rstudio · bschwedler · May 27, 2025 · May 19, 2025 · May 20, 2025 · May 9, 2025
@@ -1,6 +1,6 @@
 dependencies:
 - name: rstudio-library
   repository: https://helm.rstudio.com
-  version: 0.1.31
-digest: sha256:2a0e98b8fa01730bf2db3816a7310462c921b9fa2f1f3c74f85fedede82e1593
-generated: "2024-11-01T10:19:53.608088-04:00"
+  version: 0.1.34
+digest: sha256:66324c3ca436a3743e6f7c3dd8e159d21fca4fd5072d4d8c2583bfafd8499d70
+generated: "2025-05-20T10:37:20.963885313-06:00"
@@ -1,6 +1,6 @@
 name: rstudio-connect
 description: Official Helm chart for Posit Connect
-version: 0.7.25
+version: 0.7.26
 apiVersion: v2
 appVersion: 2025.04.0
 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png
@@ -13,7 +13,7 @@ maintainers:
     url: https://github.com/sol-eng
 dependencies:
   - name: rstudio-library
-    version: 0.1.31
+    version: 0.1.34
     repository: https://helm.rstudio.com
 annotations:
   artifacthub.io/images: |

@@ -1,5 +1,11 @@
 # Changelog
 
+## 0.7.26
+
+- Bump `rstudio-library` chart version to `0.1.34`.
+- Adds a shortcut resource deployment for Chronicle Agent via `chronicleAgent.enabled`. The value is disabled by default
+  and does not affect existing deployments that use `sidecar` or `initContainer` to deploy the Chronicle Agent.
+
 ## 0.7.25
 
 - Bump Connect version to 2025.04.0

@@ -1,6 +1,6 @@
 # Posit Connect
 
-![Version: 0.7.25](https://img.shields.io/badge/Version-0.7.25-informational?style=flat-square) ![AppVersion: 2025.04.0](https://img.shields.io/badge/AppVersion-2025.04.0-informational?style=flat-square)
+![Version: 0.7.26](https://img.shields.io/badge/Version-0.7.26-informational?style=flat-square) ![AppVersion: 2025.04.0](https://img.shields.io/badge/AppVersion-2025.04.0-informational?style=flat-square)
 
 #### _Official Helm chart for Posit Connect_
 
@@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future
 
 ## Installing the chart
 
-To install the chart with the release name `my-release` at version 0.7.25:
+To install the chart with the release name `my-release` at version 0.7.26:
 
 ```{.bash}
 helm repo add rstudio https://helm.rstudio.com
-helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.25
+helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.26
 ```
 
 To explore other chart versions, look at:
@@ -124,6 +124,66 @@ Alternatively, database passwords may be set during `helm install` with the foll
 
 `--set config.Postgres.Password="<YOUR_PASSWORD_HERE>"`
 
+## Chronicle Agent
+
+This chart supports use of a sidecar [Chronicle agent](https://docs.posit.co/chronicle/) to report data to a Chronicle server. The agent can be enabled
+by setting `chronicleAgent.enabled=true`.
+
+By default, the chart will attempt to lookup an existing Chronicle server deployed in the release namespace. The
+searched namespace can be changed setting by `chronicleAgent.serverNamespace`. If a server exists, it will set the
+Chronicle agent's server value to the server's service name and will use an agent version to match the server version.
+This auto-discovery behavior can be disabled by setting `chronicleAgent.autoDiscovery=false`.
+
+To set the server address and/or version manually, set the following values:
+```yaml
+chronicleAgent:
+  enabled: true
+  serverAddress: <server-address>
+  image:
+    tag: <agent-version>
+```
+
+If preferred, the Chronicle agent can be directly defined as a sidecar container using either `initContainers`
+(recommended) or `sidecar` values. Below is an example of directly defining the Chronicle agent as a native sidecar
+container using `initContainers`:
+```yaml
+initContainers:
+  - name: chronicle-agent
+    restartPolicy: Always
+    image: ghcr.io/rstudio/chronicle-agent:<agent-version>
+    env:
+      - name: CHRONICLE_SERVER_ADDRESS
+        value: "http://<address>"
+      - name: CHRONICLE_CONNECT_APIKEY
+        valueFrom:
+          secretKeyRef:
+            name: connect
+            key: apikey
+```
+
+For more information on Chronicle, see the [Chronicle documentation](https://docs.posit.co/chronicle/).
+
+### Chronicle Connect API Key
+
+In order to communicate with Connect, the Chronicle agent must be passed an API key. This can either be done by passing
+a Kubernetes secret (recommended) or by setting the key directly as an environment variable. Below is an example
+of how to set the API key using a secret:
+```yaml
+chronicleAgent:
+  enabled: true
+  connectApiKey:
+    valueFrom:
+      secretKeyRef:
+        name: <secret-name>
+        key: <key-name>
+```
+
+Due to the way Connect manages its API keys, it is currently not possible to provision an API key automatically for the
+Chronicle agent at the time of deployment. To workaround this issue in a fresh deployment, you can initially leave
+the API key unset for the Chronicle agent, deploy the chart, create an administrator API key, and then provision a
+secret with the API key. Once the secret is created, the value of `chronicleAgent.connectApiKey.secretKeyRef`
+can be set and the release can be upgraded to include the new value.
+
 ## General principles
 
 - In most places, we opt to pass Helm values over configmaps. We translate these into the valid `.gcfg` file format
@@ -148,6 +208,22 @@ The Helm `config` values are converted into the `rstudio-connect.gcfg` service c
 |-----|------|---------|-------------|
 | affinity | object | `{}` | A map used verbatim as the pod's "affinity" definition |
 | args | list | `[]` | The pod's run arguments. By default, it uses the container's default |
+| chronicleAgent.agentEnvironment | string | `""` | An environment tag to apply to all metrics reported by this agent    ([reference](https://docs.posit.co/chronicle/appendix/library/advanced-agent.html#environment)) |
+| chronicleAgent.autoDiscovery | bool | `true` | If true, the chart will attempt to lookup the Chronicle Server address and version in the cluster |
+| chronicleAgent.connectApiKey | object | `{"value":"","valueFrom":{}}` | An Administrator permissions API key generated in Connect for the Chronicle agent to use, API keys can only be    created after Connect has been deployed so this value may need to be filled in later if performing an initial    deployment ([reference](https://docs.posit.co/connect/user/api-keys/#api-keys-creating)) |
+| chronicleAgent.connectApiKey.value | string | `""` | Connect API key as a raw string to set as the `CHRONICLE_CONNECT_APIKEY` environment variable (not recommended) |
+| chronicleAgent.connectApiKey.valueFrom | object | `{}` | Connect API key as a `valueFrom` reference (ex. a Kubernetes Secret reference) to set as the    `CHRONICLE_CONNECT_APIKEY` environment variable (recommended) |
+| chronicleAgent.enabled | bool | `false` | Creates a Chronicle agent sidecar container in the pod if true |
+| chronicleAgent.env | list | `[]` | Additional environment variables to set on the Chronicle agent container `env` |
+| chronicleAgent.image.imagePullPolicy | string | `"IfNotPresent"` | The pull policy for the Chronicle agent image |
+| chronicleAgent.image.registry | string | `"ghcr.io"` | The Chronicle agent image registry |
+| chronicleAgent.image.repository | string | `"rstudio/chronicle-agent"` | The Chronicle agent image repository |
+| chronicleAgent.image.sha | string | `""` | The Chronicle agent image digest |
+| chronicleAgent.image.tag | string | `""` | The Chronicle agent image tag, defaults to using the auto-discovered Chronicle server version or is required if    `chronicleAgent.autoDiscovery=false` |
+| chronicleAgent.securityContext | object | `{"privileged":false,"runAsNonRoot":true}` | The container-level security context for the Chronicle agent container |
+| chronicleAgent.serverAddress | string | `""` | Address for the Chronicle server including the protocol (ex. "http://address"), defaults to auto-discovered    Chronicle server in the given namespace or is required if `chronicleAgent.autoDiscovery=false` |
+| chronicleAgent.serverNamespace | string | `""` | Namespace to search for the Chronicle server when `chronicleAgent.autoDiscovery=true`, has no effect if    `chronicleAgent.autoDiscovery=false` |
+| chronicleAgent.volumeMounts | list | `[]` | Verbatim volumeMounts to attach to the Chronicle agent container |
 | command | list | `[]` | The pod's run command. By default, it uses the container's default |
 | config | object | [Posit Connect Configuration Reference](https://docs.posit.co/connect/admin/appendix/off-host/helm-reference/) | A nested map of maps that generates the rstudio-connect.gcfg file |
 | extraObjects | list | `[]` | Extra objects to deploy (value evaluated as a template) |

@@ -64,6 +64,66 @@ Alternatively, database passwords may be set during `helm install` with the foll
 
 `--set config.Postgres.Password="<YOUR_PASSWORD_HERE>"`
 
+## Chronicle Agent
+
+This chart supports use of a sidecar [Chronicle agent](https://docs.posit.co/chronicle/) to report data to a Chronicle server. The agent can be enabled
+by setting `chronicleAgent.enabled=true`.
+
+By default, the chart will attempt to lookup an existing Chronicle server deployed in the release namespace. The
+searched namespace can be changed setting by `chronicleAgent.serverNamespace`. If a server exists, it will set the
+Chronicle agent's server value to the server's service name and will use an agent version to match the server version.
+This auto-discovery behavior can be disabled by setting `chronicleAgent.autoDiscovery=false`.
+
+To set the server address and/or version manually, set the following values:
+```yaml
+chronicleAgent:
+  enabled: true
+  serverAddress: <server-address>
+  image:
+    tag: <agent-version>
+```
+
+If preferred, the Chronicle agent can be directly defined as a sidecar container using either `initContainers`
+(recommended) or `sidecar` values. Below is an example of directly defining the Chronicle agent as a native sidecar
+container using `initContainers`:
+```yaml
+initContainers:
+  - name: chronicle-agent
+    restartPolicy: Always
+    image: ghcr.io/rstudio/chronicle-agent:<agent-version>
+    env:
+      - name: CHRONICLE_SERVER_ADDRESS
+        value: "http://<address>"
+      - name: CHRONICLE_CONNECT_APIKEY
+        valueFrom:
+          secretKeyRef:
+            name: connect
+            key: apikey
+```
+
+For more information on Chronicle, see the [Chronicle documentation](https://docs.posit.co/chronicle/).
+
+### Chronicle Connect API Key
+
+In order to communicate with Connect, the Chronicle agent must be passed an API key. This can either be done by passing
+a Kubernetes secret (recommended) or by setting the key directly as an environment variable. Below is an example
+of how to set the API key using a secret:
+```yaml
+chronicleAgent:
+  enabled: true
+  connectApiKey:
+    valueFrom:
+      secretKeyRef:
+        name: <secret-name>
+        key: <key-name>
+```
+
+Due to the way Connect manages its API keys, it is currently not possible to provision an API key automatically for the
+Chronicle agent at the time of deployment. To workaround this issue in a fresh deployment, you can initially leave
+the API key unset for the Chronicle agent, deploy the chart, create an administrator API key, and then provision a
+secret with the API key. Once the secret is created, the value of `chronicleAgent.connectApiKey.secretKeyRef`
+can be set and the release can be upgraded to include the new value.
+
 ## General principles
 
 - In most places, we opt to pass Helm values over configmaps. We translate these into the valid `.gcfg` file format

@@ -90,9 +90,46 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- if .Values.initContainers }}
+      {{- if or .Values.initContainers .Values.chronicleAgent.enabled }}
       initContainers:
-{{ toYaml .Values.initContainers | indent 8 }}
+      {{- if .Values.chronicleAgent.enabled }}
+      - name: chronicle-agent
+        {{- if .Values.chronicleAgent.image.sha }}
+        image: {{ printf "%s@sha256:%s" (include "rstudio-library.chronicle-agent.image" (dict "chronicleAgent" .Values.chronicleAgent "Release" .Release) | trim) .Values.chronicleAgent.image.sha }}
+        {{- else }}
+        image: {{ include "rstudio-library.chronicle-agent.image" (dict "chronicleAgent" .Values.chronicleAgent "Release" .Release) | trim | quote }}
+        {{- end }}
+        imagePullPolicy: {{ .Values.chronicleAgent.image.imagePullPolicy }}
+        restartPolicy: Always
+        {{- with .Values.chronicleAgent.volumeMounts }}
+        volumeMounts:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+        {{- with .Values.chronicleAgent.securityContext }}
+        securityContext:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+        env:
+          - name: CHRONICLE_SERVER_ADDRESS
+            value: {{ include "rstudio-library.chronicle-agent.serverAddress" (dict "chronicleAgent" .Values.chronicleAgent "Release" .Release) | trim | quote }}
+          - name: CHRONICLE_CONNECT_APIKEY
+            {{- if .Values.chronicleAgent.connectApiKey.valueFrom }}
+            valueFrom:
+{{ toYaml .Values.chronicleAgent.connectApiKey.valueFrom | indent 14 }}
+            {{- else }}
+            value: {{ .Values.chronicleAgent.connectApiKey.value | quote }}
+            {{- end }}
+          {{- with .Values.chronicleAgent.agentEnvironment }}
+          - name: CHRONICLE_AGENT_ENVIRONMENT
+            value: {{ . | quote }}
+          {{- end }}
+          {{- with .Values.chronicleAgent.env }}
+          {{ toYaml . | indent 10 }}
+          {{- end }}
+      {{- end }}
+      {{- with .Values.initContainers }}
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- end }}
       containers:
       - name: connect

@@ -261,6 +261,51 @@ ingress:
   #    hosts:
   #      - chart-example.local
 
+# Settings for the Chronicle Agent sidecar container
+chronicleAgent:
+  # -- Creates a Chronicle agent sidecar container in the pod if true
+  enabled: false
+  # -- Additional environment variables to set on the Chronicle agent container `env`
+  env: []
+  # -- Verbatim volumeMounts to attach to the Chronicle agent container
+  volumeMounts: []
+  # -- The container-level security context for the Chronicle agent container
+  securityContext:
+    privileged: false
+    runAsNonRoot: true
+  image:
+    # -- The Chronicle agent image registry
+    registry: ghcr.io
+    # -- The Chronicle agent image repository
+    repository: rstudio/chronicle-agent
+    # -- The Chronicle agent image tag, defaults to using the auto-discovered Chronicle server version or is required if
+    #    `chronicleAgent.autoDiscovery=false`
+    tag: ""
+    # -- The Chronicle agent image digest
+    sha: ""
+    # -- The pull policy for the Chronicle agent image
+    imagePullPolicy: IfNotPresent
+  # -- If true, the chart will attempt to lookup the Chronicle Server address and version in the cluster
+  autoDiscovery: true
+  # -- Address for the Chronicle server including the protocol (ex. "http://address"), defaults to auto-discovered
+  #    Chronicle server in the given namespace or is required if `chronicleAgent.autoDiscovery=false`
+  serverAddress: ""
+  # -- Namespace to search for the Chronicle server when `chronicleAgent.autoDiscovery=true`, has no effect if
+  #    `chronicleAgent.autoDiscovery=false`
+  serverNamespace: ""
+  # -- An Administrator permissions API key generated in Connect for the Chronicle agent to use, API keys can only be
+  #    created after Connect has been deployed so this value may need to be filled in later if performing an initial
+  #    deployment ([reference](https://docs.posit.co/connect/user/api-keys/#api-keys-creating))
+  connectApiKey:
+    # -- Connect API key as a raw string to set as the `CHRONICLE_CONNECT_APIKEY` environment variable (not recommended)
+    value: ""
+    # -- Connect API key as a `valueFrom` reference (ex. a Kubernetes Secret reference) to set as the
+    #    `CHRONICLE_CONNECT_APIKEY` environment variable (recommended)
+    valueFrom: {}
+  # -- An environment tag to apply to all metrics reported by this agent
+  #    ([reference](https://docs.posit.co/chronicle/appendix/library/advanced-agent.html#environment))
+  agentEnvironment: ""
+
 launcher:
   # -- Whether to enable the launcher
   enabled: false

@@ -1,6 +1,6 @@
 dependencies:
 - name: rstudio-library
   repository: https://helm.rstudio.com
-  version: 0.1.31
-digest: sha256:2a0e98b8fa01730bf2db3816a7310462c921b9fa2f1f3c74f85fedede82e1593
-generated: "2024-11-01T10:20:55.670732-04:00"
+  version: 0.1.34
+digest: sha256:66324c3ca436a3743e6f7c3dd8e159d21fca4fd5072d4d8c2583bfafd8499d70
+generated: "2025-05-20T10:37:32.909079863-06:00"
@@ -1,6 +1,6 @@
 name: rstudio-workbench
 description: Official Helm chart for Posit Workbench
-version: 0.9.1
+version: 0.9.2
 apiVersion: v2
 appVersion: 2025.05.0
 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png
@@ -13,7 +13,7 @@ maintainers:
     url: https://github.com/sol-eng
 dependencies:
   - name: rstudio-library
-    version: 0.1.31
+    version: 0.1.34
     repository: https://helm.rstudio.com
 annotations:
   artifacthub.io/images: |

@@ -1,5 +1,11 @@
 # Changelog
 
+## 0.9.2
+
+- Bump `rstudio-library` chart version to `0.1.34`.
+- Adds a shortcut resource deployment for Chronicle Agent via `chronicleAgent.enabled`. The value is disabled by default
+  and does not affect existing deployments that use `sidecar` or `initContainer` to deploy the Chronicle Agent.
+
 ## 0.9.1
 
 - Bump Workbench version to 2025.05.0