diff --git a/charts/rstudio-workbench/Chart.yaml b/charts/rstudio-workbench/Chart.yaml index 5df3785a..f69c0a06 100644 --- a/charts/rstudio-workbench/Chart.yaml +++ b/charts/rstudio-workbench/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-workbench description: Official Helm chart for RStudio Workbench -version: 0.5.7 +version: 0.5.8 apiVersion: v2 appVersion: 2021.09.2-382.pro1 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index ba95be1c..c624b224 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -1,3 +1,9 @@ +# 0.5.8 + +- Update README docs +- Add `selector` for storage definition ([#136](https://github.com/rstudio/helm/issues/136)) +- Fix default permissions (0644) on pam mounts ([#141](https://github.com/rstudio/helm/issues/141)) + # 0.5.7 - Update `logging.conf` to default to output logs on `stderr` diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 5f516f0e..9997c51b 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,6 +1,6 @@ # RStudio Workbench -![Version: 0.5.7](https://img.shields.io/badge/Version-0.5.7-informational?style=flat-square) ![AppVersion: 2021.09.2-382.pro1](https://img.shields.io/badge/AppVersion-2021.09.2--382.pro1-informational?style=flat-square) +![Version: 0.5.8](https://img.shields.io/badge/Version-0.5.8-informational?style=flat-square) ![AppVersion: 2021.09.2-382.pro1](https://img.shields.io/badge/AppVersion-2021.09.2--382.pro1-informational?style=flat-square) #### _Official Helm chart for RStudio Workbench_ @@ -23,11 +23,11 @@ As a result, please: ## Installing the Chart -To install the chart with the release name `my-release` at version 0.5.7: +To install the chart with the release name `my-release` at version 0.5.8: ```bash helm repo add rstudio https://helm.rstudio.com -helm install my-release rstudio/rstudio-workbench --version=0.5.7 +helm install my-release rstudio/rstudio-workbench --version=0.5.8 ``` ## Required Configuration @@ -126,7 +126,7 @@ the `XDG_CONFIG_DIRS` environment variable - mounted at `/mnt/session-configmap/rstudio/` - Session Secret Configuration - These configuration files are mounted into the server and session pods as well - - `odbc.ini` and other similar shared secrets + - `odbc.ini` and other similar shared secrets - located in `config.sessionSecret.<< name of file>>` helm values - mounted at `/mnt/session-secret/` - Secret Configuration @@ -144,7 +144,7 @@ the `XDG_CONFIG_DIRS` environment variable - `launcher-mounts`, `launcher-env` - They are located at `config.serverDcf.<< name of file >>` helm values - included at `/mnt/configmap/rstudio/` -- Profiles Configuration +- Profiles Configuration - These configuration files are mounted into the server (.ini file format) - `launcher.kubernetes.profiles.conf` - They are located at `config.profiles.<< name of file >>` helm values @@ -157,7 +157,7 @@ the `XDG_CONFIG_DIRS` environment variable - `prestart-launcher.bash` is used to start launcher - User Provisioning Configuration - These configuration files are used for configuring user provisioning (i.e. `sssd`) - - Located at `config.userProvisioning.<< name of file >>` helm values + - Located at `config.userProvisioning.<< name of file >>` helm values - Mounted onto `/etc/sssd/conf.d/` with `0600` permissions by default - Custom Startup Configuration - `supervisord` service / unit definition `.conf` files @@ -220,7 +220,7 @@ config: # the rstudio-session PAM config file # will be used verbatim ``` - + ## RStudio Profiles Profiles are used to define product behavior (in `.ini` file format) based on user and group membership. @@ -243,6 +243,7 @@ some-key: ``` - The `[*]` section will have arrays "appended" to user and group sections, along with "defaults" defined by the chart. +Note that if you want to set user limits which are usually defined in `/etc/rstudio/profiles`, you would need to configure `config.profiles.profiles` as shown below. ### A Full Example ```yaml @@ -257,10 +258,15 @@ config: some-key: - value4 - value5 + profiles: + "*": + some-key: value1 + some-key2: value2 ``` Becomes: +_/etc/rstudio/launcher.kubernetes.profiles.conf_ ```ini [*] some-key: value1,value2 @@ -268,6 +274,12 @@ some-key: value1,value2 some-key: value1,value2,value3,value4 ``` +_/etc/rstudio/profiles_ +```ini +[*] +some-key: value1 +some-key2: value2 +``` > NOTE: this appending / concatenation / array translation behavior only works with the helm chart ### Job Json Overrides @@ -330,6 +342,7 @@ config: | homeStorage.name | string | `""` | The name of the pvc. By default, computes a value from the release name | | homeStorage.path | string | `"/home"` | the path to mount the homeStorage claim within the pod | | homeStorage.requests.storage | string | `"10Gi"` | the volume of storage to request for this persistent volume claim | +| homeStorage.selector | object | `{}` | selector for PVC definition | | homeStorage.storageClassName | bool | `false` | storageClassName - the type of storage to use. Must allow ReadWriteMany | | image.imagePullPolicy | string | `"IfNotPresent"` | the imagePullPolicy for the main pod image | | image.imagePullSecrets | list | `[]` | an array of kubernetes secrets for pulling the main pod image from private registries | @@ -395,6 +408,7 @@ config: | sharedStorage.name | string | `""` | The name of the pvc. By default, computes a value from the release name | | sharedStorage.path | string | `"/var/lib/rstudio-server"` | the path to mount the sharedStorage claim within the pod | | sharedStorage.requests.storage | string | `"10Gi"` | the volume of storage to request for this persistent volume claim | +| sharedStorage.selector | object | `{}` | selector for PVC definition | | sharedStorage.storageClassName | bool | `false` | storageClassName - the type of storage to use. Must allow ReadWriteMany | | startupProbe | object | `{"enabled":false,"failureThreshold":30,"httpGet":{"path":"/health-check","port":8787},"initialDelaySeconds":10,"periodSeconds":10,"timeoutSeconds":1}` | startupProbe is used to configure the container's startupProbe | | startupProbe.failureThreshold | int | `30` | failureThreshold * periodSeconds should be strictly > worst case startup time | diff --git a/charts/rstudio-workbench/README.md.gotmpl b/charts/rstudio-workbench/README.md.gotmpl index 26efae7e..312c9b3e 100644 --- a/charts/rstudio-workbench/README.md.gotmpl +++ b/charts/rstudio-workbench/README.md.gotmpl @@ -51,14 +51,13 @@ config: In addition to the above required configuration, we recommend setting the following to ensure a reliable deployment: * Set the `launcherPem` value to ensure that it stays the same between releases. - This will ensure that users can continue to properly connect to older sessions even after a redeployment of the chart. See the + This will ensure that users can continue to properly connect to older sessions even after a redeployment of the chart. See the [RSW Admin Guide](https://docs.rstudio.com/ide/server-pro/job-launcher.html#authentication) for details on generating the file. * Set the `global.secureCookieKey` so that user authentication continues to work between deployments. A valid value can be obtained by simply running the `uuid` command. * Some use-cases may require special PAM profiles to run. By default, no PAM profiles other than the basic `auth` profile will be used to authenticate users. If this is not sufficient then you will need to add your PAM profiles into the container using a volume and volumeMount. - ## General Principles - In most places, we opt to pass Helm values directly into ConfigMaps. We automatically translate these into the @@ -105,7 +104,7 @@ the `XDG_CONFIG_DIRS` environment variable - mounted at `/mnt/session-configmap/rstudio/` - Session Secret Configuration - These configuration files are mounted into the server and session pods as well - - `odbc.ini` and other similar shared secrets + - `odbc.ini` and other similar shared secrets - located in `config.sessionSecret.<< name of file>>` helm values - mounted at `/mnt/session-secret/` - Secret Configuration @@ -123,7 +122,7 @@ the `XDG_CONFIG_DIRS` environment variable - `launcher-mounts`, `launcher-env` - They are located at `config.serverDcf.<< name of file >>` helm values - included at `/mnt/configmap/rstudio/` -- Profiles Configuration +- Profiles Configuration - These configuration files are mounted into the server (.ini file format) - `launcher.kubernetes.profiles.conf` - They are located at `config.profiles.<< name of file >>` helm values @@ -136,7 +135,7 @@ the `XDG_CONFIG_DIRS` environment variable - `prestart-launcher.bash` is used to start launcher - User Provisioning Configuration - These configuration files are used for configuring user provisioning (i.e. `sssd`) - - Located at `config.userProvisioning.<< name of file >>` helm values + - Located at `config.userProvisioning.<< name of file >>` helm values - Mounted onto `/etc/sssd/conf.d/` with `0600` permissions by default - Custom Startup Configuration - `supervisord` service / unit definition `.conf` files @@ -199,7 +198,7 @@ config: # the rstudio-session PAM config file # will be used verbatim ``` - + ## RStudio Profiles Profiles are used to define product behavior (in `.ini` file format) based on user and group membership. @@ -222,6 +221,7 @@ some-key: ``` - The `[*]` section will have arrays "appended" to user and group sections, along with "defaults" defined by the chart. +Note that if you want to set user limits which are usually defined in `/etc/rstudio/profiles`, you would need to configure `config.profiles.profiles` as shown below. ### A Full Example ```yaml @@ -236,10 +236,15 @@ config: some-key: - value4 - value5 + profiles: + "*": + some-key: value1 + some-key2: value2 ``` Becomes: +_/etc/rstudio/launcher.kubernetes.profiles.conf_ ```ini [*] some-key: value1,value2 @@ -247,6 +252,12 @@ some-key: value1,value2 some-key: value1,value2,value3,value4 ``` +_/etc/rstudio/profiles_ +```ini +[*] +some-key: value1 +some-key2: value2 +``` > NOTE: this appending / concatenation / array translation behavior only works with the helm chart ### Job Json Overrides @@ -273,7 +284,7 @@ config: json: "Always" name: imagePullPolicy - target: "/spec/template/spec/imagePullSecrets" - json: + json: name: my-pull-secret name: imagePullSecrets container-images: diff --git a/charts/rstudio-workbench/templates/_helpers.tpl b/charts/rstudio-workbench/templates/_helpers.tpl index 5071ebec..5f525f03 100644 --- a/charts/rstudio-workbench/templates/_helpers.tpl +++ b/charts/rstudio-workbench/templates/_helpers.tpl @@ -261,7 +261,7 @@ volumes: - name: rstudio-pam configMap: name: {{ include "rstudio-workbench.fullname" . }}-pam - defaultMode: 0755 + defaultMode: 0644 {{- end }} - name: rstudio-secret secret: diff --git a/charts/rstudio-workbench/templates/pvc.yaml b/charts/rstudio-workbench/templates/pvc.yaml index 5e9964b6..a078162f 100644 --- a/charts/rstudio-workbench/templates/pvc.yaml +++ b/charts/rstudio-workbench/templates/pvc.yaml @@ -16,6 +16,10 @@ spec: resources: requests: storage: {{ .Values.sharedStorage.requests.storage }} + {{- with .Values.sharedStorage.selector }} + selector: + {{- toYaml . | nindent 4 }} + {{- end }} --- {{- end }} {{- if .Values.homeStorage.create }} @@ -36,5 +40,9 @@ spec: resources: requests: storage: {{ .Values.homeStorage.requests.storage }} + {{- with .Values.homeStorage.selector }} + selector: + {{- toYaml . | nindent 4 }} + {{- end }} --- {{- end }} diff --git a/charts/rstudio-workbench/values.yaml b/charts/rstudio-workbench/values.yaml index 81b1843a..f716e061 100644 --- a/charts/rstudio-workbench/values.yaml +++ b/charts/rstudio-workbench/values.yaml @@ -41,6 +41,8 @@ sharedStorage: requests: # -- the volume of storage to request for this persistent volume claim storage: "10Gi" + # -- selector for PVC definition + selector: {} # -- How to handle updates to the service. RollingUpdate (the default) minimizes downtime, but # will not work well if your license only allows a single activation. @@ -77,6 +79,8 @@ homeStorage: requests: # -- the volume of storage to request for this persistent volume claim storage: "10Gi" + # -- selector for PVC definition + selector: {} image: # -- the repository to use for the main pod image