update chronicle chart with review feedback

rstudio · Nov 27, 2023 · 8fb7bab · 8fb7bab
1 parent 18064b2
commit 8fb7bab
Show file tree

Hide file tree

Showing 8 changed files with 128 additions and 107 deletions.
diff --git a/charts/posit-chronicle/Chart.yaml b/charts/posit-chronicle/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: posit-chronicle
 description: Official Helm chart for Posit Chronicle Server
 version: 0.1.0
-appVersion: 2023.11.0
+appVersion: 2023.11.2
 icon: https://rstudio.com/wp-content/uploads/2018/10/RStudio-Logo-Flat.png
 home: https://www.posit.co
 sources:

diff --git a/charts/posit-chronicle/README.md b/charts/posit-chronicle/README.md
@@ -1,8 +1,8 @@
 # Posit Chronicle
 
-![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: 2023.11.0](https://img.shields.io/badge/AppVersion-2023.11.0-informational?style=flat-square)
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: 2023.11.2](https://img.shields.io/badge/AppVersion-2023.11.2-informational?style=flat-square)
 
-#### _Helm chart for the Chronicle Server_
+#### _Official Helm chart for Posit Chronicle Server_
 
 Chronicle helps data science managers and other stakeholders understand their
 organization's use of other Posit products, primarily Posit Connect and
@@ -48,7 +48,7 @@ Here is an example of Helm values to run the agent sidecar in Workbench:
 pod:
   sidecar:
     - name: chronicle-agent
-      image: posit-chronicle:latest
+      image: posit-chronicle:2023.11.2
       volumeMounts:
       - name: CHRONICLE_PRODUCT_CLUSTER_ID
         value: "posit-cluster-1"
@@ -66,7 +66,7 @@ API key from a Kubernetes Secret is used to unlock more detailed metrics:
 pod:
   sidecar:
     - name: chronicle-agent
-      image: posit-chronicle:latest
+      image: posit-chronicle:2023.11.2
       env:
       - name: CHRONICLE_PRODUCT_CLUSTER_ID
         value: "posit-cluster-1"
@@ -92,10 +92,10 @@ access and analyze the data within your cluster:
 
 ```yaml
 config:
-  localStorage:
-    enabled: true
-    location: "/chronicle-data"
-    retentionPeriod: "30d"
+  LocalStorage:
+    Enabled: true
+    Location: "/chronicle-data"
+    RetentionPeriod: "30d"
 ```
 
 `retentionPeriod` controls how long usage data are kept. For example, `"120m"`
@@ -108,13 +108,15 @@ storage:
 
 ```yaml
 config:
-  s3Storage:
-    enabled: true
-    bucket: "posit-chronicle"
-    region: "us-east-2"
+  S3Storage:
+    Enabled: true
+    Bucket: "posit-chronicle"
+    Region: "us-east-2"
 ```
 
-If you are running on EKS, we strongly suggest using [IAM Roles for Service
+### Using Iam for S3
+
+If you are running on EKS, you can use [IAM Roles for Service
 Accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html)
 to manage the credentials needed to access S3. In this scenario, once you have
 [created an IAM
@@ -134,36 +136,44 @@ the S3 storage config allows specifying a profile:
 
 ```yaml
 config:
-  s3Storage:
-    enabled: true
-    bucket: "posit-chronicle"
-    profile: "my-aws-account"
-    region: "us-east-2"
+  S3Storage:
+    Enabled: true
+    Bucket: "posit-chronicle"
+    Profile: "my-aws-account"
+    Region: "us-east-2"
 ```
 
+### Needed S3 Policy Permissions
+
+The credentials Chronicle uses for S3 storage must have the following permissions enabled:
+- `s3:GetObject`
+- `s3:ListBucket`
+- `s3:PutObject`
+- `s3:DeleteObject`
+
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| config.https.certificate | string | `""` |  |
-| config.https.enabled | bool | `false` |  |
-| config.https.key | string | `""` |  |
-| config.localStorage.enabled | bool | `true` |  |
-| config.localStorage.location | string | `"./chronicle-data"` |  |
-| config.localStorage.retentionPeriod | string | `"30d"` |  |
-| config.logging.serviceLog | string | `"STDOUT"` |  |
-| config.logging.serviceLogFormat | string | `"TEXT"` |  |
-| config.logging.serviceLogLevel | string | `"INFO"` |  |
-| config.metrics.enabled | bool | `true` |  |
-| config.profiling.enabled | bool | `false` |  |
-| config.s3Storage.bucket | string | `"posit-chronicle"` |  |
-| config.s3Storage.enabled | bool | `false` |  |
-| config.s3Storage.prefix | string | `""` |  |
-| config.s3Storage.profile | string | `""` |  |
-| config.s3Storage.region | string | `"us-east-2"` |  |
+| config.HTTPS.Certificate | string | `""` |  |
+| config.HTTPS.Enabled | bool | `false` |  |
+| config.HTTPS.Key | string | `""` |  |
+| config.LocalStorage.Enabled | bool | `true` |  |
+| config.LocalStorage.Location | string | `"./chronicle-data"` |  |
+| config.LocalStorage.RetentionPeriod | string | `"30d"` |  |
+| config.Logging.ServiceLog | string | `"STDOUT"` |  |
+| config.Logging.ServiceLogFormat | string | `"TEXT"` |  |
+| config.Logging.ServiceLogLevel | string | `"INFO"` |  |
+| config.Metrics.Enabled | bool | `true` |  |
+| config.Profiling.Enabled | bool | `false` |  |
+| config.S3Storage.Bucket | string | `"posit-chronicle"` |  |
+| config.S3Storage.Enabled | bool | `false` |  |
+| config.S3Storage.Prefix | string | `""` |  |
+| config.S3Storage.Profile | string | `""` |  |
+| config.S3Storage.Region | string | `"us-east-2"` |  |
 | image.imagePullPolicy | string | `"Always"` |  |
 | image.repository | string | `"ghcr.io/rstudio/chronicle"` |  |
-| image.tag | string | `"latest"` |  |
+| image.tag | string | `"2023.11.2"` |  |
 | pod.affinity | object | `{}` | A map used verbatim as the pod's "affinity" definition |
 | pod.annotations | object | `{}` | Additional annotations to add to the chronicle-server pods |
 | pod.args[0] | string | `"start"` |  |
@@ -186,5 +196,5 @@ config:
 | storage.persistentVolumeSize | string | `"1Gi"` |  |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0)
+Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3)
 
diff --git a/charts/posit-chronicle/README.md.gotmpl b/charts/posit-chronicle/README.md.gotmpl
@@ -16,13 +16,13 @@ will need to run the Chronicle agent as a sidecar container on all of your
 Workbench or Connect server pods by setting `pod.sidecar` in their respective
 `values.yaml` files.
 
-Here are some example Helm values to run the agent sidecar in Workbench:
+Here is an example of Helm values to run the agent sidecar in Workbench:
 
 ```yaml
 pod:
   sidecar:
     - name: chronicle-agent
-      image: posit-chronicle:latest
+      image: posit-chronicle:2023.11.2
       volumeMounts:
       - name: CHRONICLE_PRODUCT_CLUSTER_ID
         value: "posit-cluster-1"
@@ -33,14 +33,14 @@ pod:
         value: "http://chronicle-server.default.svc.cluster.local"
 ```
 
-And here are some example Helm values for Connect, where we also pass a Connect
-API key from a Kubernetes Secret to unlock more detailed metrics:
+And here is an example of Helm values for Connect, where a Connect
+API key from a Kubernetes Secret is used to unlock more detailed metrics:
 
 ```yaml
 pod:
   sidecar:
     - name: chronicle-agent
-      image: posit-chronicle:latest
+      image: posit-chronicle:2023.11.2
       env:
       - name: CHRONICLE_PRODUCT_CLUSTER_ID
         value: "posit-cluster-1"
@@ -61,15 +61,15 @@ Connect API key.
 Chronicle can be configured to persist data to a local Kubernetes volume, AWS
 S3, or both.
 
-The default configuration uses a local volume, which is suitable if you'd like to 
+The default configuration uses a local volume, which is suitable if you'd like to
 access and analyze the data within your cluster:
 
 ```yaml
 config:
-  localStorage:
-    enabled: true
-    location: "/chronicle-data"
-    retentionPeriod: "30d"
+  LocalStorage:
+    Enabled: true
+    Location: "/chronicle-data"
+    RetentionPeriod: "30d"
 ```
 
 `retentionPeriod` controls how long usage data are kept. For example, `"120m"`
@@ -82,13 +82,15 @@ storage:
 
 ```yaml
 config:
-  s3Storage:
-    enabled: true
-    bucket: "posit-chronicle"
-    region: "us-east-2"
+  S3Storage:
+    Enabled: true
+    Bucket: "posit-chronicle"
+    Region: "us-east-2"
 ```
 
-If you are running on EKS, we strongly suggest using [IAM Roles for Service
+### Using Iam for S3
+
+If you are running on EKS, you can use [IAM Roles for Service
 Accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html)
 to manage the credentials needed to access S3. In this scenario, once you have
 [created an IAM
@@ -108,13 +110,21 @@ the S3 storage config allows specifying a profile:
 
 ```yaml
 config:
-  s3Storage:
-    enabled: true
-    bucket: "posit-chronicle"
-    profile: "my-aws-account"
-    region: "us-east-2"
+  S3Storage:
+    Enabled: true
+    Bucket: "posit-chronicle"
+    Profile: "my-aws-account"
+    Region: "us-east-2"
 ```
 
+
+### Needed S3 Policy Permissions
+The credentials Chronicle uses for S3 storage must have the following permissions enabled:
+- `s3:GetObject`
+- `s3:ListBucket`
+- `s3:PutObject`
+- `s3:DeleteObject`
+
 {{ template "chart.valuesSection" . }}
 
 {{ template "helm-docs.versionFooter" . }}
diff --git a/charts/posit-chronicle/templates/_helpers.tpl b/charts/posit-chronicle/templates/_helpers.tpl
@@ -8,9 +8,9 @@ Generate annotations for  various resources
 {{- range $key,$value := $.Values.pod.annotations -}}
 {{ $key }}: {{ $value | quote }}
 {{ end }}
-{{- if .Values.config.metrics.enabled }}
+{{- if .Values.config.Metrics.Enabled }}
 prometheus.io/scrape: "true"
-{{- if .Values.config.https.enabled }}
+{{- if .Values.config.HTTPS.Enabled }}
 prometheus.io/port: "443"
 {{- else}}
 prometheus.io/port: "5252"

diff --git a/charts/posit-chronicle/templates/configmap.yaml b/charts/posit-chronicle/templates/configmap.yaml
@@ -7,38 +7,38 @@ data:
   server: |
 
     # switch between http and https
-    {{- if .Values.config.https.enabled }}
+    {{- if .Values.config.HTTPS.Enabled }}
     [HTTPS]
     Listen = :443
-    Key = {{ .Values.config.https.key }}
-    Certificate = {{ .Values.config.https.certificate }}
+    Key = {{ .Values.config.HTTPS.Key }}
+    Certificate = {{ .Values.config.HTTPS.Certificate }}
     {{- else}}
     [HTTP]
     Listen = :5252
     {{- end }}
 
     [Logging]
-    ServiceLog = {{ .Values.config.logging.serviceLog }}
-    ServiceLogLevel = {{ .Values.config.logging.serviceLogLevel }}
-    ServiceLogFormat = {{ .Values.config.logging.serviceLogFormat }}
+    ServiceLog = {{ .Values.config.Logging.ServiceLog }}
+    ServiceLogLevel = {{ .Values.config.Logging.ServiceLogLevel }}
+    ServiceLogFormat = {{ .Values.config.Logging.ServiceLogFormat }}
 
     [Metrics]
-    Enabled = {{ .Values.config.metrics.enabled }}
+    Enabled = {{ .Values.config.Metrics.Enabled }}
 
     [Profiling]
-    Enabled = {{ .Values.config.profiling.enabled }}
+    Enabled = {{ .Values.config.Profiling.Enabled }}
     Listen = 3030
 
     [LocalStorage]
-    Enabled = {{ .Values.config.localStorage.enabled }}
-    Location = {{ .Values.config.localStorage.location }}
-    RetentionPeriod = {{ .Values.config.localStorage.retentionPeriod }}
+    Enabled = {{ .Values.config.LocalStorage.Enabled }}
+    Location = {{ .Values.config.LocalStorage.Location }}
+    RetentionPeriod = {{ .Values.config.LocalStorage.RetentionPeriod }}
 
     [S3Storage]
-    Enabled = {{ .Values.config.s3Storage.enabled }}
-    Bucket = {{ .Values.config.s3Storage.bucket }}
-    Prefix = {{ .Values.config.s3Storage.prefix }}
-    Profile = {{ .Values.config.s3Storage.profile }}
-    Region = {{ .Values.config.s3Storage.region }}
+    Enabled = {{ .Values.config.S3Storage.Enabled }}
+    Bucket = {{ .Values.config.S3Storage.Bucket }}
+    Prefix = {{ .Values.config.S3Storage.Prefix }}
+    Profile = {{ .Values.config.S3Storage.Profile }}
+    Region = {{ .Values.config.S3Storage.Region }}
 ---
 
diff --git a/charts/posit-chronicle/templates/stateful-set.yaml b/charts/posit-chronicle/templates/stateful-set.yaml
@@ -44,17 +44,17 @@ spec:
         {{- toYaml .Values.pod.args | nindent 8 }}
         {{- end }}
         ports:
-        {{- if .Values.config.https.enabled }}
+        {{- if .Values.config.HTTPS.Enabled }}
         - containerPort: 443
           name: https
         {{- else}}
         - containerPort: 5252
           name: http
         {{- end }}
         volumeMounts:
-        {{- if .Values.config.localStorage.enabled }}
+        {{- if .Values.config.LocalStorage.Enabled }}
         - name: data
-          mountPath: {{ .Values.config.localStorage.location }}
+          mountPath: {{ .Values.config.LocalStorage.Location }}
         {{- end }}
         - name: chronicle-server-config
           mountPath: /opt/chronicle/config.gcfg
@@ -67,7 +67,7 @@ spec:
       - name: chronicle-server-config
         configMap:
           name: chronicle-server-config
-{{- if .Values.config.localStorage.enabled }}
+{{- if .Values.config.LocalStorage.Enabled }}
   volumeClaimTemplates:
   - metadata:
       name: data

diff --git a/charts/posit-chronicle/templates/svc.yaml b/charts/posit-chronicle/templates/svc.yaml
@@ -12,7 +12,7 @@ spec:
   selector:
     {{- include "posit-chronicle.service.selectorLabels" . | trim | nindent 4 }}
   ports:
-  {{- if .Values.config.https.enabled }}
+  {{- if .Values.config.HTTPS.Enabled }}
   - port: {{ .Values.service.port }}
     targetPort: 443
     name: https