PCT: Change the Connect default to use OHE #672
Conversation
tnederlof
requested review from
aronatkins,
dbkegley,
christierney and
zackverham
as code owners
|
It looks like the install in CI is failing because there is no PVC. I am not familiar with the testing infrastructure. Is there a way to mock up storage in these tests? It seems this error is reasonable if a customer is trying to setup without sharedStorage. |
|
@jforest In the comment above, is this the part of the testing infra you worked on? |
This is the install testing, yes. This is triggered because the chart requires a pvc when https://github.com/rstudio/helm/blob/main/ci/rstudio-connect/install/license-file-values.yaml is the only set of install testing configs. Each file in that directory will be used for a different install test. These tests are run by the chart testing tool. The lint tests are also run by that tool. Would you like to set up a time to talk through how all the testing is set up? |
This PR changes the Connect chart to run in OHE mode by default instead of the current default (service and content runs in the same pod(s)). I think this default makes more sense as its the way we at Posit advise customers to run Connect in Kubernetes and it is the only Kubernetes configuration documented in the admin guide.
This is also important for customers who have Pod Security Standards or other mechanisms set to disallow privileged execution. The current chart runs with
securityContext.privileged: true, which causes issues for these customers until they know to switch this setting. This PR will eliminate that need.Bumped the minor version and added a section to the README template to make it more prominent the potentially breaking change (for customers who are not running in OHE).
Once this merges, the documentation here can be simplified (don't need to explicitly have folks add
launcher.enabled: true. https://docs.posit.co/connect/admin/getting-started/off-host-install/configure-helm-chart/Closes: #436