Kubernetes Cluster Preparation

This section will help you configure the pieces needed for your Kubernetes cluster.

The Postgres and NFS installation instructions described below are intended to serve as a reference only.

Warning

Before continuing with the steps below, please ensure that your Kubernetes cluster is configured according to your cloud provider’s instructions. For example, your Kubernetes cluster might need to have Container Storage Interface (CSI) drivers and virtual networks configured.

Step 1: Create namespace for Posit Connect

You need a Kubernetes namespace for Posit Connect. We recommend creating a new one called rstudio-connect or having a cluster administrator create one on your behalf.

This can be accomplished with the following commands:

# Create the new namespace
kubectl create namespace rstudio-connect

# Switch to the new namespace in your current context
kubectl config set-context --current --namespace=rstudio-connect

Step 2: Create a PostgreSQL database

Posit Connect requires connectivity to a PostgreSQL database. As an example, this guide installs a PostgreSQL database in your Kubernetes cluster.

Note

If your existing Connect installation uses a PostgreSQL database or you wish to set up a new PostgreSQL database outside your cluster, you can skip to the next step.

Run the following command to install Postgres in your Kubernetes cluster:


# replace this value with your postgres password
RSC_POSTGRES_PASS="<your-postgres-database-password>"

helm repo add bitnami https://charts.bitnami.com/bitnami

helm upgrade --install rsc-db bitnami/postgresql \
    --version 11.6.16 \
    --set auth.database="connect" \
    --set auth.username="connect" \
    --set auth.password="${RSC_POSTGRES_PASS}"

Step 3: Create a Secret containing a PostgreSQL database password

We recommend storing the PostgreSQL database password as a Secret and making it available to the container as an environment variable, as shown in the values.yaml in the next section.

Create the Secret declaratively with YAML, or imperatively using the following command (replace with your own password):

kubectl create secret generic rstudio-connect-database --from-literal=password=YOURPASSWORDHERE

Step 4: Create a StorageClass with ReadWriteMany access

Your cluster must have a StorageClass backed by POSIX-compliant PersistentVolume storage that supports symlinks and ReadWriteMany access. This storage class is used by PVC to either dynamically provision a PersistentVolume (PV) or use a static PV for the Connect data directory.

As an example, this guide creates an NFS backed StorageClass to be used by PersistentVolumeClaim created later by the Helm chart.

Note

If you already have an NFS instance that you wish to use, you can skip this section. The External Storage appendix describes how to configure an external NFS instance for use by the Posit Connect Helm chart.

Run the following command to install NFS in your Kubernetes cluster:


helm repo add nfs-ganesha-server-and-external-provisioner https://kubernetes-sigs.github.io/nfs-ganesha-server-and-external-provisioner/

helm upgrade --install rsc-nfs \
    nfs-ganesha-server-and-external-provisioner/nfs-server-provisioner \
    --version 1.8.0 \
    --set persistence.enabled=true \
    --set persistence.size="100Gi" \
    --set storageClass.name="rsc-nfs" \
    --set storageClass.mountOptions={"vers=4"}

Step 5: Validate NFS and Postgres are running

Note

If you are not following the NFS and PostgreSQL examples in step 2 and step 3, you can skip this step.

To check that the NFS and Postgres pods have started successfully, use the command:

kubectl get pods

You should see output like the following:

NAME                                READY   STATUS    RESTARTS   AGE
rsc-nfs-nfs-server-provisioner-0    1/1     Running   0          65s
rsc-db-postgresql-0                 1/1     Running   0          69s

If either pod indicates that its status is not Running after a few minutes, use the describe command to check for dianostic information about the pod. In the following example, we can see that the NFS pod failed to start because Kubernetes could not pull the container image:

kubectl describe pod rsc-nfs-nfs-server-provisioner-0

Output:

Name:           rsc-nfs-nfs-server-provisioner-0
Namespace:      rsc-dev
...
Events:
  Type     Reason          Age               From               Message
  ----     ------          ----              ----               -------
  Normal   Scheduled       17s               default-scheduler  Successfully assigned rsc-dev/rsc-nfs-nfs-server-provisioner-0 to docker-desktop
  Warning  FailedMount     16s               kubelet            MountVolume.SetUp failed for volume "rsc-nfs-nfs-server-provisioner-token-2lnb2" : failed to sync secret cache: timed out waiting for the condition
  Warning  Failed          13s               kubelet            Failed to pull image "k8s.gcr.io/sig-storage/nfs-provisioner:v0.0.0": rpc error: code = Unknown desc = Error response from daemon: manifest for k8s.gcr.io/sig-storage/nfs-provisioner:v0.0.0 not found: manifest unknown: Failed to fetch "v0.0.0" from request "/v2/sig-storage/nfs-provisioner/manifests/v0.0.0".
  Warning  Failed          13s               kubelet            Error: ErrImagePull

You can now continue on to Configure Your Helm Chart Values.

Step 6: Create a Secret containing a license file

We recommend storing a license file as a Secret and setting the license.file.secret and license.file.secretKey values accordingly as shown in the values.yaml in the next section.

Create the Secret declaratively with YAML or imperatively using the following command:

kubectl create secret generic rstudio-connect-license --from-file=licenses/rstudio-connect.lic