From 7fc0ceef8921b19da310c20a161e7367f117b195 Mon Sep 17 00:00:00 2001 From: pat-s Date: Sat, 8 Jan 2022 11:04:36 +0100 Subject: [PATCH 1/8] update profiles README --- charts/rstudio-workbench/README.md | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index b8c9619b..0f83499a 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -126,7 +126,7 @@ the `XDG_CONFIG_DIRS` environment variable - mounted at `/mnt/session-configmap/rstudio/` - Session Secret Configuration - These configuration files are mounted into the server and session pods as well - - `odbc.ini` and other similar shared secrets + - `odbc.ini` and other similar shared secrets - located in `config.sessionSecret.<< name of file>>` helm values - mounted at `/mnt/session-secret/` - Secret Configuration @@ -144,7 +144,7 @@ the `XDG_CONFIG_DIRS` environment variable - `launcher-mounts`, `launcher-env` - They are located at `config.serverDcf.<< name of file >>` helm values - included at `/mnt/configmap/rstudio/` -- Profiles Configuration +- Profiles Configuration - These configuration files are mounted into the server (.ini file format) - `launcher.kubernetes.profiles.conf` - They are located at `config.profiles.<< name of file >>` helm values @@ -157,7 +157,7 @@ the `XDG_CONFIG_DIRS` environment variable - `prestart-launcher.bash` is used to start launcher - User Provisioning Configuration - These configuration files are used for configuring user provisioning (i.e. `sssd`) - - Located at `config.userProvisioning.<< name of file >>` helm values + - Located at `config.userProvisioning.<< name of file >>` helm values - Mounted onto `/etc/sssd/conf.d/` with `0600` permissions by default - Custom Startup Configuration - `supervisord` service / unit definition `.conf` files @@ -220,7 +220,7 @@ config: # the rstudio-session PAM config file # will be used verbatim ``` - + ## RStudio Profiles Profiles are used to define product behavior (in `.ini` file format) based on user and group membership. @@ -243,6 +243,7 @@ some-key: ``` - The `[*]` section will have arrays "appended" to user and group sections, along with "defaults" defined by the chart. +Note that if you want to set user limits which are usually defined in `/etc/rstudio/profiles`, you would need to configure `config.profiles.profiles` as shown below. ### A Full Example ```yaml @@ -257,10 +258,16 @@ config: some-key: - value4 - value5 + profiles: + "*": + some-key: value1 + some-key2: value2 ``` Becomes: +`/etc/rstudio/launcher.kubernetes.profiles.conf` + ```ini [*] some-key: value1,value2 @@ -268,6 +275,14 @@ some-key: value1,value2 some-key: value1,value2,value3,value4 ``` +`/etc/rstudio/profiles` + +```ini +[*] +some-key: value1 +some-key2: value2 +``` + > NOTE: this appending / concatenation / array translation behavior only works with the helm chart ### Job Json Overrides From 0a78a6d5bd5280c9ac1c6228e159f93b7c4b4273 Mon Sep 17 00:00:00 2001 From: Cole Arendt Date: Fri, 18 Feb 2022 13:18:48 -0500 Subject: [PATCH 2/8] update gotemplate with changes --- charts/rstudio-workbench/README.md.gotmpl | 25 ++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/charts/rstudio-workbench/README.md.gotmpl b/charts/rstudio-workbench/README.md.gotmpl index 26efae7e..312c9b3e 100644 --- a/charts/rstudio-workbench/README.md.gotmpl +++ b/charts/rstudio-workbench/README.md.gotmpl @@ -51,14 +51,13 @@ config: In addition to the above required configuration, we recommend setting the following to ensure a reliable deployment: * Set the `launcherPem` value to ensure that it stays the same between releases. - This will ensure that users can continue to properly connect to older sessions even after a redeployment of the chart. See the + This will ensure that users can continue to properly connect to older sessions even after a redeployment of the chart. See the [RSW Admin Guide](https://docs.rstudio.com/ide/server-pro/job-launcher.html#authentication) for details on generating the file. * Set the `global.secureCookieKey` so that user authentication continues to work between deployments. A valid value can be obtained by simply running the `uuid` command. * Some use-cases may require special PAM profiles to run. By default, no PAM profiles other than the basic `auth` profile will be used to authenticate users. If this is not sufficient then you will need to add your PAM profiles into the container using a volume and volumeMount. - ## General Principles - In most places, we opt to pass Helm values directly into ConfigMaps. We automatically translate these into the @@ -105,7 +104,7 @@ the `XDG_CONFIG_DIRS` environment variable - mounted at `/mnt/session-configmap/rstudio/` - Session Secret Configuration - These configuration files are mounted into the server and session pods as well - - `odbc.ini` and other similar shared secrets + - `odbc.ini` and other similar shared secrets - located in `config.sessionSecret.<< name of file>>` helm values - mounted at `/mnt/session-secret/` - Secret Configuration @@ -123,7 +122,7 @@ the `XDG_CONFIG_DIRS` environment variable - `launcher-mounts`, `launcher-env` - They are located at `config.serverDcf.<< name of file >>` helm values - included at `/mnt/configmap/rstudio/` -- Profiles Configuration +- Profiles Configuration - These configuration files are mounted into the server (.ini file format) - `launcher.kubernetes.profiles.conf` - They are located at `config.profiles.<< name of file >>` helm values @@ -136,7 +135,7 @@ the `XDG_CONFIG_DIRS` environment variable - `prestart-launcher.bash` is used to start launcher - User Provisioning Configuration - These configuration files are used for configuring user provisioning (i.e. `sssd`) - - Located at `config.userProvisioning.<< name of file >>` helm values + - Located at `config.userProvisioning.<< name of file >>` helm values - Mounted onto `/etc/sssd/conf.d/` with `0600` permissions by default - Custom Startup Configuration - `supervisord` service / unit definition `.conf` files @@ -199,7 +198,7 @@ config: # the rstudio-session PAM config file # will be used verbatim ``` - + ## RStudio Profiles Profiles are used to define product behavior (in `.ini` file format) based on user and group membership. @@ -222,6 +221,7 @@ some-key: ``` - The `[*]` section will have arrays "appended" to user and group sections, along with "defaults" defined by the chart. +Note that if you want to set user limits which are usually defined in `/etc/rstudio/profiles`, you would need to configure `config.profiles.profiles` as shown below. ### A Full Example ```yaml @@ -236,10 +236,15 @@ config: some-key: - value4 - value5 + profiles: + "*": + some-key: value1 + some-key2: value2 ``` Becomes: +_/etc/rstudio/launcher.kubernetes.profiles.conf_ ```ini [*] some-key: value1,value2 @@ -247,6 +252,12 @@ some-key: value1,value2 some-key: value1,value2,value3,value4 ``` +_/etc/rstudio/profiles_ +```ini +[*] +some-key: value1 +some-key2: value2 +``` > NOTE: this appending / concatenation / array translation behavior only works with the helm chart ### Job Json Overrides @@ -273,7 +284,7 @@ config: json: "Always" name: imagePullPolicy - target: "/spec/template/spec/imagePullSecrets" - json: + json: name: my-pull-secret name: imagePullSecrets container-images: From 1d0f9075169436567c3774a28d79743cf3968b96 Mon Sep 17 00:00:00 2001 From: Cole Arendt Date: Fri, 18 Feb 2022 13:19:02 -0500 Subject: [PATCH 3/8] regenerate docs --- charts/rstudio-workbench/README.md | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 543eb763..1c1575d5 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,6 +1,6 @@ # RStudio Workbench -![Version: 0.5.7](https://img.shields.io/badge/Version-0.5.7-informational?style=flat-square) ![AppVersion: 2021.09.2-382.pro1](https://img.shields.io/badge/AppVersion-2021.09.2--382.pro1-informational?style=flat-square) +![Version: 0.5.8](https://img.shields.io/badge/Version-0.5.8-informational?style=flat-square) ![AppVersion: 2021.09.2-382.pro1](https://img.shields.io/badge/AppVersion-2021.09.2--382.pro1-informational?style=flat-square) #### _Official Helm chart for RStudio Workbench_ @@ -23,11 +23,11 @@ As a result, please: ## Installing the Chart -To install the chart with the release name `my-release` at version 0.5.7: +To install the chart with the release name `my-release` at version 0.5.8: ```bash helm repo add rstudio https://helm.rstudio.com -helm install my-release rstudio/rstudio-workbench --version=0.5.7 +helm install my-release rstudio/rstudio-workbench --version=0.5.8 ``` ## Required Configuration @@ -266,8 +266,7 @@ config: Becomes: -`/etc/rstudio/launcher.kubernetes.profiles.conf` - +_/etc/rstudio/launcher.kubernetes.profiles.conf_ ```ini [*] some-key: value1,value2 @@ -275,14 +274,12 @@ some-key: value1,value2 some-key: value1,value2,value3,value4 ``` -`/etc/rstudio/profiles` - +_/etc/rstudio/profiles_ ```ini [*] some-key: value1 some-key2: value2 ``` - > NOTE: this appending / concatenation / array translation behavior only works with the helm chart ### Job Json Overrides From f0d6a8f9418059ad02f38954b8955492d577c7b4 Mon Sep 17 00:00:00 2001 From: Cole Arendt Date: Fri, 18 Feb 2022 13:19:34 -0500 Subject: [PATCH 4/8] bump version for docs changes --- charts/rstudio-workbench/Chart.yaml | 2 +- charts/rstudio-workbench/NEWS.md | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/rstudio-workbench/Chart.yaml b/charts/rstudio-workbench/Chart.yaml index 5df3785a..f69c0a06 100644 --- a/charts/rstudio-workbench/Chart.yaml +++ b/charts/rstudio-workbench/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-workbench description: Official Helm chart for RStudio Workbench -version: 0.5.7 +version: 0.5.8 apiVersion: v2 appVersion: 2021.09.2-382.pro1 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index ba95be1c..785bfdf1 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -1,3 +1,7 @@ +# 0.5.8 + +- Update README docs + # 0.5.7 - Update `logging.conf` to default to output logs on `stderr` From d5e25bebfaf04467f8e62cd8d7e05a219a31986f Mon Sep 17 00:00:00 2001 From: Cole Arendt Date: Fri, 18 Feb 2022 13:26:54 -0500 Subject: [PATCH 5/8] add selector definition for pvc related to https://github.com/rstudio/helm/issues/136 reference: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector --- charts/rstudio-workbench/templates/pvc.yaml | 8 ++++++++ charts/rstudio-workbench/values.yaml | 4 ++++ 2 files changed, 12 insertions(+) diff --git a/charts/rstudio-workbench/templates/pvc.yaml b/charts/rstudio-workbench/templates/pvc.yaml index 5e9964b6..a078162f 100644 --- a/charts/rstudio-workbench/templates/pvc.yaml +++ b/charts/rstudio-workbench/templates/pvc.yaml @@ -16,6 +16,10 @@ spec: resources: requests: storage: {{ .Values.sharedStorage.requests.storage }} + {{- with .Values.sharedStorage.selector }} + selector: + {{- toYaml . | nindent 4 }} + {{- end }} --- {{- end }} {{- if .Values.homeStorage.create }} @@ -36,5 +40,9 @@ spec: resources: requests: storage: {{ .Values.homeStorage.requests.storage }} + {{- with .Values.homeStorage.selector }} + selector: + {{- toYaml . | nindent 4 }} + {{- end }} --- {{- end }} diff --git a/charts/rstudio-workbench/values.yaml b/charts/rstudio-workbench/values.yaml index 81b1843a..f716e061 100644 --- a/charts/rstudio-workbench/values.yaml +++ b/charts/rstudio-workbench/values.yaml @@ -41,6 +41,8 @@ sharedStorage: requests: # -- the volume of storage to request for this persistent volume claim storage: "10Gi" + # -- selector for PVC definition + selector: {} # -- How to handle updates to the service. RollingUpdate (the default) minimizes downtime, but # will not work well if your license only allows a single activation. @@ -77,6 +79,8 @@ homeStorage: requests: # -- the volume of storage to request for this persistent volume claim storage: "10Gi" + # -- selector for PVC definition + selector: {} image: # -- the repository to use for the main pod image From cd4b75d254b4132c4119eb3778787efbf6d66021 Mon Sep 17 00:00:00 2001 From: Cole Arendt Date: Fri, 18 Feb 2022 13:27:10 -0500 Subject: [PATCH 6/8] fix https://github.com/rstudio/helm/issues/141 --- charts/rstudio-workbench/templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rstudio-workbench/templates/_helpers.tpl b/charts/rstudio-workbench/templates/_helpers.tpl index 5071ebec..5f525f03 100644 --- a/charts/rstudio-workbench/templates/_helpers.tpl +++ b/charts/rstudio-workbench/templates/_helpers.tpl @@ -261,7 +261,7 @@ volumes: - name: rstudio-pam configMap: name: {{ include "rstudio-workbench.fullname" . }}-pam - defaultMode: 0755 + defaultMode: 0644 {{- end }} - name: rstudio-secret secret: From a2eb26d6c01656d024b0267f8b134604673ba5cd Mon Sep 17 00:00:00 2001 From: Cole Arendt Date: Fri, 18 Feb 2022 13:36:29 -0500 Subject: [PATCH 7/8] update news --- charts/rstudio-workbench/NEWS.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index 785bfdf1..c624b224 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -1,6 +1,8 @@ # 0.5.8 - Update README docs +- Add `selector` for storage definition ([#136](https://github.com/rstudio/helm/issues/136)) +- Fix default permissions (0644) on pam mounts ([#141](https://github.com/rstudio/helm/issues/141)) # 0.5.7 From 70b3895497e22f5e7b93546da5171fd2045fb641 Mon Sep 17 00:00:00 2001 From: Cole Arendt Date: Fri, 18 Feb 2022 14:01:43 -0500 Subject: [PATCH 8/8] update docs --- charts/rstudio-workbench/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index 1c1575d5..9997c51b 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -342,6 +342,7 @@ config: | homeStorage.name | string | `""` | The name of the pvc. By default, computes a value from the release name | | homeStorage.path | string | `"/home"` | the path to mount the homeStorage claim within the pod | | homeStorage.requests.storage | string | `"10Gi"` | the volume of storage to request for this persistent volume claim | +| homeStorage.selector | object | `{}` | selector for PVC definition | | homeStorage.storageClassName | bool | `false` | storageClassName - the type of storage to use. Must allow ReadWriteMany | | image.imagePullPolicy | string | `"IfNotPresent"` | the imagePullPolicy for the main pod image | | image.imagePullSecrets | list | `[]` | an array of kubernetes secrets for pulling the main pod image from private registries | @@ -407,6 +408,7 @@ config: | sharedStorage.name | string | `""` | The name of the pvc. By default, computes a value from the release name | | sharedStorage.path | string | `"/var/lib/rstudio-server"` | the path to mount the sharedStorage claim within the pod | | sharedStorage.requests.storage | string | `"10Gi"` | the volume of storage to request for this persistent volume claim | +| sharedStorage.selector | object | `{}` | selector for PVC definition | | sharedStorage.storageClassName | bool | `false` | storageClassName - the type of storage to use. Must allow ReadWriteMany | | startupProbe | object | `{"enabled":false,"failureThreshold":30,"httpGet":{"path":"/health-check","port":8787},"initialDelaySeconds":10,"periodSeconds":10,"timeoutSeconds":1}` | startupProbe is used to configure the container's startupProbe | | startupProbe.failureThreshold | int | `30` | failureThreshold * periodSeconds should be strictly > worst case startup time |