Configuring Posit Package Manager with a GCE Ingress
This example deploys Posit Package Manager with an Ingress using the GKE Ingress Controller to create a GCP Application Load Balancer. This example is provided to show how to set annotations to redirect HTTP traffic to HTTPS and use GCP Certificate Manager if desired.
The GKE Ingress Controller has a variety of settings and modes of operation. Please visit the GCP documentation for more details specific to your use case.
To use this example you will need:
- a license file or key
- a PostgreSQL database
- either
- a
ReadWriteManyPOSIX compliant storage class forsharedStorage - S3
- a
values.yaml
# Using a license file with the helm chart:
# https://github.com/rstudio/helm/tree/main/charts/rstudio-pm#license-file
# If you would like to use a license key see this documentation:
# https://github.com/rstudio/helm/tree/main/charts/rstudio-pm#license-key
license:
file:
secret: posit-licenses # TODO: Change to the secret name in your cluster
secretKey: packagemanager.lic # TODO: Change to the secret key containing your Package Manager license
# Configures Package Manager shared storage
# This should NOT be set if using S3 for storage
# Docs here on using S3 instead: https://github.com/rstudio/helm/tree/main/charts/rstudio-pm#s3-configuration
sharedStorage:
create: true
mount: true
storageClassName: nfs-sc-rwx # TODO: Change to a RWX StorageClass available in your cluster
# volumeName: pm-shared-pv-name # Only needed if PVs have been statically provisioned, in which case this will need to match the PV name.
requests:
storage: 100G
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: gce # TODO: Fill in your desired ingress class for the ingress resource. Note ingress.ingressClassName cannot be used for GKE ingress, it must be supplied as an annotation.
kubernetes.io/ingress.global-static-ip-name: packagemanager-static-ip # TODO: Change to your static IP name
networking.gke.io/managed-certificates: packagemanager-managed-cert # TODO: If you are using GCP Certificate Manager, change this to match your ManagedCertificate name (added in extraObjects below)
networking.gke.io/v1beta1.FrontendConfig: packagemanager-frontend-config # TODO: Change to match the name of the FrontendConfig defined in extraObjects
kubernetes.io/ingress.allow-http: "true" # FrontendConfig defined in extraObjects redirects HTTP to HTTPS with a 301
hosts:
- host: packagemanager.example.com # TODO: Change to your domain
paths:
- "/" # TODO: Change to your desired path
tls: # This section is only required if you are supplying a certificate/key secret.
- secretName: posit-packagemanager-tls # TODO: Change to the name of your secret of type kubernetes.io/tls
hosts:
- packagemanager.example.com # TODO: Change to your domain
extraObjects:
- apiVersion: networking.gke.io/v1beta1
kind: FrontendConfig
metadata:
name: packagemanager-frontend-config
spec:
redirectToHttps:
enabled: true
responseCodeName: MOVED_PERMANENTLY_DEFAULT
- apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
name: packagemanager-managed-cert
spec:
domains:
# TODO: if you want to use GCP managed certificates, change this to your domain, otherwise delete this ManagedCertificate object
# Please note that wildcard domains are NOT allowed
- packagemanager.example.com
config:
Database:
Provider: postgres
Postgres:
URL: "postgres://<USERNAME>@<HOST>:<PORT>/<DATABASE>" # TODO: Change this URI to reach your Postgres database.
Password: "<PASSWORD>" # TODO: Remove this line and instead set the password during helm install with --set config.Postgres.Password=<your-postgres-password>
UsageDataURL: "postgres://<USERNAME>@<HOST>:<PORT>/<DATABASE>" # TODO: Change this URI to reach your Postgres database for metrics. This must be either a seperate database or scheam from the main Package Manager database.
UsageDataPassword: "<PASSWORD>" # TODO: Remove this line and instead set the password during helm install with --set config.Postgres.Password=<your-postgres-password>