Kubernetes Cluster Preparation
This section will help you configure the pieces needed for your Kubernetes cluster.
The Postgres and NFS installation instructions described below are intended to serve as a reference only.
Before continuing with the steps below, please ensure that your Kubernetes cluster is configured according to your cloud provider’s instructions. For example, your Kubernetes cluster might need to have Container Storage Interface (CSI) drivers and virtual networks configured.
Step 1: Create namespace for Posit Connect
You need a Kubernetes namespace for Posit Connect. We recommend creating a new one called rstudio-connect
or having a cluster administrator create one on your behalf.
This can be accomplished with the following commands:
# Create the new namespace
kubectl create namespace rstudio-connect
# Switch to the new namespace in your current context
kubectl config set-context --current --namespace=rstudio-connect
Step 2: Create a PostgreSQL database
Posit Connect requires connectivity to a PostgreSQL database. As an example, this guide installs a PostgreSQL database in your Kubernetes cluster.
If your existing Connect installation uses a PostgreSQL database or you wish to set up a new PostgreSQL database outside your cluster, you can skip to the next step.
Run the following command to install Postgres in your Kubernetes cluster:
# replace this value with your postgres password
RSC_POSTGRES_PASS="<your-postgres-database-password>"
helm repo add bitnami https://charts.bitnami.com/bitnami
helm upgrade --install rsc-db bitnami/postgresql \
--version 11.6.16 \
--set auth.database="connect" \
--set auth.username="connect" \
--set auth.password="${RSC_POSTGRES_PASS}"
Step 3: Create a Secret
containing a PostgreSQL database password
We recommend storing the PostgreSQL database password as a Secret
and making it available to the container as an environment variable, as shown in the values.yaml
in the next section.
Create the Secret
declaratively with YAML, or imperatively using the following command (replace with your own password):
kubectl create secret generic rstudio-connect-database --from-literal=password=YOURPASSWORDHERE
Step 4: Create a StorageClass
with ReadWriteMany access
Your cluster must have a StorageClass
backed by POSIX-compliant PersistentVolume
storage that supports symlinks and ReadWriteMany
access. This storage class is used by PVC
to either dynamically provision a PersistentVolume
(PV
) or use a static PV
for the Connect data directory.
As an example, this guide creates an NFS backed StorageClass
to be used by PersistentVolumeClaim
created later by the Helm chart.
If you already have an NFS instance that you wish to use, you can skip this section. The External Storage appendix describes how to configure an external NFS instance for use by the Posit Connect Helm chart.
Run the following command to install NFS in your Kubernetes cluster:
helm repo add nfs-ganesha-server-and-external-provisioner https://kubernetes-sigs.github.io/nfs-ganesha-server-and-external-provisioner/
helm upgrade --install rsc-nfs \
\
nfs-ganesha-server-and-external-provisioner/nfs-server-provisioner --version 1.8.0 \
--set persistence.enabled=true \
--set persistence.size="100Gi" \
--set storageClass.name="rsc-nfs" \
--set storageClass.mountOptions={"vers=4"}
Step 5: Validate NFS and Postgres are running
If you are not following the NFS and PostgreSQL examples in step 2 and step 3, you can skip this step.
To check that the NFS and Postgres pods have started successfully, use the command:
kubectl get pods
You should see output like the following:
NAME READY STATUS RESTARTS AGE
rsc-nfs-nfs-server-provisioner-0 1/1 Running 0 65s rsc-db-postgresql-0 1/1 Running 0 69s
If either pod indicates that its status is not Running
after a few minutes, use the describe
command to check for dianostic information about the pod. In the following example, we can see that the NFS pod failed to start because Kubernetes could not pull the container image:
kubectl describe pod rsc-nfs-nfs-server-provisioner-0
Output:
Name: rsc-nfs-nfs-server-provisioner-0
Namespace: rsc-dev
...
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 17s default-scheduler Successfully assigned rsc-dev/rsc-nfs-nfs-server-provisioner-0 to docker-desktop
Warning FailedMount 16s kubelet MountVolume.SetUp failed for volume "rsc-nfs-nfs-server-provisioner-token-2lnb2" : failed to sync secret cache: timed out waiting for the condition
Warning Failed 13s kubelet Failed to pull image "k8s.gcr.io/sig-storage/nfs-provisioner:v0.0.0": rpc error: code = Unknown desc = Error response from daemon: manifest for k8s.gcr.io/sig-storage/nfs-provisioner:v0.0.0 not found: manifest unknown: Failed to fetch "v0.0.0" from request "/v2/sig-storage/nfs-provisioner/manifests/v0.0.0". Warning Failed 13s kubelet Error: ErrImagePull
You can now continue on to Configure Your Helm Chart Values.
Step 6: Create a Secret
containing a license file
We recommend storing a license file as a Secret
and setting the license.file.secret
and license.file.secretKey
values accordingly as shown in the values.yaml
in the next section.
Create the Secret
declaratively with YAML or imperatively using the following command:
kubectl create secret generic rstudio-connect-license --from-file=licenses/rstudio-connect.lic