diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index ef47022a3..f0fa51d59 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.7.28 +version: 0.8.0 apiVersion: v2 appVersion: 2025.05.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index f788817b2..ac01f4281 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,5 +1,12 @@ # Changelog +## 0.8.0 + +- BREAKING: Connect now runs in [Off-Host Execution (OHE) mode](https://docs.posit.co/connect/admin/getting-started/off-host-install/) by default. + - `launcher.enabled` now defaults to `true` instead of `false` + - `securityContext` now defaults to `{}` instead of `securityContext.privileged: true` + - If you would like to run Connect not in OHE mode using the previous defaults then set the following in your values.yaml. `launcher.enabled: false` and `securityContext.privileged: true`. + ## 0.7.28 - The `prestart.bash` no longer uses the service account certificate bundle to diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 1b87814c4..0d4dfbcfe 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.7.28](https://img.shields.io/badge/Version-0.7.28-informational?style=flat-square) ![AppVersion: 2025.05.0](https://img.shields.io/badge/AppVersion-2025.05.0-informational?style=flat-square) +![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![AppVersion: 2025.05.0](https://img.shields.io/badge/AppVersion-2025.05.0-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ @@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.28: +To install the chart with the release name `my-release` at version 0.8.0: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.28 +helm upgrade --install my-release rstudio/rstudio-connect --version=0.8.0 ``` To explore other chart versions, look at: @@ -43,6 +43,13 @@ To explore other chart versions, look at: helm search repo rstudio/rstudio-connect -l ``` +## Upgrade guidance + +### 0.8.0 + +- When upgrading to version 0.8.0 or later, Connect now runs in [Off-Host Execution mode](https://docs.posit.co/connect/admin/getting-started/off-host-install/) by default +- If you desire to run Connect not in Off-Host Execution mode, then set `securityContext.privileged: true` and `launcher.enabled: false` + ## Required configuration To function, this chart requires the following: @@ -250,7 +257,7 @@ The Helm `config` values are converted into the `rstudio-connect.gcfg` service c | launcher.defaultInitContainer.securityContext | object | `{}` | The securityContext for the default initContainer | | launcher.defaultInitContainer.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | launcher.defaultInitContainer.tagPrefix | string | `"ubuntu2204-"` | A tag prefix for the Content InitContainer image (common selections: jammy-, ubuntu2204-). Only used if tag is not defined | -| launcher.enabled | bool | `false` | Whether to enable the launcher | +| launcher.enabled | bool | `true` | Whether to enable the launcher | | launcher.extraTemplates | object | `{}` | extra templates to render in the template directory. | | launcher.includeDefaultTemplates | bool | `true` | whether to include the default `job.tpl` and `service.tpl` files included with the chart | | launcher.includeTemplateValues | bool | `true` | whether to include the templateValues rendering process | @@ -301,7 +308,7 @@ The Helm `config` values are converted into the `rstudio-connect.gcfg` service c | readinessProbe | object | `{"enabled":true,"failureThreshold":3,"httpGet":{"path":"/__ping__","port":3939},"initialDelaySeconds":3,"periodSeconds":3,"successThreshold":1,"timeoutSeconds":1}` | Used to configure the container's readinessProbe. Only included if enabled = true | | replicas | int | `1` | The number of replica pods to maintain for this service | | resources | object | `{}` | Defines resources for the rstudio-connect container | -| securityContext | object | `{"privileged":true}` | Values to set the `securityContext` for Connect container. It must include "privileged: true" or "CAP_SYS_ADMIN" when launcher is not enabled. If launcher is enabled, this can be removed with `securityContext: null` | +| securityContext | object | `{}` | Values to set the `securityContext` for the Connect container. It must include "privileged: true" or "CAP_SYS_ADMIN" when launcher is not enabled. If launcher is enabled, this can be removed with `securityContext: {}` | | service.annotations | object | `{}` | Annotations for the service, for example to specify [an internal load balancer](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer) | | service.clusterIP | string | `""` | The cluster-internal IP to use with `service.type` ClusterIP | | service.loadBalancerIP | string | `""` | The external IP to use with `service.type` LoadBalancer, when supported by the cloud provider | diff --git a/charts/rstudio-connect/README.md.gotmpl b/charts/rstudio-connect/README.md.gotmpl index bccb64a3c..7486a5db3 100644 --- a/charts/rstudio-connect/README.md.gotmpl +++ b/charts/rstudio-connect/README.md.gotmpl @@ -8,6 +8,13 @@ {{ template "rstudio.install" . }} +## Upgrade guidance + +### 0.8.0 + +- When upgrading to version 0.8.0 or later, Connect now runs in [Off-Host Execution mode](https://docs.posit.co/connect/admin/getting-started/off-host-install/) by default +- If you desire to run Connect not in Off-Host Execution mode, then set `securityContext.privileged: true` and `launcher.enabled: false` + ## Required configuration To function, this chart requires the following: diff --git a/charts/rstudio-connect/ci/license-file-values.yaml b/charts/rstudio-connect/ci/license-file-values.yaml index 07ed08b38..fca0f5c0a 100644 --- a/charts/rstudio-connect/ci/license-file-values.yaml +++ b/charts/rstudio-connect/ci/license-file-values.yaml @@ -2,3 +2,10 @@ license: file: secret: pct-license secretKey: pct.lic + +# a PVC is required for Connect to run in OHE (now the default) +sharedStorage: + create: true + # normally this should be ReadWriteMany, setting just for CI + accessModes: + - ReadWriteOnce diff --git a/charts/rstudio-connect/values.yaml b/charts/rstudio-connect/values.yaml index 963ea0eae..6b5fa3255 100644 --- a/charts/rstudio-connect/values.yaml +++ b/charts/rstudio-connect/values.yaml @@ -156,10 +156,9 @@ license: # -- secret is an existing secret with a license file in it secret: false -# -- Values to set the `securityContext` for Connect container. It must include "privileged: true" or "CAP_SYS_ADMIN" when -# launcher is not enabled. If launcher is enabled, this can be removed with `securityContext: null` -securityContext: - privileged: true +# -- Values to set the `securityContext` for the Connect container. It must include "privileged: true" or "CAP_SYS_ADMIN" when +# launcher is not enabled. If launcher is enabled, this can be removed with `securityContext: {}` +securityContext: {} prometheus: # -- The parent setting for whether to enable prometheus metrics. Default is to use the built-in product exporter @@ -308,7 +307,7 @@ chronicleAgent: launcher: # -- Whether to enable the launcher - enabled: false + enabled: true # -- The namespace to launch sessions into. Uses the Release namespace by default namespace: "" # -- Optional. The runtime.yaml definition of Kubernetes runtime containers. Defaults to "base", which pulls in the default