Changelog
0.8.3
- Bump version of launcher templates
job.tpl
andservice.tpl
enableServiceLinks
now defaults tofalse
for sessions (instead of not being set). To enable them for sessions, setlauncher.templateValues.enableServiceLinks: true
- Also see related discussion on the Kubernetes project
0.8.2
- Bump Workbench version to 2024.09.0
0.8.1
- Bump Chronicle Agent to version 2024.09.0
0.8.0
- BREAKING: the prometheus endpoint has changed from port
9108
to8989
by default- We are now using an internal prometheus endpoint with new metrics
- As a result, the
graphiteExporter
sidecar has been removed - Some metrics from the
graphiteExporter
will no longer be present - The parent / main “off-switch” for prometheus is at
prometheus.enabled
- To revert to the old exporter, set
prometheus.legacy=true
(and please reach out to let us know why!)
0.7.6
- Bump Workbench version to 2024.04.2
0.7.5
- Add documentation about PostgreSQL database configuration and mounting passwords from secrets as env variables
0.7.4
- Documentation site updates
0.7.3
- Bump Workbench version to 2024.04.0
0.7.2
- Bump Chronicle Agent to version 2024.03.0
0.7.1
- Updates to support standalone documentation site
0.7.0
- BREAKING: The generated service will now have type
ClusterIP
set by default. - Add support for setting the
loadBalancerIP
orclusterIP
. - Ignore
nodePort
settings when the service is not aNodePort
. - Improve the documentation for some service-related settings.
0.6.16
- Update default package manager repo in
config.session.repos.conf
- Remove
--verbose
from args inconfig.server.vscode.conf
- Add instructions for configuring R and Python repos in the README
- Add empty JSON to
rstudio-prefs.json
default - Add documentation for
databricks.conf
- Increase
readinessProbe.initialDelaySeconds
to10
0.6.15
- Add
ttlSecondsAfterFinished
tojob.tpl
for session jobs.
0.6.14
- Add option to set
pod.terminationGracePeriodSeconds
- Add protection for
prestart-launcher.bash
to be OS-agnostic in certificate modification (#453)
0.6.13
- Bump Workbench version to 2023.12.1
0.6.12
- Bump Workbench version to 2023.12.0
0.6.11
- Add licensing section to the README to provide guidance on using a license file, license key or license server.
0.6.10
- Bump rstudio-library to
0.1.27
- Fix an issue with
mountPath
andsubPath
whenlicense.file.mountSubPath
istrue
- Fix an issue with
0.6.9
- Bump Workbench version to 2023.09.1
0.6.8
- Bump Workbench version to 2023.09.0
0.6.7
- Add native session support for
pip.conf
- In order to mount a
pip.conf
file to/etc/pip.conf
on server and sessions, just define the file inconfig.session.pip\\.conf
- In order to mount a
0.6.6
- Bump Workbench version to 2023.06.1
0.6.5
- Add support for
homeStorage.subPath
(and for launcher sessions)
0.6.4
- Add support for serviceAccount labels (
rbac.serviceAccount.labels
)
0.6.3
- Fix support for
pod.env
on sessions
0.6.2
- Add support for Sealed Secrets
0.6.1
- Bump Workbench version to 2023.06.0
0.6.0
- BREAKING: Change default OS / OS prefix to
ubuntu2204-
. Bionic support is EOL as of 2023-04-30- If you want to revert this change, set
session.image.tagPrefix=bionic-
(sessions) andimage.tagPrefix=bionic-
( server)
- If you want to revert this change, set
- BREAKING: change the “home volume mount” for sessions to happen automatically, regardless of whether you define other values in
config.serverDcf.launcher-mounts
- Previously, if you specify anything in
launcher-mounts
, then we did not mount the home volume onto the session - Now, we continue to mount the home volume onto the session, unless:
- You set
session.defaultHomeMount=false
- You have the same (or a parent)
mountPath
defined in an existinglauncher-mounts
volume - You have the same PVC
ClaimName
defined in an existinglauncher-mounts
volume
- You set
- If you mount the volume yourself and want to keep doing so, you can set
session.defaultHomeMount=false
- If you mount the volume yourself and would like to stop doing so, you can now unset the home mount in
launcher-mounts
- Previously, if you specify anything in
- Update documentation and README for a bit more clarity
- Update product to version
2023.03.1
- Allow customizing the
pod.command
associated with sessions for some highly custom startup cases. This should not be necessary in most cases and will be removed at a later date, once the product supports startup customization. Please reach out if you have questions about this functionality! - Add
podDisruptionBudget
values - Add
topologySpreadConstraints
values - Start to utilize the
pod.securityContext
values for podsecurityContext
values
0.5.32
- Add
priorityClassName
to product configuration
0.5.31
- Update documentation to make
.Values.server.profiles
and.Values.profiles.profiles
differences more clear.
0.5.30
- Add
pod.lifecycle
hook
0.5.29
- Update documentation to remove “beta” label and explain production recommendations
0.5.28
- Bump rstudio-library to
0.1.24
- Update RBAC definition to support listing of service accounts
0.5.27
- Bump Workbench version to 2022.12.0
0.5.26
- Add a
prometheusExporter.resources
configuration section for consistency with the Connect chart
0.5.25
- Add
homeStorage.otherArgs
andsharedStorage.otherArgs
for other PVC arguments- This can be useful for arguments like
volumeName
when using a PVC that references a PV
- This can be useful for arguments like
0.5.24
- BREAKING: remove
serviceAccountName
in favor ofrbac.serviceAccount.name
. - Add
prometheusExporter.securityContext
for the ability to configure the sidecarsecurityContext
- Add
revisionHistoryLimit
value for the Workbench deployment- This can be helpful particularly when CI systems such as
ArgoCD
leave replicasets around
- This can be helpful particularly when CI systems such as
0.5.23
0.5.22
- BREAKING: change jupyter path from
/opt/python/3.6.5/bin/jupyter
to/usr/local/bin/jupyter
- This will hopefully not affect your deployment, but it depends on how your image is built
- We have recently changed all of our images to symlink jupyter to
/usr/local/bin/jupyter
- add option and values for
launcher.useTemplates
andlauncher.templateValues
- this mechanism is useful for simplifying session configuration and replaces
job-json-overrides
- both will continue being used for now, but they are incompatible and will generate an error if both are used
- Advanced topics include
launcher.includeDefaultTemplates=false
andlauncher.extraTemplates
- this mechanism is useful for simplifying session configuration and replaces
- bump Workbench version to 2022.07.2-576.pro12
- add a value for
image.tagPrefix
to make choosing operating system for the server image easier. Default isbionic-
0.5.21
- Fix an issue in the startup script to verify that the dir exists
0.5.20
- Fix an issue where chowning fails in the startup script
- This is particularly problematic if ConfigMaps or Secrets are mounted into this directory
- Change appVersion to reflect the new docker image naming convention:
bionic-***
to include the OS in the image name.
0.5.19
- Add a simple mechanism for snapshot testing to make stronger backwards compatibility guarantees
0.5.18
- Add a ServiceMonitor CRD and values to configure
- Add
pod.affinity
value for configuration of pod affinity - Fix issue where hostnames are not routable within kubernetes while load balancing
- Because
hostname
output is not routable between pods, we usewww-host-name=$(hostname -i)
to route by IP address - This fixes a load balancing issue with some hard to understand
asio.netdb
errors
- Because
0.5.17
- Bump rstudio-library chart version
- Relax RBAC for
pod/logs
to remove write-related privileges
0.5.16
- Add the ability to set annotations to the Persistent Volume Claim.
0.5.15
- Bump Workbench to version 2022.02.3-492.pro3
- Fix typo in the README
0.5.14
- Bump Workbench to version 2022.02.2+485.pro2
0.5.13
- Allow specifying
defaultMode
for most/all configMap and secret mounts- this should be backwards compatible. Please let us know if any issues arise
- use cases include adding executable startup scripts, additional services, changing access for files to be more/less secure, changing permissions in accordance with different runAs, runAsGroup config.
0.5.12
- Allow Launcher to Auto Configure Kubernetes variables
- Removes dynamic generation of
launcher.kubernetes.conf
file - Add
launcher.kubernetes.conf
to default values, settingkubernetes-namespace
to the value oflauncher.namespace
- Removes dynamic generation of
- Update
rstudio-library
chart version. Add support for lists in INI file sections.
0.5.11
- Update docs for
job-json-overrides
(fix a key reference issue and link to new docs in the helm repo)
0.5.10
- Fix ingress definition issues with older Kubernetes clusters (##139)
0.5.9
- Upgrade Workbench to version 2022.02.1+461.pro1
0.5.8
0.5.7
- Update
logging.conf
to default to output logs onstderr
0.5.6
- Fix the version update. Our annotations were incorrect.
0.5.5
- Update RStudio Workbench to version 2021.09.2+382.pro1 (the second patch release of 2021.09)
0.5.4
- BUGFIX: address an important issue in RStudio Workbench load balancing
- Ever since 0.5.0, we did not create a
load-balancer
file - This means that even “HA” installations of Workbench would function like independent nodes
- We now touch an empty file and let the nodes report themselves to the database in this case
- Ever since 0.5.0, we did not create a
0.5.3
- Make
startupProbe
,readinessProbe
andlivenessProbe
more configurable (##97)- They still use the
enabled
key to turn on or off - We then remove this key with
omit
, and pass the values verbatim to the template (as YAML)
- They still use the
0.5.2
- Update
rstudio-library
chart version. This adds support forextraObjects
- Add
extraObjects
value. This allows deploying additional resources (with templating) straight from the values file!
0.5.1
- Update
rstudio-library
chart version. This adds a helper for renderingIngress
resources - Create
k8s.networking.io/v1
Ingress
resource wheningress.enabled: true
and Kubernetes version is >=1.19 (##117)
0.5.0
- BREAKING: Bump RStudio version to Ghost Orchid (2021.09.0+351.pro6)
- This version of the chart is no longer compatible (by default) with older versions (1.4 and previous).
- Previous versions of the chart are not compatible (by default) with 2021.09 or later
- If you want to use charts across versions, you will need to change
command
,args
, and some configmaps. - RSP environment variables for user creation, licensing, etc. are now RSW
- BREAKING: Change RStudio Workbench execution model to use supervisord
- BREAKING: Add
vscode.conf
defaults. This enables VS Code sessions, which is dependent on your images having code-server installed at/opt/code-server/
- Create
diagnostics
values (diagnostics.enabled
anddiagnostics.directory
) to control diagnostic output - Add values to
launcher.kubernetesHealthCheck
to control the behavior of the “Kubernetes Health Check” that launcher runs at startup - Enable PAM sessions by default (i.e.
auth-pam-sessions-enabled=1
). This is important for proper home directory creation, for instance. Disable by settingconfig.server.rserver\.conf.auth-pam-sessions-enabled=0
- Add
imagePullSecrets
value option (##57) - Add
config.pam
values option to add pam config files - Add config-maps to configure startup behavior (
config.startupCustom
) - Add a config setting for
sssd
(now in the container by default) (config.userProvisioning
) - Add a “secret” configmap for session components (useful for shared database credentials,
odbc.ini
, etc.) (config.sessionSecret
) - Update README to make
job-json-overrides
, profiles, user provisioning, etc. more clear - Update
rstudio-library
chart dependency- BUGFIX: Address an issue with how
launcher-mounts
was generated incorrectly (##108)
- BUGFIX: Address an issue with how
- Add a
pod.labels
values option (##101) - Modify how supervisord starts sssd with
config.startupUserProvisioning
values option (##110)
0.4.6
- Updated svc.yml to remove hardcoded port 80 and add .Values.service.port in its place. Updated values.yaml to include .Values.service.port (previously missing).
0.4.5
- Update
rstudio-library
chart version. This addspods/exec
privilege to RBAC- This is important for sessions to exit properly
0.4.4
- Added a new parameter
rbac.clusterRoleCreate
tovalues.yaml
to allow for disabling the creation of theClusterRole
that allows for access to the nodes API. This API is used to ensure that all of the IP addresses for nodes are available when reporting the addresses of the node that is running a particular job so that clients can connect to it. This is generally not a needed permission for the Launcher as the internal IP is usually sufficient, so it is disabled by default.
0.4.3
- BUGFIX: The load-balancer sidecar container was not selecting app labels properly. This is now fixed. It could have been causing issues in load-balanced setups
0.4.2
- BUGFIX: session configuration is now mounted to the proper location on session pods
- BUGFIX: Prometheus annotations are now properly defined (they were using the wrong port)
- BUGFIX: The Graphite Exporter regex had a bug that did not handle certain hostnames
- Customizing the graphite exporter “mapping.yaml” is now configurable by defining
.Values.prometheusExporter.mappingYaml
0.4.1
- Update docs
0.4.0
BREAKING:
serviceAccountName
is nowrbac.serviceAccount.name
for consistency with our other chartsBREAKING:
launcher=true
is nowlauncher.enabled = true
andlauncherNamespace
is nowlauncher.namespace
for consistency with our other chartsBreaking: Licensing configuration now uses a
license
section. For example,license: my-key
should be changed tolicense: key: my-key
Added support for floating licenses and license files.
BREAKING: defaults have changed for
config.server.launcher\.kubernetes\.profiles\.conf
.- To avoid the breaking change, add the defaults to your explicitly enumerated values
- See why this happened and an alternative forward-looking pattern below
- The previous defaults:
config: server: launcher.kubernetes.profiles.conf: "*": default-container-image: rstudio/r-session-complete:bionic-1.4.1106-5 container-images: rstudio/r-session-complete:bionic-1.4.1106-5 allow-unknown-images: 1
BREAKING: we now automatically mount session configuration into the session pod
- This adds default
job-json-overrides
using the mechanism above - This can be disabled by setting
session.defaultConfigMount=false
- This is useful for things like
repos.conf
,rsession.conf
(default Connect server, etc.), etc.
- This adds default
Switch to using the
rstudio-library
chart for configuration generation- This enables putting verbatim files in place if that is preferred to values-interpolation (converting values into a config file dynamically by the chart)
- i.e. passing a string to the configuration value will short-circuit configuration generation
config: server: some-config-file: | interpret-verbatim-please
Update appVersion to 1.4.1717-3
Add a new
config.profiles
option for configuring profiles files more naturally.- This will only be used if the
launcher.kubernetes.profiles.conf
key is not inconfig.server
(testing for key duplication is tricky in helm, so we pick the most common key) - Before, we would have something like this in
values.yaml
:
jobJsonOverridesFiles: some.json: "text" other.json: - an - array config: server: launcher.kubernetes.profiles.conf: "*": job-json-overrides: '"some/target:some.json","other/target:other.json"' container-images: "one-image:tag,two-image:tag"
- This will only be used if the
Now, we can do something like the following. A bit more verbose, but much easier to read and understand:
config:
profiles:
launcher.kubernetes.profiles.conf:
"*":
job-json-overrides:
- target: "some/target"
json: "text"
name: some
- target: "other/target"
json:
- an
- array
name: other
container-images:
- "one-image:tag"
- "two-image:tag"
Moreover, job-json-overrides defined under
config.profiles
now have inheritance within the chart. That is,*
job-json-overrides are appended to everyone else’s configuration. Documentation and possible extension of this pattern to container images, etc. to follow.Now hiding the rstudio-workbench container’s configuration files under
/etc/rstudio
as we are mounting them in different directories as defined by theXDG_CONFIG_DIRS
environment variable. This is to prevent confusion that can occur when someone edits/etc/rstudio
configuration files and then sees no changes after reloading the server configuration.When specifying a
server
for floating licensing, the RSW chart will now automatically be configured to setserver-licensing-type=remote
in therserver.conf
configuration file.
0.3.7
- Make
secure-cookie-key
andlauncher.pem
autogeneration static- This means that the auto-generated values will persist across helm upgrades
- It is still safest to define these values yourself
0.3.6
- Fix small reference issue in the prestart.bash script
0.3.5
- Decouple securityContext values from the main RSW container and the sidecar container
0.3.4
- remove “privileged: true”, which is not necessary for rstudio-workbench server or sessions
- Add ingress as an option
- Add annotations to deployment so that the pods roll when config changes
- Switch the “secret” configurations to being an actual Secret
0.3.3
- Bump
load-balancer-manager
again (to2.2
) - Allow customization of load-balancer-manager env vars
0.3.2
- Fix a bug in the
load-balancer-manager
(sidecar
container)- The helm chart (as a result of previous changes) no longer defines an
app
label, but anapp.kubernetes.io/name
label. - update the selector, make error handling better, etc. This requires version 2.0 of the load-balancer-manager
- The helm chart (as a result of previous changes) no longer defines an
0.3.1
- allow
global.secureCookieKey
as an option along withsecureCookieKey
- ensure that no empty
launcher.pub
file is generated by default - default image.tag to Chart.AppVersion
0.3.0
- BREAKING: changed
rstudio
containercommand
andargs
to telltini
how to supervise processes and run a differently named prestart script. Also made/usr/local/bin/startup.sh
script execution a part of theargs
.
0.2.2
- Update Workbench version to 1.4.1106-5
- Update docs
0.2.1
- rename to
rstudio-workbench
corresponding to upcomingrstudio-server-pro
rebranding - fix bug that was creating a test user by default
- add other licensing options (via
server
,file
, andsecret
values)
0.2.0
- Change naming convention
- Fix issues with namespacing
- However, this will damage backwards compatibility, particularly for PVCs if using
sharedStorage.create = true
- If you need to migrate data, set
replicas: 0
, upgrade, and then copy the data to the new PVC - Alternatively, you can set
fullnameOverride: "previous-release-name"
to force backwards compatibility - Finally, deployment selectors have changed, so you will need to delete the current deployment manually, then put back with
helm upgrade --install
- Use
helm diff upgrade
to ensure things are working as you expect before upgrading
0.0.8
- add
jobJsonOverridesFiles
value option
0.0.7
- Made HA functional
0.0.5
- BREAKING: move storage* values to a sharedStorage map
- Add homeStorage
- Add logging.conf
0.0.4
- Add a secret configmap for pem and pub keys
0.0.3
- BREAKING: Restructure the image values object
- Add image.pullPolicy
- Switch to image.repository and image.tag from image
- Allow customizing pod command and args
0.0.2
- Add database.conf and notifications.conf
0.0.1
- Initial pass!