From 970cfb4511a70d80208b51ca1c3cbfd2268c23ab Mon Sep 17 00:00:00 2001 From: Trevor Nederlof Date: Fri, 16 May 2025 12:52:11 -0400 Subject: [PATCH 1/8] Set OHE as the default mode for the Connect chart --- charts/rstudio-connect/values.yaml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/charts/rstudio-connect/values.yaml b/charts/rstudio-connect/values.yaml index 69ec160ca..f282c6ec2 100644 --- a/charts/rstudio-connect/values.yaml +++ b/charts/rstudio-connect/values.yaml @@ -156,10 +156,9 @@ license: # -- secret is an existing secret with a license file in it secret: false -# -- Values to set the `securityContext` for Connect container. It must include "privileged: true" or "CAP_SYS_ADMIN" when -# launcher is not enabled. If launcher is enabled, this can be removed with `securityContext: null` -securityContext: - privileged: true +# -- Values to set the `securityContext` for the Connect container. It must include "privileged: true" or "CAP_SYS_ADMIN" when +# launcher is not enabled. If launcher is enabled, this can be removed with `securityContext: {}` +securityContext: {} prometheus: # -- The parent setting for whether to enable prometheus metrics. Default is to use the built-in product exporter @@ -263,7 +262,7 @@ ingress: launcher: # -- Whether to enable the launcher - enabled: false + enabled: true # -- The namespace to launch sessions into. Uses the Release namespace by default namespace: "" # -- Optional. The runtime.yaml definition of Kubernetes runtime containers. Defaults to "base", which pulls in the default From b0cb6180526c6509dc4b5fb6b1a04fca027b8980 Mon Sep 17 00:00:00 2001 From: Trevor Nederlof Date: Fri, 16 May 2025 12:52:40 -0400 Subject: [PATCH 2/8] Bump chart minor version and add upgrade guidance --- charts/rstudio-connect/Chart.yaml | 2 +- charts/rstudio-connect/NEWS.md | 6 ++++++ charts/rstudio-connect/README.md.gotmpl | 7 +++++++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index ca9059745..d09a01c5b 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-connect description: Official Helm chart for Posit Connect -version: 0.7.25 +version: 0.8.0 apiVersion: v2 appVersion: 2025.04.0 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index a0d929907..87dcc5fd9 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,5 +1,11 @@ # Changelog +## 0.8.0 + +- BREAKING: Connect now runs in [Off-Host Execution mode](https://docs.posit.co/connect/admin/getting-started/off-host-install/) by default + - `launcher.enabled` now defaults to `true` instead of `false` + - `securityContext` now defaults to `{}` instead of `securityContext.privileged: true` + ## 0.7.25 - Bump Connect version to 2025.04.0 diff --git a/charts/rstudio-connect/README.md.gotmpl b/charts/rstudio-connect/README.md.gotmpl index 0e4d96e4d..79c210a55 100644 --- a/charts/rstudio-connect/README.md.gotmpl +++ b/charts/rstudio-connect/README.md.gotmpl @@ -8,6 +8,13 @@ {{ template "rstudio.install" . }} +## Upgrade guidance + +### 0.8.0 + +- When upgrading to version 0.8.0 or later, Connect now runs in [Off-Host Execution mode](https://docs.posit.co/connect/admin/getting-started/off-host-install/) by default +- If you desire to run Connect not in Off-Host Execution mode, then set `securityContext.privileged: true` and `launcher.enabled: false` + ## Required configuration To function, this chart requires the following: From 4cec41a200e9357bb075b74d4ae0f49d0d6366d8 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Fri, 16 May 2025 17:01:09 +0000 Subject: [PATCH 3/8] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index eac7095bb..22db34c34 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # Posit Connect -![Version: 0.7.25](https://img.shields.io/badge/Version-0.7.25-informational?style=flat-square) ![AppVersion: 2025.04.0](https://img.shields.io/badge/AppVersion-2025.04.0-informational?style=flat-square) +![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![AppVersion: 2025.04.0](https://img.shields.io/badge/AppVersion-2025.04.0-informational?style=flat-square) #### _Official Helm chart for Posit Connect_ @@ -30,11 +30,11 @@ To ensure reproducibility in your environment and insulate yourself from future ## Installing the chart -To install the chart with the release name `my-release` at version 0.7.25: +To install the chart with the release name `my-release` at version 0.8.0: ```{.bash} helm repo add rstudio https://helm.rstudio.com -helm upgrade --install my-release rstudio/rstudio-connect --version=0.7.25 +helm upgrade --install my-release rstudio/rstudio-connect --version=0.8.0 ``` To explore other chart versions, look at: @@ -43,6 +43,13 @@ To explore other chart versions, look at: helm search repo rstudio/rstudio-connect -l ``` +## Upgrade guidance + +### 0.8.0 + +- When upgrading to version 0.8.0 or later, Connect now runs in [Off-Host Execution mode](https://docs.posit.co/connect/admin/getting-started/off-host-install/) by default +- If you desire to run Connect not in Off-Host Execution mode, then set `securityContext.privileged: true` and `launcher.enabled: false` + ## Required configuration To function, this chart requires the following: @@ -174,7 +181,7 @@ The Helm `config` values are converted into the `rstudio-connect.gcfg` service c | launcher.defaultInitContainer.securityContext | object | `{}` | The securityContext for the default initContainer | | launcher.defaultInitContainer.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | launcher.defaultInitContainer.tagPrefix | string | `"ubuntu2204-"` | A tag prefix for the Content InitContainer image (common selections: jammy-, ubuntu2204-). Only used if tag is not defined | -| launcher.enabled | bool | `false` | Whether to enable the launcher | +| launcher.enabled | bool | `true` | Whether to enable the launcher | | launcher.extraTemplates | object | `{}` | extra templates to render in the template directory. | | launcher.includeDefaultTemplates | bool | `true` | whether to include the default `job.tpl` and `service.tpl` files included with the chart | | launcher.includeTemplateValues | bool | `true` | whether to include the templateValues rendering process | @@ -225,7 +232,7 @@ The Helm `config` values are converted into the `rstudio-connect.gcfg` service c | readinessProbe | object | `{"enabled":true,"failureThreshold":3,"httpGet":{"path":"/__ping__","port":3939},"initialDelaySeconds":3,"periodSeconds":3,"successThreshold":1,"timeoutSeconds":1}` | Used to configure the container's readinessProbe. Only included if enabled = true | | replicas | int | `1` | The number of replica pods to maintain for this service | | resources | object | `{}` | Defines resources for the rstudio-connect container | -| securityContext | object | `{"privileged":true}` | Values to set the `securityContext` for Connect container. It must include "privileged: true" or "CAP_SYS_ADMIN" when launcher is not enabled. If launcher is enabled, this can be removed with `securityContext: null` | +| securityContext | object | `{}` | Values to set the `securityContext` for the Connect container. It must include "privileged: true" or "CAP_SYS_ADMIN" when launcher is not enabled. If launcher is enabled, this can be removed with `securityContext: {}` | | service.annotations | object | `{}` | Annotations for the service, for example to specify [an internal load balancer](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer) | | service.clusterIP | string | `""` | The cluster-internal IP to use with `service.type` ClusterIP | | service.loadBalancerIP | string | `""` | The external IP to use with `service.type` LoadBalancer, when supported by the cloud provider | From 66ce2f83c3df805b599bbc9366eba68e0b974762 Mon Sep 17 00:00:00 2001 From: Trevor Nederlof Date: Fri, 16 May 2025 13:40:02 -0400 Subject: [PATCH 4/8] Update NEWS --- charts/rstudio-connect/NEWS.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index 87dcc5fd9..9f74b2bd5 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -2,9 +2,10 @@ ## 0.8.0 -- BREAKING: Connect now runs in [Off-Host Execution mode](https://docs.posit.co/connect/admin/getting-started/off-host-install/) by default +- BREAKING: Connect now runs in [Off-Host Execution (OHE) mode](https://docs.posit.co/connect/admin/getting-started/off-host-install/) by default. - `launcher.enabled` now defaults to `true` instead of `false` - `securityContext` now defaults to `{}` instead of `securityContext.privileged: true` + - If you would like to run Connect not in OHE mode using the previous defaults then set the following in your values.yaml. `launcher.enabled: false` and `securityContext.privileged: true`. ## 0.7.25 From c110c12bee580de202ef394615104b64fc3d2de8 Mon Sep 17 00:00:00 2001 From: Trevor Nederlof Date: Tue, 20 May 2025 13:09:23 -0400 Subject: [PATCH 5/8] Update Connect tests to create a PVC --- ci/rstudio-connect/install/license-file-values.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ci/rstudio-connect/install/license-file-values.yaml b/ci/rstudio-connect/install/license-file-values.yaml index 07ed08b38..711c2bbe6 100644 --- a/ci/rstudio-connect/install/license-file-values.yaml +++ b/ci/rstudio-connect/install/license-file-values.yaml @@ -2,3 +2,7 @@ license: file: secret: pct-license secretKey: pct.lic + +# a PVC is required for Connect to run in OHE (now the default) +sharedStorage: + create: true \ No newline at end of file From 21cbec91a620d6c56a0b0cc8e5582c1f07a51094 Mon Sep 17 00:00:00 2001 From: Trevor Nederlof Date: Tue, 20 May 2025 13:18:36 -0400 Subject: [PATCH 6/8] Adjust Connect CI for PVC --- ci/rstudio-connect/install/license-file-values.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ci/rstudio-connect/install/license-file-values.yaml b/ci/rstudio-connect/install/license-file-values.yaml index 711c2bbe6..8ff7dd21d 100644 --- a/ci/rstudio-connect/install/license-file-values.yaml +++ b/ci/rstudio-connect/install/license-file-values.yaml @@ -5,4 +5,6 @@ license: # a PVC is required for Connect to run in OHE (now the default) sharedStorage: - create: true \ No newline at end of file + create: true + # normally this should be ReadWriteMany, setting just for CI + accessModes: ReadWriteOnce \ No newline at end of file From ec6664c50fb77f63690bd836206c46a8c662e836 Mon Sep 17 00:00:00 2001 From: Trevor Nederlof Date: Tue, 20 May 2025 13:21:23 -0400 Subject: [PATCH 7/8] Modify Connect CI PVC access --- ci/rstudio-connect/install/license-file-values.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ci/rstudio-connect/install/license-file-values.yaml b/ci/rstudio-connect/install/license-file-values.yaml index 8ff7dd21d..7ad9da760 100644 --- a/ci/rstudio-connect/install/license-file-values.yaml +++ b/ci/rstudio-connect/install/license-file-values.yaml @@ -7,4 +7,5 @@ license: sharedStorage: create: true # normally this should be ReadWriteMany, setting just for CI - accessModes: ReadWriteOnce \ No newline at end of file + accessModes: + - ReadWriteOnce \ No newline at end of file From 90ea5d38eeceff80494a162a2f9a56eeaeb75058 Mon Sep 17 00:00:00 2001 From: "Benjamin R. J. Schwedler" Date: Mon, 9 Jun 2025 11:39:33 -0500 Subject: [PATCH 8/8] Fix newline lint failure --- charts/rstudio-connect/ci/license-file-values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/rstudio-connect/ci/license-file-values.yaml b/charts/rstudio-connect/ci/license-file-values.yaml index 7ad9da760..fca0f5c0a 100644 --- a/charts/rstudio-connect/ci/license-file-values.yaml +++ b/charts/rstudio-connect/ci/license-file-values.yaml @@ -8,4 +8,4 @@ sharedStorage: create: true # normally this should be ReadWriteMany, setting just for CI accessModes: - - ReadWriteOnce \ No newline at end of file + - ReadWriteOnce