Configuring Posit Workbench with an Azure Application Gateway Ingress

This example deploys Posit Workbench with an Ingress using the Azure Application Gateway Ingress Controller to create an Azure Application Gateway load balancer. This example is provided to show how to set annotations to enabled session affinity and to redirect HTTP traffic to HTTPS.

The Azure Application Gateway Ingress Controller has a variety of settings and modes of operation. Please visit the Azure documentation for more details specific to your use case.

To use the example you will need:

  • a license file or key
  • ReadWriteMany POSIX compliant storage class for homeStorage and sharedStorage
  • a PostgreSQL database.
values.yaml
# Using a license file with the helm chart:
# https://github.com/rstudio/helm/tree/main/charts/rstudio-workbench#license-file
# If you would like to use a license key see this documentation:
# https://github.com/rstudio/helm/tree/main/charts/rstudio-workbench#license-key
license:
  file:
    secret: posit-licenses # TODO: Change to the secret name in your cluster
    secretKey: workbench.lic # TODO: Change to the secret key containing your Workbench license

# Configures user home directory shared storage
homeStorage:
  create: true
  mount: true
  storageClassName: nfs-sc-rwx # TODO: Change to a RWX StorageClass available in your cluster
  # volumeName: wb-home-pv-name # Only needed if PVs have been statically provisioned, in which case this will need to match the PV name.
  requests:
    storage: 100G

# Configures Workbench shared storage
sharedStorage:
  create: true
  mount: true
  storageClassName: nfs-sc-rwx # TODO: Change to a RWX StorageClass available in your cluster
  # volumeName: wb-shared-pv-name # Only needed if PVs have been statically provisioned, in which case this will need to match the PV name.
  requests:
    storage: 1G

ingress:
  enabled: true
  ingressClassName: "azure-application-gateway" # TODO: Fill in your desired ingressClassName for the ingress resource. If blank it will use the cluster default.
  annotations:
    appgw.ingress.kubernetes.io/ssl-redirect: "true"
    appgw.ingress.kubernetes.io/request-timeout: "60"
    appgw.ingress.kubernetes.io/cookie-based-affinity: "true"
    appgw.ingress.kubernetes.io/cookie-based-affinity-distinct-name: "true"
  hosts:
    - host: workbench.example.com # TODO: Change to your domain
      paths: 
        - "/" # TODO: Change to your desired path
  tls: # This section is only required if you are manually supplying a certificate/key, it may not be required if you are using cert-manager or another automatic TLS certificate manager.
    - secretName: posit-workbench-tls # TODO: Change to the name of your secret of type kubernetes.io/tls
      hosts:
        - workbench.example.com # TODO: Change to your domain

config:
  secret:
    database.conf:
      provider: "postgresql"
      connection-uri: "postgres://<USERNAME>@<HOST>:<PORT>/<DATABASE>?sslmode=require" # TODO: Change this URI to reach your Postgres database.
      password: "<PASSWORD>" # TODO: Remove this line and instead set the password during helm install with --set config.secret.database\.conf.password=<your-postgres-password>.