From f5f8bcf919afc9cf22e8a3dd925ae966ad26ec2a Mon Sep 17 00:00:00 2001 From: karl Date: Tue, 21 Sep 2021 11:07:26 -0500 Subject: [PATCH 1/7] Add new configuration option for the charts to disable creation of the ClusterRole for Launcher RBAC --- charts/rstudio-connect/Chart.yaml | 2 +- charts/rstudio-connect/templates/rbac.yaml | 4 +++- charts/rstudio-connect/values.yaml | 4 ++++ charts/rstudio-launcher-rbac/Chart.yaml | 4 ++-- charts/rstudio-launcher-rbac/templates/rbac.yaml | 2 ++ charts/rstudio-launcher-rbac/values.yaml | 6 ++++++ charts/rstudio-library/Chart.yaml | 4 ++-- charts/rstudio-library/templates/_rbac.tpl | 4 ++++ charts/rstudio-workbench/Chart.yaml | 2 +- charts/rstudio-workbench/templates/rbac.yaml | 4 +++- charts/rstudio-workbench/values.yaml | 4 ++++ 11 files changed, 32 insertions(+), 8 deletions(-) diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index 7b0c9aae..c95649d0 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-connect description: Official Helm chart for RStudio Connect -version: 0.2.1 +version: 0.2.2 apiVersion: v2 appVersion: 1.9.0.1 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-connect/templates/rbac.yaml b/charts/rstudio-connect/templates/rbac.yaml index 3e819b99..7e8d5902 100644 --- a/charts/rstudio-connect/templates/rbac.yaml +++ b/charts/rstudio-connect/templates/rbac.yaml @@ -4,8 +4,10 @@ {{ $serviceAccountName := default .Values.rbac.serviceAccount.name (include "rstudio-connect.fullname" .) }} {{ $serviceAccountCreate := .Values.rbac.serviceAccount.create }} {{ $serviceAccountAnnotations := .Values.rbac.serviceAccount.annotations }} +{{ $clusterRoleCreate := .Values.rbac.clusterRoleCreate }} {{ $rbacValues1 := dict "namespace" $namespace "serviceAccountName" $serviceAccountName "targetNamespace" $targetNamespace }} {{ $rbacValues2 := dict "serviceAccountCreate" $serviceAccountCreate "serviceAccountAnnotations" $serviceAccountAnnotations }} -{{ $rbacValues := merge $rbacValues1 $rbacValues2 }} +{{ $rbacValues3 := dict "clusterRoleCreate" $clusterRoleCreate }} +{{ $rbacValues := merge $rbacValues1 $rbacValues2 $rbacValues3 }} {{ include "rstudio-library.rbac" $rbacValues }} {{- end }} diff --git a/charts/rstudio-connect/values.yaml b/charts/rstudio-connect/values.yaml index 90fa15c4..5ccb467d 100644 --- a/charts/rstudio-connect/values.yaml +++ b/charts/rstudio-connect/values.yaml @@ -32,6 +32,10 @@ rbac: create: true name: "" annotations: {} + # -- Whether to create the ClusterRole that grants access to the Kubernetes nodes API. This is used by the Launcher + # to get all of the IP addresses associated with the node that is running a particular job. In most cases, this can + # be disabled as the node's internal address is sufficient to allow proper functionality. + clusterRoleCreate: false # -- Defines the RStudio Connect image to deploy image: diff --git a/charts/rstudio-launcher-rbac/Chart.yaml b/charts/rstudio-launcher-rbac/Chart.yaml index cbf661e7..1b8edd72 100644 --- a/charts/rstudio-launcher-rbac/Chart.yaml +++ b/charts/rstudio-launcher-rbac/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: rstudio-launcher-rbac description: RBAC definition for the RStudio Job Launcher type: application -version: 0.2.4 -appVersion: 0.2.4 +version: 0.2.5 +appVersion: 0.2.5 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png sources: - https://github.com/rstudio/helm diff --git a/charts/rstudio-launcher-rbac/templates/rbac.yaml b/charts/rstudio-launcher-rbac/templates/rbac.yaml index c498df6e..15b1f3be 100644 --- a/charts/rstudio-launcher-rbac/templates/rbac.yaml +++ b/charts/rstudio-launcher-rbac/templates/rbac.yaml @@ -17,6 +17,7 @@ {{- $roleName := include "rstudio-launcher-rbac.fullname" . }} {{- $serviceAccountCreate := .Values.serviceAccount.create }} {{- $serviceAccountAnnotations := .Values.serviceAccount.annotations }} +{{- $clusterRoleCreate := .Values.clusterRoleCreate }} {{- $rbacValues := dict "namespace" ($namespace) @@ -26,6 +27,7 @@ "serviceAccountAnnotations" ($serviceAccountAnnotations) "removeNamespaceReferences" (.Values.removeNamespaceReferences) "roleName" ($roleName) + "clusterRoleCreate" ($clusterRoleCreate) }} {{/* For code-sharing, we use a shared library chart called "rstudio-library" to generate diff --git a/charts/rstudio-launcher-rbac/values.yaml b/charts/rstudio-launcher-rbac/values.yaml index f7036a29..215ffd92 100644 --- a/charts/rstudio-launcher-rbac/values.yaml +++ b/charts/rstudio-launcher-rbac/values.yaml @@ -12,6 +12,11 @@ nameOverride: "" # -- The override for the "FullName" which defaults to "ReleaseName-ChartName" or "ReleaseName" (if "ReleaseName" contains "ChartName") fullnameOverride: "" +# -- Whether to create the ClusterRole that grants access to the Kubernetes nodes API. This is used by the Launcher +# to get all of the IP addresses associated with the node that is running a particular job. In most cases, this can +# be disabled as the node's internal address is sufficient to allow proper functionality. +clusterRoleCreate: false + serviceAccount: # Specifies whether a service account should be created create: true @@ -20,3 +25,4 @@ serviceAccount: # The name of the service account to use. # If not set, a name is generated using the fullname template name: "" + diff --git a/charts/rstudio-library/Chart.yaml b/charts/rstudio-library/Chart.yaml index 5ee079b3..03d64945 100644 --- a/charts/rstudio-library/Chart.yaml +++ b/charts/rstudio-library/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: rstudio-library description: Helm library helpers for use by Official RStudio charts type: library -version: 0.1.14 -appVersion: 0.1.14 +version: 0.1.15 +appVersion: 0.1.15 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png home: https://www.rstudio.com sources: diff --git a/charts/rstudio-library/templates/_rbac.tpl b/charts/rstudio-library/templates/_rbac.tpl index 7e694f83..02489345 100644 --- a/charts/rstudio-library/templates/_rbac.tpl +++ b/charts/rstudio-library/templates/_rbac.tpl @@ -8,6 +8,7 @@ "removeNamespaceReferences": "whether to remove namespace references" "serviceAccountCreate": "whether to create the service account" "serviceAccountAnnotations": "annotation object for the serviceAccount" + "clusterRoleCreate": "whether or not to create the ClusterRole that allows access to the nodes API" */ -}} {{- define "rstudio-library.rbac" -}} {{- $serviceAccountAnnotations := default (dict) .serviceAccountAnnotations }} @@ -18,6 +19,8 @@ {{- $namespace := default "default" .namespace }} {{- $targetNamespace := default $namespace .targetNamespace }} {{- $allNamespaces := list $targetNamespace }} +{{- $clusterRoleCreate := default false .clusterRoleCreate }} +{{- if $clusterRoleCreate }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -45,6 +48,7 @@ subjects: - kind: ServiceAccount name: {{ $serviceAccountName }} namespace: {{ $namespace }} +{{- end }} {{- if $serviceAccountCreate }} --- apiVersion: v1 diff --git a/charts/rstudio-workbench/Chart.yaml b/charts/rstudio-workbench/Chart.yaml index d1884d59..2e2cfcd2 100644 --- a/charts/rstudio-workbench/Chart.yaml +++ b/charts/rstudio-workbench/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-workbench description: Official Helm chart for RStudio Workbench -version: 0.4.3 +version: 0.4.4 apiVersion: v2 appVersion: 1.4.1717-3 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-workbench/templates/rbac.yaml b/charts/rstudio-workbench/templates/rbac.yaml index a5238275..5f013d31 100644 --- a/charts/rstudio-workbench/templates/rbac.yaml +++ b/charts/rstudio-workbench/templates/rbac.yaml @@ -5,9 +5,11 @@ {{- $serviceAccountCreate := .Values.rbac.create }} {{- $roleName := $serviceAccountName }} {{- $serviceAccountAnnotations := .Values.serviceAccountAnnotations }} +{{- $clusterRoleCreate := .Values.rbac.clusterRoleCreate }} {{- $rbacValues1 := dict "namespace" $namespace "serviceAccountName" $serviceAccountName "targetNamespace" $targetNamespace }} {{- $rbacValues2 := dict "serviceAccountCreate" $.Values.rbac.create "serviceAccountAnnotations" $serviceAccountAnnotations "roleName" ($roleName) }} -{{- $rbacValues := merge $rbacValues1 $rbacValues2 }} +{{- $rbacValues3 := dict "clusterRoleCreate" $clusterRoleCreate }} +{{- $rbacValues := merge $rbacValues1 $rbacValues2 $rbacValues3 }} {{- include "rstudio-library.rbac" $rbacValues }} {{- if ne $namespace $targetNamespace }} {{- /* diff --git a/charts/rstudio-workbench/values.yaml b/charts/rstudio-workbench/values.yaml index 67cb4962..576dc5fa 100644 --- a/charts/rstudio-workbench/values.yaml +++ b/charts/rstudio-workbench/values.yaml @@ -234,6 +234,10 @@ rbac: create: true name: "" annotations: {} + # -- Whether to create the ClusterRole that grants access to the Kubernetes nodes API. This is used by the Launcher + # to get all of the IP addresses associated with the node that is running a particular job. In most cases, this can + # be disabled as the node's internal address is sufficient to allow proper functionality. + clusterRoleCreate: false # -- jobJsonOverridesFiles is a map of maps. Each item in the map will become a file (named by the key), and the underlying object will be converted to JSON as the file's contents jobJsonOverridesFiles: {} From 5a832c444995b15ab4409178dc2459b07c784fc7 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 21 Sep 2021 16:07:47 +0000 Subject: [PATCH 2/7] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 7 ++++--- charts/rstudio-launcher-rbac/README.md | 7 ++++--- charts/rstudio-library/README.md | 2 +- charts/rstudio-workbench/README.md | 7 ++++--- 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index b929e10b..9def6119 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -1,6 +1,6 @@ # RStudio Connect -![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square) ![AppVersion: 1.9.0.1](https://img.shields.io/badge/AppVersion-1.9.0.1-informational?style=flat-square) +![Version: 0.2.2](https://img.shields.io/badge/Version-0.2.2-informational?style=flat-square) ![AppVersion: 1.9.0.1](https://img.shields.io/badge/AppVersion-1.9.0.1-informational?style=flat-square) #### _Official Helm chart for RStudio Connect_ @@ -23,11 +23,11 @@ As a result, please: ## Installing the Chart -To install the chart with the release name `my-release` at version 0.2.1: +To install the chart with the release name `my-release` at version 0.2.2: ```bash helm repo add rstudio https://helm.rstudio.com -helm install my-release rstudio/rstudio-connect --version=0.2.1 +helm install my-release rstudio/rstudio-connect --version=0.2.2 ``` ## Required Configuration @@ -105,6 +105,7 @@ The Helm `config` values are converted into the `rstudio-connect.gcfg` service c | prometheusExporter.image.imagePullPolicy | string | `"IfNotPresent"` | | | prometheusExporter.image.repository | string | `"prom/graphite-exporter"` | | | prometheusExporter.image.tag | string | `"v0.9.0"` | | +| rbac.clusterRoleCreate | bool | `false` | Whether to create the ClusterRole that grants access to the Kubernetes nodes API. This is used by the Launcher to get all of the IP addresses associated with the node that is running a particular job. In most cases, this can be disabled as the node's internal address is sufficient to allow proper functionality. | | rbac.create | bool | `true` | Whether to create rbac. (also depends on launcher.enabled = true) | | rbac.serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | The serviceAccount to be associated with rbac (also depends on launcher.enabled = true) | | readinessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":3,"periodSeconds":3,"successThreshold":1,"timeoutSeconds":1}` | Used to configure the container's readinessProbe | diff --git a/charts/rstudio-launcher-rbac/README.md b/charts/rstudio-launcher-rbac/README.md index 137ddc63..7c8f8f40 100644 --- a/charts/rstudio-launcher-rbac/README.md +++ b/charts/rstudio-launcher-rbac/README.md @@ -1,6 +1,6 @@ # rstudio-launcher-rbac -![Version: 0.2.4](https://img.shields.io/badge/Version-0.2.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.4](https://img.shields.io/badge/AppVersion-0.2.4-informational?style=flat-square) +![Version: 0.2.5](https://img.shields.io/badge/Version-0.2.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.5](https://img.shields.io/badge/AppVersion-0.2.5-informational?style=flat-square) #### _RBAC definition for the RStudio Job Launcher_ @@ -20,11 +20,11 @@ As a result, please: ## Installing the Chart -To install the chart with the release name `my-release` at version 0.2.4: +To install the chart with the release name `my-release` at version 0.2.5: ```bash helm repo add rstudio https://helm.rstudio.com -helm install my-release rstudio/rstudio-launcher-rbac --version=0.2.4 +helm install my-release rstudio/rstudio-launcher-rbac --version=0.2.5 ``` ## Common Usage @@ -43,6 +43,7 @@ helm template -n rstudio rstudio-launcher-rbac rstudio/rstudio-launcher-rbac | Key | Type | Default | Description | |-----|------|---------|-------------| +| clusterRoleCreate | bool | `false` | Whether to create the ClusterRole that grants access to the Kubernetes nodes API. This is used by the Launcher to get all of the IP addresses associated with the node that is running a particular job. In most cases, this can be disabled as the node's internal address is sufficient to allow proper functionality. | | fullnameOverride | string | `""` | The override for the "FullName" which defaults to "ReleaseName-ChartName" or "ReleaseName" (if "ReleaseName" contains "ChartName") | | includeReleaseNamespace | bool | `true` | Whether the helm release namespace should be a possible launcher target | | nameOverride | string | `""` | The override for "ChartName" in the "FullName" which defaults to "ReleaseName-ChartName" or "ReleaseName" (if "ReleaseName" contains "ChartName") | diff --git a/charts/rstudio-library/README.md b/charts/rstudio-library/README.md index 5582421a..79aa0448 100644 --- a/charts/rstudio-library/README.md +++ b/charts/rstudio-library/README.md @@ -1,6 +1,6 @@ # rstudio-library -![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: 0.1.14](https://img.shields.io/badge/AppVersion-0.1.14-informational?style=flat-square) +![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: 0.1.15](https://img.shields.io/badge/AppVersion-0.1.15-informational?style=flat-square) #### _Helm library helpers for use by Official RStudio charts_ diff --git a/charts/rstudio-workbench/README.md b/charts/rstudio-workbench/README.md index f2ce8cbe..0f1dd08a 100644 --- a/charts/rstudio-workbench/README.md +++ b/charts/rstudio-workbench/README.md @@ -1,6 +1,6 @@ # RStudio Workbench -![Version: 0.4.3](https://img.shields.io/badge/Version-0.4.3-informational?style=flat-square) ![AppVersion: 1.4.1717-3](https://img.shields.io/badge/AppVersion-1.4.1717--3-informational?style=flat-square) +![Version: 0.4.4](https://img.shields.io/badge/Version-0.4.4-informational?style=flat-square) ![AppVersion: 1.4.1717-3](https://img.shields.io/badge/AppVersion-1.4.1717--3-informational?style=flat-square) #### _Official Helm chart for RStudio Workbench_ @@ -23,11 +23,11 @@ As a result, please: ## Installing the Chart -To install the chart with the release name `my-release` at version 0.4.3: +To install the chart with the release name `my-release` at version 0.4.4: ```bash helm repo add rstudio https://helm.rstudio.com -helm install my-release rstudio/rstudio-workbench --version=0.4.3 +helm install my-release rstudio/rstudio-workbench --version=0.4.4 ``` ## Required Configuration @@ -219,6 +219,7 @@ mounting paradigm, you will need to change the `XDG_CONFIG_DIRS` environment var | prometheusExporter.image.repository | string | `"prom/graphite-exporter"` | | | prometheusExporter.image.tag | string | `"v0.9.0"` | | | prometheusExporter.mappingYaml | string | `nil` | Yaml that defines the graphite exporter mapping. null by default, which uses the embedded / default mapping yaml file | +| rbac.clusterRoleCreate | bool | `false` | Whether to create the ClusterRole that grants access to the Kubernetes nodes API. This is used by the Launcher to get all of the IP addresses associated with the node that is running a particular job. In most cases, this can be disabled as the node's internal address is sufficient to allow proper functionality. | | rbac.create | bool | `true` | Whether to create rbac. (also depends on launcher.enabled = true) | | rbac.serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | The serviceAccount to be associated with rbac (also depends on launcher.enabled = true) | | readinessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":3,"periodSeconds":3,"successThreshold":1,"timeoutSeconds":1}` | readinessProbe is used to configure the container's readinessProbe | From 8bf1c9f1f23949a95f55a3f15440078c3c5952b4 Mon Sep 17 00:00:00 2001 From: karl Date: Tue, 21 Sep 2021 15:40:22 -0500 Subject: [PATCH 3/7] Update dependency version for rstudio-library chart --- charts/rstudio-connect/Chart.yaml | 2 +- charts/rstudio-launcher-rbac/Chart.yaml | 2 +- charts/rstudio-pm/Chart.yaml | 2 +- charts/rstudio-workbench/Chart.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/rstudio-connect/Chart.yaml b/charts/rstudio-connect/Chart.yaml index c95649d0..6ef845b2 100644 --- a/charts/rstudio-connect/Chart.yaml +++ b/charts/rstudio-connect/Chart.yaml @@ -14,7 +14,7 @@ maintainers: url: https://github.com/sol-eng dependencies: - name: rstudio-library - version: 0.1.14 + version: 0.1.15 repository: file://../rstudio-library annotations: artifacthub.io/images: | diff --git a/charts/rstudio-launcher-rbac/Chart.yaml b/charts/rstudio-launcher-rbac/Chart.yaml index 1b8edd72..aae4aded 100644 --- a/charts/rstudio-launcher-rbac/Chart.yaml +++ b/charts/rstudio-launcher-rbac/Chart.yaml @@ -13,7 +13,7 @@ maintainers: url: https://github.com/sol-eng dependencies: - name: rstudio-library - version: 0.1.14 + version: 0.1.15 repository: file://../rstudio-library keywords: - "data science" diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index c011b574..4910719a 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -14,7 +14,7 @@ maintainers: url: https://github.com/rstudio/helm dependencies: - name: rstudio-library - version: 0.1.14 + version: 0.1.15 repository: file://../rstudio-library annotations: artifacthub.io/images: | diff --git a/charts/rstudio-workbench/Chart.yaml b/charts/rstudio-workbench/Chart.yaml index 2e2cfcd2..35c480f5 100644 --- a/charts/rstudio-workbench/Chart.yaml +++ b/charts/rstudio-workbench/Chart.yaml @@ -13,7 +13,7 @@ maintainers: url: https://github.com/sol-eng dependencies: - name: rstudio-library - version: 0.1.14 + version: 0.1.15 repository: file://../rstudio-library annotations: artifacthub.io/images: | From 332ddff8ccbd9bd3ecaa957b90f5adbbf6ebb368 Mon Sep 17 00:00:00 2001 From: karl Date: Tue, 21 Sep 2021 15:43:52 -0500 Subject: [PATCH 4/7] Update chart lock files --- charts/rstudio-connect/Chart.lock | 6 +++--- charts/rstudio-launcher-rbac/Chart.lock | 6 +++--- charts/rstudio-pm/Chart.lock | 6 +++--- charts/rstudio-workbench/Chart.lock | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/charts/rstudio-connect/Chart.lock b/charts/rstudio-connect/Chart.lock index 3e7b5ddb..bde081d6 100644 --- a/charts/rstudio-connect/Chart.lock +++ b/charts/rstudio-connect/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: rstudio-library repository: file://../rstudio-library - version: 0.1.14 -digest: sha256:6a1279da28329efcf0d122fdd66bf063940a9133a9c4ab1fafc8f0345e1787d5 -generated: "2021-08-18T11:56:33.292946-04:00" + version: 0.1.15 +digest: sha256:b3c5cbc4bdacc6bb80b907eb50ec360640bdd5ff97efb22a3f91f8dfe4af8bbc +generated: "2021-09-21T15:43:19.314825873-05:00" diff --git a/charts/rstudio-launcher-rbac/Chart.lock b/charts/rstudio-launcher-rbac/Chart.lock index 2decb8e7..311d06da 100644 --- a/charts/rstudio-launcher-rbac/Chart.lock +++ b/charts/rstudio-launcher-rbac/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: rstudio-library repository: file://../rstudio-library - version: 0.1.14 -digest: sha256:6a1279da28329efcf0d122fdd66bf063940a9133a9c4ab1fafc8f0345e1787d5 -generated: "2021-08-18T11:57:41.714512-04:00" + version: 0.1.15 +digest: sha256:b3c5cbc4bdacc6bb80b907eb50ec360640bdd5ff97efb22a3f91f8dfe4af8bbc +generated: "2021-09-21T15:43:28.698327508-05:00" diff --git a/charts/rstudio-pm/Chart.lock b/charts/rstudio-pm/Chart.lock index 1eff3b20..c1bc126f 100644 --- a/charts/rstudio-pm/Chart.lock +++ b/charts/rstudio-pm/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: rstudio-library repository: file://../rstudio-library - version: 0.1.14 -digest: sha256:6a1279da28329efcf0d122fdd66bf063940a9133a9c4ab1fafc8f0345e1787d5 -generated: "2021-08-18T11:57:27.773175-04:00" + version: 0.1.15 +digest: sha256:b3c5cbc4bdacc6bb80b907eb50ec360640bdd5ff97efb22a3f91f8dfe4af8bbc +generated: "2021-09-21T15:43:37.239256936-05:00" diff --git a/charts/rstudio-workbench/Chart.lock b/charts/rstudio-workbench/Chart.lock index 0309cfdf..3e6b34bd 100644 --- a/charts/rstudio-workbench/Chart.lock +++ b/charts/rstudio-workbench/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: rstudio-library repository: file://../rstudio-library - version: 0.1.14 -digest: sha256:6a1279da28329efcf0d122fdd66bf063940a9133a9c4ab1fafc8f0345e1787d5 -generated: "2021-08-18T11:56:13.750958-04:00" + version: 0.1.15 +digest: sha256:b3c5cbc4bdacc6bb80b907eb50ec360640bdd5ff97efb22a3f91f8dfe4af8bbc +generated: "2021-09-21T15:43:10.930036774-05:00" From fa24986f366cdf45fd5aff45fac3356e42af90a7 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 21 Sep 2021 20:45:04 +0000 Subject: [PATCH 5/7] Update rbac yaml --- .../rbac/rstudio-launcher-rbac-0.2.5.yaml | 74 +++++++++++++++++++ examples/rbac/rstudio-launcher-rbac.yaml | 29 -------- 2 files changed, 74 insertions(+), 29 deletions(-) create mode 100644 examples/rbac/rstudio-launcher-rbac-0.2.5.yaml diff --git a/examples/rbac/rstudio-launcher-rbac-0.2.5.yaml b/examples/rbac/rstudio-launcher-rbac-0.2.5.yaml new file mode 100644 index 00000000..0f5b85e6 --- /dev/null +++ b/examples/rbac/rstudio-launcher-rbac-0.2.5.yaml @@ -0,0 +1,74 @@ +--- +# Source: rstudio-launcher-rbac/templates/rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rstudio-launcher-rbac +--- +# Source: rstudio-launcher-rbac/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: rstudio-launcher-rbac +rules: + - apiGroups: + - "" + resources: + - "pods" + - "pods/log" + - "pods/attach" + verbs: + - "get" + - "create" + - "update" + - "patch" + - "watch" + - "list" + - "delete" + - apiGroups: + - "" + resources: + - "events" + verbs: + - "watch" + - apiGroups: + - "" + resources: + - "services" + verbs: + - "create" + - "get" + - "watch" + - "list" + - "delete" + - apiGroups: + - "batch" + resources: + - "jobs" + verbs: + - "create" + - "update" + - "patch" + - "get" + - "watch" + - "list" + - "delete" + - apiGroups: + - "metrics.k8s.io" + resources: + - "pods" + verbs: + - "get" +--- +# Source: rstudio-launcher-rbac/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: rstudio-launcher-rbac +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rstudio-launcher-rbac +subjects: + - kind: ServiceAccount + name: rstudio-launcher-rbac diff --git a/examples/rbac/rstudio-launcher-rbac.yaml b/examples/rbac/rstudio-launcher-rbac.yaml index fa340c91..0f5b85e6 100644 --- a/examples/rbac/rstudio-launcher-rbac.yaml +++ b/examples/rbac/rstudio-launcher-rbac.yaml @@ -7,35 +7,6 @@ metadata: --- # Source: rstudio-launcher-rbac/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: rstudio-launcher-rbac -rules: - - apiGroups: - - "" - resources: - - "nodes" - verbs: - - "get" - - "list" - - "watch" ---- -# Source: rstudio-launcher-rbac/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: rstudio-launcher-rbac -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: rstudio-launcher-rbac -subjects: - - kind: ServiceAccount - name: rstudio-launcher-rbac - namespace: rstudio ---- -# Source: rstudio-launcher-rbac/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: rstudio-launcher-rbac From f7dae24a4736cc635d1f828de25c5dd00e9cbb96 Mon Sep 17 00:00:00 2001 From: karl Date: Wed, 22 Sep 2021 10:05:32 -0500 Subject: [PATCH 6/7] Add NEWS entries and fix lint errors --- charts/rstudio-connect/NEWS.md | 8 ++++++++ charts/rstudio-connect/values.yaml | 8 ++++---- charts/rstudio-launcher-rbac/NEWS.md | 8 ++++++++ charts/rstudio-launcher-rbac/values.yaml | 1 - charts/rstudio-library/NEWS.md | 12 ++++++++++++ charts/rstudio-pm/Chart.yaml | 2 +- charts/rstudio-pm/NEWS.md | 4 ++++ charts/rstudio-workbench/NEWS.md | 8 ++++++++ 8 files changed, 45 insertions(+), 6 deletions(-) diff --git a/charts/rstudio-connect/NEWS.md b/charts/rstudio-connect/NEWS.md index f8eb2039..1a315fed 100644 --- a/charts/rstudio-connect/NEWS.md +++ b/charts/rstudio-connect/NEWS.md @@ -1,3 +1,11 @@ +# 0.2.2 + +- Added a new parameter `rbac.clusterRoleCreate` to `values.yaml` to allow for disabling the creation of the + `ClusterRole` that allows for access to the nodes API. This API is used to ensure that all of the IP addresses + for nodes are available when reporting the addresses of the node that is running a particular job so that + clients can connect to it. This is generally not a needed permission for the Launcher as the internal IP is + usually sufficient, so it is disabled by default. + # 0.2.1 - Update docs diff --git a/charts/rstudio-connect/values.yaml b/charts/rstudio-connect/values.yaml index 5ccb467d..0f506f2a 100644 --- a/charts/rstudio-connect/values.yaml +++ b/charts/rstudio-connect/values.yaml @@ -27,15 +27,15 @@ sharedStorage: rbac: # -- Whether to create rbac. (also depends on launcher.enabled = true) create: true + # -- Whether to create the ClusterRole that grants access to the Kubernetes nodes API. This is used by the Launcher + # to get all of the IP addresses associated with the node that is running a particular job. In most cases, this can + # be disabled as the node's internal address is sufficient to allow proper functionality. + clusterRoleCreate: false # -- The serviceAccount to be associated with rbac (also depends on launcher.enabled = true) serviceAccount: create: true name: "" annotations: {} - # -- Whether to create the ClusterRole that grants access to the Kubernetes nodes API. This is used by the Launcher - # to get all of the IP addresses associated with the node that is running a particular job. In most cases, this can - # be disabled as the node's internal address is sufficient to allow proper functionality. - clusterRoleCreate: false # -- Defines the RStudio Connect image to deploy image: diff --git a/charts/rstudio-launcher-rbac/NEWS.md b/charts/rstudio-launcher-rbac/NEWS.md index bfbaa102..4d4e13d2 100644 --- a/charts/rstudio-launcher-rbac/NEWS.md +++ b/charts/rstudio-launcher-rbac/NEWS.md @@ -1,3 +1,11 @@ +# 0.2.5 + +- Added a new parameter `clusterRoleCreate` to `values.yaml` to allow for disabling the creation of the + `ClusterRole` that allows for access to the nodes API. This API is used to ensure that all of the IP addresses + for nodes are available when reporting the addresses of the node that is running a particular job so that + clients can connect to it. This is generally not a needed permission for the Launcher as the internal IP is + usually sufficient, so it is disabled by default. + # 0.1.2 - Specify namespace in ClusterRoleBinding always (it is required) diff --git a/charts/rstudio-launcher-rbac/values.yaml b/charts/rstudio-launcher-rbac/values.yaml index 215ffd92..43dec850 100644 --- a/charts/rstudio-launcher-rbac/values.yaml +++ b/charts/rstudio-launcher-rbac/values.yaml @@ -25,4 +25,3 @@ serviceAccount: # The name of the service account to use. # If not set, a name is generated using the fullname template name: "" - diff --git a/charts/rstudio-library/NEWS.md b/charts/rstudio-library/NEWS.md index e86e3840..95b81120 100644 --- a/charts/rstudio-library/NEWS.md +++ b/charts/rstudio-library/NEWS.md @@ -1,3 +1,15 @@ +# 0.1.15 + +- Added a new parameter `clusterRoleCreate` to `rstudio-library.rbac` to allow for disabling the creation of the + `ClusterRole` that allows for access to the nodes API. This API is used to ensure that all of the IP addresses + for nodes are available when reporting the addresses of the node that is running a particular job so that + clients can connect to it. This is generally not a needed permission for the Launcher as the internal IP is + usually sufficient, so it is disabled by default. + +# 0.1.12 - 0.1.14 + +- Various descriptive changes to prepare for official release to the public + # 0.1.11 - Fix whitespace issue in `.ini` for arrays diff --git a/charts/rstudio-pm/Chart.yaml b/charts/rstudio-pm/Chart.yaml index 4910719a..a93c4c52 100644 --- a/charts/rstudio-pm/Chart.yaml +++ b/charts/rstudio-pm/Chart.yaml @@ -1,6 +1,6 @@ name: rstudio-pm description: Official Helm chart for RStudio Package Manager -version: 0.2.1 +version: 0.2.2 apiVersion: v2 appVersion: 1.2.2.1-17 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png diff --git a/charts/rstudio-pm/NEWS.md b/charts/rstudio-pm/NEWS.md index 8ac91283..3a31b28f 100644 --- a/charts/rstudio-pm/NEWS.md +++ b/charts/rstudio-pm/NEWS.md @@ -1,3 +1,7 @@ +# 0.2.2 + +- Update `rstudio-library` dependency + # 0.2.1 - Update docs diff --git a/charts/rstudio-workbench/NEWS.md b/charts/rstudio-workbench/NEWS.md index 557c1a06..5199c91f 100644 --- a/charts/rstudio-workbench/NEWS.md +++ b/charts/rstudio-workbench/NEWS.md @@ -1,3 +1,11 @@ +# 0.4.4 + +- Added a new parameter `rbac.clusterRoleCreate` to `values.yaml` to allow for disabling the creation of the + `ClusterRole` that allows for access to the nodes API. This API is used to ensure that all of the IP addresses + for nodes are available when reporting the addresses of the node that is running a particular job so that + clients can connect to it. This is generally not a needed permission for the Launcher as the internal IP is + usually sufficient, so it is disabled by default. + # 0.4.3 - BUGFIX: The load-balancer sidecar container was not selecting app labels properly. This is now fixed. It could have been causing issues in load-balanced setups From 52c6570f513f272e23f4cc6644c7d332792691b9 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 22 Sep 2021 15:05:56 +0000 Subject: [PATCH 7/7] Update helm-docs and README.md --- charts/rstudio-connect/README.md | 2 +- charts/rstudio-pm/README.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/rstudio-connect/README.md b/charts/rstudio-connect/README.md index 9def6119..ad73b4dd 100644 --- a/charts/rstudio-connect/README.md +++ b/charts/rstudio-connect/README.md @@ -105,7 +105,7 @@ The Helm `config` values are converted into the `rstudio-connect.gcfg` service c | prometheusExporter.image.imagePullPolicy | string | `"IfNotPresent"` | | | prometheusExporter.image.repository | string | `"prom/graphite-exporter"` | | | prometheusExporter.image.tag | string | `"v0.9.0"` | | -| rbac.clusterRoleCreate | bool | `false` | Whether to create the ClusterRole that grants access to the Kubernetes nodes API. This is used by the Launcher to get all of the IP addresses associated with the node that is running a particular job. In most cases, this can be disabled as the node's internal address is sufficient to allow proper functionality. | +| rbac.clusterRoleCreate | bool | `false` | Whether to create the ClusterRole that grants access to the Kubernetes nodes API. This is used by the Launcher to get all of the IP addresses associated with the node that is running a particular job. In most cases, this can be disabled as the node's internal address is sufficient to allow proper functionality. | | rbac.create | bool | `true` | Whether to create rbac. (also depends on launcher.enabled = true) | | rbac.serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | The serviceAccount to be associated with rbac (also depends on launcher.enabled = true) | | readinessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":3,"periodSeconds":3,"successThreshold":1,"timeoutSeconds":1}` | Used to configure the container's readinessProbe | diff --git a/charts/rstudio-pm/README.md b/charts/rstudio-pm/README.md index 5d4582e1..923e2f04 100644 --- a/charts/rstudio-pm/README.md +++ b/charts/rstudio-pm/README.md @@ -1,6 +1,6 @@ # RStudio Package Manager -![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square) ![AppVersion: 1.2.2.1-17](https://img.shields.io/badge/AppVersion-1.2.2.1--17-informational?style=flat-square) +![Version: 0.2.2](https://img.shields.io/badge/Version-0.2.2-informational?style=flat-square) ![AppVersion: 1.2.2.1-17](https://img.shields.io/badge/AppVersion-1.2.2.1--17-informational?style=flat-square) #### _Official Helm chart for RStudio Package Manager_ @@ -23,11 +23,11 @@ As a result, please: ## Installing the Chart -To install the chart with the release name `my-release` at version 0.2.1: +To install the chart with the release name `my-release` at version 0.2.2: ```bash helm repo add rstudio https://helm.rstudio.com -helm install my-release rstudio/rstudio-pm --version=0.2.1 +helm install my-release rstudio/rstudio-pm --version=0.2.2 ``` ## Required Configuration