Merge pull request #23 from rstudio/jon/rsw

Port RSW from sol-eng-helm
rstudio · Aug 6, 2021 · 4446e24 · 4446e24
2 parents 93e5ecf + c37cac3
commit 4446e24
Show file tree

Hide file tree

Showing 32 changed files with 1,623 additions and 6 deletions.
diff --git a/charts/rstudio-workbench/Chart.lock b/charts/rstudio-workbench/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: rstudio-library
+  repository: file://../rstudio-library
+  version: 0.1.13-rc01
+digest: sha256:a730e6eebdb0313c93ffbeabfcee19e785fca64482daf794345d8a59d9a38c67
+generated: "2021-08-03T10:36:57.881257-04:00"
diff --git a/charts/rstudio-workbench/Chart.yaml b/charts/rstudio-workbench/Chart.yaml
@@ -0,0 +1,14 @@
+name: rstudio-workbench
+description: Kubernetes deployment for RStudio Workbench
+version: 0.4.0-rc09
+apiVersion: v2
+appVersion: 1.4.1717-3
+icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png
+maintainers:
+  - name: sol-eng
+    email: [email protected]
+    url: https://github.com/sol-eng
+dependencies:
+  - name: rstudio-library
+    version: 0.1.13-rc01
+    repository: file://../rstudio-library
diff --git a/charts/rstudio-workbench/LICENSE.md b/charts/rstudio-workbench/LICENSE.md
@@ -0,0 +1,21 @@
+# MIT License
+
+Copyright (c) 2021 RStudio PBC
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/charts/rstudio-workbench/Makefile b/charts/rstudio-workbench/Makefile
@@ -0,0 +1,14 @@
+lint:
+	helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/complex-values.yaml .
+	helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/simple-values.yaml .
+	helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/empty-values.yaml .
+	helm lint --strict --set service.name=example --set service.version=0.0.1 -f ./ci/overrides-values.yaml .
+
+template:
+	helm template -f ci/simple-values.yaml .
+
+template-complex:
+	helm template -f ci/complex-values.yaml .
+
+template-debug:
+	helm template -f ci/simple-values.yaml --debug .
diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md
@@ -0,0 +1,184 @@
+# 0.4.0
+
+- Breaking: Licensing configuration now uses a `license` section. For example,
+  `license: my-key` should be changed to
+  ```yaml
+  license:
+    key: my-key
+  ```
+- Added support for floating licenses and license files.
+- BREAKING: defaults have changed for `config.server.launcher\.kubernetes\.profiles\.conf`.
+  - To avoid the breaking change, add the defaults to your explicitly enumerated values
+  - See why this happened and an alternative forward-looking pattern below
+  - The previous defaults:
+```yaml
+config:
+  server:
+    launcher.kubernetes.profiles.conf:
+      "*":
+        default-container-image: rstudio/r-session-complete:bionic-1.4.1106-5
+        container-images: rstudio/r-session-complete:bionic-1.4.1106-5
+        allow-unknown-images: 1
+```  
+
+- BREAKING: we now automatically mount session configuration into the session pod
+  - This adds default `job-json-overrides` using the mechanism above
+  - This can be disabled by setting `session.defaultConfigMount=false`
+  - This is useful for things like `repos.conf`, `rsession.conf` (default Connect server, etc.), etc.
+
+- Switch to using the `rstudio-library` chart for configuration generation
+  - This enables putting verbatim files in place if that is preferred to values-interpolation (converting values into a config file dynamically by the chart)
+  - i.e. passing a string to the configuration value will short-circuit configuration generation
+```yaml
+config:
+  server:
+    some-config-file: |
+      interpret-verbatim-please
+```
+
+- Update appVersion to 1.4.1717-3
+
+- Add a new `config.profiles` option for configuring profiles files more naturally.
+  - This will only be used if the `launcher.kubernetes.profiles.conf` key is not in `config.server` (testing for key
+    duplication is tricky in helm, so we pick the most common key)
+  - Before, we would have something like this in `values.yaml`:
+```yaml
+jobJsonOverridesFiles:
+  some.json:
+    "text"
+  other.json:
+    - an
+    - array
+config:
+  server:
+    launcher.kubernetes.profiles.conf:
+      "*":
+        job-json-overrides: '"some/target:some.json","other/target:other.json"'
+        container-images: "one-image:tag,two-image:tag"
+```
+- Now, we can do something like the following. A bit more verbose, but much easier to read and understand:
+```yaml
+config:
+  profiles:
+    launcher.kubernetes.profiles.conf:
+      "*":
+        job-json-overrides:
+          - target: "some/target"
+            json: "text"
+            name: some
+          - target: "other/target"
+            json: 
+              - an
+              - array
+            name: other
+        container-images:
+          - "one-image:tag"
+          - "two-image:tag"
+```
+
+- Moreover, job-json-overrides defined under `config.profiles` now have inheritance within the chart. That is, `*`
+  job-json-overrides are appended to everyone else's configuration. Documentation and possible extension of this pattern
+  to container images, etc. to follow.
+
+- Now hiding the rstudio-workbench container's configuration files under `/etc/rstudio` as we are mounting
+  them in different directories as defined by the `XDG_CONFIG_DIRS` environment variable. This is to prevent confusion
+  that can occur when someone edits `/etc/rstudio` configuration files and then sees no changes after reloading the
+  server configuration.
+
+- When specifying a `server` for floating licensing, the RSW chart will now automatically be configured to set
+  `server-licensing-type=remote` in the `rserver.conf` configuration file.
+
+# 0.3.7
+
+- Make `secure-cookie-key` and `launcher.pem` autogeneration static
+  - This means that the auto-generated values will persist across helm upgrades
+  - It is still safest to define these values yourself
+
+# 0.3.6
+
+- Fix small reference issue in the prestart.bash script
+
+# 0.3.5
+
+- Decouple securityContext values from the main RSW container and the sidecar container
+
+# 0.3.4
+
+- remove "privileged: true", which is not necessary for rstudio-workbench server or sessions
+- Add ingress as an option
+- Add annotations to deployment so that the pods roll when config changes
+- Switch the "secret" configurations to being an actual Secret
+
+# 0.3.3
+
+- Bump `load-balancer-manager` again (to `2.2`)
+- Allow customization of load-balancer-manager env vars
+
+# 0.3.2
+
+- Fix a bug in the `load-balancer-manager` (`sidecar` container)
+    - The helm chart (as a result of previous changes) no longer defines an `app` label, but an `app.kubernetes.io/name` label. 
+    - update the selector, make error handling better, etc. This requires version 2.0 of the load-balancer-manager
+
+# 0.3.1
+
+- allow `global.secureCookieKey` as an option along with `secureCookieKey`
+- ensure that no empty `launcher.pub` file is generated by default
+- default image.tag to Chart.AppVersion
+
+# 0.3.0
+- BREAKING: changed `rstudio` container `command` and `args` to tell `tini` how to supervise processes and run a differently named prestart script. Also made `/usr/local/bin/startup.sh` script execution a part of the `args`.
+
+# 0.2.2
+
+- Update Workbench version to 1.4.1106-5
+- Update docs
+
+# 0.2.1
+
+- rename to `rstudio-workbench` corresponding to upcoming `rstudio-server-pro` rebranding
+- fix bug that was creating a test user by default
+- add other licensing options (via `server`, `file`, and `secret` values)
+
+# 0.2.0
+
+- Change naming convention
+    - Fix issues with namespacing
+    - However, this will damage backwards compatibility, particularly for PVCs if using `sharedStorage.create = true`
+    - If you need to migrate data, set `replicas: 0`, upgrade, and then copy the data to the new PVC
+    - Alternatively, you can set `fullnameOverride: "previous-release-name"` to force backwards compatibility
+    - Finally, deployment selectors have changed, so you will need to delete the current deployment manually, then put back with `helm upgrade --install`
+    - Use `helm diff upgrade` to ensure things are working as you expect before upgrading
+
+# 0.0.8
+
+- add `jobJsonOverridesFiles` value option
+
+# 0.0.7
+
+- Made HA functional
+
+# 0.0.5
+
+- BREAKING: move storage\* values to a sharedStorage map
+- Add homeStorage
+- Add logging.conf
+
+# 0.0.4
+
+- Add a secret configmap for pem and pub keys
+
+# 0.0.3
+
+- BREAKING: Restructure the image values object
+- Add image.pullPolicy
+- Switch to image.repository and image.tag from image
+- Allow customizing pod command and args
+
+# 0.0.2
+
+- Add database.conf and notifications.conf
+
+# 0.0.1
+
+- Initial pass!
diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md
@@ -33,27 +33,27 @@ This chart requires the following in order to function:
 
 * A license key, license file, or address of a running license server. See the `license` configuration below.
 * A Kubernetes [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that contains the home directory for users.
-  * If `homeStorage.create` is set, a PVC that relies on the default storage class will be created to generate the PersistentVolume. 
-    Most Kubernetes environments do not have a default storage class that you can use with `ReadWriteMany` access mode out-of-the-box. 
-    In this case, we recommend you disable `homeStorage.create` and  create your own `PersistentVolume` and `PersistentVolumeClaim`, then mount them 
+  * If `homeStorage.create` is set, a PVC that relies on the default storage class will be created to generate the PersistentVolume.
+    Most Kubernetes environments do not have a default storage class that you can use with `ReadWriteMany` access mode out-of-the-box.
+    In this case, we recommend you disable `homeStorage.create` and  create your own `PersistentVolume` and `PersistentVolumeClaim`, then mount them
     into the container by specifying the `pod.volumes` and `pod.volumeMounts` parameters.
   * If you cannot use a `PersistentVolume` to properly mount your users' home directories, you'll need to mount your data in the container
     by using a regular [Kubernetes Volume](https://kubernetes.io/docs/concepts/storage/volumes/#nfs), specified in `pod.volumes` and `pod.volumeMounts`.
-  * If you cannot use a `Volume` to mount the directories, you'll need to manually mount them during container startup  with a mechanism similar to what 
+  * If you cannot use a `Volume` to mount the directories, you'll need to manually mount them during container startup  with a mechanism similar to what
     is described below for joining to auth domains.
   * If not using `homeStorage.create`, you'll need to configure `config.serverDcf.launcher-mounts` to ensure that the correct mounts are used when users create new sessions.
 * If using load balancing (by setting `replicas > 1`), you will need similar storage defined for `sharedStorage` to store shared project configuration.
 * A method to join the deployed `rstudio-workbench` container to your auth domain. The default `rstudio/rstudio-server-pro` image does not contain a way to join domains.
   We recommend creating your own Docker image that derives from this base image to provide domain joining that fits your needs. Your image can then use a process supervisor
-  like [supervisord](http://supervisord.org/) to run multiple processes: in the most common case, `rstudio-server`, `rstudio-launcher`, and `sssd`. See 
+  like [supervisord](http://supervisord.org/) to run multiple processes: in the most common case, `rstudio-server`, `rstudio-launcher`, and `sssd`. See
   [here](https://github.com/rstudio/sol-eng-demo-server/tree/main/helper/workbench) for an example of this.
 
 ## Recommended Configuration
 
 In addition to the above required configuration, we recommend setting the following to ensure a reliable deployment:
 
 * Set the `launcherPem` value to ensure that it stays the same between releases.
-  This will ensure that users can continue to properly connect to older sessions even after a redeployment of the chart. See the 
+  This will ensure that users can continue to properly connect to older sessions even after a redeployment of the chart. See the
   [RSW Admin Guide](https://docs.rstudio.com/ide/server-pro/job-launcher.html#authentication) for details on generating the file.
 * Set the `global.secureCookieKey` so that user authentication continues to work between deployments. A valid value can be obtained
   by simply running the `uuid` command.