Configuring Posit Package Manager with an AWS ALB Ingress

This example deploys Posit Package Manager with an Ingress using the AWS Load Balancer Controller to create an Application Load Balancer (ALB). This example is provided to show how to set annotations to redirect HTTP traffic to HTTPS and use AWS Certificate Manager if desired.

The AWS Load Balancer Controller has a variety of settings and modes of operation. Please visit the AWS documentation for more details specific to your use case.

To use this example you will need:

  • a license file or key
  • a PostgreSQL database
  • either
    • a ReadWriteMany POSIX compliant storage class for sharedStorage
    • S3
values.yaml
# Using a license file with the helm chart:
# https://github.com/rstudio/helm/tree/main/charts/rstudio-pm#license-file
# If you would like to use a license key see this documentation:
# https://github.com/rstudio/helm/tree/main/charts/rstudio-pm#license-key
license:
  file:
    secret: posit-licenses # TODO: Change to the secret name in your cluster
    secretKey: packagemanager.lic # TODO: Change to the secret key containing your Package Manager license

# Configures Package Manager shared storage
# This should NOT be set if using S3 for storage
# Docs here on using S3 instead: https://github.com/rstudio/helm/tree/main/charts/rstudio-pm#s3-configuration
sharedStorage:
  create: true
  mount: true
  storageClassName: nfs-sc-rwx # TODO: Change to a RWX StorageClass available in your cluster
  # volumeName: pm-shared-pv-name # Only needed if PVs have been statically provisioned, in which case this will need to match the PV name.
  requests:
    storage: 100G

ingress:
  enabled: true
  ingressClassName: "alb"  # TODO: Fill in your desired ingressClassName for the ingress resource. If blank it will use the cluster default.
  annotations:
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/ssl-redirect: '443'
    alb.ingress.kubernetes.io/scheme: internet-facing # internet-facing or internal
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:<REGION>:<AWS_ACCOUNT_ID>:certificate/<CERT_ID> # TODO: If you are using AWS Certificate Manager, enter one or more ARNs
  hosts:
    - host: packagemanager.example.com # TODO: Change to your domain
      paths: 
        - "/" # TODO: Change to your desired path
  tls: # This section is only required if you are supplying a certificate/key secret.
    - secretName: posit-packagemanager-tls # TODO: Change to the name of your secret of type kubernetes.io/tls
      hosts:
        - packagemanager.example.com # TODO: Change to your domain

config:
  Database:
    Provider: postgres
  Postgres:
    URL: "postgres://<USERNAME>@<HOST>:<PORT>/<DATABASE>" # TODO: Change this URI to reach your Postgres database.
    Password: "<PASSWORD>" # TODO: Remove this line and instead set the password during helm install with --set config.Postgres.Password=<your-postgres-password>
    UsageDataURL: "postgres://<USERNAME>@<HOST>:<PORT>/<DATABASE>" # TODO: Change this URI to reach your Postgres database for metrics. This must be either a seperate database or scheam from the main Package Manager database.
    UsageDataPassword: "<PASSWORD>" # TODO: Remove this line and instead set the password during helm install with --set config.Postgres.Password=<your-postgres-password>