rstudio
diff --git a/Diff for: ‎charts/rstudio-workbench/Chart.lock
+1 b/Diff for: ‎charts/rstudio-workbench/Chart.lock
+1
diff --git a/Diff for: ‎charts/rstudio-workbench/Chart.yaml
+1-1 b/Diff for: ‎charts/rstudio-workbench/Chart.yaml
+1-1
diff --git a/Diff for: ‎charts/rstudio-workbench/NEWS.md
+2-1 b/Diff for: ‎charts/rstudio-workbench/NEWS.md
+2-1
diff --git a/Diff for: ‎charts/rstudio-workbench/README.md
+10-10 b/Diff for: ‎charts/rstudio-workbench/README.md
+10-10
diff --git a/Diff for: ‎charts/rstudio-workbench/README.md.gotmpl
+3-2 b/Diff for: ‎charts/rstudio-workbench/README.md.gotmpl
+3-2
diff --git a/Diff for: ‎charts/rstudio-workbench/templates/_helpers.tpl
+220 b/Diff for: ‎charts/rstudio-workbench/templates/_helpers.tpl
+220
@@ -4,3 +4,4 @@ dependencies:
   version: 0.1.13-rc01
 digest: sha256:a730e6eebdb0313c93ffbeabfcee19e785fca64482daf794345d8a59d9a38c67
 generated: "2021-08-03T10:36:57.881257-04:00"
+
@@ -1,6 +1,6 @@
 name: rstudio-workbench
 description: Kubernetes deployment for RStudio Workbench
-version: 0.4.0-rc09
+version: 0.4.0-rc11
 apiVersion: v2
 appVersion: 1.4.1717-3
 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png
 
@@ -1,5 +1,7 @@
 # 0.4.0
 
+- BREAKING: `serviceAccountName` is now `rbac.serviceAccount.name` for consistency with our other charts
+- BREAKING: `launcher=true` is now `launcher.enabled = true` and `launcherNamespace` is now `launcher.namespace` for consistency with our other charts
 - Breaking: Licensing configuration now uses a `license` section. For example,
   `license: my-key` should be changed to
   ```yaml
@@ -20,7 +22,6 @@ config:
         container-images: rstudio/r-session-complete:bionic-1.4.1106-5
         allow-unknown-images: 1
 ```  
-
 - BREAKING: we now automatically mount session configuration into the session pod
   - This adds default `job-json-overrides` using the mechanism above
   - This can be disabled by setting `session.defaultConfigMount=false`
 
@@ -2,7 +2,7 @@
 
 Kubernetes deployment for RStudio Workbench
 
-![Version: 0.4.0-rc09](https://img.shields.io/badge/Version-0.4.0--rc09-informational?style=flat-square) ![AppVersion: 1.4.1717-3](https://img.shields.io/badge/AppVersion-1.4.1717--3-informational?style=flat-square)
+![Version: 0.4.0-rc11](https://img.shields.io/badge/Version-0.4.0--rc11-informational?style=flat-square) ![AppVersion: 1.4.1717-3](https://img.shields.io/badge/AppVersion-1.4.1717--3-informational?style=flat-square)
 
 ## Disclaimer
 
@@ -20,11 +20,11 @@ changes, as well as documentation below on how to use the chart
 
 ## Installing the Chart
 
-To install the chart with the release name `my-release` at version 0.4.0-rc09:
+To install the chart with the release name `my-release` at version 0.4.0-rc11:
 
 ```bash
 helm repo add rstudio https://helm.rstudio.com
-helm install my-release rstudio/rstudio-workbench --version=0.4.0-rc09
+helm install my-release rstudio/rstudio-workbench --version=0.4.0-rc11
 ```
 
 ## Required Configuration
@@ -72,8 +72,8 @@ required by RStudio Server Pro. Those config files and their mount locations are
 - The prestart script for RStudio Server is highly customized to:
   - Get the service account information off of the RStudio Server pod for use in launching jobs
   - Generate `launcher.pub` as needed (if `launcher.pem` is provided). If it is not provided,
-  the helm chart will generate it automatically but this information will be lost for subsequent deployments
-  and can cause users to be locked out sessions started by a previous deployment.
+  the helm chart will generate it automatically but this information will be lost for subsequent deployments and
+  can cause users to be locked out sessions started by a previous deployment.
 - RStudio Server Pro does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter
   [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite)
 
@@ -175,16 +175,16 @@ mounting paradigm, you will need to change the `XDG_CONFIG_DIRS` environment var
 | homeStorage.requests.storage | string | `"10Gi"` | the volume of storage to request for this persistent volume claim |
 | homeStorage.storageClassName | bool | `false` | storageClassName - the type of storage to use. Must allow ReadWriteMany |
 | image.imagePullPolicy | string | `"IfNotPresent"` | the imagePullPolicy for the main pod image |
-| image.repository | string | `"rstudio/rstudio-server-pro"` | the repository to use for the main pod image |
+| image.repository | string | `"rstudio/rstudio-workbench"` | the repository to use for the main pod image |
 | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
 | ingress.annotations | object | `{}` |  |
 | ingress.enabled | bool | `false` |  |
 | ingress.hosts | string | `nil` |  |
 | ingress.tls | list | `[]` |  |
 | initContainers | bool | `false` | the initContainer spec that will be used verbatim |
 | jobJsonOverridesFiles | object | `{}` | jobJsonOverridesFiles is a map of maps. Each item in the map will become a file (named by the key), and the underlying object will be converted to JSON as the file's contents |
-| launcher | string | `"true"` | launcher determines whether the launcher should be started in the container |
-| launcherNamespace | bool | `false` | allow customizing the namespace that sessions are launched into. Note RBAC and some config issues today |
+| launcher.enabled | bool | `true` | determines whether the launcher should be started in the container |
+| launcher.namespace | string | `""` | allow customizing the namespace that sessions are launched into. Note RBAC and some config issues today |
 | launcherPem | string | `""` |  |
 | launcherPub | bool | `false` |  |
 | license.file | object | `{"contents":false,"mountPath":"/etc/rstudio-licensing","mountSubPath":false,"secret":false,"secretKey":"license.lic"}` | the file section is used for licensing with a license file |
@@ -214,7 +214,8 @@ mounting paradigm, you will need to change the `XDG_CONFIG_DIRS` environment var
 | prometheusExporter.image.imagePullPolicy | string | `"IfNotPresent"` |  |
 | prometheusExporter.image.repository | string | `"prom/graphite-exporter"` |  |
 | prometheusExporter.image.tag | string | `"v0.9.0"` |  |
-| rbac.create | bool | `true` | rbac.create specifies whether to create the ServiceAccount required for the Job Launcher to have appropriate permissions |
+| rbac.create | bool | `true` | Whether to create rbac. (also depends on launcher.enabled = true) |
+| rbac.serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | The serviceAccount to be associated with rbac (also depends on launcher.enabled = true) |
 | readinessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":3,"periodSeconds":3,"successThreshold":1,"timeoutSeconds":1}` | readinessProbe is used to configure the container's readinessProbe |
 | replicas | int | `1` | replicas is the number of replica pods to maintain for this service. Use 2 or more to enable HA |
 | resources | object | `{"limits":{"cpu":"2000m","enabled":false,"ephemeralStorage":"200Mi","memory":"4Gi"},"requests":{"cpu":"100m","enabled":false,"ephemeralStorage":"100Mi","memory":"2Gi"}}` | resources define requests and limits for the rstudio-server pod |
@@ -223,7 +224,6 @@ mounting paradigm, you will need to change the `XDG_CONFIG_DIRS` environment var
 | service.annotations | object | `{}` | annotations for the service definition |
 | service.nodePort | bool | `false` | the nodePort to use when using service type NodePort. If not defined, Kubernetes will provide one automatically |
 | service.type | string | `"NodePort"` | the service type (i.e. NodePort, LoadBalancer, etc.) |
-| serviceAccountName | bool | `false` | serviceAccountName is the service account used to launch pods into Kubernetes (into launcherNamespace) |
 | session.defaultConfigMount | bool | `true` |  |
 | session.image.repository | string | `"rstudio/r-session-complete"` | The repository to use for the session image |
 | session.image.tag | string | `""` | A tag override for the session image. Overrides the "tagPrefix" above, if set. Default tag is `{{ tagPrefix }}{{ version }}` |
 
@@ -40,6 +40,7 @@ In addition to the above required configuration, we recommend setting the follow
 * Some use-cases may require special PAM profiles to run. By default, no PAM profiles other than the basic `auth` profile will be used to authenticate users.
   If this is not sufficient then you will need to add your PAM profiles into the container (similar to adding `sssd.conf` as specified above).
 
+
 ## General Principles
 
 - In most places, we opt to pass helm values over configmaps. We translate these into the valid `.ini` or `.dcf` file formats
@@ -52,8 +53,8 @@ required by RStudio Server Pro. Those config files and their mount locations are
 - The prestart script for RStudio Server is highly customized to:
   - Get the service account information off of the RStudio Server pod for use in launching jobs
   - Generate `launcher.pub` as needed (if `launcher.pem` is provided). If it is not provided,
-  the helm chart will generate it automatically but this information will be lost for subsequent deployments
-  and can cause users to be locked out sessions started by a previous deployment.
+  the helm chart will generate it automatically but this information will be lost for subsequent deployments and
+  can cause users to be locked out sessions started by a previous deployment.
 - RStudio Server Pro does not export prometheus metrics on its own. Instead, we run a sidecar graphite exporter
   [as described here](https://support.rstudio.com/hc/en-us/articles/360044800273-Monitoring-RStudio-Team-Using-Prometheus-and-Graphite)
 
 
@@ -24,6 +24,226 @@ If release name contains chart name it will be used as a full name.
 {{- end }}
 {{- end }}
 
+{{- define "rstudio-workbench.containers" -}}
+{{- $useLegacyProfiles := hasKey .Values.config.server "launcher.kubernetes.profiles.conf" }}
+containers:
+- name: rstudio
+  {{- $defaultVersion := .Values.versionOverride | default $.Chart.AppVersion }}
+  image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default $defaultVersion }}"
+  env:
+  {{- if .Values.enableDiagnostics }}
+  - name: DIAGNOSTIC_DIR
+    value: "/var/log/rstudio"
+  - name: DIAGNOSTIC_ONLY
+    value: "true"
+  - name: DIAGNOSTIC_ENABLE
+    value: "true"
+  {{- end }}
+  - name: RSTUDIO_LAUNCHER_NAMESPACE
+    value: "{{ $.Release.Namespace }}"
+{{ include "rstudio-library.license-env" (dict "license" ( .Values.license ) "product" ("rstudio-workbench") "envVarPrefix" ("RSW") "fullName" (include "rstudio-workbench.fullname" .)) | indent 2 }}
+  - name: RSP_LAUNCHER
+    value: "{{ .Values.launcher.enabled }}"
+  {{- if .Values.userCreate }}
+  - name: RSP_TESTUSER
+    value: "{{ .Values.userName }}"
+  - name: RSP_TESTUSER_UID
+    value: "{{ .Values.userUid }}"
+  - name: RSP_TESTUSER_PASSWD
+    value: "{{ .Values.userPassword }}"
+  {{- else }}
+  - name: RSP_TESTUSER
+    value: ""
+  {{- end }}
+  - name: XDG_CONFIG_DIRS
+    value: "{{ template "rstudio-workbench.xdg-config-dirs" .}}"
+  {{- if or ( gt (int .Values.replicas) 1 ) ( .Values.loadBalancer.forceEnabled ) }}
+  - name: PRESTART_LOAD_BALANCER_CONFIGURATION
+    value: enabled
+  {{- end }}
+  {{- if .Values.pod.env }}
+{{ toYaml .Values.pod.env | indent 2 }}
+  {{- end }}
+  {{- if .Values.command }}
+  command:
+{{ toYaml .Values.command | indent 4 }}
+ {{- end }}
+  {{- if .Values.args }}
+  args:
+{{ toYaml .Values.args | indent 4 }}
+  {{- end }}
+  imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+  ports:
+  - containerPort: 8787
+  securityContext:
+{{ toYaml .Values.securityContext | indent 4 }}
+  volumeMounts:
+    {{- if .Values.sharedStorage.create }}
+    - name: rstudio-shared-storage
+      mountPath: "{{ .Values.sharedStorage.path }}"
+    {{- end }}
+    {{- if .Values.homeStorage.create }}
+    - name: rstudio-home-storage
+      mountPath: "{{ .Values.homeStorage.path }}"
+    {{- end }}
+    - name: rstudio-prestart
+      mountPath: "/scripts/"
+    - name: rstudio-config
+      mountPath: "/mnt/configmap/rstudio/"
+    - name: rstudio-session-config
+      mountPath: "/mnt/session-configmap/rstudio/"
+    - name: rstudio-secret
+      mountPath: "/mnt/secret-configmap/rstudio/"
+    - name: etc-rstudio
+      mountPath: "/etc/rstudio"
+    - name: shared-data
+      mountPath: "/mnt/load-balancer/rstudio"
+{{ include "rstudio-library.license-mount" (dict "license" ( .Values.license )) | indent 4 }}
+{{/* TODO: path collision problems... would be ideal to not have to maintain both long term */}}
+{{- if .Values.jobJsonOverridesFiles }}
+    - name: rstudio-job-overrides-old
+      mountPath: "/mnt/job-json-overrides"
+{{- end }}
+{{- if not $useLegacyProfiles }}
+    - name: rstudio-job-overrides-new
+      mountPath: "/mnt/job-json-overrides-new"
+{{- end }}
+{{- if .Values.pod.volumeMounts }}
+{{ toYaml .Values.pod.volumeMounts | indent 4 }}
+{{- end }}
+  resources:
+    {{- if .Values.resources.requests.enabled }}
+    requests:
+      memory: "{{ .Values.resources.requests.memory }}"
+      cpu: "{{ .Values.resources.requests.cpu }}"
+      ephemeral-storage: "{{ .Values.resources.requests.ephemeralStorage }}"
+    {{- end }}
+    limits:
+    {{- if .Values.resources.limits.enabled }}
+      memory: "{{ .Values.resources.limits.memory }}"
+      cpu: "{{ .Values.resources.limits.cpu }}"
+      ephemeral-storage: "{{ .Values.resources.limits.ephemeralStorage }}"
+    {{- end }}
+  {{- if .Values.livenessProbe.enabled }}
+  livenessProbe:
+    httpGet:
+      path: /health-check
+      port: 8787
+    initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+    periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+    timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+    failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+  {{- end }}
+  {{- if .Values.startupProbe.enabled }}
+  startupProbe:
+    httpGet:
+      path: /health-check
+      port: 8787
+    initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
+    periodSeconds: {{ .Values.startupProbe.periodSeconds }}
+    timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
+    failureThreshold: {{ .Values.startupProbe.failureThreshold }}
+  {{- end }}
+  {{- if .Values.readinessProbe.enabled }}
+  readinessProbe:
+    httpGet:
+      path: /health-check
+      port: 8787
+    initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+    periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+    timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
+    successThreshold: {{ .Values.readinessProbe.successThreshold }}
+    failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
+  {{- end }}
+{{- if or (gt (int .Values.replicas) 1) (.Values.loadBalancer.forceEnabled) }}
+- name: sidecar
+  image: "{{ .Values.loadBalancer.image.repository }}:{{ .Values.loadBalancer.image.tag }}"
+  imagePullPolicy: "{{ .Values.loadBalancer.image.imagePullPolicy }}"
+  {{- if .Values.loadBalancer.env }}
+  env:
+    {{- toYaml .Values.loadBalancer.env | nindent 2 }}
+  {{- end }}
+  args:
+    - "{{ include "rstudio-workbench.fullname" . }}"
+    - "{{ $.Release.Namespace }}"
+    - "/mnt/load-balancer/rstudio/"
+    - "{{ .Values.loadBalancer.sleepDuration }}"
+    - "{{ .Values.loadBalancer.appLabelKey }}"
+  {{- if .Values.loadBalancer.securityContext }}
+  securityContext:
+    {{- toYaml .Values.loadBalancer.securityContext | nindent 4 }}
+  {{- end }}
+  volumeMounts:
+  - name: shared-data
+    mountPath: "/mnt/load-balancer/rstudio/"
+{{- end }}
+{{- if .Values.prometheusExporter.enabled }}
+- name: exporter
+  image: "{{ .Values.prometheusExporter.image.repository }}:{{ .Values.prometheusExporter.image.tag }}"
+  imagePullPolicy: "{{ .Values.prometheusExporter.image.imagePullPolicy }}"
+  args:
+    - "--graphite.mapping-config=/mnt/graphite/graphite-mapping.yaml"
+  volumeMounts:
+    - name: graphite-exporter-config
+      mountPath: "/mnt/graphite/"
+{{- end }}
+{{- if .Values.pod.sidecar }}
+{{ toYaml .Values.pod.sidecar }}
+{{- end }}
+volumes:
+{{- if .Values.sharedStorage.create }}
+- name: rstudio-shared-storage
+  persistentVolumeClaim:
+    claimName: {{ include "rstudio-workbench.fullname" . }}-shared-storage
+{{- end }}
+{{- if .Values.homeStorage.create }}
+- name: rstudio-home-storage
+  persistentVolumeClaim:
+    claimName: {{ include "rstudio-workbench.fullname" . }}-home-storage
+{{- end }}
+{{- if .Values.jobJsonOverridesFiles }}
+- name: rstudio-job-overrides-old
+  configMap:
+    name: {{ include "rstudio-workbench.fullname" . }}-overrides-old
+    defaultMode: 0644
+{{- end }}
+{{- if not $useLegacyProfiles }}
+- name: rstudio-job-overrides-new
+  configMap:
+    name: {{ include "rstudio-workbench.fullname" . }}-overrides-new
+    defaultMode: 0644
+{{- end }}
+- name: etc-rstudio
+  emptyDir: {}
+- name: shared-data
+  emptyDir: {}
+- name: rstudio-config
+  configMap:
+    name: {{ include "rstudio-workbench.fullname" . }}-config
+    defaultMode: 0644
+- name: rstudio-session-config
+  configMap:
+    name: {{ include "rstudio-workbench.fullname" . }}-session
+    defaultMode: 0644
+- name: rstudio-prestart
+  configMap:
+    name: {{ include "rstudio-workbench.fullname" . }}-prestart
+    defaultMode: 0755
+- name: rstudio-secret
+  secret:
+    secretName: {{ include "rstudio-workbench.fullname" . }}-secret
+    defaultMode: 0600
+{{ include "rstudio-library.license-volume" (dict "license" ( .Values.license ) "fullName" (include "rstudio-workbench.fullname" .)) }}
+{{- if .Values.prometheusExporter.enabled }}
+- name: graphite-exporter-config
+  configMap:
+    name: {{ include "rstudio-workbench.fullname" . }}-graphite
+    defaultMode: 0755
+{{- end }}
+{{- if .Values.pod.volumes }}
+{{ toYaml .Values.pod.volumes }}
+{{- end }}
+{{- end }}
 
 {{/*
 Create chart name and version as used by the chart label.