Run Chronicle on Kubernetes

Posit provides official container images and Helm charts for running Chronicle on Kubernetes. Using them involves two distinct tasks:

  1. Deploying the Chronicle server to the same cluster as the supported professional product(s) using the official Helm chart.

  2. Configuring the supported professional product(s) to run the Chronicle agent as a sidecar container that forwards data to this server.

Add the Helm repository

Terminal
helm repo add rstudio https://helm.rstudio.com
helm repo update

See helm repo for command documentation.

Install Chronicle server on Kubernetes

You can modify the configuration by using a Helm values file.

Customizing Chronicle server

On Kubernetes, a storage backend must be configured for the chart to deploy. Chronicle currently supports writing data to a persistent volume or to AWS S3. By default, local storage is enabled along with a persistent volume claim.

This example configures an AWS EKS cluster using IAM role for service accounts to write data to an AWS S3 bucket and disable the local storage backend:

values.yaml
serviceAccount:
  create: true
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here

persistence:
  enabled: false

config:
  LocalStorage:
    Enabled: false
  S3Storage:
    Enabled: true
    Bucket: <bucket>
    Region: <bucket-region>

The public Helm repository has complete documentation for available settings.

Install Chronicle server

You can install the chart for the Chronicle server:

Terminal
helm upgrade --install chronicle rstudio/posit-chronicle \
    --values values.yaml

See helm upgrade for command documentation.

Run Chronicle agent as a sidecar container

Now that you have installed Chronicle server on your Kubernetes cluster, you can configure the agent.

Chronicle Agent with Posit Connect

You can configure the Chronicle agent to collect metrics from Connect directly in the Posit Connect Helm chart.

You will need a Posit Connect API key with “Administrator” role permissions. We recommend using a Kubernetes Secret to store the Connect API key.

Create the Secret declaratively with YAML or imperatively using the following command:

Terminal
kubectl create secret generic chronicle-connect-api-key --from-literal=api-key=YOURAPIKEY

Here is an example values.yaml file that will try to discover the Chronicle server. By default, the chart will use the agent version that matches the server.

values.yaml
chronicleAgent:
  enabled: true
  connectApiKey:
    valueFrom:
      secretKeyRef:
        # Ensure name and key match the secret you created
        name: chronicle-connect-api-key
        key: api-key

Please see the Posit Connect Helm chart documentation for more configuration parameters.

Chronicle Agent with Posit Workbench

Simiarly, you can configure the Posit Workbench Helm chart to run the Chronicle agent.

In order for the agent to report a complete set of data from Workbench, you will need a Posit Workbench API token with read-only admin privileges. We recommend storing this value as a Kubernetes Secret.

Create the Secret declaratively with YAML or imperatively using the following command:

Terminal
kubectl create secret generic chronicle-workbench-api-token --from-literal=api-token=YOURAPITOKEN

This sample values.yaml file will attempt to discover the Chronicle server.

values.yaml
chronicleAgent:
  enabled: true
  workbenchApiKey:
    valueFrom:
      secretKeyRef:
        # Ensure name and key match the secret you created
        name: chronicle-workbench-api-token
        key: api-token

Please see the Posit Workbench Helm chart documentation for additional parameters.

Back to top