Configuring Posit Connect with an AWS ALB Ingress
This example deploys Posit Connect with an Ingress using the AWS Load Balancer Controller to create an Application Load Balancer (ALB).
This example is provided to show how to set annotations to enabled session affinity, redirect HTTP traffic to HTTPS and use AWS Certificate Manager if desired.
The AWS Load Balancer Controller has a variety of settings and modes of operation. Please visit the AWS documentation for more details specific to your use case.
To use this example you will need:
- a license file or key
- a
ReadWriteMany
POSIX compliant storage class forsharedStorage
- a PostgreSQL database.
values.yaml
# Using a license file with the helm chart:
# https://github.com/rstudio/helm/tree/main/charts/rstudio-connect#license-file
# If you would like to use a license key see this documentation:
# https://github.com/rstudio/helm/tree/main/charts/rstudio-connect#license-key
license:
file:
secret: posit-licenses # TODO: Change to the secret name in your cluster
secretKey: connect.lic # TODO: Change to the secret key containing your Connect license
# Configures Connect shared storage
sharedStorage:
create: true
mount: true
storageClassName: nfs-sc-rwx # TODO: Change to a RWX StorageClass available in your cluster
# volumeName: connect-shared-pv-name # Only needed if PVs have been statically provisioned, in which case this will need to match the PV name.
requests:
storage: 100G
ingress:
enabled: true
ingressClassName: "alb" # TODO: Fill in your desired ingressClassName for the ingress resource. If blank it will use the cluster default.
annotations:
alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=86400 # required for session affinity
alb.ingress.kubernetes.io/target-type: ip # target-type: ip is required to work with sticky sessions
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/ssl-redirect: '443'
alb.ingress.kubernetes.io/scheme: internet-facing # internet-facing or internal
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:<REGION>:<AWS_ACCOUNT_ID>:certificate/<CERT_ID> # TODO: If you are using AWS Certificate Manager, enter one or more ARNs
hosts:
- host: connect.example.com # TODO: Change to your domain
paths:
- "/" # TODO: Change to your desired path
tls: # This section is only required if you are supplying a certificate/key secret.
- secretName: posit-connect-tls # TODO: Change to the name of your secret of type kubernetes.io/tls
hosts:
- connect.example.com # TODO: Change to your domain
# The config section overwrites values in Posit Connect's main
# .gcfg configuration file.
config:
# Configures the Postgres connection for Posit Connect.
Database:
Provider: "Postgres"
Postgres:
# The URL syntax below is to utilize a PostgreSQL database installed
# in the cluster as described in the Kubernetes Cluster Preparation
# page of this guide. Change this URL if your PostgreSQL database is
# setup externally or in a different location.
URL: "postgres://connect@postgres.example.com:5432/connect?sslmode=disable"
Password: "<PASSWORD>" # TODO: Remove this line and instead set the password during helm install with --set config.Postgres.Password=<your-postgres-password>.