├── .gitattributes ├── .github ├── CODEOWNERS ├── ISSUE_TEMPLATE │ ├── chronicle.md │ ├── connect.md │ ├── package-manager.md │ └── workbench.md └── workflows │ ├── chart-doc.yaml │ ├── chart-rebuild.yaml │ ├── chart-releaser.yaml │ ├── chart-test.yaml │ ├── issues.yml │ └── publish.yml ├── .gitignore ├── CONTRIBUTING.md ├── Justfile ├── LICENSE ├── README.md ├── _environment ├── _extensions ├── posit-dev │ └── posit-docs │ │ ├── _extension.yml │ │ ├── _posit-colors.scss │ │ ├── assets │ │ ├── _analytics.html │ │ └── images │ │ │ ├── exclamation-circle-dm.svg │ │ │ ├── exclamation-circle.svg │ │ │ ├── exclamation-triangle-dm.svg │ │ │ ├── exclamation-triangle.svg │ │ │ ├── favicon.svg │ │ │ ├── info-circle-dm.svg │ │ │ ├── info-circle.svg │ │ │ ├── posit-guide-dm.svg │ │ │ ├── posit-guide-ltmd.svg │ │ │ ├── posit-guide-open-dm.svg │ │ │ ├── posit-guide-open-ltmd.svg │ │ │ ├── posit-icon-fullcolor.svg │ │ │ ├── posit-logo-black-TM.svg │ │ │ └── posit-logo-fullcolor-TM.svg │ │ ├── theme-dark.scss │ │ └── theme.scss └── quarto-ext │ └── include-code-files │ ├── _extension.yml │ └── include-code-files.lua ├── _quarto.yml ├── artifacthub-repo.yml ├── bin └── README.md ├── charts ├── _templates.gotmpl ├── posit-chronicle │ ├── .helmignore │ ├── Chart.yaml │ ├── LICENSE │ ├── Makefile │ ├── NEWS.md │ ├── README.md │ ├── README.md.gotmpl │ ├── ci │ │ └── empty-values.yaml │ ├── lint │ │ ├── complex-values.yaml │ │ ├── empty-values.yaml │ │ ├── no-local-storage-values.yaml │ │ └── simple-values.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── configmap.yaml │ │ ├── extra-manifests.yaml │ │ ├── serviceaccount.yaml │ │ ├── stateful-set.yaml │ │ └── svc.yaml │ ├── tests │ │ ├── configmap_fail_test.yaml │ │ ├── configmap_test.yaml │ │ ├── extra-manifests_test.yaml │ │ ├── metadata_test.yaml │ │ ├── serviceaccount_test.yaml │ │ ├── statefulset_test.yaml │ │ └── svc_test.yaml │ ├── values.schema.json │ └── values.yaml ├── rstudio-connect │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── LICENSE │ ├── Makefile │ ├── NEWS.md │ ├── README.md │ ├── README.md.gotmpl │ ├── ci │ │ └── license-file-values.yaml │ ├── default-runtime-pro.yaml │ ├── default-runtime.yaml │ ├── files │ │ ├── job.tpl │ │ └── service.tpl │ ├── lint │ │ ├── complex-values.yaml │ │ ├── deprecated-values.yaml │ │ ├── empty-values.yaml │ │ ├── ingress-values.yaml │ │ ├── ingress2-values.yaml │ │ ├── launcher-advanced-values.yaml │ │ ├── launcher-advanced2-values.yaml │ │ ├── launcher-advanced3-values.yaml │ │ ├── launcher-template-values.yaml │ │ ├── launcher-values.yaml │ │ └── simple-values.yaml │ ├── prestart.bash │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── configmap-graphite-exporter.yaml │ │ ├── configmap-prestart.yaml │ │ ├── configmap.yaml │ │ ├── deployment.yaml │ │ ├── extra-objects.yaml │ │ ├── ingress.yaml │ │ ├── license-secret.yaml │ │ ├── poddisruptionbudget.yaml │ │ ├── pvc.yaml │ │ ├── rbac.yaml │ │ ├── service-monitor.yaml │ │ └── svc.yaml │ ├── tests │ │ └── service-accounts_test.yaml │ └── values.yaml ├── rstudio-launcher-rbac │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── LICENSE │ ├── NEWS.md │ ├── README.md │ ├── README.md.gotmpl │ ├── ci │ │ └── empty-values.yaml │ ├── lint │ │ ├── all-values.yaml │ │ ├── empty-values.yaml │ │ ├── just-yaml-values.yaml │ │ ├── no-release-ns-values.yaml │ │ ├── no-sa-values.yaml │ │ └── simple-values.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ └── rbac.yaml │ └── values.yaml ├── rstudio-library │ ├── .helmignore │ ├── Chart.yaml │ ├── LICENSE │ ├── NEWS.md │ ├── README.md │ ├── README.md.gotmpl │ ├── templates │ │ ├── _chronicle-agent.tpl │ │ ├── _config.tpl │ │ ├── _debug.tpl │ │ ├── _helpers.tpl │ │ ├── _ingress.tpl │ │ ├── _launcher-templates.tpl │ │ ├── _license-env.tpl │ │ ├── _license-mount.tpl │ │ ├── _license-secret.tpl │ │ ├── _license-volume.tpl │ │ ├── _profiles.tpl │ │ ├── _rbac.tpl │ │ └── _tplvalues.tpl │ └── values.yaml ├── rstudio-pm │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── LICENSE │ ├── Makefile │ ├── NEWS.md │ ├── README.md │ ├── README.md.gotmpl │ ├── ci │ │ └── license-file-values.yaml │ ├── lint │ │ ├── all-values.yaml │ │ ├── empty-values.yaml │ │ ├── ingress-values.yaml │ │ ├── ingress2-values.yaml │ │ └── simple-values.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── configmap.yaml │ │ ├── deployment.yaml │ │ ├── extra-objects.yaml │ │ ├── ingress.yaml │ │ ├── poddisruptionbudget.yaml │ │ ├── post-upgrade-chown-job.yaml │ │ ├── pvc.yaml │ │ ├── secret-aws-creds.yaml │ │ ├── secret-license.yaml │ │ ├── secret-rstudio-pm-key.yaml │ │ ├── serviceaccount.yaml │ │ ├── servicemonitor.yaml │ │ └── svc.yaml │ └── values.yaml └── rstudio-workbench │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── LICENSE │ ├── Makefile │ ├── NEWS.md │ ├── README.md │ ├── README.md.gotmpl │ ├── ci │ ├── basic-ingress-values.yaml │ ├── basic-service-account-values.yaml │ ├── launcher-template-values.yaml │ ├── license-file-values.yaml │ └── user-create-values.yaml │ ├── files │ ├── job.tpl │ └── service.tpl │ ├── lint │ ├── complex-values.yaml │ ├── default-sa-values.yaml │ ├── empty-values.yaml │ ├── ingress-values.yaml │ ├── ingress2-values.yaml │ ├── launcher-template-values.yaml │ ├── license-file-secret-values.yaml │ ├── license-file-values.yaml │ ├── license-server-values.yaml │ ├── license-values.yaml │ ├── other-complex-values.yaml │ ├── overrides-values-new.yaml │ ├── overrides-values.yaml │ ├── simple-profiles-values.yaml │ └── simple-values.yaml │ ├── prestart-launcher.bash │ ├── prestart-workbench.bash │ ├── snapshot │ ├── .gitignore │ ├── complex-values.yaml.lock │ ├── default-sa-values.yaml.lock │ ├── default.yaml.lock │ ├── empty-values.yaml.lock │ ├── ingress-values.yaml.lock │ ├── ingress2-values.yaml.lock │ ├── launcher-template-values.yaml.lock │ ├── license-file-secret-values.yaml.lock │ ├── license-file-values.yaml.lock │ ├── license-server-values.yaml.lock │ ├── license-values.yaml.lock │ ├── other-complex-values.yaml.lock │ ├── overrides-values-new.yaml.lock │ ├── overrides-values.yaml.lock │ ├── simple-profiles-values.yaml.lock │ └── simple-values.yaml.lock │ ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── configmap-general.yaml │ ├── configmap-graphite-exporter.yaml │ ├── configmap-pam.yaml │ ├── configmap-prestart.yaml │ ├── configmap-secret.yaml │ ├── configmap-session.yaml │ ├── configmap-startup.yaml │ ├── deployment.yaml │ ├── extra-objects.yaml │ ├── ingress.yaml │ ├── license-secret.yaml │ ├── poddisruptionbudget.yaml │ ├── pvc.yaml │ ├── rbac.yaml │ ├── service-monitor.yaml │ └── svc.yaml │ ├── tests │ ├── deployment_test.yaml │ ├── ingress_test.yaml │ ├── prometheus_test.yaml │ └── service_accounts_test.yaml │ └── values.yaml ├── cr.yaml ├── docs └── customize.md ├── examples ├── auto-scaling │ ├── README.md │ ├── autoscaler │ │ └── values.yaml │ └── rstudio-workbench │ │ ├── users.txt │ │ └── values.yaml ├── connect │ ├── _prereqs.qmd │ ├── application-configuration │ │ ├── index.qmd │ │ └── rstudio-connect-recommended-app-config.yaml │ ├── auth │ │ ├── oidc.qmd │ │ ├── rstudio-connect-oidc.yaml │ │ ├── rstudio-connect-saml.yaml │ │ └── saml.qmd │ ├── container-images │ │ ├── custom-images.qmd │ │ ├── private-images.qmd │ │ ├── rstudio-connect-custom-image-private.yaml │ │ └── rstudio-connect-custom-image.yaml │ ├── index.qmd │ ├── ingress │ │ ├── aws-alb.qmd │ │ ├── azure-gateway.qmd │ │ ├── gce.qmd │ │ ├── nginx.qmd │ │ ├── rstudio-connect-alb-ingress.yaml │ │ ├── rstudio-connect-azure-application-gateway-ingress.yaml │ │ ├── rstudio-connect-gce-ingress.yaml │ │ ├── rstudio-connect-nginx-ingress.yaml │ │ ├── rstudio-connect-traefik-ingress.yaml │ │ └── traefik.qmd │ └── storage │ │ ├── additional-volumes.qmd │ │ ├── nfs-pv.qmd │ │ ├── rstudio-connect-with-additional-mounts.yaml │ │ └── rstudio-connect-with-pv.yaml ├── examples.ejs ├── launcher-templates │ ├── default │ │ ├── 2 │ │ │ ├── job.tpl │ │ │ └── service.tpl │ │ ├── 2.1.0 │ │ │ ├── job.tpl │ │ │ └── service.tpl │ │ ├── 2.3.0 │ │ │ ├── job.tpl │ │ │ └── service.tpl │ │ ├── 2.3.1 │ │ │ ├── job.tpl │ │ │ └── service.tpl │ │ └── 2.4.0 │ │ │ ├── job.tpl │ │ │ └── service.tpl │ ├── example-template-data.yaml │ ├── fargate │ │ ├── default-fargate │ │ │ ├── 2 │ │ │ │ ├── job.tpl │ │ │ │ └── service.tpl │ │ │ ├── README.md │ │ │ └── not-fargate-ui.png │ │ └── default-not │ │ │ ├── 2 │ │ │ ├── job.tpl │ │ │ └── service.tpl │ │ │ ├── README.md │ │ │ └── fargate-ui.png │ └── helm │ │ ├── 2-v1 │ │ ├── job.tpl │ │ └── service.tpl │ │ ├── 2-v2 │ │ ├── job.tpl │ │ └── service.tpl │ │ ├── 2.1.0-v1 │ │ ├── job.tpl │ │ └── service.tpl │ │ ├── 2.1.0-v2 │ │ ├── job.tpl │ │ └── service.tpl │ │ ├── 2.3.0-v1 │ │ ├── job.tpl │ │ └── service.tpl │ │ ├── 2.3.0-v2 │ │ ├── job.tpl │ │ └── service.tpl │ │ ├── 2.3.1-v1 │ │ ├── job.tpl │ │ └── service.tpl │ │ ├── 2.3.1-v2 │ │ ├── job.tpl │ │ └── service.tpl │ │ ├── 2.3.1-v3 │ │ ├── job.tpl │ │ └── service.tpl │ │ ├── 2.3.1-v4 │ │ ├── job.tpl │ │ └── service.tpl │ │ ├── 2.4.0-v1 │ │ ├── job.tpl │ │ └── service.tpl │ │ └── 2.4.0-v2 │ │ ├── job.tpl │ │ └── service.tpl ├── package-manager │ ├── _prereqs.qmd │ ├── container-images │ │ ├── custom-images.qmd │ │ ├── private-images.qmd │ │ ├── rstudio-pm-custom-image-private.yaml │ │ └── rstudio-pm-custom-image.yaml │ ├── index.qmd │ ├── ingress │ │ ├── aws-alb.qmd │ │ ├── azure-gateway.qmd │ │ ├── gce.qmd │ │ ├── nginx.qmd │ │ ├── rstudio-pm-alb-ingress.yaml │ │ ├── rstudio-pm-azure-application-gateway-ingress.yaml │ │ ├── rstudio-pm-gce-ingress.yaml │ │ ├── rstudio-pm-nginx-ingress.yaml │ │ ├── rstudio-pm-traefik-ingress.yaml │ │ └── traefik.qmd │ └── storage │ │ ├── additional-volumes.qmd │ │ ├── nfs-pv.qmd │ │ ├── rstudio-pm-with-additional-mounts.yaml │ │ ├── rstudio-pm-with-pv.yaml │ │ ├── rstudio-pm-with-s3.yaml │ │ └── s3.qmd ├── rbac │ ├── README.md │ ├── rstudio-launcher-rbac-0.2.0.yaml │ ├── rstudio-launcher-rbac-0.2.1.yaml │ ├── rstudio-launcher-rbac-0.2.10.yaml │ ├── rstudio-launcher-rbac-0.2.11.yaml │ ├── rstudio-launcher-rbac-0.2.12.yaml │ ├── rstudio-launcher-rbac-0.2.13.yaml │ ├── rstudio-launcher-rbac-0.2.14.yaml │ ├── rstudio-launcher-rbac-0.2.15.yaml │ ├── rstudio-launcher-rbac-0.2.16.yaml │ ├── rstudio-launcher-rbac-0.2.17.yaml │ ├── rstudio-launcher-rbac-0.2.18.yaml │ ├── rstudio-launcher-rbac-0.2.19.yaml │ ├── rstudio-launcher-rbac-0.2.2.yaml │ ├── rstudio-launcher-rbac-0.2.20.yaml │ ├── rstudio-launcher-rbac-0.2.21.yaml │ ├── rstudio-launcher-rbac-0.2.22.yaml │ ├── rstudio-launcher-rbac-0.2.23.yaml │ ├── rstudio-launcher-rbac-0.2.24.yaml │ ├── rstudio-launcher-rbac-0.2.3.yaml │ ├── rstudio-launcher-rbac-0.2.4.yaml │ ├── rstudio-launcher-rbac-0.2.5.yaml │ ├── rstudio-launcher-rbac-0.2.6.yaml │ ├── rstudio-launcher-rbac-0.2.7.yaml │ ├── rstudio-launcher-rbac-0.2.8.yaml │ ├── rstudio-launcher-rbac-0.2.9.yaml │ └── rstudio-launcher-rbac.yaml ├── workbench │ ├── _prereqs.qmd │ ├── application-configuration │ │ ├── index.qmd │ │ └── rstudio-workbench-recommended-app-config.yaml │ ├── auth-user-provisioning │ │ ├── oidc.qmd │ │ ├── pam-security.qmd │ │ ├── rstudio-workbench-oidc-sssd.yaml │ │ ├── rstudio-workbench-pam-homedirectory-permissions.yaml │ │ ├── rstudio-workbench-saml-sssd.yaml │ │ └── saml.qmd │ ├── container-images │ │ ├── custom-images.qmd │ │ ├── private-images.qmd │ │ ├── rstudio-workbench-custom-image-private.yaml │ │ └── rstudio-workbench-custom-image.yaml │ ├── index.qmd │ ├── ingress │ │ ├── aws-alb.qmd │ │ ├── azure-gateway.qmd │ │ ├── gce.qmd │ │ ├── nginx.qmd │ │ ├── rstudio-workbench-alb-ingress.yaml │ │ ├── rstudio-workbench-azure-application-gateway-ingress.yaml │ │ ├── rstudio-workbench-gce-ingress.yaml │ │ ├── rstudio-workbench-nginx-ingress.yaml │ │ ├── rstudio-workbench-traefik-ingress.yaml │ │ └── traefik.qmd │ └── storage │ │ ├── additional-volumes.qmd │ │ ├── nfs-pv.qmd │ │ ├── rstudio-workbench-with-additional-mounts.yaml │ │ └── rstudio-workbench-with-pv.yaml └── yaml │ ├── README.md │ ├── daemonset-r-session-complete-dockerhub │ ├── prepull-rstudio-r-session-complete-bionic-1.3.1056-1.yaml │ ├── prepull-rstudio-r-session-complete-bionic-1.3.1073-1.yaml │ ├── prepull-rstudio-r-session-complete-bionic-1.3.1093-1.yaml │ ├── prepull-rstudio-r-session-complete-bionic-1.3.959-1.yaml │ ├── prepull-rstudio-r-session-complete-bionic-1.3.959-2.yaml │ ├── prepull-rstudio-r-session-complete-bionic-1.4.1103-1.yaml │ ├── prepull-rstudio-r-session-complete-bionic-1.4.1103-3.yaml │ ├── prepull-rstudio-r-session-complete-bionic-1.4.1103-4.yaml │ ├── prepull-rstudio-r-session-complete-bionic-1.4.1106-5.yaml │ ├── prepull-rstudio-r-session-complete-bionic-1.4.1717-3.yaml │ ├── prepull-rstudio-r-session-complete-bionic-1.4.702-1.yaml │ ├── prepull-rstudio-r-session-complete-bionic-2021.09.0-351.pro6.yaml │ ├── prepull-rstudio-r-session-complete-bionic-2021.09.1-372.pro1.yaml │ ├── prepull-rstudio-r-session-complete-bionic-2021.09.2-382.pro1.yaml │ └── prepull-rstudio-r-session-complete-bionic-latest.yaml │ └── daemonset-r-session-complete-ghcr │ ├── prepull-ghcr-rstudio-r-session-complete-bionic-1.4.1717-3.yaml │ ├── prepull-ghcr-rstudio-r-session-complete-bionic-2021.09.0-351.pro6.yaml │ ├── prepull-ghcr-rstudio-r-session-complete-bionic-2021.09.1-372.pro1.yaml │ ├── prepull-ghcr-rstudio-r-session-complete-bionic-2021.09.2-382.pro1.yaml │ └── prepull-ghcr-rstudio-r-session-complete-bionic-latest.yaml ├── images ├── favicon.svg ├── posit-guide-dm.svg ├── posit-guide-ltmd.svg ├── posit-guide-open-dm.svg ├── posit-guide-open-ltmd.svg ├── posit-icon-fullcolor.svg ├── posit-logo-black-TM.svg └── posit-logo-fullcolor-TM.svg ├── index.qmd ├── other-charts ├── _templates.gotmpl └── prepull-daemonset │ ├── Chart.yaml │ ├── NEWS.md │ ├── README.md │ ├── README.md.gotmpl │ ├── templates │ └── daemonset.yaml │ └── values.yaml └── scripts ├── README.md └── rebuild.sh /.gitattributes: -------------------------------------------------------------------------------- 1 | *.yml linguist-detectable=true 2 | *.yml linguist-language=YAML 3 | *.qmd linguist-language=Markdown 4 | *.md linguist-detectable 5 | *.qmd linguist-detectable 6 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # format per https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#about-code-owners 2 | * @rstudio/infraops @rstudio/platform-cloud 3 | 4 | # package-manager resources 5 | /charts/rstudio-pm/** @rstudio/ppm 6 | /ci/rstudio-pm/** @rstudio/ppm 7 | 8 | # connect resources 9 | /charts/rstudio-connect/** @aronatkins @dbkegley @christierney @zackverham 10 | /ci/rstudio-connect/** @aronatkins @dbkegley @christierney @zackverham 11 | /examples/connect/** @aronatkins @dbkegley @christierney @zackverham 12 | 13 | # posit-chronicle resources 14 | /charts/posit-chronicle/** @matt-urbina @markrtucker @t-margheim 15 | /ci/posit-chronicle/** @matt-urbina @markrtucker @t-margheim 16 | 17 | # rstudio-workbench resources 18 | /charts/rstudio-workbench/** @GCrev @zachhannum 19 | /ci/rstudio-workbench/** @GCrev @zachhannum 20 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/chronicle.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Posit Chronicle 3 | about: A bug or feature request for the Chronicle helm chart 4 | labels: ["team: chronicle"] 5 | --- 6 | 7 | 9 | 10 | ## Description 11 | 12 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/connect.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Posit Connect 3 | about: A bug or feature request for the Connect helm chart 4 | labels: ["team: connect"] 5 | --- 6 | 7 | 9 | 10 | ## Description 11 | 12 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/package-manager.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Posit Package Manager 3 | about: A bug or feature request for the PPM helm chart 4 | labels: ["team: package manager"] 5 | --- 6 | 7 | 9 | 10 | ## Description 11 | 12 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/workbench.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Posit Workbench 3 | about: A bug or feature request for the Workbench helm chart 4 | labels: ["team: workbench"] 5 | --- 6 | 7 | 9 | 10 | ## Description 11 | 12 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | helm-docs 2 | charts/**/charts/ 3 | /*.values 4 | /.cr-release-packages 5 | 6 | # helm unittest plugin 7 | __snapshot__ 8 | .debug/ 9 | 10 | bin/** 11 | !bin/README.md 12 | 13 | /.quarto/ 14 | _site/ 15 | _publish.yml 16 | 17 | /.quarto/ 18 | 19 | # helm packages 20 | *.tgz 21 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 Posit Software, PBC 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /_environment: -------------------------------------------------------------------------------- 1 | CURRENT_YEAR=2024 2 | -------------------------------------------------------------------------------- /_extensions/posit-dev/posit-docs/_extension.yml: -------------------------------------------------------------------------------- 1 | title: posit-docs 2 | author: Ashley Henry, David Aja, Aron Atkins 3 | version: 7.0.0 4 | quarto-required: ">=1.5.57" 5 | contributes: 6 | project: 7 | project: 8 | type: website 9 | website: 10 | favicon: "assets/images/favicon.svg" 11 | bread-crumbs: true 12 | navbar: 13 | pinned: true 14 | logo: "assets/images/posit-icon-fullcolor.svg" 15 | logo-alt: "Posit Documentation" 16 | right: 17 | - icon: "list" 18 | aria-label: 'Drop-down menu for additional Posit resources' 19 | menu: 20 | - text: "docs.posit.co" 21 | href: "https://docs.posit.co" 22 | - text: "Posit Support" 23 | href: "https://support.posit.co/hc/en-us/" 24 | search: 25 | copy-button: true 26 | show-item-context: true 27 | format: 28 | html: 29 | theme: 30 | light: [theme.scss] 31 | dark: [theme-dark.scss] 32 | link-external-icon: true 33 | link-external-newwindow: true 34 | toc: true 35 | toc-expand: true 36 | include-in-header: "assets/_analytics.html" 37 | -------------------------------------------------------------------------------- /_extensions/posit-dev/posit-docs/_posit-colors.scss: -------------------------------------------------------------------------------- 1 | /* Posit Color definitions */ 2 | $posit-blue: #447099; 3 | $posit-light-blue-1: #d1dbe5; 4 | $posit-light-blue-2: #a2b8cb; 5 | $posit-light-blue-3: #7494b1; 6 | $posit-dark-blue-1: #305775; 7 | $posit-dark-blue-2: #213d4f; 8 | 9 | $posit-orange: #ee6331; 10 | $posit-light-orange-1: #edccbf; 11 | $posit-light-orange-2: #eba38c; 12 | $posit-dark-orange-1: #ab4d26; 13 | $posit-dark-orange-2: #80361c; 14 | $posit-dark-orange-3: #451f12; 15 | 16 | $posit-gray: #404041; 17 | $posit-light-gray-1: #c2c2c4; 18 | $posit-light-gray-2: #949494; 19 | $posit-dark-gray-1: #333333; 20 | 21 | $posit-teal: #419599; 22 | $posit-light-teal-1: #c2d9d9; 23 | $posit-light-teal-2: #94bdbf; 24 | $posit-light-teal-3: #70a3a6; 25 | $posit-dark-teal-1: #297075; 26 | $posit-dark-teal-2: #1f4f4f; 27 | $posit-dark-teal-3: #122b2b; 28 | 29 | $posit-green: #72994e; 30 | 31 | $posit-burgundy: #9a4665; 32 | $posit-light-burgundy-1: #d9c4cc; 33 | $posit-light-burgundy-2: #bf96a3; 34 | $posit-light-burgundy-3: #a67380; 35 | $posit-dark-burgundy-1: #78384f; 36 | $posit-dark-burgundy-2: #542938; 37 | $posit-dark-burgundy-3: #2e171f; 38 | -------------------------------------------------------------------------------- /_extensions/posit-dev/posit-docs/assets/_analytics.html: -------------------------------------------------------------------------------- 1 | 2 | 8 | 9 | 10 | 11 | 30 | 31 | -------------------------------------------------------------------------------- /_extensions/posit-dev/posit-docs/assets/images/exclamation-circle-dm.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /_extensions/posit-dev/posit-docs/assets/images/exclamation-circle.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /_extensions/posit-dev/posit-docs/assets/images/exclamation-triangle-dm.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /_extensions/posit-dev/posit-docs/assets/images/exclamation-triangle.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /_extensions/posit-dev/posit-docs/assets/images/favicon.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 5 | 8 | 9 | 13 | 14 | 15 | 16 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /_extensions/posit-dev/posit-docs/assets/images/info-circle-dm.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /_extensions/posit-dev/posit-docs/assets/images/info-circle.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /_extensions/posit-dev/posit-docs/assets/images/posit-icon-fullcolor.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 5 | 9 | 22 | 23 | -------------------------------------------------------------------------------- /_extensions/quarto-ext/include-code-files/_extension.yml: -------------------------------------------------------------------------------- 1 | title: Include Code Files 2 | author: Bruno Beaufils 3 | version: 1.0.0 4 | quarto-required: ">=1.2" 5 | contributes: 6 | filters: 7 | - include-code-files.lua 8 | 9 | 10 | -------------------------------------------------------------------------------- /artifacthub-repo.yml: -------------------------------------------------------------------------------- 1 | # from https://github.com/artifacthub/hub/blob/master/docs/metadata/artifacthub-repo.yml 2 | repositoryID: 2e4468ce-cda6-492e-a7a9-04c572b1450b 3 | owners: 4 | - name: colearendt 5 | email: cole@rstudio.com 6 | - name: sol-eng 7 | email: docker@rstudio.com 8 | ignore: 9 | - name: rstudio-launcher-rbac 10 | -------------------------------------------------------------------------------- /bin/README.md: -------------------------------------------------------------------------------- 1 | A `./bin` directory for various supporting software (i.e. `helm`, `helm-docs`, etc.) 2 | 3 | See `just setup` for more detail 4 | -------------------------------------------------------------------------------- /charts/posit-chronicle/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | .helmignore 14 | # Common backup files 15 | *.swp 16 | *.bak 17 | *.tmp 18 | *.orig 19 | *~ 20 | # Various IDEs 21 | .project 22 | .idea/ 23 | *.tmproj 24 | .vscode/ 25 | 26 | # chart tests 27 | ci/ 28 | lint/ 29 | tests/ 30 | 31 | # helm unittest debug files 32 | .debug/ 33 | -------------------------------------------------------------------------------- /charts/posit-chronicle/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: posit-chronicle 3 | description: Official Helm chart for Posit Chronicle Server 4 | version: 0.4.0 5 | appVersion: 2025.05.1 6 | icon: https://posit.co/wp-content/themes/Posit/dist/images/favicon/apple-touch-icon-180x180.png 7 | home: https://www.posit.co 8 | sources: 9 | - https://github.com/rstudio/helm 10 | maintainers: 11 | - name: rstudio 12 | email: docker@posit.co 13 | url: https://github.com/rstudio/helm 14 | annotations: 15 | artifacthub.io/images: | 16 | - name: chronicle 17 | image: ghcr.io/rstudio/chronicle:2025.05.1 18 | platforms: 19 | - linux/amd64 20 | artifacthub.io/license: MIT 21 | artifacthub.io/links: | 22 | - name: Chronicle Documentation 23 | url: https://docs.posit.co/chronicle 24 | - name: Posit Helm Documentation 25 | url: https://docs.posit.co/helm 26 | - name: Docker Images 27 | url: https://github.com/rstudio/rstudio-docker-products 28 | - name: Posit Community 29 | url: https://forum.posit.co/c/posit-professional-hosted/5 30 | - name: About Posit Team 31 | url: https://posit.co/products/enterprise/team/ 32 | artifacthub.io/recommendations: | 33 | - url: https://artifacthub.io/packages/helm/rstudio/rstudio-connect 34 | - url: https://artifacthub.io/packages/helm/rstudio/rstudio-workbench 35 | keywords: 36 | - "rstudio" 37 | - "posit" 38 | - "chronicle" 39 | - "metrics" 40 | - "monitoring" 41 | - "observability" 42 | - "analytics" 43 | - "data science" 44 | -------------------------------------------------------------------------------- /charts/posit-chronicle/LICENSE: -------------------------------------------------------------------------------- 1 | # MIT License 2 | 3 | Copyright (c) 2023 Posit Software, PBC 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /charts/posit-chronicle/Makefile: -------------------------------------------------------------------------------- 1 | lint: 2 | helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/empty-values.yaml . 3 | helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/simple-values.yaml . 4 | helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/no-local-storage-values.yaml . 5 | helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/complex-values.yaml . 6 | 7 | template: 8 | helm template -f ci/complex-values.yaml . --debug 9 | 10 | template-all: 11 | helm template -f ci/empty-values.yaml . 12 | helm template -f ci/simple-values.yaml . 13 | helm template -f ci/no-local-storage-values.yaml . 14 | helm template -f ci/complex-values.yaml . 15 | -------------------------------------------------------------------------------- /charts/posit-chronicle/ci/empty-values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rstudio/helm/6236c55f242849d0988afa66022f8ad8aff2e99f/charts/posit-chronicle/ci/empty-values.yaml -------------------------------------------------------------------------------- /charts/posit-chronicle/lint/empty-values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rstudio/helm/6236c55f242849d0988afa66022f8ad8aff2e99f/charts/posit-chronicle/lint/empty-values.yaml -------------------------------------------------------------------------------- /charts/posit-chronicle/lint/no-local-storage-values.yaml: -------------------------------------------------------------------------------- 1 | image: 2 | tag: "latest" 3 | 4 | serviceaccount: 5 | create: true 6 | annotations: { 7 | eks.amazonaws.com/role-arn: arn:aws:iam::123123123123123:role/chronicle-serviceaccount-role 8 | } 9 | 10 | config: 11 | LocalStorage: 12 | Enabled: false 13 | Logging: 14 | ServiceLog: "STDOUT" 15 | ServiceLogLevel: "DEBUG" 16 | ServiceLogFormat: "JSON" 17 | Profiling: 18 | Enabled: true 19 | S3Storage: 20 | Enabled: true 21 | Bucket: "posit-chronicle-dev" 22 | Region: "ap-northeast-2" 23 | -------------------------------------------------------------------------------- /charts/posit-chronicle/lint/simple-values.yaml: -------------------------------------------------------------------------------- 1 | image: 2 | tag: "latest" 3 | 4 | serviceaccount: 5 | create: false 6 | 7 | storage: 8 | persistentVolumeSize: 10Gi 9 | 10 | config: 11 | LocalStorage: 12 | Enabled: true 13 | RetentionPeriod: "7d" 14 | Logging: 15 | ServiceLog: "STDOUT" 16 | ServiceLogLevel: "DEBUG" 17 | ServiceLogFormat: "JSON" 18 | Profiling: 19 | Enabled: true 20 | S3Storage: 21 | Enabled: true 22 | Bucket: "posit-chronicle-dev" 23 | Region: "us-east-1" 24 | -------------------------------------------------------------------------------- /charts/posit-chronicle/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{ include "posit-chronicle.fullname" . }} successfully deployed to namespace {{ .Release.Namespace }} 2 | 3 | Please visit https://docs.posit.co/chronicle/getting-started/installation/on-kubernetes.html#agent-sidecar for 4 | additional information on deploying Chronicle agents to monitor Posit products in your cluster. 5 | {{ if and (not .Values.config.LocalStorage.Enabled) .Values.persistence.enabled }} 6 | WARNING: Persistence is enabled, but Chronicle local storage is not configured. This may lead to data loss if the pod 7 | is restarted or rescheduled. 8 | {{- end }} 9 | {{ if and .Values.config.LocalStorage.Enabled (not .Values.persistence.enabled) }} 10 | WARNING: Local storage is enabled, but persistence is not enabled. This may lead to data loss if the pod is restarted or 11 | rescheduled. 12 | {{- end }} 13 | {{ if and (not .Values.config.LocalStorage.Enabled) (not .Values.config.S3Storage.Enabled) }} 14 | WARNING: No storage backend is configured. Chronicle will not be able to store any data in a persistent or accessible 15 | location. Consider redeploying with `.Values.config.LocalStorage` or `.Values.config.S3Storage` set to true. 16 | {{- end }} 17 | {{ if and .Values.config.LocalStorage.Enabled .Values.config.S3Storage.Enabled }} 18 | WARNING: Both local and S3 storage are currently enabled. Data will be saved both locally and in S3 which could 19 | result in inflated costs. It is recommended to only enable one storage backend. 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /charts/posit-chronicle/templates/extra-manifests.yaml: -------------------------------------------------------------------------------- 1 | {{ range .Values.extraObjects }} 2 | --- 3 | {{- if typeIs "string" . }} 4 | {{ tpl . $ }} 5 | {{ else }} 6 | {{ tpl (. | toYaml) $ }} 7 | {{- end }} 8 | {{- end }} 9 | -------------------------------------------------------------------------------- /charts/posit-chronicle/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "posit-chronicle.serviceAccountName" . }} 6 | namespace: {{ include "posit-chronicle.namespace" . }} 7 | labels: 8 | {{ include "posit-chronicle.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.labels }} 10 | {{ toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} 13 | {{- $annotations := merge .Values.serviceAccount.annotations .Values.commonAnnotations }} 14 | annotations: 15 | {{- with $annotations }} 16 | {{ toYaml . | nindent 4 }} 17 | {{- end }} 18 | {{- end }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/posit-chronicle/templates/svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "posit-chronicle.fullname" . }} 6 | namespace: {{ include "posit-chronicle.namespace" . }} 7 | labels: 8 | {{ include "posit-chronicle.labels" . | nindent 4 }} 9 | {{- with .Values.service.labels }} 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- if or .Values.service.annotations .Values.commonAnnotations }} 13 | {{- $annotations := merge .Values.service.annotations .Values.commonAnnotations }} 14 | annotations: 15 | {{- with $annotations }} 16 | {{- toYaml . | nindent 4 }} 17 | {{- end }} 18 | {{- end }} 19 | spec: 20 | selector: 21 | {{ include "posit-chronicle.selectorLabels" . | trim | nindent 4 }} 22 | ports: 23 | {{- if .Values.config.HTTPS.Enabled }} 24 | - port: {{ .Values.service.port }} 25 | targetPort: 443 26 | name: https 27 | {{- else }} 28 | - port: {{ .Values.service.port }} 29 | targetPort: 5252 30 | name: http 31 | {{- end }} 32 | --- 33 | -------------------------------------------------------------------------------- /charts/posit-chronicle/tests/configmap_fail_test.yaml: -------------------------------------------------------------------------------- 1 | suite: Configmap tests 2 | templates: 3 | - configmap.yaml 4 | tests: 5 | - it: should fail if https is enabled but no certificate is specified 6 | set: 7 | config: 8 | HTTPS: 9 | Enabled: true 10 | Key: /etc/ssl/ssl.key 11 | asserts: 12 | - failedTemplate: 13 | errorPattern: ".*Certificate must be specified.*" 14 | - it: should fail if https is enabled but no key is specified 15 | set: 16 | config: 17 | HTTPS: 18 | Enabled: true 19 | Certificate: /etc/ssl/ssl.crt 20 | asserts: 21 | - failedTemplate: 22 | errorPattern: ".*Key must be specified.*" 23 | - it: should fail for invalid log level values 24 | set: 25 | config: 26 | Logging: 27 | ServiceLogLevel: INVALID 28 | asserts: 29 | - failedTemplate: 30 | errorPattern: ".*ServiceLogLevel: Does not match pattern.*" 31 | - it: should fail for invalid log level values 32 | set: 33 | config: 34 | Logging: 35 | ServiceLogFormat: INVALID 36 | asserts: 37 | - failedTemplate: 38 | errorPattern: ".*ServiceLogFormat: Does not match pattern.*" 39 | - it: should fail if S3 is enabled but no bucket is specified 40 | set: 41 | config: 42 | S3Storage: 43 | Enabled: true 44 | asserts: 45 | - failedTemplate: 46 | errorPattern: ".*Bucket must be specified when S3 storage is enabled.*" 47 | -------------------------------------------------------------------------------- /charts/posit-chronicle/tests/extra-manifests_test.yaml: -------------------------------------------------------------------------------- 1 | suite: Extra manifests tests 2 | templates: 3 | - extra-manifests.yaml 4 | tests: 5 | - it: should create extra manifests if specified 6 | set: 7 | extraObjects: 8 | - apiVersion: v1 9 | kind: ConfigMap 10 | metadata: 11 | name: test-configmap 12 | data: 13 | test-key: test-value 14 | - apiVersion: v1 15 | kind: Secret 16 | metadata: 17 | name: test-secret 18 | data: 19 | test-key: dGVzdC12YWx1ZQ== 20 | asserts: 21 | - hasDocuments: 22 | count: 2 23 | - isKind: 24 | of: ConfigMap 25 | documentIndex: 0 26 | - isKind: 27 | of: Secret 28 | documentIndex: 1 29 | -------------------------------------------------------------------------------- /charts/posit-chronicle/tests/serviceaccount_test.yaml: -------------------------------------------------------------------------------- 1 | suite: Service account tests 2 | templates: 3 | - serviceaccount.yaml 4 | tests: 5 | - it: should skip creation by default 6 | asserts: 7 | - hasDocuments: 8 | count: 0 9 | - it: should create a service account when specified 10 | set: 11 | serviceAccount: 12 | create: true 13 | release: 14 | name: test-release 15 | namespace: test-namespace 16 | asserts: 17 | - isKind: 18 | of: ServiceAccount 19 | - equal: 20 | path: metadata.name 21 | value: test-release-posit-chronicle 22 | - equal: 23 | path: metadata.namespace 24 | value: test-namespace 25 | - it: should set annotations if given with service account annotations favored during merge 26 | set: 27 | serviceAccount: 28 | create: true 29 | annotations: 30 | test-merge: value2 31 | test-sa: value 32 | commonAnnotations: 33 | test-merge: value1 34 | test-common: value 35 | asserts: 36 | - isSubset: 37 | path: metadata.annotations 38 | content: 39 | test-merge: value2 40 | test-common: value 41 | test-sa: value 42 | -------------------------------------------------------------------------------- /charts/rstudio-connect/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | .helmignore 14 | # Common backup files 15 | *.swp 16 | *.bak 17 | *.tmp 18 | *.orig 19 | *~ 20 | # Various IDEs 21 | .project 22 | .idea/ 23 | *.tmproj 24 | .vscode/ 25 | 26 | # chart tests 27 | ci/ 28 | lint/ 29 | tests/ 30 | -------------------------------------------------------------------------------- /charts/rstudio-connect/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: rstudio-library 3 | repository: https://helm.rstudio.com 4 | version: 0.1.34 5 | digest: sha256:66324c3ca436a3743e6f7c3dd8e159d21fca4fd5072d4d8c2583bfafd8499d70 6 | generated: "2025-05-20T10:37:20.963885313-06:00" 7 | -------------------------------------------------------------------------------- /charts/rstudio-connect/Chart.yaml: -------------------------------------------------------------------------------- 1 | name: rstudio-connect 2 | description: Official Helm chart for Posit Connect 3 | version: 0.8.0 4 | apiVersion: v2 5 | appVersion: 2025.05.0 6 | icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png 7 | home: https://www.rstudio.com 8 | sources: 9 | - https://github.com/rstudio/helm 10 | maintainers: 11 | - name: sol-eng 12 | email: docker@rstudio.com 13 | url: https://github.com/sol-eng 14 | dependencies: 15 | - name: rstudio-library 16 | version: 0.1.34 17 | repository: https://helm.rstudio.com 18 | annotations: 19 | artifacthub.io/images: | 20 | - name: rstudio-connect 21 | image: rstudio/rstudio-connect:ubuntu2204-2025.05.0 22 | artifacthub.io/license: MIT 23 | artifacthub.io/links: | 24 | - name: Docker Images 25 | url: https://github.com/rstudio/rstudio-docker-products 26 | - name: RStudio Community 27 | url: https://community.rstudio.com/c/r-admin/5 28 | - name: About Connect 29 | url: https://www.rstudio.com/products/connect/ 30 | - name: About RStudio Team 31 | url: https://www.rstudio.com/products/team/ 32 | keywords: 33 | - "data science" 34 | - "machine learning" 35 | - "r" 36 | - "rstats" 37 | - "python" 38 | - "deploy" 39 | - "rstudio" 40 | - "posit" 41 | -------------------------------------------------------------------------------- /charts/rstudio-connect/LICENSE: -------------------------------------------------------------------------------- 1 | # MIT License 2 | 3 | Copyright (c) 2023 Posit Software, PBC 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /charts/rstudio-connect/Makefile: -------------------------------------------------------------------------------- 1 | lint: 2 | helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/complex-values.yaml . 3 | helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/simple-values.yaml . 4 | helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/empty-values.yaml . 5 | 6 | template: 7 | helm template . 8 | 9 | template-debug: 10 | helm template --debug . 11 | -------------------------------------------------------------------------------- /charts/rstudio-connect/ci/license-file-values.yaml: -------------------------------------------------------------------------------- 1 | license: 2 | file: 3 | secret: pct-license 4 | secretKey: pct.lic 5 | 6 | # a PVC is required for Connect to run in OHE (now the default) 7 | sharedStorage: 8 | create: true 9 | # normally this should be ReadWriteMany, setting just for CI 10 | accessModes: 11 | - ReadWriteOnce 12 | -------------------------------------------------------------------------------- /charts/rstudio-connect/lint/deprecated-values.yaml: -------------------------------------------------------------------------------- 1 | pod: 2 | serviceAccountName: test 3 | -------------------------------------------------------------------------------- /charts/rstudio-connect/lint/empty-values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rstudio/helm/6236c55f242849d0988afa66022f8ad8aff2e99f/charts/rstudio-connect/lint/empty-values.yaml -------------------------------------------------------------------------------- /charts/rstudio-connect/lint/ingress-values.yaml: -------------------------------------------------------------------------------- 1 | ingress: 2 | enabled: true 3 | annotations: 4 | kubernetes.io/ingress.class: traefik 5 | 6 | # Defines network routing in the traefik configuration. 7 | hosts: 8 | - host: connect.rstudio.com 9 | paths: 10 | - path: /test/ 11 | -------------------------------------------------------------------------------- /charts/rstudio-connect/lint/ingress2-values.yaml: -------------------------------------------------------------------------------- 1 | ingress: 2 | enabled: true 3 | annotations: 4 | kubernetes.io/ingress.class: traefik 5 | 6 | # Defines network routing in the traefik configuration. 7 | hosts: 8 | - host: connect.rstudio.com 9 | paths: 10 | - path: /test/ 11 | pathType: Other 12 | -------------------------------------------------------------------------------- /charts/rstudio-connect/lint/launcher-advanced-values.yaml: -------------------------------------------------------------------------------- 1 | rbac: 2 | create: true 3 | serviceAccount: 4 | create: true 5 | name: "connect-service-account" 6 | securityContext: null 7 | sharedStorage: 8 | create: true 9 | launcher: 10 | enabled: true 11 | additionalRuntimeImages: 12 | - name: ghcr.io/rstudio/content-base:r4.1.0-py3.9.2-bionic 13 | python: 14 | installations: 15 | - path: /opt/python/3.9.2/bin/python3.9 16 | version: 3.9.2 17 | r: 18 | installations: 19 | - path: /opt/R/4.1.0/bin/R 20 | version: 4.1.0 21 | customRuntimeYaml: 22 | name: Kubernetes 23 | images: 24 | - 25 | name: ghcr.io/rstudio/content-base:r3.1.3-py2.7.18-bionic 26 | python: 27 | installations: 28 | - 29 | path: /opt/python/2.7.18/bin/python2.7 30 | version: 2.7.18 31 | r: 32 | installations: 33 | - 34 | path: /opt/R/3.1.3/bin/R 35 | version: 3.1.3 36 | -------------------------------------------------------------------------------- /charts/rstudio-connect/lint/launcher-advanced2-values.yaml: -------------------------------------------------------------------------------- 1 | rbac: 2 | create: true 3 | serviceAccount: 4 | create: true 5 | securityContext: null 6 | sharedStorage: 7 | create: true 8 | launcher: 9 | enabled: true 10 | defaultInitContainer: 11 | enabled: true 12 | securityContext: 13 | allowPrivilegedEscalation: false 14 | additionalRuntimeImages: | 15 | - name: ghcr.io/rstudio/content-base:r4.1.0-py3.9.2-bionic 16 | python: 17 | installations: 18 | - path: /opt/python/3.9.2/bin/python3.9 19 | version: 3.9.2 20 | r: 21 | installations: 22 | - path: /opt/R/4.1.0/bin/R 23 | version: 4.1.0 24 | customRuntimeYaml: | 25 | name: Kubernetes 26 | images: 27 | - 28 | name: ghcr.io/rstudio/content-base:r3.1.3-py2.7.18-bionic 29 | python: 30 | installations: 31 | - 32 | path: /opt/python/2.7.18/bin/python2.7 33 | version: 2.7.18 34 | r: 35 | installations: 36 | - 37 | path: /opt/R/3.1.3/bin/R 38 | version: 3.1.3 39 | -------------------------------------------------------------------------------- /charts/rstudio-connect/lint/launcher-advanced3-values.yaml: -------------------------------------------------------------------------------- 1 | rbac: 2 | create: true 3 | serviceAccount: 4 | create: true 5 | securityContext: null 6 | sharedStorage: 7 | create: true 8 | launcher: 9 | enabled: true 10 | customRuntimeYaml: pro 11 | additionalRuntimeImages: 12 | - name: ghcr.io/rstudio/content-base:r4.1.0-py3.9.2-bionic 13 | python: 14 | installations: 15 | - path: /opt/python/3.9.2/bin/python3.9 16 | version: 3.9.2 17 | r: 18 | installations: 19 | - path: /opt/R/4.1.0/bin/R 20 | version: 4.1.0 21 | -------------------------------------------------------------------------------- /charts/rstudio-connect/lint/launcher-values.yaml: -------------------------------------------------------------------------------- 1 | rbac: 2 | create: true 3 | serviceAccount: 4 | create: true 5 | launcher: 6 | enabled: true 7 | sharedStorage: 8 | create: true 9 | securityContext: null 10 | -------------------------------------------------------------------------------- /charts/rstudio-connect/lint/simple-values.yaml: -------------------------------------------------------------------------------- 1 | sharedStorage: 2 | create: true 3 | requests: 4 | storage: "1Gi" 5 | license: 6 | key: test 7 | nodePort: 32390 8 | replicas: 1 9 | config: 10 | HTTP: 11 | Listen: :3939 12 | Authentication: 13 | Provider: password 14 | Python: 15 | Enabled: true 16 | Executable: /opt/python/3.6.5/bin/python 17 | 'RPackageRepository "CRAN"': 18 | URL: https://packagemanager.rstudio.com/cran/__linux__/bionic/latest 19 | 'RPackageRepository "RSPM"': 20 | URL: https://packagemanager.rstudio.com/cran/__linux__/bionic/latest 21 | Server: 22 | Address: http://localhost:3939 23 | DataDir: /var/lib/rstudio-connect 24 | RVersionScanning: false 25 | RVersion: 26 | - /opt/R/3.6.2 27 | -------------------------------------------------------------------------------- /charts/rstudio-connect/prestart.bash: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -o errexit 3 | set -o pipefail 4 | 5 | main() { 6 | local startup_script="${1:-/usr/local/bin/startup.sh}" 7 | 8 | local cacert='/var/run/secrets/kubernetes.io/serviceaccount/ca.crt' 9 | local k8s_url="https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}" 10 | 11 | _logf 'Loading service account token' 12 | local sa_token 13 | sa_token="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" 14 | 15 | _logf 'Checking kubernetes health via %s' "${k8s_url}" 16 | curl -fsSL \ 17 | -H "Authorization: Bearer ${sa_token}" \ 18 | --cacert "${cacert}" \ 19 | "${k8s_url}/healthz" 2>&1 | _indent 20 | printf '\n' 21 | 22 | _logf 'Replacing process with %s' "${startup_script}" 23 | exec "${startup_script}" 24 | } 25 | 26 | _logf() { 27 | local msg="${1}" 28 | shift 29 | local now 30 | now="$(date -u +%Y-%m-%dT%H:%M:%S)" 31 | local format_string 32 | format_string="$(printf '#----> prestart.bash %s: %s' "${now}" "${msg}")\\n" 33 | # shellcheck disable=SC2059 34 | printf "${format_string}" "${@}" 35 | } 36 | 37 | _indent() { 38 | sed -u 's/^/ /' 39 | } 40 | 41 | main "${@}" 42 | -------------------------------------------------------------------------------- /charts/rstudio-connect/templates/configmap-prestart.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.launcher.enabled }} 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: {{ include "rstudio-connect.fullname" . }}-prestart 7 | namespace: {{ $.Release.Namespace }} 8 | data: 9 | prestart.bash: | 10 | {{- .Files.Get "prestart.bash" | nindent 4 }} 11 | {{- end }} 12 | -------------------------------------------------------------------------------- /charts/rstudio-connect/templates/extra-objects.yaml: -------------------------------------------------------------------------------- 1 | {{- range .Values.extraObjects }} 2 | --- 3 | {{ include "rstudio-library.tplvalues.render" (dict "value" . "context" $) }} 4 | {{- end }} 5 | -------------------------------------------------------------------------------- /charts/rstudio-connect/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $apiVersion := include "rstudio-library.ingress.apiVersion" . -}} 3 | {{- $fullName := include "rstudio-connect.fullname" . -}} 4 | {{- $svcPort := .Values.service.port -}} 5 | apiVersion: {{ $apiVersion }} 6 | kind: Ingress 7 | metadata: 8 | name: {{ $fullName }} 9 | labels: 10 | {{- include "rstudio-connect.labels" . | nindent 4 }} 11 | {{- with .Values.ingress.annotations }} 12 | annotations: 13 | {{- toYaml . | nindent 4 }} 14 | {{- end }} 15 | spec: 16 | {{- if and (.Values.ingress.ingressClassName) (include "rstudio-library.ingress.supportsIngressClassName" $apiVersion) }} 17 | ingressClassName: {{ .Values.ingress.ingressClassName }} 18 | {{- end }} 19 | {{- if .Values.ingress.tls }} 20 | tls: 21 | {{- range .Values.ingress.tls }} 22 | - hosts: 23 | {{- range .hosts }} 24 | - {{ . | quote }} 25 | {{- end }} 26 | secretName: {{ .secretName }} 27 | {{- end }} 28 | {{- end }} 29 | rules: 30 | {{- range .Values.ingress.hosts }} 31 | - host: {{ .host | quote }} 32 | http: 33 | paths: 34 | {{- range .paths }} 35 | - 36 | {{- include "rstudio-library.ingress.path" (dict "apiVersion" $apiVersion "pathData" . ) | indent 12 }} 37 | backend: 38 | {{- include "rstudio-library.ingress.backend" (dict "apiVersion" $apiVersion "svcName" $fullName "svcPort" $svcPort) | nindent 14 }} 39 | {{- end }} 40 | {{- end }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /charts/rstudio-connect/templates/license-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ include "rstudio-library.license-secret" (dict "license" ( .Values.license ) "fullName" (include "rstudio-connect.fullname" .) "product" ("rstudio-connect") "namespace" $.Release.Namespace) }} 2 | -------------------------------------------------------------------------------- /charts/rstudio-connect/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.podDisruptionBudget -}} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" }} 3 | apiVersion: policy/v1 4 | {{- else }} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: {{ include "rstudio-connect.fullname" . }} 10 | labels: 11 | {{- include "rstudio-connect.labels" . | nindent 4 }} 12 | spec: 13 | selector: 14 | matchLabels: 15 | {{- include "rstudio-connect.selectorLabels" . | nindent 6 }} 16 | {{- toYaml .Values.podDisruptionBudget | nindent 2 }} 17 | {{- end -}} 18 | -------------------------------------------------------------------------------- /charts/rstudio-connect/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.sharedStorage.create }} 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: {{default (print (include "rstudio-connect.fullname" .) "-shared-storage" ) .Values.sharedStorage.name }} 6 | namespace: {{ $.Release.Namespace }} 7 | annotations: 8 | {{- .Values.sharedStorage.annotations | toYaml | nindent 4 }} 9 | spec: 10 | accessModes: 11 | {{- .Values.sharedStorage.accessModes | toYaml | nindent 4 }} 12 | volumeMode: Filesystem 13 | {{- if .Values.sharedStorage.storageClassName }} 14 | storageClassName: {{ .Values.sharedStorage.storageClassName }} 15 | {{- end }} 16 | {{- with .Values.sharedStorage.volumeName }} 17 | volumeName: {{ . }} 18 | {{- end }} 19 | resources: 20 | requests: 21 | storage: {{ .Values.sharedStorage.requests.storage }} 22 | {{- with .Values.sharedStorage.selector }} 23 | selector: 24 | {{- toYaml . | nindent 4 }} 25 | {{- end }} 26 | --- 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /charts/rstudio-connect/templates/rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (.Values.rbac.create) (.Values.launcher.enabled) }} 2 | {{ $namespace := $.Release.Namespace }} 3 | {{ $targetNamespace := default $.Release.Namespace .Values.launcher.namespace }} 4 | {{ $serviceAccountName := default (include "rstudio-connect.fullname" .) .Values.rbac.serviceAccount.name }} 5 | {{ $serviceAccountCreate := .Values.rbac.serviceAccount.create }} 6 | {{ $serviceAccountAnnotations := .Values.rbac.serviceAccount.annotations }} 7 | {{ $serviceAccountLabels := .Values.rbac.serviceAccount.labels }} 8 | {{ $clusterRoleCreate := .Values.rbac.clusterRoleCreate }} 9 | {{ $rbacValues1 := dict "namespace" $namespace "serviceAccountName" $serviceAccountName "targetNamespace" $targetNamespace }} 10 | {{ $rbacValues2 := dict "serviceAccountCreate" $serviceAccountCreate "serviceAccountAnnotations" $serviceAccountAnnotations "serviceAccountLabels" $serviceAccountLabels }} 11 | {{ $rbacValues3 := dict "clusterRoleCreate" $clusterRoleCreate }} 12 | {{ $rbacValues := merge $rbacValues1 $rbacValues2 $rbacValues3 }} 13 | {{ include "rstudio-library.rbac" $rbacValues }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/rstudio-connect/templates/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.prometheus.enabled .Values.serviceMonitor.enabled -}} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ include "rstudio-connect.fullname" . }} 6 | namespace: {{ .Values.serviceMonitor.namespace | default .Release.Namespace }} 7 | labels: 8 | {{- include "rstudio-connect.labels" . | nindent 4 }} 9 | {{- if .Values.serviceMonitor.additionalLabels }} 10 | {{- toYaml .Values.serviceMonitor.additionalLabels | nindent 4 }} 11 | {{- end }} 12 | spec: 13 | endpoints: 14 | - port: metrics 15 | namespaceSelector: 16 | matchNames: 17 | - {{ .Release.Namespace | quote }} 18 | selector: 19 | matchLabels: 20 | {{- include "rstudio-connect.selectorLabels" . | nindent 6 }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/rstudio-connect/templates/svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "rstudio-connect.fullname" . }} 6 | namespace: {{ $.Release.Namespace }} 7 | labels: 8 | {{- include "rstudio-connect.labels" . | nindent 4 }} 9 | {{- with .Values.service.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | spec: 14 | type: {{ .Values.service.type }} 15 | {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} 16 | clusterIP: {{ .Values.service.clusterIP }} 17 | {{- end }} 18 | {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }} 19 | loadBalancerIP: {{ .Values.service.loadBalancerIP }} 20 | {{- end }} 21 | selector: 22 | {{- include "rstudio-connect.selectorLabels" . | nindent 4 }} 23 | ports: 24 | - name: http 25 | protocol: TCP 26 | port: {{ .Values.service.port }} 27 | {{- if and (eq .Values.service.type "NodePort") .Values.service.nodePort }} 28 | nodePort: {{ .Values.service.nodePort }} 29 | {{- end }} 30 | targetPort: {{ .Values.service.targetPort }} 31 | {{- if .Values.prometheus.enabled }} 32 | - name: metrics 33 | targetPort: metrics 34 | {{- if .Values.prometheus.legacy }} 35 | port: 9108 36 | {{- else }} 37 | port: {{ .Values.prometheus.port }} 38 | {{- end }} 39 | {{- end }} 40 | --- 41 | -------------------------------------------------------------------------------- /charts/rstudio-connect/tests/service-accounts_test.yaml: -------------------------------------------------------------------------------- 1 | suite: Connect Service Accounts 2 | templates: 3 | - configmap.yaml 4 | - configmap-prestart.yaml 5 | - deployment.yaml 6 | tests: 7 | - it: should set the Connect pod service account when the launcher is enabled 8 | template: deployment.yaml 9 | set: 10 | launcher: 11 | enabled: true 12 | rbac: 13 | create: true 14 | serviceAccount: 15 | name: "connect-service-account" 16 | asserts: 17 | - equal: 18 | path: "spec.template.spec.serviceAccountName" 19 | value: "connect-service-account" 20 | - it: should set the Connect pod service account when the launcher is not enabled 21 | template: deployment.yaml 22 | set: 23 | launcher: 24 | enabled: false 25 | rbac: 26 | create: true 27 | serviceAccount: 28 | name: "connect-service-account" 29 | asserts: 30 | - equal: 31 | path: "spec.template.spec.serviceAccountName" 32 | value: "connect-service-account" 33 | -------------------------------------------------------------------------------- /charts/rstudio-launcher-rbac/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | .helmignore 14 | # Common backup files 15 | *.swp 16 | *.bak 17 | *.tmp 18 | *.orig 19 | *~ 20 | # Various IDEs 21 | .project 22 | .idea/ 23 | *.tmproj 24 | .vscode/ 25 | 26 | # chart tests 27 | ci/ 28 | lint/ 29 | tests/ 30 | -------------------------------------------------------------------------------- /charts/rstudio-launcher-rbac/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: rstudio-library 3 | repository: https://helm.rstudio.com 4 | version: 0.1.31 5 | digest: sha256:2a0e98b8fa01730bf2db3816a7310462c921b9fa2f1f3c74f85fedede82e1593 6 | generated: "2024-11-01T10:21:05.638651-04:00" 7 | -------------------------------------------------------------------------------- /charts/rstudio-launcher-rbac/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: rstudio-launcher-rbac 3 | description: RBAC definition for the RStudio Job Launcher 4 | type: application 5 | version: 0.2.24 6 | appVersion: 0.2.21 7 | icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png 8 | sources: 9 | - https://github.com/rstudio/helm 10 | maintainers: 11 | - name: sol-eng 12 | email: docker@rstudio.com 13 | url: https://github.com/sol-eng 14 | dependencies: 15 | - name: rstudio-library 16 | version: 0.1.31 17 | repository: https://helm.rstudio.com 18 | keywords: 19 | - "data science" 20 | - "machine learning" 21 | - "launcher" 22 | - "rbac" 23 | - "rstudio" 24 | - "posit" 25 | -------------------------------------------------------------------------------- /charts/rstudio-launcher-rbac/LICENSE: -------------------------------------------------------------------------------- 1 | # MIT License 2 | 3 | Copyright (c) 2023 Posit Software, PBC 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /charts/rstudio-launcher-rbac/README.md.gotmpl: -------------------------------------------------------------------------------- 1 | {{ template "rstudio.header" . }} 2 | 3 | {{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} 4 | 5 | {{ template "rstudio.description" . }} 6 | 7 | {{ template "rstudio.disclaimer" . }} 8 | 9 | {{ template "rstudio.install" . }} 10 | 11 | ## Common Usage 12 | 13 | > NOTE: this chart is intended primarily for use by individuals who _do not_ 14 | > want to use our other Helm charts. This chart ONLY deploys RBAC or generates RBAC yaml directly 15 | > 16 | > It is _not needed_ if you are using other RStudio Helm charts 17 | 18 | To generate RBAC yaml for use with `kubectl apply`: 19 | ``` 20 | helm template -n rstudio rstudio-launcher-rbac rstudio/rstudio-launcher-rbac 21 | ``` 22 | 23 | {{ template "chart.valuesSection" . }} 24 | 25 | {{ template "helm-docs.versionFooter" . }} 26 | -------------------------------------------------------------------------------- /charts/rstudio-launcher-rbac/ci/empty-values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rstudio/helm/6236c55f242849d0988afa66022f8ad8aff2e99f/charts/rstudio-launcher-rbac/ci/empty-values.yaml -------------------------------------------------------------------------------- /charts/rstudio-launcher-rbac/lint/all-values.yaml: -------------------------------------------------------------------------------- 1 | targetNamespaces: 2 | - default 3 | includeReleaseNamespace: false 4 | removeNamespaceReferences: false 5 | nameOverride: "override" 6 | fullnameOverride: "alloverriding" 7 | 8 | serviceAccount: 9 | create: true 10 | annotations: 11 | one: two 12 | three: four 13 | name: "my-service-account" 14 | -------------------------------------------------------------------------------- /charts/rstudio-launcher-rbac/lint/empty-values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rstudio/helm/6236c55f242849d0988afa66022f8ad8aff2e99f/charts/rstudio-launcher-rbac/lint/empty-values.yaml -------------------------------------------------------------------------------- /charts/rstudio-launcher-rbac/lint/just-yaml-values.yaml: -------------------------------------------------------------------------------- 1 | removeNamespaceReferences: false 2 | -------------------------------------------------------------------------------- /charts/rstudio-launcher-rbac/lint/no-release-ns-values.yaml: -------------------------------------------------------------------------------- 1 | includeReleaseNamespace: false 2 | targetNamespaces: 3 | - default 4 | -------------------------------------------------------------------------------- /charts/rstudio-launcher-rbac/lint/no-sa-values.yaml: -------------------------------------------------------------------------------- 1 | serviceAccount: 2 | create: false 3 | name: "default" 4 | -------------------------------------------------------------------------------- /charts/rstudio-launcher-rbac/lint/simple-values.yaml: -------------------------------------------------------------------------------- 1 | serviceAccount: 2 | create: true 3 | name: "my-service-account" 4 | -------------------------------------------------------------------------------- /charts/rstudio-launcher-rbac/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{ include "rstudio-launcher-rbac.fullname" . }} successfully deployed to namespace {{ $.Release.Namespace }} 2 | 3 | {{- if .Values.serviceAccount.create }} 4 | Created service account {{ include "rstudio-launcher-rbac.serviceAccountName" . }} 5 | {{- end }} 6 | -------------------------------------------------------------------------------- /charts/rstudio-launcher-rbac/values.yaml: -------------------------------------------------------------------------------- 1 | # -- The targetNamespaces that the launcher will be able to launch sessions into 2 | targetNamespaces: [] 3 | 4 | # -- Whether the helm release namespace should be a possible launcher target 5 | includeReleaseNamespace: true 6 | 7 | # -- remove explicit namespace references (problematic if targetNamespaces is defined) 8 | removeNamespaceReferences: false 9 | 10 | # -- The override for "ChartName" in the "FullName" which defaults to "ReleaseName-ChartName" or "ReleaseName" (if "ReleaseName" contains "ChartName") 11 | nameOverride: "" 12 | # -- The override for the "FullName" which defaults to "ReleaseName-ChartName" or "ReleaseName" (if "ReleaseName" contains "ChartName") 13 | fullnameOverride: "" 14 | 15 | # -- Whether to create the ClusterRole that grants access to the Kubernetes nodes API. This is used by the Launcher 16 | # to get all of the IP addresses associated with the node that is running a particular job. In most cases, this can 17 | # be disabled as the node's internal address is sufficient to allow proper functionality. 18 | clusterRoleCreate: false 19 | 20 | serviceAccount: 21 | # -- Specifies whether a service account should be created 22 | create: true 23 | # -- Annotations to add to the service account 24 | annotations: {} 25 | # -- The name of the service account to use. 26 | # If not set, a name is generated using the fullname template 27 | name: "" 28 | # -- Labels to add to the service account 29 | labels: {} 30 | -------------------------------------------------------------------------------- /charts/rstudio-library/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | .helmignore 14 | # Common backup files 15 | *.swp 16 | *.bak 17 | *.tmp 18 | *.orig 19 | *~ 20 | # Various IDEs 21 | .project 22 | .idea/ 23 | *.tmproj 24 | .vscode/ 25 | 26 | # chart tests 27 | ci/ 28 | lint/ 29 | tests/ 30 | -------------------------------------------------------------------------------- /charts/rstudio-library/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: rstudio-library 3 | description: Helm library helpers for use by official RStudio charts 4 | type: library 5 | version: 0.1.34 6 | appVersion: 0.1.34 7 | 8 | icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png 9 | home: https://www.rstudio.com 10 | sources: 11 | - https://github.com/rstudio/helm 12 | maintainers: 13 | - name: sol-eng 14 | email: docker@rstudio.com 15 | url: https://github.com/rstudio/helm 16 | annotations: 17 | artifacthub.io/license: MIT 18 | artifacthub.io/links: | 19 | - name: RStudio Community 20 | url: https://community.rstudio.com/c/r-admin/5 21 | - name: About RStudio Team 22 | url: https://www.rstudio.com/products/team/ 23 | keywords: 24 | - "rstudio" 25 | - "library" 26 | - "posit" 27 | -------------------------------------------------------------------------------- /charts/rstudio-library/LICENSE: -------------------------------------------------------------------------------- 1 | # MIT License 2 | 3 | Copyright (c) 2021 RStudio PBC 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /charts/rstudio-library/README.md.gotmpl: -------------------------------------------------------------------------------- 1 | {{ template "rstudio.header" . }} 2 | 3 | {{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} 4 | 5 | {{ template "rstudio.description" . }} 6 | 7 | {{ template "rstudio.disclaimer" . }} 8 | 9 | # Usage 10 | 11 | > The `rstudio-library` chart _cannot be installed_ 12 | 13 | A ["library" chart](https://helm.sh/docs/topics/library_charts/) exists to provide helper functions for use by other 14 | helm charts. 15 | 16 | The functions and helpers defined in the `rstudio-library` chart are utilized by the other RStudio Helm charts. 17 | 18 | It cannot be used directly. 19 | 20 | If you are curious about its usage, take a look at the other charts (i.e. `rstudio-connect`, etc.) and look 21 | for `rstudio-library` in the `templates/` directory. 22 | 23 | {{ template "helm-docs.versionFooter" . }} 24 | -------------------------------------------------------------------------------- /charts/rstudio-library/templates/_debug.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Checks type and prints an informative error message 3 | 4 | Takes a dict: 5 | name: the description of what it is 6 | object: the object to type check 7 | expected: the expected type 8 | description: additional description of the "expected" type. Optional 9 | */}} 10 | {{- define "rstudio-library.debug.type-check" }} 11 | {{- $expectedDescription := (.description | default "") }} 12 | {{- if $expectedDescription }} 13 | {{- $expectedDescription = print " " $expectedDescription }} 14 | {{- end }} 15 | {{- if not (kindIs .expected .object) }} 16 | {{- fail (print "\n\n" .name " must be a '" .expected "'" $expectedDescription ". Instead got '" (kindOf .object) "' : '" (print .object) "'" ) }} 17 | {{- end }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/rstudio-library/templates/_launcher-templates.tpl: -------------------------------------------------------------------------------- 1 | {{- define "rstudio-library.templates.skeleton" -}} 2 | {{- $trailingDash := ternary "-" "" (default true .trailingDash) -}} 3 | {{- printf "{{- define \"%s\" %s}}" .name $trailingDash -}} 4 | {{- .value | toYaml | nindent 0 }} 5 | {{ printf "{{- end }}" -}} 6 | {{- end }} 7 | 8 | {{- define "rstudio-library.templates.dataOutput" -}} 9 | {{- $trailingDash := ternary "-" "" (default true .trailingDash) -}} 10 | {{- printf "{{- define \"%s\" %s}}" .name $trailingDash -}} 11 | {{- .value | toJson | nindent 0 }} 12 | {{ printf "{{- end }}" -}} 13 | {{- end }} 14 | 15 | {{- define "rstudio-library.templates.dataOutputPretty" -}} 16 | {{- $trailingDash := ternary "-" "" (default true .trailingDash) -}} 17 | {{- printf "{{- define \"%s\" %s}}" .name $trailingDash -}} 18 | {{- .value | toPrettyJson | nindent 0 }} 19 | {{ printf "{{- end }}" -}} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /charts/rstudio-library/templates/_license-env.tpl: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Define environment variables for license configuration 3 | Takes a dict: 4 | "product": "the product, e.g., rstudio-pm" 5 | "envVarPrefix": "the env var prefix, e.g., RSPM" 6 | "license": "the license configuration values" 7 | "fullName": "the fully qualified app name" 8 | */ -}} 9 | {{- define "rstudio-library.license-env" -}} 10 | {{- if .license.key }} 11 | - name: {{ .envVarPrefix }}_LICENSE 12 | valueFrom: 13 | secretKeyRef: 14 | name: {{ .fullName }}-license 15 | key: {{ .product }} 16 | {{- end }} 17 | {{- if .license.server }} 18 | - name: {{ .envVarPrefix }}_LICENSE_SERVER 19 | value: {{ .license.server | quote }} 20 | {{- end }} 21 | {{- if or .license.file.contents .license.file.secret }} 22 | - name: {{ .envVarPrefix }}_LICENSE_FILE_PATH 23 | value: "{{ .license.file.mountPath }}/{{ .license.file.secretKey }}" 24 | {{- end }} 25 | {{- end -}}{{- /* end define template */ -}} 26 | -------------------------------------------------------------------------------- /charts/rstudio-library/templates/_license-mount.tpl: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Define volume mounts for license configuration 3 | Takes a dict: 4 | "license": "the license configuration values" 5 | */ -}} 6 | {{- define "rstudio-library.license-mount" -}} 7 | {{- if or .license.file.contents .license.file.secret }} 8 | - name: license-file 9 | {{- if .license.file.mountSubPath }} 10 | mountPath: "{{ .license.file.mountPath }}/{{ .license.file.secretKey }}" 11 | subPath: {{ .license.file.secretKey | quote }} 12 | {{ else }} 13 | mountPath: {{ .license.file.mountPath | quote }} 14 | {{- end }} 15 | {{- end }} 16 | {{- end -}}{{- /* end define template */ -}} 17 | -------------------------------------------------------------------------------- /charts/rstudio-library/templates/_license-secret.tpl: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Define secrets for license configuration 3 | Takes a dict: 4 | "product": "the product, e.g., rstudio-pm" 5 | "namespace": "the namespace" 6 | "license": "the license configuration values" 7 | "fullName": "the fully qualified app name" 8 | */ -}} 9 | {{- define "rstudio-library.license-secret" -}} 10 | --- 11 | {{- if .license.key }} 12 | apiVersion: v1 13 | kind: Secret 14 | metadata: 15 | name: {{ .fullName }}-license 16 | namespace: {{ .namespace }} 17 | type: Opaque 18 | stringData: 19 | {{ .product }}: {{ .license.key | quote }} 20 | --- 21 | {{- end }} 22 | {{- if .license.file.contents }} 23 | apiVersion: v1 24 | kind: Secret 25 | metadata: 26 | name: {{ .fullName }}-license-file 27 | namespace: {{ .namespace }} 28 | type: Opaque 29 | stringData: 30 | {{ .license.file.secretKey }}: | 31 | {{ .license.file.contents | indent 4 }} 32 | --- 33 | {{- end }} 34 | 35 | {{- end -}}{{- /* end define template */ -}} 36 | -------------------------------------------------------------------------------- /charts/rstudio-library/templates/_license-volume.tpl: -------------------------------------------------------------------------------- 1 | {{- /* 2 | Define volume for license configuration 3 | Takes a dict: 4 | "license": "the license configuration values" 5 | "fullName": "the fully qualified app name" 6 | */ -}} 7 | {{- define "rstudio-library.license-volume" -}} 8 | {{- if or .license.file.contents .license.file.secret }} 9 | - name: license-file 10 | secret: 11 | {{- if .license.file.secret }} 12 | secretName: {{ .license.file.secret }} 13 | {{- else }} 14 | secretName: {{ .fullName }}-license-file 15 | {{- end }} 16 | {{- end }} 17 | {{- end -}}{{- /* end define template */ -}} 18 | -------------------------------------------------------------------------------- /charts/rstudio-library/templates/_tplvalues.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* thanks to https://github.com/bitnami/charts/blob/master/bitnami/common/templates/_tplvalues.tpl */}} 3 | {{/* 4 | Renders a value that contains template. 5 | Usage: 6 | {{ include "rstudio-library.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} 7 | */}} 8 | {{- define "rstudio-library.tplvalues.render" -}} 9 | {{- if typeIs "string" .value }} 10 | {{- tpl .value .context }} 11 | {{- else }} 12 | {{- tpl (.value | toYaml) .context }} 13 | {{- end }} 14 | {{- end -}} 15 | -------------------------------------------------------------------------------- /charts/rstudio-library/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rstudio/helm/6236c55f242849d0988afa66022f8ad8aff2e99f/charts/rstudio-library/values.yaml -------------------------------------------------------------------------------- /charts/rstudio-pm/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | .helmignore 14 | # Common backup files 15 | *.swp 16 | *.bak 17 | *.tmp 18 | *.orig 19 | *~ 20 | # Various IDEs 21 | .project 22 | .idea/ 23 | *.tmproj 24 | .vscode/ 25 | 26 | # chart tests 27 | ci/ 28 | lint/ 29 | tests/ 30 | -------------------------------------------------------------------------------- /charts/rstudio-pm/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: rstudio-library 3 | repository: https://helm.rstudio.com 4 | version: 0.1.31 5 | digest: sha256:2a0e98b8fa01730bf2db3816a7310462c921b9fa2f1f3c74f85fedede82e1593 6 | generated: "2024-11-01T10:21:00.666975-04:00" 7 | -------------------------------------------------------------------------------- /charts/rstudio-pm/Chart.yaml: -------------------------------------------------------------------------------- 1 | name: rstudio-pm 2 | description: Official Helm chart for Posit Package Manager 3 | version: 0.5.47 4 | apiVersion: v2 5 | appVersion: 2025.04.2 6 | icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png 7 | home: https://www.rstudio.com 8 | sources: 9 | - https://github.com/rstudio/helm 10 | - https://github.com/rstudio/rstudio-docker-products 11 | maintainers: 12 | - name: sol-eng 13 | email: docker@rstudio.com 14 | url: https://github.com/rstudio/helm 15 | dependencies: 16 | - name: rstudio-library 17 | version: 0.1.31 18 | repository: https://helm.rstudio.com 19 | annotations: 20 | artifacthub.io/images: | 21 | - name: rstudio-package-manager 22 | image: rstudio/rstudio-package-manager:ubuntu2204-2025.04.0 23 | artifacthub.io/license: MIT 24 | artifacthub.io/links: | 25 | - name: RStudio Community 26 | url: https://community.rstudio.com/c/r-admin/5 27 | - name: About Package Manager 28 | url: https://posit.co/products/enterprise/package-manager/ 29 | - name: About Posit Team 30 | url: https://posit.co/products/enterprise/team/ 31 | keywords: 32 | - "data science" 33 | - "machine learning" 34 | - "r" 35 | - "rstats" 36 | - "python" 37 | - "package" 38 | - "cran" 39 | - "pypi" 40 | - "pip" 41 | - "bioconductor" 42 | - "rstudio" 43 | - "posit" 44 | -------------------------------------------------------------------------------- /charts/rstudio-pm/LICENSE: -------------------------------------------------------------------------------- 1 | # MIT License 2 | 3 | Copyright (c) 2023 Posit Software, PBC 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /charts/rstudio-pm/Makefile: -------------------------------------------------------------------------------- 1 | lint: 2 | helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/simple-values.yaml . 3 | helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/empty-values.yaml . 4 | helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/all-values.yaml . 5 | 6 | template: 7 | helm template . 8 | -------------------------------------------------------------------------------- /charts/rstudio-pm/ci/license-file-values.yaml: -------------------------------------------------------------------------------- 1 | license: 2 | file: 3 | secret: ppm-license 4 | secretKey: ppm.lic 5 | -------------------------------------------------------------------------------- /charts/rstudio-pm/lint/all-values.yaml: -------------------------------------------------------------------------------- 1 | image: 2 | repository: rstudio/rstudio-package-manager 3 | tag: 1.1.6.1-5 4 | imagePullPolicy: Always 5 | imagePullSecrets: 6 | - name: "some-secret" 7 | 8 | podDisruptionBudget: 9 | minAvailable: 30% 10 | 11 | sharedStorage: 12 | create: true 13 | storageClassName: test-class 14 | volumeName: test-volume 15 | license: 16 | key: test 17 | service: 18 | type: NodePort 19 | annotations: 20 | key: value 21 | key2: value2 22 | nodePort: 32420 23 | replicas: 1 24 | config: 25 | HTTP: 26 | Listen: :4242 27 | Server: 28 | DataDir: /var/lib/rstudio-pm 29 | RVersion: 30 | - /opt/R/3.6.2 31 | Git: 32 | BuilderDir: "/tmp/git" 33 | rstudioPMKey: somevalue 34 | awsAccessKeyId: keyid 35 | awsSecretAccessKey: keysecret 36 | storageClaim: someClaimName 37 | 38 | ingress: 39 | enabled: true 40 | annotations: 41 | kubernetes.io/ingress.class: traefik 42 | 43 | # Defines network routing in the traefik configuration. 44 | hosts: 45 | - host: rspm.rstudio.com 46 | paths: 47 | - / 48 | 49 | 50 | command: '["sleep","1000"]' 51 | args: '[]' 52 | 53 | initContainers: 54 | - name: busybox 55 | image: busybox 56 | command: ["echo"] 57 | args: ["init"] 58 | 59 | extraObjects: 60 | - apiVersion: v1 61 | kind: ConfigMap 62 | metadata: 63 | name: "test" 64 | data: 65 | something: fun 66 | - | 67 | apiVersion: v1 68 | kind: ConfigMap 69 | metadata: 70 | name: "test2" 71 | data: 72 | something: {{ printf "fun2" }} 73 | 74 | pod: 75 | labels: 76 | onelabel.com: value 77 | priorityClassName: someval 78 | -------------------------------------------------------------------------------- /charts/rstudio-pm/lint/empty-values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rstudio/helm/6236c55f242849d0988afa66022f8ad8aff2e99f/charts/rstudio-pm/lint/empty-values.yaml -------------------------------------------------------------------------------- /charts/rstudio-pm/lint/ingress-values.yaml: -------------------------------------------------------------------------------- 1 | ingress: 2 | enabled: true 3 | annotations: 4 | kubernetes.io/ingress.class: traefik 5 | 6 | # Defines network routing in the traefik configuration. 7 | hosts: 8 | - host: rspm.rstudio.com 9 | paths: 10 | - path: /test/ 11 | -------------------------------------------------------------------------------- /charts/rstudio-pm/lint/ingress2-values.yaml: -------------------------------------------------------------------------------- 1 | ingress: 2 | enabled: true 3 | annotations: 4 | kubernetes.io/ingress.class: traefik 5 | 6 | # Defines network routing in the traefik configuration. 7 | hosts: 8 | - host: rspm.rstudio.com 9 | paths: 10 | - path: /test/ 11 | pathType: Other 12 | -------------------------------------------------------------------------------- /charts/rstudio-pm/lint/simple-values.yaml: -------------------------------------------------------------------------------- 1 | license: 2 | key: test 3 | nodePort: 32420 4 | metricsNodePort: 32112 5 | replicas: 1 6 | config: 7 | HTTP: 8 | Listen: :4242 9 | Server: 10 | DataDir: /var/lib/rstudio-pm 11 | RVersion: 12 | - /opt/R/3.6.2 13 | Git: 14 | BuilderDir: "/tmp/git" 15 | -------------------------------------------------------------------------------- /charts/rstudio-pm/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ include "rstudio-pm.fullname" . }}-config 6 | namespace: {{ $.Release.Namespace }} 7 | data: 8 | rstudio-pm.gcfg: | 9 | {{ include "rstudio-pm.config" . | indent 4 }} 10 | -------------------------------------------------------------------------------- /charts/rstudio-pm/templates/extra-objects.yaml: -------------------------------------------------------------------------------- 1 | {{- range .Values.extraObjects }} 2 | --- 3 | {{ include "rstudio-library.tplvalues.render" (dict "value" . "context" $) }} 4 | {{- end }} 5 | -------------------------------------------------------------------------------- /charts/rstudio-pm/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $apiVersion := include "rstudio-library.ingress.apiVersion" . -}} 3 | {{- $fullName := include "rstudio-pm.fullname" . -}} 4 | {{- $svcPort := .Values.service.port -}} 5 | apiVersion: {{ $apiVersion }} 6 | kind: Ingress 7 | metadata: 8 | name: {{ $fullName }} 9 | labels: 10 | {{- include "rstudio-pm.labels" . | nindent 4 }} 11 | {{- with .Values.ingress.annotations }} 12 | annotations: 13 | {{- toYaml . | nindent 4 }} 14 | {{- end }} 15 | spec: 16 | {{- if and (.Values.ingress.ingressClassName) (include "rstudio-library.ingress.supportsIngressClassName" $apiVersion) }} 17 | ingressClassName: {{ .Values.ingress.ingressClassName }} 18 | {{- end }} 19 | {{- if .Values.ingress.tls }} 20 | tls: 21 | {{- range .Values.ingress.tls }} 22 | - hosts: 23 | {{- range .hosts }} 24 | - {{ . | quote }} 25 | {{- end }} 26 | secretName: {{ .secretName }} 27 | {{- end }} 28 | {{- end }} 29 | rules: 30 | {{- range .Values.ingress.hosts }} 31 | - host: {{ .host | quote }} 32 | http: 33 | paths: 34 | {{- range .paths }} 35 | - 36 | {{- include "rstudio-library.ingress.path" (dict "apiVersion" $apiVersion "pathData" . ) | indent 12 }} 37 | backend: 38 | {{- include "rstudio-library.ingress.backend" (dict "apiVersion" $apiVersion "svcName" $fullName "svcPort" $svcPort) | nindent 14 }} 39 | {{- end }} 40 | {{- end }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /charts/rstudio-pm/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.podDisruptionBudget -}} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" }} 3 | apiVersion: policy/v1 4 | {{- else }} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: {{ include "rstudio-pm.fullname" . }} 10 | labels: 11 | {{- include "rstudio-pm.labels" . | nindent 4 }} 12 | spec: 13 | selector: 14 | matchLabels: 15 | {{- include "rstudio-pm.selectorLabels" . | nindent 6 }} 16 | {{- toYaml .Values.podDisruptionBudget | nindent 2 }} 17 | {{- end -}} 18 | -------------------------------------------------------------------------------- /charts/rstudio-pm/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.sharedStorage.create }} 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: {{default (print (include "rstudio-pm.fullname" .) "-shared-storage" ) .Values.sharedStorage.name }} 6 | namespace: {{ $.Release.Namespace }} 7 | annotations: 8 | {{- .Values.sharedStorage.annotations | toYaml | nindent 4}} 9 | spec: 10 | accessModes: 11 | {{- .Values.sharedStorage.accessModes | toYaml | nindent 4 }} 12 | volumeMode: Filesystem 13 | {{- if .Values.sharedStorage.storageClassName }} 14 | storageClassName: {{ .Values.sharedStorage.storageClassName }} 15 | {{- end }} 16 | {{- with .Values.sharedStorage.volumeName }} 17 | volumeName: {{ . }} 18 | {{- end }} 19 | resources: 20 | requests: 21 | storage: {{ .Values.sharedStorage.requests.storage }} 22 | {{- with .Values.sharedStorage.selector }} 23 | selector: 24 | {{- toYaml . | nindent 4 }} 25 | {{- end }} 26 | --- 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /charts/rstudio-pm/templates/secret-aws-creds.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.awsAccessKeyId }} 2 | --- 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: {{ include "rstudio-pm.fullname" . }}-aws-creds 7 | namespace: {{ $.Release.Namespace }} 8 | type: Opaque 9 | stringData: 10 | credentials: | 11 | [default] 12 | aws_access_key_id={{ .Values.awsAccessKeyId }} 13 | aws_secret_access_key={{ .Values.awsSecretAccessKey }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/rstudio-pm/templates/secret-license.yaml: -------------------------------------------------------------------------------- 1 | {{ include "rstudio-library.license-secret" (dict "license" ( .Values.license ) "fullName" (include "rstudio-pm.fullname" .) "product" ("rstudio-pm") "namespace" $.Release.Namespace) }} 2 | -------------------------------------------------------------------------------- /charts/rstudio-pm/templates/secret-rstudio-pm-key.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rstudioPMKey }} 2 | --- 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: {{ include "rstudio-pm.fullname" . }}-rstudio-pm-key 7 | namespace: {{ $.Release.Namespace }} 8 | type: Opaque 9 | stringData: 10 | rstudio-pm.key: {{ .Values.rstudioPMKey }} 11 | {{- end }} 12 | -------------------------------------------------------------------------------- /charts/rstudio-pm/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "rstudio-pm.serviceAccountName" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "rstudio-pm.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/rstudio-pm/templates/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.config.Metrics.Enabled .Values.serviceMonitor.enabled -}} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ include "rstudio-pm.fullname" . }} 6 | namespace: {{ .Values.serviceMonitor.namespace | default .Release.Namespace }} 7 | labels: 8 | {{- include "rstudio-pm.labels" . | nindent 4 }} 9 | {{- if .Values.serviceMonitor.additionalLabels }} 10 | {{- toYaml .Values.serviceMonitor.additionalLabels | nindent 4 }} 11 | {{- end }} 12 | spec: 13 | endpoints: 14 | - port: metrics 15 | namespaceSelector: 16 | matchNames: 17 | - {{ .Release.Namespace | quote }} 18 | selector: 19 | matchLabels: 20 | {{- include "rstudio-pm.selectorLabels" . | nindent 6 }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/rstudio-pm/templates/svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "rstudio-pm.fullname" . }} 6 | namespace: {{ $.Release.Namespace }} 7 | labels: 8 | {{- include "rstudio-pm.labels" . | nindent 4 }} 9 | {{- with .Values.service.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | spec: 14 | type: {{ .Values.service.type }} 15 | {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} 16 | clusterIP: {{ .Values.service.clusterIP }} 17 | {{- end }} 18 | {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }} 19 | loadBalancerIP: {{ .Values.service.loadBalancerIP }} 20 | {{- end }} 21 | selector: 22 | {{- include "rstudio-pm.selectorLabels" . | nindent 4 }} 23 | ports: 24 | - protocol: TCP 25 | name: rspm 26 | port: {{ .Values.service.port }} 27 | {{- if and (eq .Values.service.type "NodePort") .Values.service.nodePort }} 28 | nodePort: {{ .Values.service.nodePort }} 29 | {{- end }} 30 | targetPort: {{ .Values.service.targetPort }} 31 | {{- if .Values.config.Metrics.Enabled }} 32 | - name: metrics 33 | port: 2112 34 | {{- end }} 35 | --- 36 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/.helmignore: -------------------------------------------------------------------------------- 1 | snapshot/ 2 | Makefile 3 | *.gotmpl 4 | .helmignore 5 | 6 | # chart tests 7 | ci/ 8 | lint/ 9 | tests/ 10 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: rstudio-library 3 | repository: https://helm.rstudio.com 4 | version: 0.1.34 5 | digest: sha256:66324c3ca436a3743e6f7c3dd8e159d21fca4fd5072d4d8c2583bfafd8499d70 6 | generated: "2025-05-20T10:37:32.909079863-06:00" 7 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/Chart.yaml: -------------------------------------------------------------------------------- 1 | name: rstudio-workbench 2 | description: Official Helm chart for Posit Workbench 3 | version: 0.9.3 4 | apiVersion: v2 5 | appVersion: 2025.05.1 6 | icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png 7 | home: https://www.rstudio.com 8 | sources: 9 | - https://github.com/rstudio/helm 10 | maintainers: 11 | - name: sol-eng 12 | email: docker@rstudio.com 13 | url: https://github.com/sol-eng 14 | dependencies: 15 | - name: rstudio-library 16 | version: 0.1.34 17 | repository: https://helm.rstudio.com 18 | annotations: 19 | artifacthub.io/images: | 20 | - name: rstudio-workbench 21 | image: rstudio/rstudio-workbench:ubuntu2204-2025.05.1 22 | - name: r-session-complete 23 | image: rstudio/r-session-complete:ubuntu2204-2025.05.1 24 | artifacthub.io/license: MIT 25 | artifacthub.io/links: | 26 | - name: Docker Images 27 | url: https://github.com/rstudio/rstudio-docker-products 28 | - name: RStudio Community 29 | url: https://community.rstudio.com/c/r-admin/5 30 | - name: About Workbench 31 | url: https://www.rstudio.com/products/workbench/ 32 | - name: About RStudio Team 33 | url: https://www.rstudio.com/products/team/ 34 | keywords: 35 | - "data science" 36 | - "machine learning" 37 | - "r" 38 | - "rstats" 39 | - "python" 40 | - "ide" 41 | - "editor" 42 | - "jupyter" 43 | - "vscode" 44 | - "rstudio" 45 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/LICENSE: -------------------------------------------------------------------------------- 1 | # MIT License 2 | 3 | Copyright (c) 2023 Posit Software, PBC 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/Makefile: -------------------------------------------------------------------------------- 1 | lint: 2 | helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/complex-values.yaml . 3 | helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/simple-values.yaml . 4 | helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/empty-values.yaml . 5 | helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/overrides-values.yaml . 6 | 7 | template: 8 | helm template -f ci/simple-values.yaml . 9 | 10 | template-complex: 11 | helm template -f ci/complex-values.yaml . 12 | 13 | template-debug: 14 | helm template -f ci/simple-values.yaml --debug . 15 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/ci/basic-ingress-values.yaml: -------------------------------------------------------------------------------- 1 | license: 2 | file: 3 | secret: pwb-license 4 | secretKey: pwb.lic 5 | 6 | ingress: 7 | enabled: true 8 | annotations: 9 | kubernetes.io/ingress.class: traefik 10 | 11 | hosts: 12 | - host: workbench.rstudio.com 13 | paths: 14 | - path: /test/ 15 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/ci/basic-service-account-values.yaml: -------------------------------------------------------------------------------- 1 | license: 2 | file: 3 | secret: pwb-license 4 | secretKey: pwb.lic 5 | 6 | rbac: 7 | create: true 8 | serviceAccount: 9 | name: test-sa 10 | create: true 11 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/ci/launcher-template-values.yaml: -------------------------------------------------------------------------------- 1 | license: 2 | file: 3 | secret: pwb-license 4 | secretKey: pwb.lic 5 | 6 | config: 7 | sessionSecret: 8 | example-file.json: '{"some-contents": "test"}' 9 | launcher: 10 | enabled: true 11 | useTemplates: true 12 | templateValues: 13 | service: 14 | type: ClusterIP 15 | annotations: 16 | five: six 17 | job: 18 | ttlSecondsAfterFinished: 99 19 | annotations: 20 | seven: eight 21 | labels: 22 | nine: ten 23 | pod: 24 | serviceAccountName: test 25 | annotations: 26 | one: two 27 | labels: 28 | three: four 29 | volumes: 30 | - name: test 31 | emptyDir: {} 32 | volumeMounts: 33 | - name: test 34 | mountPath: /tmp/mnt 35 | env: 36 | - name: SOME_ENV_VAR 37 | value: the-env-var-value 38 | securityContext: 39 | runAsUser: 999 40 | defaultSecurityContext: 41 | fsGroupChangePolicy: "Always" 42 | runAsGroup: 999 43 | containerSecurityContext: 44 | privileged: false 45 | tolerations: 46 | - key: "kubernetes.azure.com/scalesetpriority" 47 | operator: "Equal" 48 | value: "spot" 49 | effect: "NoSchedule" 50 | affinity: 51 | nodeAffinity: 52 | requiredDuringSchedulingIgnoredDuringExecution: 53 | nodeSelectorTerms: 54 | - matchExpressions: 55 | - key: "kubernetes.azure.com/scalesetpriority" 56 | operator: In 57 | values: 58 | - "spot" 59 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/ci/license-file-values.yaml: -------------------------------------------------------------------------------- 1 | license: 2 | file: 3 | secret: pwb-license 4 | secretKey: pwb.lic 5 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/ci/user-create-values.yaml: -------------------------------------------------------------------------------- 1 | license: 2 | file: 3 | secret: pwb-license 4 | secretKey: pwb.lic 5 | 6 | userCreate: true 7 | userName: jforest-test 8 | userPassword: djhkjhij870jjbJye 9 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/lint/default-sa-values.yaml: -------------------------------------------------------------------------------- 1 | rbac: 2 | create: true 3 | serviceAccount: 4 | name: default 5 | create: false 6 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/lint/empty-values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rstudio/helm/6236c55f242849d0988afa66022f8ad8aff2e99f/charts/rstudio-workbench/lint/empty-values.yaml -------------------------------------------------------------------------------- /charts/rstudio-workbench/lint/ingress-values.yaml: -------------------------------------------------------------------------------- 1 | ingress: 2 | enabled: true 3 | annotations: 4 | kubernetes.io/ingress.class: traefik 5 | 6 | # Defines network routing in the traefik configuration. 7 | hosts: 8 | - host: workbench.rstudio.com 9 | paths: 10 | - path: /test/ 11 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/lint/ingress2-values.yaml: -------------------------------------------------------------------------------- 1 | ingress: 2 | enabled: true 3 | annotations: 4 | kubernetes.io/ingress.class: traefik 5 | 6 | # Defines network routing in the traefik configuration. 7 | hosts: 8 | - host: workbench.rstudio.com 9 | paths: 10 | - path: /test/ 11 | pathType: Other 12 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/lint/launcher-template-values.yaml: -------------------------------------------------------------------------------- 1 | config: 2 | sessionSecret: 3 | example-file.json: '{"some-contents": "test"}' 4 | launcher: 5 | enabled: true 6 | useTemplates: true 7 | templateValues: 8 | service: 9 | type: ClusterIP 10 | annotations: 11 | five: six 12 | job: 13 | ttlSecondsAfterFinished: 99 14 | annotations: 15 | seven: eight 16 | labels: 17 | nine: ten 18 | pod: 19 | serviceAccountName: test 20 | annotations: 21 | one: two 22 | labels: 23 | three: four 24 | volumes: 25 | - name: test 26 | emptyDir: {} 27 | volumeMounts: 28 | - name: test 29 | mountPath: /tmp/mnt 30 | env: 31 | - name: SOME_ENV_VAR 32 | value: the-env-var-value 33 | securityContext: 34 | runAsUser: 999 35 | defaultSecurityContext: 36 | fsGroupChangePolicy: "Always" 37 | runAsGroup: 999 38 | containerSecurityContext: 39 | privileged: false 40 | tolerations: 41 | - key: "kubernetes.azure.com/scalesetpriority" 42 | operator: "Equal" 43 | value: "spot" 44 | effect: "NoSchedule" 45 | affinity: 46 | nodeAffinity: 47 | requiredDuringSchedulingIgnoredDuringExecution: 48 | nodeSelectorTerms: 49 | - matchExpressions: 50 | - key: "kubernetes.azure.com/scalesetpriority" 51 | operator: In 52 | values: 53 | - "spot" 54 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/lint/license-file-secret-values.yaml: -------------------------------------------------------------------------------- 1 | license: 2 | file: 3 | secret: some-secret 4 | secretKey: my-license.lic 5 | mountPath: "/etc/license/license.lic" 6 | mountSubPath: "my-license.lic" 7 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/lint/license-file-values.yaml: -------------------------------------------------------------------------------- 1 | license: 2 | file: 3 | contents: | 4 | some-license-file 5 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/lint/license-server-values.yaml: -------------------------------------------------------------------------------- 1 | license: 2 | server: http://my-license-server.example.com:9999 3 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/lint/license-values.yaml: -------------------------------------------------------------------------------- 1 | license: 2 | key: test-license 3 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/lint/overrides-values-new.yaml: -------------------------------------------------------------------------------- 1 | license: 2 | key: real 3 | replicas: 1 4 | rbac: 5 | create: true 6 | homeStorage: 7 | create: true 8 | userCreate: true 9 | 10 | config: 11 | profiles: 12 | launcher.kubernetes.profiles.conf: 13 | "*": 14 | container-images: 15 | - some-image:tag 16 | - another-image:tag 17 | job-json-overrides: 18 | - target: "/spec/template/spec/volumes/-" 19 | name: volumes 20 | json: 21 | configMap: 22 | defaultMode: 0755 23 | name: session-config 24 | items: 25 | - path: startup.sh 26 | key: startup.sh 27 | name: session-config 28 | - target: "/spec/template/spec/containers/0/volumeMounts/-" 29 | name: volumeMounts 30 | json: 31 | mountPath: /usr/local/bin/startup.sh 32 | name: session-config 33 | subPath: startup.sh 34 | - target: "/spec/template/spec/containers/0/command/0" 35 | name: entrypoint 36 | json: "/usr/local/bin/startup.sh" 37 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/lint/overrides-values.yaml: -------------------------------------------------------------------------------- 1 | license: 2 | key: real 3 | replicas: 1 4 | rbac: 5 | create: true 6 | homeStorage: 7 | create: true 8 | userCreate: true 9 | jobJsonOverridesFiles: 10 | entrypoint.json: "/usr/local/bin/startup.sh" 11 | volumes.json: 12 | configMap: 13 | defaultMode: 0755 14 | name: session-config 15 | items: 16 | - path: startup.sh 17 | key: startup.sh 18 | name: session-config 19 | volumeMounts.json: 20 | mountPath: /usr/local/bin/startup.sh 21 | name: session-config 22 | subPath: startup.sh 23 | 24 | config: 25 | server: 26 | launcher.kubernetes.profiles.conf: 27 | "*": 28 | job-json-overrides: '"/spec/template/spec/volumes/-":"/mnt/job-json-overrides/volumes.json","/spec/template/spec/containers/0/volumeMounts/-":"/mnt/job-json-overrides/volumeMounts.json","/spec/template/spec/containers/0/command/0":"/mnt/job-json-overrides/entrypoint.json"' 29 | # job-json-overrides: '"/spec/template/spec/volumes/-":"/mnt/job-json-overrides/volumes.json","/spec/template/spec/containers/0/volumeMounts/-":"/mnt/job-json-overrides/volumeMounts.json"' 30 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/lint/simple-profiles-values.yaml: -------------------------------------------------------------------------------- 1 | license: 2 | key: real 3 | replicas: 1 4 | rbac: 5 | create: true 6 | homeStorage: 7 | create: true 8 | userCreate: true 9 | 10 | securityContext: 11 | privileged: false 12 | 13 | config: 14 | profiles: 15 | launcher.kubernetes.profiles.conf: 16 | "*": 17 | allow-unknown-images: 0 18 | "cole": 19 | allow-unknown-images: 1 20 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/lint/simple-values.yaml: -------------------------------------------------------------------------------- 1 | license: 2 | key: real 3 | replicas: 1 4 | rbac: 5 | create: true 6 | homeStorage: 7 | create: true 8 | userCreate: true 9 | 10 | securityContext: 11 | privileged: false 12 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/snapshot/.gitignore: -------------------------------------------------------------------------------- 1 | *.yaml 2 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/templates/configmap-graphite-exporter.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.prometheus.legacy .Values.prometheusExporter.enabled }} 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: {{ include "rstudio-workbench.fullname" . }}-graphite 7 | namespace: {{ $.Release.Namespace }} 8 | data: 9 | graphite-mapping.yaml: |- 10 | {{- if .Values.prometheusExporter.mappingYaml }} 11 | {{- if kindIs "string" .Values.prometheusExporter.mappingYaml }} 12 | {{- .Values.prometheusExporter.mappingYaml | nindent 4 }} 13 | {{- else }} 14 | {{- toYaml .Values.prometheusExporter.mappingYaml | nindent 4 }} 15 | {{- end }} 16 | {{- else }} 17 | mappings: 18 | - match: "rstudio\\.([\\w-]+)\\.system\\.load\\.(.*)" 19 | match_type: regex 20 | name: "rstudio_system_load" 21 | labels: 22 | host: "$1" 23 | duration: "$2" 24 | - match: "rstudio\\.([\\w-]+)\\.(.*)" 25 | match_type: regex 26 | name: "rstudio_$2" 27 | labels: 28 | host: "$1" 29 | {{- end }} 30 | {{- end }} 31 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/templates/configmap-pam.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.config.pam }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ include "rstudio-workbench.fullname" . }}-pam 6 | namespace: {{ $.Release.Namespace }} 7 | data: 8 | {{- $pamDict := dict "data" .Values.config.pam "commentDelimiter" "#" }} 9 | {{- include "rstudio-library.config.txt" $pamDict | nindent 2 }} 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/templates/configmap-prestart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ include "rstudio-workbench.fullname" . }}-prestart 6 | namespace: {{ $.Release.Namespace }} 7 | data: 8 | prestart-workbench.bash: | 9 | {{- .Files.Get "prestart-workbench.bash" | nindent 4 }} 10 | prestart-launcher.bash: | 11 | {{- .Files.Get "prestart-launcher.bash" | nindent 4 }} 12 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/templates/extra-objects.yaml: -------------------------------------------------------------------------------- 1 | {{- range .Values.extraObjects }} 2 | --- 3 | {{ include "rstudio-library.tplvalues.render" (dict "value" . "context" $) }} 4 | {{- end }} 5 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $apiVersion := include "rstudio-library.ingress.apiVersion" . -}} 3 | {{- $fullName := include "rstudio-workbench.fullname" . -}} 4 | {{- $svcPort := .Values.service.port -}} 5 | apiVersion: {{ $apiVersion }} 6 | kind: Ingress 7 | metadata: 8 | name: {{ $fullName }} 9 | labels: 10 | {{- include "rstudio-workbench.labels" . | nindent 4 }} 11 | {{- with .Values.ingress.annotations }} 12 | annotations: 13 | {{- toYaml . | nindent 4 }} 14 | {{- end }} 15 | spec: 16 | {{- if and (.Values.ingress.ingressClassName) (include "rstudio-library.ingress.supportsIngressClassName" $apiVersion) }} 17 | ingressClassName: {{ .Values.ingress.ingressClassName }} 18 | {{- end }} 19 | {{- if .Values.ingress.tls }} 20 | tls: 21 | {{- range .Values.ingress.tls }} 22 | - hosts: 23 | {{- range .hosts }} 24 | - {{ . | quote }} 25 | {{- end }} 26 | secretName: {{ .secretName }} 27 | {{- end }} 28 | {{- end }} 29 | rules: 30 | {{- range .Values.ingress.hosts }} 31 | - host: {{ .host | quote }} 32 | http: 33 | paths: 34 | {{- range .paths }} 35 | - 36 | {{- include "rstudio-library.ingress.path" (dict "apiVersion" $apiVersion "pathData" . ) | indent 12 }} 37 | backend: 38 | {{- include "rstudio-library.ingress.backend" (dict "apiVersion" $apiVersion "svcName" $fullName "svcPort" $svcPort) | nindent 14 }} 39 | {{- end }} 40 | {{- end }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/templates/license-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ include "rstudio-library.license-secret" (dict "license" ( .Values.license ) "fullName" (include "rstudio-workbench.fullname" .) "product" ("rstudio-workbench") "namespace" $.Release.Namespace) }} 2 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.podDisruptionBudget -}} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1" }} 3 | apiVersion: policy/v1 4 | {{- else }} 5 | apiVersion: policy/v1beta1 6 | {{- end }} 7 | kind: PodDisruptionBudget 8 | metadata: 9 | name: {{ include "rstudio-workbench.fullname" . }} 10 | labels: 11 | {{- include "rstudio-workbench.labels" . | nindent 4 }} 12 | spec: 13 | selector: 14 | matchLabels: 15 | {{- include "rstudio-workbench.selectorLabels" . | nindent 6 }} 16 | {{- toYaml .Values.podDisruptionBudget | nindent 2 }} 17 | {{- end -}} 18 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/templates/rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | {{- $namespace := $.Release.Namespace }} 3 | {{- $targetNamespace := default $.Release.Namespace .Values.launcher.namespace }} 4 | {{- $serviceAccountName := default (include "rstudio-workbench.fullname" .) .Values.rbac.serviceAccount.name }} 5 | {{- $serviceAccountCreate := .Values.rbac.serviceAccount.create }} 6 | {{- $roleName := $serviceAccountName }} 7 | {{- $serviceAccountAnnotations := .Values.rbac.serviceAccount.annotations }} 8 | {{- $serviceAccountLabels := .Values.rbac.serviceAccount.labels }} 9 | {{- $clusterRoleCreate := .Values.rbac.clusterRoleCreate }} 10 | {{- $rbacValues1 := dict "namespace" $namespace "serviceAccountName" $serviceAccountName "targetNamespace" $targetNamespace }} 11 | {{- $rbacValues2 := dict "serviceAccountCreate" $serviceAccountCreate "serviceAccountAnnotations" $serviceAccountAnnotations "serviceAccountLabels" $serviceAccountLabels "roleName" ($roleName) }} 12 | {{- $rbacValues3 := dict "clusterRoleCreate" $clusterRoleCreate }} 13 | {{- $rbacValues := merge $rbacValues1 $rbacValues2 $rbacValues3 }} 14 | {{- include "rstudio-library.rbac" $rbacValues }} 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/templates/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.prometheus.enabled .Values.serviceMonitor.enabled -}} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ include "rstudio-workbench.fullname" . }} 6 | namespace: {{ .Values.serviceMonitor.namespace | default .Release.Namespace }} 7 | labels: 8 | {{- include "rstudio-workbench.labels" . | nindent 4 }} 9 | {{- if .Values.serviceMonitor.additionalLabels }} 10 | {{- toYaml .Values.serviceMonitor.additionalLabels | nindent 4 }} 11 | {{- end }} 12 | spec: 13 | endpoints: 14 | - port: metrics 15 | namespaceSelector: 16 | matchNames: 17 | - {{ .Release.Namespace | quote }} 18 | selector: 19 | matchLabels: 20 | {{- include "rstudio-workbench.selectorLabels" . | nindent 6 }} 21 | --- 22 | apiVersion: monitoring.coreos.com/v1 23 | kind: ServiceMonitor 24 | metadata: 25 | name: {{ include "rstudio-workbench.fullname" . }}-health 26 | namespace: {{ .Values.serviceMonitor.namespace | default .Release.Namespace }} 27 | labels: 28 | {{- include "rstudio-workbench.labels" . | nindent 4 }} 29 | {{- if .Values.serviceMonitor.additionalLabels }} 30 | {{- toYaml .Values.serviceMonitor.additionalLabels | nindent 4 }} 31 | {{- end }} 32 | spec: 33 | endpoints: 34 | - port: http 35 | path: /health-check 36 | namespaceSelector: 37 | matchNames: 38 | - {{ .Release.Namespace | quote }} 39 | selector: 40 | matchLabels: 41 | {{- include "rstudio-workbench.selectorLabels" . | nindent 6 }} 42 | {{- end }} 43 | -------------------------------------------------------------------------------- /charts/rstudio-workbench/templates/svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "rstudio-workbench.fullname" . }} 6 | namespace: {{ $.Release.Namespace }} 7 | labels: 8 | {{- include "rstudio-workbench.labels" . | nindent 4 }} 9 | {{- with .Values.service.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | spec: 14 | type: {{ .Values.service.type }} 15 | {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} 16 | clusterIP: {{ .Values.service.clusterIP }} 17 | {{- end }} 18 | {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }} 19 | loadBalancerIP: {{ .Values.service.loadBalancerIP }} 20 | {{- end }} 21 | selector: 22 | {{- include "rstudio-workbench.selectorLabels" . | nindent 4 }} 23 | ports: 24 | - protocol: TCP 25 | name: http 26 | port: {{ .Values.service.port }} 27 | {{- if and (eq .Values.service.type "NodePort") .Values.service.nodePort }} 28 | nodePort: {{ .Values.service.nodePort }} 29 | {{- end }} 30 | targetPort: {{ .Values.service.targetPort }} 31 | {{- if .Values.prometheus.enabled }} 32 | - name: metrics 33 | targetPort: metrics 34 | {{- if .Values.prometheus.legacy }} 35 | port: 9108 36 | {{- else }} 37 | port: {{ .Values.prometheus.port }} 38 | {{- end }} 39 | {{- end }} 40 | -------------------------------------------------------------------------------- /cr.yaml: -------------------------------------------------------------------------------- 1 | owner: rstudio 2 | git-repo: helm 3 | -------------------------------------------------------------------------------- /examples/auto-scaling/autoscaler/values.yaml: -------------------------------------------------------------------------------- 1 | replicaCount: 3 2 | autoDiscovery: 3 | clusterName: cluster_name 4 | tags: 5 | - k8s.io/cluster-autoscaler/enabled 6 | - k8s.io/cluster-autoscaler/{{ .Values.autoDiscovery.clusterName }} 7 | awsRegion: us-east-1 8 | cloudProvider: aws 9 | rbac: 10 | create: true 11 | serviceAccount: 12 | annotations: 13 | eks.amazonaws.com/role-arn: #TODO: add autoscaler IAM role 14 | create: true 15 | name: "autoscaler-aws-cluster-autoscaler" 16 | -------------------------------------------------------------------------------- /examples/auto-scaling/rstudio-workbench/users.txt: -------------------------------------------------------------------------------- 1 | # username:uid:password 2 | username1:1001:password 3 | username2:1002:password 4 | username3:1003:password 5 | username4:1004:password 6 | -------------------------------------------------------------------------------- /examples/connect/_prereqs.qmd: -------------------------------------------------------------------------------- 1 | To use this example you will need: 2 | 3 | - a license file or key 4 | - a `ReadWriteMany` POSIX compliant storage class for `sharedStorage` 5 | - a PostgreSQL database. -------------------------------------------------------------------------------- /examples/connect/application-configuration/index.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Basic configuration" 3 | --- 4 | 5 | # Configuring Posit Connect with Recommended Settings 6 | 7 | This example deploys Posit Connect with the recommended application configuration. 8 | 9 | These settings are recommend for most deployments and are described below: 10 | 11 | - [Set replicas > 1 to deploy Connect load balanced across multiple pods](https://docs.posit.co/connect/admin/load-balancing/) 12 | - [Set a default Posit Package Manager CRAN URL](https://docs.posit.co/connect/admin/r/package-management/#configuring-on-posit-connect) 13 | - [Set a default Posit Package Manager PyPI URL](https://docs.posit.co/connect/admin/python/package-management/#configuring-pip) 14 | - [Enable Quarto content](https://docs.posit.co/connect/admin/quarto/#enabling-quarto-support) 15 | 16 | {{< include ../_prereqs.qmd >}} 17 | 18 | ```{.yaml include="rstudio-connect-recommended-app-config.yaml" filename="values.yaml"} 19 | ``` 20 | -------------------------------------------------------------------------------- /examples/connect/auth/oidc.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Authentication" 3 | --- 4 | 5 | # Configuring Posit Connect with OpenID Connect 6 | 7 | This example deploys Posit Connect using OpenID Connect (OIDC) SSO for authentication. 8 | 9 | Users will be authenticated via SSO (using OIDC) and then users will be created in Connect upon first login or upon creation via the Connect API. Connect will populate user information based on certain claims received from the IdP. See the [Customizing OpenID Connect](https://docs.posit.co/connect/admin/authentication/oauth2-openid-based/openid-connect/#customizing-openid-connect) section of the Connect Admin Guide for a list of the default claims mapping, which can be adjusted if needed. 10 | 11 | By default all users get created with the Viewer role which is the default setting in [`Authorization.DefaultUserRole`](https://docs.posit.co/connect/admin/appendix/configuration/#Authorization.DefaultUserRole). Users can be [automatically mapped to different roles](https://docs.posit.co/connect/admin/authentication/oauth2-openid-based/openid-connect/#user-role-mapping) based on group membership. 12 | 13 | See the [OpenID Connect Authentication](https://docs.posit.co/connect/admin/authentication/oauth2-openid-based/openid-connect/) section of the Connect Admin Guide for more details. The Connect Admin guide also has pages for integrations with specific IdPs such as Okta and Entra ID. 14 | 15 | {{< include ../_prereqs.qmd >}} 16 | 17 | ```{.yaml include="rstudio-connect-oidc.yaml" filename="values.yaml"} 18 | ``` 19 | -------------------------------------------------------------------------------- /examples/connect/auth/saml.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Authentication" 3 | --- 4 | 5 | # Configuring Posit Connect with SAML 6 | 7 | This example deploys Posit Connect using SAML SSO for authentication. 8 | 9 | Users will be authenticated via SSO (using SAML) and then users will be created in Connect upon first login or upon creation via the Connect API. Connect will populate user information based on certain attributes received from the IdP. `IdPAttributeProfile` may be set to prepopulate attribute mapping for common IdPs, set to `default` for a common generic mapping or left empty to manually map each attribute. See the [Using attribute profiles](https://docs.posit.co/connect/admin/authentication/saml-based/saml/#attribute-profiles) section of the Connect Admin Guide for more details regarding profile mappings. 10 | 11 | By default all users get created with the Viewer role which is the default setting in [`Authorization.DefaultUserRole`](https://docs.posit.co/connect/admin/appendix/configuration/#Authorization.DefaultUserRole). Users can be [automatically mapped to different roles](https://docs.posit.co/connect/admin/authentication/saml-based/saml/#user-role-mapping) based on group membership. 12 | 13 | See the [Authentication Integration (Using SAML)](https://docs.posit.co/connect/admin/authentication/saml-based/saml/) section of the Connect Admin Guide for more details. The Connect Admin guide also has pages for integrations with specific IdPs such as Okta and Entra ID. 14 | 15 | {{< include ../_prereqs.qmd >}} 16 | 17 | ```{.yaml include="rstudio-connect-saml.yaml" filename="values.yaml"} 18 | ``` 19 | -------------------------------------------------------------------------------- /examples/connect/container-images/custom-images.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Container images" 3 | --- 4 | 5 | # Configuring Posit Connect with Custom Container Images 6 | 7 | This example deploys Posit Connect using custom images instead of the default public Posit provided images. 8 | 9 | There are a minimum of three images that Connect requires to function in Off-Host Execution mode. They are listed below with their cooresponding default public repositories. 10 | 11 | - Connect service container [rstudio/rstudio-connect](https://hub.docker.com/r/rstudio/rstudio-connect) 12 | - Content container [rstudio/content-base](https://hub.docker.com/r/rstudio/content-base) 13 | - Content init container [rstudio/rstudio-connect-content-init](https://hub.docker.com/r/rstudio/rstudio-connect-content-init) 14 | 15 | There are several content contents listed as execution enviornments by default on initial Connect startup based on the listing in the [default-runtime.yaml](https://github.com/rstudio/helm/blob/main/charts/rstudio-connect/default-runtime.yaml) file. Setting `customRuntimeYaml` will instead use the execution environments defined in that section instead of the default ones. Additional content containers may be added to provide more R, Python and Quarto versions and other system dependencies. See the [Content Execution Environment](https://docs.posit.co/connect/admin/appendix/off-host/execution-environments/) section in the Connect Admin Guide for more details. 16 | 17 | {{< include ../_prereqs.qmd >}} 18 | 19 | ```{.yaml include="rstudio-connect-custom-image.yaml" filename="values.yaml"} 20 | ``` 21 | -------------------------------------------------------------------------------- /examples/connect/index.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | title: Posit Connect Examples 3 | listing: 4 | template: ../examples.ejs 5 | contents: "*.qmd" 6 | --- 7 | 8 | 9 | The examples in this directory provide a starting point for deploying Posit Connect in different configurations. 10 | 11 | Each example has a beginning description and a series of `TODO` comments. 12 | Before using an example, read through all the comments and ensure you address each `TODO`. 13 | 14 | While each example focuses on one or more particular configurations, Posit Connect has some 15 | standard requirements listed in each example. Each example will need the following to run correctly: 16 | 17 | - PostgreSQL database specified in the Connect configuration 18 | - License key or file specified 19 | - `sharedStorage` configured 20 | 21 | -------------------------------------------------------------------------------- /examples/connect/ingress/aws-alb.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Ingress" 3 | --- 4 | 5 | # Configuring Posit Connect with an AWS ALB Ingress 6 | 7 | This example deploys Posit Connect with an Ingress using the AWS Load Balancer Controller to create an Application Load Balancer (ALB). 8 | 9 | This example is provided to show how to set annotations to enabled session affinity, redirect HTTP traffic to HTTPS and use AWS Certificate Manager if desired. 10 | 11 | The AWS Load Balancer Controller has a variety of settings and modes of operation. Please visit the [AWS documentation](https://kubernetes-sigs.github.io/aws-load-balancer-controller/) for more details specific to your use case. 12 | 13 | {{< include ../_prereqs.qmd >}} 14 | 15 | ```{.yaml include="rstudio-connect-alb-ingress.yaml" filename="values.yaml"} 16 | ``` 17 | -------------------------------------------------------------------------------- /examples/connect/ingress/azure-gateway.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Ingress" 3 | --- 4 | 5 | # Configuring Posit Connect with an Azure Application Gateway Ingress 6 | 7 | This example deploys Posit Connect with an Ingress using the Azure Application Gateway Ingress Controller to create an Azure Application Gateway load balancer. 8 | This example is provided to show how to set annotations to enabled session affinity and to redirect HTTP traffic to HTTPS. 9 | 10 | The Azure Application Gateway Ingress Controller has a variety of settings and modes of operation. 11 | Please visit the [Azure documentation](https://azure.github.io/application-gateway-kubernetes-ingress/) for more details specific to your use case. 12 | 13 | {{< include ../_prereqs.qmd >}} 14 | 15 | ```{.yaml include="rstudio-connect-azure-application-gateway-ingress.yaml" filename="values.yaml"} 16 | ``` 17 | -------------------------------------------------------------------------------- /examples/connect/ingress/gce.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Ingress" 3 | --- 4 | 5 | # Configuring Posit Connect with a GKE Ingress 6 | 7 | This example deploys Posit Connect with an Ingress using the GKE Ingress Controller to create a GCP Application Load Balancer. 8 | This example is provided to show how to set annotations to enabled session affinity, redirect HTTP traffic to HTTPS and use GCP Certificate Manager if desired. 9 | 10 | The GKE Ingress Controller has a variety of settings and modes of operation. Please visit the [GCP documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/load-balance-ingress) for more details specific to your use case. 11 | 12 | {{< include ../_prereqs.qmd >}} 13 | 14 | ```{.yaml include="rstudio-connect-gce-ingress.yaml" filename="values.yaml"} 15 | ``` 16 | -------------------------------------------------------------------------------- /examples/connect/ingress/nginx.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Ingress" 3 | --- 4 | 5 | # Configuring Posit Connect with a NGINX Ingress 6 | 7 | This example deploys Posit Connect with an Ingress using the Ingress NGINX Controller. 8 | This example is provided to show how to set annotations to enabled session affinity and to redirect HTTP traffic to HTTPS. 9 | 10 | The Ingress NGINX Controller has a variety of settings and modes of operation. Please visit the [NGINX controller documentation](https://kubernetes.github.io/ingress-nginx/) for more details specific to your use case. 11 | 12 | 13 | ::: callout-note 14 | This example is for the Ingress NGINX Controller which is part of Kubernetes and is located at [https://github.com/kubernetes/ingress-nginx](https://github.com/kubernetes/ingress-nginx). If you are using the NGINX or NGINX Plus Ingress Controllers from NGINX Inc located at [https://github.com/nginxinc/kubernetes-ingress](https://github.com/nginxinc/kubernetes-ingress) then different annotations will need to be applied. 15 | ::: 16 | 17 | {{< include ../_prereqs.qmd >}} 18 | 19 | ```{.yaml include="rstudio-connect-nginx-ingress.yaml" filename="values.yaml"} 20 | ``` 21 | -------------------------------------------------------------------------------- /examples/connect/ingress/traefik.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Ingress" 3 | --- 4 | 5 | # Configuring Posit Connect with a Traefik Ingress 6 | 7 | This example deploys Posit Connect with an Ingress using the Traefik Ingress Controller. 8 | This example is provided to show how to set annotations to enabled session affinity and to redirect HTTP traffic to HTTPS. 9 | 10 | The Traefik Ingress Controller has a variety of settings and modes of operation. Please visit the [Traefik documentation](https://doc.traefik.io/traefik/providers/kubernetes-ingress/) for more details specific to your use case. 11 | 12 | 13 | {{< include ../_prereqs.qmd >}} 14 | 15 | ```{.yaml include="rstudio-connect-traefik-ingress.yaml" filename="values.yaml"} 16 | ``` 17 | -------------------------------------------------------------------------------- /examples/connect/storage/additional-volumes.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Storage" 3 | --- 4 | 5 | # Configuring Posit Connect with additional volumes 6 | 7 | This example shows how to mount a `ConfigMap` to the Connect pod and a `PVC` is mounted to content pods. 8 | This pattern of specifying the volumes and volumeMounts will work for a variety of volume types: `PVC`, `ConfigMap`, etc. 9 | 10 | Depending on the need to add additional volumes, you may only need to mount to the Connect service or content pods but not both. 11 | For example, if you need to add TLS certificates for Connect via a `ConfigMap` then the content pods do not need the `ConfigMap` mounted. 12 | 13 | {{< include ../_prereqs.qmd >}} 14 | 15 | ```{.yaml include="rstudio-connect-with-additional-mounts.yaml" filename="values.yaml"} 16 | ``` 17 | -------------------------------------------------------------------------------- /examples/connect/storage/nfs-pv.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Storage" 3 | --- 4 | 5 | # Configuring Posit Connect with an NFS-backed `PersistentVolume` 6 | 7 | This example deploys Posit Connect with a single `PersistentVolume` backed by an NFS server. 8 | 9 | The `PersistentVolume` allows setting NFS `mountOptions` and it creates a `StorageClass` that Posit Connect then takes advantage of when it creates its `PersistentVolumeClaim`. 10 | 11 | Both the PVC and PV will be left around after the helm release is removed (for manual cleanup) due to the `persistentVolumeReclaimPolicy: Retain` setting. 12 | 13 | {{< include ../_prereqs.qmd >}} 14 | 15 | ```{.yaml include="rstudio-connect-with-pv.yaml" filename="values.yaml"} 16 | ``` 17 | -------------------------------------------------------------------------------- /examples/examples.ejs: -------------------------------------------------------------------------------- 1 | <% 2 | const postsByCategory = {}; 3 | const basicConfigPosts = []; 4 | items.forEach(item => { 5 | if (item.category === "Basic configuration") { 6 | basicConfigPosts.push(item) 7 | } else { 8 | if (!postsByCategory[item.category]) { 9 | postsByCategory[item.category] = []; 10 | } 11 | postsByCategory[item.category].push(item); 12 | } 13 | }); 14 | 15 | // Basic config first 16 | if (basicConfigPosts.length > 0) { %> 17 |

Basic configuration

18 | 25 | <% } %> 26 | 27 | <% for (const [category, categoryPosts] of Object.entries(postsByCategory)) { %> 28 |

<%= category %>

29 | 36 | <% } %> -------------------------------------------------------------------------------- /examples/launcher-templates/default/2.1.0/service.tpl: -------------------------------------------------------------------------------- 1 | # Version: 2.1.0 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ .Job.serviceName }} 6 | annotations: 7 | {{- with .Job.metadata.service.annotations }} 8 | {{- range $key, $val := . }} 9 | {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} 10 | {{- end }} 11 | {{- end }} 12 | labels: 13 | job-name: {{ toYaml .Job.id }} 14 | {{- with .Job.metadata.service.labels }} 15 | {{- range $key, $val := . }} 16 | {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} 17 | {{- end }} 18 | {{- end }} 19 | spec: 20 | ports: 21 | {{- $i := 0 }} 22 | {{- range .Job.exposedPorts }} 23 | {{- if not .publishedPort }} 24 | - name: {{ printf "port%d" $i }} 25 | protocol: {{ .protocol }} 26 | port: {{ .targetPort }} 27 | targetPort: {{ .targetPort }} 28 | {{- $i = add $i 1 }} 29 | {{- end }} 30 | {{- end }} 31 | selector: 32 | job-name: {{toYaml .Job.id }} 33 | clusterIP: '' 34 | type: NodePort 35 | -------------------------------------------------------------------------------- /examples/launcher-templates/default/2.3.0/service.tpl: -------------------------------------------------------------------------------- 1 | # Version: 2.3.0 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ .Job.serviceName }} 6 | annotations: 7 | {{- with .Job.metadata.service.annotations }} 8 | {{- range $key, $val := . }} 9 | {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} 10 | {{- end }} 11 | {{- end }} 12 | labels: 13 | app.kubernetes.io/managed-by: "launcher" 14 | job-name: {{ toYaml .Job.id }} 15 | {{- with .Job.metadata.service.labels }} 16 | {{- range $key, $val := . }} 17 | {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} 18 | {{- end }} 19 | {{- end }} 20 | spec: 21 | ports: 22 | {{- $i := 0 }} 23 | {{- range .Job.exposedPorts }} 24 | {{- if not .publishedPort }} 25 | - name: {{ printf "port%d" $i }} 26 | protocol: {{ .protocol }} 27 | port: {{ .targetPort }} 28 | targetPort: {{ .targetPort }} 29 | {{- $i = add $i 1 }} 30 | {{- end }} 31 | {{- end }} 32 | selector: 33 | job-name: {{toYaml .Job.id }} 34 | clusterIP: '' 35 | type: NodePort 36 | -------------------------------------------------------------------------------- /examples/launcher-templates/default/2.3.1/service.tpl: -------------------------------------------------------------------------------- 1 | # Version: 2.3.1 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ .Job.serviceName }} 6 | annotations: 7 | {{- with .Job.metadata.service.annotations }} 8 | {{- range $key, $val := . }} 9 | {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} 10 | {{- end }} 11 | {{- end }} 12 | labels: 13 | app.kubernetes.io/managed-by: "launcher" 14 | job-name: {{ toYaml .Job.id }} 15 | {{- with .Job.metadata.service.labels }} 16 | {{- range $key, $val := . }} 17 | {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} 18 | {{- end }} 19 | {{- end }} 20 | spec: 21 | ports: 22 | {{- $i := 0 }} 23 | {{- range .Job.exposedPorts }} 24 | {{- if not .publishedPort }} 25 | - name: {{ printf "port%d" $i }} 26 | protocol: {{ .protocol }} 27 | port: {{ .targetPort }} 28 | targetPort: {{ .targetPort }} 29 | {{- $i = add $i 1 }} 30 | {{- end }} 31 | {{- end }} 32 | selector: 33 | job-name: {{toYaml .Job.id }} 34 | clusterIP: '' 35 | type: NodePort 36 | -------------------------------------------------------------------------------- /examples/launcher-templates/default/2.4.0/service.tpl: -------------------------------------------------------------------------------- 1 | # Version: 2.4.0 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ .Job.serviceName }} 6 | annotations: 7 | {{- with .Job.metadata.service.annotations }} 8 | {{- range $key, $val := . }} 9 | {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} 10 | {{- end }} 11 | {{- end }} 12 | labels: 13 | app.kubernetes.io/managed-by: "launcher" 14 | job-name: {{ toYaml .Job.id }} 15 | {{- with .Job.instanceId }} 16 | launcher-instance-id: {{ toYaml . }} 17 | {{- end }} 18 | {{- with .Job.metadata.service.labels }} 19 | {{- range $key, $val := . }} 20 | {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} 21 | {{- end }} 22 | {{- end }} 23 | spec: 24 | ports: 25 | {{- $i := 0 }} 26 | {{- range .Job.exposedPorts }} 27 | {{- if not .publishedPort }} 28 | - name: {{ printf "port%d" $i }} 29 | protocol: {{ .protocol }} 30 | port: {{ .targetPort }} 31 | targetPort: {{ .targetPort }} 32 | {{- $i = add $i 1 }} 33 | {{- end }} 34 | {{- end }} 35 | selector: 36 | job-name: {{toYaml .Job.id }} 37 | clusterIP: '' 38 | type: NodePort 39 | -------------------------------------------------------------------------------- /examples/launcher-templates/default/2/service.tpl: -------------------------------------------------------------------------------- 1 | # Version: 2 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ .Job.serviceName }} 6 | labels: 7 | job-name: {{ toYaml .Job.id }} 8 | spec: 9 | ports: 10 | {{- $i := 0 }} 11 | {{- range .Job.exposedPorts }} 12 | {{- if not .publishedPort }} 13 | - name: {{ printf "port%d" $i }} 14 | protocol: {{ .protocol }} 15 | port: {{ .targetPort }} 16 | targetPort: {{ .targetPort }} 17 | {{- $i = add $i 1 }} 18 | {{- end }} 19 | {{- end }} 20 | selector: 21 | job-name: {{toYaml .Job.id }} 22 | clusterIP: '' 23 | type: NodePort 24 | -------------------------------------------------------------------------------- /examples/launcher-templates/example-template-data.yaml: -------------------------------------------------------------------------------- 1 | service: 2 | type: NodePort 3 | annotations: {} 4 | labels: {} 5 | pod: 6 | annotations: {} 7 | labels: {} 8 | volumes: [] 9 | volumeMounts: [] 10 | initContainers: [] 11 | imagePullPolicy: "" 12 | imagePullSecrets: [] 13 | serviceAccountName: "" 14 | extraContainers: [] 15 | job: 16 | annotations: {} 17 | labels: {} 18 | -------------------------------------------------------------------------------- /examples/launcher-templates/fargate/default-fargate/2/service.tpl: -------------------------------------------------------------------------------- 1 | # Version: 2 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ .Job.serviceName }} 6 | labels: 7 | job-name: {{ toYaml .Job.id }} 8 | spec: 9 | ports: 10 | {{- $i := 0 }} 11 | {{- range .Job.exposedPorts }} 12 | {{- if not .publishedPort }} 13 | - name: {{ printf "port%d" $i }} 14 | protocol: {{ .protocol }} 15 | port: {{ .targetPort }} 16 | targetPort: {{ .targetPort }} 17 | {{- $i = add $i 1 }} 18 | {{- end }} 19 | {{- end }} 20 | selector: 21 | job-name: {{toYaml .Job.id }} 22 | clusterIP: '' 23 | type: ClusterIP 24 | -------------------------------------------------------------------------------- /examples/launcher-templates/fargate/default-fargate/not-fargate-ui.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rstudio/helm/6236c55f242849d0988afa66022f8ad8aff2e99f/examples/launcher-templates/fargate/default-fargate/not-fargate-ui.png -------------------------------------------------------------------------------- /examples/launcher-templates/fargate/default-not/2/service.tpl: -------------------------------------------------------------------------------- 1 | # Version: 2 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ .Job.serviceName }} 6 | labels: 7 | job-name: {{ toYaml .Job.id }} 8 | spec: 9 | ports: 10 | {{- $i := 0 }} 11 | {{- range .Job.exposedPorts }} 12 | {{- if not .publishedPort }} 13 | - name: {{ printf "port%d" $i }} 14 | protocol: {{ .protocol }} 15 | port: {{ .targetPort }} 16 | targetPort: {{ .targetPort }} 17 | {{- $i = add $i 1 }} 18 | {{- end }} 19 | {{- end }} 20 | selector: 21 | job-name: {{toYaml .Job.id }} 22 | clusterIP: '' 23 | type: ClusterIP 24 | -------------------------------------------------------------------------------- /examples/launcher-templates/fargate/default-not/README.md: -------------------------------------------------------------------------------- 1 | # Let Users Send Jobs to Fargate 2 | 3 | These examples will send jobs to EKS nodes by default. This requires users to "opt into" Fargate for job execution by 4 | choosing a placement constraint. 5 | 6 | Let us presume that our Fargate profile requires the `fargate-job: true` label. 7 | 8 | You must configure `launcher.kubernetes.profiles.conf` to make `fargate` an option: 9 | 10 | _launcher.kubernetes.profiles.conf_ 11 | ```ini 12 | [*] 13 | placement-constraints: eks.amazonaws.com/compute-type:fargate 14 | ``` 15 | 16 | This will be surfaced in the UI like: 17 | 18 | ![Image of Workbench interface with option to select "fargate"](./fargate-ui.png) 19 | 20 | Then the approach used is to: 21 | 22 | - Change `service.type` to `ClusterIP` (required for Fargate) 23 | - Add a `fargate-job: true` label when the `eks.amazonaws.com/compute-type` placement constraint equals `fargate` 24 | 25 | There are example templates here: 26 | 27 | - [For v2](./2) 28 | 29 | Please reach out to us if you have questions! 30 | 31 | > NOTE: the current implementation has a few limitations: 32 | > - Does not make any UI indications about resource constraints on Fargate 33 | > - Upgrading templates is your responsibility when changing the version of Workbench 34 | -------------------------------------------------------------------------------- /examples/launcher-templates/fargate/default-not/fargate-ui.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rstudio/helm/6236c55f242849d0988afa66022f8ad8aff2e99f/examples/launcher-templates/fargate/default-not/fargate-ui.png -------------------------------------------------------------------------------- /examples/launcher-templates/helm/2-v1/service.tpl: -------------------------------------------------------------------------------- 1 | # Version: 2 2 | # DO NOT MODIFY the "Version: " key 3 | # Helm Version: v1 4 | {{- $templateData := include "rstudio-library.templates.data" nil | mustFromJson }} 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: {{ .Job.serviceName }} 9 | annotations: 10 | {{- with $templateData.service.annotations }} 11 | {{- range $key, $val := . }} 12 | {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} 13 | {{- end }} 14 | {{- end }} 15 | labels: 16 | job-name: {{ toYaml .Job.id }} 17 | {{- with $templateData.service.labels }} 18 | {{- range $key, $val := . }} 19 | {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} 20 | {{- end }} 21 | {{- end }} 22 | spec: 23 | ports: 24 | {{- $i := 0 }} 25 | {{- range .Job.exposedPorts }} 26 | {{- if not .publishedPort }} 27 | - name: {{ printf "port%d" $i }} 28 | protocol: {{ .protocol }} 29 | port: {{ .targetPort }} 30 | targetPort: {{ .targetPort }} 31 | {{- $i = add $i 1 }} 32 | {{- end }} 33 | {{- end }} 34 | selector: 35 | job-name: {{toYaml .Job.id }} 36 | clusterIP: '' 37 | type: {{ $templateData.service.type }} 38 | -------------------------------------------------------------------------------- /examples/launcher-templates/helm/2-v2/service.tpl: -------------------------------------------------------------------------------- 1 | # Version: 2 2 | # DO NOT MODIFY the "Version: " key 3 | # Helm Version: v2 4 | {{- $templateData := include "rstudio-library.templates.data" nil | mustFromJson }} 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: {{ .Job.serviceName }} 9 | annotations: 10 | {{- with $templateData.service.annotations }} 11 | {{- range $key, $val := . }} 12 | {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} 13 | {{- end }} 14 | {{- end }} 15 | labels: 16 | job-name: {{ toYaml .Job.id }} 17 | {{- with $templateData.service.labels }} 18 | {{- range $key, $val := . }} 19 | {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} 20 | {{- end }} 21 | {{- end }} 22 | spec: 23 | ports: 24 | {{- $i := 0 }} 25 | {{- range .Job.exposedPorts }} 26 | {{- if not .publishedPort }} 27 | - name: {{ printf "port%d" $i }} 28 | protocol: {{ .protocol }} 29 | port: {{ .targetPort }} 30 | targetPort: {{ .targetPort }} 31 | {{- $i = add $i 1 }} 32 | {{- end }} 33 | {{- end }} 34 | selector: 35 | job-name: {{toYaml .Job.id }} 36 | clusterIP: '' 37 | type: {{ $templateData.service.type }} 38 | -------------------------------------------------------------------------------- /examples/launcher-templates/helm/2.1.0-v1/service.tpl: -------------------------------------------------------------------------------- 1 | # Version: 2.1.0 2 | # DO NOT MODIFY the "Version: " key 3 | # Helm Version: v1 4 | {{- $templateData := include "rstudio-library.templates.data" nil | mustFromJson }} 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: {{ .Job.serviceName }} 9 | annotations: 10 | {{- with .Job.metadata.service.annotations }} 11 | {{- range $key, $val := . }} 12 | {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} 13 | {{- end }} 14 | {{- end }} 15 | {{- with $templateData.service.annotations }} 16 | {{- range $key, $val := . }} 17 | {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} 18 | {{- end }} 19 | {{- end }} 20 | labels: 21 | job-name: {{ toYaml .Job.id }} 22 | {{- with .Job.metadata.service.labels }} 23 | {{- range $key, $val := . }} 24 | {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} 25 | {{- end }} 26 | {{- end }} 27 | {{- with $templateData.service.labels }} 28 | {{- range $key, $val := . }} 29 | {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} 30 | {{- end }} 31 | {{- end }} 32 | spec: 33 | ports: 34 | {{- $i := 0 }} 35 | {{- range .Job.exposedPorts }} 36 | {{- if not .publishedPort }} 37 | - name: {{ printf "port%d" $i }} 38 | protocol: {{ .protocol }} 39 | port: {{ .targetPort }} 40 | targetPort: {{ .targetPort }} 41 | {{- $i = add $i 1 }} 42 | {{- end }} 43 | {{- end }} 44 | selector: 45 | job-name: {{toYaml .Job.id }} 46 | clusterIP: '' 47 | type: {{ $templateData.service.type }} 48 | -------------------------------------------------------------------------------- /examples/launcher-templates/helm/2.1.0-v2/service.tpl: -------------------------------------------------------------------------------- 1 | # Version: 2.1.0 2 | # DO NOT MODIFY the "Version: " key 3 | # Helm Version: v2 4 | {{- $templateData := include "rstudio-library.templates.data" nil | mustFromJson }} 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: {{ .Job.serviceName }} 9 | annotations: 10 | {{- with .Job.metadata.service.annotations }} 11 | {{- range $key, $val := . }} 12 | {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} 13 | {{- end }} 14 | {{- end }} 15 | {{- with $templateData.service.annotations }} 16 | {{- range $key, $val := . }} 17 | {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} 18 | {{- end }} 19 | {{- end }} 20 | labels: 21 | job-name: {{ toYaml .Job.id }} 22 | {{- with .Job.metadata.service.labels }} 23 | {{- range $key, $val := . }} 24 | {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} 25 | {{- end }} 26 | {{- end }} 27 | {{- with $templateData.service.labels }} 28 | {{- range $key, $val := . }} 29 | {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} 30 | {{- end }} 31 | {{- end }} 32 | spec: 33 | ports: 34 | {{- $i := 0 }} 35 | {{- range .Job.exposedPorts }} 36 | {{- if not .publishedPort }} 37 | - name: {{ printf "port%d" $i }} 38 | protocol: {{ .protocol }} 39 | port: {{ .targetPort }} 40 | targetPort: {{ .targetPort }} 41 | {{- $i = add $i 1 }} 42 | {{- end }} 43 | {{- end }} 44 | selector: 45 | job-name: {{toYaml .Job.id }} 46 | clusterIP: '' 47 | type: {{ $templateData.service.type }} 48 | -------------------------------------------------------------------------------- /examples/launcher-templates/helm/2.3.0-v1/service.tpl: -------------------------------------------------------------------------------- 1 | # Version: 2.3.0 2 | # DO NOT MODIFY the "Version: " key 3 | # Helm Version: v1 4 | {{- $templateData := include "rstudio-library.templates.data" nil | mustFromJson }} 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: {{ .Job.serviceName }} 9 | annotations: 10 | {{- with .Job.metadata.service.annotations }} 11 | {{- range $key, $val := . }} 12 | {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} 13 | {{- end }} 14 | {{- end }} 15 | {{- with $templateData.service.annotations }} 16 | {{- range $key, $val := . }} 17 | {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} 18 | {{- end }} 19 | {{- end }} 20 | labels: 21 | app.kubernetes.io/managed-by: "launcher" 22 | job-name: {{ toYaml .Job.id }} 23 | {{- with .Job.metadata.service.labels }} 24 | {{- range $key, $val := . }} 25 | {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} 26 | {{- end }} 27 | {{- end }} 28 | {{- with $templateData.service.labels }} 29 | {{- range $key, $val := . }} 30 | {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} 31 | {{- end }} 32 | {{- end }} 33 | spec: 34 | ports: 35 | {{- $i := 0 }} 36 | {{- range .Job.exposedPorts }} 37 | {{- if not .publishedPort }} 38 | - name: {{ printf "port%d" $i }} 39 | protocol: {{ .protocol }} 40 | port: {{ .targetPort }} 41 | targetPort: {{ .targetPort }} 42 | {{- $i = add $i 1 }} 43 | {{- end }} 44 | {{- end }} 45 | selector: 46 | job-name: {{toYaml .Job.id }} 47 | clusterIP: '' 48 | type: {{ $templateData.service.type }} 49 | -------------------------------------------------------------------------------- /examples/launcher-templates/helm/2.3.0-v2/service.tpl: -------------------------------------------------------------------------------- 1 | # Version: 2.3.0 2 | # DO NOT MODIFY the "Version: " key 3 | # Helm Version: v2 4 | {{- $templateData := include "rstudio-library.templates.data" nil | mustFromJson }} 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: {{ .Job.serviceName }} 9 | annotations: 10 | {{- with .Job.metadata.service.annotations }} 11 | {{- range $key, $val := . }} 12 | {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} 13 | {{- end }} 14 | {{- end }} 15 | {{- with $templateData.service.annotations }} 16 | {{- range $key, $val := . }} 17 | {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} 18 | {{- end }} 19 | {{- end }} 20 | labels: 21 | app.kubernetes.io/managed-by: "launcher" 22 | job-name: {{ toYaml .Job.id }} 23 | {{- with .Job.metadata.service.labels }} 24 | {{- range $key, $val := . }} 25 | {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} 26 | {{- end }} 27 | {{- end }} 28 | {{- with $templateData.service.labels }} 29 | {{- range $key, $val := . }} 30 | {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} 31 | {{- end }} 32 | {{- end }} 33 | spec: 34 | ports: 35 | {{- $i := 0 }} 36 | {{- range .Job.exposedPorts }} 37 | {{- if not .publishedPort }} 38 | - name: {{ printf "port%d" $i }} 39 | protocol: {{ .protocol }} 40 | port: {{ .targetPort }} 41 | targetPort: {{ .targetPort }} 42 | {{- $i = add $i 1 }} 43 | {{- end }} 44 | {{- end }} 45 | selector: 46 | job-name: {{toYaml .Job.id }} 47 | clusterIP: '' 48 | type: {{ $templateData.service.type }} 49 | -------------------------------------------------------------------------------- /examples/launcher-templates/helm/2.3.1-v1/service.tpl: -------------------------------------------------------------------------------- 1 | # Version: 2.3.1 2 | # DO NOT MODIFY the "Version: " key 3 | # Helm Version: v1 4 | {{- $templateData := include "rstudio-library.templates.data" nil | mustFromJson }} 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: {{ .Job.serviceName }} 9 | annotations: 10 | {{- with .Job.metadata.service.annotations }} 11 | {{- range $key, $val := . }} 12 | {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} 13 | {{- end }} 14 | {{- end }} 15 | {{- with $templateData.service.annotations }} 16 | {{- range $key, $val := . }} 17 | {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} 18 | {{- end }} 19 | {{- end }} 20 | labels: 21 | app.kubernetes.io/managed-by: "launcher" 22 | job-name: {{ toYaml .Job.id }} 23 | {{- with .Job.metadata.service.labels }} 24 | {{- range $key, $val := . }} 25 | {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} 26 | {{- end }} 27 | {{- end }} 28 | {{- with $templateData.service.labels }} 29 | {{- range $key, $val := . }} 30 | {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} 31 | {{- end }} 32 | {{- end }} 33 | spec: 34 | ports: 35 | {{- $i := 0 }} 36 | {{- range .Job.exposedPorts }} 37 | {{- if not .publishedPort }} 38 | - name: {{ printf "port%d" $i }} 39 | protocol: {{ .protocol }} 40 | port: {{ .targetPort }} 41 | targetPort: {{ .targetPort }} 42 | {{- $i = add $i 1 }} 43 | {{- end }} 44 | {{- end }} 45 | selector: 46 | job-name: {{toYaml .Job.id }} 47 | clusterIP: '' 48 | type: {{ $templateData.service.type }} 49 | -------------------------------------------------------------------------------- /examples/launcher-templates/helm/2.3.1-v2/service.tpl: -------------------------------------------------------------------------------- 1 | # Version: 2.3.1 2 | # DO NOT MODIFY the "Version: " key 3 | # Helm Version: v2 4 | {{- $templateData := include "rstudio-library.templates.data" nil | mustFromJson }} 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: {{ .Job.serviceName }} 9 | annotations: 10 | {{- with .Job.metadata.service.annotations }} 11 | {{- range $key, $val := . }} 12 | {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} 13 | {{- end }} 14 | {{- end }} 15 | {{- with $templateData.service.annotations }} 16 | {{- range $key, $val := . }} 17 | {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} 18 | {{- end }} 19 | {{- end }} 20 | labels: 21 | app.kubernetes.io/managed-by: "launcher" 22 | job-name: {{ toYaml .Job.id }} 23 | {{- with .Job.metadata.service.labels }} 24 | {{- range $key, $val := . }} 25 | {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} 26 | {{- end }} 27 | {{- end }} 28 | {{- with $templateData.service.labels }} 29 | {{- range $key, $val := . }} 30 | {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} 31 | {{- end }} 32 | {{- end }} 33 | spec: 34 | ports: 35 | {{- $i := 0 }} 36 | {{- range .Job.exposedPorts }} 37 | {{- if not .publishedPort }} 38 | - name: {{ printf "port%d" $i }} 39 | protocol: {{ .protocol }} 40 | port: {{ .targetPort }} 41 | targetPort: {{ .targetPort }} 42 | {{- $i = add $i 1 }} 43 | {{- end }} 44 | {{- end }} 45 | selector: 46 | job-name: {{toYaml .Job.id }} 47 | clusterIP: '' 48 | type: {{ $templateData.service.type }} 49 | -------------------------------------------------------------------------------- /examples/launcher-templates/helm/2.3.1-v3/service.tpl: -------------------------------------------------------------------------------- 1 | # Version: 2.3.1 2 | # DO NOT MODIFY the "Version: " key 3 | # Helm Version: v3 4 | {{- $templateData := include "rstudio-library.templates.data" nil | mustFromJson }} 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: {{ .Job.serviceName }} 9 | annotations: 10 | {{- with .Job.metadata.service.annotations }} 11 | {{- range $key, $val := . }} 12 | {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} 13 | {{- end }} 14 | {{- end }} 15 | {{- with $templateData.service.annotations }} 16 | {{- range $key, $val := . }} 17 | {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} 18 | {{- end }} 19 | {{- end }} 20 | labels: 21 | app.kubernetes.io/managed-by: "launcher" 22 | job-name: {{ toYaml .Job.id }} 23 | {{- with .Job.metadata.service.labels }} 24 | {{- range $key, $val := . }} 25 | {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} 26 | {{- end }} 27 | {{- end }} 28 | {{- with $templateData.service.labels }} 29 | {{- range $key, $val := . }} 30 | {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} 31 | {{- end }} 32 | {{- end }} 33 | spec: 34 | ports: 35 | {{- $i := 0 }} 36 | {{- range .Job.exposedPorts }} 37 | {{- if not .publishedPort }} 38 | - name: {{ printf "port%d" $i }} 39 | protocol: {{ .protocol }} 40 | port: {{ .targetPort }} 41 | targetPort: {{ .targetPort }} 42 | {{- $i = add $i 1 }} 43 | {{- end }} 44 | {{- end }} 45 | selector: 46 | job-name: {{toYaml .Job.id }} 47 | clusterIP: '' 48 | type: {{ $templateData.service.type }} 49 | -------------------------------------------------------------------------------- /examples/launcher-templates/helm/2.3.1-v4/service.tpl: -------------------------------------------------------------------------------- 1 | # Version: 2.3.1 2 | # DO NOT MODIFY the "Version: " key 3 | # Helm Version: v4 4 | {{- $templateData := include "rstudio-library.templates.data" nil | mustFromJson }} 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: {{ .Job.serviceName }} 9 | annotations: 10 | {{- with .Job.metadata.service.annotations }} 11 | {{- range $key, $val := . }} 12 | {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} 13 | {{- end }} 14 | {{- end }} 15 | {{- with $templateData.service.annotations }} 16 | {{- range $key, $val := . }} 17 | {{ $key }}: {{ toYaml $val | indent 4 | trimPrefix (repeat 4 " ") }} 18 | {{- end }} 19 | {{- end }} 20 | labels: 21 | app.kubernetes.io/managed-by: "launcher" 22 | job-name: {{ toYaml .Job.id }} 23 | {{- with .Job.metadata.service.labels }} 24 | {{- range $key, $val := . }} 25 | {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} 26 | {{- end }} 27 | {{- end }} 28 | {{- with $templateData.service.labels }} 29 | {{- range $key, $val := . }} 30 | {{ $key }}: {{ toYaml $val | indent 8 | trimPrefix (repeat 8 " ") }} 31 | {{- end }} 32 | {{- end }} 33 | spec: 34 | ports: 35 | {{- $i := 0 }} 36 | {{- range .Job.exposedPorts }} 37 | {{- if not .publishedPort }} 38 | - name: {{ printf "port%d" $i }} 39 | protocol: {{ .protocol }} 40 | port: {{ .targetPort }} 41 | targetPort: {{ .targetPort }} 42 | {{- $i = add $i 1 }} 43 | {{- end }} 44 | {{- end }} 45 | selector: 46 | job-name: {{toYaml .Job.id }} 47 | clusterIP: '' 48 | type: {{ $templateData.service.type }} 49 | -------------------------------------------------------------------------------- /examples/package-manager/_prereqs.qmd: -------------------------------------------------------------------------------- 1 | To use this example you will need: 2 | 3 | - a license file or key 4 | - a PostgreSQL database 5 | - either 6 | - a `ReadWriteMany` POSIX compliant storage class for `sharedStorage` 7 | - S3 -------------------------------------------------------------------------------- /examples/package-manager/container-images/custom-images.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Container images" 3 | --- 4 | 5 | # Configuring Posit Package Manager with Custom Container Images 6 | 7 | This example deploys Posit Package Manager using a custom image instead of the default public Posit provided image. 8 | 9 | The Package Manager image may be customized in the helm chart to pull from your own container registry instead of the public Posit provided images. 10 | 11 | The default public images are on Docker Hub: 12 | 13 | Package Manager: [rstudio/rstudio-package-manager](https://hub.docker.com/r/rstudio/rstudio-package-manager) 14 | 15 | {{< include ../_prereqs.qmd >}} 16 | 17 | ```{.yaml include="rstudio-pm-custom-image.yaml" filename="values.yaml"} 18 | ``` 19 | -------------------------------------------------------------------------------- /examples/package-manager/container-images/private-images.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Container images" 3 | --- 4 | 5 | # Configuring Posit Package Manager to Access Image Registries Requiring Authentication 6 | 7 | This example deploys RStudio Package Manager using custom images in registries requiring authentication instead of the default public Posit provided images. 8 | 9 | The image can be pulled from your own container registry instead of the public Posit provided image. 10 | This example shows where to provide private registry credentials in the form of a Kubernetes secret of type 11 | `kubernetes.io/dockercfg` 12 | 13 | The default public images are on Docker Hub: 14 | 15 | Package Manager: [rstudio/rstudio-package-manager](https://hub.docker.com/r/rstudio/rstudio-package-manager) 16 | 17 | {{< include ../_prereqs.qmd >}} 18 | 19 | ```{.yaml include="rstudio-pm-custom-image-private.yaml" filename="values.yaml"} 20 | ``` 21 | -------------------------------------------------------------------------------- /examples/package-manager/index.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | title: Posit Package Manager Examples 3 | listing: 4 | template: ../examples.ejs 5 | contents: "*.qmd" 6 | --- 7 | 8 | The examples in this directory provide a starting point for deploying Posit Package Manager in different configurations. 9 | 10 | Each example has a beginning description and a series of `TODO` comments. 11 | Before using an example, read through all the comments and ensure you address each `TODO`. 12 | 13 | While each example focuses on one or more particular configurations, Posit Package Manager has some standard requirements listed in each example. 14 | 15 | Each example will need the following to run correctly: 16 | 17 | - PostgreSQL database specified in the Package Manager configuration 18 | - License key or file specified 19 | - [`sharedStorage`](https://docs.posit.co/rspm/admin/getting-started/installation/installation-kubernetes/#using-shared-storage) or [`S3Storage`](https://docs.posit.co/rspm/admin/getting-started/installation/installation-kubernetes/#using-aws-s3-with-eks) configured 20 | -------------------------------------------------------------------------------- /examples/package-manager/ingress/aws-alb.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Ingress" 3 | --- 4 | 5 | # Configuring Posit Package Manager with an AWS ALB Ingress 6 | 7 | This example deploys Posit Package Manager with an Ingress using the AWS Load Balancer Controller to create an Application Load Balancer (ALB). 8 | This example is provided to show how to set annotations to redirect HTTP traffic to HTTPS and use AWS Certificate Manager if desired. 9 | 10 | The AWS Load Balancer Controller has a variety of settings and modes of operation. Please visit the [AWS documentation](https://kubernetes-sigs.github.io/aws-load-balancer-controller/) for more details specific to your use case. 11 | 12 | {{< include ../_prereqs.qmd >}} 13 | 14 | ```{.yaml include="rstudio-pm-alb-ingress.yaml" filename="values.yaml"} 15 | ``` 16 | -------------------------------------------------------------------------------- /examples/package-manager/ingress/azure-gateway.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Ingress" 3 | --- 4 | 5 | # Configuring Posit Package Manager with an Azure Application Gateway 6 | 7 | This example deploys Posit Package Manager with an Ingress using the Azure Application Gateway Ingress Controller to create a Azure Application Gateway load balancer. 8 | This example is provided to show how to set annotations to redirect HTTP traffic to HTTPS. 9 | 10 | The Azure Application Gateway Ingress Controller has a variety of settings and modes of operation. 11 | Please visit the [Azure documentation](https://azure.github.io/application-gateway-kubernetes-ingress/) for more details specific to your use case. 12 | 13 | {{< include ../_prereqs.qmd >}} 14 | 15 | ```{.yaml include="rstudio-pm-azure-application-gateway-ingress.yaml" filename="values.yaml"} 16 | ``` 17 | -------------------------------------------------------------------------------- /examples/package-manager/ingress/gce.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Ingress" 3 | --- 4 | 5 | # Configuring Posit Package Manager with a GCE Ingress 6 | 7 | This example deploys Posit Package Manager with an Ingress using the GKE Ingress Controller to create a GCP Application Load Balancer. 8 | This example is provided to show how to set annotations to redirect HTTP traffic to HTTPS and use GCP Certificate Manager if desired. 9 | 10 | The GKE Ingress Controller has a variety of settings and modes of operation. Please visit the [GCP documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/load-balance-ingress) for more details specific to your use case. 11 | 12 | {{< include ../_prereqs.qmd >}} 13 | 14 | ```{.yaml include="rstudio-pm-gce-ingress.yaml" filename="values.yaml"} 15 | ``` 16 | -------------------------------------------------------------------------------- /examples/package-manager/ingress/nginx.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Ingress" 3 | --- 4 | 5 | # Configuring Posit Package Manager with a NGINX Ingress 6 | 7 | This example deploys Posit Package Manager with an Ingress using the Ingress NGINX Controller. 8 | 9 | The Ingress NGINX Controller has a variety of settings and modes of operation. Please visit the [NGINX controller documentation](https://kubernetes.github.io/ingress-nginx/) for more details specific to your use case. 10 | 11 | ::: callout-note 12 | This example is for the Ingress NGINX Controller which is part of Kubernetes and is located at [https://github.com/kubernetes/ingress-nginx](https://github.com/kubernetes/ingress-nginx). If you are using the NGINX or NGINX Plus Ingress Controllers from NGINX Inc located at [https://github.com/nginxinc/kubernetes-ingress](https://github.com/nginxinc/kubernetes-ingress) then different annotations will need to be applied. 13 | ::: 14 | 15 | {{< include ../_prereqs.qmd >}} 16 | 17 | ```{.yaml include="rstudio-pm-nginx-ingress.yaml" filename="values.yaml"} 18 | ``` 19 | -------------------------------------------------------------------------------- /examples/package-manager/ingress/traefik.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Ingress" 3 | --- 4 | 5 | # Configuring Posit Package Manager with a Traefik Ingress 6 | 7 | This example deploys Posit Package Manager with an Ingress using the Traefik Ingress Controller. 8 | 9 | The Traefik Ingress Controller has a variety of settings and modes of operation. Please visit the [Traefik documentation](https://doc.traefik.io/traefik/providers/kubernetes-ingress/) for more details specific to your use case. 10 | 11 | {{< include ../_prereqs.qmd >}} 12 | 13 | ```{.yaml include="rstudio-pm-traefik-ingress.yaml" filename="values.yaml"} 14 | ``` 15 | -------------------------------------------------------------------------------- /examples/package-manager/storage/additional-volumes.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Storage" 3 | --- 4 | 5 | # Configuring Posit Package Manager with additional volumes 6 | 7 | This example shows how to mount a `ConfigMap` to the Package Manager pod. 8 | This pattern of specifying the volumes and volumeMounts will work for a variety of volume types: `PVC`, `ConfigMap`, etc. 9 | 10 | {{< include ../_prereqs.qmd >}} 11 | 12 | ```{.yaml include="rstudio-pm-with-additional-mounts.yaml" filename="values.yaml"} 13 | ``` 14 | -------------------------------------------------------------------------------- /examples/package-manager/storage/nfs-pv.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Storage" 3 | --- 4 | 5 | # Configuring Posit Package Manager with an NFS-backed `PersistentVolume` 6 | 7 | This example deploys Posit Package Manager with a single `PersistentVolume` backed by an NFS server. 8 | 9 | The `PersistentVolume` allows setting NFS `mountOptions` and it creates a `StorageClass` that Posit Package Manager then takes advantage of when it creates its `PersistentVolumeClaim`. 10 | 11 | Both the PVC and PV will be left around after the helm release is removed (for manual cleanup) due to the `persistentVolumeReclaimPolicy: Retain` setting. 12 | 13 | {{< include ../_prereqs.qmd >}} 14 | 15 | ```{.yaml include="rstudio-pm-with-pv.yaml" filename="values.yaml"} 16 | ``` 17 | -------------------------------------------------------------------------------- /examples/package-manager/storage/s3.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Storage" 3 | --- 4 | 5 | # Configuring Posit Package Manager with S3 6 | 7 | This example deploys Posit Package Manager using S3 instead of using `sharedStorage` with a `PersistentVolume` and `PersistentVolumeClaim`. 8 | 9 | {{< include ../_prereqs.qmd >}} 10 | 11 | ```{.yaml include="rstudio-pm-with-s3.yaml" filename="values.yaml"} 12 | ``` 13 | -------------------------------------------------------------------------------- /examples/rbac/README.md: -------------------------------------------------------------------------------- 1 | # RBAC yaml examples 2 | 3 | The RBAC associated with the RStudio Job Launcher is maintained in the 4 | [rstudio-library](../../charts/rstudio-library) and 5 | [rstudio-launcher-rbac](../../charts/rstudio-launcher-rbac) helm charts. 6 | 7 | However, it is also maintained here in this directory [by CI](../../.github/workflows/chart-doc.yaml) for ease of use. 8 | In order to generate these files from the chart, you can use: 9 | ``` 10 | helm repo add rstudio https://helm.rstudio.com 11 | helm template -n rstudio rstudio-launcher-rbac rstudio/rstudio-launcher-rbac 12 | ``` 13 | 14 | > NOTE: the `rstudio-workbench` and `rstudio-connect` helm charts also use the 15 | > `rstudio-library` chart to deploy their own RBAC 16 | 17 | 18 | ## Important Note 19 | 20 | The rbac currently contains a `ClusterRoleBinding`, which requires a namespace 21 | reference. 22 | 23 | As a result, even though we use `--removeNamespaceReferences=true`, the 24 | namespace persists on the `ClusterRoleBiding`. We use the `rstudio` namespace 25 | by default. 26 | 27 | Please modify the namespace as needed for your installation. 28 | 29 | # Usage 30 | 31 | If you are using the `rstudio` namespace (our default), then you can use either the "latest" RBAC directly: 32 | 33 | ``` 34 | kubectl apply -f https://raw.githubusercontent.com/rstudio/helm/main/examples/rbac/rstudio-launcher-rbac.yaml 35 | ``` 36 | 37 | Or you can use a particular version (versioned with the [`rstudio-launcher-rbac`](../../charts/rstudio-launcher-rbac) 38 | helm chart): 39 | 40 | ``` 41 | kubectl apply -f https://raw.githubusercontent.com/rstudio/helm/main/examples/rbac/rstudio-launcher-rbac-0.2.2.yaml 42 | ``` 43 | -------------------------------------------------------------------------------- /examples/rbac/rstudio-launcher-rbac-0.2.10.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: rstudio-launcher-rbac/templates/rbac.yaml 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: rstudio-launcher-rbac 7 | --- 8 | # Source: rstudio-launcher-rbac/templates/rbac.yaml 9 | apiVersion: rbac.authorization.k8s.io/v1 10 | kind: Role 11 | metadata: 12 | name: rstudio-launcher-rbac 13 | rules: 14 | - apiGroups: 15 | - "" 16 | resources: 17 | - "pods" 18 | - "pods/log" 19 | - "pods/attach" 20 | - "pods/exec" 21 | verbs: 22 | - "get" 23 | - "create" 24 | - "update" 25 | - "patch" 26 | - "watch" 27 | - "list" 28 | - "delete" 29 | - apiGroups: 30 | - "" 31 | resources: 32 | - "events" 33 | verbs: 34 | - "watch" 35 | - apiGroups: 36 | - "" 37 | resources: 38 | - "services" 39 | verbs: 40 | - "create" 41 | - "get" 42 | - "watch" 43 | - "list" 44 | - "delete" 45 | - apiGroups: 46 | - "batch" 47 | resources: 48 | - "jobs" 49 | verbs: 50 | - "create" 51 | - "update" 52 | - "patch" 53 | - "get" 54 | - "watch" 55 | - "list" 56 | - "delete" 57 | - apiGroups: 58 | - "metrics.k8s.io" 59 | resources: 60 | - "pods" 61 | verbs: 62 | - "get" 63 | --- 64 | # Source: rstudio-launcher-rbac/templates/rbac.yaml 65 | apiVersion: rbac.authorization.k8s.io/v1 66 | kind: RoleBinding 67 | metadata: 68 | name: rstudio-launcher-rbac 69 | roleRef: 70 | apiGroup: rbac.authorization.k8s.io 71 | kind: Role 72 | name: rstudio-launcher-rbac 73 | subjects: 74 | - kind: ServiceAccount 75 | name: rstudio-launcher-rbac 76 | -------------------------------------------------------------------------------- /examples/rbac/rstudio-launcher-rbac-0.2.11.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: rstudio-launcher-rbac/templates/rbac.yaml 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: rstudio-launcher-rbac 7 | --- 8 | # Source: rstudio-launcher-rbac/templates/rbac.yaml 9 | apiVersion: rbac.authorization.k8s.io/v1 10 | kind: Role 11 | metadata: 12 | name: rstudio-launcher-rbac 13 | rules: 14 | - apiGroups: 15 | - "" 16 | resources: 17 | - "pods" 18 | - "pods/log" 19 | - "pods/attach" 20 | - "pods/exec" 21 | verbs: 22 | - "get" 23 | - "create" 24 | - "update" 25 | - "patch" 26 | - "watch" 27 | - "list" 28 | - "delete" 29 | - apiGroups: 30 | - "" 31 | resources: 32 | - "events" 33 | verbs: 34 | - "watch" 35 | - apiGroups: 36 | - "" 37 | resources: 38 | - "services" 39 | verbs: 40 | - "create" 41 | - "get" 42 | - "watch" 43 | - "list" 44 | - "delete" 45 | - apiGroups: 46 | - "batch" 47 | resources: 48 | - "jobs" 49 | verbs: 50 | - "create" 51 | - "update" 52 | - "patch" 53 | - "get" 54 | - "watch" 55 | - "list" 56 | - "delete" 57 | - apiGroups: 58 | - "metrics.k8s.io" 59 | resources: 60 | - "pods" 61 | verbs: 62 | - "get" 63 | --- 64 | # Source: rstudio-launcher-rbac/templates/rbac.yaml 65 | apiVersion: rbac.authorization.k8s.io/v1 66 | kind: RoleBinding 67 | metadata: 68 | name: rstudio-launcher-rbac 69 | roleRef: 70 | apiGroup: rbac.authorization.k8s.io 71 | kind: Role 72 | name: rstudio-launcher-rbac 73 | subjects: 74 | - kind: ServiceAccount 75 | name: rstudio-launcher-rbac 76 | -------------------------------------------------------------------------------- /examples/rbac/rstudio-launcher-rbac-0.2.12.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: rstudio-launcher-rbac/templates/rbac.yaml 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: rstudio-launcher-rbac 7 | --- 8 | # Source: rstudio-launcher-rbac/templates/rbac.yaml 9 | apiVersion: rbac.authorization.k8s.io/v1 10 | kind: Role 11 | metadata: 12 | name: rstudio-launcher-rbac 13 | rules: 14 | - apiGroups: 15 | - "" 16 | resources: 17 | - "pods" 18 | - "pods/log" 19 | - "pods/attach" 20 | - "pods/exec" 21 | verbs: 22 | - "get" 23 | - "create" 24 | - "update" 25 | - "patch" 26 | - "watch" 27 | - "list" 28 | - "delete" 29 | - apiGroups: 30 | - "" 31 | resources: 32 | - "events" 33 | verbs: 34 | - "watch" 35 | - apiGroups: 36 | - "" 37 | resources: 38 | - "services" 39 | verbs: 40 | - "create" 41 | - "get" 42 | - "watch" 43 | - "list" 44 | - "delete" 45 | - apiGroups: 46 | - "batch" 47 | resources: 48 | - "jobs" 49 | verbs: 50 | - "create" 51 | - "update" 52 | - "patch" 53 | - "get" 54 | - "watch" 55 | - "list" 56 | - "delete" 57 | - apiGroups: 58 | - "metrics.k8s.io" 59 | resources: 60 | - "pods" 61 | verbs: 62 | - "get" 63 | --- 64 | # Source: rstudio-launcher-rbac/templates/rbac.yaml 65 | apiVersion: rbac.authorization.k8s.io/v1 66 | kind: RoleBinding 67 | metadata: 68 | name: rstudio-launcher-rbac 69 | roleRef: 70 | apiGroup: rbac.authorization.k8s.io 71 | kind: Role 72 | name: rstudio-launcher-rbac 73 | subjects: 74 | - kind: ServiceAccount 75 | name: rstudio-launcher-rbac 76 | -------------------------------------------------------------------------------- /examples/rbac/rstudio-launcher-rbac-0.2.5.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: rstudio-launcher-rbac/templates/rbac.yaml 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: rstudio-launcher-rbac 7 | --- 8 | # Source: rstudio-launcher-rbac/templates/rbac.yaml 9 | apiVersion: rbac.authorization.k8s.io/v1 10 | kind: Role 11 | metadata: 12 | name: rstudio-launcher-rbac 13 | rules: 14 | - apiGroups: 15 | - "" 16 | resources: 17 | - "pods" 18 | - "pods/log" 19 | - "pods/attach" 20 | verbs: 21 | - "get" 22 | - "create" 23 | - "update" 24 | - "patch" 25 | - "watch" 26 | - "list" 27 | - "delete" 28 | - apiGroups: 29 | - "" 30 | resources: 31 | - "events" 32 | verbs: 33 | - "watch" 34 | - apiGroups: 35 | - "" 36 | resources: 37 | - "services" 38 | verbs: 39 | - "create" 40 | - "get" 41 | - "watch" 42 | - "list" 43 | - "delete" 44 | - apiGroups: 45 | - "batch" 46 | resources: 47 | - "jobs" 48 | verbs: 49 | - "create" 50 | - "update" 51 | - "patch" 52 | - "get" 53 | - "watch" 54 | - "list" 55 | - "delete" 56 | - apiGroups: 57 | - "metrics.k8s.io" 58 | resources: 59 | - "pods" 60 | verbs: 61 | - "get" 62 | --- 63 | # Source: rstudio-launcher-rbac/templates/rbac.yaml 64 | apiVersion: rbac.authorization.k8s.io/v1 65 | kind: RoleBinding 66 | metadata: 67 | name: rstudio-launcher-rbac 68 | roleRef: 69 | apiGroup: rbac.authorization.k8s.io 70 | kind: Role 71 | name: rstudio-launcher-rbac 72 | subjects: 73 | - kind: ServiceAccount 74 | name: rstudio-launcher-rbac 75 | -------------------------------------------------------------------------------- /examples/rbac/rstudio-launcher-rbac-0.2.6.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: rstudio-launcher-rbac/templates/rbac.yaml 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: rstudio-launcher-rbac 7 | --- 8 | # Source: rstudio-launcher-rbac/templates/rbac.yaml 9 | apiVersion: rbac.authorization.k8s.io/v1 10 | kind: Role 11 | metadata: 12 | name: rstudio-launcher-rbac 13 | rules: 14 | - apiGroups: 15 | - "" 16 | resources: 17 | - "pods" 18 | - "pods/log" 19 | - "pods/attach" 20 | - "pods/exec" 21 | verbs: 22 | - "get" 23 | - "create" 24 | - "update" 25 | - "patch" 26 | - "watch" 27 | - "list" 28 | - "delete" 29 | - apiGroups: 30 | - "" 31 | resources: 32 | - "events" 33 | verbs: 34 | - "watch" 35 | - apiGroups: 36 | - "" 37 | resources: 38 | - "services" 39 | verbs: 40 | - "create" 41 | - "get" 42 | - "watch" 43 | - "list" 44 | - "delete" 45 | - apiGroups: 46 | - "batch" 47 | resources: 48 | - "jobs" 49 | verbs: 50 | - "create" 51 | - "update" 52 | - "patch" 53 | - "get" 54 | - "watch" 55 | - "list" 56 | - "delete" 57 | - apiGroups: 58 | - "metrics.k8s.io" 59 | resources: 60 | - "pods" 61 | verbs: 62 | - "get" 63 | --- 64 | # Source: rstudio-launcher-rbac/templates/rbac.yaml 65 | apiVersion: rbac.authorization.k8s.io/v1 66 | kind: RoleBinding 67 | metadata: 68 | name: rstudio-launcher-rbac 69 | roleRef: 70 | apiGroup: rbac.authorization.k8s.io 71 | kind: Role 72 | name: rstudio-launcher-rbac 73 | subjects: 74 | - kind: ServiceAccount 75 | name: rstudio-launcher-rbac 76 | -------------------------------------------------------------------------------- /examples/rbac/rstudio-launcher-rbac-0.2.7.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: rstudio-launcher-rbac/templates/rbac.yaml 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: rstudio-launcher-rbac 7 | --- 8 | # Source: rstudio-launcher-rbac/templates/rbac.yaml 9 | apiVersion: rbac.authorization.k8s.io/v1 10 | kind: Role 11 | metadata: 12 | name: rstudio-launcher-rbac 13 | rules: 14 | - apiGroups: 15 | - "" 16 | resources: 17 | - "pods" 18 | - "pods/log" 19 | - "pods/attach" 20 | - "pods/exec" 21 | verbs: 22 | - "get" 23 | - "create" 24 | - "update" 25 | - "patch" 26 | - "watch" 27 | - "list" 28 | - "delete" 29 | - apiGroups: 30 | - "" 31 | resources: 32 | - "events" 33 | verbs: 34 | - "watch" 35 | - apiGroups: 36 | - "" 37 | resources: 38 | - "services" 39 | verbs: 40 | - "create" 41 | - "get" 42 | - "watch" 43 | - "list" 44 | - "delete" 45 | - apiGroups: 46 | - "batch" 47 | resources: 48 | - "jobs" 49 | verbs: 50 | - "create" 51 | - "update" 52 | - "patch" 53 | - "get" 54 | - "watch" 55 | - "list" 56 | - "delete" 57 | - apiGroups: 58 | - "metrics.k8s.io" 59 | resources: 60 | - "pods" 61 | verbs: 62 | - "get" 63 | --- 64 | # Source: rstudio-launcher-rbac/templates/rbac.yaml 65 | apiVersion: rbac.authorization.k8s.io/v1 66 | kind: RoleBinding 67 | metadata: 68 | name: rstudio-launcher-rbac 69 | roleRef: 70 | apiGroup: rbac.authorization.k8s.io 71 | kind: Role 72 | name: rstudio-launcher-rbac 73 | subjects: 74 | - kind: ServiceAccount 75 | name: rstudio-launcher-rbac 76 | -------------------------------------------------------------------------------- /examples/rbac/rstudio-launcher-rbac-0.2.8.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: rstudio-launcher-rbac/templates/rbac.yaml 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: rstudio-launcher-rbac 7 | --- 8 | # Source: rstudio-launcher-rbac/templates/rbac.yaml 9 | apiVersion: rbac.authorization.k8s.io/v1 10 | kind: Role 11 | metadata: 12 | name: rstudio-launcher-rbac 13 | rules: 14 | - apiGroups: 15 | - "" 16 | resources: 17 | - "pods" 18 | - "pods/log" 19 | - "pods/attach" 20 | - "pods/exec" 21 | verbs: 22 | - "get" 23 | - "create" 24 | - "update" 25 | - "patch" 26 | - "watch" 27 | - "list" 28 | - "delete" 29 | - apiGroups: 30 | - "" 31 | resources: 32 | - "events" 33 | verbs: 34 | - "watch" 35 | - apiGroups: 36 | - "" 37 | resources: 38 | - "services" 39 | verbs: 40 | - "create" 41 | - "get" 42 | - "watch" 43 | - "list" 44 | - "delete" 45 | - apiGroups: 46 | - "batch" 47 | resources: 48 | - "jobs" 49 | verbs: 50 | - "create" 51 | - "update" 52 | - "patch" 53 | - "get" 54 | - "watch" 55 | - "list" 56 | - "delete" 57 | - apiGroups: 58 | - "metrics.k8s.io" 59 | resources: 60 | - "pods" 61 | verbs: 62 | - "get" 63 | --- 64 | # Source: rstudio-launcher-rbac/templates/rbac.yaml 65 | apiVersion: rbac.authorization.k8s.io/v1 66 | kind: RoleBinding 67 | metadata: 68 | name: rstudio-launcher-rbac 69 | roleRef: 70 | apiGroup: rbac.authorization.k8s.io 71 | kind: Role 72 | name: rstudio-launcher-rbac 73 | subjects: 74 | - kind: ServiceAccount 75 | name: rstudio-launcher-rbac 76 | -------------------------------------------------------------------------------- /examples/workbench/_prereqs.qmd: -------------------------------------------------------------------------------- 1 | To use the example you will need: 2 | 3 | - a license file or key 4 | - `ReadWriteMany` POSIX compliant storage class for `homeStorage` and `sharedStorage` 5 | - a PostgreSQL database. 6 | -------------------------------------------------------------------------------- /examples/workbench/application-configuration/index.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Basic configuration" 3 | --- 4 | 5 | # Configuring Posit Workbench with Recommended Settings 6 | 7 | This example deploys Posit Workbench with the recommended application configuration. 8 | 9 | These settings are recommend for most deployments and are described below: 10 | 11 | - [Set replicas > 1 to deploy Workbench load balanced across multiple pods](https://docs.posit.co/ide/server-pro/load_balancing/configuration.html) 12 | - [Set a default Posit Connect URL](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/rstudio_connect_server.html) 13 | - [Set a default Posit Package Manager CRAN URL](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/package_installation.html#cran-repositories) 14 | - [Set a default Posit Package Manager PyPI URL](https://pip.pypa.io/en/stable/topics/configuration/) 15 | - [Set RStudio Pro IDE timeout settings](https://docs.posit.co/ide/server-pro/rstudio_pro_sessions/user_and_group_profiles.htmlsession-timeout) 16 | - [Set Jupyter IDE timeout settings](https://docs.posit.co/ide/server-pro/jupyter_sessions/configuration.html) 17 | - [Enable the administrator dashboard and set user group(s) to have admin and admin super user permissions](https://docs.posit.co/ide/server-pro/server_management/administrative_dashboard.html) 18 | - [Set default and max resource limits for users](https://docs.posit.co/ide/server-pro/job_launcher/kubernetes_plugin.htmlkube-profiles) 19 | 20 | {{< include ../_prereqs.qmd >}} 21 | 22 | ```{.yaml include="rstudio-workbench-recommended-app-config.yaml" filename="values.yaml"} 23 | ``` 24 | -------------------------------------------------------------------------------- /examples/workbench/auth-user-provisioning/oidc.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: Authentication 3 | --- 4 | 5 | # Configuring Posit Workbench with OpenID Connect 6 | 7 | This example deploys Posit Workbench using OpenID Connect (OIDC) SSO for authentication and `sssd` for user provisioning. 8 | 9 | Users will be authenticated via SSO (using OIDC) and Workbench will match a claim (`preferred_username` by default) to a Linux user account in the Workbench container. 10 | `sssd` is already running in the Workbench container and can be used to automatically provision local user accounts using LDAP or Active Directory. 11 | 12 | See the [OpenID Connect Authentication](https://docs.posit.co/ide/server-pro/authenticating_users/openid_connect_authentication.html) section of the Workbench Admin Guide for more details. 13 | 14 | {{< include ../_prereqs.qmd >}} 15 | 16 | ```{.yaml include="rstudio-workbench-oidc-sssd.yaml" filename="values.yaml"} 17 | ``` 18 | -------------------------------------------------------------------------------- /examples/workbench/auth-user-provisioning/pam-security.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: Authentication 3 | --- 4 | 5 | # Configuring Posit Workbench with Secure Home Directories 6 | 7 | This example deploys Posit Workbench using pam to create user home directories with more secure permissions, in this example 700 8 | 9 | {{< include ../_prereqs.qmd >}} 10 | 11 | ```{.yaml include="rstudio-workbench-pam-homedirectory-permissions.yaml" filename="values.yaml"} 12 | ``` -------------------------------------------------------------------------------- /examples/workbench/auth-user-provisioning/saml.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: Authentication 3 | --- 4 | 5 | # Configuring Posit Workbench with SAML 6 | 7 | This example deploys Posit Workbench using SAML SSO for authentication and `sssd` for user provisioning. 8 | 9 | Users will be authenticated via SSO (using SAML) and Workbench will match an attribute (`Username` by default) to a Linux user account in the Workbench container. 10 | `sssd` is already running in the Workbench container and can be used to automatically provision local user accounts using LDAP or Active Directory. 11 | 12 | See the [SAML Single Sign-On Authentication](https://docs.posit.co/ide/server-pro/authenticating_users/saml_sso.html) section of the Workbench Admin Guide for more details. 13 | 14 | {{< include ../_prereqs.qmd >}} 15 | 16 | ```{.yaml include="rstudio-workbench-saml-sssd.yaml" filename="values.yaml"} 17 | ``` 18 | -------------------------------------------------------------------------------- /examples/workbench/container-images/custom-images.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Container images" 3 | --- 4 | 5 | # Configuring Posit Workbench with Custom Container Images 6 | 7 | This example deploys Posit Workbench using custom images instead of the default public Posit provided images. 8 | 9 | Both the Workbench service and session container images may be customized in the helm chart to pull from your own container registry instead of the public Posit provided images. 10 | 11 | The default public images are on Docker Hub: 12 | 13 | Workbench service: [rstudio/rstudio-workbench](https://hub.docker.com/r/rstudio/rstudio-workbench) 14 | Workbench sessions: [rstudio/r-session-complete](https://hub.docker.com/r/rstudio/r-session-complete) 15 | 16 | 17 | {{< include ../_prereqs.qmd >}} 18 | 19 | ```{.yaml include="rstudio-workbench-custom-image.yaml" filename="values.yaml"} 20 | ``` 21 | -------------------------------------------------------------------------------- /examples/workbench/container-images/private-images.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Container images" 3 | --- 4 | 5 | # Configuring Posit Workbench to Access Image Registries Requiring Authentication 6 | 7 | This example deploys Posit Workbench using custom images in registries requiring authentication instead of the default public Posit provided images. 8 | 9 | Both the Workbench service and session container images may be customized in the helm chart to pull from your own container registry instead of the public Posit provided images. 10 | This example also shows where to provide private registry credentials in the form of a Kubernetes secret of type `kubernetes.io/dockercfg`. 11 | 12 | Note the registry credentials secret must be specified in two places in the values to apply to Workbench and session containers (shown in the example below). 13 | 14 | The default public images are on Docker Hub: 15 | 16 | Workbench service: [rstudio/rstudio-workbench](https://hub.docker.com/r/rstudio/rstudio-workbench) 17 | Workbench sessions: [rstudio/r-session-complete](https://hub.docker.com/r/rstudio/r-session-complete) 18 | 19 | 20 | {{< include ../_prereqs.qmd >}} 21 | 22 | ```{.yaml include="rstudio-workbench-custom-image-private.yaml" filename="values.yaml"} 23 | ``` 24 | -------------------------------------------------------------------------------- /examples/workbench/index.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | title: Posit Workbench Examples 3 | listing: 4 | template: ../examples.ejs 5 | contents: "*.qmd" 6 | --- 7 | 8 | The examples in this directory provide a starting point for deploying Posit Workbench in different configurations. 9 | Each example has a beginning description and a series of `TODO` comments. 10 | 11 | Before using an example, read through all the comments and ensure you address each `TODO`. 12 | 13 | While each example focuses on one or more particular configurations, RStudio Workbench has some standard requirements listed in each example. 14 | 15 | Each example needs the following to run correctly: 16 | 17 | - PostgreSQL database specified in the Workbench configuration 18 | - License key or file specified 19 | - `homeStorage` configured 20 | - `sharedStorage` configured 21 | -------------------------------------------------------------------------------- /examples/workbench/ingress/aws-alb.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Ingress" 3 | --- 4 | 5 | # Configuring Posit Workbench with an AWS ALB Ingress 6 | 7 | This example deploys Posit Workbench with an Ingress using the AWS Load Balancer Controller to create an Application Load Balancer (ALB). 8 | This example is provided to show how to set annotations to enable session affinity, redirect HTTP traffic to HTTPS and use AWS Certificate Manager if desired. 9 | 10 | The AWS Load Balancer Controller has a variety of settings and modes of operation. Please visit the [AWS documentation](https://kubernetes-sigs.github.io/aws-load-balancer-controller/) for more details specific to your use case. 11 | 12 | {{< include ../_prereqs.qmd >}} 13 | 14 | ```{.yaml include="rstudio-workbench-alb-ingress.yaml" filename="values.yaml"} 15 | ``` 16 | -------------------------------------------------------------------------------- /examples/workbench/ingress/azure-gateway.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Ingress" 3 | --- 4 | 5 | # Configuring Posit Workbench with an Azure Application Gateway Ingress 6 | 7 | This example deploys Posit Workbench with an Ingress using the Azure Application Gateway Ingress Controller to create an Azure Application Gateway load balancer. 8 | This example is provided to show how to set annotations to enabled session affinity and to redirect HTTP traffic to HTTPS. 9 | 10 | The Azure Application Gateway Ingress Controller has a variety of settings and modes of operation. 11 | Please visit the [Azure documentation](https://azure.github.io/application-gateway-kubernetes-ingress/) for more details specific to your use case. 12 | 13 | {{< include ../_prereqs.qmd >}} 14 | 15 | ```{.yaml include="rstudio-workbench-azure-application-gateway-ingress.yaml" filename="values.yaml"} 16 | ``` 17 | -------------------------------------------------------------------------------- /examples/workbench/ingress/gce.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Ingress" 3 | --- 4 | 5 | # Configuring Posit Workbench with a GKE Ingress 6 | 7 | This example deploys Posit Workbench with an Ingress using the GKE Ingress Controller to create a GCP Application Load Balancer. 8 | This example is provided to show how to set annotations to enabled session affinity, redirect HTTP traffic to HTTPS and use GCP Certificate Manager if desired. 9 | 10 | The GKE Ingress Controller has a variety of settings and modes of operation. Please visit the [GCP documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/load-balance-ingress) for more details specific to your use case. 11 | 12 | {{< include ../_prereqs.qmd >}} 13 | 14 | ```{.yaml include="rstudio-workbench-gce-ingress.yaml" filename="values.yaml"} 15 | ``` 16 | -------------------------------------------------------------------------------- /examples/workbench/ingress/nginx.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Ingress" 3 | --- 4 | 5 | # Configuring Posit Workbench with a NGINX Ingress 6 | 7 | This example deploys Posit Workbench with an Ingress using the Ingress NGINX Controller. 8 | This example is provided to show how to set annotations to enabled session affinity and to redirect HTTP traffic to HTTPS. 9 | 10 | The Ingress NGINX Controller has a variety of settings and modes of operation. Please visit the [NGINX controller documentation](https://kubernetes.github.io/ingress-nginx/) for more details specific to your use case. 11 | 12 | ::: callout-note 13 | This example is for the Ingress NGINX Controller which is part of Kubernetes and is located at [https://github.com/kubernetes/ingress-nginx](https://github.com/kubernetes/ingress-nginx). If you are using the NGINX or NGINX Plus Ingress Controllers from NGINX Inc located at [https://github.com/nginxinc/kubernetes-ingress](https://github.com/nginxinc/kubernetes-ingress) then different annotations will need to be applied. 14 | ::: 15 | 16 | {{< include ../_prereqs.qmd >}} 17 | 18 | ```{.yaml include="rstudio-workbench-nginx-ingress.yaml" filename="values.yaml"} 19 | ``` 20 | -------------------------------------------------------------------------------- /examples/workbench/ingress/traefik.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: "Ingress" 3 | --- 4 | 5 | # Configuring Posit Workbench with a Traefik Ingress 6 | 7 | This example deploys Posit Workbench with an Ingress using the Traefik Ingress Controller. 8 | This example is provided to show how to set annotations to enabled session affinity and to redirect HTTP traffic to HTTPS. 9 | 10 | The Traefik Ingress Controller has a variety of settings and modes of operation. Please visit the [Traefik documentation](https://doc.traefik.io/traefik/providers/kubernetes-ingress/) for more details specific to your use case. 11 | 12 | {{< include ../_prereqs.qmd >}} 13 | 14 | ```{.yaml include="rstudio-workbench-traefik-ingress.yaml" filename="values.yaml"} 15 | ``` 16 | -------------------------------------------------------------------------------- /examples/workbench/storage/additional-volumes.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: Storage 3 | --- 4 | 5 | # Configuring Posit Workbench with additional volumes 6 | 7 | This example shows how to mount a `ConfigMap` to the Workbench pod and a `PVC` is mounted to session pods. 8 | This pattern of specifying the volumes and volumeMounts will work for a variety of volume types: `PVC`, `ConfigMap`, etc. 9 | 10 | Depending on the need to add additional volumes, you may only need to mount to the Workbench service or session pods but not both. 11 | For example, if you need to add TLS certificates for Workbench via a `ConfigMap` then the session pods do not need the `ConfigMap` mounted. 12 | 13 | {{< include ../_prereqs.qmd >}} 14 | 15 | ```{.yaml include="rstudio-workbench-with-additional-mounts.yaml" filename="values.yaml"} 16 | ``` 17 | -------------------------------------------------------------------------------- /examples/workbench/storage/nfs-pv.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | category: Storage 3 | --- 4 | 5 | # Configuring Posit Workbench with an NFS-backed `PersistentVolume` 6 | 7 | This example deploys Posit Workbench with a single `PersistentVolume` backed by an NFS server. 8 | 9 | The `PersistentVolume` allows setting NFS `mountOptions` and it creates a `StorageClass` that Posit Workbench then takes advantage of when it creates its `PersistentVolumeClaim`. 10 | 11 | `sharedStorage` is not needed in this example as `config.server.rserver.conf.server-shared-storage-path` is set to put the required shared storage folder in `/home` 12 | 13 | Both the PVC and PV will be left around after the helm release is removed (for manual cleanup) due to the `persistentVolumeReclaimPolicy: Retain` setting. 14 | 15 | {{< include ../_prereqs.qmd >}} 16 | 17 | ```{.yaml include="rstudio-workbench-with-pv.yaml" filename="values.yaml"} 18 | ``` 19 | -------------------------------------------------------------------------------- /examples/yaml/daemonset-r-session-complete-dockerhub/prepull-rstudio-r-session-complete-bionic-1.3.1056-1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: prepull-daemonset/templates/daemonset.yaml 3 | apiVersion: apps/v1 4 | kind: DaemonSet 5 | metadata: 6 | name: prepull-daemonset 7 | labels: 8 | app: prepull-daemonset 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: prepull-daemonset 13 | template: 14 | metadata: 15 | annotations: 16 | rollme: "OoJvOOvxdV" 17 | labels: 18 | name: prepull-daemonset 19 | spec: 20 | initContainers: 21 | - name: prepull-prepull-image 22 | image: rstudio/r-session-complete:bionic-1.3.1056-1 23 | imagePullPolicy: Always 24 | command: ["echo"] 25 | args: ["Finished pre-pull"] 26 | containers: 27 | - name: pause 28 | image: gcr.io/google_containers/pause 29 | -------------------------------------------------------------------------------- /examples/yaml/daemonset-r-session-complete-dockerhub/prepull-rstudio-r-session-complete-bionic-1.3.1073-1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: prepull-daemonset/templates/daemonset.yaml 3 | apiVersion: apps/v1 4 | kind: DaemonSet 5 | metadata: 6 | name: prepull-daemonset 7 | labels: 8 | app: prepull-daemonset 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: prepull-daemonset 13 | template: 14 | metadata: 15 | annotations: 16 | rollme: "3gu1TjylF6" 17 | labels: 18 | name: prepull-daemonset 19 | spec: 20 | initContainers: 21 | - name: prepull-prepull-image 22 | image: rstudio/r-session-complete:bionic-1.3.1073-1 23 | imagePullPolicy: Always 24 | command: ["echo"] 25 | args: ["Finished pre-pull"] 26 | containers: 27 | - name: pause 28 | image: gcr.io/google_containers/pause 29 | -------------------------------------------------------------------------------- /examples/yaml/daemonset-r-session-complete-dockerhub/prepull-rstudio-r-session-complete-bionic-1.3.1093-1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: prepull-daemonset/templates/daemonset.yaml 3 | apiVersion: apps/v1 4 | kind: DaemonSet 5 | metadata: 6 | name: prepull-daemonset 7 | labels: 8 | app: prepull-daemonset 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: prepull-daemonset 13 | template: 14 | metadata: 15 | annotations: 16 | rollme: "I7c6YhiL9E" 17 | labels: 18 | name: prepull-daemonset 19 | spec: 20 | initContainers: 21 | - name: prepull-prepull-image 22 | image: rstudio/r-session-complete:bionic-1.3.1093-1 23 | imagePullPolicy: Always 24 | command: ["echo"] 25 | args: ["Finished pre-pull"] 26 | containers: 27 | - name: pause 28 | image: gcr.io/google_containers/pause 29 | -------------------------------------------------------------------------------- /examples/yaml/daemonset-r-session-complete-dockerhub/prepull-rstudio-r-session-complete-bionic-1.3.959-1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: prepull-daemonset/templates/daemonset.yaml 3 | apiVersion: apps/v1 4 | kind: DaemonSet 5 | metadata: 6 | name: prepull-daemonset 7 | labels: 8 | app: prepull-daemonset 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: prepull-daemonset 13 | template: 14 | metadata: 15 | annotations: 16 | rollme: "xEVJRfe5GJ" 17 | labels: 18 | name: prepull-daemonset 19 | spec: 20 | initContainers: 21 | - name: prepull-prepull-image 22 | image: rstudio/r-session-complete:bionic-1.3.959-1 23 | imagePullPolicy: Always 24 | command: ["echo"] 25 | args: ["Finished pre-pull"] 26 | containers: 27 | - name: pause 28 | image: gcr.io/google_containers/pause 29 | -------------------------------------------------------------------------------- /examples/yaml/daemonset-r-session-complete-dockerhub/prepull-rstudio-r-session-complete-bionic-1.3.959-2.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: prepull-daemonset/templates/daemonset.yaml 3 | apiVersion: apps/v1 4 | kind: DaemonSet 5 | metadata: 6 | name: prepull-daemonset 7 | labels: 8 | app: prepull-daemonset 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: prepull-daemonset 13 | template: 14 | metadata: 15 | annotations: 16 | rollme: "tj26ttyhpA" 17 | labels: 18 | name: prepull-daemonset 19 | spec: 20 | initContainers: 21 | - name: prepull-prepull-image 22 | image: rstudio/r-session-complete:bionic-1.3.959-2 23 | imagePullPolicy: Always 24 | command: ["echo"] 25 | args: ["Finished pre-pull"] 26 | containers: 27 | - name: pause 28 | image: gcr.io/google_containers/pause 29 | -------------------------------------------------------------------------------- /examples/yaml/daemonset-r-session-complete-dockerhub/prepull-rstudio-r-session-complete-bionic-1.4.1103-1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: prepull-daemonset/templates/daemonset.yaml 3 | apiVersion: apps/v1 4 | kind: DaemonSet 5 | metadata: 6 | name: prepull-daemonset 7 | labels: 8 | app: prepull-daemonset 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: prepull-daemonset 13 | template: 14 | metadata: 15 | annotations: 16 | rollme: "PdSXMZO5GV" 17 | labels: 18 | name: prepull-daemonset 19 | spec: 20 | initContainers: 21 | - name: prepull-prepull-image 22 | image: rstudio/r-session-complete:bionic-1.4.1103-1 23 | imagePullPolicy: Always 24 | command: ["echo"] 25 | args: ["Finished pre-pull"] 26 | containers: 27 | - name: pause 28 | image: gcr.io/google_containers/pause 29 | -------------------------------------------------------------------------------- /examples/yaml/daemonset-r-session-complete-dockerhub/prepull-rstudio-r-session-complete-bionic-1.4.1103-3.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: prepull-daemonset/templates/daemonset.yaml 3 | apiVersion: apps/v1 4 | kind: DaemonSet 5 | metadata: 6 | name: prepull-daemonset 7 | labels: 8 | app: prepull-daemonset 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: prepull-daemonset 13 | template: 14 | metadata: 15 | annotations: 16 | rollme: "QOqp7yuUkm" 17 | labels: 18 | name: prepull-daemonset 19 | spec: 20 | initContainers: 21 | - name: prepull-prepull-image 22 | image: rstudio/r-session-complete:bionic-1.4.1103-3 23 | imagePullPolicy: Always 24 | command: ["echo"] 25 | args: ["Finished pre-pull"] 26 | containers: 27 | - name: pause 28 | image: gcr.io/google_containers/pause 29 | -------------------------------------------------------------------------------- /examples/yaml/daemonset-r-session-complete-dockerhub/prepull-rstudio-r-session-complete-bionic-1.4.1103-4.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: prepull-daemonset/templates/daemonset.yaml 3 | apiVersion: apps/v1 4 | kind: DaemonSet 5 | metadata: 6 | name: prepull-daemonset 7 | labels: 8 | app: prepull-daemonset 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: prepull-daemonset 13 | template: 14 | metadata: 15 | annotations: 16 | rollme: "JxnqofmS6A" 17 | labels: 18 | name: prepull-daemonset 19 | spec: 20 | initContainers: 21 | - name: prepull-prepull-image 22 | image: rstudio/r-session-complete:bionic-1.4.1103-4 23 | imagePullPolicy: Always 24 | command: ["echo"] 25 | args: ["Finished pre-pull"] 26 | containers: 27 | - name: pause 28 | image: gcr.io/google_containers/pause 29 | -------------------------------------------------------------------------------- /examples/yaml/daemonset-r-session-complete-dockerhub/prepull-rstudio-r-session-complete-bionic-1.4.1106-5.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: prepull-daemonset/templates/daemonset.yaml 3 | apiVersion: apps/v1 4 | kind: DaemonSet 5 | metadata: 6 | name: prepull-daemonset 7 | labels: 8 | app: prepull-daemonset 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: prepull-daemonset 13 | template: 14 | metadata: 15 | annotations: 16 | rollme: "isGr7iyvdN" 17 | labels: 18 | name: prepull-daemonset 19 | spec: 20 | initContainers: 21 | - name: prepull-prepull-image 22 | image: rstudio/r-session-complete:bionic-1.4.1106-5 23 | imagePullPolicy: Always 24 | command: ["echo"] 25 | args: ["Finished pre-pull"] 26 | containers: 27 | - name: pause 28 | image: gcr.io/google_containers/pause 29 | -------------------------------------------------------------------------------- /examples/yaml/daemonset-r-session-complete-dockerhub/prepull-rstudio-r-session-complete-bionic-1.4.1717-3.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: prepull-daemonset/templates/daemonset.yaml 3 | apiVersion: apps/v1 4 | kind: DaemonSet 5 | metadata: 6 | name: prepull-daemonset 7 | labels: 8 | app: prepull-daemonset 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: prepull-daemonset 13 | template: 14 | metadata: 15 | annotations: 16 | rollme: "Cj2bfzmi71" 17 | labels: 18 | name: prepull-daemonset 19 | spec: 20 | initContainers: 21 | - name: prepull-prepull-image 22 | image: rstudio/r-session-complete:bionic-1.4.1717-3 23 | imagePullPolicy: Always 24 | command: ["echo"] 25 | args: ["Finished pre-pull"] 26 | containers: 27 | - name: pause 28 | image: gcr.io/google_containers/pause 29 | -------------------------------------------------------------------------------- /examples/yaml/daemonset-r-session-complete-dockerhub/prepull-rstudio-r-session-complete-bionic-1.4.702-1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: prepull-daemonset/templates/daemonset.yaml 3 | apiVersion: apps/v1 4 | kind: DaemonSet 5 | metadata: 6 | name: prepull-daemonset 7 | labels: 8 | app: prepull-daemonset 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: prepull-daemonset 13 | template: 14 | metadata: 15 | annotations: 16 | rollme: "mDqdyJ4lVS" 17 | labels: 18 | name: prepull-daemonset 19 | spec: 20 | initContainers: 21 | - name: prepull-prepull-image 22 | image: rstudio/r-session-complete:bionic-1.4.702-1 23 | imagePullPolicy: Always 24 | command: ["echo"] 25 | args: ["Finished pre-pull"] 26 | containers: 27 | - name: pause 28 | image: gcr.io/google_containers/pause 29 | -------------------------------------------------------------------------------- /examples/yaml/daemonset-r-session-complete-dockerhub/prepull-rstudio-r-session-complete-bionic-2021.09.0-351.pro6.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: prepull-daemonset/templates/daemonset.yaml 3 | apiVersion: apps/v1 4 | kind: DaemonSet 5 | metadata: 6 | name: prepull-daemonset 7 | labels: 8 | app: prepull-daemonset 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: prepull-daemonset 13 | template: 14 | metadata: 15 | annotations: 16 | rollme: "eEEzz4fRZL" 17 | labels: 18 | name: prepull-daemonset 19 | spec: 20 | initContainers: 21 | - name: prepull-prepull-image 22 | image: rstudio/r-session-complete:bionic-2021.09.0-351.pro6 23 | imagePullPolicy: Always 24 | command: ["echo"] 25 | args: ["Finished pre-pull"] 26 | containers: 27 | - name: pause 28 | image: gcr.io/google_containers/pause 29 | -------------------------------------------------------------------------------- /examples/yaml/daemonset-r-session-complete-dockerhub/prepull-rstudio-r-session-complete-bionic-2021.09.1-372.pro1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: prepull-daemonset/templates/daemonset.yaml 3 | apiVersion: apps/v1 4 | kind: DaemonSet 5 | metadata: 6 | name: prepull-daemonset 7 | labels: 8 | app: prepull-daemonset 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: prepull-daemonset 13 | template: 14 | metadata: 15 | annotations: 16 | rollme: "jd1pMBK3l1" 17 | labels: 18 | name: prepull-daemonset 19 | spec: 20 | initContainers: 21 | - name: prepull-prepull-image 22 | image: rstudio/r-session-complete:bionic-2021.09.1-372.pro1 23 | imagePullPolicy: Always 24 | command: ["echo"] 25 | args: ["Finished pre-pull"] 26 | containers: 27 | - name: pause 28 | image: gcr.io/google_containers/pause 29 | -------------------------------------------------------------------------------- /examples/yaml/daemonset-r-session-complete-dockerhub/prepull-rstudio-r-session-complete-bionic-2021.09.2-382.pro1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: prepull-daemonset/templates/daemonset.yaml 3 | apiVersion: apps/v1 4 | kind: DaemonSet 5 | metadata: 6 | name: prepull-daemonset 7 | labels: 8 | app: prepull-daemonset 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: prepull-daemonset 13 | template: 14 | metadata: 15 | annotations: 16 | rollme: "jqmog9PWXj" 17 | labels: 18 | name: prepull-daemonset 19 | spec: 20 | initContainers: 21 | - name: prepull-prepull-image 22 | image: rstudio/r-session-complete:bionic-2021.09.2-382.pro1 23 | imagePullPolicy: Always 24 | command: ["echo"] 25 | args: ["Finished pre-pull"] 26 | containers: 27 | - name: pause 28 | image: gcr.io/google_containers/pause 29 | -------------------------------------------------------------------------------- /examples/yaml/daemonset-r-session-complete-dockerhub/prepull-rstudio-r-session-complete-bionic-latest.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: prepull-daemonset/templates/daemonset.yaml 3 | apiVersion: apps/v1 4 | kind: DaemonSet 5 | metadata: 6 | name: prepull-daemonset 7 | labels: 8 | app: prepull-daemonset 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: prepull-daemonset 13 | template: 14 | metadata: 15 | annotations: 16 | rollme: "jqmog9PWXj" 17 | labels: 18 | name: prepull-daemonset 19 | spec: 20 | initContainers: 21 | - name: prepull-prepull-image 22 | image: rstudio/r-session-complete:bionic-latest 23 | imagePullPolicy: Always 24 | command: ["echo"] 25 | args: ["Finished pre-pull"] 26 | containers: 27 | - name: pause 28 | image: gcr.io/google_containers/pause 29 | -------------------------------------------------------------------------------- /examples/yaml/daemonset-r-session-complete-ghcr/prepull-ghcr-rstudio-r-session-complete-bionic-1.4.1717-3.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: prepull-daemonset/templates/daemonset.yaml 3 | apiVersion: apps/v1 4 | kind: DaemonSet 5 | metadata: 6 | name: prepull-daemonset 7 | labels: 8 | app: prepull-daemonset 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: prepull-daemonset 13 | template: 14 | metadata: 15 | annotations: 16 | rollme: "kPQExFafgv" 17 | labels: 18 | name: prepull-daemonset 19 | spec: 20 | initContainers: 21 | - name: prepull-prepull-image 22 | image: ghcr.io/rstudio/r-session-complete:bionic-1.4.1717-3 23 | imagePullPolicy: Always 24 | command: ["echo"] 25 | args: ["Finished pre-pull"] 26 | containers: 27 | - name: pause 28 | image: gcr.io/google_containers/pause 29 | -------------------------------------------------------------------------------- /examples/yaml/daemonset-r-session-complete-ghcr/prepull-ghcr-rstudio-r-session-complete-bionic-2021.09.0-351.pro6.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: prepull-daemonset/templates/daemonset.yaml 3 | apiVersion: apps/v1 4 | kind: DaemonSet 5 | metadata: 6 | name: prepull-daemonset 7 | labels: 8 | app: prepull-daemonset 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: prepull-daemonset 13 | template: 14 | metadata: 15 | annotations: 16 | rollme: "evuYD0F2LR" 17 | labels: 18 | name: prepull-daemonset 19 | spec: 20 | initContainers: 21 | - name: prepull-prepull-image 22 | image: ghcr.io/rstudio/r-session-complete:bionic-2021.09.0-351.pro6 23 | imagePullPolicy: Always 24 | command: ["echo"] 25 | args: ["Finished pre-pull"] 26 | containers: 27 | - name: pause 28 | image: gcr.io/google_containers/pause 29 | -------------------------------------------------------------------------------- /examples/yaml/daemonset-r-session-complete-ghcr/prepull-ghcr-rstudio-r-session-complete-bionic-2021.09.1-372.pro1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: prepull-daemonset/templates/daemonset.yaml 3 | apiVersion: apps/v1 4 | kind: DaemonSet 5 | metadata: 6 | name: prepull-daemonset 7 | labels: 8 | app: prepull-daemonset 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: prepull-daemonset 13 | template: 14 | metadata: 15 | annotations: 16 | rollme: "ZqBo9AvHrQ" 17 | labels: 18 | name: prepull-daemonset 19 | spec: 20 | initContainers: 21 | - name: prepull-prepull-image 22 | image: ghcr.io/rstudio/r-session-complete:bionic-2021.09.1-372.pro1 23 | imagePullPolicy: Always 24 | command: ["echo"] 25 | args: ["Finished pre-pull"] 26 | containers: 27 | - name: pause 28 | image: gcr.io/google_containers/pause 29 | -------------------------------------------------------------------------------- /examples/yaml/daemonset-r-session-complete-ghcr/prepull-ghcr-rstudio-r-session-complete-bionic-2021.09.2-382.pro1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: prepull-daemonset/templates/daemonset.yaml 3 | apiVersion: apps/v1 4 | kind: DaemonSet 5 | metadata: 6 | name: prepull-daemonset 7 | labels: 8 | app: prepull-daemonset 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: prepull-daemonset 13 | template: 14 | metadata: 15 | annotations: 16 | rollme: "01Jrnhp0Rg" 17 | labels: 18 | name: prepull-daemonset 19 | spec: 20 | initContainers: 21 | - name: prepull-prepull-image 22 | image: ghcr.io/rstudio/r-session-complete:bionic-2021.09.2-382.pro1 23 | imagePullPolicy: Always 24 | command: ["echo"] 25 | args: ["Finished pre-pull"] 26 | containers: 27 | - name: pause 28 | image: gcr.io/google_containers/pause 29 | -------------------------------------------------------------------------------- /examples/yaml/daemonset-r-session-complete-ghcr/prepull-ghcr-rstudio-r-session-complete-bionic-latest.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: prepull-daemonset/templates/daemonset.yaml 3 | apiVersion: apps/v1 4 | kind: DaemonSet 5 | metadata: 6 | name: prepull-daemonset 7 | labels: 8 | app: prepull-daemonset 9 | spec: 10 | selector: 11 | matchLabels: 12 | name: prepull-daemonset 13 | template: 14 | metadata: 15 | annotations: 16 | rollme: "01Jrnhp0Rg" 17 | labels: 18 | name: prepull-daemonset 19 | spec: 20 | initContainers: 21 | - name: prepull-prepull-image 22 | image: ghcr.io/rstudio/r-session-complete:bionic-latest 23 | imagePullPolicy: Always 24 | command: ["echo"] 25 | args: ["Finished pre-pull"] 26 | containers: 27 | - name: pause 28 | image: gcr.io/google_containers/pause 29 | -------------------------------------------------------------------------------- /images/favicon.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 5 | 8 | 9 | 13 | 14 | 15 | 16 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /images/posit-icon-fullcolor.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 5 | 9 | 22 | 23 | -------------------------------------------------------------------------------- /index.qmd: -------------------------------------------------------------------------------- 1 | --- 2 | title: Posit Helm Charts 3 | --- 4 | 5 | [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/rstudio)](https://artifacthub.io/packages/search?repo=rstudio) 6 | [![GitHub license](https://img.shields.io/github/license/rstudio/helm.svg)](https://github.com/rstudio/helm/blob/main/LICENSE) 7 | 8 | ## Usage 9 | 10 | 1. Install [Helm](https://helm.sh). Please refer to the [Helm documentation](https://helm.sh/docs/) for more information on getting started. 11 | 12 | 2. Add the Posit Helm repository: 13 | 14 | ```{.bash} 15 | helm repo add rstudio https://helm.rstudio.com 16 | ``` 17 | 18 | 3. View charts: 19 | 20 | ```{.bash} 21 | helm search repo rstudio 22 | ``` -------------------------------------------------------------------------------- /other-charts/prepull-daemonset/Chart.yaml: -------------------------------------------------------------------------------- 1 | name: prepull-daemonset 2 | description: a daemonset to prepull images so they are cached 3 | version: 0.0.4 4 | apiVersion: v2 5 | icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png 6 | home: https://www.rstudio.com 7 | sources: 8 | - https://github.com/rstudio/helm 9 | maintainers: 10 | - name: sol-eng 11 | email: docker@rstudio.com 12 | url: https://github.com/sol-eng 13 | annotations: 14 | artifacthub.io/images: | 15 | - name: ubuntu 16 | image: ubuntu:bionic 17 | - name: pause 18 | image: gcr.io/google_containers/pause 19 | artifacthub.io/license: MIT 20 | artifacthub.io/links: | 21 | - name: Docker Images 22 | url: https://github.com/rstudio/rstudio-docker-products 23 | - name: RStudio Community 24 | url: https://community.rstudio.com/c/r-admin/5 25 | keywords: 26 | - "prepull" 27 | - "bootstrap" 28 | - "image-cache" 29 | - "auto-scaling" 30 | - "startup" 31 | - "container" 32 | -------------------------------------------------------------------------------- /other-charts/prepull-daemonset/NEWS.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | ## 0.0.4 4 | 5 | - Update docs 6 | 7 | ## 0.0.3 8 | 9 | - Updates to support standalone documentation site 10 | 11 | ## 0.0.2 12 | 13 | - Add optional randomization to redeploy the daemonset on each deployment 14 | - Add values to configure the updateStrategy 15 | 16 | ## 0.0.1 17 | 18 | - Initial release 19 | -------------------------------------------------------------------------------- /other-charts/prepull-daemonset/README.md.gotmpl: -------------------------------------------------------------------------------- 1 | {{ template "rstudio.header" . }} 2 | 3 | {{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} 4 | 5 | {{ template "rstudio.description" . }} 6 | 7 | {{ template "rstudio.install" . }} 8 | 9 | ## Use 10 | 11 | Create a `values.yaml` file somewhere that lists the images you'd like to be pre-pulled (use the `values.yaml` file in this repo for format): 12 | 13 | ``` 14 | images: 15 | - name: my-first-image 16 | image: some-id.dkr.ecr.us-east-1.amazonaws.com/my-ecr-repo:latest 17 | - name: my-second-image 18 | image: some-id.dkr.ecr.us-east-1.amazonaws.com/my-other-repo:latest 19 | - name: my-third-public-image 20 | image: ubuntu:bionic 21 | ``` 22 | 23 | ## Pull Again 24 | 25 | To run the pre-pull again (i.e. to pull new images with the same tag, to ensure node 26 | caches are fresh), there are a few options: 27 | 28 | ``` 29 | # by default, every upgrade is randomized / does a rollout (`--set randomize=false` to disable this behavior) 30 | helm upgrade install prepull-daemonset rstudio/prepull-daemonset 31 | 32 | # or use kubectl 33 | kubectl rollout restart daemonset/prepull-daemonset 34 | ``` 35 | 36 | > Kubernetes Nodes (specifically, the `kubelet` service) periodically remove images from 37 | > the node's cache to free up disk space, especially if an image is not in use and has 38 | > not been used lately 39 | 40 | {{ template "chart.valuesSection" . }} 41 | 42 | {{ template "helm-docs.versionFooter" . }} 43 | -------------------------------------------------------------------------------- /other-charts/prepull-daemonset/templates/daemonset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet 3 | metadata: 4 | name: {{ .Chart.Name | trunc 63 | trimSuffix "-" }} 5 | labels: 6 | app: {{ .Chart.Name | trunc 63 | trimSuffix "-" }} 7 | spec: 8 | selector: 9 | matchLabels: 10 | name: {{ .Chart.Name | trunc 63 | trimSuffix "-" }} 11 | {{- with .Values.updateStrategy }} 12 | updateStrategy: 13 | {{- toYaml . | nindent 4 }} 14 | {{- end }} 15 | template: 16 | metadata: 17 | annotations: 18 | {{- if .Values.randomize }} 19 | rollme: {{ randAlphaNum 10 | quote }} 20 | {{- end }} 21 | labels: 22 | name: {{ .Chart.Name | trunc 63 | trimSuffix "-" }} 23 | spec: 24 | initContainers: 25 | {{- range .Values.images }} 26 | - name: prepull-{{ .name }} 27 | image: {{ .image }} 28 | imagePullPolicy: Always 29 | command: ["echo"] 30 | args: ["Finished pre-pull"] 31 | {{- end }} 32 | containers: 33 | - name: pause 34 | image: gcr.io/google_containers/pause 35 | -------------------------------------------------------------------------------- /other-charts/prepull-daemonset/values.yaml: -------------------------------------------------------------------------------- 1 | images: 2 | - name: ubuntu-bionic 3 | image: ubuntu:bionic 4 | 5 | updateStrategy: {} 6 | 7 | randomize: true 8 | -------------------------------------------------------------------------------- /scripts/README.md: -------------------------------------------------------------------------------- 1 | # Rebuilding Index 2 | 3 | The Helm `index.yaml` is hosted on the `gh-pages` branch of this repo. If this 4 | index becomes out-of-sync with the releases, you can rebuild it by using a 5 | GitHub Actions Workflow. 6 | 7 | ## Prerequisites 8 | 9 | - To use the `rebuild.sh` script with our workflow, the `rebuild.sh` 10 | script must be checked in to the `gh-pages` branch. If you make any changes 11 | to the script in this directory, make sure you also commit the same changes 12 | to the `gh-pages` branch. 13 | - You must have permission to run GitHub Actions Workflows for this repo. 14 | 15 | ## Running the Action 16 | 17 | - Navigate to 18 | https://github.com/rstudio/helm/actions/workflows/chart-rebuild.yaml. 19 | - Use the `Run Workflow` button to run the workflow. 20 | - Review the Pull Request created by the workflow. 21 | - When approved, merge the Pull Request into the `gh-pages` branch. 22 | --------------------------------------------------------------------------------