Configuring Posit Workbench with additional volumes
This example shows how to mount a ConfigMap to the Workbench pod and a PVC is mounted to session pods. This pattern of specifying the volumes and volumeMounts will work for a variety of volume types: PVC, ConfigMap, etc.
Depending on the need to add additional volumes, you may only need to mount to the Workbench service or session pods but not both. For example, if you need to add TLS certificates for Workbench via a ConfigMap then the session pods do not need the ConfigMap mounted.
To use the example you will need:
- a license file or key
ReadWriteManyPOSIX compliant storage class forhomeStorageandsharedStorage- a PostgreSQL database.
values.yaml
# Using a license file with the helm chart:
# https://github.com/rstudio/helm/tree/main/charts/rstudio-workbench#license-file
# If you would like to use a license key see this documentation:
# https://github.com/rstudio/helm/tree/main/charts/rstudio-workbench#license-key
license:
file:
secret: posit-licenses # TODO: Change to the secret name in your cluster
secretKey: workbench.lic # TODO: Change to the secret key containing your Workbench license
# Configures user home directory shared storage
homeStorage:
create: true
mount: true
storageClassName: nfs-sc-rwx # TODO: Change to a RWX StorageClass available in your cluster
# volumeName: wb-home-pv-name # Only needed if PVs have been statically provisioned, in which case this will need to match the PV name.
requests:
storage: 100G
# Configures Workbench shared storage
sharedStorage:
create: true
mount: true
storageClassName: nfs-sc-rwx # TODO: Change to a RWX StorageClass available in your cluster
# volumeName: wb-shared-pv-name # Only needed if PVs have been statically provisioned, in which case this will need to match the PV name.
requests:
storage: 1G
# This section is used to mount to the Workbench container which is
# often used to add in additional configuration and TLS certificates
# which are not needed in the session containers.
pod:
volumeMounts:
- mountPath: /etc/workbench-certs # TODO: Change to your desired mount path
name: ldap-certificate # TODO: Change to match the volume name below
volumes:
- name: ldap-certificate # TODO: Change to match the volumeMounts name above
# Can be any type of volume... persistentVolumeClaim, configMap, etc.
# Can also provision a PVC, PV, ConfigMap, etc via `extraObjects` if desired
configMap:
name: workbench-ldap-certificate # TODO: Change to match your ConfigMap name
# This section is only needed if you need to mount to the session containers
# which is often the case if you need to mount data for users to access
# in their IDE sessions.
launcher:
useTemplates: true # Required to mount the session pods
templateValues:
pod:
volumeMounts:
- mountPath: /mnt/data # TODO: Change to your desired mount path
name: shared-data # TODO: Ensure matches the name specified in volumes below
volumes:
- name: shared-data # TODO: Ensure matches the name specified in volumeMounts above
# Can be any type of volume... persistentVolumeClaim, configMap, etc.
# Can also provision a PVC or PV via `extraObjects` if desired
persistentVolumeClaim:
claimName: shared-data-pvc # TODO: Change to an available PVC name
config:
secret:
database.conf:
provider: "postgresql"
connection-uri: "postgres://<USERNAME>@<HOST>:<PORT>/<DATABASE>?sslmode=require" # TODO: Change this URI to reach your Postgres database.
password: "<PASSWORD>" # TODO: Remove this line and instead set the password during helm install with --set config.secret.database\.conf.password=<your-postgres-password>.