are highly customized to: - - Get the service account information off of the RStudio Workbench pod for use in launching jobs -- RStudio Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter - [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) + valid `.ini` or `.dcf` file formats required by Workbench. + - Those configuration files and their mount locations are covered in the [Configuration files](#configuration-files) section below. +- If you need to modify the jobs launched by Workbench, use `job-json-overrides`. + - Review the [Job Json overrides](#job-json-overrides) section on this below. For general information, see [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes). +- The prestart scripts for Workbench and Posit Job Launcher are highly customized to get the service account information off of the Workbench pod for use in launching jobs. +- Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter. + - This is described in the + [Monitoring Posit Team Using Prometheus and Graphite](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) support article. ## Configuration files -These configuration values all take the form of usual helm values +These configuration values all take the form of usual Helm values so you can set the database password with something like: ``` @@ -136,130 +141,133 @@ config: ``` The names of files are dynamically used, so you can add new files as needed. Beware that some files have default values, -so moving them can have adverse effects. Also, if you use a different mounting paradigm, you will need to change -the `XDG_CONFIG_DIRS` environment variable +so moving them can have adverse effects. Also, if you use a different mounting paradigm, you need to change +the `XDG_CONFIG_DIRS` environment variable. - Session Configuration - These configuration files are mounted into the server and - are mounted into the session pods as well. + are mounted into the session pods. - `repos.conf`, `rsession.conf`, `notifications.conf` - - located in the `config.session.<< name of file >>` helm values - - mounted at `/mnt/session-configmap/rstudio/` -- Session Secret Configuration - - These configuration files are mounted into the server and session pods as well - - `odbc.ini` and other similar shared secrets - - located in `config.sessionSecret.<< name of file>>` helm values - - mounted at `/mnt/session-secret/` -- Secret Configuration - - These configuration files are mounted into the server with more restrictive permissions (0600) + - Located in:
    `config.session.<< name of file >>` Helm values + - Mounted at:
    `/mnt/session-configmap/rstudio/` +- Session Secret Configuration: + - These configuration files are mounted into the server and session pods. + - `odbc.ini` and other similar shared secrets. + - Located in:
    `config.sessionSecret.<< name of file>>` Helm values + - Mounted at:
    `/mnt/session-secret/` +- Secret Configuration: + - These configuration files are mounted into the server with more restrictive permissions (0600). - `database.conf`, `openid-client-secret`, `databricks.conf` - - They are located in the `config.secret.<< name of file >>` helm values - - mounted at `/mnt/secret-configmap/rstudio/` -- Server Configuration - - These configuration files are mounted into the server (.ini file format) + - Located in:
    `config.secret.<< name of file >>` Helm values + - Mounted at:
    `/mnt/secret-configmap/rstudio/` +- Server Configuration: + - These configuration files are mounted into the server (.ini file format). - `rserver.conf`, `launcher.conf`, `jupyter.conf`, `logging.conf` - - They are located at `config.server.<< name of file >>` helm values - - mounted at `/mnt/configmap/rstudio/` -- Server DCF Configuration - - These configuration files are mounted into the server (.dcf file format) + - Located at:
    `config.server.<< name of file >>` Helm values + - Mounted at:
    `/mnt/configmap/rstudio/` +- Server DCF Configuration: + - These configuration files are mounted into the server (.dcf file format). - `launcher-mounts`, `launcher-env` - - They are located at `config.serverDcf.<< name of file >>` helm values - - included at `/mnt/configmap/rstudio/` -- Profiles Configuration - - These configuration files are mounted into the server (.ini file format) + - Located at:
    `config.serverDcf.<< name of file >>` Helm values + - Included at:
    `/mnt/configmap/rstudio/` +- Profiles Configuration: + - These configuration files are mounted into the server (.ini file format). - `launcher.kubernetes.profiles.conf` - - They are located at `config.profiles.<< name of file >>` helm values - - included at `/mnt/configmap/rstudio/` - - See the `Profiles` section below for more information -- Prestart - - This is provided by the helm chart in a configmap - - It is mounted into the pod at `/scripts/` - - `prestart-workbench.bash` is used to start workbench - - `prestart-launcher.bash` is used to start launcher -- User Provisioning Configuration - - These configuration files are used for configuring user provisioning (i.e. `sssd`) - - Located at `config.userProvisioning.<< name of file >>` helm values - - Mounted onto `/etc/sssd/conf.d/` with `0600` permissions by default -- Custom Startup Configuration - - `supervisord` service / unit definition `.conf` files - - Located at `config.startupCustom.<< name of file >>` helm values - - Will use the `.ini` file format, by default - - Mounted at `/startup/custom` - - As with all config files above, can override with a verbatim string if desired, like so: -```yaml -config: - startupCustom: - myfile.conf: | - file-used-verbatim -``` -- PAM configuration - - `pam` configuration files - - Located at `config.pam.<< name of file >>` helm values - - Will be mounted verbatim as individual files (using `subPath` mounts) at `/etc/pam.d/<< name of file >>` + - They are located at `config.profiles.<< name of file >>` Helm values + - Included at:
    `/mnt/configmap/rstudio/` + - See the [Profiles](#rstudio-profiles) section below for more information. +- Prestart: + - This is provided by the Helm chart in a configmap. + - It is mounted into the pod at `/scripts/`. + - `prestart-workbench.bash` is used to start workbench. + - `prestart-launcher.bash` is used to start launcher. +- User Provisioning Configuration: + - These configuration files are used for configuring user provisioning (i.e., `sssd`). + - Located at:
    `config.userProvisioning.<< name of file >>` Helm values + - Mounted onto:
    `/etc/sssd/conf.d/` with `0600` permissions by default. +- Custom Startup Configuration: + - `supervisord` service / unit definition `.conf` files. + - Use the `.ini` file format by default. + - Mounted at:
    `/startup/custom` + - As with all configuration files above, you can override with a verbatim string if desired: + - Located at:
    `config.startupCustom.<< name of file >>` Helm values: + ```yaml + config: + startupCustom: + myfile.conf: | + file-used-verbatim + ``` +- PAM configuration: + - `pam` configuration files. + - Located at:
    `config.pam.<< name of file >>` Helm values + - Mounted verbatim as individual files (using `subPath` mounts) at:
    `/etc/pam.d/<< name of file >>` -### Configuring R and Python repositories +#### Python repositories -#### R repositories +pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mounted into the session pods, it is important that: -R package repositories can be configured with `config.session.repos.conf`. +- `launcher.useTemplates: true` is set +- `pip.conf` settings are listed under `config.session` as shown in the following example for adding Posit Public Package Manager's PyPI: -``` -config: - session: - repos.conf: - CRAN: https://packagemanager.posit.co/cran/__linux__/jammy/latest -``` + ```yaml + launcher: + useTemplates: true -For more information about configuring CRAN repositories in Workbench refer to the [Admin Guide](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories). + config: + session: + pip.conf: + "global": + index-url: https://packagemanager.posit.co/pypi/latest/simple + trusted-host: packagemanager.posit.co + ``` -#### Python repositories - -pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mounted into the session pods it is important that `launcher.useTemplates: true` is set and `pip.conf` settings are listed under `config.session` like in the example below for adding Posit Public Package Manager's PyPI. +#### R repositories -``` -launcher: - useTemplates: true +R package repositories can be configured with `config.session.repos.conf`: +```yaml config: session: - pip.conf: - "global": - index-url: https://packagemanager.posit.co/pypi/latest/simple - trusted-host: packagemanager.posit.co + repos.conf: + CRAN: https://packagemanager.posit.co/cran/__linux__/jammy/latest ``` -## User Provisioning +For more information about configuring CRAN repositories in Workbench, see the [Posit Workbench Administrator Guide's - Package Installation > CRAN repositories](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories) section. -Provisioning users in RStudio Workbench containers is challenging. Session images have users created automatically (with -consistent UIDs / GIDs), but creating users in the Workbench containers is a responsibility that falls to the -administrator today. +## User provisioning + +Provisioning users in Workbench containers is challenging. Session images create users automatically (with +consistent UIDs / GIDs). However, creating users in the Workbench containers is a responsibility that falls to the +administrator. The most common way to provision users is via `sssd`. -The [latest RStudio Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) +The [latest Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) has `sssd` included and running by default (see `userProvisioning` configuration files above). -The other way that this can be managed is via a lightweight "startup service" (runs once at startup and then sleeps forever) +The other way that this can be managed is via a lightweight startup service (runs once at startup and then sleeps forever) or a polling service (checks at regular intervals). Either can be written easily in `bash` or another programming language. -However, it is important to be careful of a few points: -- UID / GID consistency: linux usernames and their matching to UID/GID must be consistent across all nodes and across - time. Failing this can cause security issues and access by some users to files they should not be allowed to see -- usernames cannot have `@`. The `@` sign (often used in emails with SSO) is a problem for RStudio Workbench because - some operating systems disallow `@` signs in linux usernames -- `supervisord` is configured by default to exit if any of its child processes exit. If you use `config.startupCustom` - to configure a user management service, be careful that it does not exit unnecessarily +However, it is important to use caution for the following: + +- UID / GID consistency: + - Linux usernames and their matching to UID/GID must be consistent across all nodes and across time. + - Failing can cause security issues and access by some users to access view they should not be allowed to see. +- Usernames cannot have `@`. + - The `@` sign (often used in emails with SSO) is a problem for Workbench because some operating systems disallow `@` signs in linux usernames. +- `supervisord` is configured by default to exit if any of its child processes exit. + - If you use `config.startupCustom` to configure a user management service, be careful that it does not exit unnecessarily. -We do not provide such a service out of the box because we intend for RStudio Workbench to solve this problem in a -future release. Please get in touch with your account representative if you have feedback or questions about this +We do not provide such a service out-of-the box because we intend for Workbench to solve this problem in a +future release. Please contact your account representative if you have feedback or questions about this workflow. ### PAM -When starting sessions on RStudio Workbench, PAM configuration is often very important, even if PAM is not being used as -an authentication mechanism. The RStudio Workbench helm chart allows creating custom PAM files via the `config.pam` +When starting sessions on Workbench, PAM configuration is often very important, even if PAM is not being used as +an authentication mechanism. The Workbench Helm chart allows creating custom PAM files via the `config.pam` values section. -Each key under `config.pam` will become a PAM config file, and will be mounted into `/etc/pam.d/` in the container. For +Each key under `config.pam` becomes a PAM configuration file, and is mounted into `/etc/pam.d/` in the container. For example: ```yaml @@ -273,23 +281,23 @@ config: # will be used verbatim ``` -## RStudio Profiles +## RStudio profiles Profiles are used to define product behavior (in `.ini` file format) based on user and group membership. Sections define whether a set of configurations is applied to a user's jobs based on the following criteria: -- if section header is `[*]`, it applies to all users -- if a user's username is `myusername`, the section `[myusername]` will apply to them -- if a user is in the `allusers` group, then the section `[@allusers]` will apply to them +- If section header is `[*]`, it applies to all users. +- If a user's username is `myusername`, the section `[myusername]` applies to them. +- If a user is in the `allusers` group, then the section `[@allusers]` applies to them The product reads configuration from top to bottom and "last-in-wins" for a given configuration value. ### `/etc/rstudio/profiles` -The `/etc/rstudio/profiles` file enables you to tailor the behavior of sessions on a per-user or per-group basis. See the Workbench Admin Guide [User and Group Profiles](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.html) page for more details. +The `/etc/rstudio/profiles` file enables you to tailor the behavior of sessions on a per-user or per-group basis. See the [Posit Workbench Administrator Guide - User and Group Profiles](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.html) page for more information. -In the `values.yaml`, the content of `/etc/rstudio/profiles` should be defined in `config.server.profiles`. For example: +In the `values.yaml`, define the content of `/etc/rstudio/profiles` in `config.server.profiles`. For example: ```yaml config: @@ -312,17 +320,17 @@ session-timeout-minutes=60 ### `/etc/rstudio/launcher.kubernetes.profiles.conf` -The `/etc/rstudio/launcher.kubernetes.profiles.conf` contains the configuration of resource limits by user and group when using the Kubernetes Launcher Plugin. In the `values.yaml`, the content of `/etc/rstudio/launcher.kubernetes.profiles.conf ` should be defined in `config.profiles.launcher.kubernetes.profiles.conf`. The `config.profiles` section has a couple of niceties that are added in by default. +The `/etc/rstudio/launcher.kubernetes.profiles.conf` contains the configuration of resource limits by user and group when using the Kubernetes Launcher Plugin. In the `values.yaml`, define the content of `/etc/rstudio/launcher.kubernetes.profiles.conf ` in the `config.profiles.launcher.kubernetes.profiles.conf` file. The `config.profiles` section has a couple of niceties that are added in by default. -- YAML arrays like the following will be "comma-joined." For instance, the following will become: `some-key=value1,value2` +- YAML arrays like the following becomes "comma-joined." For instance, the following becomes: `some-key=value1,value2` -```yaml -some-key: - - value1 - - value2 -``` + ```yaml + some-key: + - value1 + - value2 + ``` -- The `[*]` section will have arrays "appended" to user and group sections, along with "defaults" defined by the chart. +- The `[*]` section has arrays "appended" to user and group sections, along with "defaults" defined by the chart. For example: @@ -339,6 +347,7 @@ config: - value4 - value5 ``` + Becomes: _/etc/rstudio/launcher.kubernetes.profiles.conf_ @@ -350,23 +359,24 @@ some-key: value1,value2 some-key: value1,value2,value3,value4 ``` -> NOTE: this appending/concatenation/array translation behavior only works with the helm chart +:::{.callout-note} +This appending/concatenation/array translation behavior only works with the helm chart. +::: -### Job Json Overrides +### Job Json overrides -If you want to customize the job launch process (i.e. how sessions are defined), you will need to edit the following -configuration: - - modify `config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` - - create an array of maps with the following keys: - - `target`: the "target" part of the job spec to replace - - `name`: a unique identifier (ideally with no spaces) that will become a config filename on disk - - `json`: a YAML value that will be translated directly to JSON and injected into the job spec at `target` +If you want to customize the job launch process (i.e., how sessions are defined), edit the following configuration: -Note that several examples are provided -in [this support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) -(however, examples do not use the helm chart syntax there). +- Modify: + ```yaml + config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` + ``` +- Create an array of maps with the following keys: + - `target`: The "target" part of the job spec to replace. + - `name`: A unique identifier (ideally with no spaces) becomes a configuration filename on disk. + - `json`: A YAML value that is translated directly to JSON and injected into the job spec at `target`. -Alternatively, you can explore the docs in the [helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md) +Explore the docs in the [Helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md) for additional information. ```yaml config: @@ -386,10 +396,11 @@ config: - "two-image:tag ``` -## Sealed Secrets -This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. +## Sealed secrets + +This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via Helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. -To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted. The chart does not support mixing encrypted values with unencrypted values. +To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted (the chart does not support mixing encrypted values with unencrypted values): - `config.secret` - `config.sessionSecret` @@ -397,7 +408,7 @@ To activate the use of `SealedSecret` templates instead of `Secret` templates in - `launcherPem` - `secureCookieKey` (or `global.secureCookieKey`) -Use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key which can be generated via an RSA tool such as helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID which can be generated via a UUID generator such as helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. +Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key, which can be generated via an RSA tool such as Helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID, which can be generated via a UUID generator such as Helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. ## Values From b9905067aa8f68e3cec9a0ca62f93d4b620f9ddb Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Tue, 14 May 2024 10:49:02 -0400 Subject: [PATCH 027/284] Description updates --- charts/rstudio-connect/Chart.yaml | 2 +- charts/rstudio-pm/Chart.yaml | 2 +- charts/rstudio-workbench/Chart.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index 225d2322..5518cb08 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,5 +1,5 @@ name: rstudio-connect -description: Official Helm chart for RStudio Connect +description: Official Helm chart for Posit Connect version: 0.6.6 apiVersion: v2 appVersion: 2024.04.1 diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index 76a4357d..f9e32dfa 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -1,5 +1,5 @@ name: rstudio-pm -description: Official Helm chart for RStudio Package Manager +description: Official Helm chart for Posit Package Manager version: 0.5.25 apiVersion: v2 appVersion: 2024.04.0 diff --git a/charts/rstudio-workbench/Chart.yaml b/charts/rstudio-workbench/Chart.yaml index b44fb106..987b7ad6 100644 --- a/charts/rstudio-workbench/Chart.yaml +++ b/charts/rstudio-workbench/Chart.yaml @@ -1,5 +1,5 @@ name: rstudio-workbench -description: Official Helm chart for RStudio Workbench +description: Official Helm chart for Posit Workbench version: 0.7.3 apiVersion: v2 appVersion: 2024.04.0 From 95403c36a6494093be074d2a4d3f74e6e3e45e15 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Fri, 10 May 2024 20:31:31 -0400 Subject: [PATCH 028/284] Workbench review --- charts/rstudio-workbench/README.md | 311 ++++++++++++++++------------- examples/workbench/index.qmd | 2 +- index.qmd | 10 +- 3 files changed, 179 insertions(+), 144 deletions(-) diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 9cda63d7..01abf0ab 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,4 +1,7 @@ -# Posit Workbench +--- +title: Posit Workbench +code-overflow: wrap +--- ![Version: 0.7.3](https://img.shields.io/badge/Version-0.7.3-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) @@ -7,19 +10,23 @@ Data Scientists use [Posit Workbench](https://posit.co/products/enterprise/workbench/) to analyze data and create data products using R and Python. -## For Production +## For production -To ensure a stable production deployment, please: +To ensure a stable production deployment: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check - for breaking changes +* "Pin" the version of the Helm chart that you are using. You can do this using the: + * `helm dependency` command *and* the associated "Chart.lock" files *or* + * the `--version` flag. + + ::: {.callout-important} + This protects you from breaking changes. + ::: + +* Before upgrading check for breaking changes using `helm diff upgrade`. * Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart + changes and the documentation below on how to use the chart. -## Installing the Chart +## Installing the chart To install the chart with the release name `my-release` at version 0.7.3: @@ -29,59 +36,65 @@ helm upgrade --install my-release rstudio/rstudio-workbench --version=0.7.3 ``` To explore other chart versions, take a look at: -``` + +```bash helm search repo rstudio/rstudio-workbench -l ``` -## Required Configuration +## Required configuration -This chart requires the following in order to function: +To function, this chart requires the following: -* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. +* A license file, license key, or the address of a running license server. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the home directory for users. - * If `homeStorage.create` is set, a PVC that relies on the default storage class will be created to generate the + * If `homeStorage.create` is set, it creates a Persistent Volume Claim (PVC) that relies on the default storage class to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use - with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend you disable `homeStorage.create` and - create your own `PersistentVolume` and `PersistentVolumeClaim`, then mount them into the container by specifying + with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend that you: + * disable `homeStorage.create` and + create your own `PersistentVolume` and `PersistentVolumeClaim`, then + * mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `homeStorage.name` and `homeStorage.mount`. - * If you cannot use a `PersistentVolume` to properly mount your users' home directories, you'll need to mount your + * If you cannot use a `PersistentVolume` to properly mount your users' home directories, mount your data in the container by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes/#nfs), specified in `pod.volumes` and `pod.volumeMounts`. - * If you cannot use a `Volume` to mount the directories, you'll need to manually mount them during container startup + * If you cannot use a `Volume` to mount the directories, manually mount them during container startup with a mechanism similar to what is described below for joining to auth domains. - * If not using `homeStorage.create`, you'll need to configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions. -* If using load balancing (by setting `replicas > 1`), you will need similar storage defined for `sharedStorage` to + * If not using `homeStorage.create`, configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions. +* If using load balancing (by setting `replicas > 1`), you need similar storage defined for `sharedStorage` to store shared project configuration. However, you can also configure the product to store its shared data underneath `/home` by setting `config.server.rserver\.conf.server-shared-storage-path=/home/some-shared-dir`. * A method to join the deployed `rstudio-workbench` container to your auth domain. The default `rstudio/rstudio-workbench` image has `sssd` installed and started by default. You can include `sssd` configuration in `config.userProvisioning` like so: -```yaml -config: - userProvisioning: - mysssd.conf: - sssd: - config_file_version: 2 - services: nss, pam - domains: rstudio.com - domain/rstudio.com: - id_provider: ldap - auth_provider: ldap -``` + + ```yaml + config: + userProvisioning: + mysssd.conf: + sssd: + config_file_version: 2 + services: nss, pam + domains: rstudio.com + domain/rstudio.com: + id_provider: ldap + auth_provider: ldap + ``` ## Licensing -This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. +This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against directly placing it in your values file. -### License File +### License file We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -`kubectl create secret generic rstudio-workbench-license --from-file=licenses/rstudio-workbench.lic` +```bash +kubectl create secret generic rstudio-workbench-license --from-file=licenses/rstudio-workbench.lic +``` Second, specify the following values: @@ -94,39 +107,48 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -`--set-file license.file.contents=licenses/rstudio-workbench.lic` +```bash +--set-file license.file.contents=licenses/rstudio-workbench.lic +``` -### License Key +### License key -Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. +Set a license key directly in your values file (`license.key`) or during `helm install` with the argument: -### License Server +```bash +--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX +``` -Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. +### License server -## General Principles +Set a license server directly in your values file (`license.server`) or during `helm install` with the argument: + +```bash +--set license.server= +``` + +## General principles - In most places, we opt to pass Helm values directly into ConfigMaps. We automatically translate these into the - valid `.ini` or `.dcf` file formats required by RStudio Workbench. Those config files and their mount locations are - below. -- If you need to modify the jobs launched by RStudio Workbench, you want to use `job-json-overrides`. There is a section on this below - and [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) - on the topic in general. -- The prestart scripts for RStudio Workbench and RStudio Launcher are highly customized to: - - Get the service account information off of the RStudio Workbench pod for use in launching jobs -- RStudio Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter - [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) + valid `.ini` or `.dcf` file formats required by RStudio Workbench. + - Those configuration files and their mount locations are covered in the [Configuration files](#configuration-files) section below. +- If you need to modify the jobs launched by RStudio Workbench, use `job-json-overrides`. + - Review the [Job Json overrides](#job-json-overrides) section on this below. For general information, see [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes). +- The prestart scripts for RStudio Workbench and RStudio Launcher are highly customized to get the service account information off of the RStudio Workbench pod for use in launching jobs. +- RStudio Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter. + - This is described in the + [Monitoring Posit Team Using Prometheus and Graphite](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) support article. ## Configuration files These configuration values all take the form of usual helm values -so you can set the database password with something like: +so you can set the database password with similar to: -``` +```bash ... --set config.secret.database\.conf.password=mypassword ... ``` -The files are converted into configuration files in the necessary format via go-templating. If you want to "in-line" a config file or mount it verbatim, you can use a pattern like: +The files are converted into configuration files, in the required format, via go-templating. If you want to "in-line" a configuration file or mount it verbatim, you can use a pattern like: ```yaml config: @@ -136,87 +158,77 @@ config: ``` The names of files are dynamically used, so you can add new files as needed. Beware that some files have default values, -so moving them can have adverse effects. Also, if you use a different mounting paradigm, you will need to change -the `XDG_CONFIG_DIRS` environment variable - -- Session Configuration - - These configuration files are mounted into the server and - are mounted into the session pods as well. - - `repos.conf`, `rsession.conf`, `notifications.conf` - - located in the `config.session.<< name of file >>` helm values - - mounted at `/mnt/session-configmap/rstudio/` -- Session Secret Configuration +so moving them can have adverse effects. Also, if you use a different mounting paradigm, you need to change +the `XDG_CONFIG_DIRS` environment variable. + +- Session Configuration: + - Configuration files: `repos.conf`, `rsession.conf`, `notifications.conf` + - These configuration files are mounted into the server and + the session pods. + - Located in the `config.session.<< name of file >>` helm values + - Mounted at `/mnt/session-configmap/rstudio/` +- Session Secret Configuration: - These configuration files are mounted into the server and session pods as well - `odbc.ini` and other similar shared secrets - located in `config.sessionSecret.<< name of file>>` helm values - mounted at `/mnt/session-secret/` -- Secret Configuration +- Secret Configuration: - These configuration files are mounted into the server with more restrictive permissions (0600) - `database.conf`, `openid-client-secret`, `databricks.conf` - They are located in the `config.secret.<< name of file >>` helm values - mounted at `/mnt/secret-configmap/rstudio/` -- Server Configuration +- Server Configuration: - These configuration files are mounted into the server (.ini file format) - `rserver.conf`, `launcher.conf`, `jupyter.conf`, `logging.conf` - They are located at `config.server.<< name of file >>` helm values - mounted at `/mnt/configmap/rstudio/` -- Server DCF Configuration +- Server DCF Configuration: - These configuration files are mounted into the server (.dcf file format) - `launcher-mounts`, `launcher-env` - They are located at `config.serverDcf.<< name of file >>` helm values - included at `/mnt/configmap/rstudio/` -- Profiles Configuration +- Profiles Configuration: - These configuration files are mounted into the server (.ini file format) - `launcher.kubernetes.profiles.conf` - They are located at `config.profiles.<< name of file >>` helm values - included at `/mnt/configmap/rstudio/` - - See the `Profiles` section below for more information -- Prestart + - See the [Profiles](#rstudio-profiles) section below for more information +- Prestart: - This is provided by the helm chart in a configmap - It is mounted into the pod at `/scripts/` - `prestart-workbench.bash` is used to start workbench - `prestart-launcher.bash` is used to start launcher -- User Provisioning Configuration - - These configuration files are used for configuring user provisioning (i.e. `sssd`) +- User Provisioning Configuration: + - These configuration files are used for configuring user provisioning (i.e., `sssd`) - Located at `config.userProvisioning.<< name of file >>` helm values - Mounted onto `/etc/sssd/conf.d/` with `0600` permissions by default -- Custom Startup Configuration +- Custom Startup Configuration: - `supervisord` service / unit definition `.conf` files - - Located at `config.startupCustom.<< name of file >>` helm values - - Will use the `.ini` file format, by default + - Use the `.ini` file format, by default - Mounted at `/startup/custom` - - As with all config files above, can override with a verbatim string if desired, like so: -```yaml -config: - startupCustom: - myfile.conf: | - file-used-verbatim -``` -- PAM configuration + - As with all configuration files above, can override with a verbatim string if desired: + - Located at `config.startupCustom.<< name of file >>` helm values: + ```yaml + config: + startupCustom: + myfile.conf: | + file-used-verbatim + ``` +- PAM configuration: - `pam` configuration files - Located at `config.pam.<< name of file >>` helm values - - Will be mounted verbatim as individual files (using `subPath` mounts) at `/etc/pam.d/<< name of file >>` - -### Configuring R and Python repositories - -#### R repositories - -R package repositories can be configured with `config.session.repos.conf`. + - Mounted verbatim as individual files (using `subPath` mounts) at `/etc/pam.d/<< name of file >>` -``` -config: - session: - repos.conf: - CRAN: https://packagemanager.posit.co/cran/__linux__/jammy/latest -``` - -For more information about configuring CRAN repositories in Workbench refer to the [Admin Guide](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories). +### Configuring Python and R repositories #### Python repositories -pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mounted into the session pods it is important that `launcher.useTemplates: true` is set and `pip.conf` settings are listed under `config.session` like in the example below for adding Posit Public Package Manager's PyPI. +pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mounted into the session pods, it is important that: -``` +- `launcher.useTemplates: true` is set +- `pip.conf` settings are listed under `config.session` as shown in the following example for adding Posit Public Package Manager's PyPI: + +```yaml launcher: useTemplates: true @@ -228,29 +240,43 @@ config: trusted-host: packagemanager.posit.co ``` -## User Provisioning +#### R repositories -Provisioning users in RStudio Workbench containers is challenging. Session images have users created automatically (with -consistent UIDs / GIDs), but creating users in the Workbench containers is a responsibility that falls to the -administrator today. +R package repositories can be configured with `config.session.repos.conf`: + +```yaml +config: + session: + repos.conf: + CRAN: https://packagemanager.posit.co/cran/__linux__/jammy/latest +``` + +For more information about configuring CRAN repositories in Workbench, see the [Posit Workbench Administrator Guide's - Package Installation > CRAN repositories](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories) section. + +## User provisioning + +Provisioning users in RStudio Workbench containers is challenging. Session images create users automatically (with +consistent UIDs / GIDs). However, creating users in the Workbench containers is a responsibility that falls to the +administrator. The most common way to provision users is via `sssd`. The [latest RStudio Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) has `sssd` included and running by default (see `userProvisioning` configuration files above). -The other way that this can be managed is via a lightweight "startup service" (runs once at startup and then sleeps forever) +The other way that this can be managed is via a lightweight startup service (runs once at startup and then sleeps forever) or a polling service (checks at regular intervals). Either can be written easily in `bash` or another programming language. -However, it is important to be careful of a few points: + +However, it is important to use caution for the following: - UID / GID consistency: linux usernames and their matching to UID/GID must be consistent across all nodes and across - time. Failing this can cause security issues and access by some users to files they should not be allowed to see -- usernames cannot have `@`. The `@` sign (often used in emails with SSO) is a problem for RStudio Workbench because - some operating systems disallow `@` signs in linux usernames + time. Failing can cause security issues and access by some users to access view they should not be allowed to see. +- Usernames cannot have `@`. The `@` sign (often used in emails with SSO) is a problem for RStudio Workbench because + some operating systems disallow `@` signs in linux usernames. - `supervisord` is configured by default to exit if any of its child processes exit. If you use `config.startupCustom` - to configure a user management service, be careful that it does not exit unnecessarily + to configure a user management service, be careful that it does not exit unnecessarily. We do not provide such a service out of the box because we intend for RStudio Workbench to solve this problem in a -future release. Please get in touch with your account representative if you have feedback or questions about this +future release. Please contact your account representative if you have feedback or questions about this workflow. ### PAM @@ -259,7 +285,7 @@ When starting sessions on RStudio Workbench, PAM configuration is often very imp an authentication mechanism. The RStudio Workbench helm chart allows creating custom PAM files via the `config.pam` values section. -Each key under `config.pam` will become a PAM config file, and will be mounted into `/etc/pam.d/` in the container. For +Each key under `config.pam` becomes a PAM configuration file, and is mounted into `/etc/pam.d/` in the container. For example: ```yaml @@ -279,17 +305,17 @@ Profiles are used to define product behavior (in `.ini` file format) based on us Sections define whether a set of configurations is applied to a user's jobs based on the following criteria: -- if section header is `[*]`, it applies to all users -- if a user's username is `myusername`, the section `[myusername]` will apply to them -- if a user is in the `allusers` group, then the section `[@allusers]` will apply to them +- If section header is `[*]`, it applies to all users. +- If a user's username is `myusername`, the section `[myusername]` applies to them. +- If a user is in the `allusers` group, then the section `[@allusers]` applies to them The product reads configuration from top to bottom and "last-in-wins" for a given configuration value. ### `/etc/rstudio/profiles` -The `/etc/rstudio/profiles` file enables you to tailor the behavior of sessions on a per-user or per-group basis. See the Workbench Admin Guide [User and Group Profiles](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.html) page for more details. +The `/etc/rstudio/profiles` file enables you to tailor the behavior of sessions on a per-user or per-group basis. See the [Posit Workbench Administrator Guide - User and Group Profiles](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.html) page for more information. -In the `values.yaml`, the content of `/etc/rstudio/profiles` should be defined in `config.server.profiles`. For example: +In the `values.yaml`, define the content of `/etc/rstudio/profiles` in `config.server.profiles`. For example: ```yaml config: @@ -312,17 +338,17 @@ session-timeout-minutes=60 ### `/etc/rstudio/launcher.kubernetes.profiles.conf` -The `/etc/rstudio/launcher.kubernetes.profiles.conf` contains the configuration of resource limits by user and group when using the Kubernetes Launcher Plugin. In the `values.yaml`, the content of `/etc/rstudio/launcher.kubernetes.profiles.conf ` should be defined in `config.profiles.launcher.kubernetes.profiles.conf`. The `config.profiles` section has a couple of niceties that are added in by default. +The `/etc/rstudio/launcher.kubernetes.profiles.conf` contains the configuration of resource limits by user and group when using the Kubernetes Launcher Plugin. In the `values.yaml`, define the content of `/etc/rstudio/launcher.kubernetes.profiles.conf ` in the `config.profiles.launcher.kubernetes.profiles.conf` file. The `config.profiles` section has a couple of niceties that are added in by default. -- YAML arrays like the following will be "comma-joined." For instance, the following will become: `some-key=value1,value2` +- YAML arrays like the following becomes "comma-joined." For instance, the following becomes: `some-key=value1,value2` -```yaml -some-key: - - value1 - - value2 -``` + ```yaml + some-key: + - value1 + - value2 + ``` -- The `[*]` section will have arrays "appended" to user and group sections, along with "defaults" defined by the chart. +- The `[*]` section has arrays "appended" to user and group sections, along with "defaults" defined by the chart. For example: @@ -339,6 +365,7 @@ config: - value4 - value5 ``` + Becomes: _/etc/rstudio/launcher.kubernetes.profiles.conf_ @@ -350,23 +377,28 @@ some-key: value1,value2 some-key: value1,value2,value3,value4 ``` -> NOTE: this appending/concatenation/array translation behavior only works with the helm chart +:::{.callout-note} +This appending/concatenation/array translation behavior only works with the helm chart. +::: + +### Job Json overrides -### Job Json Overrides +If you want to customize the job launch process (i.e., how sessions are defined), edit the following configuration: -If you want to customize the job launch process (i.e. how sessions are defined), you will need to edit the following -configuration: - - modify `config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` - - create an array of maps with the following keys: - - `target`: the "target" part of the job spec to replace - - `name`: a unique identifier (ideally with no spaces) that will become a config filename on disk - - `json`: a YAML value that will be translated directly to JSON and injected into the job spec at `target` +- Modify: + ```yaml + config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` + ``` +- Create an array of maps with the following keys: + - `target`: the "target" part of the job spec to replace + - `name`: a unique identifier (ideally with no spaces) becomes a configuration filename on disk. + - `json`: a YAML value that is translated directly to JSON and injected into the job spec at `target`. -Note that several examples are provided +Several examples are provided in [this support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) (however, examples do not use the helm chart syntax there). -Alternatively, you can explore the docs in the [helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md) +Alternatively, you can explore the docs in the [helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md).x ```yaml config: @@ -386,10 +418,11 @@ config: - "two-image:tag ``` -## Sealed Secrets +## Sealed secrets + This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. -To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted. The chart does not support mixing encrypted values with unencrypted values. +To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted (the chart does not support mixing encrypted values with unencrypted values): - `config.secret` - `config.sessionSecret` @@ -397,7 +430,7 @@ To activate the use of `SealedSecret` templates instead of `Secret` templates in - `launcherPem` - `secureCookieKey` (or `global.secureCookieKey`) -Use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key which can be generated via an RSA tool such as helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID which can be generated via a UUID generator such as helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. +Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key, which can be generated via an RSA tool such as helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID, which can be generated via a UUID generator such as helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. ## Values diff --git a/examples/workbench/index.qmd b/examples/workbench/index.qmd index 6b6ec2c0..2a3fb88a 100644 --- a/examples/workbench/index.qmd +++ b/examples/workbench/index.qmd @@ -12,7 +12,7 @@ Before using an example, read through all the comments and ensure you address ea While each example focuses on one or more particular configurations, RStudio Workbench has some standard requirements listed in each example. -Each example will need the following to run correctly: +Each example needs the following to run correctly: - PostgreSQL database specified in the Workbench configuration - License key or file specified diff --git a/index.qmd b/index.qmd index 319ec014..435cdc7b 100644 --- a/index.qmd +++ b/index.qmd @@ -1,13 +1,15 @@ -# Posit Helm Charts +--- +title: Posit Helm Charts +--- [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/rstudio)](https://artifacthub.io/packages/search?repo=rstudio) [![GitHub license](https://img.shields.io/github/license/rstudio/helm.svg)](https://github.com/rstudio/helm/blob/main/LICENSE) ## Usage -1. Install [Helm](https://helm.sh). Please refer to Helm's [documentation](https://helm.sh/docs/) for more information on getting started. +1. Install [Helm](https://helm.sh). Please refer to the [Helm documentation](https://helm.sh/docs/) for more information on getting started. -2. Add the Posit Helm repo: +2. Add the Posit Helm repository: ```console helm repo add rstudio https://helm.rstudio.com @@ -17,4 +19,4 @@ ```console helm search repo rstudio - ``` + ``` \ No newline at end of file From 2ec1d03eccda9caf30f1b0ecd07ad5d864b72796 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Fri, 10 May 2024 20:54:07 -0400 Subject: [PATCH 029/284] New version of posit theme installed --- _environment | 1 - .../posit-dev/posit-docs/_extension.yml | 9 +- .../posit-dev/posit-docs/_posit-colors.scss | 37 ++ .../assets/images/exclamation-circle-dm.svg | 4 + .../assets/images/exclamation-circle.svg | 4 + .../assets/images/exclamation-triangle-dm.svg | 4 + .../assets/images/exclamation-triangle.svg | 4 + .../assets/images/info-circle-dm.svg | 4 + .../posit-docs/assets/images/info-circle.svg | 4 + .../assets/images/posit-logo-black-TM.svg | 2 +- .../posit-dev/posit-docs/theme-dark.scss | 342 ++++++++++++++++++ _extensions/posit-dev/posit-docs/theme.scss | 327 +++++++++++++---- _quarto.yml | 16 +- 13 files changed, 666 insertions(+), 92 deletions(-) create mode 100644 _extensions/posit-dev/posit-docs/_posit-colors.scss create mode 100644 _extensions/posit-dev/posit-docs/assets/images/exclamation-circle-dm.svg create mode 100644 _extensions/posit-dev/posit-docs/assets/images/exclamation-circle.svg create mode 100644 _extensions/posit-dev/posit-docs/assets/images/exclamation-triangle-dm.svg create mode 100644 _extensions/posit-dev/posit-docs/assets/images/exclamation-triangle.svg create mode 100644 _extensions/posit-dev/posit-docs/assets/images/info-circle-dm.svg create mode 100644 _extensions/posit-dev/posit-docs/assets/images/info-circle.svg create mode 100644 _extensions/posit-dev/posit-docs/theme-dark.scss diff --git a/_environment b/_environment index 3f26336d..0521a9f7 100644 --- a/_environment +++ b/_environment @@ -1,2 +1 @@ CURRENT_YEAR=2024 -PRODUCT_VERSION=2024.x diff --git a/_extensions/posit-dev/posit-docs/_extension.yml b/_extensions/posit-dev/posit-docs/_extension.yml index 5e7f0b4d..9f03f0f2 100644 --- a/_extensions/posit-dev/posit-docs/_extension.yml +++ b/_extensions/posit-dev/posit-docs/_extension.yml @@ -1,6 +1,6 @@ title: posit-docs author: Ashley Henry, David Aja, Aron Atkins -version: 3.0.0 +version: 4.0.1 quarto-required: ">=1.3.340" contributes: project: @@ -12,9 +12,10 @@ contributes: navbar: pinned: true logo: "assets/images/posit-icon-fullcolor.svg" - logo-alt: "Posit Documentation" + logo-alt: "Posit Documentation" right: - icon: "list" + aria-label: 'Drop-down menu for additional Posit resources' menu: - text: "docs.posit.co" href: "https://docs.posit.co" @@ -25,7 +26,9 @@ contributes: show-item-context: true format: html: - theme: [theme.scss] + theme: + light: [theme.scss] + dark: [theme-dark.scss] link-external-icon: true link-external-newwindow: true toc: true diff --git a/_extensions/posit-dev/posit-docs/_posit-colors.scss b/_extensions/posit-dev/posit-docs/_posit-colors.scss new file mode 100644 index 00000000..e4bf13a3 --- /dev/null +++ b/_extensions/posit-dev/posit-docs/_posit-colors.scss @@ -0,0 +1,37 @@ +/* Posit Color definitions */ +$posit-blue: #447099; +$posit-light-blue-1: #d1dbe5; +$posit-light-blue-2: #a2b8cb; +$posit-light-blue-3: #7494b1; +$posit-dark-blue-1: #305775; +$posit-dark-blue-2: #213d4f; + +$posit-orange: #ee6331; +$posit-light-orange-1: #edccbf; +$posit-light-orange-2: #eba38c; +$posit-dark-orange-1: #ab4d26; +$posit-dark-orange-2: #80361c; +$posit-dark-orange-3: #451f12; + +$posit-gray: #404041; +$posit-light-gray-1: #c2c2c4; +$posit-light-gray-2: #949494; +$posit-dark-gray-1: #333333; + +$posit-teal: #419599; +$posit-light-teal-1: #c2d9d9; +$posit-light-teal-2: #94bdbf; +$posit-light-teal-3: #70a3a6; +$posit-dark-teal-1: #297075; +$posit-dark-teal-2: #1f4f4f; +$posit-dark-teal-3: #122b2b; + +$posit-green: #72994e; + +$posit-burgundy: #9a4665; +$posit-light-burgundy-1: #d9c4cc; +$posit-light-burgundy-2: #bf96a3; +$posit-light-burgundy-3: #a67380; +$posit-dark-burgundy-1: #78384f; +$posit-dark-burgundy-2: #542938; +$posit-dark-burgundy-3: #2e171f; diff --git a/_extensions/posit-dev/posit-docs/assets/images/exclamation-circle-dm.svg b/_extensions/posit-dev/posit-docs/assets/images/exclamation-circle-dm.svg new file mode 100644 index 00000000..fbdfd203 --- /dev/null +++ b/_extensions/posit-dev/posit-docs/assets/images/exclamation-circle-dm.svg @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/_extensions/posit-dev/posit-docs/assets/images/exclamation-circle.svg b/_extensions/posit-dev/posit-docs/assets/images/exclamation-circle.svg new file mode 100644 index 00000000..6098c8b2 --- /dev/null +++ b/_extensions/posit-dev/posit-docs/assets/images/exclamation-circle.svg @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/_extensions/posit-dev/posit-docs/assets/images/exclamation-triangle-dm.svg b/_extensions/posit-dev/posit-docs/assets/images/exclamation-triangle-dm.svg new file mode 100644 index 00000000..63db9932 --- /dev/null +++ b/_extensions/posit-dev/posit-docs/assets/images/exclamation-triangle-dm.svg @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/_extensions/posit-dev/posit-docs/assets/images/exclamation-triangle.svg b/_extensions/posit-dev/posit-docs/assets/images/exclamation-triangle.svg new file mode 100644 index 00000000..65d947c9 --- /dev/null +++ b/_extensions/posit-dev/posit-docs/assets/images/exclamation-triangle.svg @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/_extensions/posit-dev/posit-docs/assets/images/info-circle-dm.svg b/_extensions/posit-dev/posit-docs/assets/images/info-circle-dm.svg new file mode 100644 index 00000000..6a5c164d --- /dev/null +++ b/_extensions/posit-dev/posit-docs/assets/images/info-circle-dm.svg @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/_extensions/posit-dev/posit-docs/assets/images/info-circle.svg b/_extensions/posit-dev/posit-docs/assets/images/info-circle.svg new file mode 100644 index 00000000..f4f803ad --- /dev/null +++ b/_extensions/posit-dev/posit-docs/assets/images/info-circle.svg @@ -0,0 +1,4 @@ + + + + diff --git a/_extensions/posit-dev/posit-docs/assets/images/posit-logo-black-TM.svg b/_extensions/posit-dev/posit-docs/assets/images/posit-logo-black-TM.svg index 3b159987..90331515 100644 --- a/_extensions/posit-dev/posit-docs/assets/images/posit-logo-black-TM.svg +++ b/_extensions/posit-dev/posit-docs/assets/images/posit-logo-black-TM.svg @@ -1 +1 @@ - \ No newline at end of file + diff --git a/_extensions/posit-dev/posit-docs/theme-dark.scss b/_extensions/posit-dev/posit-docs/theme-dark.scss new file mode 100644 index 00000000..ec1e26d4 --- /dev/null +++ b/_extensions/posit-dev/posit-docs/theme-dark.scss @@ -0,0 +1,342 @@ +/*-- scss:defaults --*/ + +// import font +@import url("https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,500;0,600;0,700;0,800;1,300;1,400;1,500;1,600;1,700;1,800&display=swap"); + +// import shared colors +@import '_posit-colors'; + +/*-- scss:variables --*/ +$primary: $posit-teal; +$dark-md-body: $posit-light-gray-1; +$dark-md-background: #0c1721; + +// Feature preview heading colors +$preview-header: $posit-orange; /* posit orange, contrast: 8.45 */ +$preview-header-border: darken($preview-header, 5%); + +// scss-docs-end color-variables + +// Typography +// Font, line-height, and color for body text, headings, and more. + +//scss-font-start font-variables +$font-family-sans-serif: "Open Sans", "Segoe UI", Roboto, "Helvetica Neue", "Noto Sans", "Liberation Sans", Arial, + sans-serif, system-ui; +$font-family-monospace: "Source Code Pro", monospace; +$font-family-emoji: "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji"; +$font-size-base: 1rem; +// scss-docs-end font-variables + +//font and body color + +$body-color: $dark-md-body; +$popover-bg: $posit-green !default; + +// scss-docs-start font-sizes - seems that I have to keep these in the style sheet? +$h1-font-size: 44px; +$h2-font-size: 28px; +x h1 { + size: $h1-font-size; +} +h2 { + size: $h2-font-size; +} +// scss-docs-end font-sizes + +// Headings +// scss-docs-start headings-variables +$headings-color: #ffffff; +// scss-docs-end headings-variables + +// Customize the navbar +$navbar-bg: lighten($dark-md-background, 5%); +$navbar-fg: #ffffff; + +// CSS overrides + +// Body +// +// Settings for the `` element. + +//$body-color: $posit-green !default; +$body-bg: $dark-md-background !default; // dark mode change + +// Nav and footer + +/* Nav bar */ + +.navbar-title { + color: #ffffff; // dark theme change +} + +.nav-link { + font-family: $font-family-monospace; + text-transform: uppercase; + letter-spacing: 0.03em; + font-size: 14px !important; + font-weight: 500 !important; + color: #fff !important; +} + +.navbar-nav .nav-link.active, +.navbar-nav .nav-link.show { + color: $posit-teal !important; + font-weight: 700 !important; +} + +/* Nav bar right hamburger menu */ + +.dropdown-item:hover, +.dropdown-item:focus { + color: var(--bs-dropdown-link-hover-color); + background-color: #0f1c29 !important; +} + +/* Footer */ + +.nav-footer { + color: #ffffff !important; + border-top: solid $posit-gray 1px; +} + +/* Footer icons */ +.nav-footer a { + color: #ffffff !important; +} + +// Footnotes + +.footnote-back { + color: $posit-light-teal-2; +} + +// Breadcrumbs + +.quarto-title-breadcrumbs .breadcrumb li:last-of-type a { + color: $posit-light-gray-1 !important; +} + +// Page navigation + +.nav-page .nav-page-text { + color: $posit-light-gray-1; +} + +/* Inline code */ +p code:not(.sourceCode), +li code:not(.sourceCode), +td code:not(.sourceCode) { + background-color: #6e768166 !important; + color: #ffffff; +} + +// Code blocks + +/* Code block title*/ + +.quarto-dark .code-with-filename .code-with-filename-file { + background-color: #000000 !important; + border: none; +} + +.code-with-filename strong { + color: #6e9ac3; +} + +/* Code block background */ +$code-block-bg: lighten($dark-md-background, 10%); + +/* Copy button */ + +$btn-code-copy-color: $posit-light-blue-2; +$btn-code-copy-color-active: #ffffff; +$callout-icon-scale: 70%; + +// Tabs and pills + +/* Tabs */ + +.nav-tabs .nav-link.active { + color: $posit-teal !important; +} + +.nav-tabs .nav-link { + text-transform: none !important; + font-family: $font-family-sans-serif; + color: #ffffff !important; +} + +.nav-tabs .nav-link:hover, +.nav-link:focus { + color: $posit-teal !important; +} + +/* Pills */ + +.nav-pills .nav-link.active, +.nav-pills .show > .nav-link { + background-color: $posit-dark-teal-1 !important; +} + +.nav-pills .nav-link:hover, +.nav-link:focus { + isolation: isolate; + // color: $posit-teal !important; + border: none !important; +} + +.nav-pills .nav-link.active, +.nav-link:hover { + color: #ffffff !important; +} + +// Sidebar and toc + +/* Left nav - letter spacing */ +.sidebar-navigation li a { + color: #ffffff; +} + +.sidebar-navigation li a:hover { + color: inherit; +} + +.sidebar-item-container .active, +div.sidebar-item-container .show > .nav-link, +div.sidebar-item-container .sidebar-link > code { + color: $posit-teal !important; +} + +// Lists + +/* List disc colors */ +li::marker { + color: $posit-teal; +} + +// Callouts + +.callout.callout-style-default:not(.no-icon) div.callout-title-container { + color: #ffffff !important; +} + +div.callout.callout-style-default > div.callout-header { + opacity: none; +} + +/* Note */ + +div.callout-note.callout { + border-left-color: $posit-dark-blue-2 !important; + border-right: 1px solid $posit-dark-blue-2 !important; + border-top: 1px solid $posit-dark-blue-2 !important; + border-bottom: 1px solid $posit-dark-blue-2 !important; +} + +div.callout-note .callout-icon::before { + // base64 -i _extensions/posit-docs/assets/images/info-circle-dm.svg + background-image: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxNiIgaGVpZ2h0PSIxNiIgZmlsbD0iIzAwMDAwMCIgY2xhc3M9ImJpIGJpLWluZm8tY2lyY2xlIiB2aWV3Qm94PSIwIDAgMTYgMTYiPgogIDxwYXRoIGQ9Ik04IDE1QTcgNyAwIDEgMSA4IDFhNyA3IDAgMCAxIDAgMTRtMCAxQTggOCAwIDEgMCA4IDBhOCA4IDAgMCAwIDAgMTYiLz4KICA8cGF0aCBkPSJtOC45MyA2LjU4OC0yLjI5LjI4Ny0uMDgyLjM4LjQ1LjA4M2MuMjk0LjA3LjM1Mi4xNzYuMjg4LjQ2OWwtLjczOCAzLjQ2OGMtLjE5NC44OTcuMTA1IDEuMzE5LjgwOCAxLjMxOS41NDUgMCAxLjE3OC0uMjUyIDEuNDY1LS41OThsLjA4OC0uNDE2Yy0uMi4xNzYtLjQ5Mi4yNDYtLjY4Ni4yNDYtLjI3NSAwLS4zNzUtLjE5My0uMzA0LS41MzN6TTkgNC41YTEgMSAwIDEgMS0yIDAgMSAxIDAgMCAxIDIgMCIvPgo8L3N2Zz4=") !important; +} + +div.callout-note.callout-style-default > .callout-header { + background-color: $posit-blue !important; +} + +/* Warning */ + +div.callout-warning.callout { + border-left-color: $posit-dark-orange-2 !important; + border-right: 1px solid $posit-dark-orange-2 !important; + border-top: 1px solid $posit-dark-orange-2 !important; + border-bottom: 1px solid $posit-dark-orange-2 !important; +} + +div.callout-warning .callout-icon::before { + // base64 -i _extensions/posit-docs/assets/images/exclamation-triangle-dm.svg + background-image: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxNiIgaGVpZ2h0PSIxNiIgZmlsbD0iIzAwMDAwMCIgY2xhc3M9ImJpIGJpLWV4Y2xhbWF0aW9uLXRyaWFuZ2xlIiB2aWV3Qm94PSIwIDAgMTYgMTYiPgogIDxwYXRoIGQ9Ik03LjkzOCAyLjAxNkEuMTMuMTMgMCAwIDEgOC4wMDIgMmEuMTMuMTMgMCAwIDEgLjA2My4wMTYuMTUuMTUgMCAwIDEgLjA1NC4wNTdsNi44NTcgMTEuNjY3Yy4wMzYuMDYuMDM1LjEyNC4wMDIuMTgzYS4yLjIgMCAwIDEtLjA1NC4wNi4xLjEgMCAwIDEtLjA2Ni4wMTdIMS4xNDZhLjEuMSAwIDAgMS0uMDY2LS4wMTcuMi4yIDAgMCAxLS4wNTQtLjA2LjE4LjE4IDAgMCAxIC4wMDItLjE4M0w3Ljg4NCAyLjA3M2EuMTUuMTUgMCAwIDEgLjA1NC0uMDU3bTEuMDQ0LS40NWExLjEzIDEuMTMgMCAwIDAtMS45NiAwTC4xNjUgMTMuMjMzYy0uNDU3Ljc3OC4wOTEgMS43NjcuOTggMS43NjdoMTMuNzEzYy44ODkgMCAxLjQzOC0uOTkuOTgtMS43Njd6Ii8+CiAgPHBhdGggZD0iTTcuMDAyIDEyYTEgMSAwIDEgMSAyIDAgMSAxIDAgMCAxLTIgME03LjEgNS45OTVhLjkwNS45MDUgMCAxIDEgMS44IDBsLS4zNSAzLjUwN2EuNTUyLjU1MiAwIDAgMS0xLjEgMHoiLz4KPC9zdmc+") !important; +} + +div.callout-warning.callout-style-default > .callout-header { + background-color: $posit-dark-orange-1 !important; +} + +/* Important */ + +div.callout-important.callout { + border-left-color: $posit-dark-burgundy-2 !important; + border-right: 1px solid $posit-dark-burgundy-2 !important; + border-top: 1px solid $posit-dark-burgundy-2 !important; + border-bottom: 1px solid $posit-dark-burgundy-2 !important; +} + +div.callout-important .callout-icon::before { + // base64 -i _extensions/posit-docs/assets/images/exclamation-circle-dm.svg + background-image: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxNiIgaGVpZ2h0PSIxNiIgZmlsbD0iIzAwMDAwMCIgY2xhc3M9ImJpIGJpLWV4Y2xhbWF0aW9uLWNpcmNsZSIgdmlld0JveD0iMCAwIDE2IDE2Ij4KICA8cGF0aCBkPSJNOCAxNUE3IDcgMCAxIDEgOCAxYTcgNyAwIDAgMSAwIDE0bTAgMUE4IDggMCAxIDAgOCAwYTggOCAwIDAgMCAwIDE2Ii8+CiAgPHBhdGggZD0iTTcuMDAyIDExYTEgMSAwIDEgMSAyIDAgMSAxIDAgMCAxLTIgME03LjEgNC45OTVhLjkwNS45MDUgMCAxIDEgMS44IDBsLS4zNSAzLjUwN2EuNTUyLjU1MiAwIDAgMS0xLjEgMHoiLz4KPC9zdmc+") !important; +} + +div.callout-important.callout-style-default > .callout-header { + background-color: $posit-burgundy !important; +} + +// Tables + +.table > :not(caption) > * > * { + border-top: 2px solid #101e2b; +} + +/* Striped table styles */ + +.table-striped > tbody > tr:nth-of-type(odd) > * { + //--bs-table-bg-type: #001C2B !important; + --bs-table-bg-type: #101e2b !important; +} + +/* Striped table hover */ + +.table-hover > tbody > tr:hover > * { + //--bs-table-color-state: var(--bs-table-hover-color); + --bs-table-bg-state: #001c2b !important; +} + +// Table caption + +.panel-caption, +.figure-caption, +.subfigure-caption, +.table-caption, +figcaption, +caption { + font-size: 1rem; + color: $body-color !important; +} + +// Specialty headers + +/* the feature PREVIEW header */ +.preview-header > h1:after, +.preview-header > h2:after, +.preview-header > h3:after, +.preview-header > h4:after, +header h1 .preview-header, +div span.preview-feature { + background-color: $preview-header; + color: #ffffff; + border: 1px solid $preview-header-border; + font-weight: 600; + font-size: 9pt !important; + padding: 0rem 0.4rem; +} + +div span.preview-feature { + margin-left: 1em; + text-transform: uppercase; +} + +// Specialty lists +// Groovy list - dark mode change + +ol.groovyAlpha li > p:before { + content: counter(list-counter, lower-alpha); + font-weight: 600; +} diff --git a/_extensions/posit-dev/posit-docs/theme.scss b/_extensions/posit-dev/posit-docs/theme.scss index 418bd8b4..0a4e222a 100644 --- a/_extensions/posit-dev/posit-docs/theme.scss +++ b/_extensions/posit-dev/posit-docs/theme.scss @@ -1,26 +1,16 @@ /*-- scss:defaults --*/ // import font -@import url('https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,500;0,600;0,700;0,800;1,300;1,400;1,500;1,600;1,700;1,800&display=swap'); +@import url("https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,500;0,600;0,700;0,800;1,300;1,400;1,500;1,600;1,700;1,800&display=swap"); -/*-- scss:variables --*/ - -// scss-docs-start color-variables -$posit-blue: #447099; -$posit-dark-blue-1: #305775; -$posit-dark-blue-2: #213D4F; -$posit-orange: #EE6331; -$posit-gray: #404041; -$posit-teal: #419599; -$posit-green: #72994E; -$posit-burgundy:#9A4665; -$posit-burgundy-1:#78384F; -$posit-burgundy-2:#542938; +// import shared colors +@import '_posit-colors'; +/*-- scss:variables --*/ $primary: $posit-blue; // Feature preview heading colors -$preview-header: #EE6331; /* posit orange, contrast: 8.45 */ +$preview-header: #ee6331; /* posit orange, contrast: 8.45 */ $preview-header-border: darken($preview-header, 5%); // scss-docs-end color-variables @@ -29,17 +19,19 @@ $preview-header-border: darken($preview-header, 5%); // Font, line-height, and color for body text, headings, and more. //scss-font-start font-variables -$font-family-sans-serif: "Open Sans", "Segoe UI", Roboto, "Helvetica Neue", "Noto Sans", "Liberation Sans", Arial, sans-serif, system-ui; +$font-family-sans-serif: "Open Sans", "Segoe UI", Roboto, "Helvetica Neue", "Noto Sans", "Liberation Sans", Arial, + sans-serif, system-ui; $font-family-monospace: "Source Code Pro", monospace; $font-family-emoji: "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji"; $font-size-base: 1rem; // scss-docs-end font-variables +//font and body color $body-color: $posit-gray; // scss-docs-start font-sizes -$h1-font-size:44px; -$h2-font-size:28px; +$h1-font-size: 44px; +$h2-font-size: 28px; h1 { size: $h1-font-size; @@ -49,7 +41,6 @@ h2 { } // scss-docs-end font-sizes - // Headings // scss-docs-start headings-variables $headings-font-weight: 300 !important; @@ -69,15 +60,39 @@ $list-group-color: $primary !default; // CSS overrides +// Body +// +// Settings for the `` element. + +/* Body font */ +body { + letter-spacing: -0.2px !important; +} + +// Nav and footer + +/* Navbar */ + .navbar { - box-shadow: 0 0 0.2rem #0000001a, 0 0.1rem 0.4rem #0003; - transition: transform .25s cubic-bezier(.1,.7,.1,1),box-shadow .25s; + box-shadow: + 0 0 0.2rem #0000001a, + 0 0.1rem 0.4rem #0003; + transition: + transform 0.25s cubic-bezier(0.1, 0.7, 0.1, 1), + box-shadow 0.25s; } .navbar-title { - font-family: $font-family-sans-serif; - font-size: $font-size-base; - font-weight: 500; + font-family: $font-family-sans-serif; + font-size: $font-size-base; + font-weight: 500; +} + +/* Style for the version included in the website title */ +.navbar-title small { + font-size: 14px; + display: block; + padding-left: 1em; } /* Style for the version included in the website title */ @@ -101,29 +116,153 @@ $list-group-color: $primary !default; } .nav-link { - font-family: $font-family-monospace; - text-transform: uppercase; - letter-spacing: .03em; - font-size: 14px !important; - font-weight: 500 !important; + font-family: $font-family-monospace; + text-transform: uppercase; + letter-spacing: 0.03em; + font-size: 14px !important; + font-weight: 500 !important; + color: $posit-gray !important; +} + +.navbar-nav .nav-link.active, +.navbar-nav .nav-link.show { + color: #000000 !important; + font-weight: 700 !important; } +/* Footer */ + .nav-footer { - font-family: $font-family-monospace; - text-transform: uppercase; - font-size: 14px; - border-top: solid #0000001a .01em; - align-items: center !important; + font-family: $font-family-monospace; + text-transform: uppercase; + font-size: 14px; + border-top: solid #0000001a 0.01em; + align-items: center !important; } -/* Tabs */ +.nav-footer .nav-footer-center { + min-height: min-content; +} + +/* Footer icons */ + +/* Full Posit logo - currently, unused */ +#footer-right-full-posit-logo { + width: 70px; + min-width: 70px; +} + +/* Posit guide book */ +#footer-right-logo { + width: 24px; + min-width: 24px; + margin-left: -3px !important; + margin-right: -3px !important; + padding-top: 1px; +} + +/* Posit icon fullcolor */ +#footer-right-posit-logo { + width: 18px; + min-width: 18px; + margin-left: -3px !important; + margin-right: -3px !important; + padding-top: 1px; +} + +/* Posit logo - footer +#footer-logo { + width: 70px; + min-width: 70px; +} +*/ + +.bi-question-circle-fill { + font-size: 18px !important; +} + +.bi-lightbulb-fill { + font-size: 18px !important; +} + +// Footnotes + +.footnote-back { + font-size: 16px !important; + font-weight: 900px !important; + color: $posit-dark-blue-1; +} + +// Tabs and pills + +/* Tabs */ .nav-tabs .nav-link { - text-transform: none !important; - font-family: $font-family-sans-serif; + text-transform: none !important; + font-family: $font-family-sans-serif; + color: $posit-gray !important; +} + +.nav-tabs .nav-link.active, +.nav-tabs .nav-item.show .nav-link { + color: #000000 !important; +} + +.nav-tabs .nav-link:hover, +.nav-link:focus { + color: $posit-blue !important; +} + +/* Pills */ + +.nav-pills { + border: none !important; +} + +.nav-pills, +.panel-underline { + > .nav { + display: flex; + border: none !important; + flex-direction: row; + justify-content: center; + .nav-link { + cursor: pointer; + } + } +} + +.nav-pills > .nav .nav-link { + border: none !important; +} + +.nav-pills, +.panel-underline { + .tab-content { + padding-left: 0; + padding-right: 0; + border: none; + } +} + +.nav-pills .nav-link.active, +.nav-pills .nav-item.show .nav-link { + color: #ffffff !important; +} + +.nav-pills .nav-link:hover, +.nav-link:focus { + isolation: isolate; + color: $posit-blue !important; + border: none !important; +} + +.nav-pills .nav-link.active, +.nav-pills .show > .nav-link { + color: #ffffff !important; } -/* Sidebar and toc */ +// Sidebar and toc /* Left nav */ .sidebar-item-container .active { @@ -132,45 +271,85 @@ $list-group-color: $primary !default; /* Left nav - letter spacing */ .sidebar-navigation li a { - letter-spacing: .03em; + letter-spacing: 0.03em; font-size: 16px; } +/* Left nav - letter spacing */ +.sidebar-navigation li a { + letter-spacing: -0.2px; + line-height: normal; +} + /* Mini TOC */ -.sidebar nav[role=doc-toc]>ul li a { - text-transform: none !important; - font-family: $font-family-sans-serif; - font-weight: 400 !important; - letter-spacing: -0.2px !important; +.sidebar nav[role="doc-toc"] > ul li a { + text-transform: none !important; + font-family: $font-family-sans-serif; + font-weight: 400 !important; + letter-spacing: -0.2px !important; } -.sidebar nav[role=doc-toc] ul>li>a.active, .sidebar nav[role=doc-toc] ul>li>ul>li>a.active { - font-weight: 700 !important; +.sidebar nav[role="doc-toc"] ul > li > a.active, +.sidebar nav[role="doc-toc"] ul > li > ul > li > a.active { + font-weight: 700 !important; } -/* Left nav - letter spacing */ -.sidebar-navigation li a { - letter-spacing: -0.2px; - line-height: normal; +// Lists + +/* List disc colors */ +li::marker { + color: $primary; } -/* Posit logo - footer */ -#footer-logo { - width: 70px; - min-width: 70px; +// Callouts + +.callout.callout-style-default:not(.no-icon) div.callout-title-container { + color: $posit-dark-gray-1 !important; } -/* Footer */ -.nav-footer .nav-footer-center { - min-height: min-content; +/* Note */ + +div.callout-note.callout { + border-left-color: $posit-blue !important; } -// Font +div.callout-note .callout-icon::before { + // base64 -i _extensions/posit-docs/assets/images/info-circle.svg + background-image: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxNiIgaGVpZ2h0PSIxNiIgZmlsbD0iIzE3MjEyQiIgY2xhc3M9ImJpIGJpLWluZm8tY2lyY2xlIiB2aWV3Qm94PSIwIDAgMTYgMTYiPgogIDxwYXRoIGQ9Ik04IDE1QTcgNyAwIDEgMSA4IDFhNyA3IDAgMCAxIDAgMTRtMCAxQTggOCAwIDEgMCA4IDBhOCA4IDAgMCAwIDAgMTYiLz4KICA8cGF0aCBkPSJtOC45MyA2LjU4OC0yLjI5LjI4Ny0uMDgyLjM4LjQ1LjA4M2MuMjk0LjA3LjM1Mi4xNzYuMjg4LjQ2OWwtLjczOCAzLjQ2OGMtLjE5NC44OTcuMTA1IDEuMzE5LjgwOCAxLjMxOS41NDUgMCAxLjE3OC0uMjUyIDEuNDY1LS41OThsLjA4OC0uNDE2Yy0uMi4xNzYtLjQ5Mi4yNDYtLjY4Ni4yNDYtLjI3NSAwLS4zNzUtLjE5My0uMzA0LS41MzN6TTkgNC41YTEgMSAwIDEgMS0yIDAgMSAxIDAgMCAxIDIgMCIvPgo8L3N2Zz4=") !important; +} -/* Body font */ -body { - letter-spacing: -0.2px !important; - } +div.callout-note.callout-style-default > .callout-header { + background-color: #dce7f2 !important; +} + +/* Warning */ +div.callout-warning.callout { + border-left-color: $posit-orange !important; +} + +div.callout-warning .callout-icon::before { + // base64 -i _extensions/posit-docs/assets/images/exclamation-triangle.svg + background-image: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxNiIgaGVpZ2h0PSIxNiIgZmlsbD0iIzQ1MUYxMiIgY2xhc3M9ImJpIGJpLWV4Y2xhbWF0aW9uLXRyaWFuZ2xlIiB2aWV3Qm94PSIwIDAgMTYgMTYiPgogIDxwYXRoIGQ9Ik03LjkzOCAyLjAxNkEuMTMuMTMgMCAwIDEgOC4wMDIgMmEuMTMuMTMgMCAwIDEgLjA2My4wMTYuMTUuMTUgMCAwIDEgLjA1NC4wNTdsNi44NTcgMTEuNjY3Yy4wMzYuMDYuMDM1LjEyNC4wMDIuMTgzYS4yLjIgMCAwIDEtLjA1NC4wNi4xLjEgMCAwIDEtLjA2Ni4wMTdIMS4xNDZhLjEuMSAwIDAgMS0uMDY2LS4wMTcuMi4yIDAgMCAxLS4wNTQtLjA2LjE4LjE4IDAgMCAxIC4wMDItLjE4M0w3Ljg4NCAyLjA3M2EuMTUuMTUgMCAwIDEgLjA1NC0uMDU3bTEuMDQ0LS40NWExLjEzIDEuMTMgMCAwIDAtMS45NiAwTC4xNjUgMTMuMjMzYy0uNDU3Ljc3OC4wOTEgMS43NjcuOTggMS43NjdoMTMuNzEzYy44ODkgMCAxLjQzOC0uOTkuOTgtMS43Njd6Ii8+CiAgPHBhdGggZD0iTTcuMDAyIDEyYTEgMSAwIDEgMSAyIDAgMSAxIDAgMCAxLTIgME03LjEgNS45OTVhLjkwNS45MDUgMCAxIDEgMS44IDBsLS4zNSAzLjUwN2EuNTUyLjU1MiAwIDAgMS0xLjEgMHoiLz4KPC9zdmc+") !important; +} + +div.callout-warning.callout-style-default > .callout-header { + background-color: #fad8ca !important; +} + +/* Important */ + +div.callout-important.callout { + border-left-color: $posit-burgundy !important; +} + +div.callout-important .callout-icon::before { + // base64 -i _extensions/posit-docs/assets/images/exclamation-circle.svg + background-image: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxNiIgaGVpZ2h0PSIxNiIgZmlsbD0iIzJFMTcxRiIgY2xhc3M9ImJpIGJpLWV4Y2xhbWF0aW9uLWNpcmNsZSIgdmlld0JveD0iMCAwIDE2IDE2Ij4KICA8cGF0aCBkPSJNOCAxNUE3IDcgMCAxIDEgOCAxYTcgNyAwIDAgMSAwIDE0bTAgMUE4IDggMCAxIDAgOCAwYTggOCAwIDAgMCAwIDE2Ii8+CiAgPHBhdGggZD0iTTcuMDAyIDExYTEgMSAwIDEgMSAyIDAgMSAxIDAgMCAxLTIgME03LjEgNC45OTVhLjkwNS45MDUgMCAxIDEgMS44IDBsLS4zNSAzLjUwN2EuNTUyLjU1MiAwIDAgMS0xLjEgMHoiLz4KPC9zdmc+") !important; +} + +div.callout-important.callout-style-default > .callout-header { + background-color: #f2dae3 !important; +} // Specialty headers @@ -205,34 +384,30 @@ div span.preview-feature { text-transform: uppercase; } -// Lists - -/* List disc colors */ -li::marker { - color: $primary; -} +// Specialty lists /* Callout steps for images with multiple items/steps shown in single image */ + ol.groovyAlpha { - list-style: none; - counter-reset: list-counter; - } - + list-style: none; + counter-reset: list-counter; +} + ol.groovyAlpha li { counter-increment: list-counter; } ol.groovyAlpha li > p:before { content: counter(list-counter, lower-alpha); - width: 16px; - height: 16px; + width: 20px; + height: 20px; text-align: center; margin-right: 10px; color: #fff; background-color: #fc403b; display: inline-block; - border-radius: 8px; - font-size: 9px; + border-radius: 10px; + font-size: 14px; line-height: 16px; vertical-align: middle; } diff --git a/_quarto.yml b/_quarto.yml index 8554e84c..3b34b996 100644 --- a/_quarto.yml +++ b/_quarto.yml @@ -32,24 +32,18 @@ website: left: | Copyright © 2000-{{< env CURRENT_YEAR >}} Posit Software, PBC. All Rights Reserved. center: | - Posit Helm Charts {{< env PRODUCT_VERSION >}} + Posit Helm Charts right: - icon: question-circle-fill + aria-label: 'Link to Posit Support' href: "https://support.posit.co/hc/en-us" - icon: lightbulb-fill + aria-label: 'Link to Posit Solutions' href: "https://solutions.posit.co/" - - text: "" + - text: "" href: "https://docs.posit.co/" - - text: "" + - text: "" href: "https://posit.co/" - navbar: - right: - - icon: "list" - menu: - - text: "docs.posit.co" - href: "https://docs.posit.co" - - text: "Posit Support" - href: "https://support.posit.co/hc/en-us/" sidebar: style: "floating" collapse-level: 1 From a4ef6757202ac003e1d6164d76bb7d0e3865af72 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Fri, 10 May 2024 20:55:01 -0400 Subject: [PATCH 030/284] Not sure what the start year should be here --- _quarto.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_quarto.yml b/_quarto.yml index 3b34b996..2abeacf5 100644 --- a/_quarto.yml +++ b/_quarto.yml @@ -30,7 +30,7 @@ website: repo-actions: [edit, issue] page-footer: left: | - Copyright © 2000-{{< env CURRENT_YEAR >}} Posit Software, PBC. All Rights Reserved. + Copyright © 2???-{{< env CURRENT_YEAR >}} Posit Software, PBC. All Rights Reserved. center: | Posit Helm Charts right: From 022d4995a30bc70c796d64b4508cfbfbfc7b9d29 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Mon, 13 May 2024 16:44:19 -0400 Subject: [PATCH 031/284] Home page updates --- index.qmd | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.qmd b/index.qmd index 435cdc7b..bc20cc3b 100644 --- a/index.qmd +++ b/index.qmd @@ -11,12 +11,12 @@ title: Posit Helm Charts 2. Add the Posit Helm repository: - ```console + ```{.bash} helm repo add rstudio https://helm.rstudio.com ``` 3. View charts: - ```console + ```{.bash} helm search repo rstudio ``` \ No newline at end of file From b5dc2901c23e7bc7b304de1a6ada054a30b83310 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Mon, 13 May 2024 16:44:36 -0400 Subject: [PATCH 032/284] Initial workbench scrub - Editing pass - Heading changes in Examples --- charts/rstudio-workbench/README.md | 185 ++++++++---------- examples/examples.ejs | 4 +- .../application-configuration/index.qmd | 2 +- .../container-images/custom-images.qmd | 2 +- .../container-images/private-images.qmd | 2 +- 5 files changed, 87 insertions(+), 108 deletions(-) diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 01abf0ab..0acf0ee2 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -5,7 +5,7 @@ code-overflow: wrap ![Version: 0.7.3](https://img.shields.io/badge/Version-0.7.3-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) -#### _Official Helm chart for RStudio Workbench_ +#### _Official Helm chart for Posit Workbench_ Data Scientists use [Posit Workbench](https://posit.co/products/enterprise/workbench/) to analyze data and create data products using R and Python. @@ -45,7 +45,7 @@ helm search repo rstudio/rstudio-workbench -l To function, this chart requires the following: -* A license file, license key, or the address of a running license server. See the [Licensing](#licensing) section below for more details. +* A license file. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the home directory for users. * If `homeStorage.create` is set, it creates a Persistent Volume Claim (PVC) that relies on the default storage class to generate the @@ -84,11 +84,10 @@ To function, this chart requires the following: ## Licensing -This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against directly placing it in your values file. +This chart supports activating the product using a *license file*. -### License file - -We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. +- We recommend *against* directly placing the license file in your values file. +- We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: @@ -111,37 +110,21 @@ Alternatively, license files can be set during `helm install` with the following --set-file license.file.contents=licenses/rstudio-workbench.lic ``` -### License key - -Set a license key directly in your values file (`license.key`) or during `helm install` with the argument: - -```bash ---set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX -``` - -### License server - -Set a license server directly in your values file (`license.server`) or during `helm install` with the argument: - -```bash ---set license.server= -``` - ## General principles - In most places, we opt to pass Helm values directly into ConfigMaps. We automatically translate these into the - valid `.ini` or `.dcf` file formats required by RStudio Workbench. + valid `.ini` or `.dcf` file formats required by Workbench. - Those configuration files and their mount locations are covered in the [Configuration files](#configuration-files) section below. -- If you need to modify the jobs launched by RStudio Workbench, use `job-json-overrides`. +- If you need to modify the jobs launched by Workbench, use `job-json-overrides`. - Review the [Job Json overrides](#job-json-overrides) section on this below. For general information, see [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes). -- The prestart scripts for RStudio Workbench and RStudio Launcher are highly customized to get the service account information off of the RStudio Workbench pod for use in launching jobs. -- RStudio Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter. +- The prestart scripts for Workbench and Posit Job Launcher are highly customized to get the service account information off of the Workbench pod for use in launching jobs. +- Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter. - This is described in the [Monitoring Posit Team Using Prometheus and Graphite](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) support article. ## Configuration files -These configuration values all take the form of usual helm values +These configuration values all take the form of usual Helm values so you can set the database password with similar to: ```bash @@ -161,63 +144,63 @@ The names of files are dynamically used, so you can add new files as needed. Bew so moving them can have adverse effects. Also, if you use a different mounting paradigm, you need to change the `XDG_CONFIG_DIRS` environment variable. -- Session Configuration: - - Configuration files: `repos.conf`, `rsession.conf`, `notifications.conf` - - These configuration files are mounted into the server and - the session pods. - - Located in the `config.session.<< name of file >>` helm values - - Mounted at `/mnt/session-configmap/rstudio/` +- Session Configuration + - These configuration files are mounted into the server and + are mounted into the session pods. + - `repos.conf`, `rsession.conf`, `notifications.conf` + - Located in:
    `config.session.<< name of file >>` Helm values + - Mounted at:
    `/mnt/session-configmap/rstudio/` - Session Secret Configuration: - - These configuration files are mounted into the server and session pods as well - - `odbc.ini` and other similar shared secrets - - located in `config.sessionSecret.<< name of file>>` helm values - - mounted at `/mnt/session-secret/` + - These configuration files are mounted into the server and session pods. + - `odbc.ini` and other similar shared secrets. + - Located in:
    `config.sessionSecret.<< name of file>>` Helm values + - Mounted at:
    `/mnt/session-secret/` - Secret Configuration: - - These configuration files are mounted into the server with more restrictive permissions (0600) + - These configuration files are mounted into the server with more restrictive permissions (0600). - `database.conf`, `openid-client-secret`, `databricks.conf` - - They are located in the `config.secret.<< name of file >>` helm values - - mounted at `/mnt/secret-configmap/rstudio/` + - Located in:
    `config.secret.<< name of file >>` Helm values + - Mounted at:
    `/mnt/secret-configmap/rstudio/` - Server Configuration: - - These configuration files are mounted into the server (.ini file format) + - These configuration files are mounted into the server (.ini file format). - `rserver.conf`, `launcher.conf`, `jupyter.conf`, `logging.conf` - - They are located at `config.server.<< name of file >>` helm values - - mounted at `/mnt/configmap/rstudio/` + - Located at:
    `config.server.<< name of file >>` Helm values + - Mounted at:
    `/mnt/configmap/rstudio/` - Server DCF Configuration: - - These configuration files are mounted into the server (.dcf file format) + - These configuration files are mounted into the server (.dcf file format). - `launcher-mounts`, `launcher-env` - - They are located at `config.serverDcf.<< name of file >>` helm values - - included at `/mnt/configmap/rstudio/` + - Located at:
    `config.serverDcf.<< name of file >>` Helm values + - Included at:
    `/mnt/configmap/rstudio/` - Profiles Configuration: - - These configuration files are mounted into the server (.ini file format) + - These configuration files are mounted into the server (.ini file format). - `launcher.kubernetes.profiles.conf` - - They are located at `config.profiles.<< name of file >>` helm values - - included at `/mnt/configmap/rstudio/` - - See the [Profiles](#rstudio-profiles) section below for more information + - They are located at `config.profiles.<< name of file >>` Helm values + - Included at:
    `/mnt/configmap/rstudio/` + - See the [Profiles](#rstudio-profiles) section below for more information. - Prestart: - - This is provided by the helm chart in a configmap - - It is mounted into the pod at `/scripts/` - - `prestart-workbench.bash` is used to start workbench - - `prestart-launcher.bash` is used to start launcher + - This is provided by the Helm chart in a configmap. + - It is mounted into the pod at `/scripts/`. + - `prestart-workbench.bash` is used to start workbench. + - `prestart-launcher.bash` is used to start launcher. - User Provisioning Configuration: - - These configuration files are used for configuring user provisioning (i.e., `sssd`) - - Located at `config.userProvisioning.<< name of file >>` helm values - - Mounted onto `/etc/sssd/conf.d/` with `0600` permissions by default + - These configuration files are used for configuring user provisioning (i.e., `sssd`). + - Located at:
    `config.userProvisioning.<< name of file >>` Helm values + - Mounted onto:
    `/etc/sssd/conf.d/` with `0600` permissions by default. - Custom Startup Configuration: - - `supervisord` service / unit definition `.conf` files - - Use the `.ini` file format, by default - - Mounted at `/startup/custom` - - As with all configuration files above, can override with a verbatim string if desired: - - Located at `config.startupCustom.<< name of file >>` helm values: - ```yaml - config: - startupCustom: - myfile.conf: | - file-used-verbatim - ``` + - `supervisord` service / unit definition `.conf` files. + - Use the `.ini` file format by default. + - Mounted at:
    `/startup/custom` + - As with all configuration files above, you can override with a verbatim string if desired: + - Located at:
    `config.startupCustom.<< name of file >>` Helm values: + ```yaml + config: + startupCustom: + myfile.conf: | + file-used-verbatim + ``` - PAM configuration: - - `pam` configuration files - - Located at `config.pam.<< name of file >>` helm values - - Mounted verbatim as individual files (using `subPath` mounts) at `/etc/pam.d/<< name of file >>` + - `pam` configuration files. + - Located at:
    `config.pam.<< name of file >>` Helm values + - Mounted verbatim as individual files (using `subPath` mounts) at:
    `/etc/pam.d/<< name of file >>` ### Configuring Python and R repositories @@ -228,17 +211,17 @@ pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mo - `launcher.useTemplates: true` is set - `pip.conf` settings are listed under `config.session` as shown in the following example for adding Posit Public Package Manager's PyPI: -```yaml -launcher: - useTemplates: true + ```yaml + launcher: + useTemplates: true -config: - session: - pip.conf: - "global": - index-url: https://packagemanager.posit.co/pypi/latest/simple - trusted-host: packagemanager.posit.co -``` + config: + session: + pip.conf: + "global": + index-url: https://packagemanager.posit.co/pypi/latest/simple + trusted-host: packagemanager.posit.co + ``` #### R repositories @@ -255,12 +238,12 @@ For more information about configuring CRAN repositories in Workbench, see the [ ## User provisioning -Provisioning users in RStudio Workbench containers is challenging. Session images create users automatically (with +Provisioning users in Workbench containers is challenging. Session images create users automatically (with consistent UIDs / GIDs). However, creating users in the Workbench containers is a responsibility that falls to the administrator. The most common way to provision users is via `sssd`. -The [latest RStudio Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) +The [latest Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) has `sssd` included and running by default (see `userProvisioning` configuration files above). The other way that this can be managed is via a lightweight startup service (runs once at startup and then sleeps forever) @@ -268,21 +251,22 @@ or a polling service (checks at regular intervals). Either can be written easily However, it is important to use caution for the following: -- UID / GID consistency: linux usernames and their matching to UID/GID must be consistent across all nodes and across - time. Failing can cause security issues and access by some users to access view they should not be allowed to see. -- Usernames cannot have `@`. The `@` sign (often used in emails with SSO) is a problem for RStudio Workbench because - some operating systems disallow `@` signs in linux usernames. -- `supervisord` is configured by default to exit if any of its child processes exit. If you use `config.startupCustom` - to configure a user management service, be careful that it does not exit unnecessarily. +- UID / GID consistency: + - Linux usernames and their matching to UID/GID must be consistent across all nodes and across time. + - Failing can cause security issues and access by some users to access view they should not be allowed to see. +- Usernames cannot have `@`. + - The `@` sign (often used in emails with SSO) is a problem for Workbench because some operating systems disallow `@` signs in linux usernames. +- `supervisord` is configured by default to exit if any of its child processes exit. + - If you use `config.startupCustom` to configure a user management service, be careful that it does not exit unnecessarily. -We do not provide such a service out of the box because we intend for RStudio Workbench to solve this problem in a +We do not provide such a service out of the box because we intend for Workbench to solve this problem in a future release. Please contact your account representative if you have feedback or questions about this workflow. ### PAM -When starting sessions on RStudio Workbench, PAM configuration is often very important, even if PAM is not being used as -an authentication mechanism. The RStudio Workbench helm chart allows creating custom PAM files via the `config.pam` +When starting sessions on Workbench, PAM configuration is often very important, even if PAM is not being used as +an authentication mechanism. The Workbench Helm chart allows creating custom PAM files via the `config.pam` values section. Each key under `config.pam` becomes a PAM configuration file, and is mounted into `/etc/pam.d/` in the container. For @@ -390,15 +374,11 @@ If you want to customize the job launch process (i.e., how sessions are defined) config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` ``` - Create an array of maps with the following keys: - - `target`: the "target" part of the job spec to replace - - `name`: a unique identifier (ideally with no spaces) becomes a configuration filename on disk. - - `json`: a YAML value that is translated directly to JSON and injected into the job spec at `target`. - -Several examples are provided -in [this support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) -(however, examples do not use the helm chart syntax there). + - `target`: The "target" part of the job spec to replace. + - `name`: A unique identifier (ideally with no spaces) becomes a configuration filename on disk. + - `json`: A YAML value that is translated directly to JSON and injected into the job spec at `target`. -Alternatively, you can explore the docs in the [helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md).x +Explore the docs in the [Helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md) for additional information. ```yaml config: @@ -420,7 +400,7 @@ config: ## Sealed secrets -This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. +This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via Helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted (the chart does not support mixing encrypted values with unencrypted values): @@ -430,7 +410,7 @@ To activate the use of `SealedSecret` templates instead of `Secret` templates in - `launcherPem` - `secureCookieKey` (or `global.secureCookieKey`) -Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key, which can be generated via an RSA tool such as helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID, which can be generated via a UUID generator such as helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. +Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key, which can be generated via an RSA tool such as Helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID, which can be generated via a UUID generator such as Helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. ## Values @@ -579,4 +559,3 @@ Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) - diff --git a/examples/examples.ejs b/examples/examples.ejs index 069909a4..4fdf632f 100644 --- a/examples/examples.ejs +++ b/examples/examples.ejs @@ -2,7 +2,7 @@ const postsByCategory = {}; const basicConfigPosts = []; items.forEach(item => { - if (item.category === "Basic Configuration") { + if (item.category === "Basic configuration") { basicConfigPosts.push(item) } else { if (!postsByCategory[item.category]) { @@ -14,7 +14,7 @@ items.forEach(item => { // Basic config first if (basicConfigPosts.length > 0) { %> -

    Basic Configuration

    +

    Basic configuration

      <% basicConfigPosts.forEach(post => { %>
    • diff --git a/examples/workbench/application-configuration/index.qmd b/examples/workbench/application-configuration/index.qmd index 298a98ca..4551a908 100644 --- a/examples/workbench/application-configuration/index.qmd +++ b/examples/workbench/application-configuration/index.qmd @@ -1,5 +1,5 @@ --- -category: "Basic Configuration" +category: "Basic configuration" --- # Configuring Posit Workbench with Recommended Settings diff --git a/examples/workbench/container-images/custom-images.qmd b/examples/workbench/container-images/custom-images.qmd index df55c281..10ec1dab 100644 --- a/examples/workbench/container-images/custom-images.qmd +++ b/examples/workbench/container-images/custom-images.qmd @@ -1,5 +1,5 @@ --- -category: "Container Images" +category: "Container images" --- # Configuring Posit Workbench with Custom Container Images diff --git a/examples/workbench/container-images/private-images.qmd b/examples/workbench/container-images/private-images.qmd index 886c926e..8a74b6cf 100644 --- a/examples/workbench/container-images/private-images.qmd +++ b/examples/workbench/container-images/private-images.qmd @@ -1,5 +1,5 @@ --- -category: "Container Images" +category: "Container images" --- # Configuring Posit Workbench to Access Image Registries Requiring Authentication From d90fedd6a2e4e602948d8cd5091a073254472cb6 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Mon, 13 May 2024 20:47:27 -0400 Subject: [PATCH 033/284] trying to standardize the content between the two files where I can --- charts/rstudio-connect/README.md | 77 +++++++++++++++--------------- charts/rstudio-workbench/README.md | 13 +++-- 2 files changed, 45 insertions(+), 45 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index a44de207..f0f5dda9 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -2,7 +2,7 @@ ![Version: 0.6.6](https://img.shields.io/badge/Version-0.6.6-informational?style=flat-square) ![AppVersion: 2024.04.1](https://img.shields.io/badge/AppVersion-2024.04.1-informational?style=flat-square) -#### _Official Helm chart for RStudio Connect_ +#### _Official Helm chart for Posit Connect_ Business Users and Collaborators use R and Python data products on [Posit Connect](https://posit.co/products/enterprise/connect/) that are published by Data Scientists. @@ -12,56 +12,63 @@ that are published by Data Scientists. Helm charts are very useful tools for deploying resources into Kubernetes, however, they do require some familiarity with kubernetes and `helm` itself. Please ensure you have adequate training and IT support before deploying these charts into production environments. Reach out to your account representative -if you need help deciding whether helm is a good choice for your deployment. +if you need help deciding whether Helm is a good choice for your deployment. To ensure reproducibility in your environment and insulate yourself from future changes, please: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use the `helm-diff` plugin and `helm diff upgrade` to check - for breaking changes -* Read [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +* "Pin" the version of the Helm chart that you are using. You can do + this using the: + * `helm dependency` command and the associated "Chart.lock" files _or_ + * the `--version` flag. -## Installing the Chart + :::{.callout-important} + This protects you from breaking changes** + ::: + +* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. + +## Installing the chart To install the chart with the release name `my-release` at version 0.6.6: -```bash +```{.bash} helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/rstudio-connect --version=0.6.6 ``` To explore other chart versions, take a look at: -``` + +```{.bash} helm search repo rstudio/rstudio-connect -l ``` -## Required Configuration +## Required configuration -This chart requires the following in order to function: +To function, this chart requires the following: -* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. +* A license file. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the data directory for Connect. - * If `sharedStorage.create` is set, a PVC that relies on the default storage class will be created to generate the PersistentVolume. + * If `sharedStorage.create` is set, a Persistent Volume Claim (PVC) that relies on the default storage class will be created to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use with `ReadWriteMany` access mode out-of-the-box. - In this case, we recommend you disable `sharedStorage.create` and create your own `PersistentVolume` and `PersistentVolumeClaim`, then - mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `sharedStorage.name` and `sharedStorage.mount`. - * If you cannot use a `PersistentVolume` to properly mount your data directory, you'll need to mount your data in the container - by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes), specified in `pod.volumes` and `pod.volumeMounts`. + In this case, we recommend you: + * Disable `sharedStorage.create` and create your own `PersistentVolume` and `PersistentVolumeClaim`, then + * Mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `sharedStorage.name` and `sharedStorage.mount`. + * If you cannot use a `PersistentVolume` to properly mount your users' home directories, mount your + data in the container by using a + regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes/#nfs), specified in `pod.volumes` + and `pod.volumeMounts`. ## Licensing -This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. - -### License File +This chart supports activating the product using a *license file*. -We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. +- We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -`kubectl create secret generic rstudio-connect-license --from-file=licenses/rstudio-connect.lic` +```{.bash} +kubectl create secret generic rstudio-connect-license --from-file=licenses/rstudio-connect.lic Second, specify the following values: @@ -74,29 +81,23 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -`--set-file license.file.contents=licenses/rstudio-connect.lic` - -### License Key - -Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. - -### License Server - -Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. +```{.bash} +--set-file license.file.contents=licenses/rstudio-connect.lic +``` -## General Principles +## General principles -- In most places, we opt to pass helm values over configmaps. We translate these into the valid `.gcfg` file format +- In most places, we opt to pass Helm values over ConfigMaps. We translate these into the valid `.gcfg` file format required by rstudio-connect. - rstudio-connect does not export many prometheus metrics on its own. Instead, we run a sidecar graphite exporter [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) -## Configuration File +## Configuration file The configuration values all take the form of usual helm values so you can set the database password with something like: -``` +```{.bash} ... --set config.Postgres.Password=mypassword ... ``` diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 0acf0ee2..79dfc3f9 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -23,8 +23,7 @@ To ensure a stable production deployment: ::: * Before upgrading check for breaking changes using `helm diff upgrade`. -* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking - changes and the documentation below on how to use the chart. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. ## Installing the chart @@ -51,9 +50,9 @@ To function, this chart requires the following: * If `homeStorage.create` is set, it creates a Persistent Volume Claim (PVC) that relies on the default storage class to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend that you: - * disable `homeStorage.create` and + * Disable `homeStorage.create` and create your own `PersistentVolume` and `PersistentVolumeClaim`, then - * mount them into the container by specifying + * Mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `homeStorage.name` and `homeStorage.mount`. * If you cannot use a `PersistentVolume` to properly mount your users' home directories, mount your @@ -84,14 +83,14 @@ To function, this chart requires the following: ## Licensing -This chart supports activating the product using a *license file*. +This chart supports activating the product using a *license file*. - We recommend *against* directly placing the license file in your values file. - We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -```bash +```{.bash} kubectl create secret generic rstudio-workbench-license --from-file=licenses/rstudio-workbench.lic ``` @@ -259,7 +258,7 @@ However, it is important to use caution for the following: - `supervisord` is configured by default to exit if any of its child processes exit. - If you use `config.startupCustom` to configure a user management service, be careful that it does not exit unnecessarily. -We do not provide such a service out of the box because we intend for Workbench to solve this problem in a +We do not provide such a service out-of-the box because we intend for Workbench to solve this problem in a future release. Please contact your account representative if you have feedback or questions about this workflow. From 190cc44cb1162f505226a773465ead203ec3c897 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Mon, 13 May 2024 20:48:32 -0400 Subject: [PATCH 034/284] helm fix --- charts/rstudio-connect/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index f0f5dda9..f02c37ea 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -94,7 +94,7 @@ required by rstudio-connect. ## Configuration file -The configuration values all take the form of usual helm values +The configuration values all take the form of usual Helm values so you can set the database password with something like: ```{.bash} From a6bab1ce7f8bc2cada69851302b4bd7b0c5d6048 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Mon, 13 May 2024 20:53:30 -0400 Subject: [PATCH 035/284] Not sure if these should be formatted or not but I did it just in case --- charts/rstudio-connect/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index f02c37ea..860aaea9 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -88,8 +88,8 @@ Alternatively, license files can be set during `helm install` with the following ## General principles - In most places, we opt to pass Helm values over ConfigMaps. We translate these into the valid `.gcfg` file format -required by rstudio-connect. -- rstudio-connect does not export many prometheus metrics on its own. Instead, we run a sidecar graphite exporter +required by `rstudio-connect`. +- `rstudio-connect` does not export many prometheus metrics on its own. Instead, we run a sidecar graphite exporter [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) ## Configuration file From 81ded35e8ced727f1b4c708a2c389e51fe970cd7 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Mon, 13 May 2024 20:57:36 -0400 Subject: [PATCH 036/284] Minor edits to the configuration files --- examples/connect/application-configuration/index.qmd | 2 +- examples/connect/beta-migration/index.qmd | 2 +- examples/connect/container-images/custom-images.qmd | 2 +- examples/connect/container-images/private-images.qmd | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/connect/application-configuration/index.qmd b/examples/connect/application-configuration/index.qmd index 2ceb80c6..c8475c97 100644 --- a/examples/connect/application-configuration/index.qmd +++ b/examples/connect/application-configuration/index.qmd @@ -1,5 +1,5 @@ --- -category: "Basic Configuration" +category: "Basic configuration" --- # Configuring Posit Connect with Recommended Settings diff --git a/examples/connect/beta-migration/index.qmd b/examples/connect/beta-migration/index.qmd index 2993a3eb..99e81200 100644 --- a/examples/connect/beta-migration/index.qmd +++ b/examples/connect/beta-migration/index.qmd @@ -1,5 +1,5 @@ --- -category: "Beta Migration" +category: "Beta migration" --- # Off-Host Execution Beta User Migration diff --git a/examples/connect/container-images/custom-images.qmd b/examples/connect/container-images/custom-images.qmd index 5407c999..0b73badc 100644 --- a/examples/connect/container-images/custom-images.qmd +++ b/examples/connect/container-images/custom-images.qmd @@ -1,5 +1,5 @@ --- -category: "Container Images" +category: "Container images" --- # Configuring Posit Connect with Custom Container Images diff --git a/examples/connect/container-images/private-images.qmd b/examples/connect/container-images/private-images.qmd index 6d387753..cfad496b 100644 --- a/examples/connect/container-images/private-images.qmd +++ b/examples/connect/container-images/private-images.qmd @@ -1,5 +1,5 @@ --- -category: "Container Images" +category: "Container images" --- # Configuring Posit Connect to Access Image Registries Requiring Authentication From 5328f3b66b2d1794f834e629884e2257af387c39 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Mon, 13 May 2024 21:23:26 -0400 Subject: [PATCH 037/284] Missed heading change --- charts/rstudio-connect/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 860aaea9..bd2bd796 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -7,7 +7,7 @@ Business Users and Collaborators use R and Python data products on [Posit Connect](https://posit.co/products/enterprise/connect/) that are published by Data Scientists. -## Best Practices +## Best practices Helm charts are very useful tools for deploying resources into Kubernetes, however, they do require some familiarity with kubernetes and `helm` itself. Please ensure you have adequate training and From 8680940f84a2653ec2d266245fd5be395dacd2e1 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Mon, 13 May 2024 21:27:03 -0400 Subject: [PATCH 038/284] Start of ppm edits --- charts/rstudio-pm/README.md | 41 +++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index b6f9d265..5e29c092 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -2,46 +2,51 @@ ![Version: 0.5.25](https://img.shields.io/badge/Version-0.5.25-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) -#### _Official Helm chart for RStudio Package Manager_ +#### _Official Helm chart for Posit Package Manager_ IT Administrators use [Posit Package Manager](https://posit.co/products/enterprise/package-manager/) to control and manage R and Python packages that Data Scientists need to create and share data products. -## For Production +## For production -To ensure a stable production deployment, please: +To ensure a stable production deployment: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check - for breaking changes -* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +* "Pin" the version of the Helm chart that you are using. You can do this using the: + * `helm dependency` command *and* the associated "Chart.lock" files *or* + * the `--version` flag. + + ::: {.callout-important} + This protects you from breaking changes. + ::: -## Installing the Chart +* Before upgrading check for breaking changes using `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. + +## Installing the chart To install the chart with the release name `my-release` at version 0.5.25: -```bash +```{.bash} helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.25 ``` To explore other chart versions, take a look at: -``` + +```{.bash} helm search repo rstudio/rstudio-pm -l ``` -## Upgrade Guidance +## Upgrade guidance ### 0.4.0 -- When upgrading to version 0.4.0 or later, the Package Manager service moves from running as `root` to running as - the `rstudio-pm` user (with `uid:gid` `999:999`). A `chown` of persistent storage may be required. We will try to - fix this up automatically. Set `enableMigrations=false` to disable the automatic fixup / hook. +* When upgrading to version 0.4.0 or later, the Package Manager service moves from running as `root` to running as + the `rstudio-pm` user (with `uid:gid` `999:999`) +* A `chown` of persistent storage may be required. The issue has been recorded and the team is working to implement an automatic fix. + * To disable an automatic fixup / hook, set `enableMigrations=false`. -## Required Configuration +## Required configuration This chart requires the following in order to function: From 0028366c0b45f5c52c442dd1d32f0e02959c9cae Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 14 May 2024 12:33:26 +0000 Subject: [PATCH 039/284] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 83 ++++--- charts/rstudio-workbench/README.md | 379 ++++++++++++++--------------- 2 files changed, 225 insertions(+), 237 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index bd2bd796..066cd564 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -2,7 +2,7 @@ ![Version: 0.6.6](https://img.shields.io/badge/Version-0.6.6-informational?style=flat-square) ![AppVersion: 2024.04.1](https://img.shields.io/badge/AppVersion-2024.04.1-informational?style=flat-square) -#### _Official Helm chart for Posit Connect_ +#### _Official Helm chart for RStudio Connect_ Business Users and Collaborators use R and Python data products on [Posit Connect](https://posit.co/products/enterprise/connect/) that are published by Data Scientists. @@ -12,63 +12,56 @@ that are published by Data Scientists. Helm charts are very useful tools for deploying resources into Kubernetes, however, they do require some familiarity with kubernetes and `helm` itself. Please ensure you have adequate training and IT support before deploying these charts into production environments. Reach out to your account representative -if you need help deciding whether Helm is a good choice for your deployment. +if you need help deciding whether helm is a good choice for your deployment. To ensure reproducibility in your environment and insulate yourself from future changes, please: -* "Pin" the version of the Helm chart that you are using. You can do - this using the: - * `helm dependency` command and the associated "Chart.lock" files _or_ - * the `--version` flag. +* Ensure you "pin" the version of the Helm chart that you are using. You can do + this using the `helm dependency` command and the associated "Chart.lock" files + or the `--version` flag. **IMPORTANT: This protects you from breaking changes** +* Before upgrading, to avoid breaking changes, use the `helm-diff` plugin and `helm diff upgrade` to check + for breaking changes +* Read [`NEWS.md`](./NEWS.md) for updates on breaking + changes, as well as documentation below on how to use the chart - :::{.callout-important} - This protects you from breaking changes** - ::: - -* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. -* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. - -## Installing the chart +## Installing the Chart To install the chart with the release name `my-release` at version 0.6.6: -```{.bash} +```bash helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/rstudio-connect --version=0.6.6 ``` To explore other chart versions, take a look at: - -```{.bash} +``` helm search repo rstudio/rstudio-connect -l ``` -## Required configuration +## Required Configuration -To function, this chart requires the following: +This chart requires the following in order to function: -* A license file. See the [Licensing](#licensing) section below for more details. +* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the data directory for Connect. - * If `sharedStorage.create` is set, a Persistent Volume Claim (PVC) that relies on the default storage class will be created to generate the PersistentVolume. + * If `sharedStorage.create` is set, a PVC that relies on the default storage class will be created to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use with `ReadWriteMany` access mode out-of-the-box. - In this case, we recommend you: - * Disable `sharedStorage.create` and create your own `PersistentVolume` and `PersistentVolumeClaim`, then - * Mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `sharedStorage.name` and `sharedStorage.mount`. - * If you cannot use a `PersistentVolume` to properly mount your users' home directories, mount your - data in the container by using a - regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes/#nfs), specified in `pod.volumes` - and `pod.volumeMounts`. + In this case, we recommend you disable `sharedStorage.create` and create your own `PersistentVolume` and `PersistentVolumeClaim`, then + mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `sharedStorage.name` and `sharedStorage.mount`. + * If you cannot use a `PersistentVolume` to properly mount your data directory, you'll need to mount your data in the container + by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes), specified in `pod.volumes` and `pod.volumeMounts`. ## Licensing -This chart supports activating the product using a *license file*. +This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. + +### License File -- We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. +We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -```{.bash} -kubectl create secret generic rstudio-connect-license --from-file=licenses/rstudio-connect.lic +`kubectl create secret generic rstudio-connect-license --from-file=licenses/rstudio-connect.lic` Second, specify the following values: @@ -81,23 +74,29 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -```{.bash} ---set-file license.file.contents=licenses/rstudio-connect.lic -``` +`--set-file license.file.contents=licenses/rstudio-connect.lic` -## General principles +### License Key -- In most places, we opt to pass Helm values over ConfigMaps. We translate these into the valid `.gcfg` file format -required by `rstudio-connect`. -- `rstudio-connect` does not export many prometheus metrics on its own. Instead, we run a sidecar graphite exporter +Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. + +### License Server + +Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. + +## General Principles + +- In most places, we opt to pass helm values over configmaps. We translate these into the valid `.gcfg` file format +required by rstudio-connect. +- rstudio-connect does not export many prometheus metrics on its own. Instead, we run a sidecar graphite exporter [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) -## Configuration file +## Configuration File -The configuration values all take the form of usual Helm values +The configuration values all take the form of usual helm values so you can set the database password with something like: -```{.bash} +``` ... --set config.Postgres.Password=mypassword ... ``` diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 79dfc3f9..9cda63d7 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,31 +1,25 @@ ---- -title: Posit Workbench -code-overflow: wrap ---- +# Posit Workbench ![Version: 0.7.3](https://img.shields.io/badge/Version-0.7.3-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) -#### _Official Helm chart for Posit Workbench_ +#### _Official Helm chart for RStudio Workbench_ Data Scientists use [Posit Workbench](https://posit.co/products/enterprise/workbench/) to analyze data and create data products using R and Python. -## For production +## For Production -To ensure a stable production deployment: +To ensure a stable production deployment, please: -* "Pin" the version of the Helm chart that you are using. You can do this using the: - * `helm dependency` command *and* the associated "Chart.lock" files *or* - * the `--version` flag. - - ::: {.callout-important} - This protects you from breaking changes. - ::: +* Ensure you "pin" the version of the Helm chart that you are using. You can do + this using the `helm dependency` command and the associated "Chart.lock" files + or the `--version` flag. **IMPORTANT: This protects you from breaking changes** +* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check + for breaking changes +* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking + changes, as well as documentation below on how to use the chart -* Before upgrading check for breaking changes using `helm diff upgrade`. -* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. - -## Installing the chart +## Installing the Chart To install the chart with the release name `my-release` at version 0.7.3: @@ -35,64 +29,59 @@ helm upgrade --install my-release rstudio/rstudio-workbench --version=0.7.3 ``` To explore other chart versions, take a look at: - -```bash +``` helm search repo rstudio/rstudio-workbench -l ``` -## Required configuration +## Required Configuration -To function, this chart requires the following: +This chart requires the following in order to function: -* A license file. See the [Licensing](#licensing) section below for more details. +* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the home directory for users. - * If `homeStorage.create` is set, it creates a Persistent Volume Claim (PVC) that relies on the default storage class to generate the + * If `homeStorage.create` is set, a PVC that relies on the default storage class will be created to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use - with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend that you: - * Disable `homeStorage.create` and - create your own `PersistentVolume` and `PersistentVolumeClaim`, then - * Mount them into the container by specifying + with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend you disable `homeStorage.create` and + create your own `PersistentVolume` and `PersistentVolumeClaim`, then mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `homeStorage.name` and `homeStorage.mount`. - * If you cannot use a `PersistentVolume` to properly mount your users' home directories, mount your + * If you cannot use a `PersistentVolume` to properly mount your users' home directories, you'll need to mount your data in the container by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes/#nfs), specified in `pod.volumes` and `pod.volumeMounts`. - * If you cannot use a `Volume` to mount the directories, manually mount them during container startup + * If you cannot use a `Volume` to mount the directories, you'll need to manually mount them during container startup with a mechanism similar to what is described below for joining to auth domains. - * If not using `homeStorage.create`, configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions. -* If using load balancing (by setting `replicas > 1`), you need similar storage defined for `sharedStorage` to + * If not using `homeStorage.create`, you'll need to configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions. +* If using load balancing (by setting `replicas > 1`), you will need similar storage defined for `sharedStorage` to store shared project configuration. However, you can also configure the product to store its shared data underneath `/home` by setting `config.server.rserver\.conf.server-shared-storage-path=/home/some-shared-dir`. * A method to join the deployed `rstudio-workbench` container to your auth domain. The default `rstudio/rstudio-workbench` image has `sssd` installed and started by default. You can include `sssd` configuration in `config.userProvisioning` like so: - - ```yaml - config: - userProvisioning: - mysssd.conf: - sssd: - config_file_version: 2 - services: nss, pam - domains: rstudio.com - domain/rstudio.com: - id_provider: ldap - auth_provider: ldap - ``` +```yaml +config: + userProvisioning: + mysssd.conf: + sssd: + config_file_version: 2 + services: nss, pam + domains: rstudio.com + domain/rstudio.com: + id_provider: ldap + auth_provider: ldap +``` ## Licensing -This chart supports activating the product using a *license file*. +This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. + +### License File -- We recommend *against* directly placing the license file in your values file. -- We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. +We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -```{.bash} -kubectl create secret generic rstudio-workbench-license --from-file=licenses/rstudio-workbench.lic -``` +`kubectl create secret generic rstudio-workbench-license --from-file=licenses/rstudio-workbench.lic` Second, specify the following values: @@ -105,32 +94,39 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -```bash ---set-file license.file.contents=licenses/rstudio-workbench.lic -``` +`--set-file license.file.contents=licenses/rstudio-workbench.lic` + +### License Key + +Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. -## General principles +### License Server + +Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. + +## General Principles - In most places, we opt to pass Helm values directly into ConfigMaps. We automatically translate these into the - valid `.ini` or `.dcf` file formats required by Workbench. - - Those configuration files and their mount locations are covered in the [Configuration files](#configuration-files) section below. -- If you need to modify the jobs launched by Workbench, use `job-json-overrides`. - - Review the [Job Json overrides](#job-json-overrides) section on this below. For general information, see [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes). -- The prestart scripts for Workbench and Posit Job Launcher are highly customized to get the service account information off of the Workbench pod for use in launching jobs. -- Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter. - - This is described in the - [Monitoring Posit Team Using Prometheus and Graphite](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) support article. + valid `.ini` or `.dcf` file formats required by RStudio Workbench. Those config files and their mount locations are + below. +- If you need to modify the jobs launched by RStudio Workbench, you want to use `job-json-overrides`. There is a section on this below + and [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) + on the topic in general. +- The prestart scripts for RStudio Workbench and RStudio Launcher are highly customized to: + - Get the service account information off of the RStudio Workbench pod for use in launching jobs +- RStudio Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter + [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) ## Configuration files -These configuration values all take the form of usual Helm values -so you can set the database password with similar to: +These configuration values all take the form of usual helm values +so you can set the database password with something like: -```bash +``` ... --set config.secret.database\.conf.password=mypassword ... ``` -The files are converted into configuration files, in the required format, via go-templating. If you want to "in-line" a configuration file or mount it verbatim, you can use a pattern like: +The files are converted into configuration files in the necessary format via go-templating. If you want to "in-line" a config file or mount it verbatim, you can use a pattern like: ```yaml config: @@ -140,135 +136,130 @@ config: ``` The names of files are dynamically used, so you can add new files as needed. Beware that some files have default values, -so moving them can have adverse effects. Also, if you use a different mounting paradigm, you need to change -the `XDG_CONFIG_DIRS` environment variable. +so moving them can have adverse effects. Also, if you use a different mounting paradigm, you will need to change +the `XDG_CONFIG_DIRS` environment variable - Session Configuration - These configuration files are mounted into the server and - are mounted into the session pods. + are mounted into the session pods as well. - `repos.conf`, `rsession.conf`, `notifications.conf` - - Located in:
      `config.session.<< name of file >>` Helm values - - Mounted at:
      `/mnt/session-configmap/rstudio/` -- Session Secret Configuration: - - These configuration files are mounted into the server and session pods. - - `odbc.ini` and other similar shared secrets. - - Located in:
      `config.sessionSecret.<< name of file>>` Helm values - - Mounted at:
      `/mnt/session-secret/` -- Secret Configuration: - - These configuration files are mounted into the server with more restrictive permissions (0600). + - located in the `config.session.<< name of file >>` helm values + - mounted at `/mnt/session-configmap/rstudio/` +- Session Secret Configuration + - These configuration files are mounted into the server and session pods as well + - `odbc.ini` and other similar shared secrets + - located in `config.sessionSecret.<< name of file>>` helm values + - mounted at `/mnt/session-secret/` +- Secret Configuration + - These configuration files are mounted into the server with more restrictive permissions (0600) - `database.conf`, `openid-client-secret`, `databricks.conf` - - Located in:
      `config.secret.<< name of file >>` Helm values - - Mounted at:
      `/mnt/secret-configmap/rstudio/` -- Server Configuration: - - These configuration files are mounted into the server (.ini file format). + - They are located in the `config.secret.<< name of file >>` helm values + - mounted at `/mnt/secret-configmap/rstudio/` +- Server Configuration + - These configuration files are mounted into the server (.ini file format) - `rserver.conf`, `launcher.conf`, `jupyter.conf`, `logging.conf` - - Located at:
      `config.server.<< name of file >>` Helm values - - Mounted at:
      `/mnt/configmap/rstudio/` -- Server DCF Configuration: - - These configuration files are mounted into the server (.dcf file format). + - They are located at `config.server.<< name of file >>` helm values + - mounted at `/mnt/configmap/rstudio/` +- Server DCF Configuration + - These configuration files are mounted into the server (.dcf file format) - `launcher-mounts`, `launcher-env` - - Located at:
      `config.serverDcf.<< name of file >>` Helm values - - Included at:
      `/mnt/configmap/rstudio/` -- Profiles Configuration: - - These configuration files are mounted into the server (.ini file format). + - They are located at `config.serverDcf.<< name of file >>` helm values + - included at `/mnt/configmap/rstudio/` +- Profiles Configuration + - These configuration files are mounted into the server (.ini file format) - `launcher.kubernetes.profiles.conf` - - They are located at `config.profiles.<< name of file >>` Helm values - - Included at:
      `/mnt/configmap/rstudio/` - - See the [Profiles](#rstudio-profiles) section below for more information. -- Prestart: - - This is provided by the Helm chart in a configmap. - - It is mounted into the pod at `/scripts/`. - - `prestart-workbench.bash` is used to start workbench. - - `prestart-launcher.bash` is used to start launcher. -- User Provisioning Configuration: - - These configuration files are used for configuring user provisioning (i.e., `sssd`). - - Located at:
      `config.userProvisioning.<< name of file >>` Helm values - - Mounted onto:
      `/etc/sssd/conf.d/` with `0600` permissions by default. -- Custom Startup Configuration: - - `supervisord` service / unit definition `.conf` files. - - Use the `.ini` file format by default. - - Mounted at:
      `/startup/custom` - - As with all configuration files above, you can override with a verbatim string if desired: - - Located at:
      `config.startupCustom.<< name of file >>` Helm values: - ```yaml - config: - startupCustom: - myfile.conf: | - file-used-verbatim - ``` -- PAM configuration: - - `pam` configuration files. - - Located at:
      `config.pam.<< name of file >>` Helm values - - Mounted verbatim as individual files (using `subPath` mounts) at:
      `/etc/pam.d/<< name of file >>` - -### Configuring Python and R repositories - -#### Python repositories - -pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mounted into the session pods, it is important that: - -- `launcher.useTemplates: true` is set -- `pip.conf` settings are listed under `config.session` as shown in the following example for adding Posit Public Package Manager's PyPI: - - ```yaml - launcher: - useTemplates: true + - They are located at `config.profiles.<< name of file >>` helm values + - included at `/mnt/configmap/rstudio/` + - See the `Profiles` section below for more information +- Prestart + - This is provided by the helm chart in a configmap + - It is mounted into the pod at `/scripts/` + - `prestart-workbench.bash` is used to start workbench + - `prestart-launcher.bash` is used to start launcher +- User Provisioning Configuration + - These configuration files are used for configuring user provisioning (i.e. `sssd`) + - Located at `config.userProvisioning.<< name of file >>` helm values + - Mounted onto `/etc/sssd/conf.d/` with `0600` permissions by default +- Custom Startup Configuration + - `supervisord` service / unit definition `.conf` files + - Located at `config.startupCustom.<< name of file >>` helm values + - Will use the `.ini` file format, by default + - Mounted at `/startup/custom` + - As with all config files above, can override with a verbatim string if desired, like so: +```yaml +config: + startupCustom: + myfile.conf: | + file-used-verbatim +``` +- PAM configuration + - `pam` configuration files + - Located at `config.pam.<< name of file >>` helm values + - Will be mounted verbatim as individual files (using `subPath` mounts) at `/etc/pam.d/<< name of file >>` - config: - session: - pip.conf: - "global": - index-url: https://packagemanager.posit.co/pypi/latest/simple - trusted-host: packagemanager.posit.co - ``` +### Configuring R and Python repositories #### R repositories -R package repositories can be configured with `config.session.repos.conf`: +R package repositories can be configured with `config.session.repos.conf`. -```yaml +``` config: session: repos.conf: CRAN: https://packagemanager.posit.co/cran/__linux__/jammy/latest ``` -For more information about configuring CRAN repositories in Workbench, see the [Posit Workbench Administrator Guide's - Package Installation > CRAN repositories](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories) section. +For more information about configuring CRAN repositories in Workbench refer to the [Admin Guide](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories). -## User provisioning +#### Python repositories + +pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mounted into the session pods it is important that `launcher.useTemplates: true` is set and `pip.conf` settings are listed under `config.session` like in the example below for adding Posit Public Package Manager's PyPI. -Provisioning users in Workbench containers is challenging. Session images create users automatically (with -consistent UIDs / GIDs). However, creating users in the Workbench containers is a responsibility that falls to the -administrator. +``` +launcher: + useTemplates: true + +config: + session: + pip.conf: + "global": + index-url: https://packagemanager.posit.co/pypi/latest/simple + trusted-host: packagemanager.posit.co +``` + +## User Provisioning + +Provisioning users in RStudio Workbench containers is challenging. Session images have users created automatically (with +consistent UIDs / GIDs), but creating users in the Workbench containers is a responsibility that falls to the +administrator today. The most common way to provision users is via `sssd`. -The [latest Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) +The [latest RStudio Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) has `sssd` included and running by default (see `userProvisioning` configuration files above). -The other way that this can be managed is via a lightweight startup service (runs once at startup and then sleeps forever) +The other way that this can be managed is via a lightweight "startup service" (runs once at startup and then sleeps forever) or a polling service (checks at regular intervals). Either can be written easily in `bash` or another programming language. +However, it is important to be careful of a few points: -However, it is important to use caution for the following: - -- UID / GID consistency: - - Linux usernames and their matching to UID/GID must be consistent across all nodes and across time. - - Failing can cause security issues and access by some users to access view they should not be allowed to see. -- Usernames cannot have `@`. - - The `@` sign (often used in emails with SSO) is a problem for Workbench because some operating systems disallow `@` signs in linux usernames. -- `supervisord` is configured by default to exit if any of its child processes exit. - - If you use `config.startupCustom` to configure a user management service, be careful that it does not exit unnecessarily. +- UID / GID consistency: linux usernames and their matching to UID/GID must be consistent across all nodes and across + time. Failing this can cause security issues and access by some users to files they should not be allowed to see +- usernames cannot have `@`. The `@` sign (often used in emails with SSO) is a problem for RStudio Workbench because + some operating systems disallow `@` signs in linux usernames +- `supervisord` is configured by default to exit if any of its child processes exit. If you use `config.startupCustom` + to configure a user management service, be careful that it does not exit unnecessarily -We do not provide such a service out-of-the box because we intend for Workbench to solve this problem in a -future release. Please contact your account representative if you have feedback or questions about this +We do not provide such a service out of the box because we intend for RStudio Workbench to solve this problem in a +future release. Please get in touch with your account representative if you have feedback or questions about this workflow. ### PAM -When starting sessions on Workbench, PAM configuration is often very important, even if PAM is not being used as -an authentication mechanism. The Workbench Helm chart allows creating custom PAM files via the `config.pam` +When starting sessions on RStudio Workbench, PAM configuration is often very important, even if PAM is not being used as +an authentication mechanism. The RStudio Workbench helm chart allows creating custom PAM files via the `config.pam` values section. -Each key under `config.pam` becomes a PAM configuration file, and is mounted into `/etc/pam.d/` in the container. For +Each key under `config.pam` will become a PAM config file, and will be mounted into `/etc/pam.d/` in the container. For example: ```yaml @@ -288,17 +279,17 @@ Profiles are used to define product behavior (in `.ini` file format) based on us Sections define whether a set of configurations is applied to a user's jobs based on the following criteria: -- If section header is `[*]`, it applies to all users. -- If a user's username is `myusername`, the section `[myusername]` applies to them. -- If a user is in the `allusers` group, then the section `[@allusers]` applies to them +- if section header is `[*]`, it applies to all users +- if a user's username is `myusername`, the section `[myusername]` will apply to them +- if a user is in the `allusers` group, then the section `[@allusers]` will apply to them The product reads configuration from top to bottom and "last-in-wins" for a given configuration value. ### `/etc/rstudio/profiles` -The `/etc/rstudio/profiles` file enables you to tailor the behavior of sessions on a per-user or per-group basis. See the [Posit Workbench Administrator Guide - User and Group Profiles](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.html) page for more information. +The `/etc/rstudio/profiles` file enables you to tailor the behavior of sessions on a per-user or per-group basis. See the Workbench Admin Guide [User and Group Profiles](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.html) page for more details. -In the `values.yaml`, define the content of `/etc/rstudio/profiles` in `config.server.profiles`. For example: +In the `values.yaml`, the content of `/etc/rstudio/profiles` should be defined in `config.server.profiles`. For example: ```yaml config: @@ -321,17 +312,17 @@ session-timeout-minutes=60 ### `/etc/rstudio/launcher.kubernetes.profiles.conf` -The `/etc/rstudio/launcher.kubernetes.profiles.conf` contains the configuration of resource limits by user and group when using the Kubernetes Launcher Plugin. In the `values.yaml`, define the content of `/etc/rstudio/launcher.kubernetes.profiles.conf ` in the `config.profiles.launcher.kubernetes.profiles.conf` file. The `config.profiles` section has a couple of niceties that are added in by default. +The `/etc/rstudio/launcher.kubernetes.profiles.conf` contains the configuration of resource limits by user and group when using the Kubernetes Launcher Plugin. In the `values.yaml`, the content of `/etc/rstudio/launcher.kubernetes.profiles.conf ` should be defined in `config.profiles.launcher.kubernetes.profiles.conf`. The `config.profiles` section has a couple of niceties that are added in by default. -- YAML arrays like the following becomes "comma-joined." For instance, the following becomes: `some-key=value1,value2` +- YAML arrays like the following will be "comma-joined." For instance, the following will become: `some-key=value1,value2` - ```yaml - some-key: - - value1 - - value2 - ``` +```yaml +some-key: + - value1 + - value2 +``` -- The `[*]` section has arrays "appended" to user and group sections, along with "defaults" defined by the chart. +- The `[*]` section will have arrays "appended" to user and group sections, along with "defaults" defined by the chart. For example: @@ -348,7 +339,6 @@ config: - value4 - value5 ``` - Becomes: _/etc/rstudio/launcher.kubernetes.profiles.conf_ @@ -360,24 +350,23 @@ some-key: value1,value2 some-key: value1,value2,value3,value4 ``` -:::{.callout-note} -This appending/concatenation/array translation behavior only works with the helm chart. -::: +> NOTE: this appending/concatenation/array translation behavior only works with the helm chart -### Job Json overrides +### Job Json Overrides -If you want to customize the job launch process (i.e., how sessions are defined), edit the following configuration: +If you want to customize the job launch process (i.e. how sessions are defined), you will need to edit the following +configuration: + - modify `config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` + - create an array of maps with the following keys: + - `target`: the "target" part of the job spec to replace + - `name`: a unique identifier (ideally with no spaces) that will become a config filename on disk + - `json`: a YAML value that will be translated directly to JSON and injected into the job spec at `target` -- Modify: - ```yaml - config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` - ``` -- Create an array of maps with the following keys: - - `target`: The "target" part of the job spec to replace. - - `name`: A unique identifier (ideally with no spaces) becomes a configuration filename on disk. - - `json`: A YAML value that is translated directly to JSON and injected into the job spec at `target`. +Note that several examples are provided +in [this support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) +(however, examples do not use the helm chart syntax there). -Explore the docs in the [Helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md) for additional information. +Alternatively, you can explore the docs in the [helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md) ```yaml config: @@ -397,11 +386,10 @@ config: - "two-image:tag ``` -## Sealed secrets +## Sealed Secrets +This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. -This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via Helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. - -To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted (the chart does not support mixing encrypted values with unencrypted values): +To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted. The chart does not support mixing encrypted values with unencrypted values. - `config.secret` - `config.sessionSecret` @@ -409,7 +397,7 @@ To activate the use of `SealedSecret` templates instead of `Secret` templates in - `launcherPem` - `secureCookieKey` (or `global.secureCookieKey`) -Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key, which can be generated via an RSA tool such as Helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID, which can be generated via a UUID generator such as Helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. +Use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key which can be generated via an RSA tool such as helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID which can be generated via a UUID generator such as helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. ## Values @@ -558,3 +546,4 @@ Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) + From da7a2c9540cd716db335404c54b1a2780eafb6cd Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Tue, 14 May 2024 08:35:13 -0400 Subject: [PATCH 040/284] PPM edits --- charts/rstudio-pm/README.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 5e29c092..fde9eb3e 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -136,12 +136,12 @@ should be avoided if at all possible. ## General Principles -- In most places, we opt to pass helm values over configmaps. We translate these into the valid `.gcfg` file format +- In most places, we opt to pass Helm values over configmaps. We translate these into the valid `.gcfg` file format required by rstudio-pm. ## Configuration File -The configuration values all take the form of usual helm values +The configuration values all take the form of usual Helm values so you can set the database password with something like: ``` @@ -202,7 +202,7 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | readinessProbe | object | `{"enabled":true,"failureThreshold":3,"httpGet":{"path":"/__ping__","port":4242},"initialDelaySeconds":3,"periodSeconds":3,"successThreshold":1,"timeoutSeconds":1}` | readinessProbe is used to configure the container's readinessProbe | | replicas | int | `1` | replicas is the number of replica pods to maintain for this service | | resources | object | `{"limits":{"cpu":"2000m","enabled":false,"ephemeralStorage":"200Mi","memory":"4Gi"},"requests":{"cpu":"100m","enabled":false,"ephemeralStorage":"100Mi","memory":"2Gi"}}` | resources define requests and limits for the rstudio-pm pod | -| rootCheckIsFatal | bool | `true` | Whether the check for root accounts in the config file is fatal. This is meant to simplify migration to the new helm chart version. | +| rootCheckIsFatal | bool | `true` | Whether the check for root accounts in the config file is fatal. This is meant to simplify migration to the new Helm chart version. | | rstudioPMKey | bool | `false` | rstudioPMKey is the rstudio-pm key used for the RStudio Package Manager service | | service.annotations | object | `{}` | Annotations for the service, for example to specify [an internal load balancer](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer) | | service.clusterIP | string | `""` | The cluster-internal IP to use with `service.type` ClusterIP | @@ -232,8 +232,7 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | strategy | object | `{"rollingUpdate":{"maxSurge":"100%","maxUnavailable":0},"type":"RollingUpdate"}` | The update strategy used by the main service pod. | | tolerations | list | `[]` | An array used verbatim as the pod's "tolerations" definition | | topologySpreadConstraints | list | `[]` | An array used verbatim as the pod's "topologySpreadConstraints" definition | -| versionOverride | string | `""` | A Package Manager version to override the "tag" for the RStudio Package Manager image. Necessary until https://github.com/helm/helm/issues/8194 | +| versionOverride | string | `""` | A Package Manager version to override the "tag" for the Posit Package Manager image. Necessary until https://github.com/helm/helm/issues/8194 | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) - From 0e17b3ced01a018c2d775227763b7a064d9f7e65 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 14 May 2024 12:36:27 +0000 Subject: [PATCH 041/284] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 2 +- charts/rstudio-pm/README.md | 50 +++++++++++++++----------------- 2 files changed, 24 insertions(+), 28 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 066cd564..a44de207 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -7,7 +7,7 @@ Business Users and Collaborators use R and Python data products on [Posit Connect](https://posit.co/products/enterprise/connect/) that are published by Data Scientists. -## Best practices +## Best Practices Helm charts are very useful tools for deploying resources into Kubernetes, however, they do require some familiarity with kubernetes and `helm` itself. Please ensure you have adequate training and diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index fde9eb3e..b6f9d265 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -2,51 +2,46 @@ ![Version: 0.5.25](https://img.shields.io/badge/Version-0.5.25-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) -#### _Official Helm chart for Posit Package Manager_ +#### _Official Helm chart for RStudio Package Manager_ IT Administrators use [Posit Package Manager](https://posit.co/products/enterprise/package-manager/) to control and manage R and Python packages that Data Scientists need to create and share data products. -## For production +## For Production -To ensure a stable production deployment: +To ensure a stable production deployment, please: -* "Pin" the version of the Helm chart that you are using. You can do this using the: - * `helm dependency` command *and* the associated "Chart.lock" files *or* - * the `--version` flag. - - ::: {.callout-important} - This protects you from breaking changes. - ::: +* Ensure you "pin" the version of the Helm chart that you are using. You can do + this using the `helm dependency` command and the associated "Chart.lock" files + or the `--version` flag. **IMPORTANT: This protects you from breaking changes** +* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check + for breaking changes +* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking + changes, as well as documentation below on how to use the chart -* Before upgrading check for breaking changes using `helm diff upgrade`. -* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. - -## Installing the chart +## Installing the Chart To install the chart with the release name `my-release` at version 0.5.25: -```{.bash} +```bash helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.25 ``` To explore other chart versions, take a look at: - -```{.bash} +``` helm search repo rstudio/rstudio-pm -l ``` -## Upgrade guidance +## Upgrade Guidance ### 0.4.0 -* When upgrading to version 0.4.0 or later, the Package Manager service moves from running as `root` to running as - the `rstudio-pm` user (with `uid:gid` `999:999`) -* A `chown` of persistent storage may be required. The issue has been recorded and the team is working to implement an automatic fix. - * To disable an automatic fixup / hook, set `enableMigrations=false`. +- When upgrading to version 0.4.0 or later, the Package Manager service moves from running as `root` to running as + the `rstudio-pm` user (with `uid:gid` `999:999`). A `chown` of persistent storage may be required. We will try to + fix this up automatically. Set `enableMigrations=false` to disable the automatic fixup / hook. -## Required configuration +## Required Configuration This chart requires the following in order to function: @@ -136,12 +131,12 @@ should be avoided if at all possible. ## General Principles -- In most places, we opt to pass Helm values over configmaps. We translate these into the valid `.gcfg` file format +- In most places, we opt to pass helm values over configmaps. We translate these into the valid `.gcfg` file format required by rstudio-pm. ## Configuration File -The configuration values all take the form of usual Helm values +The configuration values all take the form of usual helm values so you can set the database password with something like: ``` @@ -202,7 +197,7 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | readinessProbe | object | `{"enabled":true,"failureThreshold":3,"httpGet":{"path":"/__ping__","port":4242},"initialDelaySeconds":3,"periodSeconds":3,"successThreshold":1,"timeoutSeconds":1}` | readinessProbe is used to configure the container's readinessProbe | | replicas | int | `1` | replicas is the number of replica pods to maintain for this service | | resources | object | `{"limits":{"cpu":"2000m","enabled":false,"ephemeralStorage":"200Mi","memory":"4Gi"},"requests":{"cpu":"100m","enabled":false,"ephemeralStorage":"100Mi","memory":"2Gi"}}` | resources define requests and limits for the rstudio-pm pod | -| rootCheckIsFatal | bool | `true` | Whether the check for root accounts in the config file is fatal. This is meant to simplify migration to the new Helm chart version. | +| rootCheckIsFatal | bool | `true` | Whether the check for root accounts in the config file is fatal. This is meant to simplify migration to the new helm chart version. | | rstudioPMKey | bool | `false` | rstudioPMKey is the rstudio-pm key used for the RStudio Package Manager service | | service.annotations | object | `{}` | Annotations for the service, for example to specify [an internal load balancer](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer) | | service.clusterIP | string | `""` | The cluster-internal IP to use with `service.type` ClusterIP | @@ -232,7 +227,8 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | strategy | object | `{"rollingUpdate":{"maxSurge":"100%","maxUnavailable":0},"type":"RollingUpdate"}` | The update strategy used by the main service pod. | | tolerations | list | `[]` | An array used verbatim as the pod's "tolerations" definition | | topologySpreadConstraints | list | `[]` | An array used verbatim as the pod's "topologySpreadConstraints" definition | -| versionOverride | string | `""` | A Package Manager version to override the "tag" for the Posit Package Manager image. Necessary until https://github.com/helm/helm/issues/8194 | +| versionOverride | string | `""` | A Package Manager version to override the "tag" for the RStudio Package Manager image. Necessary until https://github.com/helm/helm/issues/8194 | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) + From 0d14e73dfa4a61643a50369f71afecc8523d699a Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Tue, 14 May 2024 08:37:53 -0400 Subject: [PATCH 042/284] Revert "Update helm-docs and README.md" This reverts commit 93c1265bb58af4cabad7a722985cafcf91fd9ee4. --- charts/rstudio-connect/README.md | 2 +- charts/rstudio-pm/README.md | 50 +++++++++++++++++--------------- 2 files changed, 28 insertions(+), 24 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index a44de207..066cd564 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -7,7 +7,7 @@ Business Users and Collaborators use R and Python data products on [Posit Connect](https://posit.co/products/enterprise/connect/) that are published by Data Scientists. -## Best Practices +## Best practices Helm charts are very useful tools for deploying resources into Kubernetes, however, they do require some familiarity with kubernetes and `helm` itself. Please ensure you have adequate training and diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index b6f9d265..fde9eb3e 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -2,46 +2,51 @@ ![Version: 0.5.25](https://img.shields.io/badge/Version-0.5.25-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) -#### _Official Helm chart for RStudio Package Manager_ +#### _Official Helm chart for Posit Package Manager_ IT Administrators use [Posit Package Manager](https://posit.co/products/enterprise/package-manager/) to control and manage R and Python packages that Data Scientists need to create and share data products. -## For Production +## For production -To ensure a stable production deployment, please: +To ensure a stable production deployment: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check - for breaking changes -* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +* "Pin" the version of the Helm chart that you are using. You can do this using the: + * `helm dependency` command *and* the associated "Chart.lock" files *or* + * the `--version` flag. + + ::: {.callout-important} + This protects you from breaking changes. + ::: -## Installing the Chart +* Before upgrading check for breaking changes using `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. + +## Installing the chart To install the chart with the release name `my-release` at version 0.5.25: -```bash +```{.bash} helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.25 ``` To explore other chart versions, take a look at: -``` + +```{.bash} helm search repo rstudio/rstudio-pm -l ``` -## Upgrade Guidance +## Upgrade guidance ### 0.4.0 -- When upgrading to version 0.4.0 or later, the Package Manager service moves from running as `root` to running as - the `rstudio-pm` user (with `uid:gid` `999:999`). A `chown` of persistent storage may be required. We will try to - fix this up automatically. Set `enableMigrations=false` to disable the automatic fixup / hook. +* When upgrading to version 0.4.0 or later, the Package Manager service moves from running as `root` to running as + the `rstudio-pm` user (with `uid:gid` `999:999`) +* A `chown` of persistent storage may be required. The issue has been recorded and the team is working to implement an automatic fix. + * To disable an automatic fixup / hook, set `enableMigrations=false`. -## Required Configuration +## Required configuration This chart requires the following in order to function: @@ -131,12 +136,12 @@ should be avoided if at all possible. ## General Principles -- In most places, we opt to pass helm values over configmaps. We translate these into the valid `.gcfg` file format +- In most places, we opt to pass Helm values over configmaps. We translate these into the valid `.gcfg` file format required by rstudio-pm. ## Configuration File -The configuration values all take the form of usual helm values +The configuration values all take the form of usual Helm values so you can set the database password with something like: ``` @@ -197,7 +202,7 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | readinessProbe | object | `{"enabled":true,"failureThreshold":3,"httpGet":{"path":"/__ping__","port":4242},"initialDelaySeconds":3,"periodSeconds":3,"successThreshold":1,"timeoutSeconds":1}` | readinessProbe is used to configure the container's readinessProbe | | replicas | int | `1` | replicas is the number of replica pods to maintain for this service | | resources | object | `{"limits":{"cpu":"2000m","enabled":false,"ephemeralStorage":"200Mi","memory":"4Gi"},"requests":{"cpu":"100m","enabled":false,"ephemeralStorage":"100Mi","memory":"2Gi"}}` | resources define requests and limits for the rstudio-pm pod | -| rootCheckIsFatal | bool | `true` | Whether the check for root accounts in the config file is fatal. This is meant to simplify migration to the new helm chart version. | +| rootCheckIsFatal | bool | `true` | Whether the check for root accounts in the config file is fatal. This is meant to simplify migration to the new Helm chart version. | | rstudioPMKey | bool | `false` | rstudioPMKey is the rstudio-pm key used for the RStudio Package Manager service | | service.annotations | object | `{}` | Annotations for the service, for example to specify [an internal load balancer](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer) | | service.clusterIP | string | `""` | The cluster-internal IP to use with `service.type` ClusterIP | @@ -227,8 +232,7 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | strategy | object | `{"rollingUpdate":{"maxSurge":"100%","maxUnavailable":0},"type":"RollingUpdate"}` | The update strategy used by the main service pod. | | tolerations | list | `[]` | An array used verbatim as the pod's "tolerations" definition | | topologySpreadConstraints | list | `[]` | An array used verbatim as the pod's "topologySpreadConstraints" definition | -| versionOverride | string | `""` | A Package Manager version to override the "tag" for the RStudio Package Manager image. Necessary until https://github.com/helm/helm/issues/8194 | +| versionOverride | string | `""` | A Package Manager version to override the "tag" for the Posit Package Manager image. Necessary until https://github.com/helm/helm/issues/8194 | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) - From 9b5cd2f88dd098aad22e5aafd506de8707ffa113 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Tue, 14 May 2024 08:41:46 -0400 Subject: [PATCH 043/284] Revert "Merge branch 'ah/editing-pass' of https://github.com/rstudio/helm into ah/editing-pass" This reverts commit 8713b44aabd5648808c214f4d0ffea886bd39ef3, reversing changes made to 2f87134bb1db9640f6748bb3cffc59ba40f98a1f. --- charts/rstudio-connect/README.md | 83 +++---- charts/rstudio-workbench/README.md | 379 +++++++++++++++-------------- 2 files changed, 237 insertions(+), 225 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 066cd564..bd2bd796 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -2,7 +2,7 @@ ![Version: 0.6.6](https://img.shields.io/badge/Version-0.6.6-informational?style=flat-square) ![AppVersion: 2024.04.1](https://img.shields.io/badge/AppVersion-2024.04.1-informational?style=flat-square) -#### _Official Helm chart for RStudio Connect_ +#### _Official Helm chart for Posit Connect_ Business Users and Collaborators use R and Python data products on [Posit Connect](https://posit.co/products/enterprise/connect/) that are published by Data Scientists. @@ -12,56 +12,63 @@ that are published by Data Scientists. Helm charts are very useful tools for deploying resources into Kubernetes, however, they do require some familiarity with kubernetes and `helm` itself. Please ensure you have adequate training and IT support before deploying these charts into production environments. Reach out to your account representative -if you need help deciding whether helm is a good choice for your deployment. +if you need help deciding whether Helm is a good choice for your deployment. To ensure reproducibility in your environment and insulate yourself from future changes, please: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use the `helm-diff` plugin and `helm diff upgrade` to check - for breaking changes -* Read [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +* "Pin" the version of the Helm chart that you are using. You can do + this using the: + * `helm dependency` command and the associated "Chart.lock" files _or_ + * the `--version` flag. -## Installing the Chart + :::{.callout-important} + This protects you from breaking changes** + ::: + +* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. + +## Installing the chart To install the chart with the release name `my-release` at version 0.6.6: -```bash +```{.bash} helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/rstudio-connect --version=0.6.6 ``` To explore other chart versions, take a look at: -``` + +```{.bash} helm search repo rstudio/rstudio-connect -l ``` -## Required Configuration +## Required configuration -This chart requires the following in order to function: +To function, this chart requires the following: -* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. +* A license file. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the data directory for Connect. - * If `sharedStorage.create` is set, a PVC that relies on the default storage class will be created to generate the PersistentVolume. + * If `sharedStorage.create` is set, a Persistent Volume Claim (PVC) that relies on the default storage class will be created to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use with `ReadWriteMany` access mode out-of-the-box. - In this case, we recommend you disable `sharedStorage.create` and create your own `PersistentVolume` and `PersistentVolumeClaim`, then - mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `sharedStorage.name` and `sharedStorage.mount`. - * If you cannot use a `PersistentVolume` to properly mount your data directory, you'll need to mount your data in the container - by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes), specified in `pod.volumes` and `pod.volumeMounts`. + In this case, we recommend you: + * Disable `sharedStorage.create` and create your own `PersistentVolume` and `PersistentVolumeClaim`, then + * Mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `sharedStorage.name` and `sharedStorage.mount`. + * If you cannot use a `PersistentVolume` to properly mount your users' home directories, mount your + data in the container by using a + regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes/#nfs), specified in `pod.volumes` + and `pod.volumeMounts`. ## Licensing -This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. - -### License File +This chart supports activating the product using a *license file*. -We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. +- We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -`kubectl create secret generic rstudio-connect-license --from-file=licenses/rstudio-connect.lic` +```{.bash} +kubectl create secret generic rstudio-connect-license --from-file=licenses/rstudio-connect.lic Second, specify the following values: @@ -74,29 +81,23 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -`--set-file license.file.contents=licenses/rstudio-connect.lic` - -### License Key - -Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. - -### License Server - -Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. +```{.bash} +--set-file license.file.contents=licenses/rstudio-connect.lic +``` -## General Principles +## General principles -- In most places, we opt to pass helm values over configmaps. We translate these into the valid `.gcfg` file format -required by rstudio-connect. -- rstudio-connect does not export many prometheus metrics on its own. Instead, we run a sidecar graphite exporter +- In most places, we opt to pass Helm values over ConfigMaps. We translate these into the valid `.gcfg` file format +required by `rstudio-connect`. +- `rstudio-connect` does not export many prometheus metrics on its own. Instead, we run a sidecar graphite exporter [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) -## Configuration File +## Configuration file -The configuration values all take the form of usual helm values +The configuration values all take the form of usual Helm values so you can set the database password with something like: -``` +```{.bash} ... --set config.Postgres.Password=mypassword ... ``` diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 9cda63d7..79dfc3f9 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,25 +1,31 @@ -# Posit Workbench +--- +title: Posit Workbench +code-overflow: wrap +--- ![Version: 0.7.3](https://img.shields.io/badge/Version-0.7.3-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) -#### _Official Helm chart for RStudio Workbench_ +#### _Official Helm chart for Posit Workbench_ Data Scientists use [Posit Workbench](https://posit.co/products/enterprise/workbench/) to analyze data and create data products using R and Python. -## For Production +## For production -To ensure a stable production deployment, please: +To ensure a stable production deployment: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check - for breaking changes -* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +* "Pin" the version of the Helm chart that you are using. You can do this using the: + * `helm dependency` command *and* the associated "Chart.lock" files *or* + * the `--version` flag. + + ::: {.callout-important} + This protects you from breaking changes. + ::: -## Installing the Chart +* Before upgrading check for breaking changes using `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. + +## Installing the chart To install the chart with the release name `my-release` at version 0.7.3: @@ -29,59 +35,64 @@ helm upgrade --install my-release rstudio/rstudio-workbench --version=0.7.3 ``` To explore other chart versions, take a look at: -``` + +```bash helm search repo rstudio/rstudio-workbench -l ``` -## Required Configuration +## Required configuration -This chart requires the following in order to function: +To function, this chart requires the following: -* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. +* A license file. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the home directory for users. - * If `homeStorage.create` is set, a PVC that relies on the default storage class will be created to generate the + * If `homeStorage.create` is set, it creates a Persistent Volume Claim (PVC) that relies on the default storage class to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use - with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend you disable `homeStorage.create` and - create your own `PersistentVolume` and `PersistentVolumeClaim`, then mount them into the container by specifying + with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend that you: + * Disable `homeStorage.create` and + create your own `PersistentVolume` and `PersistentVolumeClaim`, then + * Mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `homeStorage.name` and `homeStorage.mount`. - * If you cannot use a `PersistentVolume` to properly mount your users' home directories, you'll need to mount your + * If you cannot use a `PersistentVolume` to properly mount your users' home directories, mount your data in the container by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes/#nfs), specified in `pod.volumes` and `pod.volumeMounts`. - * If you cannot use a `Volume` to mount the directories, you'll need to manually mount them during container startup + * If you cannot use a `Volume` to mount the directories, manually mount them during container startup with a mechanism similar to what is described below for joining to auth domains. - * If not using `homeStorage.create`, you'll need to configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions. -* If using load balancing (by setting `replicas > 1`), you will need similar storage defined for `sharedStorage` to + * If not using `homeStorage.create`, configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions. +* If using load balancing (by setting `replicas > 1`), you need similar storage defined for `sharedStorage` to store shared project configuration. However, you can also configure the product to store its shared data underneath `/home` by setting `config.server.rserver\.conf.server-shared-storage-path=/home/some-shared-dir`. * A method to join the deployed `rstudio-workbench` container to your auth domain. The default `rstudio/rstudio-workbench` image has `sssd` installed and started by default. You can include `sssd` configuration in `config.userProvisioning` like so: -```yaml -config: - userProvisioning: - mysssd.conf: - sssd: - config_file_version: 2 - services: nss, pam - domains: rstudio.com - domain/rstudio.com: - id_provider: ldap - auth_provider: ldap -``` -## Licensing + ```yaml + config: + userProvisioning: + mysssd.conf: + sssd: + config_file_version: 2 + services: nss, pam + domains: rstudio.com + domain/rstudio.com: + id_provider: ldap + auth_provider: ldap + ``` -This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. +## Licensing -### License File +This chart supports activating the product using a *license file*. -We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. +- We recommend *against* directly placing the license file in your values file. +- We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -`kubectl create secret generic rstudio-workbench-license --from-file=licenses/rstudio-workbench.lic` +```{.bash} +kubectl create secret generic rstudio-workbench-license --from-file=licenses/rstudio-workbench.lic +``` Second, specify the following values: @@ -94,39 +105,32 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -`--set-file license.file.contents=licenses/rstudio-workbench.lic` - -### License Key - -Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. - -### License Server - -Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. +```bash +--set-file license.file.contents=licenses/rstudio-workbench.lic +``` -## General Principles +## General principles - In most places, we opt to pass Helm values directly into ConfigMaps. We automatically translate these into the - valid `.ini` or `.dcf` file formats required by RStudio Workbench. Those config files and their mount locations are - below. -- If you need to modify the jobs launched by RStudio Workbench, you want to use `job-json-overrides`. There is a section on this below - and [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) - on the topic in general. -- The prestart scripts for RStudio Workbench and RStudio Launcher are highly customized to: - - Get the service account information off of the RStudio Workbench pod for use in launching jobs -- RStudio Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter - [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) + valid `.ini` or `.dcf` file formats required by Workbench. + - Those configuration files and their mount locations are covered in the [Configuration files](#configuration-files) section below. +- If you need to modify the jobs launched by Workbench, use `job-json-overrides`. + - Review the [Job Json overrides](#job-json-overrides) section on this below. For general information, see [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes). +- The prestart scripts for Workbench and Posit Job Launcher are highly customized to get the service account information off of the Workbench pod for use in launching jobs. +- Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter. + - This is described in the + [Monitoring Posit Team Using Prometheus and Graphite](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) support article. ## Configuration files -These configuration values all take the form of usual helm values -so you can set the database password with something like: +These configuration values all take the form of usual Helm values +so you can set the database password with similar to: -``` +```bash ... --set config.secret.database\.conf.password=mypassword ... ``` -The files are converted into configuration files in the necessary format via go-templating. If you want to "in-line" a config file or mount it verbatim, you can use a pattern like: +The files are converted into configuration files, in the required format, via go-templating. If you want to "in-line" a configuration file or mount it verbatim, you can use a pattern like: ```yaml config: @@ -136,130 +140,135 @@ config: ``` The names of files are dynamically used, so you can add new files as needed. Beware that some files have default values, -so moving them can have adverse effects. Also, if you use a different mounting paradigm, you will need to change -the `XDG_CONFIG_DIRS` environment variable +so moving them can have adverse effects. Also, if you use a different mounting paradigm, you need to change +the `XDG_CONFIG_DIRS` environment variable. - Session Configuration - These configuration files are mounted into the server and - are mounted into the session pods as well. + are mounted into the session pods. - `repos.conf`, `rsession.conf`, `notifications.conf` - - located in the `config.session.<< name of file >>` helm values - - mounted at `/mnt/session-configmap/rstudio/` -- Session Secret Configuration - - These configuration files are mounted into the server and session pods as well - - `odbc.ini` and other similar shared secrets - - located in `config.sessionSecret.<< name of file>>` helm values - - mounted at `/mnt/session-secret/` -- Secret Configuration - - These configuration files are mounted into the server with more restrictive permissions (0600) + - Located in:
      `config.session.<< name of file >>` Helm values + - Mounted at:
      `/mnt/session-configmap/rstudio/` +- Session Secret Configuration: + - These configuration files are mounted into the server and session pods. + - `odbc.ini` and other similar shared secrets. + - Located in:
      `config.sessionSecret.<< name of file>>` Helm values + - Mounted at:
      `/mnt/session-secret/` +- Secret Configuration: + - These configuration files are mounted into the server with more restrictive permissions (0600). - `database.conf`, `openid-client-secret`, `databricks.conf` - - They are located in the `config.secret.<< name of file >>` helm values - - mounted at `/mnt/secret-configmap/rstudio/` -- Server Configuration - - These configuration files are mounted into the server (.ini file format) + - Located in:
      `config.secret.<< name of file >>` Helm values + - Mounted at:
      `/mnt/secret-configmap/rstudio/` +- Server Configuration: + - These configuration files are mounted into the server (.ini file format). - `rserver.conf`, `launcher.conf`, `jupyter.conf`, `logging.conf` - - They are located at `config.server.<< name of file >>` helm values - - mounted at `/mnt/configmap/rstudio/` -- Server DCF Configuration - - These configuration files are mounted into the server (.dcf file format) + - Located at:
      `config.server.<< name of file >>` Helm values + - Mounted at:
      `/mnt/configmap/rstudio/` +- Server DCF Configuration: + - These configuration files are mounted into the server (.dcf file format). - `launcher-mounts`, `launcher-env` - - They are located at `config.serverDcf.<< name of file >>` helm values - - included at `/mnt/configmap/rstudio/` -- Profiles Configuration - - These configuration files are mounted into the server (.ini file format) + - Located at:
      `config.serverDcf.<< name of file >>` Helm values + - Included at:
      `/mnt/configmap/rstudio/` +- Profiles Configuration: + - These configuration files are mounted into the server (.ini file format). - `launcher.kubernetes.profiles.conf` - - They are located at `config.profiles.<< name of file >>` helm values - - included at `/mnt/configmap/rstudio/` - - See the `Profiles` section below for more information -- Prestart - - This is provided by the helm chart in a configmap - - It is mounted into the pod at `/scripts/` - - `prestart-workbench.bash` is used to start workbench - - `prestart-launcher.bash` is used to start launcher -- User Provisioning Configuration - - These configuration files are used for configuring user provisioning (i.e. `sssd`) - - Located at `config.userProvisioning.<< name of file >>` helm values - - Mounted onto `/etc/sssd/conf.d/` with `0600` permissions by default -- Custom Startup Configuration - - `supervisord` service / unit definition `.conf` files - - Located at `config.startupCustom.<< name of file >>` helm values - - Will use the `.ini` file format, by default - - Mounted at `/startup/custom` - - As with all config files above, can override with a verbatim string if desired, like so: -```yaml -config: - startupCustom: - myfile.conf: | - file-used-verbatim -``` -- PAM configuration - - `pam` configuration files - - Located at `config.pam.<< name of file >>` helm values - - Will be mounted verbatim as individual files (using `subPath` mounts) at `/etc/pam.d/<< name of file >>` - -### Configuring R and Python repositories + - They are located at `config.profiles.<< name of file >>` Helm values + - Included at:
      `/mnt/configmap/rstudio/` + - See the [Profiles](#rstudio-profiles) section below for more information. +- Prestart: + - This is provided by the Helm chart in a configmap. + - It is mounted into the pod at `/scripts/`. + - `prestart-workbench.bash` is used to start workbench. + - `prestart-launcher.bash` is used to start launcher. +- User Provisioning Configuration: + - These configuration files are used for configuring user provisioning (i.e., `sssd`). + - Located at:
      `config.userProvisioning.<< name of file >>` Helm values + - Mounted onto:
      `/etc/sssd/conf.d/` with `0600` permissions by default. +- Custom Startup Configuration: + - `supervisord` service / unit definition `.conf` files. + - Use the `.ini` file format by default. + - Mounted at:
      `/startup/custom` + - As with all configuration files above, you can override with a verbatim string if desired: + - Located at:
      `config.startupCustom.<< name of file >>` Helm values: + ```yaml + config: + startupCustom: + myfile.conf: | + file-used-verbatim + ``` +- PAM configuration: + - `pam` configuration files. + - Located at:
      `config.pam.<< name of file >>` Helm values + - Mounted verbatim as individual files (using `subPath` mounts) at:
      `/etc/pam.d/<< name of file >>` + +### Configuring Python and R repositories -#### R repositories +#### Python repositories -R package repositories can be configured with `config.session.repos.conf`. +pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mounted into the session pods, it is important that: -``` -config: - session: - repos.conf: - CRAN: https://packagemanager.posit.co/cran/__linux__/jammy/latest -``` +- `launcher.useTemplates: true` is set +- `pip.conf` settings are listed under `config.session` as shown in the following example for adding Posit Public Package Manager's PyPI: -For more information about configuring CRAN repositories in Workbench refer to the [Admin Guide](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories). + ```yaml + launcher: + useTemplates: true -#### Python repositories + config: + session: + pip.conf: + "global": + index-url: https://packagemanager.posit.co/pypi/latest/simple + trusted-host: packagemanager.posit.co + ``` -pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mounted into the session pods it is important that `launcher.useTemplates: true` is set and `pip.conf` settings are listed under `config.session` like in the example below for adding Posit Public Package Manager's PyPI. +#### R repositories -``` -launcher: - useTemplates: true +R package repositories can be configured with `config.session.repos.conf`: +```yaml config: session: - pip.conf: - "global": - index-url: https://packagemanager.posit.co/pypi/latest/simple - trusted-host: packagemanager.posit.co + repos.conf: + CRAN: https://packagemanager.posit.co/cran/__linux__/jammy/latest ``` -## User Provisioning +For more information about configuring CRAN repositories in Workbench, see the [Posit Workbench Administrator Guide's - Package Installation > CRAN repositories](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories) section. -Provisioning users in RStudio Workbench containers is challenging. Session images have users created automatically (with -consistent UIDs / GIDs), but creating users in the Workbench containers is a responsibility that falls to the -administrator today. +## User provisioning + +Provisioning users in Workbench containers is challenging. Session images create users automatically (with +consistent UIDs / GIDs). However, creating users in the Workbench containers is a responsibility that falls to the +administrator. The most common way to provision users is via `sssd`. -The [latest RStudio Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) +The [latest Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) has `sssd` included and running by default (see `userProvisioning` configuration files above). -The other way that this can be managed is via a lightweight "startup service" (runs once at startup and then sleeps forever) +The other way that this can be managed is via a lightweight startup service (runs once at startup and then sleeps forever) or a polling service (checks at regular intervals). Either can be written easily in `bash` or another programming language. -However, it is important to be careful of a few points: -- UID / GID consistency: linux usernames and their matching to UID/GID must be consistent across all nodes and across - time. Failing this can cause security issues and access by some users to files they should not be allowed to see -- usernames cannot have `@`. The `@` sign (often used in emails with SSO) is a problem for RStudio Workbench because - some operating systems disallow `@` signs in linux usernames -- `supervisord` is configured by default to exit if any of its child processes exit. If you use `config.startupCustom` - to configure a user management service, be careful that it does not exit unnecessarily +However, it is important to use caution for the following: + +- UID / GID consistency: + - Linux usernames and their matching to UID/GID must be consistent across all nodes and across time. + - Failing can cause security issues and access by some users to access view they should not be allowed to see. +- Usernames cannot have `@`. + - The `@` sign (often used in emails with SSO) is a problem for Workbench because some operating systems disallow `@` signs in linux usernames. +- `supervisord` is configured by default to exit if any of its child processes exit. + - If you use `config.startupCustom` to configure a user management service, be careful that it does not exit unnecessarily. -We do not provide such a service out of the box because we intend for RStudio Workbench to solve this problem in a -future release. Please get in touch with your account representative if you have feedback or questions about this +We do not provide such a service out-of-the box because we intend for Workbench to solve this problem in a +future release. Please contact your account representative if you have feedback or questions about this workflow. ### PAM -When starting sessions on RStudio Workbench, PAM configuration is often very important, even if PAM is not being used as -an authentication mechanism. The RStudio Workbench helm chart allows creating custom PAM files via the `config.pam` +When starting sessions on Workbench, PAM configuration is often very important, even if PAM is not being used as +an authentication mechanism. The Workbench Helm chart allows creating custom PAM files via the `config.pam` values section. -Each key under `config.pam` will become a PAM config file, and will be mounted into `/etc/pam.d/` in the container. For +Each key under `config.pam` becomes a PAM configuration file, and is mounted into `/etc/pam.d/` in the container. For example: ```yaml @@ -279,17 +288,17 @@ Profiles are used to define product behavior (in `.ini` file format) based on us Sections define whether a set of configurations is applied to a user's jobs based on the following criteria: -- if section header is `[*]`, it applies to all users -- if a user's username is `myusername`, the section `[myusername]` will apply to them -- if a user is in the `allusers` group, then the section `[@allusers]` will apply to them +- If section header is `[*]`, it applies to all users. +- If a user's username is `myusername`, the section `[myusername]` applies to them. +- If a user is in the `allusers` group, then the section `[@allusers]` applies to them The product reads configuration from top to bottom and "last-in-wins" for a given configuration value. ### `/etc/rstudio/profiles` -The `/etc/rstudio/profiles` file enables you to tailor the behavior of sessions on a per-user or per-group basis. See the Workbench Admin Guide [User and Group Profiles](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.html) page for more details. +The `/etc/rstudio/profiles` file enables you to tailor the behavior of sessions on a per-user or per-group basis. See the [Posit Workbench Administrator Guide - User and Group Profiles](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.html) page for more information. -In the `values.yaml`, the content of `/etc/rstudio/profiles` should be defined in `config.server.profiles`. For example: +In the `values.yaml`, define the content of `/etc/rstudio/profiles` in `config.server.profiles`. For example: ```yaml config: @@ -312,17 +321,17 @@ session-timeout-minutes=60 ### `/etc/rstudio/launcher.kubernetes.profiles.conf` -The `/etc/rstudio/launcher.kubernetes.profiles.conf` contains the configuration of resource limits by user and group when using the Kubernetes Launcher Plugin. In the `values.yaml`, the content of `/etc/rstudio/launcher.kubernetes.profiles.conf ` should be defined in `config.profiles.launcher.kubernetes.profiles.conf`. The `config.profiles` section has a couple of niceties that are added in by default. +The `/etc/rstudio/launcher.kubernetes.profiles.conf` contains the configuration of resource limits by user and group when using the Kubernetes Launcher Plugin. In the `values.yaml`, define the content of `/etc/rstudio/launcher.kubernetes.profiles.conf ` in the `config.profiles.launcher.kubernetes.profiles.conf` file. The `config.profiles` section has a couple of niceties that are added in by default. -- YAML arrays like the following will be "comma-joined." For instance, the following will become: `some-key=value1,value2` +- YAML arrays like the following becomes "comma-joined." For instance, the following becomes: `some-key=value1,value2` -```yaml -some-key: - - value1 - - value2 -``` + ```yaml + some-key: + - value1 + - value2 + ``` -- The `[*]` section will have arrays "appended" to user and group sections, along with "defaults" defined by the chart. +- The `[*]` section has arrays "appended" to user and group sections, along with "defaults" defined by the chart. For example: @@ -339,6 +348,7 @@ config: - value4 - value5 ``` + Becomes: _/etc/rstudio/launcher.kubernetes.profiles.conf_ @@ -350,23 +360,24 @@ some-key: value1,value2 some-key: value1,value2,value3,value4 ``` -> NOTE: this appending/concatenation/array translation behavior only works with the helm chart +:::{.callout-note} +This appending/concatenation/array translation behavior only works with the helm chart. +::: -### Job Json Overrides +### Job Json overrides -If you want to customize the job launch process (i.e. how sessions are defined), you will need to edit the following -configuration: - - modify `config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` - - create an array of maps with the following keys: - - `target`: the "target" part of the job spec to replace - - `name`: a unique identifier (ideally with no spaces) that will become a config filename on disk - - `json`: a YAML value that will be translated directly to JSON and injected into the job spec at `target` +If you want to customize the job launch process (i.e., how sessions are defined), edit the following configuration: -Note that several examples are provided -in [this support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) -(however, examples do not use the helm chart syntax there). +- Modify: + ```yaml + config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` + ``` +- Create an array of maps with the following keys: + - `target`: The "target" part of the job spec to replace. + - `name`: A unique identifier (ideally with no spaces) becomes a configuration filename on disk. + - `json`: A YAML value that is translated directly to JSON and injected into the job spec at `target`. -Alternatively, you can explore the docs in the [helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md) +Explore the docs in the [Helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md) for additional information. ```yaml config: @@ -386,10 +397,11 @@ config: - "two-image:tag ``` -## Sealed Secrets -This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. +## Sealed secrets -To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted. The chart does not support mixing encrypted values with unencrypted values. +This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via Helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. + +To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted (the chart does not support mixing encrypted values with unencrypted values): - `config.secret` - `config.sessionSecret` @@ -397,7 +409,7 @@ To activate the use of `SealedSecret` templates instead of `Secret` templates in - `launcherPem` - `secureCookieKey` (or `global.secureCookieKey`) -Use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key which can be generated via an RSA tool such as helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID which can be generated via a UUID generator such as helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. +Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key, which can be generated via an RSA tool such as Helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID, which can be generated via a UUID generator such as Helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. ## Values @@ -546,4 +558,3 @@ Use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) disables ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) - From 14d897c99930b28695e02bd1584184718a757491 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Tue, 14 May 2024 08:59:31 -0400 Subject: [PATCH 044/284] additional readme edits --- charts/rstudio-connect/README.md | 2 +- charts/rstudio-pm/README.md | 45 +++++++++++++----------------- charts/rstudio-workbench/README.md | 7 ++--- 3 files changed, 24 insertions(+), 30 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index bd2bd796..a06044aa 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -63,7 +63,7 @@ To function, this chart requires the following: This chart supports activating the product using a *license file*. -- We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. +We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index fde9eb3e..912d5039 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -50,7 +50,7 @@ helm search repo rstudio/rstudio-pm -l This chart requires the following in order to function: -* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. +* A license file. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the data directory for RSPM. * If `sharedStorage.create` is set, a PVC that relies on the default storage class will be created to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use with `ReadWriteMany` access mode out-of-the-box. @@ -62,15 +62,16 @@ This chart requires the following in order to function: ## Licensing -This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. +This chart supports activating the product using a *license file*. -### License File -We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. +- We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -`kubectl create secret generic rstudio-pm-license --from-file=licenses/rstudio-pm.lic` +```{.bash} +kubectl create secret generic rstudio-pm-license --from-file=licenses/rstudio-pm.lic +``` Second, specify the following values: @@ -83,17 +84,11 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -`--set-file license.file.contents=licenses/rstudio-pm.lic` - -### License Key - -Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. - -### License Server - -Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. +```{.bash} +--set-file license.file.contents=licenses/rstudio-pm.lic +``` -## S3 Configuration +## S3 configuration Package Manager [can be configured to store its data in S3 buckets](https://docs.rstudio.com/rspm/admin/files-directories/#data-destinations), @@ -131,20 +126,20 @@ awsAccessKeyId: your-access-key-id awsSecretAccessKey: your-secret-access-key ``` -Bear in mind that static, long-lived credentials are the least secure option and +Consider that static, long-lived credentials are the least secure option and should be avoided if at all possible. -## General Principles +## General principles -- In most places, we opt to pass Helm values over configmaps. We translate these into the valid `.gcfg` file format -required by rstudio-pm. +In most places, we opt to pass Helm values over ConfigMaps. We translate these into the valid `.gcfg` file format +required by `rstudio-pm`. -## Configuration File +## Configuration file The configuration values all take the form of usual Helm values so you can set the database password with something like: -``` +```{.bash} ... --set config.Postgres.Password=mypassword ... ``` @@ -159,7 +154,7 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | awsAccessKeyId | bool | `false` | awsAccessKeyId is the access key id for s3 access, used also to gate file creation | | awsSecretAccessKey | string | `nil` | awsSecretAccessKey is the secret access key, needs to be filled if access_key_id is | | command | bool | `false` | command is the pod's run command. By default, it uses the container's default | -| config | object | `{"HTTP":{"Listen":":4242"},"Metrics":{"Enabled":true}}` | config is a nested map of maps that generates the rstudio-pm.gcfg file | +| config | object | `{"HTTP":{"Listen":":4242"},"Metrics":{"Enabled":true}}` | config is a nested map of maps that generates the `rstudio-pm`.gcfg file | | enableMigration | bool | `true` | Enable migrations for shared storage (if necessary) using Helm hooks. | | enableSandboxing | bool | `true` | Enable sandboxing of Git builds, which requires elevated security privileges for the Package Manager container. | | extraContainers | list | `[]` | sidecar container list | @@ -190,7 +185,7 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | pod.annotations | object | `{}` | annotations is a map of keys / values that will be added as annotations to the pods | | pod.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":999,"seccompProfile":{"type":"{{ if .Values.enableSandboxing }}Unconfined{{ else }}RuntimeDefault{{ end }}"}}` | the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the main Package Manager container. Evaluated as a template. | | pod.env | list | `[]` | env is an array of maps that is injected as-is into the "env:" component of the pod.container spec | -| pod.labels | object | `{}` | Additional labels to add to the rstudio-pm pods | +| pod.labels | object | `{}` | Additional labels to add to the `rstudio-pm` pods | | pod.lifecycle | object | `{}` | Container [lifecycle hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/) | | pod.securityContext | object | `{}` | the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the pod | | pod.serviceAccountName | string | `""` | Deprecated, use `serviceAccount.name` instead | @@ -201,9 +196,9 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | priorityClassName | string | `""` | The pod's priorityClassName | | readinessProbe | object | `{"enabled":true,"failureThreshold":3,"httpGet":{"path":"/__ping__","port":4242},"initialDelaySeconds":3,"periodSeconds":3,"successThreshold":1,"timeoutSeconds":1}` | readinessProbe is used to configure the container's readinessProbe | | replicas | int | `1` | replicas is the number of replica pods to maintain for this service | -| resources | object | `{"limits":{"cpu":"2000m","enabled":false,"ephemeralStorage":"200Mi","memory":"4Gi"},"requests":{"cpu":"100m","enabled":false,"ephemeralStorage":"100Mi","memory":"2Gi"}}` | resources define requests and limits for the rstudio-pm pod | +| resources | object | `{"limits":{"cpu":"2000m","enabled":false,"ephemeralStorage":"200Mi","memory":"4Gi"},"requests":{"cpu":"100m","enabled":false,"ephemeralStorage":"100Mi","memory":"2Gi"}}` | resources define requests and limits for the `rstudio-pm` pod | | rootCheckIsFatal | bool | `true` | Whether the check for root accounts in the config file is fatal. This is meant to simplify migration to the new Helm chart version. | -| rstudioPMKey | bool | `false` | rstudioPMKey is the rstudio-pm key used for the RStudio Package Manager service | +| rstudioPMKey | bool | `false` | rstudioPMKey is the `rstudio-pm` key used for the RStudio Package Manager service | | service.annotations | object | `{}` | Annotations for the service, for example to specify [an internal load balancer](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer) | | service.clusterIP | string | `""` | The cluster-internal IP to use with `service.type` ClusterIP | | service.loadBalancerIP | string | `""` | The external IP to use with `service.type` LoadBalancer, when supported by the cloud provider | diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 79dfc3f9..a2053022 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -85,8 +85,7 @@ To function, this chart requires the following: This chart supports activating the product using a *license file*. -- We recommend *against* directly placing the license file in your values file. -- We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. +We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: @@ -105,7 +104,7 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -```bash +```{.bash} --set-file license.file.contents=licenses/rstudio-workbench.lic ``` @@ -126,7 +125,7 @@ Alternatively, license files can be set during `helm install` with the following These configuration values all take the form of usual Helm values so you can set the database password with similar to: -```bash +```{.bash} ... --set config.secret.database\.conf.password=mypassword ... ``` From dac609d115999a51ec053c1db74139a15bd307b4 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Tue, 14 May 2024 09:04:33 -0400 Subject: [PATCH 045/284] ppm examples --- examples/package-manager/container-images/custom-images.qmd | 2 +- examples/package-manager/container-images/private-images.qmd | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/package-manager/container-images/custom-images.qmd b/examples/package-manager/container-images/custom-images.qmd index ef765035..b8fbb38d 100644 --- a/examples/package-manager/container-images/custom-images.qmd +++ b/examples/package-manager/container-images/custom-images.qmd @@ -1,5 +1,5 @@ --- -category: "Container Images" +category: "Container images" --- # Configuring Posit Package Manager with Custom Container Images diff --git a/examples/package-manager/container-images/private-images.qmd b/examples/package-manager/container-images/private-images.qmd index 5f9dd663..112614eb 100644 --- a/examples/package-manager/container-images/private-images.qmd +++ b/examples/package-manager/container-images/private-images.qmd @@ -1,5 +1,5 @@ --- -category: "Container Images" +category: "Container images" --- # Configuring Posit Package Manager to Access Image Registries Requiring Authentication From 9ac8c932006b9d10f262c6fbbe22451aa51940ad Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Tue, 14 May 2024 09:12:29 -0400 Subject: [PATCH 046/284] standardizing the before you begin --- charts/rstudio-pm/README.md | 2 +- charts/rstudio-workbench/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 912d5039..c50854a6 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -19,7 +19,7 @@ To ensure a stable production deployment: This protects you from breaking changes. ::: -* Before upgrading check for breaking changes using `helm diff upgrade`. +* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. * Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. ## Installing the chart diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index a2053022..d533e169 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -22,7 +22,7 @@ To ensure a stable production deployment: This protects you from breaking changes. ::: -* Before upgrading check for breaking changes using `helm diff upgrade`. +* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. * Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. ## Installing the chart From 9e4be90bd1781a60d3cd99c1e4125b63d9fdde81 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Tue, 14 May 2024 10:07:20 -0400 Subject: [PATCH 047/284] Chronicle edits --- charts/posit-chronicle/README.md | 58 +++++++++++++++++--------------- 1 file changed, 30 insertions(+), 28 deletions(-) diff --git a/charts/posit-chronicle/README.md b/charts/posit-chronicle/README.md index fd9522a1..308f3f3d 100644 --- a/charts/posit-chronicle/README.md +++ b/charts/posit-chronicle/README.md @@ -8,40 +8,43 @@ Chronicle helps data science managers and other stakeholders understand their organization's use of other Posit products, primarily Posit Connect and Workbench. -## For Production +## For production -To ensure a stable production deployment, please: +To ensure a stable production deployment: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check - for breaking changes -* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +* "Pin" the version of the Helm chart that you are using. You can do this using the: + * `helm dependency` command *and* the associated "Chart.lock" files *or* + * the `--version` flag. + + ::: {.callout-important} + This protects you from breaking changes. + ::: -## Installing the Chart +* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. + +## Installing the chart To install the chart with the release name `my-release` at version 0.3.0: -```bash +```{.bash} helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/posit-chronicle --version=0.3.0 ``` To explore other chart versions, take a look at: -``` + +```{.bash} helm search repo rstudio/posit-chronicle -l ``` ## Usage This chart deploys only the Chronicle server and is meant to be used in tandem -with the Workbench and Connect charts. To actually send data to the server, you -will need to run the Chronicle agent as a sidecar container on your -Workbench or Connect server pods by setting `pod.sidecar` in their respective `values.yaml` files +with the Workbench and Connect charts. To send data to the server, run the Chronicle agent as a sidecar container on your +Workbench or Connect server pods by setting `pod.sidecar` in their respective `values.yaml` files. -Here is an example of Helm values to run the agent sidecar in **Workbench**, +Here is an example of Helm values to run the agent sidecar in *Workbench*, where we set up a shared volume between containers for audit logs: ```yaml @@ -65,7 +68,7 @@ pod: value: "http://chronicle-server.default" ``` -And here is an example of Helm values for Connect, where a **Connect** +Here is an example of Helm values for *Connect*, where a Connect API key from a Kubernetes Secret is used to unlock more detailed metrics: ```yaml @@ -83,7 +86,7 @@ pod: key: apikey ``` -Note that it is up to the user to provision this Kubernetes Secret for the +It is up to the user to provision this Kubernetes Secret for the Connect API key. ## Storage Configuration @@ -102,8 +105,7 @@ config: ``` `retentionPeriod` controls how long usage data are kept. For example, `"120m"` -for 120 minutes, `"36h"` for 36 hours, `14d` for two weeks, or `"0"` for unbounded retention. -(Units smaller than seconds or larger than days are not supported.) +for 120 minutes, `"36h"` for 36 hours, `14d` for two weeks, or `"0"` for unbounded retention (units smaller than seconds or larger than days are not supported). You can also persist data to AWS S3 instead of (or in addition to) local storage: @@ -116,7 +118,7 @@ config: Region: "us-east-2" ``` -### Using Iam for S3 +### Using IAM for S3 If you are running on EKS, you can use [IAM Roles for Service Accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) @@ -131,9 +133,9 @@ serviceaccount: eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here ``` -If you are unable to use IAM Roles for Service Accounts, there are any number of +If you are unable to use IAM Roles for Service Accounts, there are many alternatives for injecting AWS credentials into a container. As a fallback, -the S3 storage config allows specifying a profile: +the S3 storage `config` allows specifying a profile: ```yaml config: @@ -144,14 +146,14 @@ config: Region: "us-east-2" ``` -### Needed S3 Policy Permissions +### Needed S3 policy permissions The credentials Chronicle uses for S3 storage must have the following permissions enabled: -- `s3:GetObject` -- `s3:ListBucket` -- `s3:PutObject` -- `s3:DeleteObject` +* `s3:GetObject` +* `s3:ListBucket` +* `s3:PutObject` +* `s3:DeleteObject` ## Values From cf4025cc2fd6e8794d126eae15ef715e0c1c5e1b Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Tue, 14 May 2024 10:07:34 -0400 Subject: [PATCH 048/284] PPM edits --- charts/rstudio-pm/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index c50854a6..dd63295e 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -14,7 +14,7 @@ To ensure a stable production deployment: * "Pin" the version of the Helm chart that you are using. You can do this using the: * `helm dependency` command *and* the associated "Chart.lock" files *or* * the `--version` flag. - + ::: {.callout-important} This protects you from breaking changes. ::: From 131d374a050e5b3676358f259a96d023dc2df627 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Tue, 14 May 2024 10:42:19 -0400 Subject: [PATCH 049/284] trying to "fix" everything --- charts/_templates.gotmpl | 72 ++--- charts/posit-chronicle/README.md | 8 +- charts/rstudio-connect/README.md | 5 +- charts/rstudio-pm/README.md | 5 +- charts/rstudio-workbench/README.md.gotmpl | 317 +++++++++++----------- 5 files changed, 214 insertions(+), 193 deletions(-) diff --git a/charts/_templates.gotmpl b/charts/_templates.gotmpl index bce09a9a..dce4b93c 100644 --- a/charts/_templates.gotmpl +++ b/charts/_templates.gotmpl @@ -40,49 +40,59 @@ Workbench. {{- define "rstudio.disclaimer" }} -## For Production +## For production -To ensure a stable production deployment, please: +To ensure a stable production deployment: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check - for breaking changes -* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +## For production +To ensure a stable production deployment: + +* "Pin" the version of the Helm chart that you are using. You can do this using the: + * `helm dependency` command *and* the associated "Chart.lock" files *or* + * the `--version` flag. + + ::: {.callout-important} + This protects you from breaking changes. + ::: + +* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. {{- end }} {{- define "rstudio.best-practices" }} -## Best Practices +## Best practices Helm charts are very useful tools for deploying resources into Kubernetes, however, they do require some familiarity with kubernetes and `helm` itself. Please ensure you have adequate training and IT support before deploying these charts into production environments. Reach out to your account representative -if you need help deciding whether helm is a good choice for your deployment. +if you need help deciding whether Helm is a good choice for your deployment. To ensure reproducibility in your environment and insulate yourself from future changes, please: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use the `helm-diff` plugin and `helm diff upgrade` to check - for breaking changes -* Read [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +* "Pin" the version of the Helm chart that you are using. You can do + this using the: + * `helm dependency` command and the associated "Chart.lock" files _or_ + * the `--version` flag. + + :::{.callout-important} + This protects you from breaking changes** + ::: + +* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. {{- end }} {{- define "rstudio.install" }} {{- $isDev := (regexMatch "[0-9]+\\.[0-9]+\\.[0-9]+-[a-zA-Z\\.0-9]+" .Version) }} -## Installing the Chart +## Installing the chart To install the chart with the release name `my-release` at version {{ template "chart.version" . }}: -```bash +```{.bash} helm repo add rstudio https://helm.rstudio.com {{- if not $isDev }} helm upgrade --install my-release rstudio/{{ template "chart.name" . }} --version={{ template "chart.version" . }} @@ -95,7 +105,7 @@ helm upgrade --install --devel my-release rstudio/{{ template "chart.name" . }} {{- end }} ``` -To explore other chart versions, take a look at: +To explore other chart versions, look at: ``` helm search repo {{ if $isDev }}--devel {{ end }}rstudio/{{ template "chart.name" . }} -l ``` @@ -106,15 +116,15 @@ helm search repo {{ if $isDev }}--devel {{ end }}rstudio/{{ template "chart.name ## Licensing -This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. - -### License File +This chart supports activating the product using a *license file*. We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -`kubectl create secret generic {{ .Name }}-license --from-file=licenses/{{ .Name }}.lic` +```{.bash} +kubectl create secret generic {{ .Name }}-license --from-file=licenses/{{ .Name }}.lic +``` Second, specify the following values: @@ -127,15 +137,9 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -`--set-file license.file.contents=licenses/{{ .Name }}.lic` - -### License Key - -Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. - -### License Server - -Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. +```{.bash} +--set-file license.file.contents=licenses/{{ .Name }}.lic +``` {{- end }} diff --git a/charts/posit-chronicle/README.md b/charts/posit-chronicle/README.md index 308f3f3d..98feb64e 100644 --- a/charts/posit-chronicle/README.md +++ b/charts/posit-chronicle/README.md @@ -1,4 +1,7 @@ -# Posit Chronicle +--- +title: Posit Chronicle +code-overflow: wrap +--- ![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![AppVersion: 2024.03.0](https://img.shields.io/badge/AppVersion-2024.03.0-informational?style=flat-square) @@ -89,7 +92,7 @@ pod: It is up to the user to provision this Kubernetes Secret for the Connect API key. -## Storage Configuration +## Storage configuration Chronicle can be configured to persist data to a local Kubernetes Volume, AWS S3, or both. @@ -202,4 +205,3 @@ The credentials Chronicle uses for S3 storage must have the following permission ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) - diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index a06044aa..5c6812fb 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,4 +1,7 @@ -# Posit Connect +--- +title: Posit Connect +code-overflow: wrap +--- ![Version: 0.6.6](https://img.shields.io/badge/Version-0.6.6-informational?style=flat-square) ![AppVersion: 2024.04.1](https://img.shields.io/badge/AppVersion-2024.04.1-informational?style=flat-square) diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index dd63295e..d892ff66 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,4 +1,7 @@ -# Posit Package Manager +--- +title: Posit Package Manager +code-overflow: wrap +--- ![Version: 0.5.25](https://img.shields.io/badge/Version-0.5.25-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) diff --git a/charts/rstudio-workbench/README.md.gotmpl b/charts/rstudio-workbench/README.md.gotmpl index b6398432..de45d2d0 100644 --- a/charts/rstudio-workbench/README.md.gotmpl +++ b/charts/rstudio-workbench/README.md.gotmpl @@ -8,62 +8,65 @@ {{ template "rstudio.install" . }} -## Required Configuration +## Required configuration -This chart requires the following in order to function: +To function, this chart requires the following: -* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. +* A license file. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the home directory for users. - * If `homeStorage.create` is set, a PVC that relies on the default storage class will be created to generate the + * If `homeStorage.create` is set, it creates a Persistent Volume Claim (PVC) that relies on the default storage class to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use - with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend you disable `homeStorage.create` and - create your own `PersistentVolume` and `PersistentVolumeClaim`, then mount them into the container by specifying + with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend that you: + * Disable `homeStorage.create` and + create your own `PersistentVolume` and `PersistentVolumeClaim`, then + * Mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `homeStorage.name` and `homeStorage.mount`. - * If you cannot use a `PersistentVolume` to properly mount your users' home directories, you'll need to mount your + * If you cannot use a `PersistentVolume` to properly mount your users' home directories, mount your data in the container by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes/#nfs), specified in `pod.volumes` and `pod.volumeMounts`. - * If you cannot use a `Volume` to mount the directories, you'll need to manually mount them during container startup + * If you cannot use a `Volume` to mount the directories, manually mount them during container startup with a mechanism similar to what is described below for joining to auth domains. - * If not using `homeStorage.create`, you'll need to configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions. -* If using load balancing (by setting `replicas > 1`), you will need similar storage defined for `sharedStorage` to + * If not using `homeStorage.create`, configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions. +* If using load balancing (by setting `replicas > 1`), you need similar storage defined for `sharedStorage` to store shared project configuration. However, you can also configure the product to store its shared data underneath `/home` by setting `config.server.rserver\.conf.server-shared-storage-path=/home/some-shared-dir`. * A method to join the deployed `rstudio-workbench` container to your auth domain. The default `rstudio/rstudio-workbench` image has `sssd` installed and started by default. You can include `sssd` configuration in `config.userProvisioning` like so: -```yaml -config: - userProvisioning: - mysssd.conf: - sssd: - config_file_version: 2 - services: nss, pam - domains: rstudio.com - domain/rstudio.com: - id_provider: ldap - auth_provider: ldap -``` + ```yaml + config: + userProvisioning: + mysssd.conf: + sssd: + config_file_version: 2 + services: nss, pam + domains: rstudio.com + domain/rstudio.com: + id_provider: ldap + auth_provider: ldap + ``` {{ template "rstudio.licensing" . }} -## General Principles +## General principles + +## General principles - In most places, we opt to pass Helm values directly into ConfigMaps. We automatically translate these into the - valid `.ini` or `.dcf` file formats required by RStudio Workbench. Those config files and their mount locations are - below. -- If you need to modify the jobs launched by RStudio Workbench, you want to use `job-json-overrides`. There is a section on this below - and [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) - on the topic in general. -- The prestart scripts for RStudio Workbench and RStudio Launcher are highly customized to: - - Get the service account information off of the RStudio Workbench pod for use in launching jobs -- RStudio Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter - [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) + valid `.ini` or `.dcf` file formats required by Workbench. + - Those configuration files and their mount locations are covered in the [Configuration files](#configuration-files) section below. +- If you need to modify the jobs launched by Workbench, use `job-json-overrides`. + - Review the [Job Json overrides](#job-json-overrides) section on this below. For general information, see [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes). +- The prestart scripts for Workbench and Posit Job Launcher are highly customized to get the service account information off of the Workbench pod for use in launching jobs. +- Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter. + - This is described in the + [Monitoring Posit Team Using Prometheus and Graphite](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) support article. ## Configuration files -These configuration values all take the form of usual helm values +These configuration values all take the form of usual Helm values so you can set the database password with something like: ``` @@ -80,130 +83,133 @@ config: ``` The names of files are dynamically used, so you can add new files as needed. Beware that some files have default values, -so moving them can have adverse effects. Also, if you use a different mounting paradigm, you will need to change -the `XDG_CONFIG_DIRS` environment variable +so moving them can have adverse effects. Also, if you use a different mounting paradigm, you need to change +the `XDG_CONFIG_DIRS` environment variable. - Session Configuration - These configuration files are mounted into the server and - are mounted into the session pods as well. + are mounted into the session pods. - `repos.conf`, `rsession.conf`, `notifications.conf` - - located in the `config.session.<< name of file >>` helm values - - mounted at `/mnt/session-configmap/rstudio/` -- Session Secret Configuration - - These configuration files are mounted into the server and session pods as well - - `odbc.ini` and other similar shared secrets - - located in `config.sessionSecret.<< name of file>>` helm values - - mounted at `/mnt/session-secret/` -- Secret Configuration - - These configuration files are mounted into the server with more restrictive permissions (0600) + - Located in:
      `config.session.<< name of file >>` Helm values + - Mounted at:
      `/mnt/session-configmap/rstudio/` +- Session Secret Configuration: + - These configuration files are mounted into the server and session pods. + - `odbc.ini` and other similar shared secrets. + - Located in:
      `config.sessionSecret.<< name of file>>` Helm values + - Mounted at:
      `/mnt/session-secret/` +- Secret Configuration: + - These configuration files are mounted into the server with more restrictive permissions (0600). - `database.conf`, `openid-client-secret`, `databricks.conf` - - They are located in the `config.secret.<< name of file >>` helm values - - mounted at `/mnt/secret-configmap/rstudio/` -- Server Configuration - - These configuration files are mounted into the server (.ini file format) + - Located in:
      `config.secret.<< name of file >>` Helm values + - Mounted at:
      `/mnt/secret-configmap/rstudio/` +- Server Configuration: + - These configuration files are mounted into the server (.ini file format). - `rserver.conf`, `launcher.conf`, `jupyter.conf`, `logging.conf` - - They are located at `config.server.<< name of file >>` helm values - - mounted at `/mnt/configmap/rstudio/` -- Server DCF Configuration - - These configuration files are mounted into the server (.dcf file format) + - Located at:
      `config.server.<< name of file >>` Helm values + - Mounted at:
      `/mnt/configmap/rstudio/` +- Server DCF Configuration: + - These configuration files are mounted into the server (.dcf file format). - `launcher-mounts`, `launcher-env` - - They are located at `config.serverDcf.<< name of file >>` helm values - - included at `/mnt/configmap/rstudio/` -- Profiles Configuration - - These configuration files are mounted into the server (.ini file format) + - Located at:
      `config.serverDcf.<< name of file >>` Helm values + - Included at:
      `/mnt/configmap/rstudio/` +- Profiles Configuration: + - These configuration files are mounted into the server (.ini file format). - `launcher.kubernetes.profiles.conf` - - They are located at `config.profiles.<< name of file >>` helm values - - included at `/mnt/configmap/rstudio/` - - See the `Profiles` section below for more information -- Prestart - - This is provided by the helm chart in a configmap - - It is mounted into the pod at `/scripts/` - - `prestart-workbench.bash` is used to start workbench - - `prestart-launcher.bash` is used to start launcher -- User Provisioning Configuration - - These configuration files are used for configuring user provisioning (i.e. `sssd`) - - Located at `config.userProvisioning.<< name of file >>` helm values - - Mounted onto `/etc/sssd/conf.d/` with `0600` permissions by default -- Custom Startup Configuration - - `supervisord` service / unit definition `.conf` files - - Located at `config.startupCustom.<< name of file >>` helm values - - Will use the `.ini` file format, by default - - Mounted at `/startup/custom` - - As with all config files above, can override with a verbatim string if desired, like so: -```yaml -config: - startupCustom: - myfile.conf: | - file-used-verbatim -``` -- PAM configuration - - `pam` configuration files - - Located at `config.pam.<< name of file >>` helm values - - Will be mounted verbatim as individual files (using `subPath` mounts) at `/etc/pam.d/<< name of file >>` + - They are located at `config.profiles.<< name of file >>` Helm values + - Included at:
      `/mnt/configmap/rstudio/` + - See the [Profiles](#rstudio-profiles) section below for more information. +- Prestart: + - This is provided by the Helm chart in a configmap. + - It is mounted into the pod at `/scripts/`. + - `prestart-workbench.bash` is used to start workbench. + - `prestart-launcher.bash` is used to start launcher. +- User Provisioning Configuration: + - These configuration files are used for configuring user provisioning (i.e., `sssd`). + - Located at:
      `config.userProvisioning.<< name of file >>` Helm values + - Mounted onto:
      `/etc/sssd/conf.d/` with `0600` permissions by default. +- Custom Startup Configuration: + - `supervisord` service / unit definition `.conf` files. + - Use the `.ini` file format by default. + - Mounted at:
      `/startup/custom` + - As with all configuration files above, you can override with a verbatim string if desired: + - Located at:
      `config.startupCustom.<< name of file >>` Helm values: + ```yaml + config: + startupCustom: + myfile.conf: | + file-used-verbatim + ``` +- PAM configuration: + - `pam` configuration files. + - Located at:
      `config.pam.<< name of file >>` Helm values + - Mounted verbatim as individual files (using `subPath` mounts) at:
      `/etc/pam.d/<< name of file >>` -### Configuring R and Python repositories - -#### R repositories +#### Python repositories -R package repositories can be configured with `config.session.repos.conf`. +pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mounted into the session pods, it is important that: -``` -config: - session: - repos.conf: - CRAN: https://packagemanager.posit.co/cran/__linux__/jammy/latest -``` +- `launcher.useTemplates: true` is set +- `pip.conf` settings are listed under `config.session` as shown in the following example for adding Posit Public Package Manager's PyPI: -For more information about configuring CRAN repositories in Workbench refer to the [Admin Guide](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories). + ```yaml + launcher: + useTemplates: true -#### Python repositories + config: + session: + pip.conf: + "global": + index-url: https://packagemanager.posit.co/pypi/latest/simple + trusted-host: packagemanager.posit.co + ``` -pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mounted into the session pods it is important that `launcher.useTemplates: true` is set and `pip.conf` settings are listed under `config.session` like in the example below for adding Posit Public Package Manager's PyPI. +#### R repositories -``` -launcher: - useTemplates: true +R package repositories can be configured with `config.session.repos.conf`: +```yaml config: session: - pip.conf: - "global": - index-url: https://packagemanager.posit.co/pypi/latest/simple - trusted-host: packagemanager.posit.co + repos.conf: + CRAN: https://packagemanager.posit.co/cran/__linux__/jammy/latest ``` -## User Provisioning +For more information about configuring CRAN repositories in Workbench, see the [Posit Workbench Administrator Guide's - Package Installation > CRAN repositories](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories) section. + +## User provisioning -Provisioning users in RStudio Workbench containers is challenging. Session images have users created automatically (with -consistent UIDs / GIDs), but creating users in the Workbench containers is a responsibility that falls to the -administrator today. +Provisioning users in Workbench containers is challenging. Session images create users automatically (with +consistent UIDs / GIDs). However, creating users in the Workbench containers is a responsibility that falls to the +administrator. The most common way to provision users is via `sssd`. -The [latest RStudio Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) +The [latest Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) has `sssd` included and running by default (see `userProvisioning` configuration files above). -The other way that this can be managed is via a lightweight "startup service" (runs once at startup and then sleeps forever) +The other way that this can be managed is via a lightweight startup service (runs once at startup and then sleeps forever) or a polling service (checks at regular intervals). Either can be written easily in `bash` or another programming language. -However, it is important to be careful of a few points: -- UID / GID consistency: linux usernames and their matching to UID/GID must be consistent across all nodes and across - time. Failing this can cause security issues and access by some users to files they should not be allowed to see -- usernames cannot have `@`. The `@` sign (often used in emails with SSO) is a problem for RStudio Workbench because - some operating systems disallow `@` signs in linux usernames -- `supervisord` is configured by default to exit if any of its child processes exit. If you use `config.startupCustom` - to configure a user management service, be careful that it does not exit unnecessarily +However, it is important to use caution for the following: -We do not provide such a service out of the box because we intend for RStudio Workbench to solve this problem in a -future release. Please get in touch with your account representative if you have feedback or questions about this +- UID / GID consistency: + - Linux usernames and their matching to UID/GID must be consistent across all nodes and across time. + - Failing can cause security issues and access by some users to access view they should not be allowed to see. +- Usernames cannot have `@`. + - The `@` sign (often used in emails with SSO) is a problem for Workbench because some operating systems disallow `@` signs in linux usernames. +- `supervisord` is configured by default to exit if any of its child processes exit. + - If you use `config.startupCustom` to configure a user management service, be careful that it does not exit unnecessarily. + +We do not provide such a service out-of-the box because we intend for Workbench to solve this problem in a +future release. Please contact your account representative if you have feedback or questions about this workflow. ### PAM -When starting sessions on RStudio Workbench, PAM configuration is often very important, even if PAM is not being used as -an authentication mechanism. The RStudio Workbench helm chart allows creating custom PAM files via the `config.pam` +When starting sessions on Workbench, PAM configuration is often very important, even if PAM is not being used as +an authentication mechanism. The Workbench Helm chart allows creating custom PAM files via the `config.pam` values section. -Each key under `config.pam` will become a PAM config file, and will be mounted into `/etc/pam.d/` in the container. For +Each key under `config.pam` becomes a PAM configuration file, and is mounted into `/etc/pam.d/` in the container. For example: ```yaml @@ -217,23 +223,23 @@ config: # will be used verbatim ``` -## RStudio Profiles +## RStudio profiles Profiles are used to define product behavior (in `.ini` file format) based on user and group membership. Sections define whether a set of configurations is applied to a user's jobs based on the following criteria: -- if section header is `[*]`, it applies to all users -- if a user's username is `myusername`, the section `[myusername]` will apply to them -- if a user is in the `allusers` group, then the section `[@allusers]` will apply to them +- If section header is `[*]`, it applies to all users. +- If a user's username is `myusername`, the section `[myusername]` applies to them. +- If a user is in the `allusers` group, then the section `[@allusers]` applies to them The product reads configuration from top to bottom and "last-in-wins" for a given configuration value. ### `/etc/rstudio/profiles` -The `/etc/rstudio/profiles` file enables you to tailor the behavior of sessions on a per-user or per-group basis. See the Workbench Admin Guide [User and Group Profiles](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.html) page for more details. +The `/etc/rstudio/profiles` file enables you to tailor the behavior of sessions on a per-user or per-group basis. See the [Posit Workbench Administrator Guide - User and Group Profiles](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.html) page for more information. -In the `values.yaml`, the content of `/etc/rstudio/profiles` should be defined in `config.server.profiles`. For example: +In the `values.yaml`, define the content of `/etc/rstudio/profiles` in `config.server.profiles`. For example: ```yaml config: @@ -256,17 +262,17 @@ session-timeout-minutes=60 ### `/etc/rstudio/launcher.kubernetes.profiles.conf` -The `/etc/rstudio/launcher.kubernetes.profiles.conf` contains the configuration of resource limits by user and group when using the Kubernetes Launcher Plugin. In the `values.yaml`, the content of `/etc/rstudio/launcher.kubernetes.profiles.conf ` should be defined in `config.profiles.launcher.kubernetes.profiles.conf`. The `config.profiles` section has a couple of niceties that are added in by default. +The `/etc/rstudio/launcher.kubernetes.profiles.conf` contains the configuration of resource limits by user and group when using the Kubernetes Launcher Plugin. In the `values.yaml`, define the content of `/etc/rstudio/launcher.kubernetes.profiles.conf ` in the `config.profiles.launcher.kubernetes.profiles.conf` file. The `config.profiles` section has a couple of niceties that are added in by default. -- YAML arrays like the following will be "comma-joined." For instance, the following will become: `some-key=value1,value2` +- YAML arrays like the following becomes "comma-joined." For instance, the following becomes: `some-key=value1,value2` -```yaml -some-key: - - value1 - - value2 -``` + ```yaml + some-key: + - value1 + - value2 + ``` -- The `[*]` section will have arrays "appended" to user and group sections, along with "defaults" defined by the chart. +- The `[*]` section has arrays "appended" to user and group sections, along with "defaults" defined by the chart. For example: @@ -283,6 +289,7 @@ config: - value4 - value5 ``` + Becomes: _/etc/rstudio/launcher.kubernetes.profiles.conf_ @@ -294,23 +301,24 @@ some-key: value1,value2 some-key: value1,value2,value3,value4 ``` -> NOTE: this appending/concatenation/array translation behavior only works with the helm chart +:::{.callout-note} +This appending/concatenation/array translation behavior only works with the helm chart. +::: -### Job Json Overrides +### Job Json overrides -If you want to customize the job launch process (i.e. how sessions are defined), you will need to edit the following -configuration: - - modify `config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` - - create an array of maps with the following keys: - - `target`: the "target" part of the job spec to replace - - `name`: a unique identifier (ideally with no spaces) that will become a config filename on disk - - `json`: a YAML value that will be translated directly to JSON and injected into the job spec at `target` +If you want to customize the job launch process (i.e., how sessions are defined), edit the following configuration: -Note that several examples are provided -in [this support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) -(however, examples do not use the helm chart syntax there). +- Modify: + ```yaml + config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` + ``` +- Create an array of maps with the following keys: + - `target`: The "target" part of the job spec to replace. + - `name`: A unique identifier (ideally with no spaces) becomes a configuration filename on disk. + - `json`: A YAML value that is translated directly to JSON and injected into the job spec at `target`. -Alternatively, you can explore the docs in the [helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md) +Explore the docs in the [Helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md) for additional information. ```yaml config: @@ -330,10 +338,11 @@ config: - "two-image:tag ``` -## Sealed Secrets -This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. +## Sealed secrets + +This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via Helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. -To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted. The chart does not support mixing encrypted values with unencrypted values. +To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted (the chart does not support mixing encrypted values with unencrypted values): - `config.secret` - `config.sessionSecret` @@ -341,7 +350,7 @@ To activate the use of `SealedSecret` templates instead of `Secret` templates in - `launcherPem` - `secureCookieKey` (or `global.secureCookieKey`) -Use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key which can be generated via an RSA tool such as helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID which can be generated via a UUID generator such as helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. +Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key, which can be generated via an RSA tool such as Helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID, which can be generated via a UUID generator such as Helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. {{ template "chart.valuesSection" . }} From ba364dc914fa53aa5c97e5c2238d95980d24619d Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 14 May 2024 12:59:51 +0000 Subject: [PATCH 050/284] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 83 ++++--- charts/rstudio-pm/README.md | 93 +++---- charts/rstudio-workbench/README.md | 376 ++++++++++++++--------------- 3 files changed, 271 insertions(+), 281 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 5c6812fb..8a04dbf9 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -5,73 +5,66 @@ code-overflow: wrap ![Version: 0.6.6](https://img.shields.io/badge/Version-0.6.6-informational?style=flat-square) ![AppVersion: 2024.04.1](https://img.shields.io/badge/AppVersion-2024.04.1-informational?style=flat-square) -#### _Official Helm chart for Posit Connect_ +#### _Official Helm chart for RStudio Connect_ Business Users and Collaborators use R and Python data products on [Posit Connect](https://posit.co/products/enterprise/connect/) that are published by Data Scientists. -## Best practices +## Best Practices Helm charts are very useful tools for deploying resources into Kubernetes, however, they do require some familiarity with kubernetes and `helm` itself. Please ensure you have adequate training and IT support before deploying these charts into production environments. Reach out to your account representative -if you need help deciding whether Helm is a good choice for your deployment. +if you need help deciding whether helm is a good choice for your deployment. To ensure reproducibility in your environment and insulate yourself from future changes, please: -* "Pin" the version of the Helm chart that you are using. You can do - this using the: - * `helm dependency` command and the associated "Chart.lock" files _or_ - * the `--version` flag. +* Ensure you "pin" the version of the Helm chart that you are using. You can do + this using the `helm dependency` command and the associated "Chart.lock" files + or the `--version` flag. **IMPORTANT: This protects you from breaking changes** +* Before upgrading, to avoid breaking changes, use the `helm-diff` plugin and `helm diff upgrade` to check + for breaking changes +* Read [`NEWS.md`](./NEWS.md) for updates on breaking + changes, as well as documentation below on how to use the chart - :::{.callout-important} - This protects you from breaking changes** - ::: - -* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. -* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. - -## Installing the chart +## Installing the Chart To install the chart with the release name `my-release` at version 0.6.6: -```{.bash} +```bash helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/rstudio-connect --version=0.6.6 ``` To explore other chart versions, take a look at: - -```{.bash} +``` helm search repo rstudio/rstudio-connect -l ``` -## Required configuration +## Required Configuration -To function, this chart requires the following: +This chart requires the following in order to function: -* A license file. See the [Licensing](#licensing) section below for more details. +* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the data directory for Connect. - * If `sharedStorage.create` is set, a Persistent Volume Claim (PVC) that relies on the default storage class will be created to generate the PersistentVolume. + * If `sharedStorage.create` is set, a PVC that relies on the default storage class will be created to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use with `ReadWriteMany` access mode out-of-the-box. - In this case, we recommend you: - * Disable `sharedStorage.create` and create your own `PersistentVolume` and `PersistentVolumeClaim`, then - * Mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `sharedStorage.name` and `sharedStorage.mount`. - * If you cannot use a `PersistentVolume` to properly mount your users' home directories, mount your - data in the container by using a - regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes/#nfs), specified in `pod.volumes` - and `pod.volumeMounts`. + In this case, we recommend you disable `sharedStorage.create` and create your own `PersistentVolume` and `PersistentVolumeClaim`, then + mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `sharedStorage.name` and `sharedStorage.mount`. + * If you cannot use a `PersistentVolume` to properly mount your data directory, you'll need to mount your data in the container + by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes), specified in `pod.volumes` and `pod.volumeMounts`. ## Licensing -This chart supports activating the product using a *license file*. +This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. + +### License File We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -```{.bash} -kubectl create secret generic rstudio-connect-license --from-file=licenses/rstudio-connect.lic +`kubectl create secret generic rstudio-connect-license --from-file=licenses/rstudio-connect.lic` Second, specify the following values: @@ -84,23 +77,29 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -```{.bash} ---set-file license.file.contents=licenses/rstudio-connect.lic -``` +`--set-file license.file.contents=licenses/rstudio-connect.lic` -## General principles +### License Key -- In most places, we opt to pass Helm values over ConfigMaps. We translate these into the valid `.gcfg` file format -required by `rstudio-connect`. -- `rstudio-connect` does not export many prometheus metrics on its own. Instead, we run a sidecar graphite exporter +Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. + +### License Server + +Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. + +## General Principles + +- In most places, we opt to pass helm values over configmaps. We translate these into the valid `.gcfg` file format +required by rstudio-connect. +- rstudio-connect does not export many prometheus metrics on its own. Instead, we run a sidecar graphite exporter [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) -## Configuration file +## Configuration File -The configuration values all take the form of usual Helm values +The configuration values all take the form of usual helm values so you can set the database password with something like: -```{.bash} +``` ... --set config.Postgres.Password=mypassword ... ``` diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index d892ff66..9fcaca95 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -5,55 +5,50 @@ code-overflow: wrap ![Version: 0.5.25](https://img.shields.io/badge/Version-0.5.25-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) -#### _Official Helm chart for Posit Package Manager_ +#### _Official Helm chart for RStudio Package Manager_ IT Administrators use [Posit Package Manager](https://posit.co/products/enterprise/package-manager/) to control and manage R and Python packages that Data Scientists need to create and share data products. -## For production +## For Production -To ensure a stable production deployment: +To ensure a stable production deployment, please: -* "Pin" the version of the Helm chart that you are using. You can do this using the: - * `helm dependency` command *and* the associated "Chart.lock" files *or* - * the `--version` flag. +* Ensure you "pin" the version of the Helm chart that you are using. You can do + this using the `helm dependency` command and the associated "Chart.lock" files + or the `--version` flag. **IMPORTANT: This protects you from breaking changes** +* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check + for breaking changes +* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking + changes, as well as documentation below on how to use the chart - ::: {.callout-important} - This protects you from breaking changes. - ::: - -* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. -* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. - -## Installing the chart +## Installing the Chart To install the chart with the release name `my-release` at version 0.5.25: -```{.bash} +```bash helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.25 ``` To explore other chart versions, take a look at: - -```{.bash} +``` helm search repo rstudio/rstudio-pm -l ``` -## Upgrade guidance +## Upgrade Guidance ### 0.4.0 -* When upgrading to version 0.4.0 or later, the Package Manager service moves from running as `root` to running as - the `rstudio-pm` user (with `uid:gid` `999:999`) -* A `chown` of persistent storage may be required. The issue has been recorded and the team is working to implement an automatic fix. - * To disable an automatic fixup / hook, set `enableMigrations=false`. +- When upgrading to version 0.4.0 or later, the Package Manager service moves from running as `root` to running as + the `rstudio-pm` user (with `uid:gid` `999:999`). A `chown` of persistent storage may be required. We will try to + fix this up automatically. Set `enableMigrations=false` to disable the automatic fixup / hook. -## Required configuration +## Required Configuration This chart requires the following in order to function: -* A license file. See the [Licensing](#licensing) section below for more details. +* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the data directory for RSPM. * If `sharedStorage.create` is set, a PVC that relies on the default storage class will be created to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use with `ReadWriteMany` access mode out-of-the-box. @@ -65,16 +60,15 @@ This chart requires the following in order to function: ## Licensing -This chart supports activating the product using a *license file*. +This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. +### License File -- We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. +We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -```{.bash} -kubectl create secret generic rstudio-pm-license --from-file=licenses/rstudio-pm.lic -``` +`kubectl create secret generic rstudio-pm-license --from-file=licenses/rstudio-pm.lic` Second, specify the following values: @@ -87,11 +81,17 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -```{.bash} ---set-file license.file.contents=licenses/rstudio-pm.lic -``` +`--set-file license.file.contents=licenses/rstudio-pm.lic` -## S3 configuration +### License Key + +Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. + +### License Server + +Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. + +## S3 Configuration Package Manager [can be configured to store its data in S3 buckets](https://docs.rstudio.com/rspm/admin/files-directories/#data-destinations), @@ -129,20 +129,20 @@ awsAccessKeyId: your-access-key-id awsSecretAccessKey: your-secret-access-key ``` -Consider that static, long-lived credentials are the least secure option and +Bear in mind that static, long-lived credentials are the least secure option and should be avoided if at all possible. -## General principles +## General Principles -In most places, we opt to pass Helm values over ConfigMaps. We translate these into the valid `.gcfg` file format -required by `rstudio-pm`. +- In most places, we opt to pass helm values over configmaps. We translate these into the valid `.gcfg` file format +required by rstudio-pm. -## Configuration file +## Configuration File -The configuration values all take the form of usual Helm values +The configuration values all take the form of usual helm values so you can set the database password with something like: -```{.bash} +``` ... --set config.Postgres.Password=mypassword ... ``` @@ -157,7 +157,7 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | awsAccessKeyId | bool | `false` | awsAccessKeyId is the access key id for s3 access, used also to gate file creation | | awsSecretAccessKey | string | `nil` | awsSecretAccessKey is the secret access key, needs to be filled if access_key_id is | | command | bool | `false` | command is the pod's run command. By default, it uses the container's default | -| config | object | `{"HTTP":{"Listen":":4242"},"Metrics":{"Enabled":true}}` | config is a nested map of maps that generates the `rstudio-pm`.gcfg file | +| config | object | `{"HTTP":{"Listen":":4242"},"Metrics":{"Enabled":true}}` | config is a nested map of maps that generates the rstudio-pm.gcfg file | | enableMigration | bool | `true` | Enable migrations for shared storage (if necessary) using Helm hooks. | | enableSandboxing | bool | `true` | Enable sandboxing of Git builds, which requires elevated security privileges for the Package Manager container. | | extraContainers | list | `[]` | sidecar container list | @@ -188,7 +188,7 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | pod.annotations | object | `{}` | annotations is a map of keys / values that will be added as annotations to the pods | | pod.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":999,"seccompProfile":{"type":"{{ if .Values.enableSandboxing }}Unconfined{{ else }}RuntimeDefault{{ end }}"}}` | the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the main Package Manager container. Evaluated as a template. | | pod.env | list | `[]` | env is an array of maps that is injected as-is into the "env:" component of the pod.container spec | -| pod.labels | object | `{}` | Additional labels to add to the `rstudio-pm` pods | +| pod.labels | object | `{}` | Additional labels to add to the rstudio-pm pods | | pod.lifecycle | object | `{}` | Container [lifecycle hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/) | | pod.securityContext | object | `{}` | the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the pod | | pod.serviceAccountName | string | `""` | Deprecated, use `serviceAccount.name` instead | @@ -199,9 +199,9 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | priorityClassName | string | `""` | The pod's priorityClassName | | readinessProbe | object | `{"enabled":true,"failureThreshold":3,"httpGet":{"path":"/__ping__","port":4242},"initialDelaySeconds":3,"periodSeconds":3,"successThreshold":1,"timeoutSeconds":1}` | readinessProbe is used to configure the container's readinessProbe | | replicas | int | `1` | replicas is the number of replica pods to maintain for this service | -| resources | object | `{"limits":{"cpu":"2000m","enabled":false,"ephemeralStorage":"200Mi","memory":"4Gi"},"requests":{"cpu":"100m","enabled":false,"ephemeralStorage":"100Mi","memory":"2Gi"}}` | resources define requests and limits for the `rstudio-pm` pod | -| rootCheckIsFatal | bool | `true` | Whether the check for root accounts in the config file is fatal. This is meant to simplify migration to the new Helm chart version. | -| rstudioPMKey | bool | `false` | rstudioPMKey is the `rstudio-pm` key used for the RStudio Package Manager service | +| resources | object | `{"limits":{"cpu":"2000m","enabled":false,"ephemeralStorage":"200Mi","memory":"4Gi"},"requests":{"cpu":"100m","enabled":false,"ephemeralStorage":"100Mi","memory":"2Gi"}}` | resources define requests and limits for the rstudio-pm pod | +| rootCheckIsFatal | bool | `true` | Whether the check for root accounts in the config file is fatal. This is meant to simplify migration to the new helm chart version. | +| rstudioPMKey | bool | `false` | rstudioPMKey is the rstudio-pm key used for the RStudio Package Manager service | | service.annotations | object | `{}` | Annotations for the service, for example to specify [an internal load balancer](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer) | | service.clusterIP | string | `""` | The cluster-internal IP to use with `service.type` ClusterIP | | service.loadBalancerIP | string | `""` | The external IP to use with `service.type` LoadBalancer, when supported by the cloud provider | @@ -230,7 +230,8 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | strategy | object | `{"rollingUpdate":{"maxSurge":"100%","maxUnavailable":0},"type":"RollingUpdate"}` | The update strategy used by the main service pod. | | tolerations | list | `[]` | An array used verbatim as the pod's "tolerations" definition | | topologySpreadConstraints | list | `[]` | An array used verbatim as the pod's "topologySpreadConstraints" definition | -| versionOverride | string | `""` | A Package Manager version to override the "tag" for the Posit Package Manager image. Necessary until https://github.com/helm/helm/issues/8194 | +| versionOverride | string | `""` | A Package Manager version to override the "tag" for the RStudio Package Manager image. Necessary until https://github.com/helm/helm/issues/8194 | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) + diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index d533e169..9cda63d7 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,31 +1,25 @@ ---- -title: Posit Workbench -code-overflow: wrap ---- +# Posit Workbench ![Version: 0.7.3](https://img.shields.io/badge/Version-0.7.3-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) -#### _Official Helm chart for Posit Workbench_ +#### _Official Helm chart for RStudio Workbench_ Data Scientists use [Posit Workbench](https://posit.co/products/enterprise/workbench/) to analyze data and create data products using R and Python. -## For production +## For Production -To ensure a stable production deployment: +To ensure a stable production deployment, please: -* "Pin" the version of the Helm chart that you are using. You can do this using the: - * `helm dependency` command *and* the associated "Chart.lock" files *or* - * the `--version` flag. - - ::: {.callout-important} - This protects you from breaking changes. - ::: +* Ensure you "pin" the version of the Helm chart that you are using. You can do + this using the `helm dependency` command and the associated "Chart.lock" files + or the `--version` flag. **IMPORTANT: This protects you from breaking changes** +* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check + for breaking changes +* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking + changes, as well as documentation below on how to use the chart -* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. -* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. - -## Installing the chart +## Installing the Chart To install the chart with the release name `my-release` at version 0.7.3: @@ -35,63 +29,59 @@ helm upgrade --install my-release rstudio/rstudio-workbench --version=0.7.3 ``` To explore other chart versions, take a look at: - -```bash +``` helm search repo rstudio/rstudio-workbench -l ``` -## Required configuration +## Required Configuration -To function, this chart requires the following: +This chart requires the following in order to function: -* A license file. See the [Licensing](#licensing) section below for more details. +* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the home directory for users. - * If `homeStorage.create` is set, it creates a Persistent Volume Claim (PVC) that relies on the default storage class to generate the + * If `homeStorage.create` is set, a PVC that relies on the default storage class will be created to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use - with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend that you: - * Disable `homeStorage.create` and - create your own `PersistentVolume` and `PersistentVolumeClaim`, then - * Mount them into the container by specifying + with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend you disable `homeStorage.create` and + create your own `PersistentVolume` and `PersistentVolumeClaim`, then mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `homeStorage.name` and `homeStorage.mount`. - * If you cannot use a `PersistentVolume` to properly mount your users' home directories, mount your + * If you cannot use a `PersistentVolume` to properly mount your users' home directories, you'll need to mount your data in the container by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes/#nfs), specified in `pod.volumes` and `pod.volumeMounts`. - * If you cannot use a `Volume` to mount the directories, manually mount them during container startup + * If you cannot use a `Volume` to mount the directories, you'll need to manually mount them during container startup with a mechanism similar to what is described below for joining to auth domains. - * If not using `homeStorage.create`, configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions. -* If using load balancing (by setting `replicas > 1`), you need similar storage defined for `sharedStorage` to + * If not using `homeStorage.create`, you'll need to configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions. +* If using load balancing (by setting `replicas > 1`), you will need similar storage defined for `sharedStorage` to store shared project configuration. However, you can also configure the product to store its shared data underneath `/home` by setting `config.server.rserver\.conf.server-shared-storage-path=/home/some-shared-dir`. * A method to join the deployed `rstudio-workbench` container to your auth domain. The default `rstudio/rstudio-workbench` image has `sssd` installed and started by default. You can include `sssd` configuration in `config.userProvisioning` like so: - - ```yaml - config: - userProvisioning: - mysssd.conf: - sssd: - config_file_version: 2 - services: nss, pam - domains: rstudio.com - domain/rstudio.com: - id_provider: ldap - auth_provider: ldap - ``` +```yaml +config: + userProvisioning: + mysssd.conf: + sssd: + config_file_version: 2 + services: nss, pam + domains: rstudio.com + domain/rstudio.com: + id_provider: ldap + auth_provider: ldap +``` ## Licensing -This chart supports activating the product using a *license file*. +This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. + +### License File We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -```{.bash} -kubectl create secret generic rstudio-workbench-license --from-file=licenses/rstudio-workbench.lic -``` +`kubectl create secret generic rstudio-workbench-license --from-file=licenses/rstudio-workbench.lic` Second, specify the following values: @@ -104,32 +94,39 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -```{.bash} ---set-file license.file.contents=licenses/rstudio-workbench.lic -``` +`--set-file license.file.contents=licenses/rstudio-workbench.lic` -## General principles +### License Key + +Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. + +### License Server + +Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. + +## General Principles - In most places, we opt to pass Helm values directly into ConfigMaps. We automatically translate these into the - valid `.ini` or `.dcf` file formats required by Workbench. - - Those configuration files and their mount locations are covered in the [Configuration files](#configuration-files) section below. -- If you need to modify the jobs launched by Workbench, use `job-json-overrides`. - - Review the [Job Json overrides](#job-json-overrides) section on this below. For general information, see [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes). -- The prestart scripts for Workbench and Posit Job Launcher are highly customized to get the service account information off of the Workbench pod for use in launching jobs. -- Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter. - - This is described in the - [Monitoring Posit Team Using Prometheus and Graphite](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) support article. + valid `.ini` or `.dcf` file formats required by RStudio Workbench. Those config files and their mount locations are + below. +- If you need to modify the jobs launched by RStudio Workbench, you want to use `job-json-overrides`. There is a section on this below + and [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) + on the topic in general. +- The prestart scripts for RStudio Workbench and RStudio Launcher are highly customized to: + - Get the service account information off of the RStudio Workbench pod for use in launching jobs +- RStudio Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter + [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) ## Configuration files -These configuration values all take the form of usual Helm values -so you can set the database password with similar to: +These configuration values all take the form of usual helm values +so you can set the database password with something like: -```{.bash} +``` ... --set config.secret.database\.conf.password=mypassword ... ``` -The files are converted into configuration files, in the required format, via go-templating. If you want to "in-line" a configuration file or mount it verbatim, you can use a pattern like: +The files are converted into configuration files in the necessary format via go-templating. If you want to "in-line" a config file or mount it verbatim, you can use a pattern like: ```yaml config: @@ -139,135 +136,130 @@ config: ``` The names of files are dynamically used, so you can add new files as needed. Beware that some files have default values, -so moving them can have adverse effects. Also, if you use a different mounting paradigm, you need to change -the `XDG_CONFIG_DIRS` environment variable. +so moving them can have adverse effects. Also, if you use a different mounting paradigm, you will need to change +the `XDG_CONFIG_DIRS` environment variable - Session Configuration - These configuration files are mounted into the server and - are mounted into the session pods. + are mounted into the session pods as well. - `repos.conf`, `rsession.conf`, `notifications.conf` - - Located in:
      `config.session.<< name of file >>` Helm values - - Mounted at:
      `/mnt/session-configmap/rstudio/` -- Session Secret Configuration: - - These configuration files are mounted into the server and session pods. - - `odbc.ini` and other similar shared secrets. - - Located in:
      `config.sessionSecret.<< name of file>>` Helm values - - Mounted at:
      `/mnt/session-secret/` -- Secret Configuration: - - These configuration files are mounted into the server with more restrictive permissions (0600). + - located in the `config.session.<< name of file >>` helm values + - mounted at `/mnt/session-configmap/rstudio/` +- Session Secret Configuration + - These configuration files are mounted into the server and session pods as well + - `odbc.ini` and other similar shared secrets + - located in `config.sessionSecret.<< name of file>>` helm values + - mounted at `/mnt/session-secret/` +- Secret Configuration + - These configuration files are mounted into the server with more restrictive permissions (0600) - `database.conf`, `openid-client-secret`, `databricks.conf` - - Located in:
      `config.secret.<< name of file >>` Helm values - - Mounted at:
      `/mnt/secret-configmap/rstudio/` -- Server Configuration: - - These configuration files are mounted into the server (.ini file format). + - They are located in the `config.secret.<< name of file >>` helm values + - mounted at `/mnt/secret-configmap/rstudio/` +- Server Configuration + - These configuration files are mounted into the server (.ini file format) - `rserver.conf`, `launcher.conf`, `jupyter.conf`, `logging.conf` - - Located at:
      `config.server.<< name of file >>` Helm values - - Mounted at:
      `/mnt/configmap/rstudio/` -- Server DCF Configuration: - - These configuration files are mounted into the server (.dcf file format). + - They are located at `config.server.<< name of file >>` helm values + - mounted at `/mnt/configmap/rstudio/` +- Server DCF Configuration + - These configuration files are mounted into the server (.dcf file format) - `launcher-mounts`, `launcher-env` - - Located at:
      `config.serverDcf.<< name of file >>` Helm values - - Included at:
      `/mnt/configmap/rstudio/` -- Profiles Configuration: - - These configuration files are mounted into the server (.ini file format). + - They are located at `config.serverDcf.<< name of file >>` helm values + - included at `/mnt/configmap/rstudio/` +- Profiles Configuration + - These configuration files are mounted into the server (.ini file format) - `launcher.kubernetes.profiles.conf` - - They are located at `config.profiles.<< name of file >>` Helm values - - Included at:
      `/mnt/configmap/rstudio/` - - See the [Profiles](#rstudio-profiles) section below for more information. -- Prestart: - - This is provided by the Helm chart in a configmap. - - It is mounted into the pod at `/scripts/`. - - `prestart-workbench.bash` is used to start workbench. - - `prestart-launcher.bash` is used to start launcher. -- User Provisioning Configuration: - - These configuration files are used for configuring user provisioning (i.e., `sssd`). - - Located at:
      `config.userProvisioning.<< name of file >>` Helm values - - Mounted onto:
      `/etc/sssd/conf.d/` with `0600` permissions by default. -- Custom Startup Configuration: - - `supervisord` service / unit definition `.conf` files. - - Use the `.ini` file format by default. - - Mounted at:
      `/startup/custom` - - As with all configuration files above, you can override with a verbatim string if desired: - - Located at:
      `config.startupCustom.<< name of file >>` Helm values: - ```yaml - config: - startupCustom: - myfile.conf: | - file-used-verbatim - ``` -- PAM configuration: - - `pam` configuration files. - - Located at:
      `config.pam.<< name of file >>` Helm values - - Mounted verbatim as individual files (using `subPath` mounts) at:
      `/etc/pam.d/<< name of file >>` - -### Configuring Python and R repositories - -#### Python repositories - -pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mounted into the session pods, it is important that: - -- `launcher.useTemplates: true` is set -- `pip.conf` settings are listed under `config.session` as shown in the following example for adding Posit Public Package Manager's PyPI: - - ```yaml - launcher: - useTemplates: true + - They are located at `config.profiles.<< name of file >>` helm values + - included at `/mnt/configmap/rstudio/` + - See the `Profiles` section below for more information +- Prestart + - This is provided by the helm chart in a configmap + - It is mounted into the pod at `/scripts/` + - `prestart-workbench.bash` is used to start workbench + - `prestart-launcher.bash` is used to start launcher +- User Provisioning Configuration + - These configuration files are used for configuring user provisioning (i.e. `sssd`) + - Located at `config.userProvisioning.<< name of file >>` helm values + - Mounted onto `/etc/sssd/conf.d/` with `0600` permissions by default +- Custom Startup Configuration + - `supervisord` service / unit definition `.conf` files + - Located at `config.startupCustom.<< name of file >>` helm values + - Will use the `.ini` file format, by default + - Mounted at `/startup/custom` + - As with all config files above, can override with a verbatim string if desired, like so: +```yaml +config: + startupCustom: + myfile.conf: | + file-used-verbatim +``` +- PAM configuration + - `pam` configuration files + - Located at `config.pam.<< name of file >>` helm values + - Will be mounted verbatim as individual files (using `subPath` mounts) at `/etc/pam.d/<< name of file >>` - config: - session: - pip.conf: - "global": - index-url: https://packagemanager.posit.co/pypi/latest/simple - trusted-host: packagemanager.posit.co - ``` +### Configuring R and Python repositories #### R repositories -R package repositories can be configured with `config.session.repos.conf`: +R package repositories can be configured with `config.session.repos.conf`. -```yaml +``` config: session: repos.conf: CRAN: https://packagemanager.posit.co/cran/__linux__/jammy/latest ``` -For more information about configuring CRAN repositories in Workbench, see the [Posit Workbench Administrator Guide's - Package Installation > CRAN repositories](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories) section. +For more information about configuring CRAN repositories in Workbench refer to the [Admin Guide](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories). + +#### Python repositories + +pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mounted into the session pods it is important that `launcher.useTemplates: true` is set and `pip.conf` settings are listed under `config.session` like in the example below for adding Posit Public Package Manager's PyPI. + +``` +launcher: + useTemplates: true + +config: + session: + pip.conf: + "global": + index-url: https://packagemanager.posit.co/pypi/latest/simple + trusted-host: packagemanager.posit.co +``` -## User provisioning +## User Provisioning -Provisioning users in Workbench containers is challenging. Session images create users automatically (with -consistent UIDs / GIDs). However, creating users in the Workbench containers is a responsibility that falls to the -administrator. +Provisioning users in RStudio Workbench containers is challenging. Session images have users created automatically (with +consistent UIDs / GIDs), but creating users in the Workbench containers is a responsibility that falls to the +administrator today. The most common way to provision users is via `sssd`. -The [latest Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) +The [latest RStudio Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) has `sssd` included and running by default (see `userProvisioning` configuration files above). -The other way that this can be managed is via a lightweight startup service (runs once at startup and then sleeps forever) +The other way that this can be managed is via a lightweight "startup service" (runs once at startup and then sleeps forever) or a polling service (checks at regular intervals). Either can be written easily in `bash` or another programming language. +However, it is important to be careful of a few points: -However, it is important to use caution for the following: - -- UID / GID consistency: - - Linux usernames and their matching to UID/GID must be consistent across all nodes and across time. - - Failing can cause security issues and access by some users to access view they should not be allowed to see. -- Usernames cannot have `@`. - - The `@` sign (often used in emails with SSO) is a problem for Workbench because some operating systems disallow `@` signs in linux usernames. -- `supervisord` is configured by default to exit if any of its child processes exit. - - If you use `config.startupCustom` to configure a user management service, be careful that it does not exit unnecessarily. +- UID / GID consistency: linux usernames and their matching to UID/GID must be consistent across all nodes and across + time. Failing this can cause security issues and access by some users to files they should not be allowed to see +- usernames cannot have `@`. The `@` sign (often used in emails with SSO) is a problem for RStudio Workbench because + some operating systems disallow `@` signs in linux usernames +- `supervisord` is configured by default to exit if any of its child processes exit. If you use `config.startupCustom` + to configure a user management service, be careful that it does not exit unnecessarily -We do not provide such a service out-of-the box because we intend for Workbench to solve this problem in a -future release. Please contact your account representative if you have feedback or questions about this +We do not provide such a service out of the box because we intend for RStudio Workbench to solve this problem in a +future release. Please get in touch with your account representative if you have feedback or questions about this workflow. ### PAM -When starting sessions on Workbench, PAM configuration is often very important, even if PAM is not being used as -an authentication mechanism. The Workbench Helm chart allows creating custom PAM files via the `config.pam` +When starting sessions on RStudio Workbench, PAM configuration is often very important, even if PAM is not being used as +an authentication mechanism. The RStudio Workbench helm chart allows creating custom PAM files via the `config.pam` values section. -Each key under `config.pam` becomes a PAM configuration file, and is mounted into `/etc/pam.d/` in the container. For +Each key under `config.pam` will become a PAM config file, and will be mounted into `/etc/pam.d/` in the container. For example: ```yaml @@ -287,17 +279,17 @@ Profiles are used to define product behavior (in `.ini` file format) based on us Sections define whether a set of configurations is applied to a user's jobs based on the following criteria: -- If section header is `[*]`, it applies to all users. -- If a user's username is `myusername`, the section `[myusername]` applies to them. -- If a user is in the `allusers` group, then the section `[@allusers]` applies to them +- if section header is `[*]`, it applies to all users +- if a user's username is `myusername`, the section `[myusername]` will apply to them +- if a user is in the `allusers` group, then the section `[@allusers]` will apply to them The product reads configuration from top to bottom and "last-in-wins" for a given configuration value. ### `/etc/rstudio/profiles` -The `/etc/rstudio/profiles` file enables you to tailor the behavior of sessions on a per-user or per-group basis. See the [Posit Workbench Administrator Guide - User and Group Profiles](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.html) page for more information. +The `/etc/rstudio/profiles` file enables you to tailor the behavior of sessions on a per-user or per-group basis. See the Workbench Admin Guide [User and Group Profiles](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.html) page for more details. -In the `values.yaml`, define the content of `/etc/rstudio/profiles` in `config.server.profiles`. For example: +In the `values.yaml`, the content of `/etc/rstudio/profiles` should be defined in `config.server.profiles`. For example: ```yaml config: @@ -320,17 +312,17 @@ session-timeout-minutes=60 ### `/etc/rstudio/launcher.kubernetes.profiles.conf` -The `/etc/rstudio/launcher.kubernetes.profiles.conf` contains the configuration of resource limits by user and group when using the Kubernetes Launcher Plugin. In the `values.yaml`, define the content of `/etc/rstudio/launcher.kubernetes.profiles.conf ` in the `config.profiles.launcher.kubernetes.profiles.conf` file. The `config.profiles` section has a couple of niceties that are added in by default. +The `/etc/rstudio/launcher.kubernetes.profiles.conf` contains the configuration of resource limits by user and group when using the Kubernetes Launcher Plugin. In the `values.yaml`, the content of `/etc/rstudio/launcher.kubernetes.profiles.conf ` should be defined in `config.profiles.launcher.kubernetes.profiles.conf`. The `config.profiles` section has a couple of niceties that are added in by default. -- YAML arrays like the following becomes "comma-joined." For instance, the following becomes: `some-key=value1,value2` +- YAML arrays like the following will be "comma-joined." For instance, the following will become: `some-key=value1,value2` - ```yaml - some-key: - - value1 - - value2 - ``` +```yaml +some-key: + - value1 + - value2 +``` -- The `[*]` section has arrays "appended" to user and group sections, along with "defaults" defined by the chart. +- The `[*]` section will have arrays "appended" to user and group sections, along with "defaults" defined by the chart. For example: @@ -347,7 +339,6 @@ config: - value4 - value5 ``` - Becomes: _/etc/rstudio/launcher.kubernetes.profiles.conf_ @@ -359,24 +350,23 @@ some-key: value1,value2 some-key: value1,value2,value3,value4 ``` -:::{.callout-note} -This appending/concatenation/array translation behavior only works with the helm chart. -::: +> NOTE: this appending/concatenation/array translation behavior only works with the helm chart -### Job Json overrides +### Job Json Overrides -If you want to customize the job launch process (i.e., how sessions are defined), edit the following configuration: +If you want to customize the job launch process (i.e. how sessions are defined), you will need to edit the following +configuration: + - modify `config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` + - create an array of maps with the following keys: + - `target`: the "target" part of the job spec to replace + - `name`: a unique identifier (ideally with no spaces) that will become a config filename on disk + - `json`: a YAML value that will be translated directly to JSON and injected into the job spec at `target` -- Modify: - ```yaml - config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` - ``` -- Create an array of maps with the following keys: - - `target`: The "target" part of the job spec to replace. - - `name`: A unique identifier (ideally with no spaces) becomes a configuration filename on disk. - - `json`: A YAML value that is translated directly to JSON and injected into the job spec at `target`. +Note that several examples are provided +in [this support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) +(however, examples do not use the helm chart syntax there). -Explore the docs in the [Helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md) for additional information. +Alternatively, you can explore the docs in the [helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md) ```yaml config: @@ -396,11 +386,10 @@ config: - "two-image:tag ``` -## Sealed secrets +## Sealed Secrets +This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. -This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via Helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. - -To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted (the chart does not support mixing encrypted values with unencrypted values): +To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted. The chart does not support mixing encrypted values with unencrypted values. - `config.secret` - `config.sessionSecret` @@ -408,7 +397,7 @@ To activate the use of `SealedSecret` templates instead of `Secret` templates in - `launcherPem` - `secureCookieKey` (or `global.secureCookieKey`) -Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key, which can be generated via an RSA tool such as Helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID, which can be generated via a UUID generator such as Helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. +Use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key which can be generated via an RSA tool such as helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID which can be generated via a UUID generator such as helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. ## Values @@ -557,3 +546,4 @@ Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) + From a5f9e86df7c35f79be9abe23dbeefa4bcf5780ba Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Tue, 14 May 2024 10:49:02 -0400 Subject: [PATCH 051/284] Description updates --- charts/rstudio-connect/Chart.yaml | 2 +- charts/rstudio-pm/Chart.yaml | 2 +- charts/rstudio-workbench/Chart.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index 225d2322..5518cb08 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,5 +1,5 @@ name: rstudio-connect -description: Official Helm chart for RStudio Connect +description: Official Helm chart for Posit Connect version: 0.6.6 apiVersion: v2 appVersion: 2024.04.1 diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index 76a4357d..f9e32dfa 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -1,5 +1,5 @@ name: rstudio-pm -description: Official Helm chart for RStudio Package Manager +description: Official Helm chart for Posit Package Manager version: 0.5.25 apiVersion: v2 appVersion: 2024.04.0 diff --git a/charts/rstudio-workbench/Chart.yaml b/charts/rstudio-workbench/Chart.yaml index b44fb106..987b7ad6 100644 --- a/charts/rstudio-workbench/Chart.yaml +++ b/charts/rstudio-workbench/Chart.yaml @@ -1,5 +1,5 @@ name: rstudio-workbench -description: Official Helm chart for RStudio Workbench +description: Official Helm chart for Posit Workbench version: 0.7.3 apiVersion: v2 appVersion: 2024.04.0 From 1d74223238c5327d9379a8718e937464865c8da0 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 14 May 2024 14:44:30 +0000 Subject: [PATCH 052/284] Update helm-docs and README.md --- charts/posit-chronicle/README.md | 49 ++-- charts/rstudio-connect/README.md | 53 ++-- charts/rstudio-launcher-rbac/README.md | 31 ++- charts/rstudio-library/README.md | 25 +- charts/rstudio-pm/README.md | 56 ++-- charts/rstudio-workbench/README.md | 367 +++++++++++++------------ 6 files changed, 301 insertions(+), 280 deletions(-) diff --git a/charts/posit-chronicle/README.md b/charts/posit-chronicle/README.md index 98feb64e..6b9f84d1 100644 --- a/charts/posit-chronicle/README.md +++ b/charts/posit-chronicle/README.md @@ -1,7 +1,4 @@ ---- -title: Posit Chronicle -code-overflow: wrap ---- +# Posit Chronicle ![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![AppVersion: 2024.03.0](https://img.shields.io/badge/AppVersion-2024.03.0-informational?style=flat-square) @@ -15,10 +12,14 @@ Workbench. To ensure a stable production deployment: +## For production + +To ensure a stable production deployment: + * "Pin" the version of the Helm chart that you are using. You can do this using the: * `helm dependency` command *and* the associated "Chart.lock" files *or* * the `--version` flag. - + ::: {.callout-important} This protects you from breaking changes. ::: @@ -35,19 +36,19 @@ helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/posit-chronicle --version=0.3.0 ``` -To explore other chart versions, take a look at: - -```{.bash} +To explore other chart versions, look at: +``` helm search repo rstudio/posit-chronicle -l ``` ## Usage This chart deploys only the Chronicle server and is meant to be used in tandem -with the Workbench and Connect charts. To send data to the server, run the Chronicle agent as a sidecar container on your -Workbench or Connect server pods by setting `pod.sidecar` in their respective `values.yaml` files. +with the Workbench and Connect charts. To actually send data to the server, you +will need to run the Chronicle agent as a sidecar container on your +Workbench or Connect server pods by setting `pod.sidecar` in their respective `values.yaml` files -Here is an example of Helm values to run the agent sidecar in *Workbench*, +Here is an example of Helm values to run the agent sidecar in **Workbench**, where we set up a shared volume between containers for audit logs: ```yaml @@ -71,7 +72,7 @@ pod: value: "http://chronicle-server.default" ``` -Here is an example of Helm values for *Connect*, where a Connect +And here is an example of Helm values for Connect, where a **Connect** API key from a Kubernetes Secret is used to unlock more detailed metrics: ```yaml @@ -89,10 +90,10 @@ pod: key: apikey ``` -It is up to the user to provision this Kubernetes Secret for the +Note that it is up to the user to provision this Kubernetes Secret for the Connect API key. -## Storage configuration +## Storage Configuration Chronicle can be configured to persist data to a local Kubernetes Volume, AWS S3, or both. @@ -108,7 +109,8 @@ config: ``` `retentionPeriod` controls how long usage data are kept. For example, `"120m"` -for 120 minutes, `"36h"` for 36 hours, `14d` for two weeks, or `"0"` for unbounded retention (units smaller than seconds or larger than days are not supported). +for 120 minutes, `"36h"` for 36 hours, `14d` for two weeks, or `"0"` for unbounded retention. +(Units smaller than seconds or larger than days are not supported.) You can also persist data to AWS S3 instead of (or in addition to) local storage: @@ -121,7 +123,7 @@ config: Region: "us-east-2" ``` -### Using IAM for S3 +### Using Iam for S3 If you are running on EKS, you can use [IAM Roles for Service Accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) @@ -136,9 +138,9 @@ serviceaccount: eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here ``` -If you are unable to use IAM Roles for Service Accounts, there are many +If you are unable to use IAM Roles for Service Accounts, there are any number of alternatives for injecting AWS credentials into a container. As a fallback, -the S3 storage `config` allows specifying a profile: +the S3 storage config allows specifying a profile: ```yaml config: @@ -149,14 +151,14 @@ config: Region: "us-east-2" ``` -### Needed S3 policy permissions +### Needed S3 Policy Permissions The credentials Chronicle uses for S3 storage must have the following permissions enabled: -* `s3:GetObject` -* `s3:ListBucket` -* `s3:PutObject` -* `s3:DeleteObject` +- `s3:GetObject` +- `s3:ListBucket` +- `s3:PutObject` +- `s3:DeleteObject` ## Values @@ -205,3 +207,4 @@ The credentials Chronicle uses for S3 storage must have the following permission ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) + diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 8a04dbf9..a2ae0ee1 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,7 +1,4 @@ ---- -title: Posit Connect -code-overflow: wrap ---- +# Posit Connect ![Version: 0.6.6](https://img.shields.io/badge/Version-0.6.6-informational?style=flat-square) ![AppVersion: 2024.04.1](https://img.shields.io/badge/AppVersion-2024.04.1-informational?style=flat-square) @@ -10,33 +7,37 @@ code-overflow: wrap Business Users and Collaborators use R and Python data products on [Posit Connect](https://posit.co/products/enterprise/connect/) that are published by Data Scientists. -## Best Practices +## Best practices Helm charts are very useful tools for deploying resources into Kubernetes, however, they do require some familiarity with kubernetes and `helm` itself. Please ensure you have adequate training and IT support before deploying these charts into production environments. Reach out to your account representative -if you need help deciding whether helm is a good choice for your deployment. +if you need help deciding whether Helm is a good choice for your deployment. To ensure reproducibility in your environment and insulate yourself from future changes, please: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use the `helm-diff` plugin and `helm diff upgrade` to check - for breaking changes -* Read [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +* "Pin" the version of the Helm chart that you are using. You can do + this using the: + * `helm dependency` command and the associated "Chart.lock" files _or_ + * the `--version` flag. -## Installing the Chart + :::{.callout-important} + This protects you from breaking changes** + ::: + +* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. + +## Installing the chart To install the chart with the release name `my-release` at version 0.6.6: -```bash +```{.bash} helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/rstudio-connect --version=0.6.6 ``` -To explore other chart versions, take a look at: +To explore other chart versions, look at: ``` helm search repo rstudio/rstudio-connect -l ``` @@ -56,15 +57,15 @@ This chart requires the following in order to function: ## Licensing -This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. - -### License File +This chart supports activating the product using a *license file*. We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -`kubectl create secret generic rstudio-connect-license --from-file=licenses/rstudio-connect.lic` +```{.bash} +kubectl create secret generic rstudio-connect-license --from-file=licenses/rstudio-connect.lic +``` Second, specify the following values: @@ -77,15 +78,9 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -`--set-file license.file.contents=licenses/rstudio-connect.lic` - -### License Key - -Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. - -### License Server - -Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. +```{.bash} +--set-file license.file.contents=licenses/rstudio-connect.lic +``` ## General Principles diff --git a/charts/rstudio-launcher-rbac/README.md b/charts/rstudio-launcher-rbac/README.md index 313d989f..496581b3 100644 --- a/charts/rstudio-launcher-rbac/README.md +++ b/charts/rstudio-launcher-rbac/README.md @@ -4,28 +4,35 @@ #### _RBAC definition for the RStudio Job Launcher_ -## For Production +## For production -To ensure a stable production deployment, please: +To ensure a stable production deployment: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check - for breaking changes -* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +## For production -## Installing the Chart +To ensure a stable production deployment: + +* "Pin" the version of the Helm chart that you are using. You can do this using the: + * `helm dependency` command *and* the associated "Chart.lock" files *or* + * the `--version` flag. + + ::: {.callout-important} + This protects you from breaking changes. + ::: + +* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. + +## Installing the chart To install the chart with the release name `my-release` at version 0.2.20: -```bash +```{.bash} helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/rstudio-launcher-rbac --version=0.2.20 ``` -To explore other chart versions, take a look at: +To explore other chart versions, look at: ``` helm search repo rstudio/rstudio-launcher-rbac -l ``` diff --git a/charts/rstudio-library/README.md b/charts/rstudio-library/README.md index 86e0ab9d..56a781e8 100644 --- a/charts/rstudio-library/README.md +++ b/charts/rstudio-library/README.md @@ -4,17 +4,24 @@ #### _Helm library helpers for use by official RStudio charts_ -## For Production +## For production -To ensure a stable production deployment, please: +To ensure a stable production deployment: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check - for breaking changes -* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +## For production + +To ensure a stable production deployment: + +* "Pin" the version of the Helm chart that you are using. You can do this using the: + * `helm dependency` command *and* the associated "Chart.lock" files *or* + * the `--version` flag. + + ::: {.callout-important} + This protects you from breaking changes. + ::: + +* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. # Usage diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 9fcaca95..24b0d743 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,7 +1,4 @@ ---- -title: Posit Package Manager -code-overflow: wrap ---- +# Posit Package Manager ![Version: 0.5.25](https://img.shields.io/badge/Version-0.5.25-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) @@ -10,28 +7,35 @@ code-overflow: wrap IT Administrators use [Posit Package Manager](https://posit.co/products/enterprise/package-manager/) to control and manage R and Python packages that Data Scientists need to create and share data products. -## For Production +## For production -To ensure a stable production deployment, please: +To ensure a stable production deployment: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check - for breaking changes -* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +## For production -## Installing the Chart +To ensure a stable production deployment: + +* "Pin" the version of the Helm chart that you are using. You can do this using the: + * `helm dependency` command *and* the associated "Chart.lock" files *or* + * the `--version` flag. + + ::: {.callout-important} + This protects you from breaking changes. + ::: + +* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. + +## Installing the chart To install the chart with the release name `my-release` at version 0.5.25: -```bash +```{.bash} helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.25 ``` -To explore other chart versions, take a look at: +To explore other chart versions, look at: ``` helm search repo rstudio/rstudio-pm -l ``` @@ -60,15 +64,15 @@ This chart requires the following in order to function: ## Licensing -This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. - -### License File +This chart supports activating the product using a *license file*. We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -`kubectl create secret generic rstudio-pm-license --from-file=licenses/rstudio-pm.lic` +```{.bash} +kubectl create secret generic rstudio-pm-license --from-file=licenses/rstudio-pm.lic +``` Second, specify the following values: @@ -81,15 +85,9 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -`--set-file license.file.contents=licenses/rstudio-pm.lic` - -### License Key - -Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. - -### License Server - -Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. +```{.bash} +--set-file license.file.contents=licenses/rstudio-pm.lic +``` ## S3 Configuration diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 9cda63d7..0a5bb0a1 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -7,81 +7,91 @@ Data Scientists use [Posit Workbench](https://posit.co/products/enterprise/workbench/) to analyze data and create data products using R and Python. -## For Production +## For production -To ensure a stable production deployment, please: +To ensure a stable production deployment: -* Ensure you "pin" the version of the Helm chart that you are using. You can do - this using the `helm dependency` command and the associated "Chart.lock" files - or the `--version` flag. **IMPORTANT: This protects you from breaking changes** -* Before upgrading, to avoid breaking changes, use `helm diff upgrade` to check - for breaking changes -* Pay close attention to [`NEWS.md`](./NEWS.md) for updates on breaking - changes, as well as documentation below on how to use the chart +## For production -## Installing the Chart +To ensure a stable production deployment: + +* "Pin" the version of the Helm chart that you are using. You can do this using the: + * `helm dependency` command *and* the associated "Chart.lock" files *or* + * the `--version` flag. + + ::: {.callout-important} + This protects you from breaking changes. + ::: + +* Before upgrading check for breaking changes using `helm-diff` plugin and `helm diff upgrade`. +* Read [`NEWS.md`](./NEWS.md) for updates on breaking changes and the documentation below on how to use the chart. + +## Installing the chart To install the chart with the release name `my-release` at version 0.7.3: -```bash +```{.bash} helm repo add rstudio https://helm.rstudio.com helm upgrade --install my-release rstudio/rstudio-workbench --version=0.7.3 ``` -To explore other chart versions, take a look at: +To explore other chart versions, look at: ``` helm search repo rstudio/rstudio-workbench -l ``` -## Required Configuration +## Required configuration -This chart requires the following in order to function: +To function, this chart requires the following: -* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. +* A license file. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the home directory for users. - * If `homeStorage.create` is set, a PVC that relies on the default storage class will be created to generate the + * If `homeStorage.create` is set, it creates a Persistent Volume Claim (PVC) that relies on the default storage class to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use - with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend you disable `homeStorage.create` and - create your own `PersistentVolume` and `PersistentVolumeClaim`, then mount them into the container by specifying + with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend that you: + * Disable `homeStorage.create` and + create your own `PersistentVolume` and `PersistentVolumeClaim`, then + * Mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `homeStorage.name` and `homeStorage.mount`. - * If you cannot use a `PersistentVolume` to properly mount your users' home directories, you'll need to mount your + * If you cannot use a `PersistentVolume` to properly mount your users' home directories, mount your data in the container by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes/#nfs), specified in `pod.volumes` and `pod.volumeMounts`. - * If you cannot use a `Volume` to mount the directories, you'll need to manually mount them during container startup + * If you cannot use a `Volume` to mount the directories, manually mount them during container startup with a mechanism similar to what is described below for joining to auth domains. - * If not using `homeStorage.create`, you'll need to configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions. -* If using load balancing (by setting `replicas > 1`), you will need similar storage defined for `sharedStorage` to + * If not using `homeStorage.create`, configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions. +* If using load balancing (by setting `replicas > 1`), you need similar storage defined for `sharedStorage` to store shared project configuration. However, you can also configure the product to store its shared data underneath `/home` by setting `config.server.rserver\.conf.server-shared-storage-path=/home/some-shared-dir`. * A method to join the deployed `rstudio-workbench` container to your auth domain. The default `rstudio/rstudio-workbench` image has `sssd` installed and started by default. You can include `sssd` configuration in `config.userProvisioning` like so: -```yaml -config: - userProvisioning: - mysssd.conf: - sssd: - config_file_version: 2 - services: nss, pam - domains: rstudio.com - domain/rstudio.com: - id_provider: ldap - auth_provider: ldap -``` -## Licensing + ```yaml + config: + userProvisioning: + mysssd.conf: + sssd: + config_file_version: 2 + services: nss, pam + domains: rstudio.com + domain/rstudio.com: + id_provider: ldap + auth_provider: ldap + ``` -This chart supports activating the product using a license file, license key, or license server. In the case of a license file or key, we recommend against placing it in your values file directly. +## Licensing -### License File +This chart supports activating the product using a *license file*. We recommend storing a license file as a `Secret` and setting the `license.file.secret` and `license.file.secretKey` values accordingly. First, create the secret declaratively with YAML or imperatively using the following command: -`kubectl create secret generic rstudio-workbench-license --from-file=licenses/rstudio-workbench.lic` +```{.bash} +kubectl create secret generic rstudio-workbench-license --from-file=licenses/rstudio-workbench.lic +``` Second, specify the following values: @@ -94,32 +104,27 @@ license: Alternatively, license files can be set during `helm install` with the following argument: -`--set-file license.file.contents=licenses/rstudio-workbench.lic` - -### License Key - -Set a license key directly in your values file (`license.key`) or during `helm install` with the argument `--set license.key=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX`. - -### License Server +```{.bash} +--set-file license.file.contents=licenses/rstudio-workbench.lic +``` -Set a license server directly in your values file (`license.server`) or during `helm install` with the argument `--set license.server=`. +## General principles -## General Principles +## General principles - In most places, we opt to pass Helm values directly into ConfigMaps. We automatically translate these into the - valid `.ini` or `.dcf` file formats required by RStudio Workbench. Those config files and their mount locations are - below. -- If you need to modify the jobs launched by RStudio Workbench, you want to use `job-json-overrides`. There is a section on this below - and [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) - on the topic in general. -- The prestart scripts for RStudio Workbench and RStudio Launcher are highly customized to: - - Get the service account information off of the RStudio Workbench pod for use in launching jobs -- RStudio Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter - [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) + valid `.ini` or `.dcf` file formats required by Workbench. + - Those configuration files and their mount locations are covered in the [Configuration files](#configuration-files) section below. +- If you need to modify the jobs launched by Workbench, use `job-json-overrides`. + - Review the [Job Json overrides](#job-json-overrides) section on this below. For general information, see [a support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes). +- The prestart scripts for Workbench and Posit Job Launcher are highly customized to get the service account information off of the Workbench pod for use in launching jobs. +- Workbench does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter. + - This is described in the + [Monitoring Posit Team Using Prometheus and Graphite](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) support article. ## Configuration files -These configuration values all take the form of usual helm values +These configuration values all take the form of usual Helm values so you can set the database password with something like: ``` @@ -136,130 +141,133 @@ config: ``` The names of files are dynamically used, so you can add new files as needed. Beware that some files have default values, -so moving them can have adverse effects. Also, if you use a different mounting paradigm, you will need to change -the `XDG_CONFIG_DIRS` environment variable +so moving them can have adverse effects. Also, if you use a different mounting paradigm, you need to change +the `XDG_CONFIG_DIRS` environment variable. - Session Configuration - These configuration files are mounted into the server and - are mounted into the session pods as well. + are mounted into the session pods. - `repos.conf`, `rsession.conf`, `notifications.conf` - - located in the `config.session.<< name of file >>` helm values - - mounted at `/mnt/session-configmap/rstudio/` -- Session Secret Configuration - - These configuration files are mounted into the server and session pods as well - - `odbc.ini` and other similar shared secrets - - located in `config.sessionSecret.<< name of file>>` helm values - - mounted at `/mnt/session-secret/` -- Secret Configuration - - These configuration files are mounted into the server with more restrictive permissions (0600) + - Located in:
      `config.session.<< name of file >>` Helm values + - Mounted at:
      `/mnt/session-configmap/rstudio/` +- Session Secret Configuration: + - These configuration files are mounted into the server and session pods. + - `odbc.ini` and other similar shared secrets. + - Located in:
      `config.sessionSecret.<< name of file>>` Helm values + - Mounted at:
      `/mnt/session-secret/` +- Secret Configuration: + - These configuration files are mounted into the server with more restrictive permissions (0600). - `database.conf`, `openid-client-secret`, `databricks.conf` - - They are located in the `config.secret.<< name of file >>` helm values - - mounted at `/mnt/secret-configmap/rstudio/` -- Server Configuration - - These configuration files are mounted into the server (.ini file format) + - Located in:
      `config.secret.<< name of file >>` Helm values + - Mounted at:
      `/mnt/secret-configmap/rstudio/` +- Server Configuration: + - These configuration files are mounted into the server (.ini file format). - `rserver.conf`, `launcher.conf`, `jupyter.conf`, `logging.conf` - - They are located at `config.server.<< name of file >>` helm values - - mounted at `/mnt/configmap/rstudio/` -- Server DCF Configuration - - These configuration files are mounted into the server (.dcf file format) + - Located at:
      `config.server.<< name of file >>` Helm values + - Mounted at:
      `/mnt/configmap/rstudio/` +- Server DCF Configuration: + - These configuration files are mounted into the server (.dcf file format). - `launcher-mounts`, `launcher-env` - - They are located at `config.serverDcf.<< name of file >>` helm values - - included at `/mnt/configmap/rstudio/` -- Profiles Configuration - - These configuration files are mounted into the server (.ini file format) + - Located at:
      `config.serverDcf.<< name of file >>` Helm values + - Included at:
      `/mnt/configmap/rstudio/` +- Profiles Configuration: + - These configuration files are mounted into the server (.ini file format). - `launcher.kubernetes.profiles.conf` - - They are located at `config.profiles.<< name of file >>` helm values - - included at `/mnt/configmap/rstudio/` - - See the `Profiles` section below for more information -- Prestart - - This is provided by the helm chart in a configmap - - It is mounted into the pod at `/scripts/` - - `prestart-workbench.bash` is used to start workbench - - `prestart-launcher.bash` is used to start launcher -- User Provisioning Configuration - - These configuration files are used for configuring user provisioning (i.e. `sssd`) - - Located at `config.userProvisioning.<< name of file >>` helm values - - Mounted onto `/etc/sssd/conf.d/` with `0600` permissions by default -- Custom Startup Configuration - - `supervisord` service / unit definition `.conf` files - - Located at `config.startupCustom.<< name of file >>` helm values - - Will use the `.ini` file format, by default - - Mounted at `/startup/custom` - - As with all config files above, can override with a verbatim string if desired, like so: -```yaml -config: - startupCustom: - myfile.conf: | - file-used-verbatim -``` -- PAM configuration - - `pam` configuration files - - Located at `config.pam.<< name of file >>` helm values - - Will be mounted verbatim as individual files (using `subPath` mounts) at `/etc/pam.d/<< name of file >>` + - They are located at `config.profiles.<< name of file >>` Helm values + - Included at:
      `/mnt/configmap/rstudio/` + - See the [Profiles](#rstudio-profiles) section below for more information. +- Prestart: + - This is provided by the Helm chart in a configmap. + - It is mounted into the pod at `/scripts/`. + - `prestart-workbench.bash` is used to start workbench. + - `prestart-launcher.bash` is used to start launcher. +- User Provisioning Configuration: + - These configuration files are used for configuring user provisioning (i.e., `sssd`). + - Located at:
      `config.userProvisioning.<< name of file >>` Helm values + - Mounted onto:
      `/etc/sssd/conf.d/` with `0600` permissions by default. +- Custom Startup Configuration: + - `supervisord` service / unit definition `.conf` files. + - Use the `.ini` file format by default. + - Mounted at:
      `/startup/custom` + - As with all configuration files above, you can override with a verbatim string if desired: + - Located at:
      `config.startupCustom.<< name of file >>` Helm values: + ```yaml + config: + startupCustom: + myfile.conf: | + file-used-verbatim + ``` +- PAM configuration: + - `pam` configuration files. + - Located at:
      `config.pam.<< name of file >>` Helm values + - Mounted verbatim as individual files (using `subPath` mounts) at:
      `/etc/pam.d/<< name of file >>` -### Configuring R and Python repositories +#### Python repositories -#### R repositories +pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mounted into the session pods, it is important that: -R package repositories can be configured with `config.session.repos.conf`. +- `launcher.useTemplates: true` is set +- `pip.conf` settings are listed under `config.session` as shown in the following example for adding Posit Public Package Manager's PyPI: -``` -config: - session: - repos.conf: - CRAN: https://packagemanager.posit.co/cran/__linux__/jammy/latest -``` + ```yaml + launcher: + useTemplates: true -For more information about configuring CRAN repositories in Workbench refer to the [Admin Guide](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories). + config: + session: + pip.conf: + "global": + index-url: https://packagemanager.posit.co/pypi/latest/simple + trusted-host: packagemanager.posit.co + ``` -#### Python repositories - -pip can be configured with `config.session.pip.conf`. To ensure `pip.conf` is mounted into the session pods it is important that `launcher.useTemplates: true` is set and `pip.conf` settings are listed under `config.session` like in the example below for adding Posit Public Package Manager's PyPI. +#### R repositories -``` -launcher: - useTemplates: true +R package repositories can be configured with `config.session.repos.conf`: +```yaml config: session: - pip.conf: - "global": - index-url: https://packagemanager.posit.co/pypi/latest/simple - trusted-host: packagemanager.posit.co + repos.conf: + CRAN: https://packagemanager.posit.co/cran/__linux__/jammy/latest ``` -## User Provisioning +For more information about configuring CRAN repositories in Workbench, see the [Posit Workbench Administrator Guide's - Package Installation > CRAN repositories](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories) section. -Provisioning users in RStudio Workbench containers is challenging. Session images have users created automatically (with -consistent UIDs / GIDs), but creating users in the Workbench containers is a responsibility that falls to the -administrator today. +## User provisioning + +Provisioning users in Workbench containers is challenging. Session images create users automatically (with +consistent UIDs / GIDs). However, creating users in the Workbench containers is a responsibility that falls to the +administrator. The most common way to provision users is via `sssd`. -The [latest RStudio Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) +The [latest Workbench container](https://github.com/rstudio/rstudio-docker-products/tree/main/workbench#user-provisioning) has `sssd` included and running by default (see `userProvisioning` configuration files above). -The other way that this can be managed is via a lightweight "startup service" (runs once at startup and then sleeps forever) +The other way that this can be managed is via a lightweight startup service (runs once at startup and then sleeps forever) or a polling service (checks at regular intervals). Either can be written easily in `bash` or another programming language. -However, it is important to be careful of a few points: -- UID / GID consistency: linux usernames and their matching to UID/GID must be consistent across all nodes and across - time. Failing this can cause security issues and access by some users to files they should not be allowed to see -- usernames cannot have `@`. The `@` sign (often used in emails with SSO) is a problem for RStudio Workbench because - some operating systems disallow `@` signs in linux usernames -- `supervisord` is configured by default to exit if any of its child processes exit. If you use `config.startupCustom` - to configure a user management service, be careful that it does not exit unnecessarily +However, it is important to use caution for the following: + +- UID / GID consistency: + - Linux usernames and their matching to UID/GID must be consistent across all nodes and across time. + - Failing can cause security issues and access by some users to access view they should not be allowed to see. +- Usernames cannot have `@`. + - The `@` sign (often used in emails with SSO) is a problem for Workbench because some operating systems disallow `@` signs in linux usernames. +- `supervisord` is configured by default to exit if any of its child processes exit. + - If you use `config.startupCustom` to configure a user management service, be careful that it does not exit unnecessarily. -We do not provide such a service out of the box because we intend for RStudio Workbench to solve this problem in a -future release. Please get in touch with your account representative if you have feedback or questions about this +We do not provide such a service out-of-the box because we intend for Workbench to solve this problem in a +future release. Please contact your account representative if you have feedback or questions about this workflow. ### PAM -When starting sessions on RStudio Workbench, PAM configuration is often very important, even if PAM is not being used as -an authentication mechanism. The RStudio Workbench helm chart allows creating custom PAM files via the `config.pam` +When starting sessions on Workbench, PAM configuration is often very important, even if PAM is not being used as +an authentication mechanism. The Workbench Helm chart allows creating custom PAM files via the `config.pam` values section. -Each key under `config.pam` will become a PAM config file, and will be mounted into `/etc/pam.d/` in the container. For +Each key under `config.pam` becomes a PAM configuration file, and is mounted into `/etc/pam.d/` in the container. For example: ```yaml @@ -273,23 +281,23 @@ config: # will be used verbatim ``` -## RStudio Profiles +## RStudio profiles Profiles are used to define product behavior (in `.ini` file format) based on user and group membership. Sections define whether a set of configurations is applied to a user's jobs based on the following criteria: -- if section header is `[*]`, it applies to all users -- if a user's username is `myusername`, the section `[myusername]` will apply to them -- if a user is in the `allusers` group, then the section `[@allusers]` will apply to them +- If section header is `[*]`, it applies to all users. +- If a user's username is `myusername`, the section `[myusername]` applies to them. +- If a user is in the `allusers` group, then the section `[@allusers]` applies to them The product reads configuration from top to bottom and "last-in-wins" for a given configuration value. ### `/etc/rstudio/profiles` -The `/etc/rstudio/profiles` file enables you to tailor the behavior of sessions on a per-user or per-group basis. See the Workbench Admin Guide [User and Group Profiles](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.html) page for more details. +The `/etc/rstudio/profiles` file enables you to tailor the behavior of sessions on a per-user or per-group basis. See the [Posit Workbench Administrator Guide - User and Group Profiles](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.html) page for more information. -In the `values.yaml`, the content of `/etc/rstudio/profiles` should be defined in `config.server.profiles`. For example: +In the `values.yaml`, define the content of `/etc/rstudio/profiles` in `config.server.profiles`. For example: ```yaml config: @@ -312,17 +320,17 @@ session-timeout-minutes=60 ### `/etc/rstudio/launcher.kubernetes.profiles.conf` -The `/etc/rstudio/launcher.kubernetes.profiles.conf` contains the configuration of resource limits by user and group when using the Kubernetes Launcher Plugin. In the `values.yaml`, the content of `/etc/rstudio/launcher.kubernetes.profiles.conf ` should be defined in `config.profiles.launcher.kubernetes.profiles.conf`. The `config.profiles` section has a couple of niceties that are added in by default. +The `/etc/rstudio/launcher.kubernetes.profiles.conf` contains the configuration of resource limits by user and group when using the Kubernetes Launcher Plugin. In the `values.yaml`, define the content of `/etc/rstudio/launcher.kubernetes.profiles.conf ` in the `config.profiles.launcher.kubernetes.profiles.conf` file. The `config.profiles` section has a couple of niceties that are added in by default. -- YAML arrays like the following will be "comma-joined." For instance, the following will become: `some-key=value1,value2` +- YAML arrays like the following becomes "comma-joined." For instance, the following becomes: `some-key=value1,value2` -```yaml -some-key: - - value1 - - value2 -``` + ```yaml + some-key: + - value1 + - value2 + ``` -- The `[*]` section will have arrays "appended" to user and group sections, along with "defaults" defined by the chart. +- The `[*]` section has arrays "appended" to user and group sections, along with "defaults" defined by the chart. For example: @@ -339,6 +347,7 @@ config: - value4 - value5 ``` + Becomes: _/etc/rstudio/launcher.kubernetes.profiles.conf_ @@ -350,23 +359,24 @@ some-key: value1,value2 some-key: value1,value2,value3,value4 ``` -> NOTE: this appending/concatenation/array translation behavior only works with the helm chart +:::{.callout-note} +This appending/concatenation/array translation behavior only works with the helm chart. +::: -### Job Json Overrides +### Job Json overrides -If you want to customize the job launch process (i.e. how sessions are defined), you will need to edit the following -configuration: - - modify `config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` - - create an array of maps with the following keys: - - `target`: the "target" part of the job spec to replace - - `name`: a unique identifier (ideally with no spaces) that will become a config filename on disk - - `json`: a YAML value that will be translated directly to JSON and injected into the job spec at `target` +If you want to customize the job launch process (i.e., how sessions are defined), edit the following configuration: -Note that several examples are provided -in [this support article](https://support.rstudio.com/hc/en-us/articles/360051652094-Using-Job-Json-Overrides-with-RStudio-Server-Pro-and-Kubernetes) -(however, examples do not use the helm chart syntax there). +- Modify: + ```yaml + config.profiles.launcher\.kubernetes\.profiles\.conf.<< some selector >>.job-json-overrides` + ``` +- Create an array of maps with the following keys: + - `target`: The "target" part of the job spec to replace. + - `name`: A unique identifier (ideally with no spaces) becomes a configuration filename on disk. + - `json`: A YAML value that is translated directly to JSON and injected into the job spec at `target`. -Alternatively, you can explore the docs in the [helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md) +Explore the docs in the [Helm repository](https://github.com/rstudio/helm/blob/main/docs/customize.md) for additional information. ```yaml config: @@ -386,10 +396,11 @@ config: - "two-image:tag ``` -## Sealed Secrets -This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. +## Sealed secrets + +This chart supports the use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) to allow for storing secrets in SCM and to ensure secrets are never leaked via Helm. The target cluster must include a `SealedSecret` controller as the controller is responsible for converting a `SealedSecret` to a `Secret`. -To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted. The chart does not support mixing encrypted values with unencrypted values. +To activate the use of `SealedSecret` templates instead of `Secret` templates in the chart, set `sealedSecret.enabled=true` and ensure the following values are all encrypted (the chart does not support mixing encrypted values with unencrypted values): - `config.secret` - `config.sessionSecret` @@ -397,7 +408,7 @@ To activate the use of `SealedSecret` templates instead of `Secret` templates in - `launcherPem` - `secureCookieKey` (or `global.secureCookieKey`) -Use of [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key which can be generated via an RSA tool such as helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID which can be generated via a UUID generator such as helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. +Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables the chart's auto-generation and reuse capabilities for `launcherPem` and `secureCookieKey`. `launcherPem` is an RSA private key, which can be generated via an RSA tool such as Helm's [`genPrivateKey`](https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey) function. `secureCookieKey` is typically a UUID, which can be generated via a UUID generator such as Helm's [`uuidv4`](https://helm.sh/docs/chart_template_guide/function_list/#uuid-functions) function. ## Values From 938307430b3b593a326634aa37e8760201dc70d3 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 14 May 2024 14:49:38 +0000 Subject: [PATCH 053/284] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 2 +- charts/rstudio-pm/README.md | 2 +- charts/rstudio-workbench/README.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index a2ae0ee1..95b7cb19 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -2,7 +2,7 @@ ![Version: 0.6.6](https://img.shields.io/badge/Version-0.6.6-informational?style=flat-square) ![AppVersion: 2024.04.1](https://img.shields.io/badge/AppVersion-2024.04.1-informational?style=flat-square) -#### _Official Helm chart for RStudio Connect_ +#### _Official Helm chart for Posit Connect_ Business Users and Collaborators use R and Python data products on [Posit Connect](https://posit.co/products/enterprise/connect/) that are published by Data Scientists. diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 24b0d743..f2f7f113 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -2,7 +2,7 @@ ![Version: 0.5.25](https://img.shields.io/badge/Version-0.5.25-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) -#### _Official Helm chart for RStudio Package Manager_ +#### _Official Helm chart for Posit Package Manager_ IT Administrators use [Posit Package Manager](https://posit.co/products/enterprise/package-manager/) to control and manage R and Python packages that Data Scientists need to create and share data products. diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 0a5bb0a1..9a05e06d 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -2,7 +2,7 @@ ![Version: 0.7.3](https://img.shields.io/badge/Version-0.7.3-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) -#### _Official Helm chart for RStudio Workbench_ +#### _Official Helm chart for Posit Workbench_ Data Scientists use [Posit Workbench](https://posit.co/products/enterprise/workbench/) to analyze data and create data products using R and Python. From fed23f8f00cb2f635094d88fc48a20c58a689775 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Tue, 14 May 2024 11:35:52 -0400 Subject: [PATCH 054/284] =?UTF-8?q?idk=20what=20is=20right=20side=20up=20o?= =?UTF-8?q?r=20upside=20down=20at=20this=20point....=20"=C2=AF\=5F(?= =?UTF-8?q?=E3=83=84)=5F/=C2=AF"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- charts/_templates.gotmpl | 4 ---- charts/rstudio-connect/README.md.gotmpl | 12 ++++++------ charts/rstudio-pm/README.md.gotmpl | 12 ++++++------ charts/rstudio-workbench/README.md.gotmpl | 2 -- 4 files changed, 12 insertions(+), 18 deletions(-) diff --git a/charts/_templates.gotmpl b/charts/_templates.gotmpl index dce4b93c..43e05938 100644 --- a/charts/_templates.gotmpl +++ b/charts/_templates.gotmpl @@ -44,10 +44,6 @@ Workbench. To ensure a stable production deployment: -## For production - -To ensure a stable production deployment: - * "Pin" the version of the Helm chart that you are using. You can do this using the: * `helm dependency` command *and* the associated "Chart.lock" files *or* * the `--version` flag. diff --git a/charts/rstudio-connect/README.md.gotmpl b/charts/rstudio-connect/README.md.gotmpl index 3906063a..edc81aa1 100644 --- a/charts/rstudio-connect/README.md.gotmpl +++ b/charts/rstudio-connect/README.md.gotmpl @@ -8,11 +8,11 @@ {{ template "rstudio.install" . }} -## Required Configuration +## Required configuration -This chart requires the following in order to function: +To function, this chart requires the following: -* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. +* A license file. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the data directory for Connect. * If `sharedStorage.create` is set, a PVC that relies on the default storage class will be created to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use with `ReadWriteMany` access mode out-of-the-box. @@ -23,19 +23,19 @@ This chart requires the following in order to function: {{ template "rstudio.licensing" . }} -## General Principles +## General principles - In most places, we opt to pass helm values over configmaps. We translate these into the valid `.gcfg` file format required by {{ template "chart.name" . }}. - {{ template "chart.name" . }} does not export many prometheus metrics on its own. Instead, we run a sidecar graphite exporter [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) -## Configuration File +## Configuration file The configuration values all take the form of usual helm values so you can set the database password with something like: -``` +```{.bash} ... --set config.Postgres.Password=mypassword ... ``` diff --git a/charts/rstudio-pm/README.md.gotmpl b/charts/rstudio-pm/README.md.gotmpl index d0d4cc81..62b20536 100644 --- a/charts/rstudio-pm/README.md.gotmpl +++ b/charts/rstudio-pm/README.md.gotmpl @@ -8,7 +8,7 @@ {{ template "rstudio.install" . }} -## Upgrade Guidance +## Upgrade guidance ### 0.4.0 @@ -16,7 +16,7 @@ the `rstudio-pm` user (with `uid:gid` `999:999`). A `chown` of persistent storage may be required. We will try to fix this up automatically. Set `enableMigrations=false` to disable the automatic fixup / hook. -## Required Configuration +## Required configuration This chart requires the following in order to function: @@ -32,7 +32,7 @@ This chart requires the following in order to function: {{ template "rstudio.licensing" . }} -## S3 Configuration +## S3 configuration Package Manager [can be configured to store its data in S3 buckets](https://docs.rstudio.com/rspm/admin/files-directories/#data-destinations), @@ -73,17 +73,17 @@ awsSecretAccessKey: your-secret-access-key Bear in mind that static, long-lived credentials are the least secure option and should be avoided if at all possible. -## General Principles +## General principles - In most places, we opt to pass helm values over configmaps. We translate these into the valid `.gcfg` file format required by {{ template "chart.name" . }}. -## Configuration File +## Configuration file The configuration values all take the form of usual helm values so you can set the database password with something like: -``` +```{.bash} ... --set config.Postgres.Password=mypassword ... ``` diff --git a/charts/rstudio-workbench/README.md.gotmpl b/charts/rstudio-workbench/README.md.gotmpl index de45d2d0..b2b9f10e 100644 --- a/charts/rstudio-workbench/README.md.gotmpl +++ b/charts/rstudio-workbench/README.md.gotmpl @@ -52,8 +52,6 @@ To function, this chart requires the following: ## General principles -## General principles - - In most places, we opt to pass Helm values directly into ConfigMaps. We automatically translate these into the valid `.ini` or `.dcf` file formats required by Workbench. - Those configuration files and their mount locations are covered in the [Configuration files](#configuration-files) section below. From acf5f1a894040ff7000a11d6a8d32f49d15246ff Mon Sep 17 00:00:00 2001 From: edavidaja Date: Tue, 14 May 2024 12:10:50 -0400 Subject: [PATCH 055/284] just docs --- _quarto.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/_quarto.yml b/_quarto.yml index 2abeacf5..8b3f08ba 100644 --- a/_quarto.yml +++ b/_quarto.yml @@ -1,8 +1,6 @@ project: type: posit-docs - pre-render: | - ./bin/helm-docs --chart-search-root=charts --template-files=README.md.gotmpl --template-files=./_templates.gotmpl - ./bin/helm-docs --chart-search-root=other-charts --template-files=README.md.gotmpl --template-files=./_templates.gotmpl + pre-render: just docs render: - charts/rstudio-workbench/README.md - charts/rstudio-workbench/NEWS.md From 2b74203d24d67d993bbd49a9f53eb640c7b2e4de Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 14 May 2024 16:12:07 +0000 Subject: [PATCH 056/284] Update helm-docs and README.md --- charts/posit-chronicle/README.md | 6 +----- charts/rstudio-connect/README.md | 16 ++++++++-------- charts/rstudio-launcher-rbac/README.md | 6 +----- charts/rstudio-library/README.md | 6 +----- charts/rstudio-pm/README.md | 22 +++++++++------------- charts/rstudio-workbench/README.md | 10 ++-------- other-charts/prepull-daemonset/README.md | 2 +- 7 files changed, 23 insertions(+), 45 deletions(-) diff --git a/charts/posit-chronicle/README.md b/charts/posit-chronicle/README.md index 6b9f84d1..fa59101d 100644 --- a/charts/posit-chronicle/README.md +++ b/charts/posit-chronicle/README.md @@ -12,10 +12,6 @@ Workbench. To ensure a stable production deployment: -## For production - -To ensure a stable production deployment: - * "Pin" the version of the Helm chart that you are using. You can do this using the: * `helm dependency` command *and* the associated "Chart.lock" files *or* * the `--version` flag. @@ -206,5 +202,5 @@ The credentials Chronicle uses for S3 storage must have the following permission | storage.persistentVolumeSize | string | `"1Gi"` | | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) +Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 95b7cb19..51625b56 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -42,11 +42,11 @@ To explore other chart versions, look at: helm search repo rstudio/rstudio-connect -l ``` -## Required Configuration +## Required configuration -This chart requires the following in order to function: +To function, this chart requires the following: -* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. +* A license file. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the data directory for Connect. * If `sharedStorage.create` is set, a PVC that relies on the default storage class will be created to generate the PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use with `ReadWriteMany` access mode out-of-the-box. @@ -82,19 +82,19 @@ Alternatively, license files can be set during `helm install` with the following --set-file license.file.contents=licenses/rstudio-connect.lic ``` -## General Principles +## General principles - In most places, we opt to pass helm values over configmaps. We translate these into the valid `.gcfg` file format required by rstudio-connect. - rstudio-connect does not export many prometheus metrics on its own. Instead, we run a sidecar graphite exporter [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) -## Configuration File +## Configuration file The configuration values all take the form of usual helm values so you can set the database password with something like: -``` +```{.bash} ... --set config.Postgres.Password=mypassword ... ``` @@ -143,7 +143,7 @@ The Helm `config` values are converted into the `rstudio-connect.gcfg` service c | license.file | object | `{"contents":false,"mountPath":"/etc/rstudio-licensing","mountSubPath":false,"secret":false,"secretKey":"license.lic"}` | the file section is used for licensing with a license file | | license.file.contents | bool | `false` | contents is an in-line license file | | license.file.mountPath | string | `"/etc/rstudio-licensing"` | mountPath is the place the license file will be mounted into the container | -| license.file.mountSubPath | bool | `false` | mountSubPath is whether to mount the subPath for the file secret. -- It can be preferable _not_ to enable this, because then updates propagate automatically | +| license.file.mountSubPath | bool | `false` | It can be preferable _not_ to enable this, because then updates propagate automatically | | license.file.secret | bool | `false` | secret is an existing secret with a license file in it | | license.file.secretKey | string | `"license.lic"` | secretKey is the key for the secret to use for the license file | | license.key | string | `nil` | key is the license to use | @@ -208,5 +208,5 @@ The Helm `config` values are converted into the `rstudio-connect.gcfg` service c | versionOverride | string | `""` | A Connect version to override the "tag" for the Posit Connect image and the Content Init image. Necessary until https://github.com/helm/helm/issues/8194 | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) +Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) diff --git a/charts/rstudio-launcher-rbac/README.md b/charts/rstudio-launcher-rbac/README.md index 496581b3..80e453a2 100644 --- a/charts/rstudio-launcher-rbac/README.md +++ b/charts/rstudio-launcher-rbac/README.md @@ -8,10 +8,6 @@ To ensure a stable production deployment: -## For production - -To ensure a stable production deployment: - * "Pin" the version of the Helm chart that you are using. You can do this using the: * `helm dependency` command *and* the associated "Chart.lock" files *or* * the `--version` flag. @@ -65,5 +61,5 @@ helm template -n rstudio rstudio-launcher-rbac rstudio/rstudio-launcher-rbac | targetNamespaces | list | `[]` | The targetNamespaces that the launcher will be able to launch sessions into | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) +Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) diff --git a/charts/rstudio-library/README.md b/charts/rstudio-library/README.md index 56a781e8..69f11cb9 100644 --- a/charts/rstudio-library/README.md +++ b/charts/rstudio-library/README.md @@ -8,10 +8,6 @@ To ensure a stable production deployment: -## For production - -To ensure a stable production deployment: - * "Pin" the version of the Helm chart that you are using. You can do this using the: * `helm dependency` command *and* the associated "Chart.lock" files *or* * the `--version` flag. @@ -38,5 +34,5 @@ If you are curious about its usage, take a look at the other charts (i.e. `rstud for `rstudio-library` in the `templates/` directory. ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) +Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index f2f7f113..6f9a3880 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -11,10 +11,6 @@ R and Python packages that Data Scientists need to create and share data product To ensure a stable production deployment: -## For production - -To ensure a stable production deployment: - * "Pin" the version of the Helm chart that you are using. You can do this using the: * `helm dependency` command *and* the associated "Chart.lock" files *or* * the `--version` flag. @@ -40,7 +36,7 @@ To explore other chart versions, look at: helm search repo rstudio/rstudio-pm -l ``` -## Upgrade Guidance +## Upgrade guidance ### 0.4.0 @@ -48,7 +44,7 @@ helm search repo rstudio/rstudio-pm -l the `rstudio-pm` user (with `uid:gid` `999:999`). A `chown` of persistent storage may be required. We will try to fix this up automatically. Set `enableMigrations=false` to disable the automatic fixup / hook. -## Required Configuration +## Required configuration This chart requires the following in order to function: @@ -89,7 +85,7 @@ Alternatively, license files can be set during `helm install` with the following --set-file license.file.contents=licenses/rstudio-pm.lic ``` -## S3 Configuration +## S3 configuration Package Manager [can be configured to store its data in S3 buckets](https://docs.rstudio.com/rspm/admin/files-directories/#data-destinations), @@ -130,17 +126,17 @@ awsSecretAccessKey: your-secret-access-key Bear in mind that static, long-lived credentials are the least secure option and should be avoided if at all possible. -## General Principles +## General principles - In most places, we opt to pass helm values over configmaps. We translate these into the valid `.gcfg` file format required by rstudio-pm. -## Configuration File +## Configuration file The configuration values all take the form of usual helm values so you can set the database password with something like: -``` +```{.bash} ... --set config.Postgres.Password=mypassword ... ``` @@ -175,7 +171,7 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | license.file | object | `{"contents":false,"mountPath":"/etc/rstudio-licensing","mountSubPath":false,"secret":false,"secretKey":"license.lic"}` | the file section is used for licensing with a license file | | license.file.contents | bool | `false` | contents is an in-line license file | | license.file.mountPath | string | `"/etc/rstudio-licensing"` | mountPath is the place the license file will be mounted into the container | -| license.file.mountSubPath | bool | `false` | mountSubPath is whether to mount the subPath for the file secret. -- It can be preferable _not_ to enable this, because then updates propagate automatically | +| license.file.mountSubPath | bool | `false` | It can be preferable _not_ to enable this, because then updates propagate automatically | | license.file.secret | bool | `false` | secret is an existing secret with a license file in it | | license.file.secretKey | string | `"license.lic"` | secretKey is the key for the secret to use for the license file | | license.key | string | `nil` | key is the license to use | @@ -208,7 +204,7 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | service.type | string | `"ClusterIP"` | The service type, usually ClusterIP (in-cluster only) or LoadBalancer (to expose the service using your cloud provider's load balancer) | | serviceAccount.annotations | object | `{}` | Annotations for the ServiceAccount, if any | | serviceAccount.create | bool | `true` | Whether to create a [Service Account](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) | -| serviceAccount.labels | object | `{}` | | +| serviceAccount.labels | object | `{}` | Labels for the ServiceAccount, if any | | serviceAccount.name | string | When `serviceAccount.create` is `true` this defaults to the full name of the release | ServiceAccount to use, if any, or an explicit name for the one we create | | serviceMonitor.additionalLabels | object | `{}` | additionalLabels normally includes the release name of the Prometheus Operator | | serviceMonitor.enabled | bool | `false` | Whether to create a ServiceMonitor CRD for use with a Prometheus Operator | @@ -231,5 +227,5 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | versionOverride | string | `""` | A Package Manager version to override the "tag" for the RStudio Package Manager image. Necessary until https://github.com/helm/helm/issues/8194 | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) +Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 9a05e06d..070c33e2 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -11,10 +11,6 @@ products using R and Python. To ensure a stable production deployment: -## For production - -To ensure a stable production deployment: - * "Pin" the version of the Helm chart that you are using. You can do this using the: * `helm dependency` command *and* the associated "Chart.lock" files *or* * the `--version` flag. @@ -110,8 +106,6 @@ Alternatively, license files can be set during `helm install` with the following ## General principles -## General principles - - In most places, we opt to pass Helm values directly into ConfigMaps. We automatically translate these into the valid `.ini` or `.dcf` file formats required by Workbench. - Those configuration files and their mount locations are covered in the [Configuration files](#configuration-files) section below. @@ -477,7 +471,7 @@ Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables | license.file | object | `{"contents":false,"mountPath":"/etc/rstudio-licensing","mountSubPath":false,"secret":false,"secretKey":"license.lic"}` | the file section is used for licensing with a license file | | license.file.contents | bool | `false` | contents is an in-line license file | | license.file.mountPath | string | `"/etc/rstudio-licensing"` | mountPath is the place the license file will be mounted into the container | -| license.file.mountSubPath | bool | `false` | mountSubPath is whether to mount the subPath for the file secret. -- It can be preferable _not_ to enable this, because then updates propagate automatically | +| license.file.mountSubPath | bool | `false` | It can be preferable _not_ to enable this, because then updates propagate automatically | | license.file.secret | bool | `false` | secret is an existing secret with a license file in it | | license.file.secretKey | string | `"license.lic"` | secretKey is the key for the secret to use for the license file | | license.key | string | `nil` | key is the license to use | @@ -556,5 +550,5 @@ Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables | xdgConfigDirsExtra | list | `[]` | A list of additional XDG config dir paths | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) +Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) diff --git a/other-charts/prepull-daemonset/README.md b/other-charts/prepull-daemonset/README.md index 5f5492b0..8358fc42 100644 --- a/other-charts/prepull-daemonset/README.md +++ b/other-charts/prepull-daemonset/README.md @@ -54,5 +54,5 @@ kubectl rollout restart daemonset/prepull-daemonset | updateStrategy | object | `{}` | | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) +Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) From 04840edc321b65fbdcb890c4728d4f9cfae832f9 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Tue, 14 May 2024 13:13:27 -0400 Subject: [PATCH 057/284] I give up :) --- charts/_templates.gotmpl | 3 ++- charts/posit-chronicle/README.md | 3 ++- charts/rstudio-connect/README.md | 12 +++++++----- charts/rstudio-connect/README.md.gotmpl | 9 +++++---- charts/rstudio-launcher-rbac/README.md | 3 ++- charts/rstudio-pm/README.md | 20 +++++++++++--------- charts/rstudio-pm/README.md.gotmpl | 17 +++++++++-------- charts/rstudio-workbench/README.md | 5 +++-- charts/rstudio-workbench/README.md.gotmpl | 2 +- 9 files changed, 42 insertions(+), 32 deletions(-) diff --git a/charts/_templates.gotmpl b/charts/_templates.gotmpl index 43e05938..476b8082 100644 --- a/charts/_templates.gotmpl +++ b/charts/_templates.gotmpl @@ -102,7 +102,8 @@ helm upgrade --install --devel my-release rstudio/{{ template "chart.name" . }} ``` To explore other chart versions, look at: -``` + +```{.bash} helm search repo {{ if $isDev }}--devel {{ end }}rstudio/{{ template "chart.name" . }} -l ``` diff --git a/charts/posit-chronicle/README.md b/charts/posit-chronicle/README.md index fa59101d..35dac8c4 100644 --- a/charts/posit-chronicle/README.md +++ b/charts/posit-chronicle/README.md @@ -33,7 +33,8 @@ helm upgrade --install my-release rstudio/posit-chronicle --version=0.3.0 ``` To explore other chart versions, look at: -``` + +```{.bash} helm search repo rstudio/posit-chronicle -l ``` diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 51625b56..60433c5f 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -38,7 +38,8 @@ helm upgrade --install my-release rstudio/rstudio-connect --version=0.6.6 ``` To explore other chart versions, look at: -``` + +```{.bash} helm search repo rstudio/rstudio-connect -l ``` @@ -48,11 +49,12 @@ To function, this chart requires the following: * A license file. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the data directory for Connect. - * If `sharedStorage.create` is set, a PVC that relies on the default storage class will be created to generate the PersistentVolume. + * If `sharedStorage.create` is set, it creates a Persistent Volume Claim (PVC) that relies on the default storage class to generate the + PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend you disable `sharedStorage.create` and create your own `PersistentVolume` and `PersistentVolumeClaim`, then mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `sharedStorage.name` and `sharedStorage.mount`. - * If you cannot use a `PersistentVolume` to properly mount your data directory, you'll need to mount your data in the container + * If you cannot use a `PersistentVolume` to properly mount your data directory, mount your data in the container by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes), specified in `pod.volumes` and `pod.volumeMounts`. ## Licensing @@ -84,14 +86,14 @@ Alternatively, license files can be set during `helm install` with the following ## General principles -- In most places, we opt to pass helm values over configmaps. We translate these into the valid `.gcfg` file format +- In most places, we opt to pass Helm values over configmaps. We translate these into the valid `.gcfg` file format required by rstudio-connect. - rstudio-connect does not export many prometheus metrics on its own. Instead, we run a sidecar graphite exporter [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) ## Configuration file -The configuration values all take the form of usual helm values +The configuration values all take the form of usual Helm values so you can set the database password with something like: ```{.bash} diff --git a/charts/rstudio-connect/README.md.gotmpl b/charts/rstudio-connect/README.md.gotmpl index edc81aa1..f39b4671 100644 --- a/charts/rstudio-connect/README.md.gotmpl +++ b/charts/rstudio-connect/README.md.gotmpl @@ -14,25 +14,26 @@ To function, this chart requires the following: * A license file. See the [Licensing](#licensing) section below for more details. * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the data directory for Connect. - * If `sharedStorage.create` is set, a PVC that relies on the default storage class will be created to generate the PersistentVolume. + * If `sharedStorage.create` is set, it creates a Persistent Volume Claim (PVC) that relies on the default storage class to generate the + PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend you disable `sharedStorage.create` and create your own `PersistentVolume` and `PersistentVolumeClaim`, then mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `sharedStorage.name` and `sharedStorage.mount`. - * If you cannot use a `PersistentVolume` to properly mount your data directory, you'll need to mount your data in the container + * If you cannot use a `PersistentVolume` to properly mount your data directory, mount your data in the container by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes), specified in `pod.volumes` and `pod.volumeMounts`. {{ template "rstudio.licensing" . }} ## General principles -- In most places, we opt to pass helm values over configmaps. We translate these into the valid `.gcfg` file format +- In most places, we opt to pass Helm values over configmaps. We translate these into the valid `.gcfg` file format required by {{ template "chart.name" . }}. - {{ template "chart.name" . }} does not export many prometheus metrics on its own. Instead, we run a sidecar graphite exporter [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite) ## Configuration file -The configuration values all take the form of usual helm values +The configuration values all take the form of usual Helm values so you can set the database password with something like: ```{.bash} diff --git a/charts/rstudio-launcher-rbac/README.md b/charts/rstudio-launcher-rbac/README.md index 80e453a2..4a3d1b1c 100644 --- a/charts/rstudio-launcher-rbac/README.md +++ b/charts/rstudio-launcher-rbac/README.md @@ -29,7 +29,8 @@ helm upgrade --install my-release rstudio/rstudio-launcher-rbac --version=0.2.20 ``` To explore other chart versions, look at: -``` + +```{.bash} helm search repo rstudio/rstudio-launcher-rbac -l ``` diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 6f9a3880..9a5f0481 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -32,7 +32,8 @@ helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.25 ``` To explore other chart versions, look at: -``` + +```{.bash} helm search repo rstudio/rstudio-pm -l ``` @@ -41,20 +42,21 @@ helm search repo rstudio/rstudio-pm -l ### 0.4.0 - When upgrading to version 0.4.0 or later, the Package Manager service moves from running as `root` to running as - the `rstudio-pm` user (with `uid:gid` `999:999`). A `chown` of persistent storage may be required. We will try to - fix this up automatically. Set `enableMigrations=false` to disable the automatic fixup / hook. + the `rstudio-pm` user (with `uid:gid` `999:999`). +- A `chown` of persistent storage may be required. The team is working to implement an automatic fix. To disable the automatic fix/hook, set `enableMigrations=false`. ## Required configuration This chart requires the following in order to function: -* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. -* A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the data directory for RSPM. - * If `sharedStorage.create` is set, a PVC that relies on the default storage class will be created to generate the PersistentVolume. +* A license file. See the [Licensing](#licensing) section below for more details. +* A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the data directory for Package Manager. + * If `sharedStorage.create` is set, it creates a Persistent Volume Claim (PVC) that relies on the default storage class to generate the + PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend you disable `sharedStorage.create` and create your own `PersistentVolume` and `PersistentVolumeClaim`, then mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `sharedStorage.name` and `sharedStorage.mount`. - * If you cannot use a `PersistentVolume` to properly mount your data directory, you'll need to mount your data in the container + * If you cannot use a `PersistentVolume` to properly mount your data directory, mount your data in the container by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes), specified in `pod.volumes` and `pod.volumeMounts`. * Alternatively, S3 storage can be used. See the [S3 Configuration](#s3-configuration) section for details. @@ -128,12 +130,12 @@ should be avoided if at all possible. ## General principles -- In most places, we opt to pass helm values over configmaps. We translate these into the valid `.gcfg` file format +- In most places, we opt to pass Helm values over configmaps. We translate these into the valid `.gcfg` file format required by rstudio-pm. ## Configuration file -The configuration values all take the form of usual helm values +The configuration values all take the form of usual Helm values so you can set the database password with something like: ```{.bash} diff --git a/charts/rstudio-pm/README.md.gotmpl b/charts/rstudio-pm/README.md.gotmpl index 62b20536..e8d5ffd0 100644 --- a/charts/rstudio-pm/README.md.gotmpl +++ b/charts/rstudio-pm/README.md.gotmpl @@ -13,20 +13,21 @@ ### 0.4.0 - When upgrading to version 0.4.0 or later, the Package Manager service moves from running as `root` to running as - the `rstudio-pm` user (with `uid:gid` `999:999`). A `chown` of persistent storage may be required. We will try to - fix this up automatically. Set `enableMigrations=false` to disable the automatic fixup / hook. + the `rstudio-pm` user (with `uid:gid` `999:999`). +- A `chown` of persistent storage may be required. The team is working to implement an automatic fix. To disable the automatic fix/hook, set `enableMigrations=false`. ## Required configuration This chart requires the following in order to function: -* A license file, license key, or address of a running license server. See the [Licensing](#licensing) section below for more details. -* A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the data directory for RSPM. - * If `sharedStorage.create` is set, a PVC that relies on the default storage class will be created to generate the PersistentVolume. +* A license file. See the [Licensing](#licensing) section below for more details. +* A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the data directory for Package Manager. + * If `sharedStorage.create` is set, it creates a Persistent Volume Claim (PVC) that relies on the default storage class to generate the + PersistentVolume. Most Kubernetes environments do not have a default storage class that you can use with `ReadWriteMany` access mode out-of-the-box. In this case, we recommend you disable `sharedStorage.create` and create your own `PersistentVolume` and `PersistentVolumeClaim`, then mount them into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters, or by specifying your `PersistentVolumeClaim` using `sharedStorage.name` and `sharedStorage.mount`. - * If you cannot use a `PersistentVolume` to properly mount your data directory, you'll need to mount your data in the container + * If you cannot use a `PersistentVolume` to properly mount your data directory, mount your data in the container by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes), specified in `pod.volumes` and `pod.volumeMounts`. * Alternatively, S3 storage can be used. See the [S3 Configuration](#s3-configuration) section for details. @@ -75,12 +76,12 @@ should be avoided if at all possible. ## General principles -- In most places, we opt to pass helm values over configmaps. We translate these into the valid `.gcfg` file format +- In most places, we opt to pass Helm values over configmaps. We translate these into the valid `.gcfg` file format required by {{ template "chart.name" . }}. ## Configuration file -The configuration values all take the form of usual helm values +The configuration values all take the form of usual Helm values so you can set the database password with something like: ```{.bash} diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 070c33e2..88d90d5a 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -32,7 +32,8 @@ helm upgrade --install my-release rstudio/rstudio-workbench --version=0.7.3 ``` To explore other chart versions, look at: -``` + +```{.bash} helm search repo rstudio/rstudio-workbench -l ``` @@ -121,7 +122,7 @@ Alternatively, license files can be set during `helm install` with the following These configuration values all take the form of usual Helm values so you can set the database password with something like: -``` +```{.bash} ... --set config.secret.database\.conf.password=mypassword ... ``` diff --git a/charts/rstudio-workbench/README.md.gotmpl b/charts/rstudio-workbench/README.md.gotmpl index b2b9f10e..cb32dc99 100644 --- a/charts/rstudio-workbench/README.md.gotmpl +++ b/charts/rstudio-workbench/README.md.gotmpl @@ -67,7 +67,7 @@ To function, this chart requires the following: These configuration values all take the form of usual Helm values so you can set the database password with something like: -``` +```{.bash} ... --set config.secret.database\.conf.password=mypassword ... ``` From 9b1a77aefedf36a851cf4afaf76378fc4f079760 Mon Sep 17 00:00:00 2001 From: Ashley Henry Date: Tue, 14 May 2024 13:25:27 -0400 Subject: [PATCH 058/284] Update README.md.gotmpl --- charts/rstudio-pm/README.md.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rstudio-pm/README.md.gotmpl b/charts/rstudio-pm/README.md.gotmpl index e8d5ffd0..99c3aa41 100644 --- a/charts/rstudio-pm/README.md.gotmpl +++ b/charts/rstudio-pm/README.md.gotmpl @@ -36,7 +36,7 @@ This chart requires the following in order to function: ## S3 configuration Package Manager [can be configured to store its data in S3 -buckets](https://docs.rstudio.com/rspm/admin/files-directories/#data-destinations), +buckets](https://docs.posit.co/rspm/admin/file-storage/file-storage/#data-destinations), which eliminates the need to provision shared storage for multiple replicas. A `values.yaml` file using S3 might contain something like the following: From 34e1a930b021fead5ddbfae8b1035e4f13c954ba Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 14 May 2024 17:26:30 +0000 Subject: [PATCH 059/284] Update helm-docs and README.md --- charts/rstudio-pm/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 9a5f0481..f5b5c0d2 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -90,7 +90,7 @@ Alternatively, license files can be set during `helm install` with the following ## S3 configuration Package Manager [can be configured to store its data in S3 -buckets](https://docs.rstudio.com/rspm/admin/files-directories/#data-destinations), +buckets](https://docs.posit.co/rspm/admin/file-storage/file-storage/#data-destinations), which eliminates the need to provision shared storage for multiple replicas. A `values.yaml` file using S3 might contain something like the following: From d9745be33255e9c12b02093b4776ab7c58cb1159 Mon Sep 17 00:00:00 2001 From: edavidaja Date: Tue, 14 May 2024 14:35:30 -0400 Subject: [PATCH 060/284] bump chart versions --- .github/workflows/chart-doc.yaml | 2 +- charts/posit-chronicle/Chart.yaml | 2 +- charts/posit-chronicle/NEWS.md | 4 ++++ charts/rstudio-connect/Chart.yaml | 4 ++-- charts/rstudio-connect/NEWS.md | 6 +++++- charts/rstudio-launcher-rbac/Chart.yaml | 6 +++--- charts/rstudio-launcher-rbac/NEWS.md | 4 ++++ charts/rstudio-library/Chart.yaml | 4 ++-- charts/rstudio-library/NEWS.md | 4 ++++ charts/rstudio-pm/Chart.yaml | 4 ++-- charts/rstudio-pm/NEWS.md | 4 ++++ charts/rstudio-workbench/Chart.yaml | 4 ++-- charts/rstudio-workbench/NEWS.md | 4 ++++ 13 files changed, 38 insertions(+), 14 deletions(-) diff --git a/.github/workflows/chart-doc.yaml b/.github/workflows/chart-doc.yaml index 06e82c12..6da6c9c4 100644 --- a/.github/workflows/chart-doc.yaml +++ b/.github/workflows/chart-doc.yaml @@ -9,7 +9,7 @@ jobs: name: helm-docs steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 - uses: r-lib/actions/pr-fetch@v2 with: diff --git a/charts/posit-chronicle/Chart.yaml b/charts/posit-chronicle/Chart.yaml index d3075872..a1719d0e 100644 --- a/charts/posit-chronicle/Chart.yaml +++ b/charts/posit-chronicle/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: posit-chronicle description: Official Helm chart for Posit Chronicle Server -version: 0.3.0 +version: 0.3.1 appVersion: 2024.03.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.posit.co diff --git a/charts/posit-chronicle/NEWS.md b/charts/posit-chronicle/NEWS.md index b810a951..dd6b6472 100644 --- a/charts/posit-chronicle/NEWS.md +++ b/charts/posit-chronicle/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.3.1 + +- Documentation site updates + ## 0.3.0 - Bump Chronicle to version 2024.03.0 diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index 5518cb08..a08b0773 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.6.6 +version: 0.6.7 apiVersion: v2 appVersion: 2024.04.1 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png @@ -13,7 +13,7 @@ maintainers: url: https://github.com/sol-eng dependencies: - name: rstudio-library - version: 0.1.29 + version: 0.1.30 repository: file://../rstudio-library annotations: artifacthub.io/images: | diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index 36f8c37d..682e36f8 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,6 +1,10 @@ # Changelog -# 0.6.6 +## 0.6.7 + +- Documentation site updates + +## 0.6.6 - Bump Connect version to 2024.04.1 diff --git a/charts/rstudio-launcher-rbac/Chart.yaml b/charts/rstudio-launcher-rbac/Chart.yaml index d83849eb..4d7dbdb7 100644 --- a/charts/rstudio-launcher-rbac/Chart.yaml +++ b/charts/rstudio-launcher-rbac/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: rstudio-launcher-rbac description: RBAC definition for the RStudio Job Launcher type: application -version: 0.2.20 -appVersion: 0.2.20 +version: 0.2.21 +appVersion: 0.2.21 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png sources: - https://github.com/rstudio/helm @@ -13,7 +13,7 @@ maintainers: url: https://github.com/sol-eng dependencies: - name: rstudio-library - version: 0.1.29 + version: 0.1.30 repository: file://../rstudio-library keywords: - "data science" diff --git a/charts/rstudio-launcher-rbac/NEWS.md b/charts/rstudio-launcher-rbac/NEWS.md index 03e29eb4..e3834ea0 100644 --- a/charts/rstudio-launcher-rbac/NEWS.md +++ b/charts/rstudio-launcher-rbac/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.2.21 + +- Documentation site updates + ## 0.2.20 - Updates to support standalone documentation site diff --git a/charts/rstudio-library/Chart.yaml b/charts/rstudio-library/Chart.yaml index 3ca284ce..5be0c871 100644 --- a/charts/rstudio-library/Chart.yaml +++ b/charts/rstudio-library/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: rstudio-library description: Helm library helpers for use by official RStudio charts type: library -version: 0.1.29 -appVersion: 0.1.29 +version: 0.1.30 +appVersion: 0.1.30 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.rstudio.com diff --git a/charts/rstudio-library/NEWS.md b/charts/rstudio-library/NEWS.md index 9ac54457..0e68647c 100644 --- a/charts/rstudio-library/NEWS.md +++ b/charts/rstudio-library/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.1.30 + +- Documentation site updates + ## 0.1.29 - Updates to support standalone documentation site diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index f9e32dfa..e2747d72 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-pm description: Official Helm chart for Posit Package Manager -version: 0.5.25 +version: 0.5.26 apiVersion: v2 appVersion: 2024.04.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png @@ -14,7 +14,7 @@ maintainers: url: https://github.com/rstudio/helm dependencies: - name: rstudio-library - version: 0.1.29 + version: 0.1.30 repository: file://../rstudio-library annotations: artifacthub.io/images: | diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index 491bdc2b..2d6c985f 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.5.26 + +- Documentation site updates + ## 0.5.25 - Update default Posit Package Manager version to 2024.04.0-20 diff --git a/charts/rstudio-workbench/Chart.yaml b/charts/rstudio-workbench/Chart.yaml index 987b7ad6..56b31234 100644 --- a/charts/rstudio-workbench/Chart.yaml +++ b/charts/rstudio-workbench/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-workbench description: Official Helm chart for Posit Workbench -version: 0.7.3 +version: 0.7.4 apiVersion: v2 appVersion: 2024.04.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png @@ -13,7 +13,7 @@ maintainers: url: https://github.com/sol-eng dependencies: - name: rstudio-library - version: 0.1.29 + version: 0.1.30 repository: file://../rstudio-library annotations: artifacthub.io/images: | diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index 1f0e7e46..f5efbca9 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.7.4 + +- Documentation site updates + ## 0.7.3 - Bump Workbench version to 2024.04.0 From 677a27a855fd4e6bfacf0d92aef4efe5cc30682c Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 14 May 2024 18:36:39 +0000 Subject: [PATCH 061/284] Update helm-docs and README.md --- charts/posit-chronicle/README.md | 6 +++--- charts/rstudio-connect/README.md | 6 +++--- charts/rstudio-launcher-rbac/README.md | 6 +++--- charts/rstudio-library/README.md | 2 +- charts/rstudio-pm/README.md | 6 +++--- charts/rstudio-workbench/README.md | 6 +++--- 6 files changed, 16 insertions(+), 16 deletions(-) diff --git a/charts/posit-chronicle/README.md b/charts/posit-chronicle/README.md index 35dac8c4..ea3b103e 100644 --- a/charts/posit-chronicle/README.md +++ b/charts/posit-chronicle/README.md @@ -1,6 +1,6 @@ # Posit Chronicle -![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![AppVersion: 2024.03.0](https://img.shields.io/badge/AppVersion-2024.03.0-informational?style=flat-square) +![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square) ![AppVersion: 2024.03.0](https://img.shields.io/badge/AppVersion-2024.03.0-informational?style=flat-square) #### _Official Helm chart for Posit Chronicle Server_ @@ -25,11 +25,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.3.0: +To install the chart with the release name `my-release` at version 0.3.1: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/posit-chronicle --version=0.3.0 +helm upgrade --install my-release rstudio/posit-chronicle --version=0.3.1 ``` To explore other chart versions, look at: diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 60433c5f..efaf5ee7 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.6.6](https://img.shields.io/badge/Version-0.6.6-informational?style=flat-square) ![AppVersion: 2024.04.1](https://img.shields.io/badge/AppVersion-2024.04.1-informational?style=flat-square) +![Version: 0.6.7](https://img.shields.io/badge/Version-0.6.7-informational?style=flat-square) ![AppVersion: 2024.04.1](https://img.shields.io/badge/AppVersion-2024.04.1-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ @@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future ## Installing the chart -To install the chart with the release name `my-release` at version 0.6.6: +To install the chart with the release name `my-release` at version 0.6.7: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-connect --version=0.6.6 +helm upgrade --install my-release rstudio/rstudio-connect --version=0.6.7 ``` To explore other chart versions, look at: diff --git a/charts/rstudio-launcher-rbac/README.md b/charts/rstudio-launcher-rbac/README.md index 4a3d1b1c..abe0df9c 100644 --- a/charts/rstudio-launcher-rbac/README.md +++ b/charts/rstudio-launcher-rbac/README.md @@ -1,6 +1,6 @@ # rstudio-launcher-rbac -![Version: 0.2.20](https://img.shields.io/badge/Version-0.2.20-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.20](https://img.shields.io/badge/AppVersion-0.2.20-informational?style=flat-square) +![Version: 0.2.21](https://img.shields.io/badge/Version-0.2.21-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.21](https://img.shields.io/badge/AppVersion-0.2.21-informational?style=flat-square) #### _RBAC definition for the RStudio Job Launcher_ @@ -21,11 +21,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.2.20: +To install the chart with the release name `my-release` at version 0.2.21: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-launcher-rbac --version=0.2.20 +helm upgrade --install my-release rstudio/rstudio-launcher-rbac --version=0.2.21 ``` To explore other chart versions, look at: diff --git a/charts/rstudio-library/README.md b/charts/rstudio-library/README.md index 69f11cb9..142c0114 100644 --- a/charts/rstudio-library/README.md +++ b/charts/rstudio-library/README.md @@ -1,6 +1,6 @@ # rstudio-library -![Version: 0.1.29](https://img.shields.io/badge/Version-0.1.29-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: 0.1.29](https://img.shields.io/badge/AppVersion-0.1.29-informational?style=flat-square) +![Version: 0.1.30](https://img.shields.io/badge/Version-0.1.30-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: 0.1.30](https://img.shields.io/badge/AppVersion-0.1.30-informational?style=flat-square) #### _Helm library helpers for use by official RStudio charts_ diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index f5b5c0d2..abc3f0b3 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,6 +1,6 @@ # Posit Package Manager -![Version: 0.5.25](https://img.shields.io/badge/Version-0.5.25-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) +![Version: 0.5.26](https://img.shields.io/badge/Version-0.5.26-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) #### _Official Helm chart for Posit Package Manager_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.5.25: +To install the chart with the release name `my-release` at version 0.5.26: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.25 +helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.26 ``` To explore other chart versions, look at: diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 88d90d5a..85bef800 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,6 +1,6 @@ # Posit Workbench -![Version: 0.7.3](https://img.shields.io/badge/Version-0.7.3-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) +![Version: 0.7.4](https://img.shields.io/badge/Version-0.7.4-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) #### _Official Helm chart for Posit Workbench_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.3: +To install the chart with the release name `my-release` at version 0.7.4: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-workbench --version=0.7.3 +helm upgrade --install my-release rstudio/rstudio-workbench --version=0.7.4 ``` To explore other chart versions, look at: From d72165a7d497df5dd409938a52b18913ade9560e Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 14 May 2024 18:36:54 +0000 Subject: [PATCH 062/284] Update rbac yaml --- .../rbac/rstudio-launcher-rbac-0.2.21.yaml | 88 +++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 examples/rbac/rstudio-launcher-rbac-0.2.21.yaml diff --git a/examples/rbac/rstudio-launcher-rbac-0.2.21.yaml b/examples/rbac/rstudio-launcher-rbac-0.2.21.yaml new file mode 100644 index 00000000..3b322f8d --- /dev/null +++ b/examples/rbac/rstudio-launcher-rbac-0.2.21.yaml @@ -0,0 +1,88 @@ +--- +# Source: rstudio-launcher-rbac/templates/rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rstudio-launcher-rbac +--- +# Source: rstudio-launcher-rbac/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: rstudio-launcher-rbac +rules: + - apiGroups: + - "" + resources: + - "serviceaccounts" + verbs: + - "list" + - apiGroups: + - "" + resources: + - "pods/log" + verbs: + - "get" + - "watch" + - "list" + - apiGroups: + - "" + resources: + - "pods" + - "pods/attach" + - "pods/exec" + verbs: + - "get" + - "create" + - "update" + - "patch" + - "watch" + - "list" + - "delete" + - apiGroups: + - "" + resources: + - "events" + verbs: + - "watch" + - apiGroups: + - "" + resources: + - "services" + verbs: + - "create" + - "get" + - "watch" + - "list" + - "delete" + - apiGroups: + - "batch" + resources: + - "jobs" + verbs: + - "create" + - "update" + - "patch" + - "get" + - "watch" + - "list" + - "delete" + - apiGroups: + - "metrics.k8s.io" + resources: + - "pods" + verbs: + - "get" +--- +# Source: rstudio-launcher-rbac/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: rstudio-launcher-rbac +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rstudio-launcher-rbac +subjects: + - kind: ServiceAccount + name: rstudio-launcher-rbac From 8fbad7d8a62e9ac8546fb2d9219a642f85624b60 Mon Sep 17 00:00:00 2001 From: edavidaja Date: Tue, 14 May 2024 19:27:08 -0400 Subject: [PATCH 063/284] add gh pages publish --- .github/workflows/publish.yml | 23 +++++++++++++++++++++++ _quarto.yml | 4 ++-- 2 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/publish.yml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 00000000..ec3c4b70 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,23 @@ +on: + workflow_dispatch: + +name: Quarto Publish + +jobs: + build-deploy: + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - name: Check out repository + uses: actions/checkout@v4 + + - name: Set up Quarto + uses: quarto-dev/quarto-actions/setup@v2 + + - name: Render and Publish + uses: quarto-dev/quarto-actions/publish@v2 + with: + target: gh-pages + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/_quarto.yml b/_quarto.yml index 8b3f08ba..109a5094 100644 --- a/_quarto.yml +++ b/_quarto.yml @@ -22,13 +22,13 @@ filters: website: title: Posit Helm Charts - site-url: https://docs.posit.co/helm + site-url: https://helm.rstudio.com bread-crumbs: true repo-url: https://github.com/rstudio/helm repo-actions: [edit, issue] page-footer: left: | - Copyright © 2???-{{< env CURRENT_YEAR >}} Posit Software, PBC. All Rights Reserved. + Copyright © {{< env CURRENT_YEAR >}} Posit Software, PBC. All Rights Reserved. center: | Posit Helm Charts right: From 861678f8e44a3e6fd1bd5f8a7d999c8c50a0ad31 Mon Sep 17 00:00:00 2001 From: edavidaja Date: Wed, 15 May 2024 15:49:40 -0400 Subject: [PATCH 064/284] remove gh pages publish --- .github/workflows/publish.yml | 23 ----------------------- _quarto.yml | 2 +- 2 files changed, 1 insertion(+), 24 deletions(-) delete mode 100644 .github/workflows/publish.yml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml deleted file mode 100644 index ec3c4b70..00000000 --- a/.github/workflows/publish.yml +++ /dev/null @@ -1,23 +0,0 @@ -on: - workflow_dispatch: - -name: Quarto Publish - -jobs: - build-deploy: - runs-on: ubuntu-latest - permissions: - contents: write - steps: - - name: Check out repository - uses: actions/checkout@v4 - - - name: Set up Quarto - uses: quarto-dev/quarto-actions/setup@v2 - - - name: Render and Publish - uses: quarto-dev/quarto-actions/publish@v2 - with: - target: gh-pages - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/_quarto.yml b/_quarto.yml index 109a5094..bcd59106 100644 --- a/_quarto.yml +++ b/_quarto.yml @@ -22,7 +22,7 @@ filters: website: title: Posit Helm Charts - site-url: https://helm.rstudio.com + site-url: https://docs.posit.co/helm bread-crumbs: true repo-url: https://github.com/rstudio/helm repo-actions: [edit, issue] From 7a49a2aa7f5ed0500258ec3555248c2d7de443cb Mon Sep 17 00:00:00 2001 From: Cole Arendt Date: Wed, 15 May 2024 19:58:13 -0400 Subject: [PATCH 065/284] update lockfiles --- charts/rstudio-connect/Chart.lock | 6 +++--- charts/rstudio-launcher-rbac/Chart.lock | 6 +++--- charts/rstudio-pm/Chart.lock | 6 +++--- charts/rstudio-workbench/Chart.lock | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/charts/rstudio-connect/Chart.lock b/charts/rstudio-connect/Chart.lock index 9ebc104b..0a3e8bb9 100644 --- a/charts/rstudio-connect/Chart.lock +++ b/charts/rstudio-connect/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: rstudio-library repository: file://../rstudio-library - version: 0.1.29 -digest: sha256:ccca30d883d295668402d63328b1d603911ef717b41207f9b3a2e4d1dd3af1a3 -generated: "2024-04-01T12:17:53.025791-04:00" + version: 0.1.30 +digest: sha256:dcf9d679b18cf99da3781b22797d639a2cbeb47b746dff7e7532b3e55261e938 +generated: "2024-05-15T19:57:52.620702-04:00" diff --git a/charts/rstudio-launcher-rbac/Chart.lock b/charts/rstudio-launcher-rbac/Chart.lock index 996a35e0..134100c0 100644 --- a/charts/rstudio-launcher-rbac/Chart.lock +++ b/charts/rstudio-launcher-rbac/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: rstudio-library repository: file://../rstudio-library - version: 0.1.29 -digest: sha256:ccca30d883d295668402d63328b1d603911ef717b41207f9b3a2e4d1dd3af1a3 -generated: "2024-04-01T12:17:21.579972-04:00" + version: 0.1.30 +digest: sha256:dcf9d679b18cf99da3781b22797d639a2cbeb47b746dff7e7532b3e55261e938 +generated: "2024-05-15T19:57:55.735705-04:00" diff --git a/charts/rstudio-pm/Chart.lock b/charts/rstudio-pm/Chart.lock index 56bdeeeb..82f8ef24 100644 --- a/charts/rstudio-pm/Chart.lock +++ b/charts/rstudio-pm/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: rstudio-library repository: file://../rstudio-library - version: 0.1.29 -digest: sha256:ccca30d883d295668402d63328b1d603911ef717b41207f9b3a2e4d1dd3af1a3 -generated: "2024-04-01T12:17:57.728915-04:00" + version: 0.1.30 +digest: sha256:dcf9d679b18cf99da3781b22797d639a2cbeb47b746dff7e7532b3e55261e938 +generated: "2024-05-15T19:57:58.863614-04:00" diff --git a/charts/rstudio-workbench/Chart.lock b/charts/rstudio-workbench/Chart.lock index 0c73882b..f139bc12 100644 --- a/charts/rstudio-workbench/Chart.lock +++ b/charts/rstudio-workbench/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: rstudio-library repository: file://../rstudio-library - version: 0.1.29 -digest: sha256:ccca30d883d295668402d63328b1d603911ef717b41207f9b3a2e4d1dd3af1a3 -generated: "2024-04-01T12:18:00.109138-04:00" + version: 0.1.30 +digest: sha256:dcf9d679b18cf99da3781b22797d639a2cbeb47b746dff7e7532b3e55261e938 +generated: "2024-05-15T19:58:02.13077-04:00" From 55aadc8ad0146c8f534c3cd4ebf28adadc9a9f08 Mon Sep 17 00:00:00 2001 From: edavidaja Date: Fri, 17 May 2024 11:38:26 -0400 Subject: [PATCH 066/284] publish to s3 --- .github/workflows/publish.yml | 38 +++++++++++++++++++++++++++++++++++ Justfile | 14 +++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 .github/workflows/publish.yml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 00000000..6e51b8e5 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,38 @@ +name: Quarto Publish to docs.posit.co + +on: + workflow_dispatch: + push: + branches: main + +permissions: + id-token: write + contents: read + +jobs: + build-deploy: + runs-on: ubuntu-latest + steps: + - name: Configure AWS credentials + id: creds + uses: aws-actions/configure-aws-credentials@master + with: + role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} + aws-region: ${{ secrets.AWS_REGION }} + + - name: Check out repository + uses: actions/checkout@v4 + + - name: install Just + uses: extractions/setup-just@v2 + + - name: Set up Quarto + uses: quarto-dev/quarto-actions/setup@v2 + with: + version: pre-release + + - name: Render Quarto Project + uses: quarto-dev/quarto-actions/render@v2 + + - run: just push-docs + diff --git a/Justfile b/Justfile index 3b5fbc64..f8a0268f 100644 --- a/Justfile +++ b/Justfile @@ -101,3 +101,17 @@ test-connect-interpreter-versions: docker run --rm $image /bin/bash -c "command -v $ex" done done + +push-docs: + #!/usr/bin/env bash + set -euxo pipefail + + s3_args=(--dryrun) + if [[ "${GITHUB_REF:-}" == "refs/heads/main" ]] || [[ "${GITHUB_REF:-}" =~ ^refs/tags/v[0-9]{4}\.[0-9]{2}\.[0-9]+$ ]]; then + s3_args=("") + fi + + # The s3 bucket is s3://docs.rstudio.com/, which is available as https://docs.posit.co/ + aws s3 sync ${s3_args[*]:-} \ + _site \ + "s3://docs.rstudio.com/helm/" \ No newline at end of file From 0617f75b94fe8008471d6ed46dd7ba1160f0d693 Mon Sep 17 00:00:00 2001 From: Cole Arendt Date: Fri, 17 May 2024 17:42:15 -0400 Subject: [PATCH 067/284] update prepull-daemonset --- other-charts/prepull-daemonset/Chart.yaml | 2 +- other-charts/prepull-daemonset/NEWS.md | 4 ++++ other-charts/prepull-daemonset/README.md | 6 +++--- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/other-charts/prepull-daemonset/Chart.yaml b/other-charts/prepull-daemonset/Chart.yaml index 97c8fe24..bc72a7e6 100644 --- a/other-charts/prepull-daemonset/Chart.yaml +++ b/other-charts/prepull-daemonset/Chart.yaml @@ -1,6 +1,6 @@ name: prepull-daemonset description: a daemonset to prepull images so they are cached -version: 0.0.3 +version: 0.0.4 apiVersion: v2 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.rstudio.com diff --git a/other-charts/prepull-daemonset/NEWS.md b/other-charts/prepull-daemonset/NEWS.md index c7b0f049..8c4894c5 100644 --- a/other-charts/prepull-daemonset/NEWS.md +++ b/other-charts/prepull-daemonset/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.0.4 + +- Update docs + ## 0.0.3 - Updates to support standalone documentation site diff --git a/other-charts/prepull-daemonset/README.md b/other-charts/prepull-daemonset/README.md index 8358fc42..a8c757e1 100644 --- a/other-charts/prepull-daemonset/README.md +++ b/other-charts/prepull-daemonset/README.md @@ -1,16 +1,16 @@ # prepull-daemonset -![Version: 0.0.3](https://img.shields.io/badge/Version-0.0.3-informational?style=flat-square) +![Version: 0.0.4](https://img.shields.io/badge/Version-0.0.4-informational?style=flat-square) #### _a daemonset to prepull images so they are cached_ ## Installing the Chart -To install the chart with the release name `my-release` at version 0.0.3: +To install the chart with the release name `my-release` at version 0.0.4: ```bash helm repo add rstudio https://helm.rstudio.com -helm install my-release rstudio/prepull-daemonset --version=0.0.3 +helm install my-release rstudio/prepull-daemonset --version=0.0.4 ``` ## Use From f183476d6e0d5a9b53878ee37eb459348399e9ae Mon Sep 17 00:00:00 2001 From: calebAtIspot <136127709+calebAtIspot@users.noreply.github.com> Date: Sun, 19 May 2024 15:02:03 -0700 Subject: [PATCH 068/284] Update deployment.yaml fix https://github.com/rstudio/helm/issues/424 --- charts/rstudio-pm/templates/deployment.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-pm/templates/deployment.yaml b/charts/rstudio-pm/templates/deployment.yaml index f7fff44c..5f4cb479 100644 --- a/charts/rstudio-pm/templates/deployment.yaml +++ b/charts/rstudio-pm/templates/deployment.yaml @@ -5,10 +5,13 @@ metadata: name: {{ include "rstudio-pm.fullname" . }} namespace: {{ $.Release.Namespace }} spec: - {{- with .Values.strategy }} strategy: - {{- toYaml . | nindent 4 }} - {{- end }} + type: {{ .Values.strategy.type }} + {{- if eq .Values.strategy.type "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.rollingUpdate.maxUnavailable }} + maxSurge: {{ .Values.strategy.rollingUpdate.maxSurge }} + {{- end }} replicas: {{ .Values.replicas }} selector: matchLabels: From b3ca3bcc7698cae32f09a0aefa2969e82d9c9e6f Mon Sep 17 00:00:00 2001 From: edavidaja Date: Mon, 20 May 2024 15:22:28 -0400 Subject: [PATCH 069/284] confirm helm-docs is installed before render --- Justfile | 4 ++++ _quarto.yml | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Justfile b/Justfile index f8a0268f..51653743 100644 --- a/Justfile +++ b/Justfile @@ -6,6 +6,10 @@ ARCH := if arch() == "aarch64" {"arm64"} else if arch() == "x86_64" {"x86_64"} e setup: #!/bin/bash set -xe + if [ -f ./bin/helm-docs ]; then + echo "Helm-docs is already installed" + exit 0 + fi echo "Installing helm-docs version {{HELM_DOCS_VERSION}}" mkdir -p bin curl -L -s https://github.com/norwoodj/helm-docs/releases/download/v{{HELM_DOCS_VERSION}}/helm-docs_{{HELM_DOCS_VERSION}}_{{OS}}_{{ARCH}}.tar.gz -o bin/helm-docs.tar.gz diff --git a/_quarto.yml b/_quarto.yml index bcd59106..d8d897e7 100644 --- a/_quarto.yml +++ b/_quarto.yml @@ -1,6 +1,8 @@ project: type: posit-docs - pre-render: just docs + pre-render: + - just setup + - just docs render: - charts/rstudio-workbench/README.md - charts/rstudio-workbench/NEWS.md From 78fcb896227bbed3db7df9f1430f90d9291b4136 Mon Sep 17 00:00:00 2001 From: Trevor Nederlof Date: Wed, 22 May 2024 09:59:31 -0400 Subject: [PATCH 070/284] workbench: Add database config and pass as env variable section to README --- charts/rstudio-workbench/Chart.yaml | 2 +- charts/rstudio-workbench/NEWS.md | 4 +++ charts/rstudio-workbench/README.md.gotmpl | 40 +++++++++++++++++++++++ 3 files changed, 45 insertions(+), 1 deletion(-) diff --git a/charts/rstudio-workbench/Chart.yaml b/charts/rstudio-workbench/Chart.yaml index 56b31234..c6994076 100644 --- a/charts/rstudio-workbench/Chart.yaml +++ b/charts/rstudio-workbench/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-workbench description: Official Helm chart for Posit Workbench -version: 0.7.4 +version: 0.7.5 apiVersion: v2 appVersion: 2024.04.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index f5efbca9..2f01d53a 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.7.5 + +- Add documentation on PostgreSQL database configuration and mounting passwords from secrets as env variables + ## 0.7.4 - Documentation site updates diff --git a/charts/rstudio-workbench/README.md.gotmpl b/charts/rstudio-workbench/README.md.gotmpl index cb32dc99..0b4623ca 100644 --- a/charts/rstudio-workbench/README.md.gotmpl +++ b/charts/rstudio-workbench/README.md.gotmpl @@ -50,6 +50,46 @@ To function, this chart requires the following: ``` {{ template "rstudio.licensing" . }} +## Database + +Workbench requires a PostgreSQL database when running in Kubernetes. You must configure a [valid connection URI and a password](https://docs.posit.co/ide/server-pro/database/configuration.html#postgresql) for the product to function correctly. Both the connection URI and password may be specified in the `config` section of `values.yaml`. However, we recommend only adding the connection URI and putting the database password in a Kubernetes `Secret`, which can be [automatically set as an environment variable](#database-password). + +### Database configuration + +Add the following to your `values.yaml`, replacing the `connection-uri` with your database details. + +```yaml +config: + secret: + database.conf: + provider: "postgresql" + connection-uri: "postgres://@:/?sslmode=allow" +``` + +### Database password + +First, create a `Secret` declaratively with YAML or imperatively using the following command (replacing with your actual password): + +```bash +kubectl create secret generic {{ .Name }}-database --from-literal=password=YOURPASSWORDHERE +``` + +Second, specify the following in your `values.yaml`: + +```yaml +pod: + env: + - name: WORKBENCH_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Name }}-database + key: password +``` + +Alternatively, database passwords may be set during `helm install` with the following argument: + +`--set config.secret.'database\.conf'.password=""` + ## General principles - In most places, we opt to pass Helm values directly into ConfigMaps. We automatically translate these into the From 5a17703f5a655836ff7e26beb8494a3cea47d7f5 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 22 May 2024 14:02:43 +0000 Subject: [PATCH 071/284] Update helm-docs and README.md --- charts/rstudio-workbench/README.md | 46 ++++++++++++++++++++++++++++-- 1 file changed, 43 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 85bef800..47257f08 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,6 +1,6 @@ # Posit Workbench -![Version: 0.7.4](https://img.shields.io/badge/Version-0.7.4-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) +![Version: 0.7.5](https://img.shields.io/badge/Version-0.7.5-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) #### _Official Helm chart for Posit Workbench_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.4: +To install the chart with the release name `my-release` at version 0.7.5: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-workbench --version=0.7.4 +helm upgrade --install my-release rstudio/rstudio-workbench --version=0.7.5 ``` To explore other chart versions, look at: @@ -105,6 +105,46 @@ Alternatively, license files can be set during `helm install` with the following --set-file license.file.contents=licenses/rstudio-workbench.lic ``` +## Database + +Workbench requires a PostgreSQL database when running in Kubernetes. You must configure a [valid connection URI and a password](https://docs.posit.co/ide/server-pro/database/configuration.html#postgresql) for the product to function correctly. Both the connection URI and password may be specified in the `config` section of `values.yaml`. However, we recommend only adding the connection URI and putting the database password in a Kubernetes `Secret`, which can be [automatically set as an environment variable](#database-password). + +### Database configuration + +Add the following to your `values.yaml`, replacing the `connection-uri` with your database details. + +```yaml +config: + secret: + database.conf: + provider: "postgresql" + connection-uri: "postgres://@:/?sslmode=allow" +``` + +### Database password + +First, create a `Secret` declaratively with YAML or imperatively using the following command (replacing with your actual password): + +```bash +kubectl create secret generic rstudio-workbench-database --from-literal=password=YOURPASSWORDHERE +``` + +Second, specify the following in your `values.yaml`: + +```yaml +pod: + env: + - name: WORKBENCH_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: rstudio-workbench-database + key: password +``` + +Alternatively, database passwords may be set during `helm install` with the following argument: + +`--set config.secret.'database\.conf'.password=""` + ## General principles - In most places, we opt to pass Helm values directly into ConfigMaps. We automatically translate these into the From b6e684e5bf0a5ecf62e286fa6bf8c8f497e58267 Mon Sep 17 00:00:00 2001 From: Trevor Nederlof Date: Wed, 22 May 2024 10:03:10 -0400 Subject: [PATCH 072/284] Modify NEWS --- charts/rstudio-workbench/NEWS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index 2f01d53a..2c38bf88 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -2,7 +2,7 @@ ## 0.7.5 -- Add documentation on PostgreSQL database configuration and mounting passwords from secrets as env variables +- Add documentation about PostgreSQL database configuration and mounting passwords from secrets as env variables ## 0.7.4 From fc79f0a9988db8299a516178ae03c5c00695a2d8 Mon Sep 17 00:00:00 2001 From: Trevor Nederlof Date: Wed, 22 May 2024 10:07:12 -0400 Subject: [PATCH 073/284] connect: Add database config and password as env to README --- charts/rstudio-connect/Chart.yaml | 2 +- charts/rstudio-connect/NEWS.md | 4 +++ charts/rstudio-connect/README.md.gotmpl | 40 +++++++++++++++++++++++++ 3 files changed, 45 insertions(+), 1 deletion(-) diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index a08b0773..e255167a 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.6.7 +version: 0.6.8 apiVersion: v2 appVersion: 2024.04.1 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index 682e36f8..7cf7960f 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.6.8 + +- Add documentation on PostgreSQL database configuration and mounting passwords from secrets as env variables + ## 0.6.7 - Documentation site updates diff --git a/charts/rstudio-connect/README.md.gotmpl b/charts/rstudio-connect/README.md.gotmpl index f39b4671..0e4d96e4 100644 --- a/charts/rstudio-connect/README.md.gotmpl +++ b/charts/rstudio-connect/README.md.gotmpl @@ -24,6 +24,46 @@ To function, this chart requires the following: {{ template "rstudio.licensing" . }} +## Database + +Connect requires a PostgreSQL database when running in Kubernetes. You must configure a [valid connection URI and a password](https://docs.posit.co/connect/admin/database/postgres/) for the product to function correctly. Both the connection URI and password may be specified in the `config` section of `values.yaml`. However, we recommend only adding the connection URI and putting the database password in a Kubernetes `Secret`, which can be [automatically set as an environment variable](#database-password). + +### Database configuration + +Add the following to your `values.yaml`, replacing the `URL` with your database details. + +```yaml +config: + Database: + Provider: "Postgres" + Postgres: + URL: "postgres://@:/" +``` + +### Database password + +First, create a `Secret` declaratively with YAML or imperatively using the following command (replacing with your actual password): + +```bash +kubectl create secret generic {{ .Name }}-database --from-literal=password=YOURPASSWORDHERE +``` + +Second, specify the following in your `values.yaml`: + +```yaml +pod: + env: + - name: CONNECT_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Name }}-database + key: password +``` + +Alternatively, database passwords may be set during `helm install` with the following argument: + +`--set config.Postgres.Password=""` + ## General principles - In most places, we opt to pass Helm values over configmaps. We translate these into the valid `.gcfg` file format From 7ee67ff680f155b8c0d399978873be83a6999959 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 22 May 2024 14:10:29 +0000 Subject: [PATCH 074/284] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 46 +++++++++++++++++++++++++++++--- 1 file changed, 43 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index efaf5ee7..23eb9e6b 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.6.7](https://img.shields.io/badge/Version-0.6.7-informational?style=flat-square) ![AppVersion: 2024.04.1](https://img.shields.io/badge/AppVersion-2024.04.1-informational?style=flat-square) +![Version: 0.6.8](https://img.shields.io/badge/Version-0.6.8-informational?style=flat-square) ![AppVersion: 2024.04.1](https://img.shields.io/badge/AppVersion-2024.04.1-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ @@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future ## Installing the chart -To install the chart with the release name `my-release` at version 0.6.7: +To install the chart with the release name `my-release` at version 0.6.8: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-connect --version=0.6.7 +helm upgrade --install my-release rstudio/rstudio-connect --version=0.6.8 ``` To explore other chart versions, look at: @@ -84,6 +84,46 @@ Alternatively, license files can be set during `helm install` with the following --set-file license.file.contents=licenses/rstudio-connect.lic ``` +## Database + +Connect requires a PostgreSQL database when running in Kubernetes. You must configure a [valid connection URI and a password](https://docs.posit.co/connect/admin/database/postgres/) for the product to function correctly. Both the connection URI and password may be specified in the `config` section of `values.yaml`. However, we recommend only adding the connection URI and putting the database password in a Kubernetes `Secret`, which can be [automatically set as an environment variable](#database-password). + +### Database configuration + +Add the following to your `values.yaml`, replacing the `URL` with your database details. + +```yaml +config: + Database: + Provider: "Postgres" + Postgres: + URL: "postgres://@:/" +``` + +### Database password + +First, create a `Secret` declaratively with YAML or imperatively using the following command (replacing with your actual password): + +```bash +kubectl create secret generic rstudio-connect-database --from-literal=password=YOURPASSWORDHERE +``` + +Second, specify the following in your `values.yaml`: + +```yaml +pod: + env: + - name: CONNECT_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: rstudio-connect-database + key: password +``` + +Alternatively, database passwords may be set during `helm install` with the following argument: + +`--set config.Postgres.Password=""` + ## General principles - In most places, we opt to pass Helm values over configmaps. We translate these into the valid `.gcfg` file format From 8b4755acc0a7eeaab72074aff3bf7686cbe6c4af Mon Sep 17 00:00:00 2001 From: Trevor Nederlof Date: Wed, 22 May 2024 10:11:57 -0400 Subject: [PATCH 075/284] Adjust NEWS --- charts/rstudio-connect/NEWS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index 7cf7960f..f635ced2 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -2,7 +2,7 @@ ## 0.6.8 -- Add documentation on PostgreSQL database configuration and mounting passwords from secrets as env variables +- Add documentation about PostgreSQL database configuration and mounting passwords from secrets as env variables ## 0.6.7 From c841805bb90534d77e1fe79827ac534568237d77 Mon Sep 17 00:00:00 2001 From: Trevor Nederlof Date: Wed, 22 May 2024 14:16:03 -0400 Subject: [PATCH 076/284] Bump chart version and add NEWS --- charts/rstudio-pm/Chart.yaml | 2 +- charts/rstudio-pm/NEWS.md | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index 76a4357d..810015f2 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-pm description: Official Helm chart for RStudio Package Manager -version: 0.5.25 +version: 0.5.26 apiVersion: v2 appVersion: 2024.04.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index 491bdc2b..98a3eebf 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.5.26 + +- Update `strategy` section of `deployment.yaml` template to be consistent with other products. `RollingUpdate` is still the default strategy. + ## 0.5.25 - Update default Posit Package Manager version to 2024.04.0-20 From f47f78fbb5154e37acdb636211a833b4534110e1 Mon Sep 17 00:00:00 2001 From: Trevor Nederlof Date: Wed, 22 May 2024 14:24:54 -0400 Subject: [PATCH 077/284] Update NEWS --- charts/rstudio-pm/NEWS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index 48f42cd9..5164869a 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -2,7 +2,7 @@ ## 0.5.27 -- Update `strategy` section of `deployment.yaml` template to be consistent with other products. `RollingUpdate` is still the default strategy. +- Update `strategy` section of `deployment.yaml` template to be consistent with other Posit products. `RollingUpdate` is still the default strategy. ## 0.5.26 From b2b012d555f8637b2faf720f02c7120e567b56ea Mon Sep 17 00:00:00 2001 From: edavidaja Date: Mon, 20 May 2024 18:21:56 -0400 Subject: [PATCH 078/284] bump doc theme version --- .../posit-dev/posit-docs/_extension.yml | 2 +- .../assets/images/posit-logo-black-TM.svg | 2 +- .../posit-dev/posit-docs/theme-dark.scss | 70 ++++++++++++++++++- _extensions/posit-dev/posit-docs/theme.scss | 24 ++----- 4 files changed, 74 insertions(+), 24 deletions(-) diff --git a/_extensions/posit-dev/posit-docs/_extension.yml b/_extensions/posit-dev/posit-docs/_extension.yml index 9f03f0f2..a6b83cea 100644 --- a/_extensions/posit-dev/posit-docs/_extension.yml +++ b/_extensions/posit-dev/posit-docs/_extension.yml @@ -1,6 +1,6 @@ title: posit-docs author: Ashley Henry, David Aja, Aron Atkins -version: 4.0.1 +version: 4.0.2 quarto-required: ">=1.3.340" contributes: project: diff --git a/_extensions/posit-dev/posit-docs/assets/images/posit-logo-black-TM.svg b/_extensions/posit-dev/posit-docs/assets/images/posit-logo-black-TM.svg index 90331515..9121db29 100644 --- a/_extensions/posit-dev/posit-docs/assets/images/posit-logo-black-TM.svg +++ b/_extensions/posit-dev/posit-docs/assets/images/posit-logo-black-TM.svg @@ -1 +1 @@ - + \ No newline at end of file diff --git a/_extensions/posit-dev/posit-docs/theme-dark.scss b/_extensions/posit-dev/posit-docs/theme-dark.scss index ec1e26d4..0d14d4a9 100644 --- a/_extensions/posit-dev/posit-docs/theme-dark.scss +++ b/_extensions/posit-dev/posit-docs/theme-dark.scss @@ -59,6 +59,11 @@ $navbar-fg: #ffffff; // // Settings for the `` element. +/* Body font */ +body { + font-weight: 400 !important; +} + //$body-color: $posit-green !default; $body-bg: $dark-md-background !default; // dark mode change @@ -93,6 +98,56 @@ $body-bg: $dark-md-background !default; // dark mode change background-color: #0f1c29 !important; } +/* Search results */ + +.aa-DetachedOverlay .aa-SourceHeader .search-result-header, #quarto-search-results .aa-SourceHeader .search-result-header { + font-weight: 600 !important; +} + +.aa-DetachedOverlay a.search-result-link, #quarto-search-results a.search-result-link { + color: $posit-blue !important; + text-decoration: none; +} + +.aa-DetachedOverlay .aa-Item .search-result-doc:not(.document-selectable) .search-result-title-container, #quarto-search-results .aa-Item .search-result-doc:not(.document-selectable) .search-result-title-container { + background-color: #c2c2c4 !important; + font-weight: 500 !important; +} + +.aa-DetachedOverlay li.aa-Item[aria-selected=false] .search-item, #quarto-search-results li.aa-Item[aria-selected=false] .search-item { + background-color: #ffffff !important; + +} + +.aa-DetachedOverlay li.aa-Item[aria-selected=true] .search-item .search-result-section, .aa-DetachedOverlay li.aa-Item[aria-selected=true] .search-item .search-result-text, .aa-DetachedOverlay li.aa-Item[aria-selected=true] .search-item .search-result-title-container, .aa-DetachedOverlay li.aa-Item[aria-selected=true] .search-item .search-result-text-container, #quarto-search-results li.aa-Item[aria-selected=true] .search-item.search-result-more, #quarto-search-results li.aa-Item[aria-selected=true] .search-item .search-result-section, #quarto-search-results li.aa-Item[aria-selected=true] .search-item .search-result-text, #quarto-search-results li.aa-Item[aria-selected=true] .search-item .search-result-title-container, #quarto-search-results li.aa-Item[aria-selected=true] .search-item .search-result-text-container { + color: #ffffff !important; + background-color: $posit-blue !important; + font-weight: 400 !important; +} + +.aa-DetachedOverlay li.aa-Item[aria-selected=false] .search-item .search-result-text, .aa-DetachedOverlay li.aa-Item[aria-selected=false] .search-item .search-result-title-container, .aa-DetachedOverlay li.aa-Item[aria-selected=false] .search-item .search-result-text-container, #quarto-search-results li.aa-Item[aria-selected=false] .search-item.search-result-more, #quarto-search-results li.aa-Item[aria-selected=false] .search-item .search-result-section, #quarto-search-results li.aa-Item[aria-selected=false] .search-item .search-result-text, #quarto-search-results li.aa-Item[aria-selected=false] .search-item .search-result-title-container, #quarto-search-results li.aa-Item[aria-selected=false] .search-item .search-result-text-container { + color: #000000 !important; +} + +.aa-DetachedOverlay li.aa-Item[aria-selected=true] .search-item { + background-color: $posit-blue !important; +} + +.aa-DetachedOverlay li.aa-Item[aria-selected=false] .search-item mark.search-match, .aa-DetachedOverlay li.aa-Item[aria-selected=false] .search-item .search-match.mark, #quarto-search-results li.aa-Item[aria-selected=false] .search-item mark.search-match, #quarto-search-results li.aa-Item[aria-selected=false] .search-item .search-match.mark { + color: $posit-dark-teal-1 !important; + background-color: #ffffff !important; + font-weight:700 !important; +} + +.aa-DetachedOverlay li.aa-Item[aria-selected=false] .search-item.search-result-more, .aa-DetachedOverlay li.aa-Item[aria-selected=false] .search-item .search-result-section, .aa-DetachedOverlay li.aa-Item[aria-selected=false] .search-item .search-result-text, .aa-DetachedOverlay li.aa-Item[aria-selected=false] .search-item .search-result-title-container, .aa-DetachedOverlay li.aa-Item[aria-selected=false] .search-item .search-result-text-container, #quarto-search-results li.aa-Item[aria-selected=false] .search-item.search-result-more, #quarto-search-results li.aa-Item[aria-selected=false] .search-item .search-result-section, #quarto-search-results li.aa-Item[aria-selected=false] .search-item .search-result-text, #quarto-search-results li.aa-Item[aria-selected=false] .search-item .search-result-title-container, #quarto-search-results li.aa-Item[aria-selected=false] .search-item .search-result-text-container { + color: $posit-dark-gray-1 !important; +} + +.aa-DetachedOverlay li.aa-Item[aria-selected=true] .search-item mark.search-match, .aa-DetachedOverlay li.aa-Item[aria-selected=true] .search-item .search-match.mark, #quarto-search-results li.aa-Item[aria-selected=true] .search-item mark.search-match, #quarto-search-results li.aa-Item[aria-selected=true] .search-item .search-match.mark { + color: #000000 !important; + background-color: $posit-light-gray-1 !important; +} + /* Footer */ .nav-footer { @@ -133,6 +188,12 @@ td code:not(.sourceCode) { // Code blocks +pre code:not(.sourceCode) { + background-color: #1a3146 !important; + color: #ffffff; + padding: 9px !important; +} + /* Code block title*/ .quarto-dark .code-with-filename .code-with-filename-file { @@ -149,9 +210,10 @@ $code-block-bg: lighten($dark-md-background, 10%); /* Copy button */ -$btn-code-copy-color: $posit-light-blue-2; -$btn-code-copy-color-active: #ffffff; +$btn-code-copy-color: #ffffff; +$btn-code-copy-color-active: $posit-orange; $callout-icon-scale: 70%; +$tooltip-color: #ffffff !default; // Copied! color // Tabs and pills @@ -172,6 +234,10 @@ $callout-icon-scale: 70%; color: $posit-teal !important; } +.nav-tabs .nav-link.active, +.nav-tabs .nav-item.show .nav-link { + text-decoration: none !important; +} /* Pills */ .nav-pills .nav-link.active, diff --git a/_extensions/posit-dev/posit-docs/theme.scss b/_extensions/posit-dev/posit-docs/theme.scss index 0a4e222a..2a4554b5 100644 --- a/_extensions/posit-dev/posit-docs/theme.scss +++ b/_extensions/posit-dev/posit-docs/theme.scss @@ -67,6 +67,7 @@ $list-group-color: $primary !default; /* Body font */ body { letter-spacing: -0.2px !important; + font-weight: 300 !important; } // Nav and footer @@ -95,26 +96,6 @@ body { padding-left: 1em; } -/* Style for the version included in the website title */ -.navbar-title small { - font-size: 14px; - display: block; - padding-left: 1em; -} - -/* Posit logo - navbar or footer */ -#footer-right-posit-logo { - width: 70px; - min-width: 70px; -} - -#footer-right-logo { - width: 20px; - min-width: 20px; - margin-left: -3px !important; - margin-right: -3px !important; -} - .nav-link { font-family: $font-family-monospace; text-transform: uppercase; @@ -206,6 +187,8 @@ body { .nav-tabs .nav-link.active, .nav-tabs .nav-item.show .nav-link { color: #000000 !important; + font-weight: 700 !important; + text-decoration: underline 1px $posit-orange !important; } .nav-tabs .nav-link:hover, @@ -248,6 +231,7 @@ body { .nav-pills .nav-link.active, .nav-pills .nav-item.show .nav-link { color: #ffffff !important; + text-decoration: none !important; } .nav-pills .nav-link:hover, From fb744a28cf52188c63854432ea5d0bb4aace432a Mon Sep 17 00:00:00 2001 From: edavidaja Date: Mon, 20 May 2024 17:36:48 -0400 Subject: [PATCH 079/284] update actions - silence some node version warnings - update some unsupported versions of python FYI: chart-releaser no longer supports the `charts-repo` parameter. It wasn't clear to me how to update that in a manner consistent with releasing charts to helm.rstudio.com so for now I've left that in place. --- .github/workflows/chart-doc.yaml | 14 +++++--------- .github/workflows/chart-rebuild.yaml | 4 ++-- .github/workflows/chart-releaser.yaml | 6 +++--- .github/workflows/chart-test.yaml | 18 +++++++++--------- 4 files changed, 19 insertions(+), 23 deletions(-) diff --git a/.github/workflows/chart-doc.yaml b/.github/workflows/chart-doc.yaml index 6da6c9c4..8c934a1a 100644 --- a/.github/workflows/chart-doc.yaml +++ b/.github/workflows/chart-doc.yaml @@ -16,19 +16,13 @@ jobs: repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Set up Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@v4.2.0 with: version: v3.6.3 - name: install Just uses: extractions/setup-just@v2 - - name: Install helm-docs - env: - HELM_DOCS_VERSION: 1.13.1 - run: | - just setup - - name: Install Quarto uses: quarto-dev/quarto-actions/setup@v2 with: @@ -36,6 +30,8 @@ jobs: - name: Render Quarto Project uses: quarto-dev/quarto-actions/render@v2 + env: + HELM_DOCS_VERSION: 1.13.1 - name: Commit results run: | @@ -54,14 +50,14 @@ jobs: needs: document steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 - uses: r-lib/actions/pr-fetch@v2 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Set up Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@v4.2.0 with: version: v3.6.3 diff --git a/.github/workflows/chart-rebuild.yaml b/.github/workflows/chart-rebuild.yaml index dc18cefe..7daf66d0 100644 --- a/.github/workflows/chart-rebuild.yaml +++ b/.github/workflows/chart-rebuild.yaml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: ref: 'gh-pages' fetch-depth: 0 @@ -46,7 +46,7 @@ jobs: - name: Create Pull Request id: cpr - uses: peter-evans/create-pull-request@v3 + uses: peter-evans/create-pull-request@v6 with: commit-message: Rebuild index.yaml title: Rebuild index.yaml diff --git a/.github/workflows/chart-releaser.yaml b/.github/workflows/chart-releaser.yaml index 2f68df35..b4807eb0 100644 --- a/.github/workflows/chart-releaser.yaml +++ b/.github/workflows/chart-releaser.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: fetch-depth: 0 @@ -25,14 +25,14 @@ jobs: version: v3.6.3 - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.2.0 + uses: helm/chart-releaser-action@v1.6.0 with: charts_repo_url: https://helm.rstudio.com env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - name: Run chart-releaser (other) - uses: helm/chart-releaser-action@v1.2.0 + uses: helm/chart-releaser-action@v1.6.0 with: charts_dir: other-charts charts_repo_url: https://helm.rstudio.com diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index 00543db9..eac4dd0a 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -11,18 +11,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@v4.2.0 with: version: v3.6.3 - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v5 with: - python-version: 3.7 + python-version: 3.10 - name: Set up chart-testing uses: helm/chart-testing-action@v2.1.0 @@ -45,7 +45,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: fetch-depth: 0 @@ -54,9 +54,9 @@ jobs: with: version: v3.6.3 - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v5 with: - python-version: 3.7 + python-version: 3.10 - name: Set up chart-testing uses: helm/chart-testing-action@v2.1.0 @@ -89,12 +89,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@v4.2.0 with: version: v3.6.3 From 4cb9a35e9d4e9bdfdae5ea7c6811eaedcc468610 Mon Sep 17 00:00:00 2001 From: edavidaja Date: Mon, 20 May 2024 17:41:57 -0400 Subject: [PATCH 080/284] i lack character --- .github/workflows/chart-test.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index eac4dd0a..87966606 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -22,7 +22,7 @@ jobs: - uses: actions/setup-python@v5 with: - python-version: 3.10 + python-version: "3.10" - name: Set up chart-testing uses: helm/chart-testing-action@v2.1.0 @@ -56,7 +56,7 @@ jobs: - uses: actions/setup-python@v5 with: - python-version: 3.10 + python-version: "3.10" - name: Set up chart-testing uses: helm/chart-testing-action@v2.1.0 From 6cb1232b9224ba34ae6eb52e5f4072ad81095c14 Mon Sep 17 00:00:00 2001 From: edavidaja Date: Mon, 20 May 2024 17:54:16 -0400 Subject: [PATCH 081/284] missed a spot --- .github/workflows/chart-rebuild.yaml | 2 +- .github/workflows/chart-releaser.yaml | 6 +++--- .github/workflows/chart-test.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/chart-rebuild.yaml b/.github/workflows/chart-rebuild.yaml index 7daf66d0..f0b1c8a9 100644 --- a/.github/workflows/chart-rebuild.yaml +++ b/.github/workflows/chart-rebuild.yaml @@ -13,7 +13,7 @@ jobs: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@v4.2.0 with: version: v3.6.3 diff --git a/.github/workflows/chart-releaser.yaml b/.github/workflows/chart-releaser.yaml index b4807eb0..9d5c1881 100644 --- a/.github/workflows/chart-releaser.yaml +++ b/.github/workflows/chart-releaser.yaml @@ -20,19 +20,19 @@ jobs: git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - name: Install Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@v4.2.0 with: version: v3.6.3 - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.6.0 + uses: helm/chart-releaser-action@v1.2.0 with: charts_repo_url: https://helm.rstudio.com env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - name: Run chart-releaser (other) - uses: helm/chart-releaser-action@v1.6.0 + uses: helm/chart-releaser-action@v1.2.0 with: charts_dir: other-charts charts_repo_url: https://helm.rstudio.com diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index 87966606..de061f9d 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -50,7 +50,7 @@ jobs: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@v4.2.0 with: version: v3.6.3 From eed71163dbc13bd65bc8f05a52f7eae51408b605 Mon Sep 17 00:00:00 2001 From: Trevor Nederlof Date: Wed, 22 May 2024 15:21:24 -0400 Subject: [PATCH 082/284] Update README manual --- charts/rstudio-pm/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index abc3f0b3..d93c36b9 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,6 +1,6 @@ # Posit Package Manager -![Version: 0.5.26](https://img.shields.io/badge/Version-0.5.26-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) +![Version: 0.5.27](https://img.shields.io/badge/Version-0.5.27-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) #### _Official Helm chart for Posit Package Manager_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.5.26: +To install the chart with the release name `my-release` at version 0.5.27: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.26 +helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.27 ``` To explore other chart versions, look at: From 84d752576b7faacaa4c525fe1e830202d3866de4 Mon Sep 17 00:00:00 2001 From: Cole Arendt Date: Thu, 23 May 2024 15:26:05 -0400 Subject: [PATCH 083/284] enable the new prometheus endpoint for Connect Add a new .prometheus.enabled flag (defaults true) and a .legacyPrometheus flag (defaults false) to revert to old behavior. A simple `legacyPrometheus=true` should revert back to backwards-compatible behavior, but we want folks to switch to the new endpoint, so that is the new default! --- charts/rstudio-connect/Chart.yaml | 2 +- charts/rstudio-connect/NEWS.md | 9 ++++++++ charts/rstudio-connect/README.md | 8 ++++--- charts/rstudio-connect/templates/NOTES.txt | 6 +++++ charts/rstudio-connect/templates/_helpers.tpl | 22 ++++++++++++++++++- .../configmap-graphite-exporter.yaml | 2 +- .../rstudio-connect/templates/deployment.yaml | 17 +++++++++++--- .../templates/service-monitor.yaml | 2 +- charts/rstudio-connect/templates/svc.yaml | 5 ++--- charts/rstudio-connect/values.yaml | 12 ++++++---- 10 files changed, 68 insertions(+), 17 deletions(-) diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index a08b0773..c3e2bfa3 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.6.7 +version: 0.7.0 apiVersion: v2 appVersion: 2024.04.1 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index 682e36f8..2f2ef58e 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,5 +1,14 @@ # Changelog +## 0.7.0 + +- BREAKING: the prometheus endpoint has changed from port `9108` to `3232` by default + - We are now using an internal prometheus endpoint with all new metrics + - As a result, the `graphiteExporter` sidecar has been removed + - Some metrics from the `graphiteExporter` will no longer be present + - There is also a new "off-switch" for prometheus at `prometheus.enabled=true` + - To revert to old behavior, set `legacyPrometheus=true` (and please reach out to let us know why!) + ## 0.6.7 - Documentation site updates diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index efaf5ee7..abfa26b3 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.6.7](https://img.shields.io/badge/Version-0.6.7-informational?style=flat-square) ![AppVersion: 2024.04.1](https://img.shields.io/badge/AppVersion-2024.04.1-informational?style=flat-square) +![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![AppVersion: 2024.04.1](https://img.shields.io/badge/AppVersion-2024.04.1-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ @@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future ## Installing the chart -To install the chart with the release name `my-release` at version 0.6.7: +To install the chart with the release name `my-release` at version 0.7.0: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-connect --version=0.6.7 +helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.0 ``` To explore other chart versions, look at: @@ -142,6 +142,7 @@ The Helm `config` values are converted into the `rstudio-connect.gcfg` service c | launcher.templateValues | object | `{"job":{"annotations":{},"labels":{}},"pod":{"affinity":{},"annotations":{},"command":[],"containerSecurityContext":{},"defaultSecurityContext":{},"env":[],"extraContainers":[],"imagePullPolicy":"","imagePullSecrets":[],"initContainers":[],"labels":{},"nodeSelector":{},"priorityClassName":"","securityContext":{},"serviceAccountName":"","tolerations":[],"volumeMounts":[],"volumes":[]},"service":{"annotations":{},"labels":{},"type":"ClusterIP"}}` | Values to pass along to the Posit Connect session templating process | | launcher.templateValues.pod.command | list | `[]` | command for all pods. This is really not something we should expose and will be removed once we have a better option | | launcher.useTemplates | bool | `true` | Whether to use launcher templates when launching sessions. Defaults to true | +| legacyPrometheus | bool | `false` | Whether to enable the legacy prometheusExporter INSTEAD OF the built-in product exporter. Takes precedence over prometheusExporter.enabled | | license.file | object | `{"contents":false,"mountPath":"/etc/rstudio-licensing","mountSubPath":false,"secret":false,"secretKey":"license.lic"}` | the file section is used for licensing with a license file | | license.file.contents | bool | `false` | contents is an in-line license file | | license.file.mountPath | string | `"/etc/rstudio-licensing"` | mountPath is the place the license file will be mounted into the container | @@ -166,6 +167,7 @@ The Helm `config` values are converted into the `rstudio-connect.gcfg` service c | pod.volumes | list | `[]` | An array of maps that is injected as-is into the "volumes:" component of the pod spec | | podDisruptionBudget | object | `{}` | Pod disruption budget | | priorityClassName | string | `""` | The pod's priorityClassName | +| prometheus | object | `{"enabled":true,"port":3232}` | Whether to enable prometheus metrics in the product | | prometheusExporter.enabled | bool | `true` | Whether the prometheus exporter sidecar should be enabled | | prometheusExporter.image.imagePullPolicy | string | `"IfNotPresent"` | | | prometheusExporter.image.repository | string | `"prom/graphite-exporter"` | | diff --git a/charts/rstudio-connect/templates/NOTES.txt b/charts/rstudio-connect/templates/NOTES.txt index fc3d2dc8..e4035214 100644 --- a/charts/rstudio-connect/templates/NOTES.txt +++ b/charts/rstudio-connect/templates/NOTES.txt @@ -61,3 +61,9 @@ Please consider removing this configuration value. {{- fail "\n\n`pod.nodeSelector` is no longer used. Use `nodeSelector` instead!\nThis is more consistent with other charts and the community." }} {{- end }} + +{{- if and (hasKey .Values.config.Metrics "GraphiteEnabled") (not .Values.legacyPrometheus) }} + +{{- print "\n\n`config.Metrics.GraphiteEnabled` is overwritten by `legacyPrometheus=false`. Internal Connect Prometheus will be used instead." }} + +{{- end }} diff --git a/charts/rstudio-connect/templates/_helpers.tpl b/charts/rstudio-connect/templates/_helpers.tpl index 59e75091..7a879c85 100644 --- a/charts/rstudio-connect/templates/_helpers.tpl +++ b/charts/rstudio-connect/templates/_helpers.tpl @@ -57,6 +57,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} - set launcher parameters if applicable */}} {{- define "rstudio-connect.config" -}} + {{- $configCopy := deepCopy .Values.config }} {{- $defaultConfig := dict }} {{- /* default launcher configuration */}} {{- if .Values.launcher.enabled }} @@ -80,7 +81,26 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- $licenseDict := dict "Licensing" ( dict "LicenseType" ("Remote") ) }} {{- $defaultConfig = merge $defaultConfig $licenseDict }} {{- end }} - {{- include "rstudio-library.config.gcfg" ( mergeOverwrite $defaultConfig .Values.config ) }} + {{- /* default metrics / prometheus configuration */}} + {{- if .Values.prometheus.enabled }} + {{- if .Values.legacyPrometheus }} + {{- /* we set the graphite values as a default, to hide from values.yaml */ -}} + {{- $graphiteDict := dict ("Metrics" (dict "Enabled" true "GraphiteClientId" "rsconnect" "GraphiteEnabled" true))}} + {{- $graphiteDict = merge $graphiteDict (dict ("Metrics" ("GraphiteHost" "127.0.0.1" "GraphitePort" "9109")))}} + {{- $defaultConfig = merge $defaultConfig $graphiteDict }} + {{- else }} + {{- if hasKey $configCopy "Metrics" }} + {{- if hasKey (get $configCopy "Metrics") "GraphiteEnabled" }} + {{- /* we explicitly overwrite the graphite endpoint */ -}} + {{- mergeOverwrite $configCopy (dict "Metrics" (dict "GraphiteEnabled" false))}} + {{- end }} + {{- end }} + + {{- /* and set a default for the prometheus listener */ -}} + {{- $defaultConfig = merge $defaultConfig (dict "Metrics" ( dict "PrometheusListen" (print ":" .Values.prometheus.port )))}} + {{- end }} + {{- end }} + {{- include "rstudio-library.config.gcfg" ( mergeOverwrite $defaultConfig $configCopy ) }} {{- end -}} {{/* diff --git a/charts/rstudio-connect/templates/configmap-graphite-exporter.yaml b/charts/rstudio-connect/templates/configmap-graphite-exporter.yaml index e55e9330..38681ca7 100644 --- a/charts/rstudio-connect/templates/configmap-graphite-exporter.yaml +++ b/charts/rstudio-connect/templates/configmap-graphite-exporter.yaml @@ -1,4 +1,4 @@ -{{- if .Values.prometheusExporter.enabled }} +{{- if and .Values.legacyPrometheus .Values.prometheusExporter.enabled }} --- apiVersion: v1 kind: ConfigMap diff --git a/charts/rstudio-connect/templates/deployment.yaml b/charts/rstudio-connect/templates/deployment.yaml index fecd7c58..1cdb6aac 100644 --- a/charts/rstudio-connect/templates/deployment.yaml +++ b/charts/rstudio-connect/templates/deployment.yaml @@ -20,14 +20,20 @@ spec: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- if and .Values.legacyPrometheus .Values.prometheusExporter.enabled }} checksum/config-graphite: {{ include (print $.Template.BasePath "/configmap-graphite-exporter.yaml") . | sha256sum }} + {{- end }} {{- if .Values.launcher.enabled }} checksum/config-prestart: {{ include (print $.Template.BasePath "/configmap-prestart.yaml") . | sha256sum }} {{- end }} - {{- if .Values.prometheusExporter.enabled }} + {{- if .Values.prometheus }} prometheus.io/scrape: "true" prometheus.io/path: "/metrics" + {{- if and .Values.legacyPrometheus .Values.prometheusExporter.enabled }} prometheus.io/port: "9108" + {{- else }} + prometheus.io/port: {{ .Values.prometheus.port | quote }} + {{- end }} {{- end }} {{ include "rstudio-connect.pod.annotations" . | indent 8 }} labels: @@ -118,6 +124,11 @@ spec: imagePullPolicy: "{{ .Values.image.imagePullPolicy }}" ports: - containerPort: {{ .Values.pod.port }} + name: http + {{- if and .Values.prometheus.enabled (not .Values.legacyPrometheus) }} + - containerPort: {{ .Values.prometheus.port }} + name: metrics + {{- end}} {{- with .Values.securityContext }} securityContext: {{- toYaml . | nindent 10 }} @@ -187,7 +198,7 @@ spec: {{- toYaml . | nindent 10 }} {{- end }} {{- end }} - {{- if .Values.prometheusExporter.enabled }} + {{- if and .Values.legacyPrometheus .Values.prometheusExporter.enabled }} - name: exporter image: "{{ .Values.prometheusExporter.image.repository }}:{{ .Values.prometheusExporter.image.tag }}" imagePullPolicy: "{{ .Values.prometheusExporter.image.imagePullPolicy }}" @@ -220,7 +231,7 @@ spec: claimName: {{default (print (include "rstudio-connect.fullname" .) "-shared-storage" ) .Values.sharedStorage.name }} {{- end }} {{ include "rstudio-library.license-volume" (dict "license" ( .Values.license ) "fullName" (include "rstudio-connect.fullname" .)) | indent 6 }} - {{- if .Values.prometheusExporter.enabled }} + {{- if and .Values.legacyPrometheus .Values.prometheusExporter.enabled }} - name: graphite-exporter-config configMap: name: {{ include "rstudio-connect.fullname" . }}-graphite diff --git a/charts/rstudio-connect/templates/service-monitor.yaml b/charts/rstudio-connect/templates/service-monitor.yaml index 7dab3edc..6907e474 100644 --- a/charts/rstudio-connect/templates/service-monitor.yaml +++ b/charts/rstudio-connect/templates/service-monitor.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.prometheusExporter.enabled .Values.serviceMonitor.enabled -}} +{{- if and .Values.prometheus.enabled .Values.serviceMonitor.enabled -}} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/rstudio-connect/templates/svc.yaml b/charts/rstudio-connect/templates/svc.yaml index 53ccfc0f..c7d111d7 100644 --- a/charts/rstudio-connect/templates/svc.yaml +++ b/charts/rstudio-connect/templates/svc.yaml @@ -17,7 +17,7 @@ spec: {{- end }} {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }} loadBalancerIP: {{ .Values.service.loadBalancerIP }} -{{- end }} +{{- end }} selector: {{- include "rstudio-connect.selectorLabels" . | nindent 4 }} ports: @@ -28,8 +28,7 @@ spec: nodePort: {{ .Values.service.nodePort }} {{- end }} targetPort: {{ .Values.service.targetPort }} - {{- if .Values.prometheusExporter.enabled }} + {{- if .Values.prometheus.enabled }} - name: metrics - port: 9108 {{- end }} --- diff --git a/charts/rstudio-connect/values.yaml b/charts/rstudio-connect/values.yaml index 04128dc4..22c054f9 100644 --- a/charts/rstudio-connect/values.yaml +++ b/charts/rstudio-connect/values.yaml @@ -159,6 +159,14 @@ license: securityContext: privileged: true +# -- Whether to enable prometheus metrics in the product +prometheus: + enabled: true + port: 3232 + +# -- Whether to enable the legacy prometheusExporter INSTEAD OF the built-in product exporter. Takes precedence over +# prometheusExporter.enabled +legacyPrometheus: false prometheusExporter: # -- Whether the prometheus exporter sidecar should be enabled enabled: true @@ -357,7 +365,3 @@ config: AccessLogFormat: COMMON # COMMON, COMBINED, or JSON Metrics: Enabled: true - GraphiteEnabled: true - GraphiteHost: 127.0.0.1 - GraphitePort: 9109 - GraphiteClientId: rsconnect From 4f6dda6901ae73a36f817f0468a24a31dfe7a8fc Mon Sep 17 00:00:00 2001 From: Cole Arendt Date: Thu, 23 May 2024 16:02:04 -0400 Subject: [PATCH 084/284] change to using `prometheus.legacy` for increased clarity around setting precedence To be clear, `prometheus.enabled` is the parent setting. Then you can optionally enable `prometheus.legacy` --- charts/rstudio-connect/NEWS.md | 4 ++-- charts/rstudio-connect/README.md | 7 ++++--- charts/rstudio-connect/templates/NOTES.txt | 4 ++-- charts/rstudio-connect/templates/_helpers.tpl | 2 +- .../templates/configmap-graphite-exporter.yaml | 2 +- charts/rstudio-connect/templates/deployment.yaml | 10 +++++----- charts/rstudio-connect/values.yaml | 11 ++++++----- 7 files changed, 21 insertions(+), 19 deletions(-) diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index 2f2ef58e..a9b8205d 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -6,8 +6,8 @@ - We are now using an internal prometheus endpoint with all new metrics - As a result, the `graphiteExporter` sidecar has been removed - Some metrics from the `graphiteExporter` will no longer be present - - There is also a new "off-switch" for prometheus at `prometheus.enabled=true` - - To revert to old behavior, set `legacyPrometheus=true` (and please reach out to let us know why!) + - The parent / main "off-switch" for prometheus is at `prometheus.enabled` + - To revert to the old exporter, set `prometheus.legacy=true` (and please reach out to let us know why!) ## 0.6.7 diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index abfa26b3..ade25613 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -142,7 +142,6 @@ The Helm `config` values are converted into the `rstudio-connect.gcfg` service c | launcher.templateValues | object | `{"job":{"annotations":{},"labels":{}},"pod":{"affinity":{},"annotations":{},"command":[],"containerSecurityContext":{},"defaultSecurityContext":{},"env":[],"extraContainers":[],"imagePullPolicy":"","imagePullSecrets":[],"initContainers":[],"labels":{},"nodeSelector":{},"priorityClassName":"","securityContext":{},"serviceAccountName":"","tolerations":[],"volumeMounts":[],"volumes":[]},"service":{"annotations":{},"labels":{},"type":"ClusterIP"}}` | Values to pass along to the Posit Connect session templating process | | launcher.templateValues.pod.command | list | `[]` | command for all pods. This is really not something we should expose and will be removed once we have a better option | | launcher.useTemplates | bool | `true` | Whether to use launcher templates when launching sessions. Defaults to true | -| legacyPrometheus | bool | `false` | Whether to enable the legacy prometheusExporter INSTEAD OF the built-in product exporter. Takes precedence over prometheusExporter.enabled | | license.file | object | `{"contents":false,"mountPath":"/etc/rstudio-licensing","mountSubPath":false,"secret":false,"secretKey":"license.lic"}` | the file section is used for licensing with a license file | | license.file.contents | bool | `false` | contents is an in-line license file | | license.file.mountPath | string | `"/etc/rstudio-licensing"` | mountPath is the place the license file will be mounted into the container | @@ -167,8 +166,10 @@ The Helm `config` values are converted into the `rstudio-connect.gcfg` service c | pod.volumes | list | `[]` | An array of maps that is injected as-is into the "volumes:" component of the pod spec | | podDisruptionBudget | object | `{}` | Pod disruption budget | | priorityClassName | string | `""` | The pod's priorityClassName | -| prometheus | object | `{"enabled":true,"port":3232}` | Whether to enable prometheus metrics in the product | -| prometheusExporter.enabled | bool | `true` | Whether the prometheus exporter sidecar should be enabled | +| prometheus.enabled | bool | `true` | The parent setting for whether to enable prometheus metrics. Default is to use the built-in product exporter | +| prometheus.legacy | bool | `false` | Whether to enable the legacy prometheusExporter INSTEAD OF the built-in product exporter. If you change this to `true`, please let us know why! Requires prometheusExporter.enabled=true too | +| prometheus.port | int | `3232` | The port that prometheus will listen on. If legacy=true, then this will be hard-coded to 9108 | +| prometheusExporter.enabled | bool | `true` | DEPRECATED. Whether the prometheus exporter sidecar should be enabled. See prometheus.enabled instead. | | prometheusExporter.image.imagePullPolicy | string | `"IfNotPresent"` | | | prometheusExporter.image.repository | string | `"prom/graphite-exporter"` | | | prometheusExporter.image.tag | string | `"v0.9.0"` | | diff --git a/charts/rstudio-connect/templates/NOTES.txt b/charts/rstudio-connect/templates/NOTES.txt index e4035214..e16b7318 100644 --- a/charts/rstudio-connect/templates/NOTES.txt +++ b/charts/rstudio-connect/templates/NOTES.txt @@ -62,8 +62,8 @@ Please consider removing this configuration value. {{- end }} -{{- if and (hasKey .Values.config.Metrics "GraphiteEnabled") (not .Values.legacyPrometheus) }} +{{- if and (hasKey .Values.config.Metrics "GraphiteEnabled") (not .Values.prometheus.legacy) }} -{{- print "\n\n`config.Metrics.GraphiteEnabled` is overwritten by `legacyPrometheus=false`. Internal Connect Prometheus will be used instead." }} +{{- print "\n\n`config.Metrics.GraphiteEnabled` is overwritten by `prometheus.legacy=false`. Internal Connect Prometheus will be used instead." }} {{- end }} diff --git a/charts/rstudio-connect/templates/_helpers.tpl b/charts/rstudio-connect/templates/_helpers.tpl index 7a879c85..34e94b5a 100644 --- a/charts/rstudio-connect/templates/_helpers.tpl +++ b/charts/rstudio-connect/templates/_helpers.tpl @@ -83,7 +83,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{- /* default metrics / prometheus configuration */}} {{- if .Values.prometheus.enabled }} - {{- if .Values.legacyPrometheus }} + {{- if .Values.prometheus.legacy }} {{- /* we set the graphite values as a default, to hide from values.yaml */ -}} {{- $graphiteDict := dict ("Metrics" (dict "Enabled" true "GraphiteClientId" "rsconnect" "GraphiteEnabled" true))}} {{- $graphiteDict = merge $graphiteDict (dict ("Metrics" ("GraphiteHost" "127.0.0.1" "GraphitePort" "9109")))}} diff --git a/charts/rstudio-connect/templates/configmap-graphite-exporter.yaml b/charts/rstudio-connect/templates/configmap-graphite-exporter.yaml index 38681ca7..3e981e73 100644 --- a/charts/rstudio-connect/templates/configmap-graphite-exporter.yaml +++ b/charts/rstudio-connect/templates/configmap-graphite-exporter.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.legacyPrometheus .Values.prometheusExporter.enabled }} +{{- if and .Values.prometheus.legacy .Values.prometheusExporter.enabled }} --- apiVersion: v1 kind: ConfigMap diff --git a/charts/rstudio-connect/templates/deployment.yaml b/charts/rstudio-connect/templates/deployment.yaml index 1cdb6aac..2668e8ba 100644 --- a/charts/rstudio-connect/templates/deployment.yaml +++ b/charts/rstudio-connect/templates/deployment.yaml @@ -20,7 +20,7 @@ spec: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- if and .Values.legacyPrometheus .Values.prometheusExporter.enabled }} + {{- if and .Values.prometheus.legacy .Values.prometheusExporter.enabled }} checksum/config-graphite: {{ include (print $.Template.BasePath "/configmap-graphite-exporter.yaml") . | sha256sum }} {{- end }} {{- if .Values.launcher.enabled }} @@ -29,7 +29,7 @@ spec: {{- if .Values.prometheus }} prometheus.io/scrape: "true" prometheus.io/path: "/metrics" - {{- if and .Values.legacyPrometheus .Values.prometheusExporter.enabled }} + {{- if and .Values.prometheus.legacy .Values.prometheusExporter.enabled }} prometheus.io/port: "9108" {{- else }} prometheus.io/port: {{ .Values.prometheus.port | quote }} @@ -125,7 +125,7 @@ spec: ports: - containerPort: {{ .Values.pod.port }} name: http - {{- if and .Values.prometheus.enabled (not .Values.legacyPrometheus) }} + {{- if and .Values.prometheus.enabled (not .Values.prometheus.legacy) }} - containerPort: {{ .Values.prometheus.port }} name: metrics {{- end}} @@ -198,7 +198,7 @@ spec: {{- toYaml . | nindent 10 }} {{- end }} {{- end }} - {{- if and .Values.legacyPrometheus .Values.prometheusExporter.enabled }} + {{- if and .Values.prometheus.legacy .Values.prometheusExporter.enabled }} - name: exporter image: "{{ .Values.prometheusExporter.image.repository }}:{{ .Values.prometheusExporter.image.tag }}" imagePullPolicy: "{{ .Values.prometheusExporter.image.imagePullPolicy }}" @@ -231,7 +231,7 @@ spec: claimName: {{default (print (include "rstudio-connect.fullname" .) "-shared-storage" ) .Values.sharedStorage.name }} {{- end }} {{ include "rstudio-library.license-volume" (dict "license" ( .Values.license ) "fullName" (include "rstudio-connect.fullname" .)) | indent 6 }} - {{- if and .Values.legacyPrometheus .Values.prometheusExporter.enabled }} + {{- if and .Values.prometheus.legacy .Values.prometheusExporter.enabled }} - name: graphite-exporter-config configMap: name: {{ include "rstudio-connect.fullname" . }}-graphite diff --git a/charts/rstudio-connect/values.yaml b/charts/rstudio-connect/values.yaml index 22c054f9..4fbf68c4 100644 --- a/charts/rstudio-connect/values.yaml +++ b/charts/rstudio-connect/values.yaml @@ -159,16 +159,17 @@ license: securityContext: privileged: true -# -- Whether to enable prometheus metrics in the product prometheus: + # -- The parent setting for whether to enable prometheus metrics. Default is to use the built-in product exporter enabled: true + # -- The port that prometheus will listen on. If legacy=true, then this will be hard-coded to 9108 port: 3232 + # -- Whether to enable the legacy prometheusExporter INSTEAD OF the built-in product exporter. If you change this to + # `true`, please let us know why! Requires prometheusExporter.enabled=true too + legacy: false -# -- Whether to enable the legacy prometheusExporter INSTEAD OF the built-in product exporter. Takes precedence over -# prometheusExporter.enabled -legacyPrometheus: false prometheusExporter: - # -- Whether the prometheus exporter sidecar should be enabled + # -- DEPRECATED. Whether the prometheus exporter sidecar should be enabled. See prometheus.enabled instead. enabled: true # -- Yaml that defines the graphite exporter mapping. null by default, which uses the embedded / default mapping yaml file mappingYaml: null From c43be7823621907a2cdb32a72a40571fec66043a Mon Sep 17 00:00:00 2001 From: Cole Arendt Date: Fri, 24 May 2024 09:57:19 -0400 Subject: [PATCH 085/284] fix some formatting issues and missing config --- charts/rstudio-connect/templates/_helpers.tpl | 4 ++-- charts/rstudio-connect/templates/svc.yaml | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/charts/rstudio-connect/templates/_helpers.tpl b/charts/rstudio-connect/templates/_helpers.tpl index 34e94b5a..ffe45fcf 100644 --- a/charts/rstudio-connect/templates/_helpers.tpl +++ b/charts/rstudio-connect/templates/_helpers.tpl @@ -85,8 +85,8 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- if .Values.prometheus.enabled }} {{- if .Values.prometheus.legacy }} {{- /* we set the graphite values as a default, to hide from values.yaml */ -}} - {{- $graphiteDict := dict ("Metrics" (dict "Enabled" true "GraphiteClientId" "rsconnect" "GraphiteEnabled" true))}} - {{- $graphiteDict = merge $graphiteDict (dict ("Metrics" ("GraphiteHost" "127.0.0.1" "GraphitePort" "9109")))}} + {{- $graphiteDict := dict "Metrics" (dict "Enabled" true "GraphiteClientId" "rsconnect" "GraphiteEnabled" true) }} + {{- $graphiteDict = merge $graphiteDict (dict "Metrics" (dict "GraphiteHost" "127.0.0.1" "GraphitePort" "9109")) }} {{- $defaultConfig = merge $defaultConfig $graphiteDict }} {{- else }} {{- if hasKey $configCopy "Metrics" }} diff --git a/charts/rstudio-connect/templates/svc.yaml b/charts/rstudio-connect/templates/svc.yaml index c7d111d7..2190511a 100644 --- a/charts/rstudio-connect/templates/svc.yaml +++ b/charts/rstudio-connect/templates/svc.yaml @@ -30,5 +30,11 @@ spec: targetPort: {{ .Values.service.targetPort }} {{- if .Values.prometheus.enabled }} - name: metrics + targetPort: metrics + {{- if .Values.prometheus.legacy }} + port: 9108 + {{- else }} + port: {{ .Values.prometheus.port }} + {{- end }} {{- end }} --- From d2404dbfa1e028b3bc77de1c21a70b40398e9119 Mon Sep 17 00:00:00 2001 From: David Kegley Date: Thu, 30 May 2024 11:21:07 -0400 Subject: [PATCH 086/284] Bump Connect version to 2024.05.0 --- charts/rstudio-connect/Chart.yaml | 6 +++--- charts/rstudio-connect/NEWS.md | 6 ++++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index cc7ea7aa..01a5f5d9 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,8 +1,8 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.7.1 +version: 0.7.2 apiVersion: v2 -appVersion: 2024.04.1 +appVersion: 2024.05.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.rstudio.com sources: @@ -18,7 +18,7 @@ dependencies: annotations: artifacthub.io/images: | - name: rstudio-connect - image: rstudio/rstudio-connect:ubuntu2204-2024.04.1 + image: rstudio/rstudio-connect:ubuntu2204-2024.05.0 artifacthub.io/license: MIT artifacthub.io/links: | - name: Docker Images diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index 74210474..09d1c74d 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,5 +1,11 @@ # Changelog +## 0.7.2 + +- Bump Connect version to 2024.05.0 +- BREAKING: local execution only + - Default installed R versions upgraded to 4.4.0 and 4.3.3. + ## 0.7.1 - Add documentation about PostgreSQL database configuration and mounting passwords from secrets as env variables From 7789cb287b15115608b419e1ec07aa71aea4e4d9 Mon Sep 17 00:00:00 2001 From: Aron Atkins Date: Fri, 24 May 2024 14:39:19 -0400 Subject: [PATCH 087/284] connect: enable TensorFlow Requires Connect 2024.05.0 and updated Docker images which include the TensorFlow Serving universal binary. fixes #513 --- charts/rstudio-connect/NEWS.md | 2 ++ charts/rstudio-connect/README.md | 6 +++--- charts/rstudio-connect/values.yaml | 6 ++++++ 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index 09d1c74d..ff880496 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -5,6 +5,8 @@ - Bump Connect version to 2024.05.0 - BREAKING: local execution only - Default installed R versions upgraded to 4.4.0 and 4.3.3. +- Enable TensorFlow by default in `values.yaml` when running in local or + off-host execution mode. ## 0.7.1 diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index a31729fa..b2db568f 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.7.1](https://img.shields.io/badge/Version-0.7.1-informational?style=flat-square) ![AppVersion: 2024.04.1](https://img.shields.io/badge/AppVersion-2024.04.1-informational?style=flat-square) +![Version: 0.7.2](https://img.shields.io/badge/Version-0.7.2-informational?style=flat-square) ![AppVersion: 2024.04.1](https://img.shields.io/badge/AppVersion-2024.04.1-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ @@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.1: +To install the chart with the release name `my-release` at version 0.7.2: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.1 +helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.2 ``` To explore other chart versions, look at: diff --git a/charts/rstudio-connect/values.yaml b/charts/rstudio-connect/values.yaml index 4fbf68c4..6ba115c1 100644 --- a/charts/rstudio-connect/values.yaml +++ b/charts/rstudio-connect/values.yaml @@ -356,6 +356,12 @@ config: # For Off-Host Execution, Quarto versions are defined by the set of Execution Environments # https://docs.posit.co/connect/admin/quarto/ Executable: "/opt/quarto/1.4.552/bin/quarto" + TensorFlow: + Enabled: true + # Note: The `Executable` listed below is only used for Local Execution. + # For Off-Host Execution, TensorFlow versions are defined by the set of Execution Environments + # https://docs.posit.co/connect/admin/tensorflow/ + Executable: "/usr/bin/tensorflow_model_server" Scheduler: InitTimeout: 5m Logging: From ea6b1d99cef081911124985b24803d0c1703449f Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 30 May 2024 15:30:33 +0000 Subject: [PATCH 088/284] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index b2db568f..b07b6e29 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.7.2](https://img.shields.io/badge/Version-0.7.2-informational?style=flat-square) ![AppVersion: 2024.04.1](https://img.shields.io/badge/AppVersion-2024.04.1-informational?style=flat-square) +![Version: 0.7.2](https://img.shields.io/badge/Version-0.7.2-informational?style=flat-square) ![AppVersion: 2024.05.0](https://img.shields.io/badge/AppVersion-2024.05.0-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ From af4296043d6c41cc4dc0f95727d16cf89bf707f6 Mon Sep 17 00:00:00 2001 From: David Kegley Date: Thu, 30 May 2024 17:13:41 -0400 Subject: [PATCH 089/284] Bump default python versions --- charts/rstudio-connect/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/rstudio-connect/values.yaml b/charts/rstudio-connect/values.yaml index 6ba115c1..d2e6eac3 100644 --- a/charts/rstudio-connect/values.yaml +++ b/charts/rstudio-connect/values.yaml @@ -348,8 +348,8 @@ config: # For Off-Host Execution, Python versions are defined by the set of Execution Environments # https://docs.posit.co/connect/admin/python/ Executable: - - /opt/python/3.9.17/bin/python - - /opt/python/3.8.17/bin/python + - /opt/python/3.12.1/bin/python + - /opt/python/3.11.7/bin/python Quarto: Enabled: true # Note: The `Executable` listed below is only used for Local Execution. From 2b76c3ec780b46b0279d98f497ad511482d631ce Mon Sep 17 00:00:00 2001 From: Tyler Date: Fri, 14 Jun 2024 14:26:00 -0400 Subject: [PATCH 090/284] Bump PPM to 2024.04.2-29 --- charts/rstudio-pm/Chart.yaml | 6 +++--- charts/rstudio-pm/NEWS.md | 4 ++++ charts/rstudio-pm/README.md | 6 +++--- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index fdc61736..895431e4 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -1,8 +1,8 @@ name: rstudio-pm description: Official Helm chart for Posit Package Manager -version: 0.5.27 +version: 0.5.28 apiVersion: v2 -appVersion: 2024.04.0 +appVersion: 2024.04.2 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.rstudio.com sources: @@ -19,7 +19,7 @@ dependencies: annotations: artifacthub.io/images: | - name: rstudio-package-manager - image: rstudio/rstudio-package-manager:ubuntu2204-2024.04.0 + image: rstudio/rstudio-package-manager:ubuntu2204-2024.04.2 artifacthub.io/license: MIT artifacthub.io/links: | - name: RStudio Community diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index 5164869a..9741abcc 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.5.28 + +- Update default Posit Package Manager version to 2024.04.2-29 + ## 0.5.27 - Update `strategy` section of `deployment.yaml` template to be consistent with other Posit products. `RollingUpdate` is still the default strategy. diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index d93c36b9..d299bf68 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,6 +1,6 @@ # Posit Package Manager -![Version: 0.5.27](https://img.shields.io/badge/Version-0.5.27-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) +![Version: 0.5.28](https://img.shields.io/badge/Version-0.5.28-informational?style=flat-square) ![AppVersion: 2024.04.2](https://img.shields.io/badge/AppVersion-2024.04.2-informational?style=flat-square) #### _Official Helm chart for Posit Package Manager_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.5.27: +To install the chart with the release name `my-release` at version 0.5.28: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.27 +helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.28 ``` To explore other chart versions, look at: From 41912b2053ee4d7308d14dd68d8e336fb339b66a Mon Sep 17 00:00:00 2001 From: Craig Date: Fri, 21 Jun 2024 13:25:00 -0600 Subject: [PATCH 091/284] Bump Workbench to 2024.04.2 --- charts/rstudio-workbench/Chart.yaml | 8 ++++---- charts/rstudio-workbench/NEWS.md | 4 ++++ charts/rstudio-workbench/README.md | 6 +++--- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/charts/rstudio-workbench/Chart.yaml b/charts/rstudio-workbench/Chart.yaml index c6994076..7292ec7b 100644 --- a/charts/rstudio-workbench/Chart.yaml +++ b/charts/rstudio-workbench/Chart.yaml @@ -1,8 +1,8 @@ name: rstudio-workbench description: Official Helm chart for Posit Workbench -version: 0.7.5 +version: 0.7.6 apiVersion: v2 -appVersion: 2024.04.0 +appVersion: 2024.04.2 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.rstudio.com sources: @@ -18,9 +18,9 @@ dependencies: annotations: artifacthub.io/images: | - name: rstudio-workbench - image: rstudio/rstudio-workbench:ubuntu2204-2024.04.0 + image: rstudio/rstudio-workbench:ubuntu2204-2024.04.2 - name: r-session-complete - image: rstudio/r-session-complete:ubuntu2204-2024.04.0 + image: rstudio/r-session-complete:ubuntu2204-2024.04.2 artifacthub.io/license: MIT artifacthub.io/links: | - name: Docker Images diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index 2c38bf88..5897eb5f 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.7.6 + +- Bump Workbench version to 2024.04.2 + ## 0.7.5 - Add documentation about PostgreSQL database configuration and mounting passwords from secrets as env variables diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 47257f08..6398e2f7 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,6 +1,6 @@ # Posit Workbench -![Version: 0.7.5](https://img.shields.io/badge/Version-0.7.5-informational?style=flat-square) ![AppVersion: 2024.04.0](https://img.shields.io/badge/AppVersion-2024.04.0-informational?style=flat-square) +![Version: 0.7.6](https://img.shields.io/badge/Version-0.7.6-informational?style=flat-square) ![AppVersion: 2024.04.2](https://img.shields.io/badge/AppVersion-2024.04.2-informational?style=flat-square) #### _Official Helm chart for Posit Workbench_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.5: +To install the chart with the release name `my-release` at version 0.7.6: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-workbench --version=0.7.5 +helm upgrade --install my-release rstudio/rstudio-workbench --version=0.7.6 ``` To explore other chart versions, look at: From ee3b76c0b5dcefe4bd308e3bb29ee1c9eda9afdb Mon Sep 17 00:00:00 2001 From: David Kegley Date: Wed, 26 Jun 2024 12:25:20 -0400 Subject: [PATCH 092/284] Bump Connect to version 2024.06.0 --- charts/rstudio-connect/Chart.yaml | 6 +++--- charts/rstudio-connect/NEWS.md | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index 01a5f5d9..11c98a2f 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,8 +1,8 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.7.2 +version: 0.7.3 apiVersion: v2 -appVersion: 2024.05.0 +appVersion: 2024.06.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.rstudio.com sources: @@ -18,7 +18,7 @@ dependencies: annotations: artifacthub.io/images: | - name: rstudio-connect - image: rstudio/rstudio-connect:ubuntu2204-2024.05.0 + image: rstudio/rstudio-connect:ubuntu2204-2024.06.0 artifacthub.io/license: MIT artifacthub.io/links: | - name: Docker Images diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index 63c4ccbf..6fd52937 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,3 +1,7 @@ +# 0.7.3 + +- Bump Connect version to 2024.06.0 + # Changelog ## 0.7.2 From 482992a75744a668b485d7a982ca157f381d4c1d Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 26 Jun 2024 16:26:26 +0000 Subject: [PATCH 093/284] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index b07b6e29..78075223 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.7.2](https://img.shields.io/badge/Version-0.7.2-informational?style=flat-square) ![AppVersion: 2024.05.0](https://img.shields.io/badge/AppVersion-2024.05.0-informational?style=flat-square) +![Version: 0.7.3](https://img.shields.io/badge/Version-0.7.3-informational?style=flat-square) ![AppVersion: 2024.06.0](https://img.shields.io/badge/AppVersion-2024.06.0-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ @@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.2: +To install the chart with the release name `my-release` at version 0.7.3: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.2 +helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.3 ``` To explore other chart versions, look at: From a5bc41e1a2319cb6ba54b8ec7b4b6a37718b94aa Mon Sep 17 00:00:00 2001 From: Tyler Date: Thu, 27 Jun 2024 14:18:53 -0400 Subject: [PATCH 094/284] Bump PPM to 2024.04.4 --- charts/rstudio-pm/Chart.yaml | 6 +++--- charts/rstudio-pm/NEWS.md | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index 895431e4..1f9b70b7 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -1,8 +1,8 @@ name: rstudio-pm description: Official Helm chart for Posit Package Manager -version: 0.5.28 +version: 0.5.29 apiVersion: v2 -appVersion: 2024.04.2 +appVersion: 2024.04.4 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.rstudio.com sources: @@ -19,7 +19,7 @@ dependencies: annotations: artifacthub.io/images: | - name: rstudio-package-manager - image: rstudio/rstudio-package-manager:ubuntu2204-2024.04.2 + image: rstudio/rstudio-package-manager:ubuntu2204-2024.04.4 artifacthub.io/license: MIT artifacthub.io/links: | - name: RStudio Community diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index 9741abcc..efc859b7 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.5.29 + +- Update default Posit Package Manager version to 2024.04.4-35 + ## 0.5.28 - Update default Posit Package Manager version to 2024.04.2-29 From b26bb0dc2dcb345f23f3478f9c5c1c7aec40a3da Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 27 Jun 2024 18:21:02 +0000 Subject: [PATCH 095/284] Update helm-docs and README.md --- charts/rstudio-pm/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index d299bf68..9766ac62 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,6 +1,6 @@ # Posit Package Manager -![Version: 0.5.28](https://img.shields.io/badge/Version-0.5.28-informational?style=flat-square) ![AppVersion: 2024.04.2](https://img.shields.io/badge/AppVersion-2024.04.2-informational?style=flat-square) +![Version: 0.5.29](https://img.shields.io/badge/Version-0.5.29-informational?style=flat-square) ![AppVersion: 2024.04.4](https://img.shields.io/badge/AppVersion-2024.04.4-informational?style=flat-square) #### _Official Helm chart for Posit Package Manager_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.5.28: +To install the chart with the release name `my-release` at version 0.5.29: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.28 +helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.29 ``` To explore other chart versions, look at: From 54fb030287b69cb95dcd58922f6a3332f41b6c2a Mon Sep 17 00:00:00 2001 From: Tyler Finethy Date: Thu, 27 Jun 2024 14:40:45 -0400 Subject: [PATCH 096/284] Update charts/rstudio-pm/NEWS.md --- charts/rstudio-pm/NEWS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index efc859b7..e01f7d99 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -2,7 +2,7 @@ ## 0.5.29 -- Update default Posit Package Manager version to 2024.04.4-35 +- Update default Posit Package Manager version to 2024.04.4-35 ## 0.5.28 From 940a96821a74e251e196b5200b9c3b16b1136ec4 Mon Sep 17 00:00:00 2001 From: Cole Arendt Date: Wed, 10 Jul 2024 12:53:51 -0400 Subject: [PATCH 097/284] add 2.4.0 template versions --- .../launcher-templates/default/2.4.0/job.tpl | 219 +++++++++++++ .../default/2.4.0/service.tpl | 38 +++ .../launcher-templates/helm/2.4.0-v1/job.tpl | 291 ++++++++++++++++++ .../helm/2.4.0-v1/service.tpl | 51 +++ 4 files changed, 599 insertions(+) create mode 100644 examples/launcher-templates/default/2.4.0/job.tpl create mode 100644 examples/launcher-templates/default/2.4.0/service.tpl create mode 100644 examples/launcher-templates/helm/2.4.0-v1/job.tpl create mode 100644 examples/launcher-templates/helm/2.4.0-v1/service.tpl diff --git a/examples/launcher-templates/default/2.4.0/job.tpl b/examples/launcher-templates/default/2.4.0/job.tpl new file mode 100644 index 00000000..9f7350d1 --- /dev/null +++ b/examples/launcher-templates/default/2.4.0/job.tpl @@ -0,0 +1,219 @@ +# Version: 2.4.0 +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + {{- with .Job.metadata.job.annotations }} + {{- range $key, $val := . }} + {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} + {{- end }} + {{- end }} + labels: + app.kubernetes.io/managed-by: "launcher" + {{- with .Job.instanceId }} + launcher-instance-id: {{ toYaml . }} + {{- end }} + {{- with .Job.metadata.job.labels }} + {{- range $key, $val := . }} + {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} + {{- end }} + {{- end }} + generateName: {{ toYaml .Job.generateName }} +spec: + backoffLimit: 0 + template: + metadata: + annotations: + {{- if .Job.tags }} + {{- $i := 0 }} + {{- range .Job.tags }} + USER_TAG_{{ $i }}: {{ toYaml . | indent 8 | trimPrefix (repeat 8 " ") }} + {{- $i = add $i 1 }} + {{- end }} + {{- end }} + stdin: {{ toYaml .Job.stdin | indent 8 | trimPrefix (repeat 8 " ") }} + user: {{ toYaml .Job.user }} + name: {{ toYaml .Job.name }} + service_ports: {{ toYaml .Job.servicePortsJson }} + {{- if .Job.metadata }} + user_metadata: {{ toJson .Job.metadata | toYaml | indent 8 | trimPrefix (repeat 8 " ") }} + {{- end }} + {{- with .Job.metadata.pod.annotations }} + {{- range $key, $val := . }} + {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} + {{- end }} + {{- end }} + labels: + {{- with .Job.instanceId }} + launcher-instance-id: {{ toYaml . }} + {{- end }} + {{- with .Job.metadata.pod.labels }} + {{- range $key, $val := . }} + {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} + {{- end }} + {{- end }} + generateName: {{ toYaml .Job.generateName }} + spec: + {{- if .Job.host }} + nodeName: {{ toYaml .Job.host }} + {{- end }} + restartPolicy: Never + shareProcessNamespace: {{ .Job.shareProcessNamespace }} + {{- if ne (len .Job.volumes) 0 }} + volumes: + {{- range .Job.volumes }} + - {{ nindent 10 (toYaml .) | trim -}} + {{- end }} + {{- end }} + {{- if ne (len .Job.placementConstraints) 0 }} + nodeSelector: + {{- range .Job.placementConstraints }} + {{ .name }}: {{ toYaml .value }} + {{- end }} + {{- end }} + {{- $securityContext := dict }} + {{- if .Job.container.runAsUserId }} + {{- $_ := set $securityContext "runAsUser" .Job.container.runAsUserId }} + {{- end }} + {{- if .Job.container.runAsGroupId }} + {{- $_ := set $securityContext "runAsGroup" .Job.container.runAsGroupId }} + {{- end }} + {{- if .Job.container.supplementalGroupIds }} + {{- $groupIds := list }} + {{- range .Job.container.supplementalGroupIds }} + {{- $groupIds = append $groupIds . }} + {{- end }} + {{- $_ := set $securityContext "supplementalGroups" (cat "[" ($groupIds | join ", ") "]") }} + {{- end }} + {{- if $securityContext }} + securityContext: + {{- range $key, $val := $securityContext }} + {{ $key }}: {{ $val }} + {{- end }} + {{- end }} + {{- if .Job.serviceAccountName }} + serviceAccountName: {{ .Job.serviceAccountName | quote }} + {{- end }} + initContainers: + {{- with .Job.metadata.pod.initContainers }} + {{- range . }} + - {{ toYaml . | indent 10 | trimPrefix (repeat 10 " ") }} + {{- end }} + {{- end }} + containers: + - name: rs-launcher-container + image: {{ toYaml .Job.container.image }} + {{- $isShell := false }} + {{- if .Job.command }} + command: ['/bin/sh'] + {{- $isShell = true }} + {{- else }} + command: [{{ toYaml .Job.exe }}] + {{- $isShell = false }} + {{- end }} + {{- if .Job.stdin }} + stdin: true + {{- else }} + stdin: false + {{- end }} + stdinOnce: true + {{- if .Job.workingDirectory }} + workingDir: {{ toYaml .Job.workingDirectory }} + {{- end }} + {{- if or (ne (len .Job.args) 0) $isShell }} + args: + {{- if $isShell }} + - '-c' + {{- if ne (len .Job.args) 0 }} + - {{ .Job.args | join " " | cat .Job.command | toYaml | indent 12 | trimPrefix (repeat 12 " ") }} + {{- else }} + - {{ .Job.command | toYaml | indent 12 | trimPrefix (repeat 12 " ") }} + {{- end }} + {{- else }} + {{- range .Job.args }} + - {{ toYaml . | indent 12 | trimPrefix (repeat 12 " ") }} + {{- end }} + {{- end }} + {{- end }} + {{- $secrets := list }} + {{- range .Job.config }} + {{- if eq .name "secret" }} + {{- $packedSecret := .value }} + {{- $secret := dict }} + {{- $_ := set $secret "secret" (splitList ":" $packedSecret | first) }} + {{- $_ := set $secret "key" (slice (splitList ":" $packedSecret) 1 2 | first) }} + {{- $_ := set $secret "name" (splitList ":" $packedSecret | last) }} + {{- $secrets = append $secrets $secret }} + {{- end }} + {{- end }} + {{- if or (ne (len .Job.environment) 0) (ne (len $secrets) 0) }} + env: + {{- range .Job.environment }} + - name: {{ toYaml .name | indent 14 | trimPrefix (repeat 14 " ") }} + value: {{ toYaml .value | indent 14 | trimPrefix (repeat 14 " ") }} + {{- end }} + {{- range $secrets }} + - name: {{ get . "name"}} + valueFrom: + secretKeyRef: + name: {{ get . "secret" }} + key: {{ get . "key" }} + {{- end }} + {{- end }} + {{- $exposedPorts := list }} + {{- range .Job.exposedPorts }} + {{- if .publishedPort }} + {{- $exposedPorts = append $exposedPorts . }} + {{- end }} + {{- end }} + {{- if ne (len $exposedPorts) 0 }} + ports: + {{- range $exposedPorts }} + - containerPort: {{ .targetPort }} + hostPort: {{ .publishedPort }} + {{- end }} + {{- end }} + {{- $limits := dict }} + {{- $requests := dict }} + {{- range .Job.resourceLimits }} + {{- if eq .type "cpuCount" }} + {{- $_ := set $limits "cpu" .value }} + {{- else if eq .type "CPU Request" }} + {{- $_ := set $requests "cpu" .value }} + {{- else if eq .type "memory" }} + {{- $_ := set $limits "memory" (printf "%s%s" .value "M") }} + {{- else if eq .type "Memory Request" }} + {{- $_ := set $requests "memory" (printf "%s%s" .value "M") }} + {{- else if eq .type "NVIDIA GPUs" }} + {{- $val := float64 .value }} + {{- if ne $val 0.0 }} + {{- $_ := set $limits "nvidia.com/gpu" $val }} + {{- end }} + {{- else if eq .type "AMD GPUs" }} + {{- $val := float64 .value }} + {{- if ne $val 0.0 }} + {{- $_ := set $limits "amd.com/gpu" $val }} + {{- end }} + {{- end }} + {{- end }} + {{- if any (ne (len $requests) 0) (ne (len $limits) 0) }} + resources: + {{- if ne (len $requests) 0 }} + requests: + {{- range $key, $val := $requests }} + {{ $key }}: {{ toYaml $val }} + {{- end }} + {{- end }} + {{- if ne (len $limits) 0 }} + limits: + {{- range $key, $val := $limits }} + {{ $key }}: {{ toYaml $val }} + {{- end }} + {{- end }} + {{- end }} + {{- if ne (len .Job.volumes) 0 }} + volumeMounts: + {{- range .Job.volumeMounts }} + - {{ nindent 14 (toYaml .) | trim -}} + {{- end }} + {{- end }} diff --git a/examples/launcher-templates/default/2.4.0/service.tpl b/examples/launcher-templates/default/2.4.0/service.tpl new file mode 100644 index 00000000..8b851c1c --- /dev/null +++ b/examples/launcher-templates/default/2.4.0/service.tpl @@ -0,0 +1,38 @@ +# Version: 2.4.0 +apiVersion: v1 +kind: Service +metadata: + name: {{ .Job.serviceName }} + annotations: + {{- with .Job.metadata.service.annotations }} + {{- range $key, $val := . }} + {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} + {{- end }} + {{- end }} + labels: + app.kubernetes.io/managed-by: "launcher" + job-name: {{ toYaml .Job.id }} + {{- with .Job.instanceId }} + launcher-instance-id: {{ toYaml . }} + {{- end }} + {{- with .Job.metadata.service.labels }} + {{- range $key, $val := . }} + {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} + {{- end }} + {{- end }} +spec: + ports: + {{- $i := 0 }} + {{- range .Job.exposedPorts }} + {{- if not .publishedPort }} + - name: {{ printf "port%d" $i }} + protocol: {{ .protocol }} + port: {{ .targetPort }} + targetPort: {{ .targetPort }} + {{- $i = add $i 1 }} + {{- end }} + {{- end }} + selector: + job-name: {{toYaml .Job.id }} + clusterIP: '' + type: NodePort diff --git a/examples/launcher-templates/helm/2.4.0-v1/job.tpl b/examples/launcher-templates/helm/2.4.0-v1/job.tpl new file mode 100644 index 00000000..f9f6af3b --- /dev/null +++ b/examples/launcher-templates/helm/2.4.0-v1/job.tpl @@ -0,0 +1,291 @@ +# Version: 2.4.0 +# DO NOT MODIFY the "Version: " key +# Helm Version: v1 +{{- $templateData := include "rstudio-library.templates.data" nil | mustFromJson }} +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + {{- with .Job.metadata.job.annotations }} + {{- range $key, $val := . }} + {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} + {{- end }} + {{- end }} + {{- with $templateData.job.annotations }} + {{- range $key, $val := . }} + {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} + {{- end }} + {{- end }} + labels: + app.kubernetes.io/managed-by: "launcher" + {{- with .Job.instanceId }} + launcher-instance-id: {{ toYaml . }} + {{- end }} + {{- with .Job.metadata.job.labels }} + {{- range $key, $val := . }} + {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} + {{- end }} + {{- end }} + {{- with $templateData.job.labels }} + {{- range $key, $val := . }} + {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} + {{- end }} + {{- end }} + generateName: {{ toYaml .Job.generateName }} +spec: + {{- if $templateData.job.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ $templateData.job.ttlSecondsAfterFinished }} + {{- end }} + backoffLimit: 0 + template: + metadata: + annotations: + {{- if .Job.tags }} + {{- $i := 0 }} + {{- range .Job.tags }} + USER_TAG_{{ $i }}: {{ toYaml . | indent 8 | trimPrefix (repeat 8 " ") }} + {{- $i = add $i 1 }} + {{- end }} + {{- end }} + stdin: {{ toYaml .Job.stdin | indent 8 | trimPrefix (repeat 8 " ") }} + user: {{ toYaml .Job.user }} + name: {{ toYaml .Job.name }} + service_ports: {{ toYaml .Job.servicePortsJson }} + {{- if .Job.metadata }} + user_metadata: {{ toJson .Job.metadata | toYaml | indent 8 | trimPrefix (repeat 8 " ") }} + {{- end }} + {{- with .Job.metadata.pod.annotations }} + {{- range $key, $val := . }} + {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} + {{- end }} + {{- end }} + {{- with $templateData.pod.annotations }} + {{- range $key, $val := . }} + {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} + {{- end }} + {{- end }} + labels: + {{- with .Job.instanceId }} + launcher-instance-id: {{ toYaml . }} + {{- end }} + {{- with .Job.metadata.pod.labels }} + {{- range $key, $val := . }} + {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} + {{- end }} + {{- end }} + {{- with $templateData.pod.labels }} + {{- range $key, $val := . }} + {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} + {{- end }} + {{- end }} + generateName: {{ toYaml .Job.generateName }} + spec: + {{- if .Job.host }} + nodeName: {{ toYaml .Job.host }} + {{- end }} + restartPolicy: Never + {{- if or $templateData.pod.serviceAccountName .Job.serviceAccountName }} + serviceAccountName: {{ .Job.serviceAccountName | default $templateData.pod.serviceAccountName | quote }} + {{- end }} + shareProcessNamespace: {{ .Job.shareProcessNamespace }} + {{- if or (ne (len .Job.volumes) 0) (ne (len $templateData.pod.volumes) 0) }} + volumes: + {{- range .Job.volumes }} + - {{ nindent 10 (toYaml .) | trim -}} + {{- end }} + {{- range $templateData.pod.volumes }} + - {{ nindent 10 (toYaml .) | trim -}} + {{- end }} + {{- end }} + {{- with $templateData.pod.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $templateData.pod.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if or (ne (len .Job.placementConstraints) 0) (ne (len $templateData.pod.nodeSelector) 0) }} + nodeSelector: + {{- range .Job.placementConstraints }} + {{ .name }}: {{ toYaml .value }} + {{- end }} + {{- range $key,$val := $templateData.pod.nodeSelector }} + {{ $key }}: {{- toYaml $val | nindent 10 }} + {{- end }} + {{- end }} + {{- with $templateData.pod.priorityClassName }} + priorityClassName: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- $securityContext := $templateData.pod.defaultSecurityContext }} + {{- if .Job.container.runAsUserId }} + {{- $_ := set $securityContext "runAsUser" .Job.container.runAsUserId }} + {{- end }} + {{- if .Job.container.runAsGroupId }} + {{- $_ := set $securityContext "runAsGroup" .Job.container.runAsGroupId }} + {{- end }} + {{- if .Job.container.supplementalGroupIds }} + {{- $groupIds := list }} + {{- range .Job.container.supplementalGroupIds }} + {{- $groupIds = append $groupIds . }} + {{- end }} + {{- $_ := set $securityContext "supplementalGroups" (cat "[" ($groupIds | join ", ") "]") }} + {{- $securityContext := mergeOverwrite $securityContext $templateData.pod.securityContext }} + {{- end }} + {{- if $securityContext }} + securityContext: + {{- range $key, $val := $securityContext }} + {{ $key }}: {{ $val }} + {{- end }} + {{- end }} + {{- with $templateData.pod.imagePullSecrets }} + imagePullSecrets: {{ toYaml . | nindent 12 }} + {{- end }} + initContainers: + {{- with .Job.metadata.pod.initContainers }} + {{- range . }} + - {{ toYaml . | indent 10 | trimPrefix (repeat 10 " ") }} + {{- end }} + {{- end }} + {{- with $templateData.pod.initContainers }} + {{- range . }} + - {{ toYaml . | indent 10 | trimPrefix (repeat 10 " ") }} + {{- end }} + {{- end }} + containers: + - name: rs-launcher-container + image: {{ toYaml .Job.container.image }} + {{- with $templateData.pod.imagePullPolicy }} + imagePullPolicy: {{- . | nindent 12 }} + {{- end }} + {{- $isShell := false }} + {{- if $templateData.pod.command }} + command: {{- toYaml $templateData.pod.command | nindent 12 }} + {{- if .Job.command }}{{- $isShell = true }}{{- end }} + {{- else if .Job.command }} + command: ['/bin/sh'] + {{- $isShell = true }} + {{- else }} + command: [{{ toYaml .Job.exe }}] + {{- $isShell = false }} + {{- end }} + {{- if .Job.stdin }} + stdin: true + {{- else }} + stdin: false + {{- end }} + stdinOnce: true + {{- if .Job.workingDirectory }} + workingDir: {{ toYaml .Job.workingDirectory }} + {{- end }} + {{- if or (ne (len .Job.args) 0) $isShell }} + args: + {{- if $isShell }} + - '-c' + {{- if ne (len .Job.args) 0 }} + - {{ .Job.args | join " " | cat .Job.command | toYaml | indent 12 | trimPrefix (repeat 12 " ") }} + {{- else }} + - {{ .Job.command | toYaml | indent 12 | trimPrefix (repeat 12 " ") }} + {{- end }} + {{- else }} + {{- range .Job.args }} + - {{ toYaml . | indent 12 | trimPrefix (repeat 12 " ") }} + {{- end }} + {{- end }} + {{- end }} + {{- $secrets := list }} + {{- range .Job.config }} + {{- if eq .name "secret" }} + {{- $packedSecret := .value }} + {{- $secret := dict }} + {{- $_ := set $secret "secret" (splitList ":" $packedSecret | first) }} + {{- $_ := set $secret "key" (slice (splitList ":" $packedSecret) 1 2 | first) }} + {{- $_ := set $secret "name" (splitList ":" $packedSecret | last) }} + {{- $secrets = append $secrets $secret }} + {{- end }} + {{- end }} + {{- if or (ne (len .Job.environment) 0) (ne (len $secrets) 0) (ne (len $templateData.pod.env) 0) }} + env: + {{- range .Job.environment }} + - name: {{ toYaml .name | indent 14 | trimPrefix (repeat 14 " ") }} + value: {{ toYaml .value | indent 14 | trimPrefix (repeat 14 " ") }} + {{- end }} + {{- range $secrets }} + - name: {{ get . "name"}} + valueFrom: + secretKeyRef: + name: {{ get . "secret" }} + key: {{ get . "key" }} + {{- end }} + {{- if $templateData.pod.env }} + {{- toYaml $templateData.pod.env | nindent 12 }} + {{- end }} + {{- end }} + {{- with $templateData.pod.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- $exposedPorts := list }} + {{- range .Job.exposedPorts }} + {{- if .publishedPort }} + {{- $exposedPorts = append $exposedPorts . }} + {{- end }} + {{- end }} + {{- if ne (len $exposedPorts) 0 }} + ports: + {{- range $exposedPorts }} + - containerPort: {{ .targetPort }} + hostPort: {{ .publishedPort }} + {{- end }} + {{- end }} + {{- $limits := dict }} + {{- $requests := dict }} + {{- range .Job.resourceLimits }} + {{- if eq .type "cpuCount" }} + {{- $_ := set $limits "cpu" .value }} + {{- else if eq .type "CPU Request" }} + {{- $_ := set $requests "cpu" .value }} + {{- else if eq .type "memory" }} + {{- $_ := set $limits "memory" (printf "%s%s" .value "M") }} + {{- else if eq .type "Memory Request" }} + {{- $_ := set $requests "memory" (printf "%s%s" .value "M") }} + {{- else if eq .type "NVIDIA GPUs" }} + {{- $val := float64 .value }} + {{- if ne $val 0.0 }} + {{- $_ := set $limits "nvidia.com/gpu" $val }} + {{- end }} + {{- else if eq .type "AMD GPUs" }} + {{- $val := float64 .value }} + {{- if ne $val 0.0 }} + {{- $_ := set $limits "amd.com/gpu" $val }} + {{- end }} + {{- end }} + {{- end }} + {{- if any (ne (len $requests) 0) (ne (len $limits) 0) }} + resources: + {{- if ne (len $requests) 0 }} + requests: + {{- range $key, $val := $requests }} + {{ $key }}: {{ toYaml $val }} + {{- end }} + {{- end }} + {{- if ne (len $limits) 0 }} + limits: + {{- range $key, $val := $limits }} + {{ $key }}: {{ toYaml $val }} + {{- end }} + {{- end }} + {{- end }} + {{- if or (ne (len .Job.volumes) 0) (ne (len $templateData.pod.volumeMounts) 0) }} + volumeMounts: + {{- range .Job.volumeMounts }} + - {{ nindent 14 (toYaml .) | trim -}} + {{- end }} + {{- range $templateData.pod.volumeMounts }} + - {{ nindent 14 (toYaml .) | trim -}} + {{- end }} + {{- end }} + {{- with $templateData.pod.extraContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/examples/launcher-templates/helm/2.4.0-v1/service.tpl b/examples/launcher-templates/helm/2.4.0-v1/service.tpl new file mode 100644 index 00000000..30bfca27 --- /dev/null +++ b/examples/launcher-templates/helm/2.4.0-v1/service.tpl @@ -0,0 +1,51 @@ +# Version: 2.4.0 +# DO NOT MODIFY the "Version: " key +# Helm Version: v1 +{{- $templateData := include "rstudio-library.templates.data" nil | mustFromJson }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Job.serviceName }} + annotations: + {{- with .Job.metadata.service.annotations }} + {{- range $key, $val := . }} + {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} + {{- end }} + {{- end }} + {{- with $templateData.service.annotations }} + {{- range $key, $val := . }} + {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} + {{- end }} + {{- end }} + labels: + app.kubernetes.io/managed-by: "launcher" + job-name: {{ toYaml .Job.id }} + {{- with .Job.instanceId }} + launcher-instance-id: {{ toYaml . }} + {{- end }} + {{- with .Job.metadata.service.labels }} + {{- range $key, $val := . }} + {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} + {{- end }} + {{- end }} + {{- with $templateData.service.labels }} + {{- range $key, $val := . }} + {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} + {{- end }} + {{- end }} +spec: + ports: + {{- $i := 0 }} + {{- range .Job.exposedPorts }} + {{- if not .publishedPort }} + - name: {{ printf "port%d" $i }} + protocol: {{ .protocol }} + port: {{ .targetPort }} + targetPort: {{ .targetPort }} + {{- $i = add $i 1 }} + {{- end }} + {{- end }} + selector: + job-name: {{toYaml .Job.id }} + clusterIP: '' + type: {{ $templateData.service.type }} From b125f0390a66516cdb65696c4379f1e29cec6866 Mon Sep 17 00:00:00 2001 From: Cole Arendt Date: Wed, 10 Jul 2024 12:54:01 -0400 Subject: [PATCH 098/284] update template versions in the helm charts --- charts/rstudio-connect/files/job.tpl | 13 +++++++++++-- charts/rstudio-connect/files/service.tpl | 7 +++++-- charts/rstudio-workbench/files/job.tpl | 10 ++++++++-- charts/rstudio-workbench/files/service.tpl | 7 +++++-- 4 files changed, 29 insertions(+), 8 deletions(-) diff --git a/charts/rstudio-connect/files/job.tpl b/charts/rstudio-connect/files/job.tpl index c8279a75..f9f6af3b 100644 --- a/charts/rstudio-connect/files/job.tpl +++ b/charts/rstudio-connect/files/job.tpl @@ -1,6 +1,6 @@ -# Version: 2.3.1 +# Version: 2.4.0 # DO NOT MODIFY the "Version: " key -# Helm Version: v3 +# Helm Version: v1 {{- $templateData := include "rstudio-library.templates.data" nil | mustFromJson }} apiVersion: batch/v1 kind: Job @@ -18,6 +18,9 @@ metadata: {{- end }} labels: app.kubernetes.io/managed-by: "launcher" + {{- with .Job.instanceId }} + launcher-instance-id: {{ toYaml . }} + {{- end }} {{- with .Job.metadata.job.labels }} {{- range $key, $val := . }} {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} @@ -30,6 +33,9 @@ metadata: {{- end }} generateName: {{ toYaml .Job.generateName }} spec: + {{- if $templateData.job.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ $templateData.job.ttlSecondsAfterFinished }} + {{- end }} backoffLimit: 0 template: metadata: @@ -59,6 +65,9 @@ spec: {{- end }} {{- end }} labels: + {{- with .Job.instanceId }} + launcher-instance-id: {{ toYaml . }} + {{- end }} {{- with .Job.metadata.pod.labels }} {{- range $key, $val := . }} {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} diff --git a/charts/rstudio-connect/files/service.tpl b/charts/rstudio-connect/files/service.tpl index f2b506ae..30bfca27 100644 --- a/charts/rstudio-connect/files/service.tpl +++ b/charts/rstudio-connect/files/service.tpl @@ -1,6 +1,6 @@ -# Version: 2.3.1 +# Version: 2.4.0 # DO NOT MODIFY the "Version: " key -# Helm Version: v3 +# Helm Version: v1 {{- $templateData := include "rstudio-library.templates.data" nil | mustFromJson }} apiVersion: v1 kind: Service @@ -20,6 +20,9 @@ metadata: labels: app.kubernetes.io/managed-by: "launcher" job-name: {{ toYaml .Job.id }} + {{- with .Job.instanceId }} + launcher-instance-id: {{ toYaml . }} + {{- end }} {{- with .Job.metadata.service.labels }} {{- range $key, $val := . }} {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} diff --git a/charts/rstudio-workbench/files/job.tpl b/charts/rstudio-workbench/files/job.tpl index 4288b5a6..f9f6af3b 100644 --- a/charts/rstudio-workbench/files/job.tpl +++ b/charts/rstudio-workbench/files/job.tpl @@ -1,6 +1,6 @@ -# Version: 2.3.1 +# Version: 2.4.0 # DO NOT MODIFY the "Version: " key -# Helm Version: v4 +# Helm Version: v1 {{- $templateData := include "rstudio-library.templates.data" nil | mustFromJson }} apiVersion: batch/v1 kind: Job @@ -18,6 +18,9 @@ metadata: {{- end }} labels: app.kubernetes.io/managed-by: "launcher" + {{- with .Job.instanceId }} + launcher-instance-id: {{ toYaml . }} + {{- end }} {{- with .Job.metadata.job.labels }} {{- range $key, $val := . }} {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} @@ -62,6 +65,9 @@ spec: {{- end }} {{- end }} labels: + {{- with .Job.instanceId }} + launcher-instance-id: {{ toYaml . }} + {{- end }} {{- with .Job.metadata.pod.labels }} {{- range $key, $val := . }} {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} diff --git a/charts/rstudio-workbench/files/service.tpl b/charts/rstudio-workbench/files/service.tpl index 30909985..30bfca27 100644 --- a/charts/rstudio-workbench/files/service.tpl +++ b/charts/rstudio-workbench/files/service.tpl @@ -1,6 +1,6 @@ -# Version: 2.3.1 +# Version: 2.4.0 # DO NOT MODIFY the "Version: " key -# Helm Version: v4 +# Helm Version: v1 {{- $templateData := include "rstudio-library.templates.data" nil | mustFromJson }} apiVersion: v1 kind: Service @@ -20,6 +20,9 @@ metadata: labels: app.kubernetes.io/managed-by: "launcher" job-name: {{ toYaml .Job.id }} + {{- with .Job.instanceId }} + launcher-instance-id: {{ toYaml . }} + {{- end }} {{- with .Job.metadata.service.labels }} {{- range $key, $val := . }} {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} From 2f809973eace779e154d4d51bec71701aba65278 Mon Sep 17 00:00:00 2001 From: Cole Arendt Date: Wed, 10 Jul 2024 12:54:11 -0400 Subject: [PATCH 099/284] bump versions and generate docs --- charts/rstudio-connect/Chart.yaml | 2 +- charts/rstudio-connect/NEWS.md | 4 ++++ charts/rstudio-connect/README.md | 6 +++--- charts/rstudio-workbench/Chart.yaml | 2 +- charts/rstudio-workbench/NEWS.md | 4 ++++ charts/rstudio-workbench/README.md | 6 +++--- 6 files changed, 16 insertions(+), 8 deletions(-) diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index 11c98a2f..a8e0f7ff 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.7.3 +version: 0.7.4 apiVersion: v2 appVersion: 2024.06.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index 6fd52937..45f7eb5c 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,3 +1,7 @@ +## 0.7.4 + +- Bump version of launcher templates `job.tpl` and `service.tpl` + # 0.7.3 - Bump Connect version to 2024.06.0 diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 78075223..150f764d 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.7.3](https://img.shields.io/badge/Version-0.7.3-informational?style=flat-square) ![AppVersion: 2024.06.0](https://img.shields.io/badge/AppVersion-2024.06.0-informational?style=flat-square) +![Version: 0.7.4](https://img.shields.io/badge/Version-0.7.4-informational?style=flat-square) ![AppVersion: 2024.06.0](https://img.shields.io/badge/AppVersion-2024.06.0-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ @@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.3: +To install the chart with the release name `my-release` at version 0.7.4: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.3 +helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.4 ``` To explore other chart versions, look at: diff --git a/charts/rstudio-workbench/Chart.yaml b/charts/rstudio-workbench/Chart.yaml index 7292ec7b..d5ac6d9c 100644 --- a/charts/rstudio-workbench/Chart.yaml +++ b/charts/rstudio-workbench/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-workbench description: Official Helm chart for Posit Workbench -version: 0.7.6 +version: 0.7.7 apiVersion: v2 appVersion: 2024.04.2 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index 5897eb5f..6222f967 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.7.7 + +- Bump version of launcher templates `job.tpl` and `service.tpl` + ## 0.7.6 - Bump Workbench version to 2024.04.2 diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 6398e2f7..002d3a87 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,6 +1,6 @@ # Posit Workbench -![Version: 0.7.6](https://img.shields.io/badge/Version-0.7.6-informational?style=flat-square) ![AppVersion: 2024.04.2](https://img.shields.io/badge/AppVersion-2024.04.2-informational?style=flat-square) +![Version: 0.7.7](https://img.shields.io/badge/Version-0.7.7-informational?style=flat-square) ![AppVersion: 2024.04.2](https://img.shields.io/badge/AppVersion-2024.04.2-informational?style=flat-square) #### _Official Helm chart for Posit Workbench_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.6: +To install the chart with the release name `my-release` at version 0.7.7: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-workbench --version=0.7.6 +helm upgrade --install my-release rstudio/rstudio-workbench --version=0.7.7 ``` To explore other chart versions, look at: From e82be97ebbbb6432f98d80fb650e817f9f376db1 Mon Sep 17 00:00:00 2001 From: Trevor Nederlof Date: Thu, 11 Jul 2024 17:22:13 -0400 Subject: [PATCH 100/284] Add native prometheus support for Workbench and move sidecar to legacy flag --- charts/rstudio-workbench/Chart.yaml | 2 +- charts/rstudio-workbench/NEWS.md | 9 +++++++++ charts/rstudio-workbench/templates/NOTES.txt | 6 ++++++ .../rstudio-workbench/templates/_helpers.tpl | 8 ++++++-- .../templates/configmap-general.yaml | 18 ++++++++++++++++++ .../templates/configmap-graphite-exporter.yaml | 2 +- .../templates/deployment.yaml | 8 +++++++- .../templates/service-monitor.yaml | 2 +- charts/rstudio-workbench/templates/svc.yaml | 7 ++++++- charts/rstudio-workbench/values.yaml | 15 ++++++++++----- 10 files changed, 65 insertions(+), 12 deletions(-) diff --git a/charts/rstudio-workbench/Chart.yaml b/charts/rstudio-workbench/Chart.yaml index 7292ec7b..9a81082a 100644 --- a/charts/rstudio-workbench/Chart.yaml +++ b/charts/rstudio-workbench/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-workbench description: Official Helm chart for Posit Workbench -version: 0.7.6 +version: 0.8.0 apiVersion: v2 appVersion: 2024.04.2 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index 5897eb5f..93e28221 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -1,5 +1,14 @@ # Changelog +## 0.8.0 + +- BREAKING: the prometheus endpoint has changed from port `9108` to `8989` by default + - We are now using an internal prometheus endpoint with all new metrics + - As a result, the `graphiteExporter` sidecar has been removed + - Some metrics from the `graphiteExporter` will no longer be present + - The parent / main "off-switch" for prometheus is at `prometheus.enabled` + - To revert to the old exporter, set `prometheus.legacy=true` (and please reach out to let us know why!) + ## 0.7.6 - Bump Workbench version to 2024.04.2 diff --git a/charts/rstudio-workbench/templates/NOTES.txt b/charts/rstudio-workbench/templates/NOTES.txt index 51dfb24e..0cf600e8 100644 --- a/charts/rstudio-workbench/templates/NOTES.txt +++ b/charts/rstudio-workbench/templates/NOTES.txt @@ -52,3 +52,9 @@ Please consider removing this configuration value. {{- if .Values.serviceAccountName }} {{- fail "\n\n`serviceAccountName` is no longer used. Use `rbac.serviceAccount.name` instead"}} {{- end }} + +{{- if and (hasKey (get .Values.config.server "rserver.conf") "monitor-graphite-enabled") (not .Values.prometheus.legacy) }} + +{{- print "\n\n`config.server.'rserver/.conf'.monitor-graphite-enabled` is overwritten by `prometheus.legacy=false`. Internal Workbench Prometheus will be used instead." }} + +{{- end }} diff --git a/charts/rstudio-workbench/templates/_helpers.tpl b/charts/rstudio-workbench/templates/_helpers.tpl index d847e766..29f9ffdd 100644 --- a/charts/rstudio-workbench/templates/_helpers.tpl +++ b/charts/rstudio-workbench/templates/_helpers.tpl @@ -89,6 +89,10 @@ containers: ports: - containerPort: 8787 name: http + {{- if and .Values.prometheus.enabled (not .Values.prometheus.legacy) }} + - containerPort: {{ .Values.prometheus.port }} + name: metrics + {{- end}} securityContext: {{- toYaml .Values.securityContext | nindent 4 }} volumeMounts: @@ -206,7 +210,7 @@ containers: {{- toYaml . | nindent 10 }} {{- end }} {{- end }} -{{- if .Values.prometheusExporter.enabled }} +{{- if and .Values.prometheus.legacy .Values.prometheusExporter.enabled }} - name: exporter image: "{{ .Values.prometheusExporter.image.repository }}:{{ .Values.prometheusExporter.image.tag }}" imagePullPolicy: "{{ .Values.prometheusExporter.image.imagePullPolicy }}" @@ -310,7 +314,7 @@ volumes: defaultMode: {{ .Values.config.defaultMode.userProvisioning }} {{- end }} {{ include "rstudio-library.license-volume" (dict "license" ( .Values.license ) "fullName" (include "rstudio-workbench.fullname" .)) }} -{{- if .Values.prometheusExporter.enabled }} +{{- if and .Values.prometheus.legacy .Values.prometheusExporter.enabled }} - name: graphite-exporter-config configMap: name: {{ include "rstudio-workbench.fullname" . }}-graphite diff --git a/charts/rstudio-workbench/templates/configmap-general.yaml b/charts/rstudio-workbench/templates/configmap-general.yaml index b9ded8fc..fa736d57 100644 --- a/charts/rstudio-workbench/templates/configmap-general.yaml +++ b/charts/rstudio-workbench/templates/configmap-general.yaml @@ -70,6 +70,24 @@ data: {{- $overrideDict = mergeOverwrite $licenseServerConf $overrideDict }} {{- end }} {{- $overrideDict = mergeOverwrite $defaultRServerConfig $overrideDict }} +{{- /* default metrics / prometheus configuration */}} + {{- if .Values.prometheus.enabled }} + {{- if .Values.prometheus.legacy }} + {{- /* we set the graphite values as a default, to hide from values.yaml */ -}} + {{- $graphiteDict := dict "rserver.conf" (dict "monitor-graphite-enabled" 1 "monitor-graphite-host" "127.0.0.1" "monitor-graphite-port" 9109 "monitor-graphite-client-id" "rstudio") }} + {{- $overrideDict = mergeOverwrite $graphiteDict $overrideDict }} + {{- else }} + {{- if hasKey $overrideDict "rserver.conf" }} + {{- if hasKey (get $overrideDict "rserver.conf") "monitor-graphite-enabled" }} + {{- /* we explicitly overwrite the graphite endpoint */ -}} + {{- $overrideDict = mergeOverwrite $overrideDict (dict "rserver.conf" (dict "monitor-graphite-enabled" "0")) }} + {{- end }} + {{- end }} + + {{- /* and set a default for the prometheus listener */ -}} + {{- $overrideDict = merge $overrideDict (dict "rserver.conf" ( dict "metrics-enabled" 1 "metrics-port" .Values.prometheus.port))}} + {{- end }} + {{- end }} {{- $overrideDict = mergeOverwrite $defaultLauncherK8sConfig $overrideDict }} {{ include "rstudio-library.config.ini" $overrideDict | indent 2 }} {{/* helper variables to make things here a bit more sane */}} diff --git a/charts/rstudio-workbench/templates/configmap-graphite-exporter.yaml b/charts/rstudio-workbench/templates/configmap-graphite-exporter.yaml index e104e222..a01cec2f 100644 --- a/charts/rstudio-workbench/templates/configmap-graphite-exporter.yaml +++ b/charts/rstudio-workbench/templates/configmap-graphite-exporter.yaml @@ -1,4 +1,4 @@ -{{- if .Values.prometheusExporter.enabled }} +{{- if and .Values.prometheus.legacy .Values.prometheusExporter.enabled }} --- apiVersion: v1 kind: ConfigMap diff --git a/charts/rstudio-workbench/templates/deployment.yaml b/charts/rstudio-workbench/templates/deployment.yaml index ed123099..e88ea1cf 100644 --- a/charts/rstudio-workbench/templates/deployment.yaml +++ b/charts/rstudio-workbench/templates/deployment.yaml @@ -21,15 +21,21 @@ spec: metadata: annotations: checksum/config-general: {{ include (print $.Template.BasePath "/configmap-general.yaml") . | sha256sum }} + {{- if and .Values.prometheus.legacy .Values.prometheusExporter.enabled }} checksum/config-graphite: {{ include (print $.Template.BasePath "/configmap-graphite-exporter.yaml") . | sha256sum }} + {{- end }} checksum/config-prestart: {{ include (print $.Template.BasePath "/configmap-prestart.yaml") . | sha256sum }} checksum/config-secret: {{ include (print $.Template.BasePath "/configmap-secret.yaml") . | sha256sum }} checksum/config-session: {{ include (print $.Template.BasePath "/configmap-session.yaml") . | sha256sum }} - {{- if .Values.prometheusExporter.enabled }} + {{- if .Values.prometheus }} prometheus.io/scrape: "true" prometheus.io/path: "/metrics" + {{- if and .Values.prometheus.legacy .Values.prometheusExporter.enabled }} prometheus.io/port: "9108" + {{- else }} + prometheus.io/port: {{ .Values.prometheus.port | quote }} {{- end }} + {{- end }} {{- include "rstudio-workbench.pod.annotations" . | nindent 8 }} labels: {{- include "rstudio-workbench.selectorLabels" . | nindent 8 }} diff --git a/charts/rstudio-workbench/templates/service-monitor.yaml b/charts/rstudio-workbench/templates/service-monitor.yaml index 4136f5a5..0210eaa7 100644 --- a/charts/rstudio-workbench/templates/service-monitor.yaml +++ b/charts/rstudio-workbench/templates/service-monitor.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.prometheusExporter.enabled .Values.serviceMonitor.enabled -}} +{{- if and .Values.prometheus.enabled .Values.serviceMonitor.enabled -}} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/rstudio-workbench/templates/svc.yaml b/charts/rstudio-workbench/templates/svc.yaml index 713a54db..427eecf3 100644 --- a/charts/rstudio-workbench/templates/svc.yaml +++ b/charts/rstudio-workbench/templates/svc.yaml @@ -28,7 +28,12 @@ spec: nodePort: {{ .Values.service.nodePort }} {{- end }} targetPort: 8787 - {{- if .Values.prometheusExporter.enabled }} + {{- if .Values.prometheus.enabled }} - name: metrics + targetPort: metrics + {{- if .Values.prometheus.legacy }} port: 9108 + {{- else }} + port: {{ .Values.prometheus.port }} + {{- end }} {{- end }} diff --git a/charts/rstudio-workbench/values.yaml b/charts/rstudio-workbench/values.yaml index 7ecdb6e8..5c098577 100644 --- a/charts/rstudio-workbench/values.yaml +++ b/charts/rstudio-workbench/values.yaml @@ -321,8 +321,17 @@ pod: # -- The termination grace period seconds allowed for the pod before shutdown terminationGracePeriodSeconds: 120 +prometheus: + # -- The parent setting for whether to enable prometheus metrics. Default is to use the built-in product exporter + enabled: true + # -- The port that prometheus will listen on. If legacy=true, then this will be hard-coded to 9108 + port: 8989 + # -- Whether to enable the legacy prometheusExporter INSTEAD OF the built-in product exporter. If you change this to + # `true`, please let us know why! Requires prometheusExporter.enabled=true too + legacy: false + prometheusExporter: - # -- whether the prometheus exporter sidecar should be enabled + # -- DEPRECATED. Whether the prometheus exporter sidecar should be enabled. See prometheus.enabled instead. enabled: true # -- Yaml that defines the graphite exporter mapping. null by default, which uses the embedded / default mapping yaml file mappingYaml: null @@ -435,10 +444,6 @@ config: launcher-port: 5559 launcher-sessions-enabled: 1 launcher-default-cluster: Kubernetes - monitor-graphite-enabled: 1 - monitor-graphite-host: 127.0.0.1 - monitor-graphite-port: 9109 - monitor-graphite-client-id: rstudio launcher.conf: server: address: 127.0.0.1 From 34e5dce48d9fa571026c30c15434fb7c4d9673d2 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 11 Jul 2024 21:24:42 +0000 Subject: [PATCH 101/284] Update helm-docs and README.md --- charts/rstudio-workbench/README.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 6398e2f7..9cf85b98 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,6 +1,6 @@ # Posit Workbench -![Version: 0.7.6](https://img.shields.io/badge/Version-0.7.6-informational?style=flat-square) ![AppVersion: 2024.04.2](https://img.shields.io/badge/AppVersion-2024.04.2-informational?style=flat-square) +![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![AppVersion: 2024.04.2](https://img.shields.io/badge/AppVersion-2024.04.2-informational?style=flat-square) #### _Official Helm chart for Posit Workbench_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.6: +To install the chart with the release name `my-release` at version 0.8.0: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-workbench --version=0.7.6 +helm upgrade --install my-release rstudio/rstudio-workbench --version=0.8.0 ``` To explore other chart versions, look at: @@ -533,7 +533,10 @@ Use of [Sealed secrets](https://github.com/bitnami-labs/sealed-secrets) disables | pod.volumes | list | `[]` | volumes is injected as-is into the "volumes:" component of the pod.container spec | | podDisruptionBudget | object | `{}` | Pod disruption budget | | priorityClassName | string | `""` | The pod's priorityClassName | -| prometheusExporter.enabled | bool | `true` | whether the prometheus exporter sidecar should be enabled | +| prometheus.enabled | bool | `true` | The parent setting for whether to enable prometheus metrics. Default is to use the built-in product exporter | +| prometheus.legacy | bool | `false` | Whether to enable the legacy prometheusExporter INSTEAD OF the built-in product exporter. If you change this to `true`, please let us know why! Requires prometheusExporter.enabled=true too | +| prometheus.port | int | `8989` | The port that prometheus will listen on. If legacy=true, then this will be hard-coded to 9108 | +| prometheusExporter.enabled | bool | `true` | DEPRECATED. Whether the prometheus exporter sidecar should be enabled. See prometheus.enabled instead. | | prometheusExporter.image.imagePullPolicy | string | `"IfNotPresent"` | | | prometheusExporter.image.repository | string | `"prom/graphite-exporter"` | | | prometheusExporter.image.tag | string | `"v0.9.0"` | | From 70bffe21cb8a85838afe3135672871e3df2bcf0c Mon Sep 17 00:00:00 2001 From: Trevor Nederlof Date: Thu, 11 Jul 2024 17:27:58 -0400 Subject: [PATCH 102/284] Tweak NEWS --- charts/rstudio-workbench/NEWS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index 93e28221..0b24ae59 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -3,7 +3,7 @@ ## 0.8.0 - BREAKING: the prometheus endpoint has changed from port `9108` to `8989` by default - - We are now using an internal prometheus endpoint with all new metrics + - We are now using an internal prometheus endpoint with new metrics - As a result, the `graphiteExporter` sidecar has been removed - Some metrics from the `graphiteExporter` will no longer be present - The parent / main "off-switch" for prometheus is at `prometheus.enabled` From 75d174ef362cf72562308305bb09168cf8cdc526 Mon Sep 17 00:00:00 2001 From: David Kegley Date: Tue, 16 Jul 2024 13:47:41 -0400 Subject: [PATCH 103/284] Bump default quarto version to 1.4.557 --- charts/rstudio-connect/Chart.yaml | 2 +- charts/rstudio-connect/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index 11c98a2f..a8e0f7ff 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.7.3 +version: 0.7.4 apiVersion: v2 appVersion: 2024.06.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-connect/values.yaml b/charts/rstudio-connect/values.yaml index d2e6eac3..63ab267b 100644 --- a/charts/rstudio-connect/values.yaml +++ b/charts/rstudio-connect/values.yaml @@ -355,7 +355,7 @@ config: # Note: The `Executable` listed below is only used for Local Execution. # For Off-Host Execution, Quarto versions are defined by the set of Execution Environments # https://docs.posit.co/connect/admin/quarto/ - Executable: "/opt/quarto/1.4.552/bin/quarto" + Executable: "/opt/quarto/1.4.557/bin/quarto" TensorFlow: Enabled: true # Note: The `Executable` listed below is only used for Local Execution. From 47bfd8e74342ee3375459e4419afb3b94fb68c6a Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 16 Jul 2024 17:49:32 +0000 Subject: [PATCH 104/284] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 78075223..150f764d 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.7.3](https://img.shields.io/badge/Version-0.7.3-informational?style=flat-square) ![AppVersion: 2024.06.0](https://img.shields.io/badge/AppVersion-2024.06.0-informational?style=flat-square) +![Version: 0.7.4](https://img.shields.io/badge/Version-0.7.4-informational?style=flat-square) ![AppVersion: 2024.06.0](https://img.shields.io/badge/AppVersion-2024.06.0-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ @@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.3: +To install the chart with the release name `my-release` at version 0.7.4: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.3 +helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.4 ``` To explore other chart versions, look at: From 6563f14979ce1673d9d95c26e5cbbde3b6d4949a Mon Sep 17 00:00:00 2001 From: Cole Arendt Date: Tue, 23 Jul 2024 09:51:48 -0400 Subject: [PATCH 105/284] set enableServiceLinks to default false for sessions and fix a templating logic bug Also fix up NEWS.md for the rstudio-connect chart --- charts/rstudio-connect/NEWS.md | 8 +++++--- charts/rstudio-connect/files/job.tpl | 3 ++- charts/rstudio-workbench/NEWS.md | 2 ++ charts/rstudio-workbench/files/job.tpl | 3 ++- examples/launcher-templates/helm/2.4.0-v1/job.tpl | 3 ++- 5 files changed, 13 insertions(+), 6 deletions(-) diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index 45f7eb5c..fd1233e9 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,13 +1,15 @@ +# Changelog + ## 0.7.4 - Bump version of launcher templates `job.tpl` and `service.tpl` + - `enableServiceLinks` now defaults to `false` for sessions (instead of not being set). + To enable them for sessions, set `launcher.templateValues.enableServiceLinks: true` -# 0.7.3 +## 0.7.3 - Bump Connect version to 2024.06.0 -# Changelog - ## 0.7.2 - Bump Connect version to 2024.05.0 diff --git a/charts/rstudio-connect/files/job.tpl b/charts/rstudio-connect/files/job.tpl index f9f6af3b..a0101a8d 100644 --- a/charts/rstudio-connect/files/job.tpl +++ b/charts/rstudio-connect/files/job.tpl @@ -83,6 +83,7 @@ spec: {{- if .Job.host }} nodeName: {{ toYaml .Job.host }} {{- end }} + enableServiceLinks: {{ if hasKey $templateData.pod "enableServiceLinks" }}{{ $templateData.pod.enableServiceLinks }}{{ else }}false{{ end }} restartPolicy: Never {{- if or $templateData.pod.serviceAccountName .Job.serviceAccountName }} serviceAccountName: {{ .Job.serviceAccountName | default $templateData.pod.serviceAccountName | quote }} @@ -105,7 +106,7 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- if or (ne (len .Job.placementConstraints) 0) (ne (len $templateData.pod.nodeSelector) 0) }} + {{- if or (ne (len .Job.placementConstraints) 0) (and $templateData.pod.nodeSelector (ne (len $templateData.pod.nodeSelector) 0)) }} nodeSelector: {{- range .Job.placementConstraints }} {{ .name }}: {{ toYaml .value }} diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index 6222f967..cb19d17a 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -3,6 +3,8 @@ ## 0.7.7 - Bump version of launcher templates `job.tpl` and `service.tpl` + - `enableServiceLinks` now defaults to `false` for sessions (instead of not being set). + To enable them for sessions, set `launcher.templateValues.enableServiceLinks: true` ## 0.7.6 diff --git a/charts/rstudio-workbench/files/job.tpl b/charts/rstudio-workbench/files/job.tpl index f9f6af3b..a0101a8d 100644 --- a/charts/rstudio-workbench/files/job.tpl +++ b/charts/rstudio-workbench/files/job.tpl @@ -83,6 +83,7 @@ spec: {{- if .Job.host }} nodeName: {{ toYaml .Job.host }} {{- end }} + enableServiceLinks: {{ if hasKey $templateData.pod "enableServiceLinks" }}{{ $templateData.pod.enableServiceLinks }}{{ else }}false{{ end }} restartPolicy: Never {{- if or $templateData.pod.serviceAccountName .Job.serviceAccountName }} serviceAccountName: {{ .Job.serviceAccountName | default $templateData.pod.serviceAccountName | quote }} @@ -105,7 +106,7 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- if or (ne (len .Job.placementConstraints) 0) (ne (len $templateData.pod.nodeSelector) 0) }} + {{- if or (ne (len .Job.placementConstraints) 0) (and $templateData.pod.nodeSelector (ne (len $templateData.pod.nodeSelector) 0)) }} nodeSelector: {{- range .Job.placementConstraints }} {{ .name }}: {{ toYaml .value }} diff --git a/examples/launcher-templates/helm/2.4.0-v1/job.tpl b/examples/launcher-templates/helm/2.4.0-v1/job.tpl index f9f6af3b..a0101a8d 100644 --- a/examples/launcher-templates/helm/2.4.0-v1/job.tpl +++ b/examples/launcher-templates/helm/2.4.0-v1/job.tpl @@ -83,6 +83,7 @@ spec: {{- if .Job.host }} nodeName: {{ toYaml .Job.host }} {{- end }} + enableServiceLinks: {{ if hasKey $templateData.pod "enableServiceLinks" }}{{ $templateData.pod.enableServiceLinks }}{{ else }}false{{ end }} restartPolicy: Never {{- if or $templateData.pod.serviceAccountName .Job.serviceAccountName }} serviceAccountName: {{ .Job.serviceAccountName | default $templateData.pod.serviceAccountName | quote }} @@ -105,7 +106,7 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- if or (ne (len .Job.placementConstraints) 0) (ne (len $templateData.pod.nodeSelector) 0) }} + {{- if or (ne (len .Job.placementConstraints) 0) (and $templateData.pod.nodeSelector (ne (len $templateData.pod.nodeSelector) 0)) }} nodeSelector: {{- range .Job.placementConstraints }} {{ .name }}: {{ toYaml .value }} From abcfbf3e40bf57dd145e7019b66323b8b114876e Mon Sep 17 00:00:00 2001 From: Cole Arendt Date: Tue, 23 Jul 2024 09:54:51 -0400 Subject: [PATCH 106/284] fix version conflict with Connect --- charts/rstudio-connect/Chart.yaml | 2 +- charts/rstudio-connect/NEWS.md | 6 +++++- charts/rstudio-connect/README.md | 6 +++--- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index a8e0f7ff..f49a1d4d 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.7.4 +version: 0.7.5 apiVersion: v2 appVersion: 2024.06.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index fd1233e9..50733ec4 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,11 +1,15 @@ # Changelog -## 0.7.4 +## 0.7.5 - Bump version of launcher templates `job.tpl` and `service.tpl` - `enableServiceLinks` now defaults to `false` for sessions (instead of not being set). To enable them for sessions, set `launcher.templateValues.enableServiceLinks: true` +## 0.7.4 + +- Bump default Quarto version to 1.4.557 + ## 0.7.3 - Bump Connect version to 2024.06.0 diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 150f764d..6d629df4 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.7.4](https://img.shields.io/badge/Version-0.7.4-informational?style=flat-square) ![AppVersion: 2024.06.0](https://img.shields.io/badge/AppVersion-2024.06.0-informational?style=flat-square) +![Version: 0.7.5](https://img.shields.io/badge/Version-0.7.5-informational?style=flat-square) ![AppVersion: 2024.06.0](https://img.shields.io/badge/AppVersion-2024.06.0-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ @@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.4: +To install the chart with the release name `my-release` at version 0.7.5: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.4 +helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.5 ``` To explore other chart versions, look at: From ec3abe7ddc4c1ba8659af2dac252aaf588f0ddf5 Mon Sep 17 00:00:00 2001 From: Cole Arendt Date: Tue, 23 Jul 2024 11:31:17 -0400 Subject: [PATCH 107/284] add NEWS link to Kubernetes project discussion --- charts/rstudio-connect/NEWS.md | 3 ++- charts/rstudio-workbench/NEWS.md | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index 50733ec4..c620303b 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -4,7 +4,8 @@ - Bump version of launcher templates `job.tpl` and `service.tpl` - `enableServiceLinks` now defaults to `false` for sessions (instead of not being set). - To enable them for sessions, set `launcher.templateValues.enableServiceLinks: true` + To enable them for sessions, set `launcher.templateValues.enableServiceLinks: true`. + - Also see related discussion [on the Kubernetes project](https://github.com/kubernetes/kubernetes/issues/121787) ## 0.7.4 diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index cb19d17a..30ad421a 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -5,6 +5,7 @@ - Bump version of launcher templates `job.tpl` and `service.tpl` - `enableServiceLinks` now defaults to `false` for sessions (instead of not being set). To enable them for sessions, set `launcher.templateValues.enableServiceLinks: true` + - Also see related discussion [on the Kubernetes project](https://github.com/kubernetes/kubernetes/issues/121787) ## 0.7.6 From 2ee62270f4159ed317a265cdec7b641bb3c96601 Mon Sep 17 00:00:00 2001 From: David Kegley Date: Tue, 30 Jul 2024 08:30:52 -0400 Subject: [PATCH 108/284] Fix rstudio-connect NEWS header --- charts/rstudio-connect/Chart.yaml | 2 +- charts/rstudio-connect/NEWS.md | 11 ++++++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index a8e0f7ff..f49a1d4d 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.7.4 +version: 0.7.5 apiVersion: v2 appVersion: 2024.06.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index 6fd52937..2b1a0e38 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,8 +1,13 @@ -# 0.7.3 +# Changelog -- Bump Connect version to 2024.06.0 +## 0.7.4 -# Changelog +- BREAKING: local execution only + - Default installed Quarto version upgraded to 1.4.557 + +## 0.7.3 + +- Bump Connect version to 2024.06.0 ## 0.7.2 From a80ea7e5c40059ef9fe4948fdb05add9d19dddbd Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 30 Jul 2024 12:42:39 +0000 Subject: [PATCH 109/284] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 150f764d..6d629df4 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.7.4](https://img.shields.io/badge/Version-0.7.4-informational?style=flat-square) ![AppVersion: 2024.06.0](https://img.shields.io/badge/AppVersion-2024.06.0-informational?style=flat-square) +![Version: 0.7.5](https://img.shields.io/badge/Version-0.7.5-informational?style=flat-square) ![AppVersion: 2024.06.0](https://img.shields.io/badge/AppVersion-2024.06.0-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ @@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.4: +To install the chart with the release name `my-release` at version 0.7.5: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.4 +helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.5 ``` To explore other chart versions, look at: From 56c3bc8941abfeb52a7e41c2b6009aeb04157a3a Mon Sep 17 00:00:00 2001 From: David Kegley Date: Wed, 7 Aug 2024 15:42:48 -0400 Subject: [PATCH 110/284] Bump Connect to version 2024.08.0 --- charts/rstudio-connect/Chart.yaml | 6 +++--- charts/rstudio-connect/NEWS.md | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index f49a1d4d..6705a487 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,8 +1,8 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.7.5 +version: 0.7.6 apiVersion: v2 -appVersion: 2024.06.0 +appVersion: 2024.08.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.rstudio.com sources: @@ -18,7 +18,7 @@ dependencies: annotations: artifacthub.io/images: | - name: rstudio-connect - image: rstudio/rstudio-connect:ubuntu2204-2024.06.0 + image: rstudio/rstudio-connect:ubuntu2204-2024.08.0 artifacthub.io/license: MIT artifacthub.io/links: | - name: Docker Images diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index 2b1a0e38..f7d20fa6 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.7.6 + +- Bump Connect version to 2024.08.0 + ## 0.7.4 - BREAKING: local execution only From eb0ceac37caf9e38df7979bdc92eb484322acaf4 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 7 Aug 2024 19:43:49 +0000 Subject: [PATCH 111/284] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 6d629df4..ada463a0 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.7.5](https://img.shields.io/badge/Version-0.7.5-informational?style=flat-square) ![AppVersion: 2024.06.0](https://img.shields.io/badge/AppVersion-2024.06.0-informational?style=flat-square) +![Version: 0.7.6](https://img.shields.io/badge/Version-0.7.6-informational?style=flat-square) ![AppVersion: 2024.08.0](https://img.shields.io/badge/AppVersion-2024.08.0-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ @@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.5: +To install the chart with the release name `my-release` at version 0.7.6: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.5 +helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.6 ``` To explore other chart versions, look at: From 66170758ac9759674ef0a9c1cdc2341037227406 Mon Sep 17 00:00:00 2001 From: Tyler Date: Mon, 19 Aug 2024 10:01:14 -0400 Subject: [PATCH 112/284] Bump PPM to 2024.08.0 --- charts/rstudio-pm/Chart.yaml | 6 +++--- charts/rstudio-pm/NEWS.md | 6 +++++- charts/rstudio-pm/README.md | 6 +++--- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index 1f9b70b7..2f70b2d3 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -1,8 +1,8 @@ name: rstudio-pm description: Official Helm chart for Posit Package Manager -version: 0.5.29 +version: 0.5.30 apiVersion: v2 -appVersion: 2024.04.4 +appVersion: 2024.08.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.rstudio.com sources: @@ -19,7 +19,7 @@ dependencies: annotations: artifacthub.io/images: | - name: rstudio-package-manager - image: rstudio/rstudio-package-manager:ubuntu2204-2024.04.4 + image: rstudio/rstudio-package-manager:ubuntu2204-2024.08.0 artifacthub.io/license: MIT artifacthub.io/links: | - name: RStudio Community diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index e01f7d99..c08e67c4 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -1,8 +1,12 @@ # Changelog +## 0.5.30 + +- Update default Posit Package Manager version to 2024.08.0-6 + ## 0.5.29 -- Update default Posit Package Manager version to 2024.04.4-35 +- Update default Posit Package Manager version to 2024.04.4-35 ## 0.5.28 diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 9766ac62..411603e9 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,6 +1,6 @@ # Posit Package Manager -![Version: 0.5.29](https://img.shields.io/badge/Version-0.5.29-informational?style=flat-square) ![AppVersion: 2024.04.4](https://img.shields.io/badge/AppVersion-2024.04.4-informational?style=flat-square) +![Version: 0.5.30](https://img.shields.io/badge/Version-0.5.30-informational?style=flat-square) ![AppVersion: 2024.08.0](https://img.shields.io/badge/AppVersion-2024.08.0-informational?style=flat-square) #### _Official Helm chart for Posit Package Manager_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.5.29: +To install the chart with the release name `my-release` at version 0.5.30: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.29 +helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.30 ``` To explore other chart versions, look at: From 93d3d8f00c0d8a9f5b8b9f1f40f859ccb5defdcf Mon Sep 17 00:00:00 2001 From: Tino Kraan Date: Fri, 23 Aug 2024 12:33:41 +0200 Subject: [PATCH 113/284] added optional resources to default initContainer --- charts/rstudio-connect/templates/configmap.yaml | 3 ++- charts/rstudio-connect/values.yaml | 10 +++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/charts/rstudio-connect/templates/configmap.yaml b/charts/rstudio-connect/templates/configmap.yaml index bb14f55f..5dcab04d 100644 --- a/charts/rstudio-connect/templates/configmap.yaml +++ b/charts/rstudio-connect/templates/configmap.yaml @@ -23,9 +23,10 @@ data: {{- $initContainerImageTag := .Values.launcher.defaultInitContainer.tag | default (printf "%s%s" .Values.launcher.defaultInitContainer.tagPrefix $defaultVersion )}} {{- $initContainerImage := print .Values.launcher.defaultInitContainer.repository ":" ( $initContainerImageTag ) }} {{- $initContainerPullPolicy := default "IfNotPresent" .Values.launcher.defaultInitContainer.imagePullPolicy }} + {{- $initContainerResources := .Values.launcher.defaultInitContainer.resources }} {{- $initContainerSecurityContext := .Values.launcher.defaultInitContainer.securityContext }} {{- $initContainerVolumeMount := dict "name" ("rsc-volume") "mountPath" ("/mnt/rstudio-connect-runtime/") }} - {{- $initContainerJson := dict "name" ("init") "image" ($initContainerImage) "imagePullPolicy" ($initContainerPullPolicy) "volumeMounts" ( list $initContainerVolumeMount ) "securityContext" $initContainerSecurityContext }} + {{- $initContainerJson := dict "name" ("init") "image" ($initContainerImage) "imagePullPolicy" ($initContainerPullPolicy) "resources" ($initContainerResources) "volumeMounts" ( list $initContainerVolumeMount ) "securityContext" $initContainerSecurityContext }} {{- $jobJsonInitContainer := dict "target" ("/spec/template/spec/initContainers/0") "name" ("defaultInitContainer") "json" $initContainerJson }} {{- /* set up job-json defaults */ -}} {{- $jobJsonDefaults := list }} diff --git a/charts/rstudio-connect/values.yaml b/charts/rstudio-connect/values.yaml index 63ab267b..10a3316d 100644 --- a/charts/rstudio-connect/values.yaml +++ b/charts/rstudio-connect/values.yaml @@ -325,6 +325,14 @@ launcher: tag: "" # -- The imagePullPolicy for the default initContainer imagePullPolicy: "" + # -- Optional resources for the default initContainer + resources: {} + # requests: + # cpu: "128m" + # memory: "128Mi" + # limits: + # cpu: "512m" + # memory: "512Mi" # -- The securityContext for the default initContainer securityContext: {} @@ -371,4 +379,4 @@ config: AccessLog: STDOUT AccessLogFormat: COMMON # COMMON, COMBINED, or JSON Metrics: - Enabled: true + Enabled: true \ No newline at end of file From bcff3ed0d6cf7a77aa540e93bce5e6b88fb02aae Mon Sep 17 00:00:00 2001 From: Sam Cofer Date: Thu, 5 Sep 2024 15:30:59 -0500 Subject: [PATCH 114/284] Add hostAliases to the main Connect pod and content pods --- charts/rstudio-connect/files/job.tpl | 4 ++++ charts/rstudio-connect/templates/deployment.yaml | 4 ++++ charts/rstudio-connect/values.yaml | 3 +++ 3 files changed, 11 insertions(+) diff --git a/charts/rstudio-connect/files/job.tpl b/charts/rstudio-connect/files/job.tpl index c8279a75..60a694fb 100644 --- a/charts/rstudio-connect/files/job.tpl +++ b/charts/rstudio-connect/files/job.tpl @@ -78,6 +78,10 @@ spec: {{- if or $templateData.pod.serviceAccountName .Job.serviceAccountName }} serviceAccountName: {{ .Job.serviceAccountName | default $templateData.pod.serviceAccountName | quote }} {{- end }} + {{- with $templateData.pod.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} shareProcessNamespace: {{ .Job.shareProcessNamespace }} {{- if or (ne (len .Job.volumes) 0) (ne (len $templateData.pod.volumes) 0) }} volumes: diff --git a/charts/rstudio-connect/templates/deployment.yaml b/charts/rstudio-connect/templates/deployment.yaml index 2668e8ba..d86f080d 100644 --- a/charts/rstudio-connect/templates/deployment.yaml +++ b/charts/rstudio-connect/templates/deployment.yaml @@ -46,6 +46,10 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.pod.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/rstudio-connect/values.yaml b/charts/rstudio-connect/values.yaml index 63ab267b..9549545d 100644 --- a/charts/rstudio-connect/values.yaml +++ b/charts/rstudio-connect/values.yaml @@ -127,6 +127,8 @@ pod: port: 3939 # -- The termination grace period seconds allowed for the pod before shutdown terminationGracePeriodSeconds: 120 + # -- Array of hostnames to supply to the main pod + hostAliases: [] # -- The pod's run command. By default, it uses the container's default command: [] @@ -307,6 +309,7 @@ launcher: tolerations: [] affinity: {} nodeSelector: {} + hostAliases: [] priorityClassName: "" # -- command for all pods. This is really not something we should expose and will be removed once we have a better option command: [] From c07067d0bc0e2176102cd692f4708eab05e0ac2c Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 5 Sep 2024 20:35:25 +0000 Subject: [PATCH 115/284] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index ada463a0..b7355ac1 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -179,7 +179,7 @@ The Helm `config` values are converted into the `rstudio-connect.gcfg` service c | launcher.includeTemplateValues | bool | `true` | whether to include the templateValues rendering process | | launcher.launcherKubernetesProfilesConf | object | `{}` | User definition of launcher.kubernetes.profiles.conf for job customization | | launcher.namespace | string | `""` | The namespace to launch sessions into. Uses the Release namespace by default | -| launcher.templateValues | object | `{"job":{"annotations":{},"labels":{}},"pod":{"affinity":{},"annotations":{},"command":[],"containerSecurityContext":{},"defaultSecurityContext":{},"env":[],"extraContainers":[],"imagePullPolicy":"","imagePullSecrets":[],"initContainers":[],"labels":{},"nodeSelector":{},"priorityClassName":"","securityContext":{},"serviceAccountName":"","tolerations":[],"volumeMounts":[],"volumes":[]},"service":{"annotations":{},"labels":{},"type":"ClusterIP"}}` | Values to pass along to the Posit Connect session templating process | +| launcher.templateValues | object | `{"job":{"annotations":{},"labels":{}},"pod":{"affinity":{},"annotations":{},"command":[],"containerSecurityContext":{},"defaultSecurityContext":{},"env":[],"extraContainers":[],"hostAliases":[],"imagePullPolicy":"","imagePullSecrets":[],"initContainers":[],"labels":{},"nodeSelector":{},"priorityClassName":"","securityContext":{},"serviceAccountName":"","tolerations":[],"volumeMounts":[],"volumes":[]},"service":{"annotations":{},"labels":{},"type":"ClusterIP"}}` | Values to pass along to the Posit Connect session templating process | | launcher.templateValues.pod.command | list | `[]` | command for all pods. This is really not something we should expose and will be removed once we have a better option | | launcher.useTemplates | bool | `true` | Whether to use launcher templates when launching sessions. Defaults to true | | license.file | object | `{"contents":false,"mountPath":"/etc/rstudio-licensing","mountSubPath":false,"secret":false,"secretKey":"license.lic"}` | the file section is used for licensing with a license file | @@ -197,6 +197,7 @@ The Helm `config` values are converted into the `rstudio-connect.gcfg` service c | pod.annotations | object | `{}` | Additional annotations to add to the rstudio-connect pods | | pod.env | list | `[]` | An array of maps that is injected as-is into the "env:" component of the pod.container spec | | pod.haste | bool | `true` | A helper that defines the RSTUDIO_CONNECT_HASTE environment variable | +| pod.hostAliases | list | `[]` | Array of hostnames to supply to the main pod | | pod.labels | object | `{}` | Additional labels to add to the rstudio-connect pods | | pod.port | int | `3939` | The containerPort used by the main pod container | | pod.securityContext | object | `{}` | Values to set the `securityContext` for the connect pod | From ccb86ec85ba8a5249d7db8126cb38a8915445683 Mon Sep 17 00:00:00 2001 From: "Benjamin R. J. Schwedler" Date: Fri, 6 Sep 2024 10:59:06 -0500 Subject: [PATCH 116/284] Pass GITHUB_TOKEN for chart rebuilds --- .github/workflows/chart-rebuild.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/chart-rebuild.yaml b/.github/workflows/chart-rebuild.yaml index f0b1c8a9..f399113c 100644 --- a/.github/workflows/chart-rebuild.yaml +++ b/.github/workflows/chart-rebuild.yaml @@ -20,6 +20,8 @@ jobs: - name: Rebuild index.yaml env: version: v1.2.1 + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + CR_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | if [[ ! -d "$RUNNER_TOOL_CACHE" ]]; then echo "Cache directory '$RUNNER_TOOL_CACHE' does not exist" >&2 From f79295bf5c70f3e9a03e1636fe75b0cc7bc8cca4 Mon Sep 17 00:00:00 2001 From: David Kegley Date: Tue, 10 Sep 2024 13:54:10 -0400 Subject: [PATCH 117/284] Add launcher initContainer resource requests and limits for Connect --- charts/rstudio-connect/Chart.yaml | 2 +- charts/rstudio-connect/NEWS.md | 5 +++++ charts/rstudio-connect/values.yaml | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index 6705a487..4b371778 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.7.6 +version: 0.7.7 apiVersion: v2 appVersion: 2024.08.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index f7d20fa6..3ee0e075 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,5 +1,10 @@ # Changelog +## 0.7.7 + +- Add helm values for `pod.hostAliases` and `launcher.templateValues.pod.hostAliases` +- Add helm values for `launcher.defaultInitContainer.resources` + ## 0.7.6 - Bump Connect version to 2024.08.0 diff --git a/charts/rstudio-connect/values.yaml b/charts/rstudio-connect/values.yaml index 5a6dc80d..dc681601 100644 --- a/charts/rstudio-connect/values.yaml +++ b/charts/rstudio-connect/values.yaml @@ -382,4 +382,4 @@ config: AccessLog: STDOUT AccessLogFormat: COMMON # COMMON, COMBINED, or JSON Metrics: - Enabled: true \ No newline at end of file + Enabled: true From b06007af566523c27f24165f3c8e7f6f63a7d0b1 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 10 Sep 2024 17:55:17 +0000 Subject: [PATCH 118/284] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index b7355ac1..f1fc2603 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.7.6](https://img.shields.io/badge/Version-0.7.6-informational?style=flat-square) ![AppVersion: 2024.08.0](https://img.shields.io/badge/AppVersion-2024.08.0-informational?style=flat-square) +![Version: 0.7.7](https://img.shields.io/badge/Version-0.7.7-informational?style=flat-square) ![AppVersion: 2024.08.0](https://img.shields.io/badge/AppVersion-2024.08.0-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ @@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.6: +To install the chart with the release name `my-release` at version 0.7.7: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.6 +helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.7 ``` To explore other chart versions, look at: @@ -166,10 +166,11 @@ The Helm `config` values are converted into the `rstudio-connect.gcfg` service c | initContainers | bool | `false` | The initContainer spec that will be used verbatim | | launcher.additionalRuntimeImages | list | `[]` | Optional. Additional images to append to the end of the "launcher.customRuntimeYaml" (in the "images" key). If `customRuntimeYaml` is a "map", then "additionalRuntimeImages" will only be used if it is a "list". | | launcher.customRuntimeYaml | string | `"base"` | Optional. The runtime.yaml definition of Kubernetes runtime containers. Defaults to "base", which pulls in the default runtime.yaml file. If changing this value, be careful to include the images that you have already used. If set to "pro", will pull in the "pro" versions of the default runtime images (i.e. including the pro drivers at the cost of a larger image). Starting with Connect v2023.05.0, this configuration is used to bootstrap the initial set of execution environments the first time the server starts. If any execution environments already exist in the database, these values are ignored; execution environments are not created or modified during subsequent restarts. | -| launcher.defaultInitContainer | object | `{"enabled":true,"imagePullPolicy":"","repository":"ghcr.io/rstudio/rstudio-connect-content-init","securityContext":{},"tag":"","tagPrefix":"ubuntu2204-"}` | Image definition for the default Posit Connect Content InitContainer | +| launcher.defaultInitContainer | object | `{"enabled":true,"imagePullPolicy":"","repository":"ghcr.io/rstudio/rstudio-connect-content-init","resources":{},"securityContext":{},"tag":"","tagPrefix":"ubuntu2204-"}` | Image definition for the default Posit Connect Content InitContainer | | launcher.defaultInitContainer.enabled | bool | `true` | Whether to enable the defaultInitContainer. If disabled, you must ensure that the session components are available another way. | | launcher.defaultInitContainer.imagePullPolicy | string | `""` | The imagePullPolicy for the default initContainer | | launcher.defaultInitContainer.repository | string | `"ghcr.io/rstudio/rstudio-connect-content-init"` | The repository to use for the Content InitContainer image | +| launcher.defaultInitContainer.resources | object | `{}` | Optional resources for the default initContainer | | launcher.defaultInitContainer.securityContext | object | `{}` | The securityContext for the default initContainer | | launcher.defaultInitContainer.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | launcher.defaultInitContainer.tagPrefix | string | `"ubuntu2204-"` | A tag prefix for the Content InitContainer image (common selections: jammy-, ubuntu2204-). Only used if tag is not defined | From d2176b9ebe8285fa327219b941e06dddb825c82b Mon Sep 17 00:00:00 2001 From: Trevor Nederlof Date: Wed, 11 Sep 2024 13:00:34 -0400 Subject: [PATCH 119/284] Add Database section to the PPM README to get parity with PWB and PCT --- charts/rstudio-pm/README.md.gotmpl | 40 ++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/charts/rstudio-pm/README.md.gotmpl b/charts/rstudio-pm/README.md.gotmpl index 99c3aa41..3a21608c 100644 --- a/charts/rstudio-pm/README.md.gotmpl +++ b/charts/rstudio-pm/README.md.gotmpl @@ -33,6 +33,46 @@ This chart requires the following in order to function: {{ template "rstudio.licensing" . }} +## Database + +Package Manager requires a PostgreSQL database when running in Kubernetes. You must configure a [valid connection URI and a password](https://docs.posit.co/rspm/admin/database/#database-postgres) for the product to function correctly. Both the connection URI and password may be specified in the `config` section of `values.yaml`. However, we recommend only adding the connection URI and putting the database password in a Kubernetes `Secret`, which can be [automatically set as an environment variable](#database-password). + +### Database configuration + +Add the following to your `values.yaml`, replacing the `URL` with your database details. + +```yaml +config: + Database: + Provider: "Postgres" + Postgres: + URL: "postgres://@:/" +``` + +### Database password + +First, create a `Secret` declaratively with YAML or imperatively using the following command (replacing with your actual password): + +```bash +kubectl create secret generic {{ .Name }}-database --from-literal=password=YOURPASSWORDHERE +``` + +Second, specify the following in your `values.yaml`: + +```yaml +pod: + env: + - name: PACKAGEMANAGER_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Name }}-database + key: password +``` + +Alternatively, database passwords may be set during `helm install` with the following argument: + +`--set config.Postgres.Password=""` + ## S3 configuration Package Manager [can be configured to store its data in S3 From 1ce0fe0b06a57902cd3647efb3e5ec5b124c1f92 Mon Sep 17 00:00:00 2001 From: Trevor Nederlof Date: Wed, 11 Sep 2024 13:02:11 -0400 Subject: [PATCH 120/284] Bump PPM chart version --- charts/rstudio-pm/Chart.yaml | 2 +- charts/rstudio-pm/NEWS.md | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index 2f70b2d3..b8613157 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-pm description: Official Helm chart for Posit Package Manager -version: 0.5.30 +version: 0.5.31 apiVersion: v2 appVersion: 2024.08.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index c08e67c4..abe04f11 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.5.31 + +- Add documentation about PostgreSQL database configuration and mounting passwords from secrets as env variable + ## 0.5.30 - Update default Posit Package Manager version to 2024.08.0-6 From 9aeb4d5bcdf1367d6c3da2b5af159f4674e510d8 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 11 Sep 2024 17:06:16 +0000 Subject: [PATCH 121/284] Update helm-docs and README.md --- charts/rstudio-pm/README.md | 46 ++++++++++++++++++++++++++++++++++--- 1 file changed, 43 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 411603e9..90dce4b2 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,6 +1,6 @@ # Posit Package Manager -![Version: 0.5.30](https://img.shields.io/badge/Version-0.5.30-informational?style=flat-square) ![AppVersion: 2024.08.0](https://img.shields.io/badge/AppVersion-2024.08.0-informational?style=flat-square) +![Version: 0.5.31](https://img.shields.io/badge/Version-0.5.31-informational?style=flat-square) ![AppVersion: 2024.08.0](https://img.shields.io/badge/AppVersion-2024.08.0-informational?style=flat-square) #### _Official Helm chart for Posit Package Manager_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.5.30: +To install the chart with the release name `my-release` at version 0.5.31: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.30 +helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.31 ``` To explore other chart versions, look at: @@ -87,6 +87,46 @@ Alternatively, license files can be set during `helm install` with the following --set-file license.file.contents=licenses/rstudio-pm.lic ``` +## Database + +Package Manager requires a PostgreSQL database when running in Kubernetes. You must configure a [valid connection URI and a password](https://docs.posit.co/rspm/admin/database/#database-postgres) for the product to function correctly. Both the connection URI and password may be specified in the `config` section of `values.yaml`. However, we recommend only adding the connection URI and putting the database password in a Kubernetes `Secret`, which can be [automatically set as an environment variable](#database-password). + +### Database configuration + +Add the following to your `values.yaml`, replacing the `URL` with your database details. + +```yaml +config: + Database: + Provider: "Postgres" + Postgres: + URL: "postgres://@:/" +``` + +### Database password + +First, create a `Secret` declaratively with YAML or imperatively using the following command (replacing with your actual password): + +```bash +kubectl create secret generic rstudio-pm-database --from-literal=password=YOURPASSWORDHERE +``` + +Second, specify the following in your `values.yaml`: + +```yaml +pod: + env: + - name: PACKAGEMANAGER_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: rstudio-pm-database + key: password +``` + +Alternatively, database passwords may be set during `helm install` with the following argument: + +`--set config.Postgres.Password=""` + ## S3 configuration Package Manager [can be configured to store its data in S3 From 28412059fa1bc38a066826ecebbbf7040b26c971 Mon Sep 17 00:00:00 2001 From: Trevor Nederlof Date: Wed, 11 Sep 2024 13:29:38 -0400 Subject: [PATCH 122/284] Update NEWS --- charts/rstudio-pm/NEWS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index abe04f11..1c34f278 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -2,7 +2,7 @@ ## 0.5.31 -- Add documentation about PostgreSQL database configuration and mounting passwords from secrets as env variable +- Add documentation about PostgreSQL database configuration and mounting passwords from secrets as an env variable ## 0.5.30 From 0d6273735c278596574736edbb8235958eeae41e Mon Sep 17 00:00:00 2001 From: Matt Urbina Date: Fri, 13 Sep 2024 14:26:27 -0500 Subject: [PATCH 123/284] Update chronicle version to 2024.09.0 (#551) * Update chronicle version to 2024.09.0 * Update chronicle version to 2024.09.0 * remove old changelog --- charts/posit-chronicle/Chart.yaml | 4 ++-- charts/posit-chronicle/NEWS.md | 4 ++++ charts/posit-chronicle/README.md | 12 ++++++------ charts/posit-chronicle/README.md.gotmpl | 4 ++-- charts/posit-chronicle/values.yaml | 2 +- charts/rstudio-connect/Chart.yaml | 2 +- charts/rstudio-connect/NEWS.md | 4 ++++ charts/rstudio-connect/README.md | 6 +++--- charts/rstudio-connect/ci/complex-values.yaml | 2 +- charts/rstudio-pm/Chart.yaml | 2 +- charts/rstudio-pm/NEWS.md | 3 +++ charts/rstudio-pm/README.md | 6 +++--- charts/rstudio-pm/ci/all-values.yaml | 2 +- charts/rstudio-workbench/Chart.yaml | 2 +- charts/rstudio-workbench/NEWS.md | 4 ++++ charts/rstudio-workbench/README.md | 6 +++--- charts/rstudio-workbench/ci/complex-values.yaml | 2 +- 17 files changed, 41 insertions(+), 26 deletions(-) diff --git a/charts/posit-chronicle/Chart.yaml b/charts/posit-chronicle/Chart.yaml index a1719d0e..17aa55df 100644 --- a/charts/posit-chronicle/Chart.yaml +++ b/charts/posit-chronicle/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 name: posit-chronicle description: Official Helm chart for Posit Chronicle Server -version: 0.3.1 -appVersion: 2024.03.0 +version: 0.3.2 +appVersion: 2024.09.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.posit.co sources: diff --git a/charts/posit-chronicle/NEWS.md b/charts/posit-chronicle/NEWS.md index dd6b6472..b40acff0 100644 --- a/charts/posit-chronicle/NEWS.md +++ b/charts/posit-chronicle/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.3.2 + +- Bump Chronicle to version 2024.09.0 + ## 0.3.1 - Documentation site updates diff --git a/charts/posit-chronicle/README.md b/charts/posit-chronicle/README.md index ea3b103e..764eac04 100644 --- a/charts/posit-chronicle/README.md +++ b/charts/posit-chronicle/README.md @@ -1,6 +1,6 @@ # Posit Chronicle -![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square) ![AppVersion: 2024.03.0](https://img.shields.io/badge/AppVersion-2024.03.0-informational?style=flat-square) +![Version: 0.3.2](https://img.shields.io/badge/Version-0.3.2-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) #### _Official Helm chart for Posit Chronicle Server_ @@ -25,11 +25,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.3.1: +To install the chart with the release name `my-release` at version 0.3.2: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/posit-chronicle --version=0.3.1 +helm upgrade --install my-release rstudio/posit-chronicle --version=0.3.2 ``` To explore other chart versions, look at: @@ -60,7 +60,7 @@ pod: mountPath: "/var/lib/rstudio-server/audit" sidecar: - name: chronicle-agent - image: ghcr.io/rstudio/chronicle-agent:2024.03.0 + image: ghcr.io/rstudio/chronicle-agent:2024.09.0 volumeMounts: - name: logs mountPath: "/var/lib/rstudio-server/audit" @@ -76,7 +76,7 @@ API key from a Kubernetes Secret is used to unlock more detailed metrics: pod: sidecar: - name: chronicle-agent - image: ghcr.io/rstudio/chronicle-agent:2024.03.0 + image: ghcr.io/rstudio/chronicle-agent:2024.09.0 env: - name: CHRONICLE_SERVER_ADDRESS value: "http://chronicle-server.default" @@ -179,7 +179,7 @@ The credentials Chronicle uses for S3 storage must have the following permission | config.S3Storage.Region | string | `"us-east-2"` | | | image.imagePullPolicy | string | `"IfNotPresent"` | | | image.repository | string | `"ghcr.io/rstudio/chronicle"` | | -| image.tag | string | `"2024.03.0"` | | +| image.tag | string | `"2024.09.0"` | | | nodeSelector | object | `{}` | A map used verbatim as the pod's "nodeSelector" definition | | pod.affinity | object | `{}` | A map used verbatim as the pod's "affinity" definition | | pod.annotations | object | `{}` | Additional annotations to add to the chronicle-server pods | diff --git a/charts/posit-chronicle/README.md.gotmpl b/charts/posit-chronicle/README.md.gotmpl index 3681e788..f0ba08d4 100644 --- a/charts/posit-chronicle/README.md.gotmpl +++ b/charts/posit-chronicle/README.md.gotmpl @@ -30,7 +30,7 @@ pod: mountPath: "/var/lib/rstudio-server/audit" sidecar: - name: chronicle-agent - image: ghcr.io/rstudio/chronicle-agent:2024.03.0 + image: ghcr.io/rstudio/chronicle-agent:2024.09.0 volumeMounts: - name: logs mountPath: "/var/lib/rstudio-server/audit" @@ -46,7 +46,7 @@ API key from a Kubernetes Secret is used to unlock more detailed metrics: pod: sidecar: - name: chronicle-agent - image: ghcr.io/rstudio/chronicle-agent:2024.03.0 + image: ghcr.io/rstudio/chronicle-agent:2024.09.0 env: - name: CHRONICLE_SERVER_ADDRESS value: "http://chronicle-server.default" diff --git a/charts/posit-chronicle/values.yaml b/charts/posit-chronicle/values.yaml index 9d747ba8..67223643 100644 --- a/charts/posit-chronicle/values.yaml +++ b/charts/posit-chronicle/values.yaml @@ -1,6 +1,6 @@ image: repository: "ghcr.io/rstudio/chronicle" - tag: "2024.03.0" + tag: "2024.09.0" imagePullPolicy: "IfNotPresent" serviceaccount: diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index 4b371778..f346525a 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.7.7 +version: 0.7.8 apiVersion: v2 appVersion: 2024.08.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index 3ee0e075..d2f820fb 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.7.8 + +- Bump Chronicle Agent to version 2024.09.0 + ## 0.7.7 - Add helm values for `pod.hostAliases` and `launcher.templateValues.pod.hostAliases` diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index f1fc2603..595ccfce 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.7.7](https://img.shields.io/badge/Version-0.7.7-informational?style=flat-square) ![AppVersion: 2024.08.0](https://img.shields.io/badge/AppVersion-2024.08.0-informational?style=flat-square) +![Version: 0.7.8](https://img.shields.io/badge/Version-0.7.8-informational?style=flat-square) ![AppVersion: 2024.08.0](https://img.shields.io/badge/AppVersion-2024.08.0-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ @@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.7: +To install the chart with the release name `my-release` at version 0.7.8: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.7 +helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.8 ``` To explore other chart versions, look at: diff --git a/charts/rstudio-connect/ci/complex-values.yaml b/charts/rstudio-connect/ci/complex-values.yaml index 852e819b..3d6cab29 100644 --- a/charts/rstudio-connect/ci/complex-values.yaml +++ b/charts/rstudio-connect/ci/complex-values.yaml @@ -50,7 +50,7 @@ pod: imagePullPolicy: "IfNotPresent" # This will spin up the chronicle-agent sidecar container - name: chronicle-agent - image: ghcr.io/rstudio/chronicle-agent:2024.03.0 + image: ghcr.io/rstudio/chronicle-agent:2024.09.0 env: - name: CHRONICLE_SERVER_ADDRESS value: "http://chronicle-server.default" diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index b8613157..929326a7 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-pm description: Official Helm chart for Posit Package Manager -version: 0.5.31 +version: 0.5.32 apiVersion: v2 appVersion: 2024.08.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index 1c34f278..f396bcb4 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -1,4 +1,7 @@ # Changelog +## 0.5.32 + +- Bump Chronicle Agent to version 2024.09.0 ## 0.5.31 diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 90dce4b2..8af2d75a 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,6 +1,6 @@ # Posit Package Manager -![Version: 0.5.31](https://img.shields.io/badge/Version-0.5.31-informational?style=flat-square) ![AppVersion: 2024.08.0](https://img.shields.io/badge/AppVersion-2024.08.0-informational?style=flat-square) +![Version: 0.5.32](https://img.shields.io/badge/Version-0.5.32-informational?style=flat-square) ![AppVersion: 2024.08.0](https://img.shields.io/badge/AppVersion-2024.08.0-informational?style=flat-square) #### _Official Helm chart for Posit Package Manager_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.5.31: +To install the chart with the release name `my-release` at version 0.5.32: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.31 +helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.32 ``` To explore other chart versions, look at: diff --git a/charts/rstudio-pm/ci/all-values.yaml b/charts/rstudio-pm/ci/all-values.yaml index efa2c9b8..4ee5a93c 100644 --- a/charts/rstudio-pm/ci/all-values.yaml +++ b/charts/rstudio-pm/ci/all-values.yaml @@ -79,7 +79,7 @@ priorityClassName: someval # Testing with the chronicle-agent sidecar container extraContainers: - name: chronicle-agent - image: ghcr.io/rstudio/chronicle-agent:2024.03.0 + image: ghcr.io/rstudio/chronicle-agent:2024.09.0 imagePullPolicy: Always env: - name: CHRONICLE_SERVER_ADDRESS diff --git a/charts/rstudio-workbench/Chart.yaml b/charts/rstudio-workbench/Chart.yaml index 9a81082a..a5ac90ab 100644 --- a/charts/rstudio-workbench/Chart.yaml +++ b/charts/rstudio-workbench/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-workbench description: Official Helm chart for Posit Workbench -version: 0.8.0 +version: 0.8.1 apiVersion: v2 appVersion: 2024.04.2 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index 0b24ae59..03746a75 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.8.1 + +- Bump Chronicle Agent to version 2024.09.0 + ## 0.8.0 - BREAKING: the prometheus endpoint has changed from port `9108` to `8989` by default diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 9cf85b98..a17f6d04 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,6 +1,6 @@ # Posit Workbench -![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![AppVersion: 2024.04.2](https://img.shields.io/badge/AppVersion-2024.04.2-informational?style=flat-square) +![Version: 0.8.1](https://img.shields.io/badge/Version-0.8.1-informational?style=flat-square) ![AppVersion: 2024.04.2](https://img.shields.io/badge/AppVersion-2024.04.2-informational?style=flat-square) #### _Official Helm chart for Posit Workbench_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.8.0: +To install the chart with the release name `my-release` at version 0.8.1: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-workbench --version=0.8.0 +helm upgrade --install my-release rstudio/rstudio-workbench --version=0.8.1 ``` To explore other chart versions, look at: diff --git a/charts/rstudio-workbench/ci/complex-values.yaml b/charts/rstudio-workbench/ci/complex-values.yaml index ccd3f6b3..604e7226 100644 --- a/charts/rstudio-workbench/ci/complex-values.yaml +++ b/charts/rstudio-workbench/ci/complex-values.yaml @@ -36,7 +36,7 @@ pod: # This will spin up the chronicle-agent sidecar container sidecar: - name: chronicle-agent - image: ghcr.io/rstudio/chronicle-agent:2024.03.0 + image: ghcr.io/rstudio/chronicle-agent:2024.09.0 volumeMounts: - name: logs mountPath: "/var/lib/rstudio-server/audit" From 2140e5b9c3ad08194e2390e68937934a7e6edafb Mon Sep 17 00:00:00 2001 From: Jonathan Yoder Date: Fri, 20 Sep 2024 10:12:51 -0400 Subject: [PATCH 124/284] Update PPM to 2024.08.2 --- charts/rstudio-pm/Chart.yaml | 6 +++--- charts/rstudio-pm/NEWS.md | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index 929326a7..88740f90 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -1,8 +1,8 @@ name: rstudio-pm description: Official Helm chart for Posit Package Manager -version: 0.5.32 +version: 0.5.33 apiVersion: v2 -appVersion: 2024.08.0 +appVersion: 2024.08.2 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.rstudio.com sources: @@ -19,7 +19,7 @@ dependencies: annotations: artifacthub.io/images: | - name: rstudio-package-manager - image: rstudio/rstudio-package-manager:ubuntu2204-2024.08.0 + image: rstudio/rstudio-package-manager:ubuntu2204-2024.08.2 artifacthub.io/license: MIT artifacthub.io/links: | - name: RStudio Community diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index f396bcb4..17395ecf 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -1,4 +1,8 @@ # Changelog +## 0.5.33 + +- Update default Post Package Manager version to 2024.08.2-9 + ## 0.5.32 - Bump Chronicle Agent to version 2024.09.0 From 388fbe27851137843f2b22289e54a2a682e91f45 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Fri, 20 Sep 2024 14:14:02 +0000 Subject: [PATCH 125/284] Update helm-docs and README.md --- charts/rstudio-pm/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 8af2d75a..8c9dfd44 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,6 +1,6 @@ # Posit Package Manager -![Version: 0.5.32](https://img.shields.io/badge/Version-0.5.32-informational?style=flat-square) ![AppVersion: 2024.08.0](https://img.shields.io/badge/AppVersion-2024.08.0-informational?style=flat-square) +![Version: 0.5.33](https://img.shields.io/badge/Version-0.5.33-informational?style=flat-square) ![AppVersion: 2024.08.2](https://img.shields.io/badge/AppVersion-2024.08.2-informational?style=flat-square) #### _Official Helm chart for Posit Package Manager_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.5.32: +To install the chart with the release name `my-release` at version 0.5.33: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.32 +helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.33 ``` To explore other chart versions, look at: From c66476b4036c21ef7c98f88e49c3ac32862a8ac3 Mon Sep 17 00:00:00 2001 From: Zach Hannum Date: Tue, 24 Sep 2024 09:47:11 -0400 Subject: [PATCH 126/284] Bump Workbench version to 2024.09.0 --- charts/rstudio-workbench/Chart.yaml | 8 ++++---- charts/rstudio-workbench/NEWS.md | 4 ++++ charts/rstudio-workbench/README.md | 6 +++--- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/charts/rstudio-workbench/Chart.yaml b/charts/rstudio-workbench/Chart.yaml index a5ac90ab..6c24849f 100644 --- a/charts/rstudio-workbench/Chart.yaml +++ b/charts/rstudio-workbench/Chart.yaml @@ -1,8 +1,8 @@ name: rstudio-workbench description: Official Helm chart for Posit Workbench -version: 0.8.1 +version: 0.8.2 apiVersion: v2 -appVersion: 2024.04.2 +appVersion: 2024.09.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.rstudio.com sources: @@ -18,9 +18,9 @@ dependencies: annotations: artifacthub.io/images: | - name: rstudio-workbench - image: rstudio/rstudio-workbench:ubuntu2204-2024.04.2 + image: rstudio/rstudio-workbench:ubuntu2204-2024.09.0 - name: r-session-complete - image: rstudio/r-session-complete:ubuntu2204-2024.04.2 + image: rstudio/r-session-complete:ubuntu2204-2024.09.0 artifacthub.io/license: MIT artifacthub.io/links: | - name: Docker Images diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index 03746a75..abbe6d1a 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.8.2 + +- Bump Workbench version to 2024.09.0 + ## 0.8.1 - Bump Chronicle Agent to version 2024.09.0 diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index a17f6d04..b024c9f8 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,6 +1,6 @@ # Posit Workbench -![Version: 0.8.1](https://img.shields.io/badge/Version-0.8.1-informational?style=flat-square) ![AppVersion: 2024.04.2](https://img.shields.io/badge/AppVersion-2024.04.2-informational?style=flat-square) +![Version: 0.8.2](https://img.shields.io/badge/Version-0.8.2-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) #### _Official Helm chart for Posit Workbench_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.8.1: +To install the chart with the release name `my-release` at version 0.8.2: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-workbench --version=0.8.1 +helm upgrade --install my-release rstudio/rstudio-workbench --version=0.8.2 ``` To explore other chart versions, look at: From ba502cf3a8c81d756f8a4197bab49708d1599515 Mon Sep 17 00:00:00 2001 From: Cole Arendt Date: Wed, 25 Sep 2024 14:33:48 -0400 Subject: [PATCH 127/284] bump versions and update docs --- charts/rstudio-connect/Chart.yaml | 2 +- charts/rstudio-connect/NEWS.md | 2 +- charts/rstudio-connect/README.md | 6 +++--- charts/rstudio-pm/NEWS.md | 3 +-- charts/rstudio-workbench/Chart.yaml | 2 +- charts/rstudio-workbench/NEWS.md | 2 +- charts/rstudio-workbench/README.md | 6 +++--- 7 files changed, 11 insertions(+), 12 deletions(-) diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index f346525a..f610631b 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.7.8 +version: 0.7.9 apiVersion: v2 appVersion: 2024.08.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index 9c317318..0b2ef17f 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,6 +1,6 @@ # Changelog -## Unversioned +## 0.7.9 - Bump version of launcher templates `job.tpl` and `service.tpl` - `enableServiceLinks` now defaults to `false` for sessions (instead of not being set). diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 595ccfce..563c1f04 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.7.8](https://img.shields.io/badge/Version-0.7.8-informational?style=flat-square) ![AppVersion: 2024.08.0](https://img.shields.io/badge/AppVersion-2024.08.0-informational?style=flat-square) +![Version: 0.7.9](https://img.shields.io/badge/Version-0.7.9-informational?style=flat-square) ![AppVersion: 2024.08.0](https://img.shields.io/badge/AppVersion-2024.08.0-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ @@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.8: +To install the chart with the release name `my-release` at version 0.7.9: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.8 +helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.9 ``` To explore other chart versions, look at: diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index 11e27d21..17395ecf 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -1,6 +1,5 @@ # Changelog - -## Unversioned +## 0.5.33 - Update default Post Package Manager version to 2024.08.2-9 diff --git a/charts/rstudio-workbench/Chart.yaml b/charts/rstudio-workbench/Chart.yaml index a5ac90ab..31c3cff3 100644 --- a/charts/rstudio-workbench/Chart.yaml +++ b/charts/rstudio-workbench/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-workbench description: Official Helm chart for Posit Workbench -version: 0.8.1 +version: 0.8.2 apiVersion: v2 appVersion: 2024.04.2 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index 45be9675..8581b1b7 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -1,6 +1,6 @@ # Changelog -## Unversioned +## 0.8.2 - Bump version of launcher templates `job.tpl` and `service.tpl` - `enableServiceLinks` now defaults to `false` for sessions (instead of not being set). diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index a17f6d04..98916514 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,6 +1,6 @@ # Posit Workbench -![Version: 0.8.1](https://img.shields.io/badge/Version-0.8.1-informational?style=flat-square) ![AppVersion: 2024.04.2](https://img.shields.io/badge/AppVersion-2024.04.2-informational?style=flat-square) +![Version: 0.8.2](https://img.shields.io/badge/Version-0.8.2-informational?style=flat-square) ![AppVersion: 2024.04.2](https://img.shields.io/badge/AppVersion-2024.04.2-informational?style=flat-square) #### _Official Helm chart for Posit Workbench_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.8.1: +To install the chart with the release name `my-release` at version 0.8.2: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-workbench --version=0.8.1 +helm upgrade --install my-release rstudio/rstudio-workbench --version=0.8.2 ``` To explore other chart versions, look at: From 8bb0e7148b1957b60a7fdb6936e24892122a7f14 Mon Sep 17 00:00:00 2001 From: Cole Arendt Date: Wed, 25 Sep 2024 15:01:37 -0400 Subject: [PATCH 128/284] remove resources.enabled protection that was wrong and fix indentation --- charts/rstudio-connect/NEWS.md | 2 ++ charts/rstudio-connect/ci/complex-values.yaml | 2 -- charts/rstudio-connect/templates/deployment.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index 0b2ef17f..d2eabc9e 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -6,6 +6,8 @@ - `enableServiceLinks` now defaults to `false` for sessions (instead of not being set). To enable them for sessions, set `launcher.templateValues.enableServiceLinks: true`. - Also see related discussion [on the Kubernetes project](https://github.com/kubernetes/kubernetes/issues/121787) +- Removed a protection against `.resources.enabled = false` which was a [bad attempt at backwards compatibility two + years ago](https://github.com/rstudio/helm/pull/224) (v0.2.34) ## 0.7.8 diff --git a/charts/rstudio-connect/ci/complex-values.yaml b/charts/rstudio-connect/ci/complex-values.yaml index 3d6cab29..d1b88a98 100644 --- a/charts/rstudio-connect/ci/complex-values.yaml +++ b/charts/rstudio-connect/ci/complex-values.yaml @@ -110,12 +110,10 @@ replicas: 2 resources: requests: - enabled: false memory: "1Gi" cpu: "100m" ephemeralStorage: "100Mi" limits: - enabled: false memory: "2Gi" cpu: "2000m" ephemeralStorage: "200Mi" diff --git a/charts/rstudio-connect/templates/deployment.yaml b/charts/rstudio-connect/templates/deployment.yaml index d86f080d..7b8bd460 100644 --- a/charts/rstudio-connect/templates/deployment.yaml +++ b/charts/rstudio-connect/templates/deployment.yaml @@ -175,11 +175,11 @@ spec: {{- end }} {{ include "rstudio-library.license-mount" (dict "license" ( .Values.license )) | indent 10 }} {{- if .Values.pod.volumeMounts }} -{{ toYaml .Values.pod.volumeMounts | indent 10 }} + {{- toYaml .Values.pod.volumeMounts | nindent 10 }} {{- end }} {{- with .Values.resources }} resources: - {{ toYaml (omit . "enabled") | nindent 10 }} + {{- toYaml . | nindent 10 }} {{- end }} {{- if .Values.livenessProbe.enabled }} {{- $liveness := omit .Values.livenessProbe "enabled" }} From 557c78179acfa709afc1027d2c2ac34448f27821 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 25 Sep 2024 15:14:18 -0400 Subject: [PATCH 129/284] remove cole, add infraops and ptd-dev --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 777baeb2..5051c9f6 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,5 +1,5 @@ # format per https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#about-code-owners -* @colearendt @atheriel +* @atheriel @rstudio/infraops @rstudio/ptd-dev # package-manager resources /charts/rstudio-pm/* @rstudio/ppm From d1b8863c6e37f52cbd74cb444abbc2116d0ad67c Mon Sep 17 00:00:00 2001 From: Cole Arendt Date: Wed, 25 Sep 2024 21:12:39 -0400 Subject: [PATCH 130/284] bump workbench version --- charts/rstudio-workbench/Chart.yaml | 2 +- charts/rstudio-workbench/NEWS.md | 2 +- charts/rstudio-workbench/README.md | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/rstudio-workbench/Chart.yaml b/charts/rstudio-workbench/Chart.yaml index 6c24849f..bba6de8f 100644 --- a/charts/rstudio-workbench/Chart.yaml +++ b/charts/rstudio-workbench/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-workbench description: Official Helm chart for Posit Workbench -version: 0.8.2 +version: 0.8.3 apiVersion: v2 appVersion: 2024.09.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index bdc3f5d8..ae836636 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -1,6 +1,6 @@ # Changelog -## Unversioned +## 0.8.3 - Bump version of launcher templates `job.tpl` and `service.tpl` - `enableServiceLinks` now defaults to `false` for sessions (instead of not being set). diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index b024c9f8..07f1a0cb 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,6 +1,6 @@ # Posit Workbench -![Version: 0.8.2](https://img.shields.io/badge/Version-0.8.2-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) +![Version: 0.8.3](https://img.shields.io/badge/Version-0.8.3-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) #### _Official Helm chart for Posit Workbench_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.8.2: +To install the chart with the release name `my-release` at version 0.8.3: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-workbench --version=0.8.2 +helm upgrade --install my-release rstudio/rstudio-workbench --version=0.8.3 ``` To explore other chart versions, look at: From cf811dedf972bd8e3f1aa6d8911d7575ccb12890 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Thu, 26 Sep 2024 08:53:21 -0400 Subject: [PATCH 131/284] Also remove Aaron --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 5051c9f6..93b69969 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,5 +1,5 @@ # format per https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#about-code-owners -* @atheriel @rstudio/infraops @rstudio/ptd-dev +* @rstudio/infraops @rstudio/ptd-dev # package-manager resources /charts/rstudio-pm/* @rstudio/ppm From d0ad0f90e7cf571e8a6425fb4794cdedb7291740 Mon Sep 17 00:00:00 2001 From: Tyler Date: Thu, 26 Sep 2024 10:35:08 -0400 Subject: [PATCH 132/284] Fix: Set the `securityContext.fsGroup` to default `999` guid Bumps the PPM chart to `0.5.34` Refs: https://github.com/rstudio/package-manager/issues/14422 Update helm-docs and README.md Fix: Remove trailing space in PPM README Doc: Update PPM README.md to lowercase `postgres` Refs: https://github.com/rstudio/package-manager/issues/14420 Update helm-docs and README.md Update helm-docs and README.md Fix: Use lowercase postgres in db config example Update helm-docs and README.md Update helm-docs and README.md Fix: Switch * to _ and force CI Update helm-docs and README.md --- charts/rstudio-pm/Chart.yaml | 2 +- charts/rstudio-pm/NEWS.md | 5 +++++ charts/rstudio-pm/README.md | 8 ++++---- charts/rstudio-pm/values.yaml | 1 + 4 files changed, 11 insertions(+), 5 deletions(-) diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index 88740f90..0de29503 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-pm description: Official Helm chart for Posit Package Manager -version: 0.5.33 +version: 0.5.34 apiVersion: v2 appVersion: 2024.08.2 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index 17395ecf..bedbb286 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -1,4 +1,9 @@ # Changelog + +## 0.5.34 + +- Add `pod.securityContext.fsGroup = 999` value to set file permissions correctly when using shared storage. + ## 0.5.33 - Update default Post Package Manager version to 2024.08.2-9 diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 8c9dfd44..e09c80ce 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,6 +1,6 @@ # Posit Package Manager -![Version: 0.5.33](https://img.shields.io/badge/Version-0.5.33-informational?style=flat-square) ![AppVersion: 2024.08.2](https://img.shields.io/badge/AppVersion-2024.08.2-informational?style=flat-square) +![Version: 0.5.34](https://img.shields.io/badge/Version-0.5.34-informational?style=flat-square) ![AppVersion: 2024.08.2](https://img.shields.io/badge/AppVersion-2024.08.2-informational?style=flat-square) #### _Official Helm chart for Posit Package Manager_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.5.33: +To install the chart with the release name `my-release` at version 0.5.34: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.33 +helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.34 ``` To explore other chart versions, look at: @@ -222,7 +222,7 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | nameOverride | string | `""` | the name of the chart deployment (can be overridden) | | nodeSelector | object | `{}` | A map used verbatim as the pod's "nodeSelector" definition | | pod.annotations | object | `{}` | annotations is a map of keys / values that will be added as annotations to the pods | -| pod.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":999,"seccompProfile":{"type":"{{ if .Values.enableSandboxing }}Unconfined{{ else }}RuntimeDefault{{ end }}"}}` | the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the main Package Manager container. Evaluated as a template. | +| pod.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"fsGroup":999,"runAsNonRoot":true,"runAsUser":999,"seccompProfile":{"type":"{{ if .Values.enableSandboxing }}Unconfined{{ else }}RuntimeDefault{{ end }}"}}` | the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the main Package Manager container. Evaluated as a template. | | pod.env | list | `[]` | env is an array of maps that is injected as-is into the "env:" component of the pod.container spec | | pod.labels | object | `{}` | Additional labels to add to the rstudio-pm pods | | pod.lifecycle | object | `{}` | Container [lifecycle hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/) | diff --git a/charts/rstudio-pm/values.yaml b/charts/rstudio-pm/values.yaml index a5ce17fb..1b41f897 100644 --- a/charts/rstudio-pm/values.yaml +++ b/charts/rstudio-pm/values.yaml @@ -129,6 +129,7 @@ pod: # -- the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the main Package Manager container. Evaluated as a template. containerSecurityContext: runAsUser: 999 + fsGroup: 999 runAsNonRoot: true allowPrivilegeEscalation: false capabilities: From c842fd9323ce0054947ebbd7c1f210c8a30f55e3 Mon Sep 17 00:00:00 2001 From: edavidaja Date: Thu, 26 Sep 2024 12:16:25 -0400 Subject: [PATCH 133/284] Bump Connect to version 2024.09.0 --- charts/rstudio-connect/Chart.yaml | 6 +++--- charts/rstudio-connect/NEWS.md | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index f346525a..b71dbdd0 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,8 +1,8 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.7.8 +version: 0.7.9 apiVersion: v2 -appVersion: 2024.08.0 +appVersion: 2024.09.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.rstudio.com sources: @@ -18,7 +18,7 @@ dependencies: annotations: artifacthub.io/images: | - name: rstudio-connect - image: rstudio/rstudio-connect:ubuntu2204-2024.08.0 + image: rstudio/rstudio-connect:ubuntu2204-2024.09.0 artifacthub.io/license: MIT artifacthub.io/links: | - name: Docker Images diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index d2f820fb..7739e7e5 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.7.9 + +- Bump Connect version to 2024.09.0 + ## 0.7.8 - Bump Chronicle Agent to version 2024.09.0 From 1a74240558c66511a3429a3b7f521a2583643ba3 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 26 Sep 2024 16:17:38 +0000 Subject: [PATCH 134/284] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 595ccfce..63c447b5 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.7.8](https://img.shields.io/badge/Version-0.7.8-informational?style=flat-square) ![AppVersion: 2024.08.0](https://img.shields.io/badge/AppVersion-2024.08.0-informational?style=flat-square) +![Version: 0.7.9](https://img.shields.io/badge/Version-0.7.9-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ @@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.8: +To install the chart with the release name `my-release` at version 0.7.9: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.8 +helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.9 ``` To explore other chart versions, look at: From 2f8d857ede8268fd100db408da26b6bbc1d1e0d3 Mon Sep 17 00:00:00 2001 From: Tyler Date: Mon, 30 Sep 2024 10:29:35 -0400 Subject: [PATCH 135/284] Fix: Move PPM `fsGroup` setting to `securityContext` Refs: https://github.com/rstudio/helm/pull/558#discussion_r1779179356 --- charts/rstudio-pm/Chart.yaml | 2 +- charts/rstudio-pm/NEWS.md | 7 ++++++- charts/rstudio-pm/README.md | 2 +- charts/rstudio-pm/values.yaml | 4 ++-- 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index 0de29503..2c7ff0f9 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-pm description: Official Helm chart for Posit Package Manager -version: 0.5.34 +version: 0.5.35 apiVersion: v2 appVersion: 2024.08.2 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index bedbb286..9fdad6fa 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -1,8 +1,13 @@ # Changelog +## 0.5.35 + +- Move `pod.containerSecurityContext.fsGroup = 999` to `pod.securityContext.fsGroup` to resolve + helm warning `unknown field "spec.template.spec.containers[0].securityContext.fsGroup"`. + ## 0.5.34 -- Add `pod.securityContext.fsGroup = 999` value to set file permissions correctly when using shared storage. +- Add `pod.containerSecurityContext.fsGroup = 999` value to set file permissions correctly when using shared storage. ## 0.5.33 diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index e09c80ce..d16f768c 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,6 +1,6 @@ # Posit Package Manager -![Version: 0.5.34](https://img.shields.io/badge/Version-0.5.34-informational?style=flat-square) ![AppVersion: 2024.08.2](https://img.shields.io/badge/AppVersion-2024.08.2-informational?style=flat-square) +![Version: 0.5.35](https://img.shields.io/badge/Version-0.5.35-informational?style=flat-square) ![AppVersion: 2024.08.2](https://img.shields.io/badge/AppVersion-2024.08.2-informational?style=flat-square) #### _Official Helm chart for Posit Package Manager_ diff --git a/charts/rstudio-pm/values.yaml b/charts/rstudio-pm/values.yaml index 1b41f897..7f539998 100644 --- a/charts/rstudio-pm/values.yaml +++ b/charts/rstudio-pm/values.yaml @@ -125,11 +125,11 @@ pod: # -- Container [lifecycle hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/) lifecycle: {} # -- the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the pod - securityContext: {} + securityContext: + fsGroup: 999 # -- the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the main Package Manager container. Evaluated as a template. containerSecurityContext: runAsUser: 999 - fsGroup: 999 runAsNonRoot: true allowPrivilegeEscalation: false capabilities: From 4c3bc93de206ed3439b3b70adaa9c3a6716226d7 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Mon, 30 Sep 2024 14:35:55 +0000 Subject: [PATCH 136/284] Update helm-docs and README.md --- charts/rstudio-pm/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index d16f768c..4eb14203 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.5.34: +To install the chart with the release name `my-release` at version 0.5.35: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.34 +helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.35 ``` To explore other chart versions, look at: @@ -222,11 +222,11 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | nameOverride | string | `""` | the name of the chart deployment (can be overridden) | | nodeSelector | object | `{}` | A map used verbatim as the pod's "nodeSelector" definition | | pod.annotations | object | `{}` | annotations is a map of keys / values that will be added as annotations to the pods | -| pod.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"fsGroup":999,"runAsNonRoot":true,"runAsUser":999,"seccompProfile":{"type":"{{ if .Values.enableSandboxing }}Unconfined{{ else }}RuntimeDefault{{ end }}"}}` | the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the main Package Manager container. Evaluated as a template. | +| pod.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":999,"seccompProfile":{"type":"{{ if .Values.enableSandboxing }}Unconfined{{ else }}RuntimeDefault{{ end }}"}}` | the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the main Package Manager container. Evaluated as a template. | | pod.env | list | `[]` | env is an array of maps that is injected as-is into the "env:" component of the pod.container spec | | pod.labels | object | `{}` | Additional labels to add to the rstudio-pm pods | | pod.lifecycle | object | `{}` | Container [lifecycle hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/) | -| pod.securityContext | object | `{}` | the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the pod | +| pod.securityContext | object | `{"fsGroup":999}` | the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the pod | | pod.serviceAccountName | string | `""` | Deprecated, use `serviceAccount.name` instead | | pod.terminationGracePeriodSeconds | int | `120` | The termination grace period seconds allowed for the pod before shutdown | | pod.volumeMounts | list | `[]` | volumeMounts is an array of maps that is injected as-is into the "volumeMounts" component of the pod spec | From e32d0123486290bd1b5944b73290dd461eb7f14c Mon Sep 17 00:00:00 2001 From: Tyler Date: Mon, 30 Sep 2024 10:38:37 -0400 Subject: [PATCH 137/284] Trigger CI --- charts/rstudio-pm/NEWS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index 9fdad6fa..fbb61dcf 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -3,7 +3,7 @@ ## 0.5.35 - Move `pod.containerSecurityContext.fsGroup = 999` to `pod.securityContext.fsGroup` to resolve - helm warning `unknown field "spec.template.spec.containers[0].securityContext.fsGroup"`. + the helm warning `unknown field "spec.template.spec.containers[0].securityContext.fsGroup"`. ## 0.5.34 From 78ff97dedfe6b4496485c54b8bedadcc7e6dd019 Mon Sep 17 00:00:00 2001 From: Greg Lin Date: Thu, 26 Sep 2024 16:02:06 -0500 Subject: [PATCH 138/284] Update docs for Package Manager Postgres.UsageDataPassword bug --- charts/rstudio-pm/Chart.yaml | 2 +- charts/rstudio-pm/NEWS.md | 4 ++++ charts/rstudio-pm/README.md.gotmpl | 8 ++++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index 2c7ff0f9..07d13ddb 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-pm description: Official Helm chart for Posit Package Manager -version: 0.5.35 +version: 0.5.36 apiVersion: v2 appVersion: 2024.08.2 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index fbb61dcf..066c1fdb 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.5.36 + +- Update PostgreSQL configuration documentation to temporarily work around bug with `Postgres.UsageDataPassword` in Package Manager 2024.08.2. + ## 0.5.35 - Move `pod.containerSecurityContext.fsGroup = 999` to `pod.securityContext.fsGroup` to resolve diff --git a/charts/rstudio-pm/README.md.gotmpl b/charts/rstudio-pm/README.md.gotmpl index 3a21608c..258e939f 100644 --- a/charts/rstudio-pm/README.md.gotmpl +++ b/charts/rstudio-pm/README.md.gotmpl @@ -67,6 +67,14 @@ pod: secretKeyRef: name: {{ .Name }}-database key: password + + # Temporarily work around bug in Package Manager 2024.08.2 where Postgres.UsageDataPassword + # does not default to Postgres.Password. This will be fixed in the next release of Package Manager. + - name: PACKAGEMANAGER_POSTGRES_USAGEDATAPASSWORD + valueFrom: + secretKeyRef: + name: {{ .Name }}-database + key: password ``` Alternatively, database passwords may be set during `helm install` with the following argument: From 5b7d9fa6dc5f36cfeb78d335993e040f7d1eb866 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 2 Oct 2024 15:10:46 +0000 Subject: [PATCH 139/284] Update helm-docs and README.md --- charts/rstudio-pm/README.md | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 4eb14203..16bb42d4 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,6 +1,6 @@ # Posit Package Manager -![Version: 0.5.35](https://img.shields.io/badge/Version-0.5.35-informational?style=flat-square) ![AppVersion: 2024.08.2](https://img.shields.io/badge/AppVersion-2024.08.2-informational?style=flat-square) +![Version: 0.5.36](https://img.shields.io/badge/Version-0.5.36-informational?style=flat-square) ![AppVersion: 2024.08.2](https://img.shields.io/badge/AppVersion-2024.08.2-informational?style=flat-square) #### _Official Helm chart for Posit Package Manager_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.5.35: +To install the chart with the release name `my-release` at version 0.5.36: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.35 +helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.36 ``` To explore other chart versions, look at: @@ -121,6 +121,14 @@ pod: secretKeyRef: name: rstudio-pm-database key: password + + # Temporarily work around bug in Package Manager 2024.08.2 where Postgres.UsageDataPassword + # does not default to Postgres.Password. This will be fixed in the next release of Package Manager. + - name: PACKAGEMANAGER_POSTGRES_USAGEDATAPASSWORD + valueFrom: + secretKeyRef: + name: rstudio-pm-database + key: password ``` Alternatively, database passwords may be set during `helm install` with the following argument: From 5b1ff627f975ae0fe8db6261e67e0c05b9c220ae Mon Sep 17 00:00:00 2001 From: Tyler Finethy Date: Wed, 2 Oct 2024 14:33:52 -0400 Subject: [PATCH 140/284] Update charts/rstudio-pm/NEWS.md --- charts/rstudio-pm/NEWS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index 066c1fdb..63cfbd95 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -2,7 +2,7 @@ ## 0.5.36 -- Update PostgreSQL configuration documentation to temporarily work around bug with `Postgres.UsageDataPassword` in Package Manager 2024.08.2. +- Update the PostgreSQL configuration documentation to temporarily work around bug with `Postgres.UsageDataPassword` in Package Manager 2024.08.2. ## 0.5.35 From 0764d1299b660fb7df2c39f62f86b92e40383544 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Mon, 7 Oct 2024 16:33:19 -0400 Subject: [PATCH 141/284] Send alerts to the posit-helm channel when linting or installation tests fail --- .github/workflows/chart-test.yaml | 75 ++++++++++++++++++++++++++++--- 1 file changed, 69 insertions(+), 6 deletions(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index de061f9d..40374b81 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -32,14 +32,46 @@ jobs: run: | changed=$(ct list-changed --target-branch main --chart-dirs charts --chart-dirs other-charts) if [[ -n "$changed" ]]; then - echo "::set-output name=changed::true" + echo 'changed=true' >> $GITHUB_OUTPUT fi - name: Run chart-testing (lint changed) - run: ct lint --target-branch main --chart-dirs charts --chart-dirs other-charts + id: ct-lint + if: steps.list-changed.outputs.changed == 'true' + run: | + ct lint --target-branch main --chart-dirs charts --chart-dirs other-charts + if [[ $? -ne 0 ]]; then + echo "failed=true" >> $GITHUB_OUTPUT + fi - name: Run chart-testing (lint all) - run: ct lint --target-branch main --all --chart-dirs charts --chart-dirs other-charts + id: ct-lint-all + run: | + ct lint --target-branch main --all --chart-dirs charts --chart-dirs other-charts + if [[ $? -ne 0 ]]; then + echo "failed=true" >> $GITHUB_OUTPUT + fi + + - name: Notify Slack of chart linting failure + if: steps.ct-lint.outputs.failed == 'true' || steps.ct-lint-all.outputs.failed == 'true' + uses: slackapi/slack-github-action@v1.27.0 + with: + payload-delimiter: "_" + payload: | + { + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Linting failed for ${{ steps.ct-lint.outputs.failed == true && 'changed' || 'all' }} charts. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + } + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK install: runs-on: ubuntu-latest @@ -66,7 +98,7 @@ jobs: run: | changed=$(ct list-changed --target-branch main --chart-dirs charts --chart-dirs other-charts) if [[ -n "$changed" ]]; then - echo "::set-output name=changed::true" + echo 'changed=true' >> $GITHUB_OUTPUT fi - name: Create kind cluster @@ -75,16 +107,47 @@ jobs: # no allow-failure until https://github.com/actions/toolkit/issues/399 - name: Run chart-testing (install changed) + id: ct-install if: ${{ github.ref != 'refs/heads/main' }} - run: ct install --target-branch main --chart-dirs charts --chart-dirs other-charts + run: | + ct install --target-branch main --chart-dirs charts --chart-dirs other-charts + if [[ $? -ne 0 ]]; then + echo "failed=true" >> $GITHUB_OUTPUT + fi continue-on-error: true # no allow-failure until https://github.com/actions/toolkit/issues/399 - name: Run chart-testing (install all) + id: ct-install-all if: ${{ github.ref == 'refs/heads/main' }} - run: ct install --target-branch main --all --chart-dirs charts --chart-dirs other-charts + run: | + ct install --target-branch main --all --chart-dirs charts --chart-dirs other-charts + if [[ $? -ne 0 ]]; then + echo "failed=true" >> $GITHUB_OUTPUT + fi continue-on-error: true + - name: Notify Slack of chart install failure + if: steps.ct-install.outputs.failed == 'true' || steps.ct-install-all.outputs.failed == 'true' + uses: slackapi/slack-github-action@v1.27.0 + with: + payload-delimiter: "_" + payload: | + { + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Failure during installation of ${{ steps.ct-install.outputs.failed == true && 'changed' || 'all' }} charts. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + } + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + check-versions-connect: runs-on: ubuntu-latest steps: From a5a85c8352a034b2652f175d0919277ae53f958e Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Mon, 7 Oct 2024 16:44:03 -0400 Subject: [PATCH 142/284] Wrong dev team :grimacing: --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 93b69969..a991752c 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,5 +1,5 @@ # format per https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#about-code-owners -* @rstudio/infraops @rstudio/ptd-dev +* @rstudio/infraops @rstudio/platform-dev # package-manager resources /charts/rstudio-pm/* @rstudio/ppm From a43b1ccd6ac42647f3d0e245644943b1580b76d7 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Mon, 7 Oct 2024 16:49:53 -0400 Subject: [PATCH 143/284] only try to install changed if there are changes --- .github/workflows/chart-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index 40374b81..588141ba 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -108,7 +108,7 @@ jobs: # no allow-failure until https://github.com/actions/toolkit/issues/399 - name: Run chart-testing (install changed) id: ct-install - if: ${{ github.ref != 'refs/heads/main' }} + if: ${{ github.ref != 'refs/heads/main' && steps.list-changed.outputs.changed == 'true' }} run: | ct install --target-branch main --chart-dirs charts --chart-dirs other-charts if [[ $? -ne 0 ]]; then From 00f8ff88c88da1ae69a5f5fc1010f19900e3b0ea Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Tue, 8 Oct 2024 11:08:59 -0400 Subject: [PATCH 144/284] continue-on-error 'Prevents a job from failing when a step fails.' I'm hoping removing that setting allows the failing steps to trigger notification to slack --- .github/workflows/chart-test.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index 588141ba..bad60474 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -114,7 +114,6 @@ jobs: if [[ $? -ne 0 ]]; then echo "failed=true" >> $GITHUB_OUTPUT fi - continue-on-error: true # no allow-failure until https://github.com/actions/toolkit/issues/399 - name: Run chart-testing (install all) @@ -125,7 +124,6 @@ jobs: if [[ $? -ne 0 ]]; then echo "failed=true" >> $GITHUB_OUTPUT fi - continue-on-error: true - name: Notify Slack of chart install failure if: steps.ct-install.outputs.failed == 'true' || steps.ct-install-all.outputs.failed == 'true' From 0b09433492d96df5d229fb60ea2a9c7b8fd75ddb Mon Sep 17 00:00:00 2001 From: Tyler Date: Tue, 8 Oct 2024 12:04:01 -0400 Subject: [PATCH 145/284] Fix: PPM README should document lowercase postgres --- charts/rstudio-pm/README.md | 2 +- charts/rstudio-pm/README.md.gotmpl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 16bb42d4..74374fce 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -98,7 +98,7 @@ Add the following to your `values.yaml`, replacing the `URL` with your database ```yaml config: Database: - Provider: "Postgres" + Provider: "postgres" Postgres: URL: "postgres://@:/" ``` diff --git a/charts/rstudio-pm/README.md.gotmpl b/charts/rstudio-pm/README.md.gotmpl index 258e939f..4a77167e 100644 --- a/charts/rstudio-pm/README.md.gotmpl +++ b/charts/rstudio-pm/README.md.gotmpl @@ -44,7 +44,7 @@ Add the following to your `values.yaml`, replacing the `URL` with your database ```yaml config: Database: - Provider: "Postgres" + Provider: "postgres" Postgres: URL: "postgres://@:/" ``` From c9f2216e2f5347d05fb867e361fdffe583f1c75d Mon Sep 17 00:00:00 2001 From: Tyler Date: Tue, 8 Oct 2024 12:34:12 -0400 Subject: [PATCH 146/284] Fix: Linter forced update --- charts/rstudio-pm/Chart.yaml | 2 +- charts/rstudio-pm/NEWS.md | 4 ++++ charts/rstudio-pm/README.md | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index 07d13ddb..c108bf1c 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-pm description: Official Helm chart for Posit Package Manager -version: 0.5.36 +version: 0.5.37 apiVersion: v2 appVersion: 2024.08.2 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index 63cfbd95..c17551fa 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.5.37 + +- Update documentation with lowercase `postgres`. + ## 0.5.36 - Update the PostgreSQL configuration documentation to temporarily work around bug with `Postgres.UsageDataPassword` in Package Manager 2024.08.2. diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 74374fce..68859e1b 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,6 +1,6 @@ # Posit Package Manager -![Version: 0.5.36](https://img.shields.io/badge/Version-0.5.36-informational?style=flat-square) ![AppVersion: 2024.08.2](https://img.shields.io/badge/AppVersion-2024.08.2-informational?style=flat-square) +![Version: 0.5.37](https://img.shields.io/badge/Version-0.5.37-informational?style=flat-square) ![AppVersion: 2024.08.2](https://img.shields.io/badge/AppVersion-2024.08.2-informational?style=flat-square) #### _Official Helm chart for Posit Package Manager_ From b269e492aa7749238384d8d079702c58a87487d2 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 8 Oct 2024 16:36:19 +0000 Subject: [PATCH 147/284] Update helm-docs and README.md --- charts/rstudio-pm/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 68859e1b..9ef4c079 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.5.36: +To install the chart with the release name `my-release` at version 0.5.37: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.36 +helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.37 ``` To explore other chart versions, look at: From ffa18cd30cd54e9e3c6015cd46eb0dffba33ef9c Mon Sep 17 00:00:00 2001 From: Tyler Date: Tue, 8 Oct 2024 12:38:09 -0400 Subject: [PATCH 148/284] Fix: Update NEWS --- charts/rstudio-pm/NEWS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index c17551fa..ec60fa8c 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -2,7 +2,7 @@ ## 0.5.37 -- Update documentation with lowercase `postgres`. +- Update documentation with lowercase `Database.Provider = "postgres"`. ## 0.5.36 From 2fc116047a65db4daed8a628c9930856cc168bee Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Tue, 8 Oct 2024 13:57:37 -0400 Subject: [PATCH 149/284] Fixes to actually notify properly --- .github/workflows/chart-test.yaml | 48 ++++++++++++++----------------- 1 file changed, 22 insertions(+), 26 deletions(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index bad60474..4b25a274 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -38,22 +38,16 @@ jobs: - name: Run chart-testing (lint changed) id: ct-lint if: steps.list-changed.outputs.changed == 'true' - run: | - ct lint --target-branch main --chart-dirs charts --chart-dirs other-charts - if [[ $? -ne 0 ]]; then - echo "failed=true" >> $GITHUB_OUTPUT - fi + run: ct lint --target-branch main --chart-dirs charts --chart-dirs other-charts + continue-on-error: true - name: Run chart-testing (lint all) id: ct-lint-all - run: | - ct lint --target-branch main --all --chart-dirs charts --chart-dirs other-charts - if [[ $? -ne 0 ]]; then - echo "failed=true" >> $GITHUB_OUTPUT - fi + run: ct lint --target-branch main --all --chart-dirs charts --chart-dirs other-charts + continue-on-error: true - name: Notify Slack of chart linting failure - if: steps.ct-lint.outputs.failed == 'true' || steps.ct-lint-all.outputs.failed == 'true' + if: steps.ct-lint.outcome != 'success' || steps.ct-lint-all.outcome != 'success' uses: slackapi/slack-github-action@v1.27.0 with: payload-delimiter: "_" @@ -64,14 +58,18 @@ jobs: "type": "section", "text": { "type": "mrkdwn", - "text": "Linting failed for ${{ steps.ct-lint.outputs.failed == true && 'changed' || 'all' }} charts. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + "text": "Linting failed for ${{ steps.ct-lint.outcome != 'success' && 'changed' || 'all' }} charts. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" } } ] } env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + + - name: Fail the workflow if failed linting + if: steps.ct-lint.outcome != 'success' || steps.ct-lint-all.outcome != 'success' + run: exit 1 install: runs-on: ubuntu-latest @@ -109,24 +107,18 @@ jobs: - name: Run chart-testing (install changed) id: ct-install if: ${{ github.ref != 'refs/heads/main' && steps.list-changed.outputs.changed == 'true' }} - run: | - ct install --target-branch main --chart-dirs charts --chart-dirs other-charts - if [[ $? -ne 0 ]]; then - echo "failed=true" >> $GITHUB_OUTPUT - fi + run: ct install --target-branch main --chart-dirs charts --chart-dirs other-charts + continue-on-error: true # no allow-failure until https://github.com/actions/toolkit/issues/399 - name: Run chart-testing (install all) id: ct-install-all if: ${{ github.ref == 'refs/heads/main' }} - run: | - ct install --target-branch main --all --chart-dirs charts --chart-dirs other-charts - if [[ $? -ne 0 ]]; then - echo "failed=true" >> $GITHUB_OUTPUT - fi + run: ct install --target-branch main --all --chart-dirs charts --chart-dirs other-charts + continue-on-error: true - name: Notify Slack of chart install failure - if: steps.ct-install.outputs.failed == 'true' || steps.ct-install-all.outputs.failed == 'true' + if: steps.ct-install.outcome != 'success' || steps.ct-install-all.outcome != 'success' uses: slackapi/slack-github-action@v1.27.0 with: payload-delimiter: "_" @@ -137,7 +129,7 @@ jobs: "type": "section", "text": { "type": "mrkdwn", - "text": "Failure during installation of ${{ steps.ct-install.outputs.failed == true && 'changed' || 'all' }} charts. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + "text": "Failure during test installation of ${{ steps.ct-install.outcome != 'success' && 'changed' || 'all' }} charts. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" } } ] @@ -146,6 +138,10 @@ jobs: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + - name: Fail the workflow if failed installs + if: steps.ct-install.outcome != 'success' || steps.ct-install-all.outcome != 'success' + run: exit 1 + check-versions-connect: runs-on: ubuntu-latest steps: From f731134eacaae31ba29dea34714319be37b66ec1 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Tue, 8 Oct 2024 14:08:20 -0400 Subject: [PATCH 150/284] Only fail if it's a failure, not if the outcome is NOT success. Sometimes steps are skipped and have no outcome, definitely not success --- .github/workflows/chart-test.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index 4b25a274..c99e83a8 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -47,7 +47,7 @@ jobs: continue-on-error: true - name: Notify Slack of chart linting failure - if: steps.ct-lint.outcome != 'success' || steps.ct-lint-all.outcome != 'success' + if: steps.ct-lint.outcome == 'failure' || steps.ct-lint-all.outcome == 'failure' uses: slackapi/slack-github-action@v1.27.0 with: payload-delimiter: "_" @@ -58,7 +58,7 @@ jobs: "type": "section", "text": { "type": "mrkdwn", - "text": "Linting failed for ${{ steps.ct-lint.outcome != 'success' && 'changed' || 'all' }} charts. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + "text": "Linting failed for ${{ steps.ct-lint.outcome == 'failure' && 'changed' || 'all' }} charts. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" } } ] @@ -68,7 +68,7 @@ jobs: SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK - name: Fail the workflow if failed linting - if: steps.ct-lint.outcome != 'success' || steps.ct-lint-all.outcome != 'success' + if: steps.ct-lint.outcome == 'failure' || steps.ct-lint-all.outcome == 'failure' run: exit 1 install: @@ -118,7 +118,7 @@ jobs: continue-on-error: true - name: Notify Slack of chart install failure - if: steps.ct-install.outcome != 'success' || steps.ct-install-all.outcome != 'success' + if: steps.ct-install.outcome == 'failure' || steps.ct-install-all.outcome == 'failure' uses: slackapi/slack-github-action@v1.27.0 with: payload-delimiter: "_" @@ -129,7 +129,7 @@ jobs: "type": "section", "text": { "type": "mrkdwn", - "text": "Failure during test installation of ${{ steps.ct-install.outcome != 'success' && 'changed' || 'all' }} charts. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + "text": "Failure during test installation of ${{ steps.ct-install.outcome == 'failure' && 'changed' || 'all' }} charts. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" } } ] @@ -139,7 +139,7 @@ jobs: SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK - name: Fail the workflow if failed installs - if: steps.ct-install.outcome != 'success' || steps.ct-install-all.outcome != 'success' + if: steps.ct-install.outcome == 'failure' || steps.ct-install-all.outcome == 'failure' run: exit 1 check-versions-connect: From 4e709846cd30b4626b20ba78a2b63673ff06c142 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Tue, 8 Oct 2024 14:14:27 -0400 Subject: [PATCH 151/284] Fix broken logic in the create kind cluster step --- .github/workflows/chart-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index c99e83a8..ae26db42 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -101,7 +101,7 @@ jobs: - name: Create kind cluster uses: helm/kind-action@v1.1.0 - if: ( steps.list-changed.outputs.changed == 'true' ) || ${{ github.ref == 'refs/heads/main' }} + if: ${{ steps.list-changed.outputs.changed == 'true' || github.ref == 'refs/heads/main' }} # no allow-failure until https://github.com/actions/toolkit/issues/399 - name: Run chart-testing (install changed) From bb4610592edfe446afcb9c031ff324988cd7c641 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Tue, 8 Oct 2024 14:33:09 -0400 Subject: [PATCH 152/284] update to a version where nodejs is more up to date --- .github/workflows/chart-test.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index ae26db42..e05d62d5 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -25,7 +25,7 @@ jobs: python-version: "3.10" - name: Set up chart-testing - uses: helm/chart-testing-action@v2.1.0 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (list-changed) id: list-changed @@ -89,7 +89,7 @@ jobs: python-version: "3.10" - name: Set up chart-testing - uses: helm/chart-testing-action@v2.1.0 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (list-changed) id: list-changed From 99d98f887bd5e67bf3b866121b10f5c3b9c7478c Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Tue, 8 Oct 2024 14:36:42 -0400 Subject: [PATCH 153/284] Kind update to fix nodejs warnings --- .github/workflows/chart-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index e05d62d5..aad34093 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -100,7 +100,7 @@ jobs: fi - name: Create kind cluster - uses: helm/kind-action@v1.1.0 + uses: helm/kind-action@v1.10.0 if: ${{ steps.list-changed.outputs.changed == 'true' || github.ref == 'refs/heads/main' }} # no allow-failure until https://github.com/actions/toolkit/issues/399 From bce30c55e2c48d278c4fbb8ca39b22e653b324c2 Mon Sep 17 00:00:00 2001 From: Brian Deitte Date: Tue, 8 Oct 2024 16:14:08 -0500 Subject: [PATCH 154/284] Update platform codeowners --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index a991752c..ac9267b4 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,5 +1,5 @@ # format per https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#about-code-owners -* @rstudio/infraops @rstudio/platform-dev +* @rstudio/infraops @bschwedler @ianpittwood # package-manager resources /charts/rstudio-pm/* @rstudio/ppm From 91b5cc22a94c82bb49660fd2ecba39bc21874762 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 9 Oct 2024 09:14:34 -0400 Subject: [PATCH 155/284] Add notifications for failing gha for all workflows --- .github/workflows/chart-doc.yaml | 42 +++++++++++++++++++++++++++ .github/workflows/chart-rebuild.yaml | 21 ++++++++++++++ .github/workflows/chart-releaser.yaml | 21 ++++++++++++++ .github/workflows/publish.yml | 20 +++++++++++++ 4 files changed, 104 insertions(+) diff --git a/.github/workflows/chart-doc.yaml b/.github/workflows/chart-doc.yaml index 8c934a1a..f1938270 100644 --- a/.github/workflows/chart-doc.yaml +++ b/.github/workflows/chart-doc.yaml @@ -44,6 +44,27 @@ jobs: with: repo-token: ${{ secrets.GITHUB_TOKEN }} + - name: Notify Slack of chart documentation failure + if: failure() + uses: slackapi/slack-github-action@v1.27.0 + with: + payload-delimiter: "_" + payload: | + { + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Chart Documentation failed, please check the logs. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + } + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + rbac: runs-on: ubuntu-latest name: rbac @@ -79,3 +100,24 @@ jobs: - uses: r-lib/actions/pr-push@v2 with: repo-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Notify Slack of chart documentation (rbac) failure + if: failure() + uses: slackapi/slack-github-action@v1.27.0 + with: + payload-delimiter: "_" + payload: | + { + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Chart Documentation (RBAC) failed, please check the logs. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + } + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK diff --git a/.github/workflows/chart-rebuild.yaml b/.github/workflows/chart-rebuild.yaml index f399113c..54ef9185 100644 --- a/.github/workflows/chart-rebuild.yaml +++ b/.github/workflows/chart-rebuild.yaml @@ -57,3 +57,24 @@ jobs: run: | echo "Created Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" + + - name: Notify Slack of index.yaml rebuild failure + if: failure() + uses: slackapi/slack-github-action@v1.27.0 + with: + payload-delimiter: "_" + payload: | + { + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Rebuild of index.yaml failed, please check the logs. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + } + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK diff --git a/.github/workflows/chart-releaser.yaml b/.github/workflows/chart-releaser.yaml index 9d5c1881..f26d1f7a 100644 --- a/.github/workflows/chart-releaser.yaml +++ b/.github/workflows/chart-releaser.yaml @@ -38,3 +38,24 @@ jobs: charts_repo_url: https://helm.rstudio.com env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + + - name: Notify Slack of chart releaser failure + if: failure() + uses: slackapi/slack-github-action@v1.27.0 + with: + payload-delimiter: "_" + payload: | + { + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Chart Release failed, please check the logs. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + } + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 6e51b8e5..6da33ce6 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -36,3 +36,23 @@ jobs: - run: just push-docs + - name: Notify Slack of publishing chart documentation failure + if: failure() + uses: slackapi/slack-github-action@v1.27.0 + with: + payload-delimiter: "_" + payload: | + { + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Publish of Chart Documentation failed, please check the logs. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + } + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK From 9df503661d808a491612a6c5d6221c8d9f16b6dc Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 9 Oct 2024 09:17:43 -0400 Subject: [PATCH 156/284] better englishing --- .github/workflows/chart-releaser.yaml | 2 +- .github/workflows/publish.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/chart-releaser.yaml b/.github/workflows/chart-releaser.yaml index f26d1f7a..f9253d18 100644 --- a/.github/workflows/chart-releaser.yaml +++ b/.github/workflows/chart-releaser.yaml @@ -39,7 +39,7 @@ jobs: env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - - name: Notify Slack of chart releaser failure + - name: Notify Slack of chart release failure if: failure() uses: slackapi/slack-github-action@v1.27.0 with: diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 6da33ce6..cced9183 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -48,7 +48,7 @@ jobs: "type": "section", "text": { "type": "mrkdwn", - "text": "Publish of Chart Documentation failed, please check the logs. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + "text": "Publishing Chart Documentation failed, please check the logs. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" } } ] From 58aad84cd36c0a01874d317b4f9f6cece67dbf81 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 9 Oct 2024 11:45:09 -0400 Subject: [PATCH 157/284] Add the sealed secrets helm chart to the kind cluster for install testing --- .github/workflows/chart-test.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index aad34093..a1348ab1 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -103,6 +103,12 @@ jobs: uses: helm/kind-action@v1.10.0 if: ${{ steps.list-changed.outputs.changed == 'true' || github.ref == 'refs/heads/main' }} + - name: Install SealedSecrets Helm Chart + if: ${{ steps.list-changed.outputs.changed == 'true' || github.ref == 'refs/heads/main' }} + run: | + helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets + helm install sealed-secrets sealed-secrets/sealed-secrets + # no allow-failure until https://github.com/actions/toolkit/issues/399 - name: Run chart-testing (install changed) id: ct-install From 4f6d947a580e328f068a3ff2bc7cbd3a241fa46c Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Thu, 10 Oct 2024 15:44:55 -0400 Subject: [PATCH 158/284] do not run install tests for now, they need to be rethought --- .github/workflows/chart-test.yaml | 152 +++++++++++++++--------------- 1 file changed, 76 insertions(+), 76 deletions(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index a1348ab1..86a1c378 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -71,82 +71,82 @@ jobs: if: steps.ct-lint.outcome == 'failure' || steps.ct-lint-all.outcome == 'failure' run: exit 1 - install: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Set up Helm - uses: azure/setup-helm@v4.2.0 - with: - version: v3.6.3 - - - uses: actions/setup-python@v5 - with: - python-version: "3.10" - - - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 - - - name: Run chart-testing (list-changed) - id: list-changed - run: | - changed=$(ct list-changed --target-branch main --chart-dirs charts --chart-dirs other-charts) - if [[ -n "$changed" ]]; then - echo 'changed=true' >> $GITHUB_OUTPUT - fi - - - name: Create kind cluster - uses: helm/kind-action@v1.10.0 - if: ${{ steps.list-changed.outputs.changed == 'true' || github.ref == 'refs/heads/main' }} - - - name: Install SealedSecrets Helm Chart - if: ${{ steps.list-changed.outputs.changed == 'true' || github.ref == 'refs/heads/main' }} - run: | - helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets - helm install sealed-secrets sealed-secrets/sealed-secrets - - # no allow-failure until https://github.com/actions/toolkit/issues/399 - - name: Run chart-testing (install changed) - id: ct-install - if: ${{ github.ref != 'refs/heads/main' && steps.list-changed.outputs.changed == 'true' }} - run: ct install --target-branch main --chart-dirs charts --chart-dirs other-charts - continue-on-error: true - - # no allow-failure until https://github.com/actions/toolkit/issues/399 - - name: Run chart-testing (install all) - id: ct-install-all - if: ${{ github.ref == 'refs/heads/main' }} - run: ct install --target-branch main --all --chart-dirs charts --chart-dirs other-charts - continue-on-error: true - - - name: Notify Slack of chart install failure - if: steps.ct-install.outcome == 'failure' || steps.ct-install-all.outcome == 'failure' - uses: slackapi/slack-github-action@v1.27.0 - with: - payload-delimiter: "_" - payload: | - { - "blocks": [ - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": "Failure during test installation of ${{ steps.ct-install.outcome == 'failure' && 'changed' || 'all' }} charts. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - } - } - ] - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK - - - name: Fail the workflow if failed installs - if: steps.ct-install.outcome == 'failure' || steps.ct-install-all.outcome == 'failure' - run: exit 1 +# install: +# runs-on: ubuntu-latest +# steps: +# - name: Checkout +# uses: actions/checkout@v4 +# with: +# fetch-depth: 0 +# +# - name: Set up Helm +# uses: azure/setup-helm@v4.2.0 +# with: +# version: v3.6.3 +# +# - uses: actions/setup-python@v5 +# with: +# python-version: "3.10" +# +# - name: Set up chart-testing +# uses: helm/chart-testing-action@v2.6.1 +# +# - name: Run chart-testing (list-changed) +# id: list-changed +# run: | +# changed=$(ct list-changed --target-branch main --chart-dirs charts --chart-dirs other-charts) +# if [[ -n "$changed" ]]; then +# echo 'changed=true' >> $GITHUB_OUTPUT +# fi +# +# - name: Create kind cluster +# uses: helm/kind-action@v1.10.0 +# if: ${{ steps.list-changed.outputs.changed == 'true' || github.ref == 'refs/heads/main' }} +# +# - name: Install SealedSecrets Helm Chart +# if: ${{ steps.list-changed.outputs.changed == 'true' || github.ref == 'refs/heads/main' }} +# run: | +# helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets +# helm install sealed-secrets sealed-secrets/sealed-secrets +# +# # no allow-failure until https://github.com/actions/toolkit/issues/399 +# - name: Run chart-testing (install changed) +# id: ct-install +# if: ${{ github.ref != 'refs/heads/main' && steps.list-changed.outputs.changed == 'true' }} +# run: ct install --target-branch main --chart-dirs charts --chart-dirs other-charts +# continue-on-error: true +# +# # no allow-failure until https://github.com/actions/toolkit/issues/399 +# - name: Run chart-testing (install all) +# id: ct-install-all +# if: ${{ github.ref == 'refs/heads/main' }} +# run: ct install --target-branch main --all --chart-dirs charts --chart-dirs other-charts +# continue-on-error: true +# +# - name: Notify Slack of chart install failure +# if: steps.ct-install.outcome == 'failure' || steps.ct-install-all.outcome == 'failure' +# uses: slackapi/slack-github-action@v1.27.0 +# with: +# payload-delimiter: "_" +# payload: | +# { +# "blocks": [ +# { +# "type": "section", +# "text": { +# "type": "mrkdwn", +# "text": "Failure during test installation of ${{ steps.ct-install.outcome == 'failure' && 'changed' || 'all' }} charts. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" +# } +# } +# ] +# } +# env: +# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} +# SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK +# +# - name: Fail the workflow if failed installs +# if: steps.ct-install.outcome == 'failure' || steps.ct-install-all.outcome == 'failure' +# run: exit 1 check-versions-connect: runs-on: ubuntu-latest From 78f50be3cc5c4e4461931fd714cff3ed938bd0eb Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Thu, 10 Oct 2024 15:46:09 -0400 Subject: [PATCH 159/284] Also update the codeowners --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index ac9267b4..91427689 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,5 +1,5 @@ # format per https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#about-code-owners -* @rstudio/infraops @bschwedler @ianpittwood +* @rstudio/infraops @rstudio/platform-cloud # package-manager resources /charts/rstudio-pm/* @rstudio/ppm From e8b24586a9c1d86c5e5bdcaec37acff0146afa66 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Tue, 15 Oct 2024 11:26:34 -0400 Subject: [PATCH 160/284] Move ci directory to ci-lint, create new ci-install directory with values for install testing. Update the workflow to create the symlinks as needed as well as clean up the symlinks after --- .github/workflows/chart-test.yaml | 164 ++++++++++-------- .../{ci => ci-install}/empty-values.yaml | 0 .../{ci => ci-lint}/complex-values.yaml | 0 .../{ci => ci-lint}/default-sa-values.yaml | 0 .../ci-lint/empty-values.yaml | 0 .../{ci => ci-lint}/ingress-values.yaml | 0 .../{ci => ci-lint}/ingress2-values.yaml | 0 .../launcher-template-values.yaml | 0 .../license-file-secret-values.yaml | 0 .../{ci => ci-lint}/license-file-values.yaml | 0 .../license-server-values.yaml | 0 .../{ci => ci-lint}/license-values.yaml | 0 .../{ci => ci-lint}/other-complex-values.yaml | 0 .../{ci => ci-lint}/overrides-values-new.yaml | 0 .../{ci => ci-lint}/overrides-values.yaml | 0 .../simple-profiles-values.yaml | 0 .../{ci => ci-lint}/simple-values.yaml | 0 17 files changed, 88 insertions(+), 76 deletions(-) rename charts/rstudio-workbench/{ci => ci-install}/empty-values.yaml (100%) rename charts/rstudio-workbench/{ci => ci-lint}/complex-values.yaml (100%) rename charts/rstudio-workbench/{ci => ci-lint}/default-sa-values.yaml (100%) create mode 100644 charts/rstudio-workbench/ci-lint/empty-values.yaml rename charts/rstudio-workbench/{ci => ci-lint}/ingress-values.yaml (100%) rename charts/rstudio-workbench/{ci => ci-lint}/ingress2-values.yaml (100%) rename charts/rstudio-workbench/{ci => ci-lint}/launcher-template-values.yaml (100%) rename charts/rstudio-workbench/{ci => ci-lint}/license-file-secret-values.yaml (100%) rename charts/rstudio-workbench/{ci => ci-lint}/license-file-values.yaml (100%) rename charts/rstudio-workbench/{ci => ci-lint}/license-server-values.yaml (100%) rename charts/rstudio-workbench/{ci => ci-lint}/license-values.yaml (100%) rename charts/rstudio-workbench/{ci => ci-lint}/other-complex-values.yaml (100%) rename charts/rstudio-workbench/{ci => ci-lint}/overrides-values-new.yaml (100%) rename charts/rstudio-workbench/{ci => ci-lint}/overrides-values.yaml (100%) rename charts/rstudio-workbench/{ci => ci-lint}/simple-profiles-values.yaml (100%) rename charts/rstudio-workbench/{ci => ci-lint}/simple-values.yaml (100%) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index 86a1c378..8b8b01bb 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -27,6 +27,9 @@ jobs: - name: Set up chart-testing uses: helm/chart-testing-action@v2.6.1 + - name: Symlink ci-lint -> ci + run: ln -s ./ci-lint charts/rstudio-workbench/ci + - name: Run chart-testing (list-changed) id: list-changed run: | @@ -46,6 +49,9 @@ jobs: run: ct lint --target-branch main --all --chart-dirs charts --chart-dirs other-charts continue-on-error: true + - name: Remove ci symlink + run: rm charts/rstudio-workbench/ci + - name: Notify Slack of chart linting failure if: steps.ct-lint.outcome == 'failure' || steps.ct-lint-all.outcome == 'failure' uses: slackapi/slack-github-action@v1.27.0 @@ -71,82 +77,88 @@ jobs: if: steps.ct-lint.outcome == 'failure' || steps.ct-lint-all.outcome == 'failure' run: exit 1 -# install: -# runs-on: ubuntu-latest -# steps: -# - name: Checkout -# uses: actions/checkout@v4 -# with: -# fetch-depth: 0 -# -# - name: Set up Helm -# uses: azure/setup-helm@v4.2.0 -# with: -# version: v3.6.3 -# -# - uses: actions/setup-python@v5 -# with: -# python-version: "3.10" -# -# - name: Set up chart-testing -# uses: helm/chart-testing-action@v2.6.1 -# -# - name: Run chart-testing (list-changed) -# id: list-changed -# run: | -# changed=$(ct list-changed --target-branch main --chart-dirs charts --chart-dirs other-charts) -# if [[ -n "$changed" ]]; then -# echo 'changed=true' >> $GITHUB_OUTPUT -# fi -# -# - name: Create kind cluster -# uses: helm/kind-action@v1.10.0 -# if: ${{ steps.list-changed.outputs.changed == 'true' || github.ref == 'refs/heads/main' }} -# -# - name: Install SealedSecrets Helm Chart -# if: ${{ steps.list-changed.outputs.changed == 'true' || github.ref == 'refs/heads/main' }} -# run: | -# helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets -# helm install sealed-secrets sealed-secrets/sealed-secrets -# -# # no allow-failure until https://github.com/actions/toolkit/issues/399 -# - name: Run chart-testing (install changed) -# id: ct-install -# if: ${{ github.ref != 'refs/heads/main' && steps.list-changed.outputs.changed == 'true' }} -# run: ct install --target-branch main --chart-dirs charts --chart-dirs other-charts -# continue-on-error: true -# -# # no allow-failure until https://github.com/actions/toolkit/issues/399 -# - name: Run chart-testing (install all) -# id: ct-install-all -# if: ${{ github.ref == 'refs/heads/main' }} -# run: ct install --target-branch main --all --chart-dirs charts --chart-dirs other-charts -# continue-on-error: true -# -# - name: Notify Slack of chart install failure -# if: steps.ct-install.outcome == 'failure' || steps.ct-install-all.outcome == 'failure' -# uses: slackapi/slack-github-action@v1.27.0 -# with: -# payload-delimiter: "_" -# payload: | -# { -# "blocks": [ -# { -# "type": "section", -# "text": { -# "type": "mrkdwn", -# "text": "Failure during test installation of ${{ steps.ct-install.outcome == 'failure' && 'changed' || 'all' }} charts. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" -# } -# } -# ] -# } -# env: -# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} -# SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK -# -# - name: Fail the workflow if failed installs -# if: steps.ct-install.outcome == 'failure' || steps.ct-install-all.outcome == 'failure' -# run: exit 1 + install: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@v4.2.0 + with: + version: v3.6.3 + + - uses: actions/setup-python@v5 + with: + python-version: "3.10" + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.6.1 + + - name: Symlink ci-install -> ci + run: ln -s ./ci-install charts/rstudio-workbench/ci + + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --target-branch main --chart-dirs charts --chart-dirs other-charts) + if [[ -n "$changed" ]]; then + echo 'changed=true' >> $GITHUB_OUTPUT + fi + + - name: Create kind cluster + uses: helm/kind-action@v1.10.0 + if: ${{ steps.list-changed.outputs.changed == 'true' || github.ref == 'refs/heads/main' }} + + - name: Install SealedSecrets Helm Chart + if: ${{ steps.list-changed.outputs.changed == 'true' || github.ref == 'refs/heads/main' }} + run: | + helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets + helm install sealed-secrets sealed-secrets/sealed-secrets + + # no allow-failure until https://github.com/actions/toolkit/issues/399 + - name: Run chart-testing (install changed) + id: ct-install + if: ${{ github.ref != 'refs/heads/main' && steps.list-changed.outputs.changed == 'true' }} + run: ct install --target-branch main --chart-dirs charts --chart-dirs other-charts + continue-on-error: true + + # no allow-failure until https://github.com/actions/toolkit/issues/399 + - name: Run chart-testing (install all) + id: ct-install-all + if: ${{ github.ref == 'refs/heads/main' }} + run: ct install --target-branch main --all --chart-dirs charts --chart-dirs other-charts + continue-on-error: true + + - name: Remove ci symlink + run: rm charts/rstudio-workbench/ci + + - name: Notify Slack of chart install failure + if: steps.ct-install.outcome == 'failure' || steps.ct-install-all.outcome == 'failure' + uses: slackapi/slack-github-action@v1.27.0 + with: + payload-delimiter: "_" + payload: | + { + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Failure during test installation of ${{ steps.ct-install.outcome == 'failure' && 'changed' || 'all' }} charts. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + } + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + + - name: Fail the workflow if failed installs + if: steps.ct-install.outcome == 'failure' || steps.ct-install-all.outcome == 'failure' + run: exit 1 check-versions-connect: runs-on: ubuntu-latest diff --git a/charts/rstudio-workbench/ci/empty-values.yaml b/charts/rstudio-workbench/ci-install/empty-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci/empty-values.yaml rename to charts/rstudio-workbench/ci-install/empty-values.yaml diff --git a/charts/rstudio-workbench/ci/complex-values.yaml b/charts/rstudio-workbench/ci-lint/complex-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci/complex-values.yaml rename to charts/rstudio-workbench/ci-lint/complex-values.yaml diff --git a/charts/rstudio-workbench/ci/default-sa-values.yaml b/charts/rstudio-workbench/ci-lint/default-sa-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci/default-sa-values.yaml rename to charts/rstudio-workbench/ci-lint/default-sa-values.yaml diff --git a/charts/rstudio-workbench/ci-lint/empty-values.yaml b/charts/rstudio-workbench/ci-lint/empty-values.yaml new file mode 100644 index 00000000..e69de29b diff --git a/charts/rstudio-workbench/ci/ingress-values.yaml b/charts/rstudio-workbench/ci-lint/ingress-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci/ingress-values.yaml rename to charts/rstudio-workbench/ci-lint/ingress-values.yaml diff --git a/charts/rstudio-workbench/ci/ingress2-values.yaml b/charts/rstudio-workbench/ci-lint/ingress2-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci/ingress2-values.yaml rename to charts/rstudio-workbench/ci-lint/ingress2-values.yaml diff --git a/charts/rstudio-workbench/ci/launcher-template-values.yaml b/charts/rstudio-workbench/ci-lint/launcher-template-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci/launcher-template-values.yaml rename to charts/rstudio-workbench/ci-lint/launcher-template-values.yaml diff --git a/charts/rstudio-workbench/ci/license-file-secret-values.yaml b/charts/rstudio-workbench/ci-lint/license-file-secret-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci/license-file-secret-values.yaml rename to charts/rstudio-workbench/ci-lint/license-file-secret-values.yaml diff --git a/charts/rstudio-workbench/ci/license-file-values.yaml b/charts/rstudio-workbench/ci-lint/license-file-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci/license-file-values.yaml rename to charts/rstudio-workbench/ci-lint/license-file-values.yaml diff --git a/charts/rstudio-workbench/ci/license-server-values.yaml b/charts/rstudio-workbench/ci-lint/license-server-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci/license-server-values.yaml rename to charts/rstudio-workbench/ci-lint/license-server-values.yaml diff --git a/charts/rstudio-workbench/ci/license-values.yaml b/charts/rstudio-workbench/ci-lint/license-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci/license-values.yaml rename to charts/rstudio-workbench/ci-lint/license-values.yaml diff --git a/charts/rstudio-workbench/ci/other-complex-values.yaml b/charts/rstudio-workbench/ci-lint/other-complex-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci/other-complex-values.yaml rename to charts/rstudio-workbench/ci-lint/other-complex-values.yaml diff --git a/charts/rstudio-workbench/ci/overrides-values-new.yaml b/charts/rstudio-workbench/ci-lint/overrides-values-new.yaml similarity index 100% rename from charts/rstudio-workbench/ci/overrides-values-new.yaml rename to charts/rstudio-workbench/ci-lint/overrides-values-new.yaml diff --git a/charts/rstudio-workbench/ci/overrides-values.yaml b/charts/rstudio-workbench/ci-lint/overrides-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci/overrides-values.yaml rename to charts/rstudio-workbench/ci-lint/overrides-values.yaml diff --git a/charts/rstudio-workbench/ci/simple-profiles-values.yaml b/charts/rstudio-workbench/ci-lint/simple-profiles-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci/simple-profiles-values.yaml rename to charts/rstudio-workbench/ci-lint/simple-profiles-values.yaml diff --git a/charts/rstudio-workbench/ci/simple-values.yaml b/charts/rstudio-workbench/ci-lint/simple-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci/simple-values.yaml rename to charts/rstudio-workbench/ci-lint/simple-values.yaml From 72094f5a9e2952af1fd895fa02e35cc0f886731d Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Tue, 15 Oct 2024 11:34:48 -0400 Subject: [PATCH 161/284] I don't think this is proper, but ok --- charts/rstudio-workbench/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rstudio-workbench/Chart.yaml b/charts/rstudio-workbench/Chart.yaml index bba6de8f..e90f0a65 100644 --- a/charts/rstudio-workbench/Chart.yaml +++ b/charts/rstudio-workbench/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-workbench description: Official Helm chart for Posit Workbench -version: 0.8.3 +version: 0.8.4 apiVersion: v2 appVersion: 2024.09.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png From 5c6bd754b7be47260260ebfdbfbbda6d263c380d Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 15 Oct 2024 15:36:56 +0000 Subject: [PATCH 162/284] Update helm-docs and README.md --- charts/rstudio-workbench/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 07f1a0cb..176fc569 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,6 +1,6 @@ # Posit Workbench -![Version: 0.8.3](https://img.shields.io/badge/Version-0.8.3-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) +![Version: 0.8.4](https://img.shields.io/badge/Version-0.8.4-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) #### _Official Helm chart for Posit Workbench_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.8.3: +To install the chart with the release name `my-release` at version 0.8.4: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-workbench --version=0.8.3 +helm upgrade --install my-release rstudio/rstudio-workbench --version=0.8.4 ``` To explore other chart versions, look at: From a0a3827d09dea3cc7d8d9bf073f00b35353579eb Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Tue, 15 Oct 2024 11:54:45 -0400 Subject: [PATCH 163/284] Add a basic-values that hopefully works --- charts/rstudio-workbench/ci-install/basic-values.yaml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 charts/rstudio-workbench/ci-install/basic-values.yaml diff --git a/charts/rstudio-workbench/ci-install/basic-values.yaml b/charts/rstudio-workbench/ci-install/basic-values.yaml new file mode 100644 index 00000000..849e941b --- /dev/null +++ b/charts/rstudio-workbench/ci-install/basic-values.yaml @@ -0,0 +1,2 @@ +readinessProbe: + enabled: false From 5d4f47724f5c81c3170c0531d187d93f806b0e27 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Tue, 15 Oct 2024 11:55:13 -0400 Subject: [PATCH 164/284] Remove the empty-values file for now, it fails intalls --- charts/rstudio-workbench/ci-install/empty-values.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 charts/rstudio-workbench/ci-install/empty-values.yaml diff --git a/charts/rstudio-workbench/ci-install/empty-values.yaml b/charts/rstudio-workbench/ci-install/empty-values.yaml deleted file mode 100644 index e69de29b..00000000 From b57eaac9cb319aa8d42011f1b003622d7cadcbbb Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Tue, 15 Oct 2024 14:19:36 -0400 Subject: [PATCH 165/284] do not bother removing the symlink --- .github/workflows/chart-test.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index 8b8b01bb..11ff1557 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -49,9 +49,6 @@ jobs: run: ct lint --target-branch main --all --chart-dirs charts --chart-dirs other-charts continue-on-error: true - - name: Remove ci symlink - run: rm charts/rstudio-workbench/ci - - name: Notify Slack of chart linting failure if: steps.ct-lint.outcome == 'failure' || steps.ct-lint-all.outcome == 'failure' uses: slackapi/slack-github-action@v1.27.0 @@ -132,9 +129,6 @@ jobs: run: ct install --target-branch main --all --chart-dirs charts --chart-dirs other-charts continue-on-error: true - - name: Remove ci symlink - run: rm charts/rstudio-workbench/ci - - name: Notify Slack of chart install failure if: steps.ct-install.outcome == 'failure' || steps.ct-install-all.outcome == 'failure' uses: slackapi/slack-github-action@v1.27.0 From d8cf922c201c951b5e61d0dca03511eaef94a3ae Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Tue, 15 Oct 2024 14:49:14 -0400 Subject: [PATCH 166/284] Switch rstudio-pm to also have a separate ct-lint and ct-install directory --- charts/rstudio-pm/Chart.yaml | 2 +- charts/rstudio-pm/{ci => ci-install}/empty-values.yaml | 0 charts/rstudio-pm/{ci => ci-lint}/all-values.yaml | 0 charts/rstudio-pm/ci-lint/empty-values.yaml | 0 charts/rstudio-pm/{ci => ci-lint}/ingress-values.yaml | 0 charts/rstudio-pm/{ci => ci-lint}/ingress2-values.yaml | 0 charts/rstudio-pm/{ci => ci-lint}/simple-values.yaml | 0 7 files changed, 1 insertion(+), 1 deletion(-) rename charts/rstudio-pm/{ci => ci-install}/empty-values.yaml (100%) rename charts/rstudio-pm/{ci => ci-lint}/all-values.yaml (100%) create mode 100644 charts/rstudio-pm/ci-lint/empty-values.yaml rename charts/rstudio-pm/{ci => ci-lint}/ingress-values.yaml (100%) rename charts/rstudio-pm/{ci => ci-lint}/ingress2-values.yaml (100%) rename charts/rstudio-pm/{ci => ci-lint}/simple-values.yaml (100%) diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index c108bf1c..9c03d931 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-pm description: Official Helm chart for Posit Package Manager -version: 0.5.37 +version: 0.5.38 apiVersion: v2 appVersion: 2024.08.2 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-pm/ci/empty-values.yaml b/charts/rstudio-pm/ci-install/empty-values.yaml similarity index 100% rename from charts/rstudio-pm/ci/empty-values.yaml rename to charts/rstudio-pm/ci-install/empty-values.yaml diff --git a/charts/rstudio-pm/ci/all-values.yaml b/charts/rstudio-pm/ci-lint/all-values.yaml similarity index 100% rename from charts/rstudio-pm/ci/all-values.yaml rename to charts/rstudio-pm/ci-lint/all-values.yaml diff --git a/charts/rstudio-pm/ci-lint/empty-values.yaml b/charts/rstudio-pm/ci-lint/empty-values.yaml new file mode 100644 index 00000000..e69de29b diff --git a/charts/rstudio-pm/ci/ingress-values.yaml b/charts/rstudio-pm/ci-lint/ingress-values.yaml similarity index 100% rename from charts/rstudio-pm/ci/ingress-values.yaml rename to charts/rstudio-pm/ci-lint/ingress-values.yaml diff --git a/charts/rstudio-pm/ci/ingress2-values.yaml b/charts/rstudio-pm/ci-lint/ingress2-values.yaml similarity index 100% rename from charts/rstudio-pm/ci/ingress2-values.yaml rename to charts/rstudio-pm/ci-lint/ingress2-values.yaml diff --git a/charts/rstudio-pm/ci/simple-values.yaml b/charts/rstudio-pm/ci-lint/simple-values.yaml similarity index 100% rename from charts/rstudio-pm/ci/simple-values.yaml rename to charts/rstudio-pm/ci-lint/simple-values.yaml From 66d84ba1b93699ee9c05e0f8f671bae8a277f847 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Tue, 15 Oct 2024 14:51:33 -0400 Subject: [PATCH 167/284] Switch rstudio-launcher-rbac to also have a separate ct-lint and ct-install directory --- charts/rstudio-launcher-rbac/{ci => ci-install}/empty-values.yaml | 0 charts/rstudio-launcher-rbac/{ci => ci-lint}/all-values.yaml | 0 charts/rstudio-launcher-rbac/ci-lint/empty-values.yaml | 0 .../rstudio-launcher-rbac/{ci => ci-lint}/just-yaml-values.yaml | 0 .../{ci => ci-lint}/no-release-ns-values.yaml | 0 charts/rstudio-launcher-rbac/{ci => ci-lint}/no-sa-values.yaml | 0 charts/rstudio-launcher-rbac/{ci => ci-lint}/simple-values.yaml | 0 7 files changed, 0 insertions(+), 0 deletions(-) rename charts/rstudio-launcher-rbac/{ci => ci-install}/empty-values.yaml (100%) rename charts/rstudio-launcher-rbac/{ci => ci-lint}/all-values.yaml (100%) create mode 100644 charts/rstudio-launcher-rbac/ci-lint/empty-values.yaml rename charts/rstudio-launcher-rbac/{ci => ci-lint}/just-yaml-values.yaml (100%) rename charts/rstudio-launcher-rbac/{ci => ci-lint}/no-release-ns-values.yaml (100%) rename charts/rstudio-launcher-rbac/{ci => ci-lint}/no-sa-values.yaml (100%) rename charts/rstudio-launcher-rbac/{ci => ci-lint}/simple-values.yaml (100%) diff --git a/charts/rstudio-launcher-rbac/ci/empty-values.yaml b/charts/rstudio-launcher-rbac/ci-install/empty-values.yaml similarity index 100% rename from charts/rstudio-launcher-rbac/ci/empty-values.yaml rename to charts/rstudio-launcher-rbac/ci-install/empty-values.yaml diff --git a/charts/rstudio-launcher-rbac/ci/all-values.yaml b/charts/rstudio-launcher-rbac/ci-lint/all-values.yaml similarity index 100% rename from charts/rstudio-launcher-rbac/ci/all-values.yaml rename to charts/rstudio-launcher-rbac/ci-lint/all-values.yaml diff --git a/charts/rstudio-launcher-rbac/ci-lint/empty-values.yaml b/charts/rstudio-launcher-rbac/ci-lint/empty-values.yaml new file mode 100644 index 00000000..e69de29b diff --git a/charts/rstudio-launcher-rbac/ci/just-yaml-values.yaml b/charts/rstudio-launcher-rbac/ci-lint/just-yaml-values.yaml similarity index 100% rename from charts/rstudio-launcher-rbac/ci/just-yaml-values.yaml rename to charts/rstudio-launcher-rbac/ci-lint/just-yaml-values.yaml diff --git a/charts/rstudio-launcher-rbac/ci/no-release-ns-values.yaml b/charts/rstudio-launcher-rbac/ci-lint/no-release-ns-values.yaml similarity index 100% rename from charts/rstudio-launcher-rbac/ci/no-release-ns-values.yaml rename to charts/rstudio-launcher-rbac/ci-lint/no-release-ns-values.yaml diff --git a/charts/rstudio-launcher-rbac/ci/no-sa-values.yaml b/charts/rstudio-launcher-rbac/ci-lint/no-sa-values.yaml similarity index 100% rename from charts/rstudio-launcher-rbac/ci/no-sa-values.yaml rename to charts/rstudio-launcher-rbac/ci-lint/no-sa-values.yaml diff --git a/charts/rstudio-launcher-rbac/ci/simple-values.yaml b/charts/rstudio-launcher-rbac/ci-lint/simple-values.yaml similarity index 100% rename from charts/rstudio-launcher-rbac/ci/simple-values.yaml rename to charts/rstudio-launcher-rbac/ci-lint/simple-values.yaml From bdef915dc57a36cd636eb1e6517147f443d60371 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Tue, 15 Oct 2024 14:53:24 -0400 Subject: [PATCH 168/284] Switch rstudio-connect to also have a separate ct-lint and ct-install directory --- charts/rstudio-connect/Chart.yaml | 2 +- charts/rstudio-connect/{ci => ci-lint}/complex-values.yaml | 0 charts/rstudio-connect/{ci => ci-lint}/deprecated-values.yaml | 0 charts/rstudio-connect/{ci => ci-lint}/empty-values.yaml | 0 charts/rstudio-connect/{ci => ci-lint}/ingress-values.yaml | 0 charts/rstudio-connect/{ci => ci-lint}/ingress2-values.yaml | 0 .../{ci => ci-lint}/launcher-advanced-values.yaml | 0 .../{ci => ci-lint}/launcher-advanced2-values.yaml | 0 .../{ci => ci-lint}/launcher-advanced3-values.yaml | 0 .../{ci => ci-lint}/launcher-template-values.yaml | 0 charts/rstudio-connect/{ci => ci-lint}/launcher-values.yaml | 0 charts/rstudio-connect/{ci => ci-lint}/simple-values.yaml | 0 12 files changed, 1 insertion(+), 1 deletion(-) rename charts/rstudio-connect/{ci => ci-lint}/complex-values.yaml (100%) rename charts/rstudio-connect/{ci => ci-lint}/deprecated-values.yaml (100%) rename charts/rstudio-connect/{ci => ci-lint}/empty-values.yaml (100%) rename charts/rstudio-connect/{ci => ci-lint}/ingress-values.yaml (100%) rename charts/rstudio-connect/{ci => ci-lint}/ingress2-values.yaml (100%) rename charts/rstudio-connect/{ci => ci-lint}/launcher-advanced-values.yaml (100%) rename charts/rstudio-connect/{ci => ci-lint}/launcher-advanced2-values.yaml (100%) rename charts/rstudio-connect/{ci => ci-lint}/launcher-advanced3-values.yaml (100%) rename charts/rstudio-connect/{ci => ci-lint}/launcher-template-values.yaml (100%) rename charts/rstudio-connect/{ci => ci-lint}/launcher-values.yaml (100%) rename charts/rstudio-connect/{ci => ci-lint}/simple-values.yaml (100%) diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index 2e6416cb..2c500037 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.7.10 +version: 0.7.11 apiVersion: v2 appVersion: 2024.09.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-connect/ci/complex-values.yaml b/charts/rstudio-connect/ci-lint/complex-values.yaml similarity index 100% rename from charts/rstudio-connect/ci/complex-values.yaml rename to charts/rstudio-connect/ci-lint/complex-values.yaml diff --git a/charts/rstudio-connect/ci/deprecated-values.yaml b/charts/rstudio-connect/ci-lint/deprecated-values.yaml similarity index 100% rename from charts/rstudio-connect/ci/deprecated-values.yaml rename to charts/rstudio-connect/ci-lint/deprecated-values.yaml diff --git a/charts/rstudio-connect/ci/empty-values.yaml b/charts/rstudio-connect/ci-lint/empty-values.yaml similarity index 100% rename from charts/rstudio-connect/ci/empty-values.yaml rename to charts/rstudio-connect/ci-lint/empty-values.yaml diff --git a/charts/rstudio-connect/ci/ingress-values.yaml b/charts/rstudio-connect/ci-lint/ingress-values.yaml similarity index 100% rename from charts/rstudio-connect/ci/ingress-values.yaml rename to charts/rstudio-connect/ci-lint/ingress-values.yaml diff --git a/charts/rstudio-connect/ci/ingress2-values.yaml b/charts/rstudio-connect/ci-lint/ingress2-values.yaml similarity index 100% rename from charts/rstudio-connect/ci/ingress2-values.yaml rename to charts/rstudio-connect/ci-lint/ingress2-values.yaml diff --git a/charts/rstudio-connect/ci/launcher-advanced-values.yaml b/charts/rstudio-connect/ci-lint/launcher-advanced-values.yaml similarity index 100% rename from charts/rstudio-connect/ci/launcher-advanced-values.yaml rename to charts/rstudio-connect/ci-lint/launcher-advanced-values.yaml diff --git a/charts/rstudio-connect/ci/launcher-advanced2-values.yaml b/charts/rstudio-connect/ci-lint/launcher-advanced2-values.yaml similarity index 100% rename from charts/rstudio-connect/ci/launcher-advanced2-values.yaml rename to charts/rstudio-connect/ci-lint/launcher-advanced2-values.yaml diff --git a/charts/rstudio-connect/ci/launcher-advanced3-values.yaml b/charts/rstudio-connect/ci-lint/launcher-advanced3-values.yaml similarity index 100% rename from charts/rstudio-connect/ci/launcher-advanced3-values.yaml rename to charts/rstudio-connect/ci-lint/launcher-advanced3-values.yaml diff --git a/charts/rstudio-connect/ci/launcher-template-values.yaml b/charts/rstudio-connect/ci-lint/launcher-template-values.yaml similarity index 100% rename from charts/rstudio-connect/ci/launcher-template-values.yaml rename to charts/rstudio-connect/ci-lint/launcher-template-values.yaml diff --git a/charts/rstudio-connect/ci/launcher-values.yaml b/charts/rstudio-connect/ci-lint/launcher-values.yaml similarity index 100% rename from charts/rstudio-connect/ci/launcher-values.yaml rename to charts/rstudio-connect/ci-lint/launcher-values.yaml diff --git a/charts/rstudio-connect/ci/simple-values.yaml b/charts/rstudio-connect/ci-lint/simple-values.yaml similarity index 100% rename from charts/rstudio-connect/ci/simple-values.yaml rename to charts/rstudio-connect/ci-lint/simple-values.yaml From bfceb3699123ec978caaf20198083f8123204c45 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Tue, 15 Oct 2024 14:53:46 -0400 Subject: [PATCH 169/284] Forgot to update the chart for rstudio-launcher-rbac --- charts/rstudio-launcher-rbac/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rstudio-launcher-rbac/Chart.yaml b/charts/rstudio-launcher-rbac/Chart.yaml index 4d7dbdb7..f57389d8 100644 --- a/charts/rstudio-launcher-rbac/Chart.yaml +++ b/charts/rstudio-launcher-rbac/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: rstudio-launcher-rbac description: RBAC definition for the RStudio Job Launcher type: application -version: 0.2.21 +version: 0.2.22 appVersion: 0.2.21 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png sources: From d13598bb48d000444ec9501d676099e051d85d0a Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Tue, 15 Oct 2024 14:54:10 -0400 Subject: [PATCH 170/284] Forgot to add the ci-install dir for rstudio-connect --- charts/rstudio-connect/ci-install/empty-values.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 charts/rstudio-connect/ci-install/empty-values.yaml diff --git a/charts/rstudio-connect/ci-install/empty-values.yaml b/charts/rstudio-connect/ci-install/empty-values.yaml new file mode 100644 index 00000000..e69de29b From cfa16cb6b8150e265a9b85fe9557e37ae1945018 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Tue, 15 Oct 2024 14:55:28 -0400 Subject: [PATCH 171/284] Switch posit-chronicle to also have a separate ct-lint and ct-install directory --- charts/posit-chronicle/Chart.yaml | 2 +- charts/posit-chronicle/{ci => ci-install}/empty-values.yaml | 0 charts/posit-chronicle/{ci => ci-lint}/complex-values.yaml | 0 charts/posit-chronicle/ci-lint/empty-values.yaml | 0 .../{ci => ci-lint}/no-local-storage-values.yaml | 0 charts/posit-chronicle/{ci => ci-lint}/simple-values.yaml | 0 6 files changed, 1 insertion(+), 1 deletion(-) rename charts/posit-chronicle/{ci => ci-install}/empty-values.yaml (100%) rename charts/posit-chronicle/{ci => ci-lint}/complex-values.yaml (100%) create mode 100644 charts/posit-chronicle/ci-lint/empty-values.yaml rename charts/posit-chronicle/{ci => ci-lint}/no-local-storage-values.yaml (100%) rename charts/posit-chronicle/{ci => ci-lint}/simple-values.yaml (100%) diff --git a/charts/posit-chronicle/Chart.yaml b/charts/posit-chronicle/Chart.yaml index 17aa55df..79fa54bd 100644 --- a/charts/posit-chronicle/Chart.yaml +++ b/charts/posit-chronicle/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: posit-chronicle description: Official Helm chart for Posit Chronicle Server -version: 0.3.2 +version: 0.3.3 appVersion: 2024.09.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.posit.co diff --git a/charts/posit-chronicle/ci/empty-values.yaml b/charts/posit-chronicle/ci-install/empty-values.yaml similarity index 100% rename from charts/posit-chronicle/ci/empty-values.yaml rename to charts/posit-chronicle/ci-install/empty-values.yaml diff --git a/charts/posit-chronicle/ci/complex-values.yaml b/charts/posit-chronicle/ci-lint/complex-values.yaml similarity index 100% rename from charts/posit-chronicle/ci/complex-values.yaml rename to charts/posit-chronicle/ci-lint/complex-values.yaml diff --git a/charts/posit-chronicle/ci-lint/empty-values.yaml b/charts/posit-chronicle/ci-lint/empty-values.yaml new file mode 100644 index 00000000..e69de29b diff --git a/charts/posit-chronicle/ci/no-local-storage-values.yaml b/charts/posit-chronicle/ci-lint/no-local-storage-values.yaml similarity index 100% rename from charts/posit-chronicle/ci/no-local-storage-values.yaml rename to charts/posit-chronicle/ci-lint/no-local-storage-values.yaml diff --git a/charts/posit-chronicle/ci/simple-values.yaml b/charts/posit-chronicle/ci-lint/simple-values.yaml similarity index 100% rename from charts/posit-chronicle/ci/simple-values.yaml rename to charts/posit-chronicle/ci-lint/simple-values.yaml From 3351f9d7361a48c955393e7f488fb7074e637f7b Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 15 Oct 2024 18:57:46 +0000 Subject: [PATCH 172/284] Update helm-docs and README.md --- charts/posit-chronicle/README.md | 6 +++--- charts/rstudio-connect/README.md | 6 +++--- charts/rstudio-launcher-rbac/README.md | 6 +++--- charts/rstudio-pm/README.md | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/charts/posit-chronicle/README.md b/charts/posit-chronicle/README.md index 764eac04..e90511e2 100644 --- a/charts/posit-chronicle/README.md +++ b/charts/posit-chronicle/README.md @@ -1,6 +1,6 @@ # Posit Chronicle -![Version: 0.3.2](https://img.shields.io/badge/Version-0.3.2-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) +![Version: 0.3.3](https://img.shields.io/badge/Version-0.3.3-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) #### _Official Helm chart for Posit Chronicle Server_ @@ -25,11 +25,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.3.2: +To install the chart with the release name `my-release` at version 0.3.3: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/posit-chronicle --version=0.3.2 +helm upgrade --install my-release rstudio/posit-chronicle --version=0.3.3 ``` To explore other chart versions, look at: diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 6b52a33a..68890be2 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.7.10](https://img.shields.io/badge/Version-0.7.10-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) +![Version: 0.7.11](https://img.shields.io/badge/Version-0.7.11-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ @@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.10: +To install the chart with the release name `my-release` at version 0.7.11: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.10 +helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.11 ``` To explore other chart versions, look at: diff --git a/charts/rstudio-launcher-rbac/README.md b/charts/rstudio-launcher-rbac/README.md index abe0df9c..0aa9fdb9 100644 --- a/charts/rstudio-launcher-rbac/README.md +++ b/charts/rstudio-launcher-rbac/README.md @@ -1,6 +1,6 @@ # rstudio-launcher-rbac -![Version: 0.2.21](https://img.shields.io/badge/Version-0.2.21-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.21](https://img.shields.io/badge/AppVersion-0.2.21-informational?style=flat-square) +![Version: 0.2.22](https://img.shields.io/badge/Version-0.2.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.21](https://img.shields.io/badge/AppVersion-0.2.21-informational?style=flat-square) #### _RBAC definition for the RStudio Job Launcher_ @@ -21,11 +21,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.2.21: +To install the chart with the release name `my-release` at version 0.2.22: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-launcher-rbac --version=0.2.21 +helm upgrade --install my-release rstudio/rstudio-launcher-rbac --version=0.2.22 ``` To explore other chart versions, look at: diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 9ef4c079..7dee596b 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,6 +1,6 @@ # Posit Package Manager -![Version: 0.5.37](https://img.shields.io/badge/Version-0.5.37-informational?style=flat-square) ![AppVersion: 2024.08.2](https://img.shields.io/badge/AppVersion-2024.08.2-informational?style=flat-square) +![Version: 0.5.38](https://img.shields.io/badge/Version-0.5.38-informational?style=flat-square) ![AppVersion: 2024.08.2](https://img.shields.io/badge/AppVersion-2024.08.2-informational?style=flat-square) #### _Official Helm chart for Posit Package Manager_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.5.37: +To install the chart with the release name `my-release` at version 0.5.38: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.37 +helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.38 ``` To explore other chart versions, look at: From 9c55e5aa4d5038edb7e5499091c24c1384b53f81 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 15 Oct 2024 18:58:05 +0000 Subject: [PATCH 173/284] Update rbac yaml --- .../rbac/rstudio-launcher-rbac-0.2.22.yaml | 88 +++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 examples/rbac/rstudio-launcher-rbac-0.2.22.yaml diff --git a/examples/rbac/rstudio-launcher-rbac-0.2.22.yaml b/examples/rbac/rstudio-launcher-rbac-0.2.22.yaml new file mode 100644 index 00000000..3b322f8d --- /dev/null +++ b/examples/rbac/rstudio-launcher-rbac-0.2.22.yaml @@ -0,0 +1,88 @@ +--- +# Source: rstudio-launcher-rbac/templates/rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rstudio-launcher-rbac +--- +# Source: rstudio-launcher-rbac/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: rstudio-launcher-rbac +rules: + - apiGroups: + - "" + resources: + - "serviceaccounts" + verbs: + - "list" + - apiGroups: + - "" + resources: + - "pods/log" + verbs: + - "get" + - "watch" + - "list" + - apiGroups: + - "" + resources: + - "pods" + - "pods/attach" + - "pods/exec" + verbs: + - "get" + - "create" + - "update" + - "patch" + - "watch" + - "list" + - "delete" + - apiGroups: + - "" + resources: + - "events" + verbs: + - "watch" + - apiGroups: + - "" + resources: + - "services" + verbs: + - "create" + - "get" + - "watch" + - "list" + - "delete" + - apiGroups: + - "batch" + resources: + - "jobs" + verbs: + - "create" + - "update" + - "patch" + - "get" + - "watch" + - "list" + - "delete" + - apiGroups: + - "metrics.k8s.io" + resources: + - "pods" + verbs: + - "get" +--- +# Source: rstudio-launcher-rbac/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: rstudio-launcher-rbac +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rstudio-launcher-rbac +subjects: + - kind: ServiceAccount + name: rstudio-launcher-rbac From d0c1b002b84052863bdbcbf002ef4848069e4b72 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Tue, 15 Oct 2024 15:04:45 -0400 Subject: [PATCH 174/284] Do the symlink dance for all the charts, if they have ci-lint or ci-install --- .github/workflows/chart-test.yaml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index 11ff1557..357a01c4 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -28,7 +28,12 @@ jobs: uses: helm/chart-testing-action@v2.6.1 - name: Symlink ci-lint -> ci - run: ln -s ./ci-lint charts/rstudio-workbench/ci + run: | + for dir in charts/*/; do + if [[ -d $dir/ci-lint ]]; then + ln -s ./ci-lint charts/$dir/ci + fi + done - name: Run chart-testing (list-changed) id: list-changed @@ -95,7 +100,12 @@ jobs: uses: helm/chart-testing-action@v2.6.1 - name: Symlink ci-install -> ci - run: ln -s ./ci-install charts/rstudio-workbench/ci + run: | + for dir in charts/*/; do + if [[ -d $dir/ci-install ]]; then + ln -s ./ci-install charts/$dir/ci + fi + done - name: Run chart-testing (list-changed) id: list-changed From 85d1502c57229bd15305d6adabb4574e25f3b4ab Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Tue, 15 Oct 2024 15:09:30 -0400 Subject: [PATCH 175/284] dir is charts/chart-name --- .github/workflows/chart-test.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index 357a01c4..589c7b88 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -31,7 +31,7 @@ jobs: run: | for dir in charts/*/; do if [[ -d $dir/ci-lint ]]; then - ln -s ./ci-lint charts/$dir/ci + ln -s ./ci-lint $dir/ci fi done @@ -103,7 +103,7 @@ jobs: run: | for dir in charts/*/; do if [[ -d $dir/ci-install ]]; then - ln -s ./ci-install charts/$dir/ci + ln -s ./ci-install $dir/ci fi done From 93bfa9df15e6e00e2e6761f3b3981a202112a3e2 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Tue, 15 Oct 2024 16:36:10 -0400 Subject: [PATCH 176/284] Attempt to fix the failing installs --- .../ci-install/{empty-values.yaml => basic-values.yaml} | 0 charts/rstudio-connect/ci-install/basic-values.yaml | 2 ++ charts/rstudio-connect/ci-install/empty-values.yaml | 0 charts/rstudio-pm/ci-install/basic-values.yaml | 2 ++ charts/rstudio-pm/ci-install/empty-values.yaml | 0 5 files changed, 4 insertions(+) rename charts/posit-chronicle/ci-install/{empty-values.yaml => basic-values.yaml} (100%) create mode 100644 charts/rstudio-connect/ci-install/basic-values.yaml delete mode 100644 charts/rstudio-connect/ci-install/empty-values.yaml create mode 100644 charts/rstudio-pm/ci-install/basic-values.yaml delete mode 100644 charts/rstudio-pm/ci-install/empty-values.yaml diff --git a/charts/posit-chronicle/ci-install/empty-values.yaml b/charts/posit-chronicle/ci-install/basic-values.yaml similarity index 100% rename from charts/posit-chronicle/ci-install/empty-values.yaml rename to charts/posit-chronicle/ci-install/basic-values.yaml diff --git a/charts/rstudio-connect/ci-install/basic-values.yaml b/charts/rstudio-connect/ci-install/basic-values.yaml new file mode 100644 index 00000000..849e941b --- /dev/null +++ b/charts/rstudio-connect/ci-install/basic-values.yaml @@ -0,0 +1,2 @@ +readinessProbe: + enabled: false diff --git a/charts/rstudio-connect/ci-install/empty-values.yaml b/charts/rstudio-connect/ci-install/empty-values.yaml deleted file mode 100644 index e69de29b..00000000 diff --git a/charts/rstudio-pm/ci-install/basic-values.yaml b/charts/rstudio-pm/ci-install/basic-values.yaml new file mode 100644 index 00000000..849e941b --- /dev/null +++ b/charts/rstudio-pm/ci-install/basic-values.yaml @@ -0,0 +1,2 @@ +readinessProbe: + enabled: false diff --git a/charts/rstudio-pm/ci-install/empty-values.yaml b/charts/rstudio-pm/ci-install/empty-values.yaml deleted file mode 100644 index e69de29b..00000000 From daee0dcedd6fb620d8b70ea1eb1a7336ffacfeae Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 16 Oct 2024 09:31:24 -0400 Subject: [PATCH 177/284] Trying to fix posit-chronicle failure of 'failed to create metrics service: no storers found for v1/metrics' --- charts/posit-chronicle/ci-install/basic-values.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/charts/posit-chronicle/ci-install/basic-values.yaml b/charts/posit-chronicle/ci-install/basic-values.yaml index e69de29b..a1c6f7e7 100644 --- a/charts/posit-chronicle/ci-install/basic-values.yaml +++ b/charts/posit-chronicle/ci-install/basic-values.yaml @@ -0,0 +1,5 @@ +config: + LocalStorage: + Enabled: true + Location: "/chronicle-data" + RetentionPeriod: "30d" From 989d7a06a9003356a75ad8bf189f48774c10bc23 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 16 Oct 2024 10:58:47 -0400 Subject: [PATCH 178/284] Bump the news files for each chart that has been incremented --- charts/posit-chronicle/NEWS.md | 4 ++++ charts/rstudio-connect/NEWS.md | 4 ++++ charts/rstudio-launcher-rbac/NEWS.md | 4 ++++ charts/rstudio-pm/NEWS.md | 4 ++++ charts/rstudio-workbench/NEWS.md | 4 ++++ 5 files changed, 20 insertions(+) diff --git a/charts/posit-chronicle/NEWS.md b/charts/posit-chronicle/NEWS.md index b40acff0..f47c16ab 100644 --- a/charts/posit-chronicle/NEWS.md +++ b/charts/posit-chronicle/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.3.3 + +- Changes to the values files for linting and installation testing + ## 0.3.2 - Bump Chronicle to version 2024.09.0 diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index b6cb9cdd..7d7a767e 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.7.11 + +- Changes to the values files for linting and installation testing + ## 0.7.10 - Bump version of launcher templates `job.tpl` and `service.tpl` diff --git a/charts/rstudio-launcher-rbac/NEWS.md b/charts/rstudio-launcher-rbac/NEWS.md index e3834ea0..11527516 100644 --- a/charts/rstudio-launcher-rbac/NEWS.md +++ b/charts/rstudio-launcher-rbac/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.2.22 + +- Changes to the values files for linting and installation testing + ## 0.2.21 - Documentation site updates diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index ec60fa8c..ee9c0171 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.5.38 + +- Changes to the values files for linting and installation testing + ## 0.5.37 - Update documentation with lowercase `Database.Provider = "postgres"`. diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index ae836636..ad4495f0 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.8.4 + +- Changes to the values files for linting and installation testing + ## 0.8.3 - Bump version of launcher templates `job.tpl` and `service.tpl` From 955ce963053a6646775d0e92db5028c3e944a711 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 16 Oct 2024 11:34:29 -0400 Subject: [PATCH 179/284] Move lint and install ci dirs into this new structure --- .../ci-install => ci/posit-chronicle/install}/basic-values.yaml | 0 .../ci-lint => ci/posit-chronicle/lint}/complex-values.yaml | 0 .../ci-lint => ci/posit-chronicle/lint}/empty-values.yaml | 0 .../posit-chronicle/lint}/no-local-storage-values.yaml | 0 .../ci-lint => ci/posit-chronicle/lint}/simple-values.yaml | 0 .../ci-install => ci/rstudio-connect/install}/basic-values.yaml | 0 .../ci-lint => ci/rstudio-connect/lint}/complex-values.yaml | 0 .../ci-lint => ci/rstudio-connect/lint}/deprecated-values.yaml | 0 .../ci-lint => ci/rstudio-connect/lint}/empty-values.yaml | 0 .../ci-lint => ci/rstudio-connect/lint}/ingress-values.yaml | 0 .../ci-lint => ci/rstudio-connect/lint}/ingress2-values.yaml | 0 .../rstudio-connect/lint}/launcher-advanced-values.yaml | 0 .../rstudio-connect/lint}/launcher-advanced2-values.yaml | 0 .../rstudio-connect/lint}/launcher-advanced3-values.yaml | 0 .../rstudio-connect/lint}/launcher-template-values.yaml | 0 .../ci-lint => ci/rstudio-connect/lint}/launcher-values.yaml | 0 .../ci-lint => ci/rstudio-connect/lint}/simple-values.yaml | 0 .../rstudio-launcher-rbac/install}/empty-values.yaml | 0 .../ci-lint => ci/rstudio-launcher-rbac/lint}/all-values.yaml | 0 .../ci-lint => ci/rstudio-launcher-rbac/lint}/empty-values.yaml | 0 .../rstudio-launcher-rbac/lint}/just-yaml-values.yaml | 0 .../rstudio-launcher-rbac/lint}/no-release-ns-values.yaml | 0 .../ci-lint => ci/rstudio-launcher-rbac/lint}/no-sa-values.yaml | 0 .../ci-lint => ci/rstudio-launcher-rbac/lint}/simple-values.yaml | 0 .../ci-install => ci/rstudio-pm/install}/basic-values.yaml | 0 {charts/rstudio-pm/ci-lint => ci/rstudio-pm/lint}/all-values.yaml | 0 .../rstudio-pm/ci-lint => ci/rstudio-pm/lint}/empty-values.yaml | 0 .../rstudio-pm/ci-lint => ci/rstudio-pm/lint}/ingress-values.yaml | 0 .../ci-lint => ci/rstudio-pm/lint}/ingress2-values.yaml | 0 .../rstudio-pm/ci-lint => ci/rstudio-pm/lint}/simple-values.yaml | 0 .../ci-install => ci/rstudio-workbench/install}/basic-values.yaml | 0 .../ci-lint => ci/rstudio-workbench/lint}/complex-values.yaml | 0 .../ci-lint => ci/rstudio-workbench/lint}/default-sa-values.yaml | 0 .../ci-lint => ci/rstudio-workbench/lint}/empty-values.yaml | 0 .../ci-lint => ci/rstudio-workbench/lint}/ingress-values.yaml | 0 .../ci-lint => ci/rstudio-workbench/lint}/ingress2-values.yaml | 0 .../rstudio-workbench/lint}/launcher-template-values.yaml | 0 .../rstudio-workbench/lint}/license-file-secret-values.yaml | 0 .../rstudio-workbench/lint}/license-file-values.yaml | 0 .../rstudio-workbench/lint}/license-server-values.yaml | 0 .../ci-lint => ci/rstudio-workbench/lint}/license-values.yaml | 0 .../rstudio-workbench/lint}/other-complex-values.yaml | 0 .../rstudio-workbench/lint}/overrides-values-new.yaml | 0 .../ci-lint => ci/rstudio-workbench/lint}/overrides-values.yaml | 0 .../rstudio-workbench/lint}/simple-profiles-values.yaml | 0 .../ci-lint => ci/rstudio-workbench/lint}/simple-values.yaml | 0 46 files changed, 0 insertions(+), 0 deletions(-) rename {charts/posit-chronicle/ci-install => ci/posit-chronicle/install}/basic-values.yaml (100%) rename {charts/posit-chronicle/ci-lint => ci/posit-chronicle/lint}/complex-values.yaml (100%) rename {charts/posit-chronicle/ci-lint => ci/posit-chronicle/lint}/empty-values.yaml (100%) rename {charts/posit-chronicle/ci-lint => ci/posit-chronicle/lint}/no-local-storage-values.yaml (100%) rename {charts/posit-chronicle/ci-lint => ci/posit-chronicle/lint}/simple-values.yaml (100%) rename {charts/rstudio-connect/ci-install => ci/rstudio-connect/install}/basic-values.yaml (100%) rename {charts/rstudio-connect/ci-lint => ci/rstudio-connect/lint}/complex-values.yaml (100%) rename {charts/rstudio-connect/ci-lint => ci/rstudio-connect/lint}/deprecated-values.yaml (100%) rename {charts/rstudio-connect/ci-lint => ci/rstudio-connect/lint}/empty-values.yaml (100%) rename {charts/rstudio-connect/ci-lint => ci/rstudio-connect/lint}/ingress-values.yaml (100%) rename {charts/rstudio-connect/ci-lint => ci/rstudio-connect/lint}/ingress2-values.yaml (100%) rename {charts/rstudio-connect/ci-lint => ci/rstudio-connect/lint}/launcher-advanced-values.yaml (100%) rename {charts/rstudio-connect/ci-lint => ci/rstudio-connect/lint}/launcher-advanced2-values.yaml (100%) rename {charts/rstudio-connect/ci-lint => ci/rstudio-connect/lint}/launcher-advanced3-values.yaml (100%) rename {charts/rstudio-connect/ci-lint => ci/rstudio-connect/lint}/launcher-template-values.yaml (100%) rename {charts/rstudio-connect/ci-lint => ci/rstudio-connect/lint}/launcher-values.yaml (100%) rename {charts/rstudio-connect/ci-lint => ci/rstudio-connect/lint}/simple-values.yaml (100%) rename {charts/rstudio-launcher-rbac/ci-install => ci/rstudio-launcher-rbac/install}/empty-values.yaml (100%) rename {charts/rstudio-launcher-rbac/ci-lint => ci/rstudio-launcher-rbac/lint}/all-values.yaml (100%) rename {charts/rstudio-launcher-rbac/ci-lint => ci/rstudio-launcher-rbac/lint}/empty-values.yaml (100%) rename {charts/rstudio-launcher-rbac/ci-lint => ci/rstudio-launcher-rbac/lint}/just-yaml-values.yaml (100%) rename {charts/rstudio-launcher-rbac/ci-lint => ci/rstudio-launcher-rbac/lint}/no-release-ns-values.yaml (100%) rename {charts/rstudio-launcher-rbac/ci-lint => ci/rstudio-launcher-rbac/lint}/no-sa-values.yaml (100%) rename {charts/rstudio-launcher-rbac/ci-lint => ci/rstudio-launcher-rbac/lint}/simple-values.yaml (100%) rename {charts/rstudio-pm/ci-install => ci/rstudio-pm/install}/basic-values.yaml (100%) rename {charts/rstudio-pm/ci-lint => ci/rstudio-pm/lint}/all-values.yaml (100%) rename {charts/rstudio-pm/ci-lint => ci/rstudio-pm/lint}/empty-values.yaml (100%) rename {charts/rstudio-pm/ci-lint => ci/rstudio-pm/lint}/ingress-values.yaml (100%) rename {charts/rstudio-pm/ci-lint => ci/rstudio-pm/lint}/ingress2-values.yaml (100%) rename {charts/rstudio-pm/ci-lint => ci/rstudio-pm/lint}/simple-values.yaml (100%) rename {charts/rstudio-workbench/ci-install => ci/rstudio-workbench/install}/basic-values.yaml (100%) rename {charts/rstudio-workbench/ci-lint => ci/rstudio-workbench/lint}/complex-values.yaml (100%) rename {charts/rstudio-workbench/ci-lint => ci/rstudio-workbench/lint}/default-sa-values.yaml (100%) rename {charts/rstudio-workbench/ci-lint => ci/rstudio-workbench/lint}/empty-values.yaml (100%) rename {charts/rstudio-workbench/ci-lint => ci/rstudio-workbench/lint}/ingress-values.yaml (100%) rename {charts/rstudio-workbench/ci-lint => ci/rstudio-workbench/lint}/ingress2-values.yaml (100%) rename {charts/rstudio-workbench/ci-lint => ci/rstudio-workbench/lint}/launcher-template-values.yaml (100%) rename {charts/rstudio-workbench/ci-lint => ci/rstudio-workbench/lint}/license-file-secret-values.yaml (100%) rename {charts/rstudio-workbench/ci-lint => ci/rstudio-workbench/lint}/license-file-values.yaml (100%) rename {charts/rstudio-workbench/ci-lint => ci/rstudio-workbench/lint}/license-server-values.yaml (100%) rename {charts/rstudio-workbench/ci-lint => ci/rstudio-workbench/lint}/license-values.yaml (100%) rename {charts/rstudio-workbench/ci-lint => ci/rstudio-workbench/lint}/other-complex-values.yaml (100%) rename {charts/rstudio-workbench/ci-lint => ci/rstudio-workbench/lint}/overrides-values-new.yaml (100%) rename {charts/rstudio-workbench/ci-lint => ci/rstudio-workbench/lint}/overrides-values.yaml (100%) rename {charts/rstudio-workbench/ci-lint => ci/rstudio-workbench/lint}/simple-profiles-values.yaml (100%) rename {charts/rstudio-workbench/ci-lint => ci/rstudio-workbench/lint}/simple-values.yaml (100%) diff --git a/charts/posit-chronicle/ci-install/basic-values.yaml b/ci/posit-chronicle/install/basic-values.yaml similarity index 100% rename from charts/posit-chronicle/ci-install/basic-values.yaml rename to ci/posit-chronicle/install/basic-values.yaml diff --git a/charts/posit-chronicle/ci-lint/complex-values.yaml b/ci/posit-chronicle/lint/complex-values.yaml similarity index 100% rename from charts/posit-chronicle/ci-lint/complex-values.yaml rename to ci/posit-chronicle/lint/complex-values.yaml diff --git a/charts/posit-chronicle/ci-lint/empty-values.yaml b/ci/posit-chronicle/lint/empty-values.yaml similarity index 100% rename from charts/posit-chronicle/ci-lint/empty-values.yaml rename to ci/posit-chronicle/lint/empty-values.yaml diff --git a/charts/posit-chronicle/ci-lint/no-local-storage-values.yaml b/ci/posit-chronicle/lint/no-local-storage-values.yaml similarity index 100% rename from charts/posit-chronicle/ci-lint/no-local-storage-values.yaml rename to ci/posit-chronicle/lint/no-local-storage-values.yaml diff --git a/charts/posit-chronicle/ci-lint/simple-values.yaml b/ci/posit-chronicle/lint/simple-values.yaml similarity index 100% rename from charts/posit-chronicle/ci-lint/simple-values.yaml rename to ci/posit-chronicle/lint/simple-values.yaml diff --git a/charts/rstudio-connect/ci-install/basic-values.yaml b/ci/rstudio-connect/install/basic-values.yaml similarity index 100% rename from charts/rstudio-connect/ci-install/basic-values.yaml rename to ci/rstudio-connect/install/basic-values.yaml diff --git a/charts/rstudio-connect/ci-lint/complex-values.yaml b/ci/rstudio-connect/lint/complex-values.yaml similarity index 100% rename from charts/rstudio-connect/ci-lint/complex-values.yaml rename to ci/rstudio-connect/lint/complex-values.yaml diff --git a/charts/rstudio-connect/ci-lint/deprecated-values.yaml b/ci/rstudio-connect/lint/deprecated-values.yaml similarity index 100% rename from charts/rstudio-connect/ci-lint/deprecated-values.yaml rename to ci/rstudio-connect/lint/deprecated-values.yaml diff --git a/charts/rstudio-connect/ci-lint/empty-values.yaml b/ci/rstudio-connect/lint/empty-values.yaml similarity index 100% rename from charts/rstudio-connect/ci-lint/empty-values.yaml rename to ci/rstudio-connect/lint/empty-values.yaml diff --git a/charts/rstudio-connect/ci-lint/ingress-values.yaml b/ci/rstudio-connect/lint/ingress-values.yaml similarity index 100% rename from charts/rstudio-connect/ci-lint/ingress-values.yaml rename to ci/rstudio-connect/lint/ingress-values.yaml diff --git a/charts/rstudio-connect/ci-lint/ingress2-values.yaml b/ci/rstudio-connect/lint/ingress2-values.yaml similarity index 100% rename from charts/rstudio-connect/ci-lint/ingress2-values.yaml rename to ci/rstudio-connect/lint/ingress2-values.yaml diff --git a/charts/rstudio-connect/ci-lint/launcher-advanced-values.yaml b/ci/rstudio-connect/lint/launcher-advanced-values.yaml similarity index 100% rename from charts/rstudio-connect/ci-lint/launcher-advanced-values.yaml rename to ci/rstudio-connect/lint/launcher-advanced-values.yaml diff --git a/charts/rstudio-connect/ci-lint/launcher-advanced2-values.yaml b/ci/rstudio-connect/lint/launcher-advanced2-values.yaml similarity index 100% rename from charts/rstudio-connect/ci-lint/launcher-advanced2-values.yaml rename to ci/rstudio-connect/lint/launcher-advanced2-values.yaml diff --git a/charts/rstudio-connect/ci-lint/launcher-advanced3-values.yaml b/ci/rstudio-connect/lint/launcher-advanced3-values.yaml similarity index 100% rename from charts/rstudio-connect/ci-lint/launcher-advanced3-values.yaml rename to ci/rstudio-connect/lint/launcher-advanced3-values.yaml diff --git a/charts/rstudio-connect/ci-lint/launcher-template-values.yaml b/ci/rstudio-connect/lint/launcher-template-values.yaml similarity index 100% rename from charts/rstudio-connect/ci-lint/launcher-template-values.yaml rename to ci/rstudio-connect/lint/launcher-template-values.yaml diff --git a/charts/rstudio-connect/ci-lint/launcher-values.yaml b/ci/rstudio-connect/lint/launcher-values.yaml similarity index 100% rename from charts/rstudio-connect/ci-lint/launcher-values.yaml rename to ci/rstudio-connect/lint/launcher-values.yaml diff --git a/charts/rstudio-connect/ci-lint/simple-values.yaml b/ci/rstudio-connect/lint/simple-values.yaml similarity index 100% rename from charts/rstudio-connect/ci-lint/simple-values.yaml rename to ci/rstudio-connect/lint/simple-values.yaml diff --git a/charts/rstudio-launcher-rbac/ci-install/empty-values.yaml b/ci/rstudio-launcher-rbac/install/empty-values.yaml similarity index 100% rename from charts/rstudio-launcher-rbac/ci-install/empty-values.yaml rename to ci/rstudio-launcher-rbac/install/empty-values.yaml diff --git a/charts/rstudio-launcher-rbac/ci-lint/all-values.yaml b/ci/rstudio-launcher-rbac/lint/all-values.yaml similarity index 100% rename from charts/rstudio-launcher-rbac/ci-lint/all-values.yaml rename to ci/rstudio-launcher-rbac/lint/all-values.yaml diff --git a/charts/rstudio-launcher-rbac/ci-lint/empty-values.yaml b/ci/rstudio-launcher-rbac/lint/empty-values.yaml similarity index 100% rename from charts/rstudio-launcher-rbac/ci-lint/empty-values.yaml rename to ci/rstudio-launcher-rbac/lint/empty-values.yaml diff --git a/charts/rstudio-launcher-rbac/ci-lint/just-yaml-values.yaml b/ci/rstudio-launcher-rbac/lint/just-yaml-values.yaml similarity index 100% rename from charts/rstudio-launcher-rbac/ci-lint/just-yaml-values.yaml rename to ci/rstudio-launcher-rbac/lint/just-yaml-values.yaml diff --git a/charts/rstudio-launcher-rbac/ci-lint/no-release-ns-values.yaml b/ci/rstudio-launcher-rbac/lint/no-release-ns-values.yaml similarity index 100% rename from charts/rstudio-launcher-rbac/ci-lint/no-release-ns-values.yaml rename to ci/rstudio-launcher-rbac/lint/no-release-ns-values.yaml diff --git a/charts/rstudio-launcher-rbac/ci-lint/no-sa-values.yaml b/ci/rstudio-launcher-rbac/lint/no-sa-values.yaml similarity index 100% rename from charts/rstudio-launcher-rbac/ci-lint/no-sa-values.yaml rename to ci/rstudio-launcher-rbac/lint/no-sa-values.yaml diff --git a/charts/rstudio-launcher-rbac/ci-lint/simple-values.yaml b/ci/rstudio-launcher-rbac/lint/simple-values.yaml similarity index 100% rename from charts/rstudio-launcher-rbac/ci-lint/simple-values.yaml rename to ci/rstudio-launcher-rbac/lint/simple-values.yaml diff --git a/charts/rstudio-pm/ci-install/basic-values.yaml b/ci/rstudio-pm/install/basic-values.yaml similarity index 100% rename from charts/rstudio-pm/ci-install/basic-values.yaml rename to ci/rstudio-pm/install/basic-values.yaml diff --git a/charts/rstudio-pm/ci-lint/all-values.yaml b/ci/rstudio-pm/lint/all-values.yaml similarity index 100% rename from charts/rstudio-pm/ci-lint/all-values.yaml rename to ci/rstudio-pm/lint/all-values.yaml diff --git a/charts/rstudio-pm/ci-lint/empty-values.yaml b/ci/rstudio-pm/lint/empty-values.yaml similarity index 100% rename from charts/rstudio-pm/ci-lint/empty-values.yaml rename to ci/rstudio-pm/lint/empty-values.yaml diff --git a/charts/rstudio-pm/ci-lint/ingress-values.yaml b/ci/rstudio-pm/lint/ingress-values.yaml similarity index 100% rename from charts/rstudio-pm/ci-lint/ingress-values.yaml rename to ci/rstudio-pm/lint/ingress-values.yaml diff --git a/charts/rstudio-pm/ci-lint/ingress2-values.yaml b/ci/rstudio-pm/lint/ingress2-values.yaml similarity index 100% rename from charts/rstudio-pm/ci-lint/ingress2-values.yaml rename to ci/rstudio-pm/lint/ingress2-values.yaml diff --git a/charts/rstudio-pm/ci-lint/simple-values.yaml b/ci/rstudio-pm/lint/simple-values.yaml similarity index 100% rename from charts/rstudio-pm/ci-lint/simple-values.yaml rename to ci/rstudio-pm/lint/simple-values.yaml diff --git a/charts/rstudio-workbench/ci-install/basic-values.yaml b/ci/rstudio-workbench/install/basic-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci-install/basic-values.yaml rename to ci/rstudio-workbench/install/basic-values.yaml diff --git a/charts/rstudio-workbench/ci-lint/complex-values.yaml b/ci/rstudio-workbench/lint/complex-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci-lint/complex-values.yaml rename to ci/rstudio-workbench/lint/complex-values.yaml diff --git a/charts/rstudio-workbench/ci-lint/default-sa-values.yaml b/ci/rstudio-workbench/lint/default-sa-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci-lint/default-sa-values.yaml rename to ci/rstudio-workbench/lint/default-sa-values.yaml diff --git a/charts/rstudio-workbench/ci-lint/empty-values.yaml b/ci/rstudio-workbench/lint/empty-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci-lint/empty-values.yaml rename to ci/rstudio-workbench/lint/empty-values.yaml diff --git a/charts/rstudio-workbench/ci-lint/ingress-values.yaml b/ci/rstudio-workbench/lint/ingress-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci-lint/ingress-values.yaml rename to ci/rstudio-workbench/lint/ingress-values.yaml diff --git a/charts/rstudio-workbench/ci-lint/ingress2-values.yaml b/ci/rstudio-workbench/lint/ingress2-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci-lint/ingress2-values.yaml rename to ci/rstudio-workbench/lint/ingress2-values.yaml diff --git a/charts/rstudio-workbench/ci-lint/launcher-template-values.yaml b/ci/rstudio-workbench/lint/launcher-template-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci-lint/launcher-template-values.yaml rename to ci/rstudio-workbench/lint/launcher-template-values.yaml diff --git a/charts/rstudio-workbench/ci-lint/license-file-secret-values.yaml b/ci/rstudio-workbench/lint/license-file-secret-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci-lint/license-file-secret-values.yaml rename to ci/rstudio-workbench/lint/license-file-secret-values.yaml diff --git a/charts/rstudio-workbench/ci-lint/license-file-values.yaml b/ci/rstudio-workbench/lint/license-file-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci-lint/license-file-values.yaml rename to ci/rstudio-workbench/lint/license-file-values.yaml diff --git a/charts/rstudio-workbench/ci-lint/license-server-values.yaml b/ci/rstudio-workbench/lint/license-server-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci-lint/license-server-values.yaml rename to ci/rstudio-workbench/lint/license-server-values.yaml diff --git a/charts/rstudio-workbench/ci-lint/license-values.yaml b/ci/rstudio-workbench/lint/license-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci-lint/license-values.yaml rename to ci/rstudio-workbench/lint/license-values.yaml diff --git a/charts/rstudio-workbench/ci-lint/other-complex-values.yaml b/ci/rstudio-workbench/lint/other-complex-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci-lint/other-complex-values.yaml rename to ci/rstudio-workbench/lint/other-complex-values.yaml diff --git a/charts/rstudio-workbench/ci-lint/overrides-values-new.yaml b/ci/rstudio-workbench/lint/overrides-values-new.yaml similarity index 100% rename from charts/rstudio-workbench/ci-lint/overrides-values-new.yaml rename to ci/rstudio-workbench/lint/overrides-values-new.yaml diff --git a/charts/rstudio-workbench/ci-lint/overrides-values.yaml b/ci/rstudio-workbench/lint/overrides-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci-lint/overrides-values.yaml rename to ci/rstudio-workbench/lint/overrides-values.yaml diff --git a/charts/rstudio-workbench/ci-lint/simple-profiles-values.yaml b/ci/rstudio-workbench/lint/simple-profiles-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci-lint/simple-profiles-values.yaml rename to ci/rstudio-workbench/lint/simple-profiles-values.yaml diff --git a/charts/rstudio-workbench/ci-lint/simple-values.yaml b/ci/rstudio-workbench/lint/simple-values.yaml similarity index 100% rename from charts/rstudio-workbench/ci-lint/simple-values.yaml rename to ci/rstudio-workbench/lint/simple-values.yaml From 89b5ed1e94bd47e1ced795e560c48f09787047df Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 16 Oct 2024 11:42:55 -0400 Subject: [PATCH 180/284] Update the steps to symlink to the new locations --- .github/workflows/chart-test.yaml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index 589c7b88..8f6b01dc 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -30,8 +30,10 @@ jobs: - name: Symlink ci-lint -> ci run: | for dir in charts/*/; do - if [[ -d $dir/ci-lint ]]; then - ln -s ./ci-lint $dir/ci + dir=${dir%*/} + dir=${dir##*/} + if [[ -d ci/${dir}/lint ]]; then + ln -s ../../ci/${dir}/lint charts/${dir}/ci fi done @@ -102,8 +104,10 @@ jobs: - name: Symlink ci-install -> ci run: | for dir in charts/*/; do - if [[ -d $dir/ci-install ]]; then - ln -s ./ci-install $dir/ci + dir=${dir%*/} + dir=${dir##*/} + if [[ -d ci/${dir}/install ]]; then + ln -s ../../ci/${dir}/install charts/${dir}/cig fi done From 3e67ce8326720ae2b31be8d1ec495e0757dea9d1 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 16 Oct 2024 11:46:59 -0400 Subject: [PATCH 181/284] Update the news to reflect the removal of from the directory structure --- charts/posit-chronicle/NEWS.md | 2 +- charts/rstudio-connect/NEWS.md | 2 +- charts/rstudio-launcher-rbac/NEWS.md | 2 +- charts/rstudio-pm/NEWS.md | 2 +- charts/rstudio-workbench/NEWS.md | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/posit-chronicle/NEWS.md b/charts/posit-chronicle/NEWS.md index f47c16ab..8d8fa7e0 100644 --- a/charts/posit-chronicle/NEWS.md +++ b/charts/posit-chronicle/NEWS.md @@ -2,7 +2,7 @@ ## 0.3.3 -- Changes to the values files for linting and installation testing +- Move the values files for linting and installation testing outside the chart directory ## 0.3.2 diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index 7d7a767e..0c9f2907 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -2,7 +2,7 @@ ## 0.7.11 -- Changes to the values files for linting and installation testing +- Move the values files for linting and installation testing outside the chart directory ## 0.7.10 diff --git a/charts/rstudio-launcher-rbac/NEWS.md b/charts/rstudio-launcher-rbac/NEWS.md index 11527516..e5d7a990 100644 --- a/charts/rstudio-launcher-rbac/NEWS.md +++ b/charts/rstudio-launcher-rbac/NEWS.md @@ -2,7 +2,7 @@ ## 0.2.22 -- Changes to the values files for linting and installation testing +- Move the values files for linting and installation testing outside the chart directory ## 0.2.21 diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index ee9c0171..db1add67 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -2,7 +2,7 @@ ## 0.5.38 -- Changes to the values files for linting and installation testing +- Move the values files for linting and installation testing outside the chart directory ## 0.5.37 diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index ad4495f0..9fcaf2d4 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -2,7 +2,7 @@ ## 0.8.4 -- Changes to the values files for linting and installation testing +- Move the values files for linting and installation testing outside the chart directory ## 0.8.3 From e04fd6078e653d5d4d873561cda64ef15d0e51ab Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 16 Oct 2024 11:48:06 -0400 Subject: [PATCH 182/284] remove spurious g --- .github/workflows/chart-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index 8f6b01dc..c54403cf 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -107,7 +107,7 @@ jobs: dir=${dir%*/} dir=${dir##*/} if [[ -d ci/${dir}/install ]]; then - ln -s ../../ci/${dir}/install charts/${dir}/cig + ln -s ../../ci/${dir}/install charts/${dir}/ci fi done From 8a24faece9c035a93978ef1f84209219cc209dec Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 16 Oct 2024 14:33:35 -0400 Subject: [PATCH 183/284] PR feedback on NEWS.md --- charts/posit-chronicle/NEWS.md | 2 +- charts/rstudio-connect/NEWS.md | 2 +- charts/rstudio-launcher-rbac/NEWS.md | 2 +- charts/rstudio-pm/NEWS.md | 2 +- charts/rstudio-workbench/NEWS.md | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/posit-chronicle/NEWS.md b/charts/posit-chronicle/NEWS.md index 8d8fa7e0..fea0ba17 100644 --- a/charts/posit-chronicle/NEWS.md +++ b/charts/posit-chronicle/NEWS.md @@ -2,7 +2,7 @@ ## 0.3.3 -- Move the values files for linting and installation testing outside the chart directory +- Move the values files for linting and installation testing outside the chart directory so that we can iterate on them without releasing a new version of the chart ## 0.3.2 diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index 0c9f2907..0de635c4 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -2,7 +2,7 @@ ## 0.7.11 -- Move the values files for linting and installation testing outside the chart directory +- Move the values files for linting and installation testing outside the chart directory so that we can iterate on them without releasing a new version of the chart ## 0.7.10 diff --git a/charts/rstudio-launcher-rbac/NEWS.md b/charts/rstudio-launcher-rbac/NEWS.md index e5d7a990..76e0a2bc 100644 --- a/charts/rstudio-launcher-rbac/NEWS.md +++ b/charts/rstudio-launcher-rbac/NEWS.md @@ -2,7 +2,7 @@ ## 0.2.22 -- Move the values files for linting and installation testing outside the chart directory +- Move the values files for linting and installation testing outside the chart directory so that we can iterate on them without releasing a new version of the chart ## 0.2.21 diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index db1add67..fa11472c 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -2,7 +2,7 @@ ## 0.5.38 -- Move the values files for linting and installation testing outside the chart directory +- Move the values files for linting and installation testing outside the chart directory so that we can iterate on them without releasing a new version of the chart ## 0.5.37 diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index 9fcaf2d4..5b4d9e75 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -2,7 +2,7 @@ ## 0.8.4 -- Move the values files for linting and installation testing outside the chart directory +- Move the values files for linting and installation testing outside the chart directory so that we can iterate on them without releasing a new version of the chart ## 0.8.3 From 2cfef471ec30c0323a1d0bc6d4022742232c7cfe Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 16 Oct 2024 14:50:44 -0400 Subject: [PATCH 184/284] Loop through the ci dir instead of charts dir --- .github/workflows/chart-test.yaml | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index c54403cf..c2962d8f 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -29,12 +29,10 @@ jobs: - name: Symlink ci-lint -> ci run: | - for dir in charts/*/; do - dir=${dir%*/} - dir=${dir##*/} - if [[ -d ci/${dir}/lint ]]; then - ln -s ../../ci/${dir}/lint charts/${dir}/ci - fi + for dir in ci/*/lint; do + dir=${dir#ci/} + dir=${dir%/lint} + ln -s ../../ci/${dir}/lint charts/${dir}/ci done - name: Run chart-testing (list-changed) @@ -103,12 +101,10 @@ jobs: - name: Symlink ci-install -> ci run: | - for dir in charts/*/; do - dir=${dir%*/} - dir=${dir##*/} - if [[ -d ci/${dir}/install ]]; then - ln -s ../../ci/${dir}/install charts/${dir}/ci - fi + for dir in ci/*/install; do + dir=${dir#ci/} + dir=${dir%/install} + ln -s ../../ci/${dir}/install charts/${dir}/ci done - name: Run chart-testing (list-changed) From 42cc879597314fe868a9db2c957cb40536712785 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 16 Oct 2024 15:40:52 -0400 Subject: [PATCH 185/284] Exclude rstudio-library, you cannot install library charts --- .github/workflows/chart-test.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index c2962d8f..3a3760ae 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -129,14 +129,14 @@ jobs: - name: Run chart-testing (install changed) id: ct-install if: ${{ github.ref != 'refs/heads/main' && steps.list-changed.outputs.changed == 'true' }} - run: ct install --target-branch main --chart-dirs charts --chart-dirs other-charts + run: ct install --target-branch main --chart-dirs charts --chart-dirs other-charts --excluded-charts charts/rstudio-library continue-on-error: true # no allow-failure until https://github.com/actions/toolkit/issues/399 - name: Run chart-testing (install all) id: ct-install-all if: ${{ github.ref == 'refs/heads/main' }} - run: ct install --target-branch main --all --chart-dirs charts --chart-dirs other-charts + run: ct install --target-branch main --all --chart-dirs charts --chart-dirs other-charts --excluded-charts charts/rstudio-library continue-on-error: true - name: Notify Slack of chart install failure From b0cf15ffb3aa5447af2ff7971000e42a7f97edaf Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 16 Oct 2024 16:24:41 -0400 Subject: [PATCH 186/284] Doesn't need charts/ --- .github/workflows/chart-test.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index 3a3760ae..fbb87662 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -129,14 +129,14 @@ jobs: - name: Run chart-testing (install changed) id: ct-install if: ${{ github.ref != 'refs/heads/main' && steps.list-changed.outputs.changed == 'true' }} - run: ct install --target-branch main --chart-dirs charts --chart-dirs other-charts --excluded-charts charts/rstudio-library + run: ct install --target-branch main --chart-dirs charts --chart-dirs other-charts --excluded-charts rstudio-library continue-on-error: true # no allow-failure until https://github.com/actions/toolkit/issues/399 - name: Run chart-testing (install all) id: ct-install-all if: ${{ github.ref == 'refs/heads/main' }} - run: ct install --target-branch main --all --chart-dirs charts --chart-dirs other-charts --excluded-charts charts/rstudio-library + run: ct install --target-branch main --all --chart-dirs charts --chart-dirs other-charts --excluded-charts rstudio-library continue-on-error: true - name: Notify Slack of chart install failure From cc9602f4484ce567df4515ef12ba35d527f2ae50 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Thu, 17 Oct 2024 09:54:39 -0400 Subject: [PATCH 187/284] Post the lint results for changed charts to the PR --- .github/workflows/chart-test.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index fbb87662..861a8f2a 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -75,6 +75,19 @@ jobs: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + - name: Add linting results for changed charts to PR + if: github.event_name == 'pull_request' && steps.list-changed.outputs.changed == 'true' + uses: actions/github-script@v7 + with: + github-token: ${{secrets.GITHUB_TOKEN}} + script: | + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: `${{steps.ct-lint.outputs.result}}` + }) + - name: Fail the workflow if failed linting if: steps.ct-lint.outcome == 'failure' || steps.ct-lint-all.outcome == 'failure' run: exit 1 From 8590d48b4e9dc644695124b460183b851807c407 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Thu, 17 Oct 2024 10:24:23 -0400 Subject: [PATCH 188/284] Test the license-file-secret-values linting file with basic-values.yaml additions --- .../install/license-file-secret-values.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 ci/rstudio-workbench/install/license-file-secret-values.yaml diff --git a/ci/rstudio-workbench/install/license-file-secret-values.yaml b/ci/rstudio-workbench/install/license-file-secret-values.yaml new file mode 100644 index 00000000..7ed49fec --- /dev/null +++ b/ci/rstudio-workbench/install/license-file-secret-values.yaml @@ -0,0 +1,9 @@ +license: + file: + secret: some-secret + secretKey: my-license.lic + mountPath: "/etc/license/license.lic" + mountSubPath: "my-license.lic" + +readinessProbe: + enabled: false From 5edcca1066e2de0aaf4ae0b44a30acd6ee4ca277 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Thu, 17 Oct 2024 10:36:50 -0400 Subject: [PATCH 189/284] Do the install all tests if there are no changes, since now that our values files are not in the chart directories, we need to run install tests without any changes to the charts --- .github/workflows/chart-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index 861a8f2a..fdb8faed 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -148,7 +148,7 @@ jobs: # no allow-failure until https://github.com/actions/toolkit/issues/399 - name: Run chart-testing (install all) id: ct-install-all - if: ${{ github.ref == 'refs/heads/main' }} + if: ${{ github.ref == 'refs/heads/main' || steps.list-changed.outputs.changed != 'true' }} run: ct install --target-branch main --all --chart-dirs charts --chart-dirs other-charts --excluded-charts rstudio-library continue-on-error: true From 06cb8e5ad0d3507c1848c7505c0db35592858b5f Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Thu, 17 Oct 2024 10:40:30 -0400 Subject: [PATCH 190/284] Need the kind cluster in order to run tests --- .github/workflows/chart-test.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index fdb8faed..2b56499b 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -130,10 +130,8 @@ jobs: - name: Create kind cluster uses: helm/kind-action@v1.10.0 - if: ${{ steps.list-changed.outputs.changed == 'true' || github.ref == 'refs/heads/main' }} - name: Install SealedSecrets Helm Chart - if: ${{ steps.list-changed.outputs.changed == 'true' || github.ref == 'refs/heads/main' }} run: | helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets helm install sealed-secrets sealed-secrets/sealed-secrets From cacb294e71401fc85f168d5965aa2fc9bff719db Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Thu, 17 Oct 2024 10:41:22 -0400 Subject: [PATCH 191/284] Might as well just always run the install all test --- .github/workflows/chart-test.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index 2b56499b..12ce0dca 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -146,7 +146,6 @@ jobs: # no allow-failure until https://github.com/actions/toolkit/issues/399 - name: Run chart-testing (install all) id: ct-install-all - if: ${{ github.ref == 'refs/heads/main' || steps.list-changed.outputs.changed != 'true' }} run: ct install --target-branch main --all --chart-dirs charts --chart-dirs other-charts --excluded-charts rstudio-library continue-on-error: true From 37a9edf53cd08dcf26376501c3918940b8cee6a0 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Thu, 17 Oct 2024 11:06:51 -0400 Subject: [PATCH 192/284] would need to create a secret in the proper namespace with a valid license file, lets not try to do that right now --- .../install/license-file-secret-values.yaml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/ci/rstudio-workbench/install/license-file-secret-values.yaml b/ci/rstudio-workbench/install/license-file-secret-values.yaml index 7ed49fec..ec636415 100644 --- a/ci/rstudio-workbench/install/license-file-secret-values.yaml +++ b/ci/rstudio-workbench/install/license-file-secret-values.yaml @@ -1,9 +1,5 @@ license: - file: - secret: some-secret - secretKey: my-license.lic - mountPath: "/etc/license/license.lic" - mountSubPath: "my-license.lic" + key: test-license readinessProbe: enabled: false From 952c2f16ebd815a232f742ae2aeb0ab154c92796 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Thu, 17 Oct 2024 11:07:51 -0400 Subject: [PATCH 193/284] rename the license install test values file --- .../install/{license-file-secret-values.yaml => license-key.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename ci/rstudio-workbench/install/{license-file-secret-values.yaml => license-key.yaml} (100%) diff --git a/ci/rstudio-workbench/install/license-file-secret-values.yaml b/ci/rstudio-workbench/install/license-key.yaml similarity index 100% rename from ci/rstudio-workbench/install/license-file-secret-values.yaml rename to ci/rstudio-workbench/install/license-key.yaml From 661c3f4af7f796a82fa3cc053b1af344e5effcef Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Thu, 17 Oct 2024 11:21:09 -0400 Subject: [PATCH 194/284] The file name needs to end in -values.yaml --- .../install/{license-key.yaml => license-key-values.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename ci/rstudio-workbench/install/{license-key.yaml => license-key-values.yaml} (100%) diff --git a/ci/rstudio-workbench/install/license-key.yaml b/ci/rstudio-workbench/install/license-key-values.yaml similarity index 100% rename from ci/rstudio-workbench/install/license-key.yaml rename to ci/rstudio-workbench/install/license-key-values.yaml From 6f638c171b0c31b1967022c2c21b563019c93706 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 18 Oct 2024 10:38:41 -0400 Subject: [PATCH 195/284] Switch to installing all charts into the namespace. Create k8s secrets in the namespace for the license files for each product. Create those secrets from the repo secrets I created for each --- .github/workflows/chart-test.yaml | 19 +++++++++++++++++-- ci/rstudio-connect/install/basic-values.yaml | 6 ++++-- ci/rstudio-pm/install/basic-values.yaml | 6 ++++-- .../install/basic-values.yaml | 6 ++++-- .../install/license-key-values.yaml | 5 ----- 5 files changed, 29 insertions(+), 13 deletions(-) delete mode 100644 ci/rstudio-workbench/install/license-key-values.yaml diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index 12ce0dca..2058104b 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -136,17 +136,32 @@ jobs: helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets helm install sealed-secrets sealed-secrets/sealed-secrets + - name: Create posit-test namespace + run: kubectl create namespace posit-test + + - name: Create License File Secrets + run: | + echo "${{ secrets.PWB_LICENSE_FILE }}" > pwb.lic + kubectl create secret generic pwb-license --from-file=pwb.lic --namespace posit-test + rm pwb.lic + echo "${{ secrets.RSC_LICENSE_FILE }}" > rsc.lic + kubectl create secret generic rsc-license --from-file=rsc.lic --namespace posit-test + rm rsc.lic + echo "${{ secrets.PPM_LICENSE_FILE }}" > ppm.lic + kubeclt create secret generic ppm-license --from-file=ppm.lic --namespace posit-test + rm ppm.lic + # no allow-failure until https://github.com/actions/toolkit/issues/399 - name: Run chart-testing (install changed) id: ct-install if: ${{ github.ref != 'refs/heads/main' && steps.list-changed.outputs.changed == 'true' }} - run: ct install --target-branch main --chart-dirs charts --chart-dirs other-charts --excluded-charts rstudio-library + run: ct install --target-branch main --chart-dirs charts --chart-dirs other-charts --excluded-charts rstudio-library --namespace posit-test continue-on-error: true # no allow-failure until https://github.com/actions/toolkit/issues/399 - name: Run chart-testing (install all) id: ct-install-all - run: ct install --target-branch main --all --chart-dirs charts --chart-dirs other-charts --excluded-charts rstudio-library + run: ct install --target-branch main --all --chart-dirs charts --chart-dirs other-charts --excluded-charts rstudio-library --namespace posit-test continue-on-error: true - name: Notify Slack of chart install failure diff --git a/ci/rstudio-connect/install/basic-values.yaml b/ci/rstudio-connect/install/basic-values.yaml index 849e941b..7393ab45 100644 --- a/ci/rstudio-connect/install/basic-values.yaml +++ b/ci/rstudio-connect/install/basic-values.yaml @@ -1,2 +1,4 @@ -readinessProbe: - enabled: false +license: + file: + secret: rsc-license + secretKey: rsc.lic diff --git a/ci/rstudio-pm/install/basic-values.yaml b/ci/rstudio-pm/install/basic-values.yaml index 849e941b..e2f9ec51 100644 --- a/ci/rstudio-pm/install/basic-values.yaml +++ b/ci/rstudio-pm/install/basic-values.yaml @@ -1,2 +1,4 @@ -readinessProbe: - enabled: false +license: + file: + secret: ppm-license + secretKey: ppm.lic diff --git a/ci/rstudio-workbench/install/basic-values.yaml b/ci/rstudio-workbench/install/basic-values.yaml index 849e941b..ca1c194a 100644 --- a/ci/rstudio-workbench/install/basic-values.yaml +++ b/ci/rstudio-workbench/install/basic-values.yaml @@ -1,2 +1,4 @@ -readinessProbe: - enabled: false +license: + file: + secret: pwb-license + secretKey: pwb.lic diff --git a/ci/rstudio-workbench/install/license-key-values.yaml b/ci/rstudio-workbench/install/license-key-values.yaml deleted file mode 100644 index ec636415..00000000 --- a/ci/rstudio-workbench/install/license-key-values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -license: - key: test-license - -readinessProbe: - enabled: false From eda4ce1037b60edc116b2d3b66391976f635c405 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 18 Oct 2024 10:51:35 -0400 Subject: [PATCH 196/284] fix typo --- .github/workflows/chart-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index 2058104b..ed72074d 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -148,7 +148,7 @@ jobs: kubectl create secret generic rsc-license --from-file=rsc.lic --namespace posit-test rm rsc.lic echo "${{ secrets.PPM_LICENSE_FILE }}" > ppm.lic - kubeclt create secret generic ppm-license --from-file=ppm.lic --namespace posit-test + kubectl create secret generic ppm-license --from-file=ppm.lic --namespace posit-test rm ppm.lic # no allow-failure until https://github.com/actions/toolkit/issues/399 From 15eb49fc82137bd81091a8aa8554bf7e5b90c7b8 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 18 Oct 2024 11:05:19 -0400 Subject: [PATCH 197/284] It's now known as PCT not RSC --- .github/workflows/chart-test.yaml | 6 +++--- ci/rstudio-connect/install/basic-values.yaml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index ed72074d..c318a775 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -144,9 +144,9 @@ jobs: echo "${{ secrets.PWB_LICENSE_FILE }}" > pwb.lic kubectl create secret generic pwb-license --from-file=pwb.lic --namespace posit-test rm pwb.lic - echo "${{ secrets.RSC_LICENSE_FILE }}" > rsc.lic - kubectl create secret generic rsc-license --from-file=rsc.lic --namespace posit-test - rm rsc.lic + echo "${{ secrets.PCT_LICENSE_FILE }}" > pct.lic + kubectl create secret generic pct-license --from-file-pct.lic --namespace posit-test + rm pct.lic echo "${{ secrets.PPM_LICENSE_FILE }}" > ppm.lic kubectl create secret generic ppm-license --from-file=ppm.lic --namespace posit-test rm ppm.lic diff --git a/ci/rstudio-connect/install/basic-values.yaml b/ci/rstudio-connect/install/basic-values.yaml index 7393ab45..07ed08b3 100644 --- a/ci/rstudio-connect/install/basic-values.yaml +++ b/ci/rstudio-connect/install/basic-values.yaml @@ -1,4 +1,4 @@ license: file: - secret: rsc-license - secretKey: rsc.lic + secret: pct-license + secretKey: pct.lic From c0d1bcb24d4a77d92285ad8a67c591b83f03a778 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 18 Oct 2024 11:12:00 -0400 Subject: [PATCH 198/284] typos everywhere today --- .github/workflows/chart-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index c318a775..6ba75133 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -145,7 +145,7 @@ jobs: kubectl create secret generic pwb-license --from-file=pwb.lic --namespace posit-test rm pwb.lic echo "${{ secrets.PCT_LICENSE_FILE }}" > pct.lic - kubectl create secret generic pct-license --from-file-pct.lic --namespace posit-test + kubectl create secret generic pct-license --from-file=pct.lic --namespace posit-test rm pct.lic echo "${{ secrets.PPM_LICENSE_FILE }}" > ppm.lic kubectl create secret generic ppm-license --from-file=ppm.lic --namespace posit-test From 56d7f367eb03b3552ea8b1bc8a06b7c055435341 Mon Sep 17 00:00:00 2001 From: Tyler Finethy Date: Mon, 21 Oct 2024 10:52:46 -0400 Subject: [PATCH 199/284] Fix: Use `fsGroupChangePolicy` to prevent recursive perm changes (#592) * Fix: Use `fsGroupChangePolicy` to prevent recursive perm changes See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#configure-volume-permission-and-ownership-change-policy-for-pods for more information Refs: https://github.com/rstudio/package-manager/issues/14547 * Update helm-docs and README.md * NEWS: Add line item for the `fsGroupChangePolicy` change --------- Co-authored-by: GitHub Actions --- charts/rstudio-pm/Chart.yaml | 2 +- charts/rstudio-pm/NEWS.md | 6 ++++++ charts/rstudio-pm/README.md | 8 ++++---- charts/rstudio-pm/values.yaml | 1 + 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index 9c03d931..1bf0b64d 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-pm description: Official Helm chart for Posit Package Manager -version: 0.5.38 +version: 0.5.39 apiVersion: v2 appVersion: 2024.08.2 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index fa11472c..8c4d696b 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -1,5 +1,11 @@ # Changelog +## 0.5.39 + +- Add the `fsGroupChangePolicy: "OnRootMismatch"` default option to the pod's `securityContext`. This will only ensure + permissions and ownership change only if the permission and the ownership of root directory does not match with + expected permissions of the volume. + ## 0.5.38 - Move the values files for linting and installation testing outside the chart directory so that we can iterate on them without releasing a new version of the chart diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 7dee596b..07295a29 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,6 +1,6 @@ # Posit Package Manager -![Version: 0.5.38](https://img.shields.io/badge/Version-0.5.38-informational?style=flat-square) ![AppVersion: 2024.08.2](https://img.shields.io/badge/AppVersion-2024.08.2-informational?style=flat-square) +![Version: 0.5.39](https://img.shields.io/badge/Version-0.5.39-informational?style=flat-square) ![AppVersion: 2024.08.2](https://img.shields.io/badge/AppVersion-2024.08.2-informational?style=flat-square) #### _Official Helm chart for Posit Package Manager_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.5.38: +To install the chart with the release name `my-release` at version 0.5.39: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.38 +helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.39 ``` To explore other chart versions, look at: @@ -234,7 +234,7 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | pod.env | list | `[]` | env is an array of maps that is injected as-is into the "env:" component of the pod.container spec | | pod.labels | object | `{}` | Additional labels to add to the rstudio-pm pods | | pod.lifecycle | object | `{}` | Container [lifecycle hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/) | -| pod.securityContext | object | `{"fsGroup":999}` | the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the pod | +| pod.securityContext | object | `{"fsGroup":999,"fsGroupChangePolicy":"OnRootMismatch"}` | the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the pod | | pod.serviceAccountName | string | `""` | Deprecated, use `serviceAccount.name` instead | | pod.terminationGracePeriodSeconds | int | `120` | The termination grace period seconds allowed for the pod before shutdown | | pod.volumeMounts | list | `[]` | volumeMounts is an array of maps that is injected as-is into the "volumeMounts" component of the pod spec | diff --git a/charts/rstudio-pm/values.yaml b/charts/rstudio-pm/values.yaml index 7f539998..500daa34 100644 --- a/charts/rstudio-pm/values.yaml +++ b/charts/rstudio-pm/values.yaml @@ -127,6 +127,7 @@ pod: # -- the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the pod securityContext: fsGroup: 999 + fsGroupChangePolicy: "OnRootMismatch" # -- the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the main Package Manager container. Evaluated as a template. containerSecurityContext: runAsUser: 999 From 03c4bbf8eb35d1c12da05daed6451fcfa75469c2 Mon Sep 17 00:00:00 2001 From: David Kegley Date: Tue, 22 Oct 2024 10:31:20 -0400 Subject: [PATCH 200/284] Fix Connect pod service account override when launcher is enabled --- charts/rstudio-connect/templates/deployment.yaml | 2 +- charts/rstudio-connect/templates/rbac.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/rstudio-connect/templates/deployment.yaml b/charts/rstudio-connect/templates/deployment.yaml index 7b8bd460..e5b9a625 100644 --- a/charts/rstudio-connect/templates/deployment.yaml +++ b/charts/rstudio-connect/templates/deployment.yaml @@ -77,7 +77,7 @@ spec: * https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-multiple-service-accounts */}} {{- if and .Values.rbac.create .Values.launcher.enabled }} - {{ $serviceAccountName := default (default .Values.rbac.serviceAccount.name .Values.pod.serviceAccountName) (include "rstudio-connect.fullname" .) }} + {{ $serviceAccountName := default (include "rstudio-connect.fullname" .) .Values.rbac.serviceAccount.name }} serviceAccountName: {{ $serviceAccountName }} {{- else }} serviceAccountName: {{ .Values.rbac.serviceAccount.name | toString | quote }} diff --git a/charts/rstudio-connect/templates/rbac.yaml b/charts/rstudio-connect/templates/rbac.yaml index acd31626..bfb25325 100644 --- a/charts/rstudio-connect/templates/rbac.yaml +++ b/charts/rstudio-connect/templates/rbac.yaml @@ -1,7 +1,7 @@ {{- if and (.Values.rbac.create) (.Values.launcher.enabled) }} {{ $namespace := $.Release.Namespace }} {{ $targetNamespace := default $.Release.Namespace .Values.launcher.namespace }} -{{ $serviceAccountName := default .Values.rbac.serviceAccount.name (include "rstudio-connect.fullname" .) }} +{{ $serviceAccountName := default (include "rstudio-connect.fullname" .) .Values.rbac.serviceAccount.name }} {{ $serviceAccountCreate := .Values.rbac.serviceAccount.create }} {{ $serviceAccountAnnotations := .Values.rbac.serviceAccount.annotations }} {{ $serviceAccountLabels := .Values.rbac.serviceAccount.labels }} From 82a5fbf726598c54698ca3fac07b8c424a970ef1 Mon Sep 17 00:00:00 2001 From: David Kegley Date: Tue, 22 Oct 2024 10:33:12 -0400 Subject: [PATCH 201/284] Bump Connect chart version --- charts/rstudio-connect/Chart.yaml | 2 +- charts/rstudio-connect/NEWS.md | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index 2c500037..14b4ec2e 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.7.11 +version: 0.7.12 apiVersion: v2 appVersion: 2024.09.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index 0de635c4..a90e0d6e 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.7.12 + +- Fix a bug where `rbac.serviceAccount.name` was not applied when the job launcher is enabled. + ## 0.7.11 - Move the values files for linting and installation testing outside the chart directory so that we can iterate on them without releasing a new version of the chart From ce168650c985714e4c09476ec8dec2c603fb4d05 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 22 Oct 2024 14:34:45 +0000 Subject: [PATCH 202/284] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 68890be2..8ea201a6 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.7.11](https://img.shields.io/badge/Version-0.7.11-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) +![Version: 0.7.12](https://img.shields.io/badge/Version-0.7.12-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ @@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.11: +To install the chart with the release name `my-release` at version 0.7.12: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.11 +helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.12 ``` To explore other chart versions, look at: From 1949dc0909fabf2386b9670bd49510468d542162 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 23 Oct 2024 10:29:21 -0400 Subject: [PATCH 203/284] I forgot to add the result as a github actions output. --- .github/workflows/chart-test.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index 6ba75133..c6992ab3 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -46,7 +46,12 @@ jobs: - name: Run chart-testing (lint changed) id: ct-lint if: steps.list-changed.outputs.changed == 'true' - run: ct lint --target-branch main --chart-dirs charts --chart-dirs other-charts + run: | + { + echo 'result<> $GITHUB_OUTPUT continue-on-error: true - name: Run chart-testing (lint all) From 957e2557ce814459756dbcbbb43b9a2f1872c802 Mon Sep 17 00:00:00 2001 From: David Kegley Date: Wed, 23 Oct 2024 16:24:40 -0400 Subject: [PATCH 204/284] Add connect pod service account to lint values --- ci/rstudio-connect/lint/launcher-advanced-values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/ci/rstudio-connect/lint/launcher-advanced-values.yaml b/ci/rstudio-connect/lint/launcher-advanced-values.yaml index 5318e6d6..014df573 100644 --- a/ci/rstudio-connect/lint/launcher-advanced-values.yaml +++ b/ci/rstudio-connect/lint/launcher-advanced-values.yaml @@ -2,6 +2,7 @@ rbac: create: true serviceAccount: create: true + name: "connect-service-account" securityContext: null sharedStorage: create: true From 2905e476b5bac67579520040750b4a120950e739 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Mon, 28 Oct 2024 11:26:53 -0400 Subject: [PATCH 205/284] Do not post results to the PR. Without better sanitization of that output, it's breaking posting to the PR. We can revisit this later. --- .github/workflows/chart-test.yaml | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index c6992ab3..f0e1712c 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -46,12 +46,7 @@ jobs: - name: Run chart-testing (lint changed) id: ct-lint if: steps.list-changed.outputs.changed == 'true' - run: | - { - echo 'result<> $GITHUB_OUTPUT + run: ct lint --target-branch main --chart-dirs charts --chart-dirs other-charts continue-on-error: true - name: Run chart-testing (lint all) @@ -80,19 +75,6 @@ jobs: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK - - name: Add linting results for changed charts to PR - if: github.event_name == 'pull_request' && steps.list-changed.outputs.changed == 'true' - uses: actions/github-script@v7 - with: - github-token: ${{secrets.GITHUB_TOKEN}} - script: | - github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: `${{steps.ct-lint.outputs.result}}` - }) - - name: Fail the workflow if failed linting if: steps.ct-lint.outcome == 'failure' || steps.ct-lint-all.outcome == 'failure' run: exit 1 From c2183e63c89da541223226f3ed4ba7ce1c7cd1f4 Mon Sep 17 00:00:00 2001 From: David Kegley Date: Wed, 30 Oct 2024 12:57:08 -0400 Subject: [PATCH 206/284] Add helm unittesting scaffolds --- .github/workflows/chart-test.yaml | 22 +++++++++++++ .gitignore | 5 +++ CONTRIBUTING.md | 13 ++++++++ .../tests/service-accounts_test.yaml | 32 +++++++++++++++++++ 4 files changed, 72 insertions(+) create mode 100644 charts/rstudio-connect/tests/service-accounts_test.yaml diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index f0e1712c..a46ab3e7 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -79,6 +79,28 @@ jobs: if: steps.ct-lint.outcome == 'failure' || steps.ct-lint-all.outcome == 'failure' run: exit 1 + test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@v4.2.0 + with: + version: v3.6.3 + + - name: Install helm unittest plugin + run: helm plugin install --version v0.6.3 https://github.com/helm-unittest/helm-unittest.git + + - name: Run chart unit tests + run: | + for dir in $(ls -d charts/*/); do + helm unittest $dir + done + install: runs-on: ubuntu-latest steps: diff --git a/.gitignore b/.gitignore index fdc6c0f6..ba4ec178 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,10 @@ helm-docs charts/**/charts/ /*.values /.cr-release-packages + +# helm unittest plugin +__snapshot__ + bin/** !bin/README.md @@ -10,3 +14,4 @@ _site/ _publish.yml /.quarto/ + diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4e2cdce7..7aeba09d 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -34,6 +34,19 @@ We'll try to be as responsive as possible in reviewing and accepting pull reques - If `index.yaml` gets out of date on the repository, see [`./scripts/`](./scripts) for a workflow to fix +## Testing + +Running the [helm chart unit tests](https://github.com/helm-unittest/helm-unittest): + +``` +# install the unittest plugin +helm plugin install https://github.com/helm-unittest/helm-unittest.git + +# run the rstudio-connect chart unittests +# unit tests are defined in `charts/$CHART_NAME/tests` +helm unittest --color ./charts/rstudio-connect +``` + ## Templates The `rstudio-workbench` and `rstudio-connect` charts both make heavy use of the "templating" feature of the Posit Job diff --git a/charts/rstudio-connect/tests/service-accounts_test.yaml b/charts/rstudio-connect/tests/service-accounts_test.yaml new file mode 100644 index 00000000..9e68cc65 --- /dev/null +++ b/charts/rstudio-connect/tests/service-accounts_test.yaml @@ -0,0 +1,32 @@ +suite: Connect Service Accounts +templates: + - configmap.yaml + - configmap-prestart.yaml + - deployment.yaml +tests: + - it: should set the Connect pod service account when the launcher is enabled + template: deployment.yaml + set: + launcher: + enabled: true + rbac: + create: true + serviceAccount: + name: "connect-service-account" + asserts: + - equal: + path: "spec.template.spec.serviceAccountName" + value: "connect-service-account" + - it: should set the Connect pod service account when the launcher is not enabled + template: deployment.yaml + set: + launcher: + enabled: false + rbac: + create: true + serviceAccount: + name: "connect-service-account" + asserts: + - equal: + path: "spec.template.spec.serviceAccountName" + value: "connect-service-account" From edff9fdd1b75f7d06acbe49331014160cefa7442 Mon Sep 17 00:00:00 2001 From: David Kegley Date: Wed, 30 Oct 2024 13:05:18 -0400 Subject: [PATCH 207/284] Install chart dependencies before running tests --- .github/workflows/chart-test.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index a46ab3e7..91741df1 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -98,6 +98,7 @@ jobs: - name: Run chart unit tests run: | for dir in $(ls -d charts/*/); do + pushd $dir; helm dependencies update; popd helm unittest $dir done From edda2b0f81af6ed0bf88612617d14205c52c0c6e Mon Sep 17 00:00:00 2001 From: David Kegley Date: Wed, 30 Oct 2024 14:00:30 -0400 Subject: [PATCH 208/284] Bump chart version, add slack alerting --- .github/workflows/chart-test.yaml | 27 +++++++++++++++++++++++++++ charts/rstudio-connect/Chart.yaml | 2 +- charts/rstudio-connect/NEWS.md | 4 ++++ 3 files changed, 32 insertions(+), 1 deletion(-) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index 91741df1..20d46398 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -96,11 +96,38 @@ jobs: run: helm plugin install --version v0.6.3 https://github.com/helm-unittest/helm-unittest.git - name: Run chart unit tests + id: unittest run: | for dir in $(ls -d charts/*/); do pushd $dir; helm dependencies update; popd helm unittest $dir done + continue-on-error: true + + - name: Notify Slack of chart unittest failure + if: steps.unittest.outcome == 'failure' + uses: slackapi/slack-github-action@v1.27.0 + with: + payload-delimiter: "_" + payload: | + { + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Chart unit tests failed. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + } + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + + - name: Fail the workflow if failed unittest + if: steps.unittest.outcome == 'failure' + run: exit 1 install: runs-on: ubuntu-latest diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index 14b4ec2e..ba49a968 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.7.12 +version: 0.7.13 apiVersion: v2 appVersion: 2024.09.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index a90e0d6e..f55b69f0 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.7.13 + +- Add initial set of chart unit tests + ## 0.7.12 - Fix a bug where `rbac.serviceAccount.name` was not applied when the job launcher is enabled. From 605581b0c9888ee5beb6cf90e4837f18731e671b Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 30 Oct 2024 18:01:36 +0000 Subject: [PATCH 209/284] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 8ea201a6..c279d655 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.7.12](https://img.shields.io/badge/Version-0.7.12-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) +![Version: 0.7.13](https://img.shields.io/badge/Version-0.7.13-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ @@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.12: +To install the chart with the release name `my-release` at version 0.7.13: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.12 +helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.13 ``` To explore other chart versions, look at: From e5416824bcb79bedc906ab7ed5e621fbf497a428 Mon Sep 17 00:00:00 2001 From: David Kegley Date: Wed, 30 Oct 2024 15:40:40 -0400 Subject: [PATCH 210/284] Add tests/ directory to .helmignore for all charts; revert chart version bump --- charts/posit-chronicle/.helmignore | 3 +++ charts/rstudio-connect/.helmignore | 26 ++++++++++++++++++++++++ charts/rstudio-connect/Chart.yaml | 2 +- charts/rstudio-connect/NEWS.md | 4 ---- charts/rstudio-launcher-rbac/.helmignore | 3 +++ charts/rstudio-library/.helmignore | 3 +++ charts/rstudio-pm/.helmignore | 26 ++++++++++++++++++++++++ charts/rstudio-workbench/.helmignore | 3 +++ 8 files changed, 65 insertions(+), 5 deletions(-) create mode 100644 charts/rstudio-connect/.helmignore create mode 100644 charts/rstudio-pm/.helmignore diff --git a/charts/posit-chronicle/.helmignore b/charts/posit-chronicle/.helmignore index 0e8a0eb3..f70705f1 100644 --- a/charts/posit-chronicle/.helmignore +++ b/charts/posit-chronicle/.helmignore @@ -21,3 +21,6 @@ .idea/ *.tmproj .vscode/ + +# chart tests +tests/ diff --git a/charts/rstudio-connect/.helmignore b/charts/rstudio-connect/.helmignore new file mode 100644 index 00000000..f70705f1 --- /dev/null +++ b/charts/rstudio-connect/.helmignore @@ -0,0 +1,26 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ + +# chart tests +tests/ diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index ba49a968..14b4ec2e 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.7.13 +version: 0.7.12 apiVersion: v2 appVersion: 2024.09.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index f55b69f0..a90e0d6e 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,9 +1,5 @@ # Changelog -## 0.7.13 - -- Add initial set of chart unit tests - ## 0.7.12 - Fix a bug where `rbac.serviceAccount.name` was not applied when the job launcher is enabled. diff --git a/charts/rstudio-launcher-rbac/.helmignore b/charts/rstudio-launcher-rbac/.helmignore index 0e8a0eb3..f70705f1 100644 --- a/charts/rstudio-launcher-rbac/.helmignore +++ b/charts/rstudio-launcher-rbac/.helmignore @@ -21,3 +21,6 @@ .idea/ *.tmproj .vscode/ + +# chart tests +tests/ diff --git a/charts/rstudio-library/.helmignore b/charts/rstudio-library/.helmignore index 0e8a0eb3..f70705f1 100644 --- a/charts/rstudio-library/.helmignore +++ b/charts/rstudio-library/.helmignore @@ -21,3 +21,6 @@ .idea/ *.tmproj .vscode/ + +# chart tests +tests/ diff --git a/charts/rstudio-pm/.helmignore b/charts/rstudio-pm/.helmignore new file mode 100644 index 00000000..f70705f1 --- /dev/null +++ b/charts/rstudio-pm/.helmignore @@ -0,0 +1,26 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ + +# chart tests +tests/ diff --git a/charts/rstudio-workbench/.helmignore b/charts/rstudio-workbench/.helmignore index ed4080b1..1cbd52de 100644 --- a/charts/rstudio-workbench/.helmignore +++ b/charts/rstudio-workbench/.helmignore @@ -1,3 +1,6 @@ snapshot/ Makefile *.gotmpl + +# chart tests +tests/ From d49b78bd14f9eb65c5a3a9ea1c341cd89ea587fb Mon Sep 17 00:00:00 2001 From: David Kegley Date: Wed, 30 Oct 2024 15:49:24 -0400 Subject: [PATCH 211/284] Revert helmignore changes for other charts --- charts/posit-chronicle/.helmignore | 3 --- charts/rstudio-launcher-rbac/.helmignore | 3 --- charts/rstudio-library/.helmignore | 3 --- charts/rstudio-pm/.helmignore | 26 ------------------------ charts/rstudio-workbench/.helmignore | 3 --- 5 files changed, 38 deletions(-) delete mode 100644 charts/rstudio-pm/.helmignore diff --git a/charts/posit-chronicle/.helmignore b/charts/posit-chronicle/.helmignore index f70705f1..0e8a0eb3 100644 --- a/charts/posit-chronicle/.helmignore +++ b/charts/posit-chronicle/.helmignore @@ -21,6 +21,3 @@ .idea/ *.tmproj .vscode/ - -# chart tests -tests/ diff --git a/charts/rstudio-launcher-rbac/.helmignore b/charts/rstudio-launcher-rbac/.helmignore index f70705f1..0e8a0eb3 100644 --- a/charts/rstudio-launcher-rbac/.helmignore +++ b/charts/rstudio-launcher-rbac/.helmignore @@ -21,6 +21,3 @@ .idea/ *.tmproj .vscode/ - -# chart tests -tests/ diff --git a/charts/rstudio-library/.helmignore b/charts/rstudio-library/.helmignore index f70705f1..0e8a0eb3 100644 --- a/charts/rstudio-library/.helmignore +++ b/charts/rstudio-library/.helmignore @@ -21,6 +21,3 @@ .idea/ *.tmproj .vscode/ - -# chart tests -tests/ diff --git a/charts/rstudio-pm/.helmignore b/charts/rstudio-pm/.helmignore deleted file mode 100644 index f70705f1..00000000 --- a/charts/rstudio-pm/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ - -# chart tests -tests/ diff --git a/charts/rstudio-workbench/.helmignore b/charts/rstudio-workbench/.helmignore index 1cbd52de..ed4080b1 100644 --- a/charts/rstudio-workbench/.helmignore +++ b/charts/rstudio-workbench/.helmignore @@ -1,6 +1,3 @@ snapshot/ Makefile *.gotmpl - -# chart tests -tests/ From a290c2018216d36c9b156ac86a06d1c25e9deee8 Mon Sep 17 00:00:00 2001 From: David Kegley Date: Wed, 30 Oct 2024 15:50:12 -0400 Subject: [PATCH 212/284] Bump rstudio-connect chart version --- charts/rstudio-connect/Chart.yaml | 2 +- charts/rstudio-connect/NEWS.md | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index 14b4ec2e..ba49a968 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.7.12 +version: 0.7.13 apiVersion: v2 appVersion: 2024.09.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index a90e0d6e..fcd40905 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.7.13 + +- Add initial set of helm unit tests. + ## 0.7.12 - Fix a bug where `rbac.serviceAccount.name` was not applied when the job launcher is enabled. From 281b263adcb897e95cb1624e81b73116189f4253 Mon Sep 17 00:00:00 2001 From: David Kegley Date: Wed, 30 Oct 2024 16:05:08 -0400 Subject: [PATCH 213/284] Add helm unit tests scaffolding and bump all chart versions --- charts/posit-chronicle/.helmignore | 3 +++ charts/posit-chronicle/Chart.yaml | 2 +- charts/posit-chronicle/NEWS.md | 4 ++++ charts/rstudio-launcher-rbac/.helmignore | 3 +++ charts/rstudio-launcher-rbac/Chart.yaml | 2 +- charts/rstudio-launcher-rbac/NEWS.md | 4 ++++ charts/rstudio-library/.helmignore | 3 +++ charts/rstudio-library/Chart.yaml | 4 ++-- charts/rstudio-library/NEWS.md | 4 ++++ charts/rstudio-pm/.helmignore | 26 ++++++++++++++++++++++++ charts/rstudio-pm/Chart.yaml | 2 +- charts/rstudio-pm/NEWS.md | 4 ++++ charts/rstudio-workbench/.helmignore | 3 +++ charts/rstudio-workbench/Chart.yaml | 2 +- charts/rstudio-workbench/NEWS.md | 4 ++++ 15 files changed, 64 insertions(+), 6 deletions(-) create mode 100644 charts/rstudio-pm/.helmignore diff --git a/charts/posit-chronicle/.helmignore b/charts/posit-chronicle/.helmignore index 0e8a0eb3..f70705f1 100644 --- a/charts/posit-chronicle/.helmignore +++ b/charts/posit-chronicle/.helmignore @@ -21,3 +21,6 @@ .idea/ *.tmproj .vscode/ + +# chart tests +tests/ diff --git a/charts/posit-chronicle/Chart.yaml b/charts/posit-chronicle/Chart.yaml index 79fa54bd..1833080b 100644 --- a/charts/posit-chronicle/Chart.yaml +++ b/charts/posit-chronicle/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: posit-chronicle description: Official Helm chart for Posit Chronicle Server -version: 0.3.3 +version: 0.3.4 appVersion: 2024.09.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.posit.co diff --git a/charts/posit-chronicle/NEWS.md b/charts/posit-chronicle/NEWS.md index fea0ba17..89d2215b 100644 --- a/charts/posit-chronicle/NEWS.md +++ b/charts/posit-chronicle/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.3.4 + +- Add helm unit test scaffold. + ## 0.3.3 - Move the values files for linting and installation testing outside the chart directory so that we can iterate on them without releasing a new version of the chart diff --git a/charts/rstudio-launcher-rbac/.helmignore b/charts/rstudio-launcher-rbac/.helmignore index 0e8a0eb3..f70705f1 100644 --- a/charts/rstudio-launcher-rbac/.helmignore +++ b/charts/rstudio-launcher-rbac/.helmignore @@ -21,3 +21,6 @@ .idea/ *.tmproj .vscode/ + +# chart tests +tests/ diff --git a/charts/rstudio-launcher-rbac/Chart.yaml b/charts/rstudio-launcher-rbac/Chart.yaml index f57389d8..503bc537 100644 --- a/charts/rstudio-launcher-rbac/Chart.yaml +++ b/charts/rstudio-launcher-rbac/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: rstudio-launcher-rbac description: RBAC definition for the RStudio Job Launcher type: application -version: 0.2.22 +version: 0.2.23 appVersion: 0.2.21 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png sources: diff --git a/charts/rstudio-launcher-rbac/NEWS.md b/charts/rstudio-launcher-rbac/NEWS.md index 76e0a2bc..6563e816 100644 --- a/charts/rstudio-launcher-rbac/NEWS.md +++ b/charts/rstudio-launcher-rbac/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.2.23 + +- Add helm unit test scaffold. + ## 0.2.22 - Move the values files for linting and installation testing outside the chart directory so that we can iterate on them without releasing a new version of the chart diff --git a/charts/rstudio-library/.helmignore b/charts/rstudio-library/.helmignore index 0e8a0eb3..f70705f1 100644 --- a/charts/rstudio-library/.helmignore +++ b/charts/rstudio-library/.helmignore @@ -21,3 +21,6 @@ .idea/ *.tmproj .vscode/ + +# chart tests +tests/ diff --git a/charts/rstudio-library/Chart.yaml b/charts/rstudio-library/Chart.yaml index 5be0c871..c497be93 100644 --- a/charts/rstudio-library/Chart.yaml +++ b/charts/rstudio-library/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: rstudio-library description: Helm library helpers for use by official RStudio charts type: library -version: 0.1.30 -appVersion: 0.1.30 +version: 0.1.31 +appVersion: 0.1.31 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.rstudio.com diff --git a/charts/rstudio-library/NEWS.md b/charts/rstudio-library/NEWS.md index 0e68647c..109c8828 100644 --- a/charts/rstudio-library/NEWS.md +++ b/charts/rstudio-library/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.1.31 + +- Add helm unit test scaffold. + ## 0.1.30 - Documentation site updates diff --git a/charts/rstudio-pm/.helmignore b/charts/rstudio-pm/.helmignore new file mode 100644 index 00000000..f70705f1 --- /dev/null +++ b/charts/rstudio-pm/.helmignore @@ -0,0 +1,26 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ + +# chart tests +tests/ diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index 1bf0b64d..142748dc 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-pm description: Official Helm chart for Posit Package Manager -version: 0.5.39 +version: 0.5.40 apiVersion: v2 appVersion: 2024.08.2 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index 8c4d696b..952dcbf0 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.5.40 + +- Add helm unit test scaffold. + ## 0.5.39 - Add the `fsGroupChangePolicy: "OnRootMismatch"` default option to the pod's `securityContext`. This will only ensure diff --git a/charts/rstudio-workbench/.helmignore b/charts/rstudio-workbench/.helmignore index ed4080b1..1cbd52de 100644 --- a/charts/rstudio-workbench/.helmignore +++ b/charts/rstudio-workbench/.helmignore @@ -1,3 +1,6 @@ snapshot/ Makefile *.gotmpl + +# chart tests +tests/ diff --git a/charts/rstudio-workbench/Chart.yaml b/charts/rstudio-workbench/Chart.yaml index e90f0a65..7ef4294a 100644 --- a/charts/rstudio-workbench/Chart.yaml +++ b/charts/rstudio-workbench/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-workbench description: Official Helm chart for Posit Workbench -version: 0.8.4 +version: 0.8.5 apiVersion: v2 appVersion: 2024.09.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index 5b4d9e75..e8d4731f 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.8.5 + +- Add helm unit test scaffold. + ## 0.8.4 - Move the values files for linting and installation testing outside the chart directory so that we can iterate on them without releasing a new version of the chart From 67f9b65f14c2058d3766e66f3e7a64d83be29485 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 30 Oct 2024 20:06:20 +0000 Subject: [PATCH 214/284] Update helm-docs and README.md --- charts/posit-chronicle/README.md | 6 +++--- charts/rstudio-launcher-rbac/README.md | 6 +++--- charts/rstudio-library/README.md | 2 +- charts/rstudio-pm/README.md | 6 +++--- charts/rstudio-workbench/README.md | 6 +++--- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/charts/posit-chronicle/README.md b/charts/posit-chronicle/README.md index e90511e2..8e1bbb5d 100644 --- a/charts/posit-chronicle/README.md +++ b/charts/posit-chronicle/README.md @@ -1,6 +1,6 @@ # Posit Chronicle -![Version: 0.3.3](https://img.shields.io/badge/Version-0.3.3-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) +![Version: 0.3.4](https://img.shields.io/badge/Version-0.3.4-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) #### _Official Helm chart for Posit Chronicle Server_ @@ -25,11 +25,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.3.3: +To install the chart with the release name `my-release` at version 0.3.4: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/posit-chronicle --version=0.3.3 +helm upgrade --install my-release rstudio/posit-chronicle --version=0.3.4 ``` To explore other chart versions, look at: diff --git a/charts/rstudio-launcher-rbac/README.md b/charts/rstudio-launcher-rbac/README.md index 0aa9fdb9..de66cd4a 100644 --- a/charts/rstudio-launcher-rbac/README.md +++ b/charts/rstudio-launcher-rbac/README.md @@ -1,6 +1,6 @@ # rstudio-launcher-rbac -![Version: 0.2.22](https://img.shields.io/badge/Version-0.2.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.21](https://img.shields.io/badge/AppVersion-0.2.21-informational?style=flat-square) +![Version: 0.2.23](https://img.shields.io/badge/Version-0.2.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.21](https://img.shields.io/badge/AppVersion-0.2.21-informational?style=flat-square) #### _RBAC definition for the RStudio Job Launcher_ @@ -21,11 +21,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.2.22: +To install the chart with the release name `my-release` at version 0.2.23: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-launcher-rbac --version=0.2.22 +helm upgrade --install my-release rstudio/rstudio-launcher-rbac --version=0.2.23 ``` To explore other chart versions, look at: diff --git a/charts/rstudio-library/README.md b/charts/rstudio-library/README.md index 142c0114..eea6e619 100644 --- a/charts/rstudio-library/README.md +++ b/charts/rstudio-library/README.md @@ -1,6 +1,6 @@ # rstudio-library -![Version: 0.1.30](https://img.shields.io/badge/Version-0.1.30-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: 0.1.30](https://img.shields.io/badge/AppVersion-0.1.30-informational?style=flat-square) +![Version: 0.1.31](https://img.shields.io/badge/Version-0.1.31-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: 0.1.31](https://img.shields.io/badge/AppVersion-0.1.31-informational?style=flat-square) #### _Helm library helpers for use by official RStudio charts_ diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 07295a29..a50067de 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,6 +1,6 @@ # Posit Package Manager -![Version: 0.5.39](https://img.shields.io/badge/Version-0.5.39-informational?style=flat-square) ![AppVersion: 2024.08.2](https://img.shields.io/badge/AppVersion-2024.08.2-informational?style=flat-square) +![Version: 0.5.40](https://img.shields.io/badge/Version-0.5.40-informational?style=flat-square) ![AppVersion: 2024.08.2](https://img.shields.io/badge/AppVersion-2024.08.2-informational?style=flat-square) #### _Official Helm chart for Posit Package Manager_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.5.39: +To install the chart with the release name `my-release` at version 0.5.40: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.39 +helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.40 ``` To explore other chart versions, look at: diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 176fc569..413ba567 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,6 +1,6 @@ # Posit Workbench -![Version: 0.8.4](https://img.shields.io/badge/Version-0.8.4-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) +![Version: 0.8.5](https://img.shields.io/badge/Version-0.8.5-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) #### _Official Helm chart for Posit Workbench_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.8.4: +To install the chart with the release name `my-release` at version 0.8.5: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-workbench --version=0.8.4 +helm upgrade --install my-release rstudio/rstudio-workbench --version=0.8.5 ``` To explore other chart versions, look at: From fb28ac92b92e2b34dcd03e8ecb8a968fa94323c6 Mon Sep 17 00:00:00 2001 From: David Kegley Date: Wed, 30 Oct 2024 16:09:32 -0400 Subject: [PATCH 215/284] Bump library chart version in product charts --- charts/rstudio-connect/Chart.yaml | 2 +- charts/rstudio-launcher-rbac/Chart.yaml | 2 +- charts/rstudio-pm/Chart.yaml | 2 +- charts/rstudio-workbench/Chart.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index ba49a968..b58c27fc 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -13,7 +13,7 @@ maintainers: url: https://github.com/sol-eng dependencies: - name: rstudio-library - version: 0.1.30 + version: 0.1.31 repository: file://../rstudio-library annotations: artifacthub.io/images: | diff --git a/charts/rstudio-launcher-rbac/Chart.yaml b/charts/rstudio-launcher-rbac/Chart.yaml index 503bc537..26731ec5 100644 --- a/charts/rstudio-launcher-rbac/Chart.yaml +++ b/charts/rstudio-launcher-rbac/Chart.yaml @@ -13,7 +13,7 @@ maintainers: url: https://github.com/sol-eng dependencies: - name: rstudio-library - version: 0.1.30 + version: 0.1.31 repository: file://../rstudio-library keywords: - "data science" diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index 142748dc..d047eec3 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -14,7 +14,7 @@ maintainers: url: https://github.com/rstudio/helm dependencies: - name: rstudio-library - version: 0.1.30 + version: 0.1.31 repository: file://../rstudio-library annotations: artifacthub.io/images: | diff --git a/charts/rstudio-workbench/Chart.yaml b/charts/rstudio-workbench/Chart.yaml index 7ef4294a..8e2ea00f 100644 --- a/charts/rstudio-workbench/Chart.yaml +++ b/charts/rstudio-workbench/Chart.yaml @@ -13,7 +13,7 @@ maintainers: url: https://github.com/sol-eng dependencies: - name: rstudio-library - version: 0.1.30 + version: 0.1.31 repository: file://../rstudio-library annotations: artifacthub.io/images: | From d58fefe3a4295a969b0bf3dcd03f48f0d8e60bab Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 30 Oct 2024 20:11:49 +0000 Subject: [PATCH 216/284] Update rbac yaml --- .../rbac/rstudio-launcher-rbac-0.2.23.yaml | 88 +++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 examples/rbac/rstudio-launcher-rbac-0.2.23.yaml diff --git a/examples/rbac/rstudio-launcher-rbac-0.2.23.yaml b/examples/rbac/rstudio-launcher-rbac-0.2.23.yaml new file mode 100644 index 00000000..3b322f8d --- /dev/null +++ b/examples/rbac/rstudio-launcher-rbac-0.2.23.yaml @@ -0,0 +1,88 @@ +--- +# Source: rstudio-launcher-rbac/templates/rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rstudio-launcher-rbac +--- +# Source: rstudio-launcher-rbac/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: rstudio-launcher-rbac +rules: + - apiGroups: + - "" + resources: + - "serviceaccounts" + verbs: + - "list" + - apiGroups: + - "" + resources: + - "pods/log" + verbs: + - "get" + - "watch" + - "list" + - apiGroups: + - "" + resources: + - "pods" + - "pods/attach" + - "pods/exec" + verbs: + - "get" + - "create" + - "update" + - "patch" + - "watch" + - "list" + - "delete" + - apiGroups: + - "" + resources: + - "events" + verbs: + - "watch" + - apiGroups: + - "" + resources: + - "services" + verbs: + - "create" + - "get" + - "watch" + - "list" + - "delete" + - apiGroups: + - "batch" + resources: + - "jobs" + verbs: + - "create" + - "update" + - "patch" + - "get" + - "watch" + - "list" + - "delete" + - apiGroups: + - "metrics.k8s.io" + resources: + - "pods" + verbs: + - "get" +--- +# Source: rstudio-launcher-rbac/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: rstudio-launcher-rbac +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rstudio-launcher-rbac +subjects: + - kind: ServiceAccount + name: rstudio-launcher-rbac From 94728cd5339dd356b5602bbcbdbea0723e81011d Mon Sep 17 00:00:00 2001 From: David Kegley Date: Wed, 30 Oct 2024 16:16:15 -0400 Subject: [PATCH 217/284] Update helm chart lock for all product charts --- charts/rstudio-connect/Chart.lock | 6 +++--- charts/rstudio-launcher-rbac/Chart.lock | 6 +++--- charts/rstudio-pm/Chart.lock | 6 +++--- charts/rstudio-workbench/Chart.lock | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/charts/rstudio-connect/Chart.lock b/charts/rstudio-connect/Chart.lock index 0a3e8bb9..506d1dc9 100644 --- a/charts/rstudio-connect/Chart.lock +++ b/charts/rstudio-connect/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: rstudio-library repository: file://../rstudio-library - version: 0.1.30 -digest: sha256:dcf9d679b18cf99da3781b22797d639a2cbeb47b746dff7e7532b3e55261e938 -generated: "2024-05-15T19:57:52.620702-04:00" + version: 0.1.31 +digest: sha256:0eb384784157aa97191636a6da495adebef600647566c77a2a0642d3699fdffa +generated: "2024-10-30T16:15:51.145000005-04:00" diff --git a/charts/rstudio-launcher-rbac/Chart.lock b/charts/rstudio-launcher-rbac/Chart.lock index 134100c0..b149562b 100644 --- a/charts/rstudio-launcher-rbac/Chart.lock +++ b/charts/rstudio-launcher-rbac/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: rstudio-library repository: file://../rstudio-library - version: 0.1.30 -digest: sha256:dcf9d679b18cf99da3781b22797d639a2cbeb47b746dff7e7532b3e55261e938 -generated: "2024-05-15T19:57:55.735705-04:00" + version: 0.1.31 +digest: sha256:0eb384784157aa97191636a6da495adebef600647566c77a2a0642d3699fdffa +generated: "2024-10-30T16:15:51.566392274-04:00" diff --git a/charts/rstudio-pm/Chart.lock b/charts/rstudio-pm/Chart.lock index 82f8ef24..5d5da7eb 100644 --- a/charts/rstudio-pm/Chart.lock +++ b/charts/rstudio-pm/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: rstudio-library repository: file://../rstudio-library - version: 0.1.30 -digest: sha256:dcf9d679b18cf99da3781b22797d639a2cbeb47b746dff7e7532b3e55261e938 -generated: "2024-05-15T19:57:58.863614-04:00" + version: 0.1.31 +digest: sha256:0eb384784157aa97191636a6da495adebef600647566c77a2a0642d3699fdffa +generated: "2024-10-30T16:15:52.072362457-04:00" diff --git a/charts/rstudio-workbench/Chart.lock b/charts/rstudio-workbench/Chart.lock index f139bc12..c37328b9 100644 --- a/charts/rstudio-workbench/Chart.lock +++ b/charts/rstudio-workbench/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: rstudio-library repository: file://../rstudio-library - version: 0.1.30 -digest: sha256:dcf9d679b18cf99da3781b22797d639a2cbeb47b746dff7e7532b3e55261e938 -generated: "2024-05-15T19:58:02.13077-04:00" + version: 0.1.31 +digest: sha256:0eb384784157aa97191636a6da495adebef600647566c77a2a0642d3699fdffa +generated: "2024-10-30T16:15:52.507116664-04:00" From 50e101c593b44a335c0f4fe30d4c3185fcbbbd37 Mon Sep 17 00:00:00 2001 From: David Kegley Date: Thu, 31 Oct 2024 10:47:26 -0400 Subject: [PATCH 218/284] Add test justfile target --- CONTRIBUTING.md | 8 ++++++-- Justfile | 13 ++++++++++++- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7aeba09d..929a8494 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -42,9 +42,13 @@ Running the [helm chart unit tests](https://github.com/helm-unittest/helm-unitte # install the unittest plugin helm plugin install https://github.com/helm-unittest/helm-unittest.git -# run the rstudio-connect chart unittests # unit tests are defined in `charts/$CHART_NAME/tests` -helm unittest --color ./charts/rstudio-connect + +# test all charts +just test + +# run unit tests for a single chart +just test rstudio-connect ``` ## Templates diff --git a/Justfile b/Justfile index 51653743..d12a4330 100644 --- a/Justfile +++ b/Justfile @@ -75,6 +75,17 @@ snapshot-rsw-diff: fi done +test chart='all': + #!/usr/bin/env bash + set -xe + if [[ "{{ chart }}" == 'all' ]]; then + for dir in $(ls -d {{ justfile_directory() }}/charts/*/); do + helm unittest $dir + done + else + helm unittest "charts/{{ chart }}" + fi + test-connect-interpreter-versions: #!/usr/bin/env bash set -xe @@ -118,4 +129,4 @@ push-docs: # The s3 bucket is s3://docs.rstudio.com/, which is available as https://docs.posit.co/ aws s3 sync ${s3_args[*]:-} \ _site \ - "s3://docs.rstudio.com/helm/" \ No newline at end of file + "s3://docs.rstudio.com/helm/" From aab031778d03883ac6ef4eb6fe31525f49b24f0b Mon Sep 17 00:00:00 2001 From: Tyler Date: Fri, 1 Nov 2024 10:18:54 -0400 Subject: [PATCH 219/284] Fix: PPM startup probe should wait until web services are available This changes the startup probe to use the `__api__/status` route instead of ping for initial readiness. It's more heavyweight, so I left the liveness and readiness probes alone. Refs: https://github.com/rstudio/package-manager/issues/14644 --- charts/rstudio-pm/Chart.yaml | 2 +- charts/rstudio-pm/README.md | 8 ++++---- charts/rstudio-pm/values.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index d047eec3..c89a51f1 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-pm description: Official Helm chart for Posit Package Manager -version: 0.5.40 +version: 0.5.41 apiVersion: v2 appVersion: 2024.08.2 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index a50067de..ee78b961 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,6 +1,6 @@ # Posit Package Manager -![Version: 0.5.40](https://img.shields.io/badge/Version-0.5.40-informational?style=flat-square) ![AppVersion: 2024.08.2](https://img.shields.io/badge/AppVersion-2024.08.2-informational?style=flat-square) +![Version: 0.5.41](https://img.shields.io/badge/Version-0.5.41-informational?style=flat-square) ![AppVersion: 2024.08.2](https://img.shields.io/badge/AppVersion-2024.08.2-informational?style=flat-square) #### _Official Helm chart for Posit Package Manager_ @@ -14,7 +14,7 @@ To ensure a stable production deployment: * "Pin" the version of the Helm chart that you are using. You can do this using the: * `helm dependency` command *and* the associated "Chart.lock" files *or* * the `--version` flag. - + ::: {.callout-important} This protects you from breaking changes. ::: @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.5.40: +To install the chart with the release name `my-release` at version 0.5.41: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.40 +helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.41 ``` To explore other chart versions, look at: diff --git a/charts/rstudio-pm/values.yaml b/charts/rstudio-pm/values.yaml index 500daa34..b5295edb 100644 --- a/charts/rstudio-pm/values.yaml +++ b/charts/rstudio-pm/values.yaml @@ -170,7 +170,7 @@ livenessProbe: startupProbe: enabled: false httpGet: - path: /__ping__ + path: /__api__/status port: 4242 initialDelaySeconds: 10 periodSeconds: 10 From f6956db51120acf32fb1be130f6e7b62ce21fc31 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Fri, 1 Nov 2024 14:21:45 +0000 Subject: [PATCH 220/284] Update helm-docs and README.md --- charts/rstudio-pm/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index ee78b961..f25184b0 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -14,7 +14,7 @@ To ensure a stable production deployment: * "Pin" the version of the Helm chart that you are using. You can do this using the: * `helm dependency` command *and* the associated "Chart.lock" files *or* * the `--version` flag. - + ::: {.callout-important} This protects you from breaking changes. ::: @@ -269,7 +269,7 @@ The Helm `config` values are converted into the `rstudio-pm.gcfg` service config | sharedStorage.selector | object | `{}` | selector for PVC definition | | sharedStorage.storageClassName | bool | `false` | storageClassName - the type of storage to use. Must allow ReadWriteMany | | sharedStorage.volumeName | string | `""` | the volumeName passed along to the persistentVolumeClaim. Optional | -| startupProbe | object | `{"enabled":false,"failureThreshold":30,"httpGet":{"path":"/__ping__","port":4242},"initialDelaySeconds":10,"periodSeconds":10,"timeoutSeconds":1}` | startupProbe is used to configure the container's startupProbe | +| startupProbe | object | `{"enabled":false,"failureThreshold":30,"httpGet":{"path":"/__api__/status","port":4242},"initialDelaySeconds":10,"periodSeconds":10,"timeoutSeconds":1}` | startupProbe is used to configure the container's startupProbe | | startupProbe.failureThreshold | int | `30` | failureThreshold * periodSeconds should be strictly > worst case startup time | | strategy | object | `{"rollingUpdate":{"maxSurge":"100%","maxUnavailable":0},"type":"RollingUpdate"}` | The update strategy used by the main service pod. | | tolerations | list | `[]` | An array used verbatim as the pod's "tolerations" definition | From d17f712bdaba43c6066316e4b4eb52334d3d3846 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 1 Nov 2024 10:23:24 -0400 Subject: [PATCH 221/284] Point to the helm.rstudio.com repo for the rstudio-library charts. Allow us to pin the version --- charts/rstudio-connect/Chart.lock | 6 +++--- charts/rstudio-connect/Chart.yaml | 4 ++-- charts/rstudio-launcher-rbac/Chart.lock | 6 +++--- charts/rstudio-launcher-rbac/Chart.yaml | 4 ++-- charts/rstudio-pm/Chart.lock | 6 +++--- charts/rstudio-pm/Chart.yaml | 4 ++-- charts/rstudio-workbench/Chart.lock | 6 +++--- charts/rstudio-workbench/Chart.yaml | 4 ++-- 8 files changed, 20 insertions(+), 20 deletions(-) diff --git a/charts/rstudio-connect/Chart.lock b/charts/rstudio-connect/Chart.lock index 506d1dc9..9b57df62 100644 --- a/charts/rstudio-connect/Chart.lock +++ b/charts/rstudio-connect/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: rstudio-library - repository: file://../rstudio-library + repository: https://helm.rstudio.com version: 0.1.31 -digest: sha256:0eb384784157aa97191636a6da495adebef600647566c77a2a0642d3699fdffa -generated: "2024-10-30T16:15:51.145000005-04:00" +digest: sha256:2a0e98b8fa01730bf2db3816a7310462c921b9fa2f1f3c74f85fedede82e1593 +generated: "2024-11-01T10:19:53.608088-04:00" diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index b58c27fc..0edcb393 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.7.13 +version: 0.7.14 apiVersion: v2 appVersion: 2024.09.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png @@ -14,7 +14,7 @@ maintainers: dependencies: - name: rstudio-library version: 0.1.31 - repository: file://../rstudio-library + repository: https://helm.rstudio.com annotations: artifacthub.io/images: | - name: rstudio-connect diff --git a/charts/rstudio-launcher-rbac/Chart.lock b/charts/rstudio-launcher-rbac/Chart.lock index b149562b..e02a858d 100644 --- a/charts/rstudio-launcher-rbac/Chart.lock +++ b/charts/rstudio-launcher-rbac/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: rstudio-library - repository: file://../rstudio-library + repository: https://helm.rstudio.com version: 0.1.31 -digest: sha256:0eb384784157aa97191636a6da495adebef600647566c77a2a0642d3699fdffa -generated: "2024-10-30T16:15:51.566392274-04:00" +digest: sha256:2a0e98b8fa01730bf2db3816a7310462c921b9fa2f1f3c74f85fedede82e1593 +generated: "2024-11-01T10:21:05.638651-04:00" diff --git a/charts/rstudio-launcher-rbac/Chart.yaml b/charts/rstudio-launcher-rbac/Chart.yaml index 26731ec5..e8d22b73 100644 --- a/charts/rstudio-launcher-rbac/Chart.yaml +++ b/charts/rstudio-launcher-rbac/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: rstudio-launcher-rbac description: RBAC definition for the RStudio Job Launcher type: application -version: 0.2.23 +version: 0.2.24 appVersion: 0.2.21 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png sources: @@ -14,7 +14,7 @@ maintainers: dependencies: - name: rstudio-library version: 0.1.31 - repository: file://../rstudio-library + repository: https://helm.rstudio.com keywords: - "data science" - "machine learning" diff --git a/charts/rstudio-pm/Chart.lock b/charts/rstudio-pm/Chart.lock index 5d5da7eb..49dfebde 100644 --- a/charts/rstudio-pm/Chart.lock +++ b/charts/rstudio-pm/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: rstudio-library - repository: file://../rstudio-library + repository: https://helm.rstudio.com version: 0.1.31 -digest: sha256:0eb384784157aa97191636a6da495adebef600647566c77a2a0642d3699fdffa -generated: "2024-10-30T16:15:52.072362457-04:00" +digest: sha256:2a0e98b8fa01730bf2db3816a7310462c921b9fa2f1f3c74f85fedede82e1593 +generated: "2024-11-01T10:21:00.666975-04:00" diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index d047eec3..8d911101 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-pm description: Official Helm chart for Posit Package Manager -version: 0.5.40 +version: 0.5.41 apiVersion: v2 appVersion: 2024.08.2 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png @@ -15,7 +15,7 @@ maintainers: dependencies: - name: rstudio-library version: 0.1.31 - repository: file://../rstudio-library + repository: https://helm.rstudio.com annotations: artifacthub.io/images: | - name: rstudio-package-manager diff --git a/charts/rstudio-workbench/Chart.lock b/charts/rstudio-workbench/Chart.lock index c37328b9..5d8d4207 100644 --- a/charts/rstudio-workbench/Chart.lock +++ b/charts/rstudio-workbench/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: rstudio-library - repository: file://../rstudio-library + repository: https://helm.rstudio.com version: 0.1.31 -digest: sha256:0eb384784157aa97191636a6da495adebef600647566c77a2a0642d3699fdffa -generated: "2024-10-30T16:15:52.507116664-04:00" +digest: sha256:2a0e98b8fa01730bf2db3816a7310462c921b9fa2f1f3c74f85fedede82e1593 +generated: "2024-11-01T10:20:55.670732-04:00" diff --git a/charts/rstudio-workbench/Chart.yaml b/charts/rstudio-workbench/Chart.yaml index 8e2ea00f..d5f8e0da 100644 --- a/charts/rstudio-workbench/Chart.yaml +++ b/charts/rstudio-workbench/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-workbench description: Official Helm chart for Posit Workbench -version: 0.8.5 +version: 0.8.6 apiVersion: v2 appVersion: 2024.09.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png @@ -14,7 +14,7 @@ maintainers: dependencies: - name: rstudio-library version: 0.1.31 - repository: file://../rstudio-library + repository: https://helm.rstudio.com annotations: artifacthub.io/images: | - name: rstudio-workbench From d6781738de97e34f40183e040a9ea2ff5f252abd Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 1 Nov 2024 10:24:01 -0400 Subject: [PATCH 222/284] Remove the unneeded test for rstudio-workbench. It's the same as an install test, I don't think it gains us anything --- .../tests/test-verify-installation.yaml | 38 ------------------- 1 file changed, 38 deletions(-) delete mode 100644 charts/rstudio-workbench/templates/tests/test-verify-installation.yaml diff --git a/charts/rstudio-workbench/templates/tests/test-verify-installation.yaml b/charts/rstudio-workbench/templates/tests/test-verify-installation.yaml deleted file mode 100644 index 27bec28f..00000000 --- a/charts/rstudio-workbench/templates/tests/test-verify-installation.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: {{ include "rstudio-workbench.fullname" . }}-test - annotations: - "helm.sh/hook": test -spec: - {{/** - * NOTE: In the case where a service account was in use and - * then later removed, the behavior of kubernetes is to - * leave the `serviceAccount` / `serviceAccountName` value - * unchanged unless explicitly overwritten with an empty - * string. See linked issues tracing backward from: - * https://github.com/kubernetes/kubernetes/issues/108208#issuecomment-1262269204 - * and also the "Note" callout at the end of this section: - * https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-multiple-service-accounts - */}} - {{- $serviceAccountName := .Values.rbac.serviceAccount.name | default (include "rstudio-workbench.fullname" .)}} - {{- if or .Values.rbac.create (.Values.rbac.serviceAccount.name) }} - serviceAccountName: {{ $serviceAccountName }} - {{- else }} - serviceAccountName: {{ .Values.rbac.serviceAccount.name | toString | quote }} - {{- end }} - {{- with .Values.image.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 4 }} - {{- end }} - shareProcessNamespace: {{ .Values.shareProcessNamespace }} - restartPolicy: Never - {{- $topLevelParams := dict "diagnostics" (dict "enabled" true) "userCreate" true }} - {{- $disabledObject := dict "enabled" false }} - {{- $readinessProbe := dict "readinessProbe" $disabledObject }} - {{- $livenessProbe := dict "livenessProbe" $disabledObject }} - {{- $startupProbe := dict "startupProbe" $disabledObject }} - {{- $prometheusExporter := dict "prometheusExporter" $disabledObject }} - {{- $overrideDict := . | deepCopy }} - {{- $_ := mergeOverwrite $overrideDict.Values $prometheusExporter $startupProbe $livenessProbe $readinessProbe $topLevelParams }} -{{ include "rstudio-workbench.containers" $overrideDict | indent 2 }} From cf2ea77406659e3dac3c81beb9ed0c909fb46a81 Mon Sep 17 00:00:00 2001 From: Tyler Date: Fri, 1 Nov 2024 10:24:02 -0400 Subject: [PATCH 223/284] NEWS: Add line item for 0.5.41 and the route change --- charts/rstudio-pm/NEWS.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index 952dcbf0..75ad8af0 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.5.41 + +- Update the default `pod.startupProbe` to use the `/__api__/status` route instead of `/__ping__` for a more reliable startup. + ## 0.5.40 - Add helm unit test scaffold. From 6e009e421301e1a0744d6ebce13828070138e89b Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 1 Nov 2024 10:27:00 -0400 Subject: [PATCH 224/284] Add a news entry to explain why the charts have bumped in version --- charts/rstudio-connect/NEWS.md | 4 ++++ charts/rstudio-launcher-rbac/NEWS.md | 4 ++++ charts/rstudio-pm/NEWS.md | 4 ++++ charts/rstudio-workbench/NEWS.md | 4 ++++ 4 files changed, 16 insertions(+) diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index fcd40905..b204fa96 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.7.14 + +- Pin the rstudio-library version dependency so we can update the library chart without breaking all the charts that depend on it. + ## 0.7.13 - Add initial set of helm unit tests. diff --git a/charts/rstudio-launcher-rbac/NEWS.md b/charts/rstudio-launcher-rbac/NEWS.md index 6563e816..2177a3fe 100644 --- a/charts/rstudio-launcher-rbac/NEWS.md +++ b/charts/rstudio-launcher-rbac/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.2.24 + +- Pin the rstudio-library version dependency so we can update the library chart without breaking all the charts that depend on it. + ## 0.2.23 - Add helm unit test scaffold. diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index 952dcbf0..24484d37 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.5.41 + +- Pin the rstudio-library version dependency so we can update the library chart without breaking all the charts that depend on it. + ## 0.5.40 - Add helm unit test scaffold. diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index e8d4731f..b5c5e2c5 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.8.6 + +- Pin the rstudio-library version dependency so we can update the library chart without breaking all the charts that depend on it. + ## 0.8.5 - Add helm unit test scaffold. From 8a2ffe9f83e20c5639b179588af67ccafa4e4641 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Fri, 1 Nov 2024 14:31:11 +0000 Subject: [PATCH 225/284] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 6 +++--- charts/rstudio-launcher-rbac/README.md | 6 +++--- charts/rstudio-pm/README.md | 6 +++--- charts/rstudio-workbench/README.md | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index c279d655..8a78891e 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.7.13](https://img.shields.io/badge/Version-0.7.13-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) +![Version: 0.7.14](https://img.shields.io/badge/Version-0.7.14-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ @@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.13: +To install the chart with the release name `my-release` at version 0.7.14: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.13 +helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.14 ``` To explore other chart versions, look at: diff --git a/charts/rstudio-launcher-rbac/README.md b/charts/rstudio-launcher-rbac/README.md index de66cd4a..1dd1a38f 100644 --- a/charts/rstudio-launcher-rbac/README.md +++ b/charts/rstudio-launcher-rbac/README.md @@ -1,6 +1,6 @@ # rstudio-launcher-rbac -![Version: 0.2.23](https://img.shields.io/badge/Version-0.2.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.21](https://img.shields.io/badge/AppVersion-0.2.21-informational?style=flat-square) +![Version: 0.2.24](https://img.shields.io/badge/Version-0.2.24-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.21](https://img.shields.io/badge/AppVersion-0.2.21-informational?style=flat-square) #### _RBAC definition for the RStudio Job Launcher_ @@ -21,11 +21,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.2.23: +To install the chart with the release name `my-release` at version 0.2.24: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-launcher-rbac --version=0.2.23 +helm upgrade --install my-release rstudio/rstudio-launcher-rbac --version=0.2.24 ``` To explore other chart versions, look at: diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index a50067de..89072dcd 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,6 +1,6 @@ # Posit Package Manager -![Version: 0.5.40](https://img.shields.io/badge/Version-0.5.40-informational?style=flat-square) ![AppVersion: 2024.08.2](https://img.shields.io/badge/AppVersion-2024.08.2-informational?style=flat-square) +![Version: 0.5.41](https://img.shields.io/badge/Version-0.5.41-informational?style=flat-square) ![AppVersion: 2024.08.2](https://img.shields.io/badge/AppVersion-2024.08.2-informational?style=flat-square) #### _Official Helm chart for Posit Package Manager_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.5.40: +To install the chart with the release name `my-release` at version 0.5.41: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.40 +helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.41 ``` To explore other chart versions, look at: diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 413ba567..7107deba 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,6 +1,6 @@ # Posit Workbench -![Version: 0.8.5](https://img.shields.io/badge/Version-0.8.5-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) +![Version: 0.8.6](https://img.shields.io/badge/Version-0.8.6-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) #### _Official Helm chart for Posit Workbench_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.8.5: +To install the chart with the release name `my-release` at version 0.8.6: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-workbench --version=0.8.5 +helm upgrade --install my-release rstudio/rstudio-workbench --version=0.8.6 ``` To explore other chart versions, look at: From 80eb2e02abd7cd166d1bbf15ef41658be84f1b89 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 1 Nov 2024 10:43:03 -0400 Subject: [PATCH 226/284] Add the rstudio helm repo --- .github/workflows/chart-test.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index 20d46398..62d19fe5 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -20,6 +20,9 @@ jobs: with: version: v3.6.3 + - name: Add rstudio helm repo + run: helm repo add rstudio https://helm.rstudio.com + - uses: actions/setup-python@v5 with: python-version: "3.10" @@ -142,6 +145,9 @@ jobs: with: version: v3.6.3 + - name: Add rstudio helm repo + run: helm repo add rstudio https://helm.rstudio.com + - uses: actions/setup-python@v5 with: python-version: "3.10" From 4665ac80dd7e801ec8e3dc0ade566fbf20ee018f Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 1 Nov 2024 10:46:36 -0400 Subject: [PATCH 227/284] Chart doc also needs the rstudio helm repo --- .github/workflows/chart-doc.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/chart-doc.yaml b/.github/workflows/chart-doc.yaml index f1938270..1757b1fa 100644 --- a/.github/workflows/chart-doc.yaml +++ b/.github/workflows/chart-doc.yaml @@ -20,6 +20,9 @@ jobs: with: version: v3.6.3 + - name: Add rstudio helm repo + run: helm repo add rstudio https://helm.rstudio.com + - name: install Just uses: extractions/setup-just@v2 From 5294cab45ffe803c013957834ee7b4b916ccb9ee Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 1 Nov 2024 10:47:31 -0400 Subject: [PATCH 228/284] Add the helm repo to these as well to be safe --- .github/workflows/chart-rebuild.yaml | 3 +++ .github/workflows/chart-releaser.yaml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/.github/workflows/chart-rebuild.yaml b/.github/workflows/chart-rebuild.yaml index 54ef9185..1d3fba9c 100644 --- a/.github/workflows/chart-rebuild.yaml +++ b/.github/workflows/chart-rebuild.yaml @@ -17,6 +17,9 @@ jobs: with: version: v3.6.3 + - name: Add rstudio helm repo + run: helm repo add rstudio https://helm.rstudio.com + - name: Rebuild index.yaml env: version: v1.2.1 diff --git a/.github/workflows/chart-releaser.yaml b/.github/workflows/chart-releaser.yaml index f9253d18..87088efd 100644 --- a/.github/workflows/chart-releaser.yaml +++ b/.github/workflows/chart-releaser.yaml @@ -24,6 +24,9 @@ jobs: with: version: v3.6.3 + - name: Add rstudio helm repo + run: helm repo add rstudio https://helm.rstudio.com + - name: Run chart-releaser uses: helm/chart-releaser-action@v1.2.0 with: From 5de2a79a066cc69cdeb09ec063cbfa05a94eb497 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 1 Nov 2024 10:54:08 -0400 Subject: [PATCH 229/284] Put the helm repo in the wrong workflow --- .github/workflows/chart-doc.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/chart-doc.yaml b/.github/workflows/chart-doc.yaml index 1757b1fa..efd09880 100644 --- a/.github/workflows/chart-doc.yaml +++ b/.github/workflows/chart-doc.yaml @@ -20,9 +20,6 @@ jobs: with: version: v3.6.3 - - name: Add rstudio helm repo - run: helm repo add rstudio https://helm.rstudio.com - - name: install Just uses: extractions/setup-just@v2 @@ -85,6 +82,9 @@ jobs: with: version: v3.6.3 + - name: Add rstudio helm repo + run: helm repo add rstudio https://helm.rstudio.com + - name: install Just uses: extractions/setup-just@v2 From ee471c1bfb2b0320aec2cba195d98c892fe88e0d Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Fri, 1 Nov 2024 14:58:44 +0000 Subject: [PATCH 230/284] Update rbac yaml --- .../rbac/rstudio-launcher-rbac-0.2.24.yaml | 88 +++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 examples/rbac/rstudio-launcher-rbac-0.2.24.yaml diff --git a/examples/rbac/rstudio-launcher-rbac-0.2.24.yaml b/examples/rbac/rstudio-launcher-rbac-0.2.24.yaml new file mode 100644 index 00000000..3b322f8d --- /dev/null +++ b/examples/rbac/rstudio-launcher-rbac-0.2.24.yaml @@ -0,0 +1,88 @@ +--- +# Source: rstudio-launcher-rbac/templates/rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rstudio-launcher-rbac +--- +# Source: rstudio-launcher-rbac/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: rstudio-launcher-rbac +rules: + - apiGroups: + - "" + resources: + - "serviceaccounts" + verbs: + - "list" + - apiGroups: + - "" + resources: + - "pods/log" + verbs: + - "get" + - "watch" + - "list" + - apiGroups: + - "" + resources: + - "pods" + - "pods/attach" + - "pods/exec" + verbs: + - "get" + - "create" + - "update" + - "patch" + - "watch" + - "list" + - "delete" + - apiGroups: + - "" + resources: + - "events" + verbs: + - "watch" + - apiGroups: + - "" + resources: + - "services" + verbs: + - "create" + - "get" + - "watch" + - "list" + - "delete" + - apiGroups: + - "batch" + resources: + - "jobs" + verbs: + - "create" + - "update" + - "patch" + - "get" + - "watch" + - "list" + - "delete" + - apiGroups: + - "metrics.k8s.io" + resources: + - "pods" + verbs: + - "get" +--- +# Source: rstudio-launcher-rbac/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: rstudio-launcher-rbac +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rstudio-launcher-rbac +subjects: + - kind: ServiceAccount + name: rstudio-launcher-rbac From b920aafcd762d21caa61b8788603d0e5ffd466f5 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 1 Nov 2024 11:05:45 -0400 Subject: [PATCH 231/284] Bump the rstudio-pm chart again --- charts/rstudio-pm/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index 8d911101..22cd69f7 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-pm description: Official Helm chart for Posit Package Manager -version: 0.5.41 +version: 0.5.42 apiVersion: v2 appVersion: 2024.08.2 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png From e6fe784f5a69f1d7b4ebf8061e54bf09afba957f Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Fri, 1 Nov 2024 15:06:56 +0000 Subject: [PATCH 232/284] Update helm-docs and README.md --- charts/rstudio-pm/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index f25184b0..2673c1be 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,6 +1,6 @@ # Posit Package Manager -![Version: 0.5.41](https://img.shields.io/badge/Version-0.5.41-informational?style=flat-square) ![AppVersion: 2024.08.2](https://img.shields.io/badge/AppVersion-2024.08.2-informational?style=flat-square) +![Version: 0.5.42](https://img.shields.io/badge/Version-0.5.42-informational?style=flat-square) ![AppVersion: 2024.08.2](https://img.shields.io/badge/AppVersion-2024.08.2-informational?style=flat-square) #### _Official Helm chart for Posit Package Manager_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.5.41: +To install the chart with the release name `my-release` at version 0.5.42: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.41 +helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.42 ``` To explore other chart versions, look at: From ec09900eb904f56bdbcca342721b12f705678892 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 1 Nov 2024 14:05:37 -0400 Subject: [PATCH 233/284] Add an empty vaules file for install testing --- ci/posit-chronicle/install/empty-values.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 ci/posit-chronicle/install/empty-values.yaml diff --git a/ci/posit-chronicle/install/empty-values.yaml b/ci/posit-chronicle/install/empty-values.yaml new file mode 100644 index 00000000..e69de29b From 9b74cdbbed8181e00014721a1c5a29a4b530e994 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 1 Nov 2024 14:30:09 -0400 Subject: [PATCH 234/284] Set the default value for LocalStorage.Enabled to be true so installs work with the default values file --- charts/posit-chronicle/Chart.yaml | 2 +- charts/posit-chronicle/NEWS.md | 4 ++++ charts/posit-chronicle/values.yaml | 5 ++--- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/charts/posit-chronicle/Chart.yaml b/charts/posit-chronicle/Chart.yaml index 1833080b..31f48b45 100644 --- a/charts/posit-chronicle/Chart.yaml +++ b/charts/posit-chronicle/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: posit-chronicle description: Official Helm chart for Posit Chronicle Server -version: 0.3.4 +version: 0.3.5 appVersion: 2024.09.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.posit.co diff --git a/charts/posit-chronicle/NEWS.md b/charts/posit-chronicle/NEWS.md index 89d2215b..b93092e4 100644 --- a/charts/posit-chronicle/NEWS.md +++ b/charts/posit-chronicle/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.3.5 + +- Change the default value for LocalStorage.Enabled to `true` in order for installations with the default values to work out of the box. + ## 0.3.4 - Add helm unit test scaffold. diff --git a/charts/posit-chronicle/values.yaml b/charts/posit-chronicle/values.yaml index 67223643..bd428b98 100644 --- a/charts/posit-chronicle/values.yaml +++ b/charts/posit-chronicle/values.yaml @@ -70,9 +70,8 @@ config: ServiceLogLevel: "INFO" ServiceLogFormat: "TEXT" LocalStorage: - # By default when localStorage.enabled=false, the chronicle stateful-set - # won't submit a volume claim or be bound to a persistent volume - Enabled: false + # By default LocalStorage.Enabled=true, so that installs work with the default values + Enabled: true Location: "./chronicle-data" RetentionPeriod: "30d" S3Storage: From eae1ee076fd5c98534831cfc16b4f86d5a9e7afa Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Fri, 1 Nov 2024 18:31:12 +0000 Subject: [PATCH 235/284] Update helm-docs and README.md --- charts/posit-chronicle/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/posit-chronicle/README.md b/charts/posit-chronicle/README.md index 8e1bbb5d..386c4616 100644 --- a/charts/posit-chronicle/README.md +++ b/charts/posit-chronicle/README.md @@ -1,6 +1,6 @@ # Posit Chronicle -![Version: 0.3.4](https://img.shields.io/badge/Version-0.3.4-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) +![Version: 0.3.5](https://img.shields.io/badge/Version-0.3.5-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) #### _Official Helm chart for Posit Chronicle Server_ @@ -25,11 +25,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.3.4: +To install the chart with the release name `my-release` at version 0.3.5: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/posit-chronicle --version=0.3.4 +helm upgrade --install my-release rstudio/posit-chronicle --version=0.3.5 ``` To explore other chart versions, look at: @@ -164,7 +164,7 @@ The credentials Chronicle uses for S3 storage must have the following permission | config.HTTPS.Certificate | string | `""` | | | config.HTTPS.Enabled | bool | `false` | | | config.HTTPS.Key | string | `""` | | -| config.LocalStorage.Enabled | bool | `false` | | +| config.LocalStorage.Enabled | bool | `true` | | | config.LocalStorage.Location | string | `"./chronicle-data"` | | | config.LocalStorage.RetentionPeriod | string | `"30d"` | | | config.Logging.ServiceLog | string | `"STDOUT"` | | From 73954d2740f4f76845750627715a326fdd2454c4 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 1 Nov 2024 14:41:52 -0400 Subject: [PATCH 236/284] Add some CODEOWNERS for posit-chronicle and rstudio-workbench --- .github/CODEOWNERS | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 91427689..50665c8f 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -3,7 +3,17 @@ # package-manager resources /charts/rstudio-pm/* @rstudio/ppm +/ci/rstudio-pm/* @rstudio/ppm # connect resources /charts/rstudio-connect/* @aronatkins @dbkegley @christierney @zackverham +/ci/rstudio-connect/* @aronatkins @dbkegley @christierney @zackverham /examples/connect/* @aronatkins @dbkegley @christierney @zackverham + +# posit-chronicle resources +/charts/posit-chronicle/* @matt-urbina @edavidaja @AshleyHenry15 +/ci/posit-chronicle/* @matt-urbina @edavidaja @AshleyHenry15 + +# rstudio-workbench resources +/charts/rstudio-workbench/* @GCrev @zachhannum +/ci/rstudio-workbench/* @GCrev @zachhannum From a3aebcf0076267c0da71acbcd96029603416b82f Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 1 Nov 2024 14:53:51 -0400 Subject: [PATCH 237/284] David Aja is on connect now, definitely not the person for chronicle. Mark Tucker is the lead for chronicle so I'm adding him instead --- .github/CODEOWNERS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 50665c8f..7e4364dd 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -11,8 +11,8 @@ /examples/connect/* @aronatkins @dbkegley @christierney @zackverham # posit-chronicle resources -/charts/posit-chronicle/* @matt-urbina @edavidaja @AshleyHenry15 -/ci/posit-chronicle/* @matt-urbina @edavidaja @AshleyHenry15 +/charts/posit-chronicle/* @matt-urbina @AshleyHenry15 @markrtucker +/ci/posit-chronicle/* @matt-urbina @AshleyHenry15 @markrtucker # rstudio-workbench resources /charts/rstudio-workbench/* @GCrev @zachhannum From 1ae19f3e7e9619c9d734450a2595a40afbe3f11f Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 1 Nov 2024 15:01:35 -0400 Subject: [PATCH 238/284] Add @t-margheim as well for chronicle --- .github/CODEOWNERS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 7e4364dd..28ad05be 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -11,8 +11,8 @@ /examples/connect/* @aronatkins @dbkegley @christierney @zackverham # posit-chronicle resources -/charts/posit-chronicle/* @matt-urbina @AshleyHenry15 @markrtucker -/ci/posit-chronicle/* @matt-urbina @AshleyHenry15 @markrtucker +/charts/posit-chronicle/* @matt-urbina @AshleyHenry15 @markrtucker @t-margheim +/ci/posit-chronicle/* @matt-urbina @AshleyHenry15 @markrtucker @t-margheim # rstudio-workbench resources /charts/rstudio-workbench/* @GCrev @zachhannum From 2e45cbd09f8a60f1cb999bf0eba8a05d3c2f5b10 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 1 Nov 2024 16:22:41 -0400 Subject: [PATCH 239/284] Also remove Ashley --- .github/CODEOWNERS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 28ad05be..e559a365 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -11,8 +11,8 @@ /examples/connect/* @aronatkins @dbkegley @christierney @zackverham # posit-chronicle resources -/charts/posit-chronicle/* @matt-urbina @AshleyHenry15 @markrtucker @t-margheim -/ci/posit-chronicle/* @matt-urbina @AshleyHenry15 @markrtucker @t-margheim +/charts/posit-chronicle/* @matt-urbina @markrtucker @t-margheim +/ci/posit-chronicle/* @matt-urbina @markrtucker @t-margheim # rstudio-workbench resources /charts/rstudio-workbench/* @GCrev @zachhannum From d0510ea4afddd329c63bb7a84078e88dee36669b Mon Sep 17 00:00:00 2001 From: Skye Turriff Date: Tue, 5 Nov 2024 13:29:45 -0500 Subject: [PATCH 240/284] bump Workbench to 2024.09.1 --- charts/rstudio-workbench/Chart.yaml | 8 ++++---- charts/rstudio-workbench/NEWS.md | 4 ++++ charts/rstudio-workbench/README.md | 6 +++--- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/charts/rstudio-workbench/Chart.yaml b/charts/rstudio-workbench/Chart.yaml index d5f8e0da..46d386ef 100644 --- a/charts/rstudio-workbench/Chart.yaml +++ b/charts/rstudio-workbench/Chart.yaml @@ -1,8 +1,8 @@ name: rstudio-workbench description: Official Helm chart for Posit Workbench -version: 0.8.6 +version: 0.8.7 apiVersion: v2 -appVersion: 2024.09.0 +appVersion: 2024.09.1 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.rstudio.com sources: @@ -18,9 +18,9 @@ dependencies: annotations: artifacthub.io/images: | - name: rstudio-workbench - image: rstudio/rstudio-workbench:ubuntu2204-2024.09.0 + image: rstudio/rstudio-workbench:ubuntu2204-2024.09.1 - name: r-session-complete - image: rstudio/r-session-complete:ubuntu2204-2024.09.0 + image: rstudio/r-session-complete:ubuntu2204-2024.09.1 artifacthub.io/license: MIT artifacthub.io/links: | - name: Docker Images diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index b5c5e2c5..a99133eb 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.8.7 + +- Bump Workbench version to 2024.09.1 + ## 0.8.6 - Pin the rstudio-library version dependency so we can update the library chart without breaking all the charts that depend on it. diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 7107deba..f79e701d 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,6 +1,6 @@ # Posit Workbench -![Version: 0.8.6](https://img.shields.io/badge/Version-0.8.6-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) +![Version: 0.8.7](https://img.shields.io/badge/Version-0.8.7-informational?style=flat-square) ![AppVersion: 2024.09.1](https://img.shields.io/badge/AppVersion-2024.09.1-informational?style=flat-square) #### _Official Helm chart for Posit Workbench_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.8.6: +To install the chart with the release name `my-release` at version 0.8.7: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-workbench --version=0.8.6 +helm upgrade --install my-release rstudio/rstudio-workbench --version=0.8.7 ``` To explore other chart versions, look at: From 310ba26b987a448be434a7992a7d4558df543f7b Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 8 Nov 2024 09:47:14 -0500 Subject: [PATCH 241/284] Remove the chronicle basic-values.yaml because we no longer need it. Rename the product basic-values.yaml files to license-file-values.yaml to be clear about what is in the files --- ci/posit-chronicle/install/basic-values.yaml | 5 ----- .../install/{basic-values.yaml => license-file-values.yaml} | 0 .../install/{basic-values.yaml => license-file-values.yaml} | 0 .../install/{basic-values.yaml => license-file-values.yaml} | 0 4 files changed, 5 deletions(-) delete mode 100644 ci/posit-chronicle/install/basic-values.yaml rename ci/rstudio-connect/install/{basic-values.yaml => license-file-values.yaml} (100%) rename ci/rstudio-pm/install/{basic-values.yaml => license-file-values.yaml} (100%) rename ci/rstudio-workbench/install/{basic-values.yaml => license-file-values.yaml} (100%) diff --git a/ci/posit-chronicle/install/basic-values.yaml b/ci/posit-chronicle/install/basic-values.yaml deleted file mode 100644 index a1c6f7e7..00000000 --- a/ci/posit-chronicle/install/basic-values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -config: - LocalStorage: - Enabled: true - Location: "/chronicle-data" - RetentionPeriod: "30d" diff --git a/ci/rstudio-connect/install/basic-values.yaml b/ci/rstudio-connect/install/license-file-values.yaml similarity index 100% rename from ci/rstudio-connect/install/basic-values.yaml rename to ci/rstudio-connect/install/license-file-values.yaml diff --git a/ci/rstudio-pm/install/basic-values.yaml b/ci/rstudio-pm/install/license-file-values.yaml similarity index 100% rename from ci/rstudio-pm/install/basic-values.yaml rename to ci/rstudio-pm/install/license-file-values.yaml diff --git a/ci/rstudio-workbench/install/basic-values.yaml b/ci/rstudio-workbench/install/license-file-values.yaml similarity index 100% rename from ci/rstudio-workbench/install/basic-values.yaml rename to ci/rstudio-workbench/install/license-file-values.yaml From ca2d33fab372f0b9ea4af8e224e0301a875ff282 Mon Sep 17 00:00:00 2001 From: edavidaja Date: Wed, 13 Nov 2024 13:06:41 -0500 Subject: [PATCH 242/284] Bump Connect to version 2024.11.0 --- charts/rstudio-connect/Chart.yaml | 6 +++--- charts/rstudio-connect/NEWS.md | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index 0edcb393..76d7444a 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,8 +1,8 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.7.14 +version: 0.7.15 apiVersion: v2 -appVersion: 2024.09.0 +appVersion: 2024.11.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.rstudio.com sources: @@ -18,7 +18,7 @@ dependencies: annotations: artifacthub.io/images: | - name: rstudio-connect - image: rstudio/rstudio-connect:ubuntu2204-2024.09.0 + image: rstudio/rstudio-connect:ubuntu2204-2024.11.0 artifacthub.io/license: MIT artifacthub.io/links: | - name: Docker Images diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index b204fa96..cfa75da0 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.7.15 + +- Bump Connect version to 2024.11.0 + ## 0.7.14 - Pin the rstudio-library version dependency so we can update the library chart without breaking all the charts that depend on it. From 0e26826cba041d6eacae84fbc0127b748b97de71 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 13 Nov 2024 18:07:39 +0000 Subject: [PATCH 243/284] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 8a78891e..de7a5489 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.7.14](https://img.shields.io/badge/Version-0.7.14-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) +![Version: 0.7.15](https://img.shields.io/badge/Version-0.7.15-informational?style=flat-square) ![AppVersion: 2024.11.0](https://img.shields.io/badge/AppVersion-2024.11.0-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ @@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.14: +To install the chart with the release name `my-release` at version 0.7.15: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.14 +helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.15 ``` To explore other chart versions, look at: From e6dbe2e83fe9b1b052117a6728ad794b7f862029 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Thu, 14 Nov 2024 14:34:53 -0500 Subject: [PATCH 244/284] Move the tests files locations into the root ci//tests directory --- .github/workflows/chart-test.yaml | 8 +++ charts/rstudio-connect/Chart.yaml | 2 +- charts/rstudio-connect/NEWS.md | 4 ++ .../tests/service-accounts_test.yaml | 0 .../tests/service_accounts_test.yaml | 54 +++++++++++++++++++ 5 files changed, 67 insertions(+), 1 deletion(-) rename {charts => ci}/rstudio-connect/tests/service-accounts_test.yaml (100%) create mode 100644 ci/rstudio-workbench/tests/service_accounts_test.yaml diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml index 62d19fe5..2606978f 100644 --- a/.github/workflows/chart-test.yaml +++ b/.github/workflows/chart-test.yaml @@ -98,6 +98,14 @@ jobs: - name: Install helm unittest plugin run: helm plugin install --version v0.6.3 https://github.com/helm-unittest/helm-unittest.git + - name: Symlink ci-tests -> tests + run: | + for dir in ci/*/tests; do + dir=${dir#ci/} + dir=${dir%/tests} + ln -s ../../ci/${dir}/tests charts/${dir}/tests + done + - name: Run chart unit tests id: unittest run: | diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index 76d7444a..376756e9 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.7.15 +version: 0.7.16 apiVersion: v2 appVersion: 2024.11.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index cfa75da0..cea46cd2 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.7.16 + +- Change location of helm unittests to `ci/rstudio-connect/tests` so changes to unittest files do not require a chart version bump + ## 0.7.15 - Bump Connect version to 2024.11.0 diff --git a/charts/rstudio-connect/tests/service-accounts_test.yaml b/ci/rstudio-connect/tests/service-accounts_test.yaml similarity index 100% rename from charts/rstudio-connect/tests/service-accounts_test.yaml rename to ci/rstudio-connect/tests/service-accounts_test.yaml diff --git a/ci/rstudio-workbench/tests/service_accounts_test.yaml b/ci/rstudio-workbench/tests/service_accounts_test.yaml new file mode 100644 index 00000000..87dc62ef --- /dev/null +++ b/ci/rstudio-workbench/tests/service_accounts_test.yaml @@ -0,0 +1,54 @@ +suite: Workbench Service Accounts +templates: + - configmap-general.yaml + - configmap-prestart.yaml + - configmap-secret.yaml + - configmap-session.yaml + - deployment.yaml +tests: + - it: should set the Workbench pod service account when the launcher is enabled + template: deployment.yaml + set: + launcher: + enabled: true + rbac: + serviceAccount: + name: "workbench-service-account" + asserts: + - equal: + path: "spec.template.spec.serviceAccountName" + value: "workbench-service-account" + - it: should set the Workbench pod service account when the launcher is not enabled + template: deployment.yaml + set: + launcher: + enabled: false + rbac: + serviceAccount: + name: "workbench-service-account" + asserts: + - equal: + path: "spec.template.spec.serviceAccountName" + value: "workbench-service-account" + - it: should use the default serviceAccount name when not set + template: deployment.yaml + asserts: + - equal: + path: "spec.template.spec.serviceAccountName" + value: "RELEASE-NAME-rstudio-workbench" + - it: should use the nameOverride as part of the serviceAccount name when nameOverride is set + template: deployment.yaml + set: + nameOverride: "posit-workbench" + asserts: + - equal: + path: "spec.template.spec.serviceAccountName" + value: "RELEASE-NAME-posit-workbench" + - it: should use the fullnameOverride as the serviceAccount name when fullnameOverride is set + template: deployment.yaml + set: + fullnameOverride: "posit-workbench" + asserts: + - equal: + path: "spec.template.spec.serviceAccountName" + value: "posit-workbench" From 60608657b67da14915147554e27693536ba85797 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 14 Nov 2024 19:38:59 +0000 Subject: [PATCH 245/284] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index de7a5489..49f11945 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.7.15](https://img.shields.io/badge/Version-0.7.15-informational?style=flat-square) ![AppVersion: 2024.11.0](https://img.shields.io/badge/AppVersion-2024.11.0-informational?style=flat-square) +![Version: 0.7.16](https://img.shields.io/badge/Version-0.7.16-informational?style=flat-square) ![AppVersion: 2024.11.0](https://img.shields.io/badge/AppVersion-2024.11.0-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ @@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.15: +To install the chart with the release name `my-release` at version 0.7.16: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.15 +helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.16 ``` To explore other chart versions, look at: From 84f2c743dc30d078394e4639223b0020fca7868c Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 15 Nov 2024 08:44:23 -0500 Subject: [PATCH 246/284] Add one final serviceaccountname test --- ci/rstudio-workbench/tests/service_accounts_test.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ci/rstudio-workbench/tests/service_accounts_test.yaml b/ci/rstudio-workbench/tests/service_accounts_test.yaml index 87dc62ef..b16a7af5 100644 --- a/ci/rstudio-workbench/tests/service_accounts_test.yaml +++ b/ci/rstudio-workbench/tests/service_accounts_test.yaml @@ -52,3 +52,12 @@ tests: - equal: path: "spec.template.spec.serviceAccountName" value: "posit-workbench" + - it: should use the fullnameOverride as the serviceAccount name when fullnameOverride is set even if nameOverride is set + template: deployment.yaml + set: + fullnameOverride: "posit-workbench" + nameOverride: "old-workbench" + asserts: + - equal: + path: "spec.template.spec.serviceAccountName" + value: "posit-workbench" From cbf2224ad61eceadcc1b4e40d83bf2273337ceb0 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 15 Nov 2024 15:42:19 -0500 Subject: [PATCH 247/284] Fix the prometheus tests --- .../tests/prometheus_test.yaml | 68 +++++++++++++++++++ .../tests/update_strategy_test.yaml | 34 ++++++++++ 2 files changed, 102 insertions(+) create mode 100644 ci/rstudio-workbench/tests/prometheus_test.yaml create mode 100644 ci/rstudio-workbench/tests/update_strategy_test.yaml diff --git a/ci/rstudio-workbench/tests/prometheus_test.yaml b/ci/rstudio-workbench/tests/prometheus_test.yaml new file mode 100644 index 00000000..aebb5710 --- /dev/null +++ b/ci/rstudio-workbench/tests/prometheus_test.yaml @@ -0,0 +1,68 @@ +suite: Workbench prometheus configuration +templates: + - configmap-general.yaml + - configmap-graphite-exporter.yaml + - configmap-prestart.yaml + - configmap-secret.yaml + - configmap-session.yaml + - deployment.yaml + - svc.yaml +tests: + - it: should ensure the specified metrics port is used in the service + template: svc.yaml + set: + prometheus: + enabled: true + port: 8989 + asserts: + - equal: + path: "spec.ports[1].name" + value: "metrics" + - equal: + path: "spec.ports[1].port" + value: 8989 + - it: should ensure the legacy metrics port is used in the service + template: svc.yaml + set: + prometheus: + enabled: true + legacy: true + port: 8989 + asserts: + - equal: + path: "spec.ports[1].name" + value: "metrics" + - equal: + path: "spec.ports[1].port" + value: 9108 + - it: should ensure the prometheus annotations are defined in the service, and that the graphite exporter checksum is non-existent + template: deployment.yaml + set: + prometheus: + enabled: true + port: 8989 + asserts: + - isSubset: + path: spec.template.metadata.annotations + content: + prometheus.io/scrape: "true" + prometheus.io/path: "/metrics" + prometheus.io/port: "8989" + - notExists: + path: "spec.template.metadata.annotations.checksum/config-graphite" + - it: should ensure the legacy prometheus annotations are defined in the service, and that the graphite exporter checksum exists + template: deployment.yaml + set: + prometheus: + enabled: true + legacy: true + port: 8989 + asserts: + - isSubset: + path: spec.template.metadata.annotations + content: + prometheus.io/scrape: "true" + prometheus.io/path: "/metrics" + prometheus.io/port: "9108" + - exists: + path: "spec.template.metadata.annotations.checksum/config-graphite" diff --git a/ci/rstudio-workbench/tests/update_strategy_test.yaml b/ci/rstudio-workbench/tests/update_strategy_test.yaml new file mode 100644 index 00000000..d864113b --- /dev/null +++ b/ci/rstudio-workbench/tests/update_strategy_test.yaml @@ -0,0 +1,34 @@ +suite: Workbench Deployment +templates: + - configmap-general.yaml + - configmap-prestart.yaml + - configmap-secret.yaml + - configmap-session.yaml + - deployment.yaml +tests: + - it: should not specify the RollingUpdate configuration if the strategy type is not RollingUpdate + template: deployment.yaml + set: + strategy: + type: "Recreate" + asserts: + - notExists: + path: "spec.strategy.rollingUpdate" + - it: should specify the RollingUpdate configuration if the strategy type is RollingUpdate + template: deployment.yaml + set: + strategy: + type: "RollingUpdate" + rollingUpdate: + maxUnavailable: 1 + maxSurge: "50%" + asserts: + - equal: + path: "spec.strategy.type" + value: "RollingUpdate" + - equal: + path: "spec.strategy.rollingUpdate.maxUnavailable" + value: 1 + - equal: + path: "spec.strategy.rollingUpdate.maxSurge" + value: "50%" From 2c9a52c9caeaed1a5fdf5cffb21db472d097fea4 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Mon, 18 Nov 2024 09:43:17 -0500 Subject: [PATCH 248/284] a single asterisk matches everything except a /. In order to handle subdirectories it needs to be a double asterisk. --- .github/CODEOWNERS | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index e559a365..2f28369a 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -2,18 +2,18 @@ * @rstudio/infraops @rstudio/platform-cloud # package-manager resources -/charts/rstudio-pm/* @rstudio/ppm -/ci/rstudio-pm/* @rstudio/ppm +/charts/rstudio-pm/** @rstudio/ppm +/ci/rstudio-pm/** @rstudio/ppm # connect resources -/charts/rstudio-connect/* @aronatkins @dbkegley @christierney @zackverham -/ci/rstudio-connect/* @aronatkins @dbkegley @christierney @zackverham -/examples/connect/* @aronatkins @dbkegley @christierney @zackverham +/charts/rstudio-connect/** @aronatkins @dbkegley @christierney @zackverham +/ci/rstudio-connect/** @aronatkins @dbkegley @christierney @zackverham +/examples/connect/** @aronatkins @dbkegley @christierney @zackverham # posit-chronicle resources -/charts/posit-chronicle/* @matt-urbina @markrtucker @t-margheim -/ci/posit-chronicle/* @matt-urbina @markrtucker @t-margheim +/charts/posit-chronicle/** @matt-urbina @markrtucker @t-margheim +/ci/posit-chronicle/** @matt-urbina @markrtucker @t-margheim # rstudio-workbench resources -/charts/rstudio-workbench/* @GCrev @zachhannum -/ci/rstudio-workbench/* @GCrev @zachhannum +/charts/rstudio-workbench/** @GCrev @zachhannum +/ci/rstudio-workbench/** @GCrev @zachhannum From 98b236a7f7bc0b061976e40243e0ff05062fb279 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Mon, 18 Nov 2024 11:27:13 -0500 Subject: [PATCH 249/284] Test for the prometheus exporter as well --- .../tests/prometheus_test.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/ci/rstudio-workbench/tests/prometheus_test.yaml b/ci/rstudio-workbench/tests/prometheus_test.yaml index aebb5710..74199d4e 100644 --- a/ci/rstudio-workbench/tests/prometheus_test.yaml +++ b/ci/rstudio-workbench/tests/prometheus_test.yaml @@ -66,3 +66,22 @@ tests: prometheus.io/port: "9108" - exists: path: "spec.template.metadata.annotations.checksum/config-graphite" + - it: should ensure the legacy metrics port is used and that the graphite exporter container exists + template: deployment.yaml + set: + prometheus: + enabled: true + legacy: true + port: 8989 + prometheusExporter: + enabled: true + asserts: + - equal: + path: "spec.template.spec.containers[1].name" + value: "exporter" + - equal: + path: "spec.template.spec.containers[1].ports[0].name" + value: "metrics" + - equal: + path: "spec.template.spec.containers[1].ports[0].containerPort" + value: 9108 From fa543d664171322bdc69099b7fd8440408780b36 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Mon, 18 Nov 2024 12:17:21 -0500 Subject: [PATCH 250/284] Add unit tests for the ingress.yaml template --- ci/rstudio-workbench/tests/ingress_test.yaml | 38 ++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 ci/rstudio-workbench/tests/ingress_test.yaml diff --git a/ci/rstudio-workbench/tests/ingress_test.yaml b/ci/rstudio-workbench/tests/ingress_test.yaml new file mode 100644 index 00000000..ef79b777 --- /dev/null +++ b/ci/rstudio-workbench/tests/ingress_test.yaml @@ -0,0 +1,38 @@ +suite: Workbench Ingress +templates: + - ingress.yaml +tests: + - it: should include the tls path if tls has values specified and ingress is enabled + template: ingress.yaml + set: + ingress: + enabled: true + tls: + - hosts: + - "example.com" + secretName: "example-tls" + asserts: + - exists: + path: "spec.tls" + - equal: + path: "spec.tls[0].hosts[0]" + value: "example.com" + - it: should not include the tls path if tls has no values specified and ingress is enabled + template: ingress.yaml + set: + ingress: + enabled: true + tls: [] + asserts: + - notExists: + path: "spec.tls" + - it: should include the ingressClassName if defined and ingress is enabled + template: ingress.yaml + set: + ingress: + enabled: true + ingressClassName: "alb" + asserts: + - equal: + path: "spec.ingressClassName" + value: "alb" From fa96405c442d0c8aedb8202a4903532a9bac4555 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Tue, 19 Nov 2024 09:26:37 -0500 Subject: [PATCH 251/284] A couple of more tests for the ingress template. Better explanation for a couple of promettheus tests --- ci/rstudio-workbench/tests/ingress_test.yaml | 20 +++++++++++++++++++ .../tests/prometheus_test.yaml | 4 ++-- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/ci/rstudio-workbench/tests/ingress_test.yaml b/ci/rstudio-workbench/tests/ingress_test.yaml index ef79b777..ad7f878d 100644 --- a/ci/rstudio-workbench/tests/ingress_test.yaml +++ b/ci/rstudio-workbench/tests/ingress_test.yaml @@ -26,6 +26,18 @@ tests: asserts: - notExists: path: "spec.tls" + - it: should include the tls path if tls has values specified and ingress is enabled + template: ingress.yaml + set: + ingress: + enabled: true + tls: + - secretName: chart-example-tls + hosts: + - chart-example.local + asserts: + - exists: + path: "spec.tls" - it: should include the ingressClassName if defined and ingress is enabled template: ingress.yaml set: @@ -36,3 +48,11 @@ tests: - equal: path: "spec.ingressClassName" value: "alb" + - it: should not include the ingressClassName if it is not defined and ingress is enabled + template: ingress.yaml + set: + ingress: + enabled: true + asserts: + - notExists: + path: "spec.ingressClassName" diff --git a/ci/rstudio-workbench/tests/prometheus_test.yaml b/ci/rstudio-workbench/tests/prometheus_test.yaml index 74199d4e..4bae9f00 100644 --- a/ci/rstudio-workbench/tests/prometheus_test.yaml +++ b/ci/rstudio-workbench/tests/prometheus_test.yaml @@ -8,7 +8,7 @@ templates: - deployment.yaml - svc.yaml tests: - - it: should ensure the specified metrics port is used in the service + - it: should ensure the specified metrics port is used in the service if prometheus is enabled and legacy is not true template: svc.yaml set: prometheus: @@ -21,7 +21,7 @@ tests: - equal: path: "spec.ports[1].port" value: 8989 - - it: should ensure the legacy metrics port is used in the service + - it: should ensure the legacy metrics port is used in the service if prometheus is enabled and legacy is true template: svc.yaml set: prometheus: From cb9b0773cb6d8ce118455a79141ee70502780a89 Mon Sep 17 00:00:00 2001 From: Mark Tucker Date: Tue, 19 Nov 2024 11:23:34 -0500 Subject: [PATCH 252/284] bump chronicle to 2024.11.0 (#613) * bump chronicle to 2024.11.0 * Update helm-docs and README.md * bump workbench chart version --------- Co-authored-by: GitHub Actions --- charts/posit-chronicle/Chart.yaml | 4 ++-- charts/posit-chronicle/NEWS.md | 4 ++++ charts/posit-chronicle/README.md | 12 ++++++------ charts/posit-chronicle/README.md.gotmpl | 4 ++-- charts/posit-chronicle/values.yaml | 2 +- charts/rstudio-connect/Chart.yaml | 2 +- charts/rstudio-connect/NEWS.md | 4 ++++ charts/rstudio-connect/README.md | 6 +++--- charts/rstudio-workbench/Chart.yaml | 2 +- charts/rstudio-workbench/NEWS.md | 4 ++++ charts/rstudio-workbench/README.md | 6 +++--- ci/rstudio-connect/lint/complex-values.yaml | 2 +- ci/rstudio-pm/lint/all-values.yaml | 2 +- ci/rstudio-workbench/lint/complex-values.yaml | 2 +- 14 files changed, 34 insertions(+), 22 deletions(-) diff --git a/charts/posit-chronicle/Chart.yaml b/charts/posit-chronicle/Chart.yaml index 31f48b45..20cb6c33 100644 --- a/charts/posit-chronicle/Chart.yaml +++ b/charts/posit-chronicle/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 name: posit-chronicle description: Official Helm chart for Posit Chronicle Server -version: 0.3.5 -appVersion: 2024.09.0 +version: 0.3.6 +appVersion: 2024.11.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.posit.co sources: diff --git a/charts/posit-chronicle/NEWS.md b/charts/posit-chronicle/NEWS.md index b93092e4..55fd64e2 100644 --- a/charts/posit-chronicle/NEWS.md +++ b/charts/posit-chronicle/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.3.6 + +- Bump Chronicle to version 2024.11.0 + ## 0.3.5 - Change the default value for LocalStorage.Enabled to `true` in order for installations with the default values to work out of the box. diff --git a/charts/posit-chronicle/README.md b/charts/posit-chronicle/README.md index 386c4616..77e86ac9 100644 --- a/charts/posit-chronicle/README.md +++ b/charts/posit-chronicle/README.md @@ -1,6 +1,6 @@ # Posit Chronicle -![Version: 0.3.5](https://img.shields.io/badge/Version-0.3.5-informational?style=flat-square) ![AppVersion: 2024.09.0](https://img.shields.io/badge/AppVersion-2024.09.0-informational?style=flat-square) +![Version: 0.3.6](https://img.shields.io/badge/Version-0.3.6-informational?style=flat-square) ![AppVersion: 2024.11.0](https://img.shields.io/badge/AppVersion-2024.11.0-informational?style=flat-square) #### _Official Helm chart for Posit Chronicle Server_ @@ -25,11 +25,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.3.5: +To install the chart with the release name `my-release` at version 0.3.6: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/posit-chronicle --version=0.3.5 +helm upgrade --install my-release rstudio/posit-chronicle --version=0.3.6 ``` To explore other chart versions, look at: @@ -60,7 +60,7 @@ pod: mountPath: "/var/lib/rstudio-server/audit" sidecar: - name: chronicle-agent - image: ghcr.io/rstudio/chronicle-agent:2024.09.0 + image: ghcr.io/rstudio/chronicle-agent:2024.11.0 volumeMounts: - name: logs mountPath: "/var/lib/rstudio-server/audit" @@ -76,7 +76,7 @@ API key from a Kubernetes Secret is used to unlock more detailed metrics: pod: sidecar: - name: chronicle-agent - image: ghcr.io/rstudio/chronicle-agent:2024.09.0 + image: ghcr.io/rstudio/chronicle-agent:2024.11.0 env: - name: CHRONICLE_SERVER_ADDRESS value: "http://chronicle-server.default" @@ -179,7 +179,7 @@ The credentials Chronicle uses for S3 storage must have the following permission | config.S3Storage.Region | string | `"us-east-2"` | | | image.imagePullPolicy | string | `"IfNotPresent"` | | | image.repository | string | `"ghcr.io/rstudio/chronicle"` | | -| image.tag | string | `"2024.09.0"` | | +| image.tag | string | `"2024.11.0"` | | | nodeSelector | object | `{}` | A map used verbatim as the pod's "nodeSelector" definition | | pod.affinity | object | `{}` | A map used verbatim as the pod's "affinity" definition | | pod.annotations | object | `{}` | Additional annotations to add to the chronicle-server pods | diff --git a/charts/posit-chronicle/README.md.gotmpl b/charts/posit-chronicle/README.md.gotmpl index f0ba08d4..4c87890d 100644 --- a/charts/posit-chronicle/README.md.gotmpl +++ b/charts/posit-chronicle/README.md.gotmpl @@ -30,7 +30,7 @@ pod: mountPath: "/var/lib/rstudio-server/audit" sidecar: - name: chronicle-agent - image: ghcr.io/rstudio/chronicle-agent:2024.09.0 + image: ghcr.io/rstudio/chronicle-agent:2024.11.0 volumeMounts: - name: logs mountPath: "/var/lib/rstudio-server/audit" @@ -46,7 +46,7 @@ API key from a Kubernetes Secret is used to unlock more detailed metrics: pod: sidecar: - name: chronicle-agent - image: ghcr.io/rstudio/chronicle-agent:2024.09.0 + image: ghcr.io/rstudio/chronicle-agent:2024.11.0 env: - name: CHRONICLE_SERVER_ADDRESS value: "http://chronicle-server.default" diff --git a/charts/posit-chronicle/values.yaml b/charts/posit-chronicle/values.yaml index bd428b98..d81bce11 100644 --- a/charts/posit-chronicle/values.yaml +++ b/charts/posit-chronicle/values.yaml @@ -1,6 +1,6 @@ image: repository: "ghcr.io/rstudio/chronicle" - tag: "2024.09.0" + tag: "2024.11.0" imagePullPolicy: "IfNotPresent" serviceaccount: diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index 376756e9..1718af3f 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.7.16 +version: 0.7.17 apiVersion: v2 appVersion: 2024.11.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index cea46cd2..f5ca718b 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.7.17 + +- Bump Chronicle Agent to version 2024.11.0 + ## 0.7.16 - Change location of helm unittests to `ci/rstudio-connect/tests` so changes to unittest files do not require a chart version bump diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 49f11945..eff8fd61 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.7.16](https://img.shields.io/badge/Version-0.7.16-informational?style=flat-square) ![AppVersion: 2024.11.0](https://img.shields.io/badge/AppVersion-2024.11.0-informational?style=flat-square) +![Version: 0.7.17](https://img.shields.io/badge/Version-0.7.17-informational?style=flat-square) ![AppVersion: 2024.11.0](https://img.shields.io/badge/AppVersion-2024.11.0-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ @@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.16: +To install the chart with the release name `my-release` at version 0.7.17: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.16 +helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.17 ``` To explore other chart versions, look at: diff --git a/charts/rstudio-workbench/Chart.yaml b/charts/rstudio-workbench/Chart.yaml index 46d386ef..c66cd382 100644 --- a/charts/rstudio-workbench/Chart.yaml +++ b/charts/rstudio-workbench/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-workbench description: Official Helm chart for Posit Workbench -version: 0.8.7 +version: 0.8.8 apiVersion: v2 appVersion: 2024.09.1 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index a99133eb..adb6e4b4 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.8.8 + +- Bump Chronicle Agent to version 2024.11.0 + ## 0.8.7 - Bump Workbench version to 2024.09.1 diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index f79e701d..4cbf7f3e 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,6 +1,6 @@ # Posit Workbench -![Version: 0.8.7](https://img.shields.io/badge/Version-0.8.7-informational?style=flat-square) ![AppVersion: 2024.09.1](https://img.shields.io/badge/AppVersion-2024.09.1-informational?style=flat-square) +![Version: 0.8.8](https://img.shields.io/badge/Version-0.8.8-informational?style=flat-square) ![AppVersion: 2024.09.1](https://img.shields.io/badge/AppVersion-2024.09.1-informational?style=flat-square) #### _Official Helm chart for Posit Workbench_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.8.7: +To install the chart with the release name `my-release` at version 0.8.8: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-workbench --version=0.8.7 +helm upgrade --install my-release rstudio/rstudio-workbench --version=0.8.8 ``` To explore other chart versions, look at: diff --git a/ci/rstudio-connect/lint/complex-values.yaml b/ci/rstudio-connect/lint/complex-values.yaml index d1b88a98..b798dc39 100644 --- a/ci/rstudio-connect/lint/complex-values.yaml +++ b/ci/rstudio-connect/lint/complex-values.yaml @@ -50,7 +50,7 @@ pod: imagePullPolicy: "IfNotPresent" # This will spin up the chronicle-agent sidecar container - name: chronicle-agent - image: ghcr.io/rstudio/chronicle-agent:2024.09.0 + image: ghcr.io/rstudio/chronicle-agent:2024.11.0 env: - name: CHRONICLE_SERVER_ADDRESS value: "http://chronicle-server.default" diff --git a/ci/rstudio-pm/lint/all-values.yaml b/ci/rstudio-pm/lint/all-values.yaml index 4ee5a93c..4db74076 100644 --- a/ci/rstudio-pm/lint/all-values.yaml +++ b/ci/rstudio-pm/lint/all-values.yaml @@ -79,7 +79,7 @@ priorityClassName: someval # Testing with the chronicle-agent sidecar container extraContainers: - name: chronicle-agent - image: ghcr.io/rstudio/chronicle-agent:2024.09.0 + image: ghcr.io/rstudio/chronicle-agent:2024.11.0 imagePullPolicy: Always env: - name: CHRONICLE_SERVER_ADDRESS diff --git a/ci/rstudio-workbench/lint/complex-values.yaml b/ci/rstudio-workbench/lint/complex-values.yaml index 604e7226..3755e6aa 100644 --- a/ci/rstudio-workbench/lint/complex-values.yaml +++ b/ci/rstudio-workbench/lint/complex-values.yaml @@ -36,7 +36,7 @@ pod: # This will spin up the chronicle-agent sidecar container sidecar: - name: chronicle-agent - image: ghcr.io/rstudio/chronicle-agent:2024.09.0 + image: ghcr.io/rstudio/chronicle-agent:2024.11.0 volumeMounts: - name: logs mountPath: "/var/lib/rstudio-server/audit" From 6444d0f75d3df53927cd1968b57f820bf2ef8cc4 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 20 Nov 2024 15:01:43 -0500 Subject: [PATCH 253/284] Rename the test suite to better match what it will be doing --- .../tests/{update_strategy_test.yaml => deployment_test.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename ci/rstudio-workbench/tests/{update_strategy_test.yaml => deployment_test.yaml} (100%) diff --git a/ci/rstudio-workbench/tests/update_strategy_test.yaml b/ci/rstudio-workbench/tests/deployment_test.yaml similarity index 100% rename from ci/rstudio-workbench/tests/update_strategy_test.yaml rename to ci/rstudio-workbench/tests/deployment_test.yaml From 074635f0fde95bdd2115a498b1f8f7d9dd7da0c6 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Thu, 21 Nov 2024 09:26:30 -0500 Subject: [PATCH 254/284] Start adding tests for the rstudio-workbench.containers definition in _helpers.tpl --- .../tests/deployment_test.yaml | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/ci/rstudio-workbench/tests/deployment_test.yaml b/ci/rstudio-workbench/tests/deployment_test.yaml index d864113b..ac42a67c 100644 --- a/ci/rstudio-workbench/tests/deployment_test.yaml +++ b/ci/rstudio-workbench/tests/deployment_test.yaml @@ -32,3 +32,32 @@ tests: - equal: path: "spec.strategy.rollingUpdate.maxSurge" value: "50%" + - it: should specify the diagnostic env vars if diagnostics is enabled + template: deployment.yaml + set: + diagnostics: + enabled: true + directory: "/var/log/rstudio-workbench" + asserts: + - equal: + path: 'spec.template.spec.containers[0].env[?(@.name=="DIAGNOSTIC_DIR")].value' + value: "/var/log/rstudio-workbench" + - equal: + path: 'spec.template.spec.containers[0].env[?(@.name=="DIAGNOSTIC_ENABLE")].value' + value: "true" + - equal: + path: 'spec.template.spec.containers[0].env[?(@.name=="DIAGNOSTIC_ONLY")].value' + value: "true" + - it: should not specify the diagnostic env vars if diagnostics is not enabled + template: deployment.yaml + set: + diagnostics: + enabled: false + directory: "/var/log/rstudio-workbench" + asserts: + - notExists: + path: 'spec.template.spec.containers[0].env[?(@.name=="DIAGNOSTIC_DIR")]' + - notExists: + path: 'spec.template.spec.containers[0].env[?(@.name=="DIAGNOSTIC_ENABLE")]' + - notExists: + path: 'spec.template.spec.containers[0].env[?(@.name=="DIAGNOSTIC_ONLY")]' From 05abe0cbe5f95876cb998b9b5d26a4b5441c7c1f Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Thu, 21 Nov 2024 10:22:07 -0500 Subject: [PATCH 255/284] Add tests for launcher.kubernetesHealthCheck.enabled --- .../tests/deployment_test.yaml | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/ci/rstudio-workbench/tests/deployment_test.yaml b/ci/rstudio-workbench/tests/deployment_test.yaml index ac42a67c..ee3480af 100644 --- a/ci/rstudio-workbench/tests/deployment_test.yaml +++ b/ci/rstudio-workbench/tests/deployment_test.yaml @@ -61,3 +61,26 @@ tests: path: 'spec.template.spec.containers[0].env[?(@.name=="DIAGNOSTIC_ENABLE")]' - notExists: path: 'spec.template.spec.containers[0].env[?(@.name=="DIAGNOSTIC_ONLY")]' + - it: should set the RSTUDIO_LAUNCHER_STARTUP_HEALTHCHECK_ARGS env var if launcher.kubernetesHealthCheck.enabled is true + template: deployment.yaml + set: + launcher: + kubernetesHealthCheck: + enabled: true + extraCurlArgs: ["-fsSL", "-k"] + asserts: + - equal: + path: 'spec.template.spec.containers[0].env[?(@.name=="RSTUDIO_LAUNCHER_STARTUP_HEALTH_CHECK_ARGS")].value' + value: "-fsSL -k" + - notExists: + path: 'spec.template.spec.containers[0].env[?(@.name=="RSTUDIO_LAUNCHER_STARTUP_HEALTH_CHECK")]' + - it: should set the RSTUDIO_LAUNCHER_STARTUP_HEALTH_CHECK to disabled if launcher.kubernetesHealthCheck.enabled is false + template: deployment.yaml + set: + launcher: + kubernetesHealthCheck: + enabled: false + asserts: + - equal: + path: 'spec.template.spec.containers[0].env[?(@.name=="RSTUDIO_LAUNCHER_STARTUP_HEALTH_CHECK")].value' + value: "disabled" From de893f2f0d87a502e948ce477491f4f52832fd67 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Thu, 21 Nov 2024 10:29:29 -0500 Subject: [PATCH 256/284] Add tests for testuser creation --- .../tests/deployment_test.yaml | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/ci/rstudio-workbench/tests/deployment_test.yaml b/ci/rstudio-workbench/tests/deployment_test.yaml index ee3480af..da6c05c6 100644 --- a/ci/rstudio-workbench/tests/deployment_test.yaml +++ b/ci/rstudio-workbench/tests/deployment_test.yaml @@ -84,3 +84,35 @@ tests: - equal: path: 'spec.template.spec.containers[0].env[?(@.name=="RSTUDIO_LAUNCHER_STARTUP_HEALTH_CHECK")].value' value: "disabled" + - it: should set the ENV vars for user creation if userCreate is true + template: deployment.yaml + set: + userCreate: true + userName: "testuser" + userPassword: "testpassword" + userUid: 1000 + asserts: + - equal: + path: 'spec.template.spec.containers[0].env[?(@.name=="RSW_TESTUSER")].value' + value: "testuser" + - equal: + path: 'spec.template.spec.containers[0].env[?(@.name=="RSW_TESTUSER_PASSWD")].value' + value: "testpassword" + - equal: + path: 'spec.template.spec.containers[0].env[?(@.name=="RSW_TESTUSER_UID")].value' + value: "1000" + - it: should set the RSW_TESTUSER ENV var to an empty string if userCreate is false + template: deployment.yaml + set: + userCreate: false + userName: "testuser" + userPassword: "testpassword" + userUid: 1000 + asserts: + - equal: + path: 'spec.template.spec.containers[0].env[?(@.name=="RSW_TESTUSER")].value' + value: "" + - notExists: + path: 'spec.template.spec.containers[0].env[?(@.name=="RSW_TESTUSER_PASSWD")]' + - notExists: + path: 'spec.template.spec.containers[0].env[?(@.name=="RSW_TESTUSER_UID")]' From b96c7a3a246a2d9c6dbd7a6226b259b30a483548 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Thu, 21 Nov 2024 10:40:23 -0500 Subject: [PATCH 257/284] Add tests for when we set RSW_LOAD_BALANCING --- .../tests/deployment_test.yaml | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/ci/rstudio-workbench/tests/deployment_test.yaml b/ci/rstudio-workbench/tests/deployment_test.yaml index da6c05c6..1f6a9193 100644 --- a/ci/rstudio-workbench/tests/deployment_test.yaml +++ b/ci/rstudio-workbench/tests/deployment_test.yaml @@ -116,3 +116,28 @@ tests: path: 'spec.template.spec.containers[0].env[?(@.name=="RSW_TESTUSER_PASSWD")]' - notExists: path: 'spec.template.spec.containers[0].env[?(@.name=="RSW_TESTUSER_UID")]' + - it: should set the RSW_LOAD_BALANCING env var to true if replicas > 1 + template: deployment.yaml + set: + replicas: 2 + asserts: + - equal: + path: 'spec.template.spec.containers[0].env[?(@.name=="RSW_LOAD_BALANCING")].value' + value: "true" + - it: should not set the RSW_LOAD_BALANCING env var replicas = 1 + template: deployment.yaml + set: + replicas: 1 + asserts: + - notExists: + path: 'spec.template.spec.containers[0].env[?(@.name=="RSW_LOAD_BALANCING")]' + - it: should set the RSW_LOAD_BALANCING env var to true if loadBalancer.forceEnabled is true even if replicas = 1 + template: deployment.yaml + set: + replicas: 1 + loadBalancer: + forceEnabled: true + asserts: + - equal: + path: 'spec.template.spec.containers[0].env[?(@.name=="RSW_LOAD_BALANCING")].value' + value: "true" From 8f9c6841b823798a94bd17bfccc9ab74f620789a Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Thu, 21 Nov 2024 10:50:15 -0500 Subject: [PATCH 258/284] Add another prometheus check I found in _helpers.tpl --- ci/rstudio-workbench/tests/prometheus_test.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/ci/rstudio-workbench/tests/prometheus_test.yaml b/ci/rstudio-workbench/tests/prometheus_test.yaml index 4bae9f00..bb211e67 100644 --- a/ci/rstudio-workbench/tests/prometheus_test.yaml +++ b/ci/rstudio-workbench/tests/prometheus_test.yaml @@ -85,3 +85,20 @@ tests: - equal: path: "spec.template.spec.containers[1].ports[0].containerPort" value: 9108 + - it: should ensure the metrics port is used in the rstudio container if prometheus is enabled and legacy is not true + template: deployment.yaml + set: + prometheus: + enabled: true + legacy: false + port: 8989 + asserts: + - equal: + path: "spec.template.spec.containers[0].name" + value: "rstudio" + - equal: + path: "spec.template.spec.containers[0].ports[1].name" + value: "metrics" + - equal: + path: "spec.template.spec.containers[0].ports[1].containerPort" + value: 8989 From d7442fff6e6bf6411caf1cd36865ae4514b975c7 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Thu, 21 Nov 2024 15:54:33 -0500 Subject: [PATCH 259/284] Add a couple of tests for shared storage mounts/volumes --- .../tests/deployment_test.yaml | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/ci/rstudio-workbench/tests/deployment_test.yaml b/ci/rstudio-workbench/tests/deployment_test.yaml index 1f6a9193..61c66243 100644 --- a/ci/rstudio-workbench/tests/deployment_test.yaml +++ b/ci/rstudio-workbench/tests/deployment_test.yaml @@ -141,3 +141,29 @@ tests: - equal: path: 'spec.template.spec.containers[0].env[?(@.name=="RSW_LOAD_BALANCING")].value' value: "true" + - it: should specify a volumeMount and a volume for sharedStorage if sharedStorage.create is true + template: deployment.yaml + set: + sharedStorage: + create: true + path: "/mnt/shared" + asserts: + - equal: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-shared-storage")].mountPath' + value: "/mnt/shared" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-shared-storage")].persistentVolumeClaim.claimName' + value: "RELEASE-NAME-rstudio-workbench-shared-storage" + - it: should specify a volumeMount and a volume for sharedStorage if sharedStorage.mount is true + template: deployment.yaml + set: + sharedStorage: + mount: true + path: "/mnt/shared" + asserts: + - equal: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-shared-storage")].mountPath' + value: "/mnt/shared" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-shared-storage")].persistentVolumeClaim.claimName' + value: "RELEASE-NAME-rstudio-workbench-shared-storage" From 0410625601cc2abae31d8dfa765bedcdf98803cb Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 22 Nov 2024 09:44:36 -0500 Subject: [PATCH 260/284] Add homeStorage tests --- .../tests/deployment_test.yaml | 64 +++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/ci/rstudio-workbench/tests/deployment_test.yaml b/ci/rstudio-workbench/tests/deployment_test.yaml index 61c66243..19bb2abd 100644 --- a/ci/rstudio-workbench/tests/deployment_test.yaml +++ b/ci/rstudio-workbench/tests/deployment_test.yaml @@ -167,3 +167,67 @@ tests: - equal: path: 'spec.template.spec.volumes[?(@.name=="rstudio-shared-storage")].persistentVolumeClaim.claimName' value: "RELEASE-NAME-rstudio-workbench-shared-storage" + - it: should specify a volumeMount and a volume for homeStorage if homeStorage.create is true + template: deployment.yaml + set: + homeStorage: + create: true + path: "/mnt/shared" + asserts: + - equal: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-home-storage")].mountPath' + value: "/mnt/shared" + - notExists: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-home-storage")].subPath' + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-home-storage")].persistentVolumeClaim.claimName' + value: "RELEASE-NAME-rstudio-workbench-home-storage" + - it: should specify a volumeMount and a volume for homeStorage if homeStorage.mount is true + template: deployment.yaml + set: + homeStorage: + mount: true + path: "/mnt/shared" + asserts: + - equal: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-home-storage")].mountPath' + value: "/mnt/shared" + - notExists: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-home-storage")].subPath' + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-home-storage")].persistentVolumeClaim.claimName' + value: "RELEASE-NAME-rstudio-workbench-home-storage" + - it: should specify a volumeMount and a volume for homeStorage if homeStorage.create is true + template: deployment.yaml + set: + homeStorage: + create: true + path: "/mnt/shared" + subPath: "subpath" + asserts: + - equal: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-home-storage")].mountPath' + value: "/mnt/shared" + - equal: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-home-storage")].subPath' + value: "subpath" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-home-storage")].persistentVolumeClaim.claimName' + value: "RELEASE-NAME-rstudio-workbench-home-storage" + - it: should specify a volumeMount and a volume for homeStorage if homeStorage.mount is true + template: deployment.yaml + set: + homeStorage: + mount: true + path: "/mnt/shared" + subPath: "subpath" + asserts: + - equal: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-home-storage")].mountPath' + value: "/mnt/shared" + - equal: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-home-storage")].subPath' + value: "subpath" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-home-storage")].persistentVolumeClaim.claimName' + value: "RELEASE-NAME-rstudio-workbench-home-storage" From fc81d6653eb5953672600626cf374a88b80d1b7a Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 22 Nov 2024 10:23:39 -0500 Subject: [PATCH 261/284] Add tests for config.sessionSecret --- .../tests/deployment_test.yaml | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/ci/rstudio-workbench/tests/deployment_test.yaml b/ci/rstudio-workbench/tests/deployment_test.yaml index 19bb2abd..47aa8eba 100644 --- a/ci/rstudio-workbench/tests/deployment_test.yaml +++ b/ci/rstudio-workbench/tests/deployment_test.yaml @@ -231,3 +231,38 @@ tests: - equal: path: 'spec.template.spec.volumes[?(@.name=="rstudio-home-storage")].persistentVolumeClaim.claimName' value: "RELEASE-NAME-rstudio-workbench-home-storage" + - it: should specify a volumeMount and a volume for the session secret if config.sessionSecret is defined and not empty + template: deployment.yaml + set: + config: + defaultMode: + sessionSecret: 0420 + sessionSecret: + odbc.ini: + dsn: "test" + driver: "test" + session: + defaultSecretMountPath: "/mnt/session-secret" + asserts: + - equal: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-session-secret")].mountPath' + value: "/mnt/session-secret" + - equal: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-session-secret")].name' + value: "rstudio-session-secret" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-session-secret")].name' + value: "rstudio-session-secret" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-session-secret")].secret.secretName' + value: "RELEASE-NAME-rstudio-workbench-session-secret" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-session-secret")].secret.defaultMode' + value: 0420 + - it: should not specify a volumeMount and a volume for the session secret if config.sessionSecret is not defined + template: deployment.yaml + asserts: + - notExists: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-session-secret")]' + - notExists: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-session-secret")]' From 8a5a6f246766363d7209b983300053c0ba5bac5d Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 22 Nov 2024 10:42:12 -0500 Subject: [PATCH 262/284] Add userProvisioning and startupUserProvisioning tests --- .../tests/deployment_test.yaml | 71 +++++++++++++++++++ 1 file changed, 71 insertions(+) diff --git a/ci/rstudio-workbench/tests/deployment_test.yaml b/ci/rstudio-workbench/tests/deployment_test.yaml index 47aa8eba..8caad170 100644 --- a/ci/rstudio-workbench/tests/deployment_test.yaml +++ b/ci/rstudio-workbench/tests/deployment_test.yaml @@ -266,3 +266,74 @@ tests: path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-session-secret")]' - notExists: path: 'spec.template.spec.volumes[?(@.name=="rstudio-session-secret")]' + - it: should specify a volumeMount and a volume for userProvisioning if config.userProvisioning is defined and not empty + template: deployment.yaml + set: + config: + defaultMode: + userProvisioning: 0600 + userProvisioning: + sssd.conf: + dsn: "test" + driver: "test" + asserts: + - equal: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-user")].mountPath' + value: "/etc/sssd/conf.d/" + - equal: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-user")].name' + value: "rstudio-user" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-user")].name' + value: "rstudio-user" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-user")].secret.secretName' + value: "RELEASE-NAME-rstudio-workbench-user" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-user")].secret.defaultMode' + value: 0600 + - it: should not specify a volumeMount and a volume for userProvisioning if config.userProvisioning is not defined + template: deployment.yaml + asserts: + - notExists: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-user")]' + - notExists: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-user")]' + - it: should specify a volumeMount and a volume for startupUserProvisioning if config.startupUserProvisioning is defined and not empty + template: deployment.yaml + set: + config: + defaultMode: + startup: 0600 + startupUserProvisioning: + sssd.conf: + dsn: "test" + driver: "test" + asserts: + - equal: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-user-startup")].mountPath' + value: "/startup/user-provisioning" + - equal: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-user-startup")].name' + value: "rstudio-user-startup" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-user-startup")].name' + value: "rstudio-user-startup" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-user-startup")].configMap.name' + value: "RELEASE-NAME-rstudio-workbench-start-user" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-user-startup")].configMap.defaultMode' + value: 0600 + - it: should not specify a volumeMount and a volume for startupUserProvisioning if config.startupUserProvisioning is not defined + template: deployment.yaml + set: + config: + defaultMode: + startup: 0600 + startupUserProvisioning: null + asserts: + - notExists: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-user-startup")]' + - notExists: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-user-startup")]' From 65a2a0494c00ffbd1a5aa2fed0155d87ffba96bc Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 22 Nov 2024 14:31:23 -0500 Subject: [PATCH 263/284] Add startupCustom tests --- .../tests/deployment_test.yaml | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/ci/rstudio-workbench/tests/deployment_test.yaml b/ci/rstudio-workbench/tests/deployment_test.yaml index 8caad170..cacfadbb 100644 --- a/ci/rstudio-workbench/tests/deployment_test.yaml +++ b/ci/rstudio-workbench/tests/deployment_test.yaml @@ -337,3 +337,41 @@ tests: path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-user-startup")]' - notExists: path: 'spec.template.spec.volumes[?(@.name=="rstudio-user-startup")]' + - it: should specify a volumeMount and a volume for startupCustom if config.startupCustom is defined and not empty + template: deployment.yaml + set: + config: + defaultMode: + startup: 0600 + startupCustom: + sssd.conf: + dsn: "test" + driver: "test" + asserts: + - equal: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-custom-startup")].mountPath' + value: "/startup/custom" + - equal: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-custom-startup")].name' + value: "rstudio-custom-startup" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-custom-startup")].name' + value: "rstudio-custom-startup" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-custom-startup")].configMap.name' + value: "RELEASE-NAME-rstudio-workbench-start-custom" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-custom-startup")].configMap.defaultMode' + value: 0600 + - it: should not specify a volumeMount and a volume for startupCustom if config.startupCustom is not defined + template: deployment.yaml + set: + config: + defaultMode: + startup: 0600 + startupCustom: null + asserts: + - notExists: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-custom-startup")]' + - notExists: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-custom-startup")]' From c7dacb7e8fe49168c0e5ebea9562ba9794930214 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Fri, 22 Nov 2024 14:39:10 -0500 Subject: [PATCH 264/284] Add pam tests --- .../tests/deployment_test.yaml | 41 +++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/ci/rstudio-workbench/tests/deployment_test.yaml b/ci/rstudio-workbench/tests/deployment_test.yaml index cacfadbb..7e4961d9 100644 --- a/ci/rstudio-workbench/tests/deployment_test.yaml +++ b/ci/rstudio-workbench/tests/deployment_test.yaml @@ -375,3 +375,44 @@ tests: path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-custom-startup")]' - notExists: path: 'spec.template.spec.volumes[?(@.name=="rstudio-custom-startup")]' + - it: should specify a volumeMount and a volume for pam if config.pam is defined and not empty + template: deployment.yaml + set: + config: + defaultMode: + pam: 0600 + pam: + thing.conf: + dsn: "test" + driver: "test" + asserts: + - equal: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-pam")].mountPath' + value: "/etc/pam.d/thing.conf" + - equal: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-pam")].name' + value: "rstudio-pam" + - equal: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-pam")].subPath' + value: "thing.conf" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-pam")].name' + value: "rstudio-pam" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-pam")].configMap.name' + value: "RELEASE-NAME-rstudio-workbench-pam" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-pam")].configMap.defaultMode' + value: 0600 + - it: should not specify a volumeMount and a volume for pam if config.pam is not defined + template: deployment.yaml + set: + config: + defaultMode: + pam: 0600 + pam: null + asserts: + - notExists: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-pam")]' + - notExists: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-pam")]' From cdea708dc119f26526135ee3f6f244b0e640f2e2 Mon Sep 17 00:00:00 2001 From: Cecil Singh <54638818+Cecilsingh@users.noreply.github.com> Date: Mon, 2 Dec 2024 12:41:48 +1100 Subject: [PATCH 265/284] Add yaml & quarto markdown in GH statistics --- .gitattributes | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .gitattributes diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 00000000..a1da8d05 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,5 @@ +*.yml linguist-detectable=true +*.yml linguist-language=YAML +*.qmd linguist-language=Markdown +*.md linguist-detectable +*.qmd linguist-detectable From 0d5a6ead6e2d09feb91784f5d04edbada71ff80d Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 4 Dec 2024 10:03:19 -0500 Subject: [PATCH 266/284] Add tests for both styles of jobJsonOverridesFiles --- .../tests/deployment_test.yaml | 76 +++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/ci/rstudio-workbench/tests/deployment_test.yaml b/ci/rstudio-workbench/tests/deployment_test.yaml index 7e4961d9..1764fb3a 100644 --- a/ci/rstudio-workbench/tests/deployment_test.yaml +++ b/ci/rstudio-workbench/tests/deployment_test.yaml @@ -416,3 +416,79 @@ tests: path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-pam")]' - notExists: path: 'spec.template.spec.volumes[?(@.name=="rstudio-pam")]' + - it: should specify a volumeMount and a volume for the old style jobJsonOverridesFiles if jobJsonOverridesFiles is defined and not empty + template: deployment.yaml + set: + config: + defaultMode: + jobJsonOverrides: 0644 + jobJsonOverridesFiles: + - name: "test" + asserts: + - equal: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-job-overrides-old")].mountPath' + value: "/mnt/job-json-overrides" + - equal: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-job-overrides-old")].name' + value: "rstudio-job-overrides-old" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-job-overrides-old")].name' + value: "rstudio-job-overrides-old" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-job-overrides-old")].configMap.name' + value: "RELEASE-NAME-rstudio-workbench-overrides-old" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-job-overrides-old")].configMap.defaultMode' + value: 0644 + - it: should not specify a volumeMount and a volume for the old style jobJsonOverridesFiles if jobJsonOverridesFiles is not defined + template: deployment.yaml + set: + config: + defaultMode: + jobJsonOverrides: 0644 + jobJsonOverridesFiles: {} + asserts: + - notExists: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-job-overrides-old")]' + - notExists: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-job-overrides-old")]' + +# $useNewOverrides is defined as {- $useNewerOverrides := and (not (hasKey .Values.config.server "launcher.kubernetes.profiles.conf")) (not .Values.launcher.useTemplates) }} + - it: should specify a volumeMount and a volume for the new style jobJsonOverridesFiles if $useNewerOverrides is true + template: deployment.yaml + set: + config: + defaultMode: + jobJsonOverrides: 0644 + launcher: + useTemplates: false + asserts: + - equal: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-job-overrides-new")].mountPath' + value: "/mnt/job-json-overrides-new" + - equal: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-job-overrides-new")].name' + value: "rstudio-job-overrides-new" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-job-overrides-new")].name' + value: "rstudio-job-overrides-new" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-job-overrides-new")].configMap.name' + value: "RELEASE-NAME-rstudio-workbench-overrides-new" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-job-overrides-new")].configMap.defaultMode' + value: 0644 + - it: should not specify a volumeMount and a volume for the new style jobJsonOverridesFiles if $useNewerOverrides is false + template: deployment.yaml + set: + config: + server: + launcher.kubernetes.profiles.conf: + thing: "test" + launcher: + useTemplates: true + asserts: + - notExists: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-job-overrides-new")]' + - notExists: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-job-overrides-new")]' From 9478cb84513ca67b1a5686ec899e7353eea8deeb Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 4 Dec 2024 11:08:12 -0500 Subject: [PATCH 267/284] Add tests for launcher using templates --- .../tests/deployment_test.yaml | 70 +++++++++++++++++++ 1 file changed, 70 insertions(+) diff --git a/ci/rstudio-workbench/tests/deployment_test.yaml b/ci/rstudio-workbench/tests/deployment_test.yaml index 1764fb3a..a63bff9e 100644 --- a/ci/rstudio-workbench/tests/deployment_test.yaml +++ b/ci/rstudio-workbench/tests/deployment_test.yaml @@ -492,3 +492,73 @@ tests: path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-job-overrides-new")]' - notExists: path: 'spec.template.spec.volumes[?(@.name=="rstudio-job-overrides-new")]' + - it: should specify 3 volumeMounts and a volume if Values.launcher.useTemplates is true + template: deployment.yaml + set: + config: + defaultMode: + server: 0644 + launcher: + useTemplates: true + asserts: + - contains: + path: 'spec.template.spec.containers[0].volumeMounts' + content: + name: "session-templates" + mountPath: "/var/lib/rstudio-launcher/Kubernetes/rstudio-library-templates-data.tpl" + subPath: "rstudio-library-templates-data.tpl" + any: true + - contains: + path: 'spec.template.spec.containers[0].volumeMounts' + content: + name: "session-templates" + mountPath: "/var/lib/rstudio-launcher/Kubernetes/job.tpl" + subPath: "job.tpl" + any: true + - contains: + path: 'spec.template.spec.containers[0].volumeMounts' + content: + name: "session-templates" + mountPath: "/var/lib/rstudio-launcher/Kubernetes/service.tpl" + subPath: "service.tpl" + any: true + - equal: + path: 'spec.template.spec.volumes[?(@.name=="session-templates")].name' + value: "session-templates" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="session-templates")].configMap.name' + value: "RELEASE-NAME-rstudio-workbench-templates" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="session-templates")].configMap.defaultMode' + value: 0644 + - it: should not specify any volumeMounts or a volume if Values.launcher.useTemplates is false + template: deployment.yaml + set: + launcher: + useTemplates: false + asserts: + - notContains: + path: 'spec.template.spec.containers[0].volumeMounts' + content: + name: "session-templates" + mountPath: "/var/lib/rstudio-launcher/Kubernetes/rstudio-library-templates-data.tpl" + subPath: "rstudio-library-templates-data.tpl" + any: true + - notContains: + path: 'spec.template.spec.containers[0].volumeMounts' + content: + name: "session-templates" + mountPath: "/var/lib/rstudio-launcher/Kubernetes/job.tpl" + subPath: "job.tpl" + any: true + - notContains: + path: 'spec.template.spec.containers[0].volumeMounts' + content: + name: "session-templates" + mountPath: "/var/lib/rstudio-launcher/Kubernetes/service.tpl" + subPath: "service.tpl" + any: true + - notExists: + path: 'spec.template.spec.volumes[?(@.name=="session-templates")]' + - notExists: + path: 'spec.template.spec.volumeMounts[?(@.name=="session-templates")]' From a01531c8e2cff1ff642e1ba86f0e3d66322b5eac Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 4 Dec 2024 11:29:02 -0500 Subject: [PATCH 268/284] Add tests for user defined volumemounts --- .../tests/deployment_test.yaml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/ci/rstudio-workbench/tests/deployment_test.yaml b/ci/rstudio-workbench/tests/deployment_test.yaml index a63bff9e..0cf42921 100644 --- a/ci/rstudio-workbench/tests/deployment_test.yaml +++ b/ci/rstudio-workbench/tests/deployment_test.yaml @@ -562,3 +562,25 @@ tests: path: 'spec.template.spec.volumes[?(@.name=="session-templates")]' - notExists: path: 'spec.template.spec.volumeMounts[?(@.name=="session-templates")]' + - it: should have the pod volumemounts defined by the user + template: deployment.yaml + set: + pod: + volumeMounts: + - name: "test" + mountPath: "/mnt/test" + - name: "secondTest" + mountPath: "/mnt/secondTest" + asserts: + - contains: + path: 'spec.template.spec.containers[0].volumeMounts' + content: + name: "test" + mountPath: "/mnt/test" + any: true + - contains: + path: 'spec.template.spec.containers[0].volumeMounts' + content: + name: "secondTest" + mountPath: "/mnt/secondTest" + any: true From b59281f6de7fbb117076418c8730329dbf05000d Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 4 Dec 2024 11:43:18 -0500 Subject: [PATCH 269/284] Add resource limit and requests unit tests. Fix a logic bug where the limit key is set even when the resource limits are not disabled --- charts/rstudio-workbench/Chart.yaml | 2 +- charts/rstudio-workbench/NEWS.md | 4 +++ .../rstudio-workbench/templates/_helpers.tpl | 2 +- .../tests/deployment_test.yaml | 34 +++++++++++++++++++ 4 files changed, 40 insertions(+), 2 deletions(-) diff --git a/charts/rstudio-workbench/Chart.yaml b/charts/rstudio-workbench/Chart.yaml index c66cd382..98c874ac 100644 --- a/charts/rstudio-workbench/Chart.yaml +++ b/charts/rstudio-workbench/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-workbench description: Official Helm chart for Posit Workbench -version: 0.8.8 +version: 0.8.9 apiVersion: v2 appVersion: 2024.09.1 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index adb6e4b4..d32aa42b 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.8.9 + +- Fix a logic bug where the resource limit key was set even if `resources.limits.enabled` is false + ## 0.8.8 - Bump Chronicle Agent to version 2024.11.0 diff --git a/charts/rstudio-workbench/templates/_helpers.tpl b/charts/rstudio-workbench/templates/_helpers.tpl index 29f9ffdd..57f3cf72 100644 --- a/charts/rstudio-workbench/templates/_helpers.tpl +++ b/charts/rstudio-workbench/templates/_helpers.tpl @@ -183,8 +183,8 @@ containers: cpu: "{{ .Values.resources.requests.cpu }}" ephemeral-storage: "{{ .Values.resources.requests.ephemeralStorage }}" {{- end }} - limits: {{- if .Values.resources.limits.enabled }} + limits: memory: "{{ .Values.resources.limits.memory }}" cpu: "{{ .Values.resources.limits.cpu }}" ephemeral-storage: "{{ .Values.resources.limits.ephemeralStorage }}" diff --git a/ci/rstudio-workbench/tests/deployment_test.yaml b/ci/rstudio-workbench/tests/deployment_test.yaml index 0cf42921..f4b2ef02 100644 --- a/ci/rstudio-workbench/tests/deployment_test.yaml +++ b/ci/rstudio-workbench/tests/deployment_test.yaml @@ -584,3 +584,37 @@ tests: name: "secondTest" mountPath: "/mnt/secondTest" any: true + - it: should set the resource requests if enabled + template: deployment.yaml + set: + resources: + requests: + enabled: true + cpu: "100m" + memory: "128Mi" + asserts: + - equal: + path: 'spec.template.spec.containers[0].resources.requests.cpu' + value: "100m" + - equal: + path: 'spec.template.spec.containers[0].resources.requests.memory' + value: "128Mi" + - notExists: + path: 'spec.template.spec.containers[0].resources.limits' + - it: should set the resource limits if enabled + template: deployment.yaml + set: + resources: + limits: + enabled: true + cpu: "1000m" + memory: "1024Mi" + asserts: + - equal: + path: 'spec.template.spec.containers[0].resources.limits.cpu' + value: "1000m" + - equal: + path: 'spec.template.spec.containers[0].resources.limits.memory' + value: "1024Mi" + - notExists: + path: 'spec.template.spec.containers[0].resources.requests' From 3ba60f5dde69a30e1f87ab4648301478b874aa29 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 4 Dec 2024 16:52:02 +0000 Subject: [PATCH 270/284] Update helm-docs and README.md --- charts/rstudio-workbench/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 4cbf7f3e..70385830 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,6 +1,6 @@ # Posit Workbench -![Version: 0.8.8](https://img.shields.io/badge/Version-0.8.8-informational?style=flat-square) ![AppVersion: 2024.09.1](https://img.shields.io/badge/AppVersion-2024.09.1-informational?style=flat-square) +![Version: 0.8.9](https://img.shields.io/badge/Version-0.8.9-informational?style=flat-square) ![AppVersion: 2024.09.1](https://img.shields.io/badge/AppVersion-2024.09.1-informational?style=flat-square) #### _Official Helm chart for Posit Workbench_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.8.8: +To install the chart with the release name `my-release` at version 0.8.9: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-workbench --version=0.8.8 +helm upgrade --install my-release rstudio/rstudio-workbench --version=0.8.9 ``` To explore other chart versions, look at: From 6bae13006f113e4cc4561b27ca6139da0441d111 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 4 Dec 2024 12:54:54 -0500 Subject: [PATCH 271/284] add tests for the startup/liveness/readiness probes --- .../tests/deployment_test.yaml | 72 +++++++++++++++++++ 1 file changed, 72 insertions(+) diff --git a/ci/rstudio-workbench/tests/deployment_test.yaml b/ci/rstudio-workbench/tests/deployment_test.yaml index f4b2ef02..6cdce6af 100644 --- a/ci/rstudio-workbench/tests/deployment_test.yaml +++ b/ci/rstudio-workbench/tests/deployment_test.yaml @@ -618,3 +618,75 @@ tests: value: "1024Mi" - notExists: path: 'spec.template.spec.containers[0].resources.requests' + - it: should configure the livenessProbe if values.livenessProbe.enabled is true + template: deployment.yaml + set: + livenessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 20 + asserts: + - equal: + path: 'spec.template.spec.containers[0].livenessProbe.initialDelaySeconds' + value: 10 + - equal: + path: 'spec.template.spec.containers[0].livenessProbe.periodSeconds' + value: 20 + - it: should not configure the livenessProbe if values.livenessProbe.enabled is false + template: deployment.yaml + set: + livenessProbe: + enabled: false + initialDelaySeconds: 10 + periodSeconds: 20 + asserts: + - notExists: + path: 'spec.template.spec.containers[0].livenessProbe' + - it: should configure the startupProbe if values.startupsProbe.enabled is true + template: deployment.yaml + set: + startupProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 20 + asserts: + - equal: + path: 'spec.template.spec.containers[0].startupProbe.initialDelaySeconds' + value: 10 + - equal: + path: 'spec.template.spec.containers[0].startupProbe.periodSeconds' + value: 20 + - it: should not configure the startupProbe if values.startupProbe.enabled is false + template: deployment.yaml + set: + startupProbe: + enabled: false + initialDelaySeconds: 10 + periodSeconds: 20 + asserts: + - notExists: + path: 'spec.template.spec.containers[0].startupProbe' + - it: should configure the readinessProbe if values.readinessProbe.enabled is true + template: deployment.yaml + set: + readinessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 20 + asserts: + - equal: + path: 'spec.template.spec.containers[0].readinessProbe.initialDelaySeconds' + value: 10 + - equal: + path: 'spec.template.spec.containers[0].readinessProbe.periodSeconds' + value: 20 + - it: should not configure the readinessProbe if values.readinessProbe.enabled is false + template: deployment.yaml + set: + readinessProbe: + enabled: false + initialDelaySeconds: 10 + periodSeconds: 20 + asserts: + - notExists: + path: 'spec.template.spec.containers[0].readinessProbe' From dd3a2facedb3fe4c48940ea4a30b105519bf8013 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 4 Dec 2024 13:00:43 -0500 Subject: [PATCH 272/284] Add test for sidecar definitiions --- ci/rstudio-workbench/tests/deployment_test.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ci/rstudio-workbench/tests/deployment_test.yaml b/ci/rstudio-workbench/tests/deployment_test.yaml index 6cdce6af..b7435ec3 100644 --- a/ci/rstudio-workbench/tests/deployment_test.yaml +++ b/ci/rstudio-workbench/tests/deployment_test.yaml @@ -690,3 +690,13 @@ tests: asserts: - notExists: path: 'spec.template.spec.containers[0].readinessProbe' + - it: should create a sidecar container if pod.sidecar is defined + template: deployment.yaml + set: + pod: + sidecar: + - name: "sidecarTest" + image: "test" + asserts: + - exists: + path: 'spec.template.spec.containers[?(@.name=="sidecarTest")]' From 6ba0a1a5fe5345f5b3a70e84b1bf5bf8b4e8805d Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 4 Dec 2024 16:24:20 -0500 Subject: [PATCH 273/284] somehow missed launcher.enabled way back, adding tests for that --- .../tests/deployment_test.yaml | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/ci/rstudio-workbench/tests/deployment_test.yaml b/ci/rstudio-workbench/tests/deployment_test.yaml index b7435ec3..c0c9b984 100644 --- a/ci/rstudio-workbench/tests/deployment_test.yaml +++ b/ci/rstudio-workbench/tests/deployment_test.yaml @@ -299,6 +299,34 @@ tests: path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-user")]' - notExists: path: 'spec.template.spec.volumes[?(@.name=="rstudio-user")]' + - it: should specify a volumeMount and a volume for launcher if launcher.enabled is true + template: deployment.yaml + set: + config: + defaultMode: + launcher: 0755 + launcher: + enabled: true + asserts: + - equal: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-launcher-startup")].mountPath' + value: "/startup/launcher" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-launcher-startup")].configMap.name' + value: "RELEASE-NAME-rstudio-workbench-start-launcher" + - equal: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-launcher-startup")].configMap.defaultMode' + value: 0755 + - it: should not specify a volumeMount and a volume for launcher if launcher.enabled is false + template: deployment.yaml + set: + launcher: + enabled: false + asserts: + - notExists: + path: 'spec.template.spec.containers[0].volumeMounts[?(@.name=="rstudio-launcher-startup")]' + - notExists: + path: 'spec.template.spec.volumes[?(@.name=="rstudio-launcher-startup")]' - it: should specify a volumeMount and a volume for startupUserProvisioning if config.startupUserProvisioning is defined and not empty template: deployment.yaml set: From 2397cb27eeab5a4c795a44b7e8a186a4fdd3aa1a Mon Sep 17 00:00:00 2001 From: Jacob Woliver Date: Mon, 9 Dec 2024 18:53:45 -0500 Subject: [PATCH 274/284] Bump PPM version to 2024.11.0-7 --- charts/rstudio-pm/Chart.yaml | 6 +++--- charts/rstudio-pm/NEWS.md | 4 ++++ charts/rstudio-pm/README.md | 6 +++--- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index 22cd69f7..1cf27820 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -1,8 +1,8 @@ name: rstudio-pm description: Official Helm chart for Posit Package Manager -version: 0.5.42 +version: 0.5.43 apiVersion: v2 -appVersion: 2024.08.2 +appVersion: 2024.11.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.rstudio.com sources: @@ -19,7 +19,7 @@ dependencies: annotations: artifacthub.io/images: | - name: rstudio-package-manager - image: rstudio/rstudio-package-manager:ubuntu2204-2024.08.2 + image: rstudio/rstudio-package-manager:ubuntu2204-2024.11.0 artifacthub.io/license: MIT artifacthub.io/links: | - name: RStudio Community diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index 75ad8af0..baf898b8 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.5.43 + +- Update default Posit Package Manager version to 2024.11.0-7 + ## 0.5.41 - Update the default `pod.startupProbe` to use the `/__api__/status` route instead of `/__ping__` for a more reliable startup. diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 2673c1be..906061de 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,6 +1,6 @@ # Posit Package Manager -![Version: 0.5.42](https://img.shields.io/badge/Version-0.5.42-informational?style=flat-square) ![AppVersion: 2024.08.2](https://img.shields.io/badge/AppVersion-2024.08.2-informational?style=flat-square) +![Version: 0.5.43](https://img.shields.io/badge/Version-0.5.43-informational?style=flat-square) ![AppVersion: 2024.11.0](https://img.shields.io/badge/AppVersion-2024.11.0-informational?style=flat-square) #### _Official Helm chart for Posit Package Manager_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.5.42: +To install the chart with the release name `my-release` at version 0.5.43: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.42 +helm upgrade --install my-release rstudio/rstudio-pm --version=0.5.43 ``` To explore other chart versions, look at: From 49bbb6cfe1fc3cd430f6df01481e14e14d102136 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 11 Dec 2024 09:56:34 -0500 Subject: [PATCH 275/284] Add an RSW_TESTSUSER user --- ci/rstudio-workbench/install/user-create-values.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 ci/rstudio-workbench/install/user-create-values.yaml diff --git a/ci/rstudio-workbench/install/user-create-values.yaml b/ci/rstudio-workbench/install/user-create-values.yaml new file mode 100644 index 00000000..a269de48 --- /dev/null +++ b/ci/rstudio-workbench/install/user-create-values.yaml @@ -0,0 +1,8 @@ +license: + file: + secret: pwb-license + secretKey: pwb.lic + +userCreate: true +userName: jforest-test +userPassword: djhkjhij870jjbJye From 024f4aae4aa6e6707c548a1c200828a774c2195f Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 11 Dec 2024 10:20:23 -0500 Subject: [PATCH 276/284] create a serviceaccount with a custom name --- .../install/basic-service-account-values.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 ci/rstudio-workbench/install/basic-service-account-values.yaml diff --git a/ci/rstudio-workbench/install/basic-service-account-values.yaml b/ci/rstudio-workbench/install/basic-service-account-values.yaml new file mode 100644 index 00000000..698d48f0 --- /dev/null +++ b/ci/rstudio-workbench/install/basic-service-account-values.yaml @@ -0,0 +1,10 @@ +license: + file: + secret: pwb-license + secretKey: pwb.lic + +rbac: + create: true + serviceAccount: + name: test-sa + create: true From 70a7b87ec5c8686dd44dd2fb52b3d8c66cd67662 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 11 Dec 2024 10:58:57 -0500 Subject: [PATCH 277/284] try some ingress vals --- .../install/basic-ingress-values.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 ci/rstudio-workbench/install/basic-ingress-values.yaml diff --git a/ci/rstudio-workbench/install/basic-ingress-values.yaml b/ci/rstudio-workbench/install/basic-ingress-values.yaml new file mode 100644 index 00000000..00f08bef --- /dev/null +++ b/ci/rstudio-workbench/install/basic-ingress-values.yaml @@ -0,0 +1,14 @@ +license: + file: + secret: pwb-license + secretKey: pwb.lic + +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + + hosts: + - host: workbench.rstudio.com + paths: + - path: /test/ From 3a3c3908e46cec85bc2679c9b964869f490a6a99 Mon Sep 17 00:00:00 2001 From: "Joshua C. Forest" Date: Wed, 11 Dec 2024 11:48:52 -0500 Subject: [PATCH 278/284] lets see if hte launcher template values from the lint tests work --- .../install/launcher-template-values.yaml | 58 +++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 ci/rstudio-workbench/install/launcher-template-values.yaml diff --git a/ci/rstudio-workbench/install/launcher-template-values.yaml b/ci/rstudio-workbench/install/launcher-template-values.yaml new file mode 100644 index 00000000..c21e71d0 --- /dev/null +++ b/ci/rstudio-workbench/install/launcher-template-values.yaml @@ -0,0 +1,58 @@ +license: + file: + secret: pwb-license + secretKey: pwb.lic + +config: + sessionSecret: + example-file.json: '{"some-contents": "test"}' +launcher: + enabled: true + useTemplates: true + templateValues: + service: + type: ClusterIP + annotations: + five: six + job: + ttlSecondsAfterFinished: 99 + annotations: + seven: eight + labels: + nine: ten + pod: + serviceAccountName: test + annotations: + one: two + labels: + three: four + volumes: + - name: test + emptyDir: {} + volumeMounts: + - name: test + mountPath: /tmp/mnt + env: + - name: SOME_ENV_VAR + value: the-env-var-value + securityContext: + runAsUser: 999 + defaultSecurityContext: + fsGroupChangePolicy: "Always" + runAsGroup: 999 + containerSecurityContext: + privileged: false + tolerations: + - key: "kubernetes.azure.com/scalesetpriority" + operator: "Equal" + value: "spot" + effect: "NoSchedule" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "kubernetes.azure.com/scalesetpriority" + operator: In + values: + - "spot" From cb31e5096b9989c43646e2826bf3191b06dbfaec Mon Sep 17 00:00:00 2001 From: Zach Hannum Date: Mon, 16 Dec 2024 11:24:55 -0500 Subject: [PATCH 279/284] Bump launcher templates for Workbench chart to 2.5.0 Adds init containers support from the Job spec. --- charts/rstudio-workbench/files/job.tpl | 44 +++++++++++++++++++++- charts/rstudio-workbench/files/service.tpl | 2 +- 2 files changed, 44 insertions(+), 2 deletions(-) diff --git a/charts/rstudio-workbench/files/job.tpl b/charts/rstudio-workbench/files/job.tpl index a0101a8d..b89a7a1e 100644 --- a/charts/rstudio-workbench/files/job.tpl +++ b/charts/rstudio-workbench/files/job.tpl @@ -1,4 +1,4 @@ -# Version: 2.4.0 +# Version: 2.5.0 # DO NOT MODIFY the "Version: " key # Helm Version: v1 {{- $templateData := include "rstudio-library.templates.data" nil | mustFromJson }} @@ -144,6 +144,48 @@ spec: imagePullSecrets: {{ toYaml . | nindent 12 }} {{- end }} initContainers: + {{- with .Job.initContainers }} + {{- range . }} + - name: {{ toYaml .name }} + image: {{ toYaml .image }} + {{- $isShell := false }} + {{- if .command }} + command: ['/bin/sh'] + {{- $isShell = true }} + {{- else if .exe }} + command: [{{ toYaml .exe }}] + {{- $isShell = false }} + {{- end }} + {{- if or .args $isShell }} + args: + {{- if $isShell }} + - '-c' + {{- if .args }} + - {{ .args | join " " | cat .command | toYaml | indent 12 | trimPrefix (repeat 12 " ") }} + {{- else }} + - {{ .command | toYaml | indent 12 | trimPrefix (repeat 12 " ") }} + {{- end }} + {{- else }} + {{- range .args }} + - {{ toYaml . | indent 12 | trimPrefix (repeat 12 " ") }} + {{- end }} + {{- end }} + {{- end }} + {{- if .environment }} + env: + {{- range .environment }} + - name: {{ toYaml .name | indent 14 | trimPrefix (repeat 14 " ") }} + value: {{ toYaml .value | indent 14 | trimPrefix (repeat 14 " ") }} + {{- end }} + {{- end }} + {{- if .mounts }} + volumeMounts: + {{- range .mounts }} + - {{ nindent 14 (toYaml .) | trim -}} + {{- end }} + {{- end }} + {{- end }} + {{- end }} {{- with .Job.metadata.pod.initContainers }} {{- range . }} - {{ toYaml . | indent 10 | trimPrefix (repeat 10 " ") }} diff --git a/charts/rstudio-workbench/files/service.tpl b/charts/rstudio-workbench/files/service.tpl index 30bfca27..ad5a9265 100644 --- a/charts/rstudio-workbench/files/service.tpl +++ b/charts/rstudio-workbench/files/service.tpl @@ -1,4 +1,4 @@ -# Version: 2.4.0 +# Version: 2.5.0 # DO NOT MODIFY the "Version: " key # Helm Version: v1 {{- $templateData := include "rstudio-library.templates.data" nil | mustFromJson }} From 3f5b76f2317e990b2e764c26bf9e9171b86e316b Mon Sep 17 00:00:00 2001 From: Melissa Barca <5323711+melissa-barca@users.noreply.github.com> Date: Tue, 17 Dec 2024 11:03:08 -0500 Subject: [PATCH 280/284] bump workbench release to 2024.12.0, update vs code defaults to match Workbench defaults, add commented out positron configuration --- charts/rstudio-workbench/Chart.yaml | 8 ++++---- charts/rstudio-workbench/NEWS.md | 4 ++++ charts/rstudio-workbench/README.md | 6 +++--- charts/rstudio-workbench/values.yaml | 18 ++++++++++++++++-- 4 files changed, 27 insertions(+), 9 deletions(-) diff --git a/charts/rstudio-workbench/Chart.yaml b/charts/rstudio-workbench/Chart.yaml index 98c874ac..734f2098 100644 --- a/charts/rstudio-workbench/Chart.yaml +++ b/charts/rstudio-workbench/Chart.yaml @@ -1,8 +1,8 @@ name: rstudio-workbench description: Official Helm chart for Posit Workbench -version: 0.8.9 +version: 0.8.10 apiVersion: v2 -appVersion: 2024.09.1 +appVersion: 2024.12.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.rstudio.com sources: @@ -18,9 +18,9 @@ dependencies: annotations: artifacthub.io/images: | - name: rstudio-workbench - image: rstudio/rstudio-workbench:ubuntu2204-2024.09.1 + image: rstudio/rstudio-workbench:ubuntu2204-2024.12.0 - name: r-session-complete - image: rstudio/r-session-complete:ubuntu2204-2024.09.1 + image: rstudio/r-session-complete:ubuntu2204-2024.12.0 artifacthub.io/license: MIT artifacthub.io/links: | - name: Docker Images diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index d32aa42b..cc3626d4 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.8.10 + +- Bump Workbench version to 2024.12.0 + ## 0.8.9 - Fix a logic bug where the resource limit key was set even if `resources.limits.enabled` is false diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 70385830..2b5700ea 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,6 +1,6 @@ # Posit Workbench -![Version: 0.8.9](https://img.shields.io/badge/Version-0.8.9-informational?style=flat-square) ![AppVersion: 2024.09.1](https://img.shields.io/badge/AppVersion-2024.09.1-informational?style=flat-square) +![Version: 0.8.10](https://img.shields.io/badge/Version-0.8.10-informational?style=flat-square) ![AppVersion: 2024.12.0](https://img.shields.io/badge/AppVersion-2024.12.0-informational?style=flat-square) #### _Official Helm chart for Posit Workbench_ @@ -24,11 +24,11 @@ To ensure a stable production deployment: ## Installing the chart -To install the chart with the release name `my-release` at version 0.8.9: +To install the chart with the release name `my-release` at version 0.8.10: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-workbench --version=0.8.9 +helm upgrade --install my-release rstudio/rstudio-workbench --version=0.8.10 ``` To explore other chart versions, look at: diff --git a/charts/rstudio-workbench/values.yaml b/charts/rstudio-workbench/values.yaml index 5c098577..cecc98b7 100644 --- a/charts/rstudio-workbench/values.yaml +++ b/charts/rstudio-workbench/values.yaml @@ -463,14 +463,28 @@ config: default-session-cluster: Kubernetes vscode.conf: enabled: 1 - exe: /opt/code-server/bin/code-server - args: --host=0.0.0.0 + session-timeout-kill-hours: 12 + vscode.extensions.conf: | + quarto.quarto + posit.shiny + posit.publisher vscode-user-settings.json: | { "terminal.integrated.shell.linux": "/bin/bash", "extensions.autoUpdate": false, "extensions.autoCheckUpdates": false } + # positron.conf: + # enabled: 1 + # positron.extensions.conf: | + # posit.shiny + # posit.publisher + # positron-user-settings.json: | + # { + # "terminal.integrated.shell.linux": "/bin/bash", + # "extensions.autoUpdate": false, + # "extensions.autoCheckUpdates": false + # } logging.conf: "*": log-level: info From c603fa377044e079484ae426392bb75974211556 Mon Sep 17 00:00:00 2001 From: Melissa Barca <5323711+melissa-barca@users.noreply.github.com> Date: Tue, 17 Dec 2024 11:47:20 -0500 Subject: [PATCH 281/284] Update charts/rstudio-workbench/NEWS.md Co-authored-by: Zach Hannum --- charts/rstudio-workbench/NEWS.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index cc3626d4..c0fce2eb 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -3,7 +3,9 @@ ## 0.8.10 - Bump Workbench version to 2024.12.0 - +- Bump version of launcher templates `job.tpl` and `service.tpl` + - Populate pod `initContainers` from `.Job.initContainers` + ## 0.8.9 - Fix a logic bug where the resource limit key was set even if `resources.limits.enabled` is false From aefb5a0587d98d9d9c2f6d82e6f014d6c426c844 Mon Sep 17 00:00:00 2001 From: edavidaja Date: Thu, 19 Dec 2024 13:09:40 -0500 Subject: [PATCH 282/284] Bump Connect to version 2024.12.0 --- charts/rstudio-connect/Chart.yaml | 6 +++--- charts/rstudio-connect/NEWS.md | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index 1718af3f..09f273d4 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,8 +1,8 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.7.17 +version: 0.7.18 apiVersion: v2 -appVersion: 2024.11.0 +appVersion: 2024.12.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.rstudio.com sources: @@ -18,7 +18,7 @@ dependencies: annotations: artifacthub.io/images: | - name: rstudio-connect - image: rstudio/rstudio-connect:ubuntu2204-2024.11.0 + image: rstudio/rstudio-connect:ubuntu2204-2024.12.0 artifacthub.io/license: MIT artifacthub.io/links: | - name: Docker Images diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index f5ca718b..c1aac225 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,5 +1,9 @@ # Changelog +## 0.7.18 + +- Bump Connect version to 2024.12.0 + ## 0.7.17 - Bump Chronicle Agent to version 2024.11.0 From 805fc1eb31565315fd1de1f42181e09d642139ed Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 19 Dec 2024 18:10:43 +0000 Subject: [PATCH 283/284] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index eff8fd61..5c4502f8 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.7.17](https://img.shields.io/badge/Version-0.7.17-informational?style=flat-square) ![AppVersion: 2024.11.0](https://img.shields.io/badge/AppVersion-2024.11.0-informational?style=flat-square) +![Version: 0.7.18](https://img.shields.io/badge/Version-0.7.18-informational?style=flat-square) ![AppVersion: 2024.12.0](https://img.shields.io/badge/AppVersion-2024.12.0-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ @@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.17: +To install the chart with the release name `my-release` at version 0.7.18: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.17 +helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.18 ``` To explore other chart versions, look at: From 4100de33ccb34cfd1f34e8766be9d2543ac5ce39 Mon Sep 17 00:00:00 2001 From: "E. David Aja" Date: Fri, 20 Dec 2024 10:09:12 -0500 Subject: [PATCH 284/284] Update charts/rstudio-connect/NEWS.md --- charts/rstudio-connect/NEWS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index c1aac225..310b5c6e 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -2,7 +2,7 @@ ## 0.7.18 -- Bump Connect version to 2024.12.0 +- Bumps Connect version to 2024.12.0 ## 0.7.17