From 9135465247feffd50a220d274285ea11b955b757 Mon Sep 17 00:00:00 2001
From: marsal wang <707783088@qq.com>
Date: Thu, 13 Jan 2022 20:00:36 +0800
Subject: [PATCH] upgrade
---
README.md | 12 +-
local-values/fluentd/values.yaml | 11 +-
local-values/kibana/crm1.yaml | 1 -
superset/.gitignore | 4 +
superset/.helmignore | 37 ++
superset/Chart.yaml | 34 ++
superset/templates/NOTES.txt | 36 ++
superset/templates/_helpers.tpl | 121 +++++
superset/templates/configmap-superset.yaml | 32 ++
superset/templates/deployment-beat.yaml | 122 +++++
superset/templates/deployment-worker.yaml | 122 +++++
superset/templates/deployment.yaml | 144 ++++++
superset/templates/ingress.yaml | 59 +++
superset/templates/init-job.yaml | 96 ++++
superset/templates/secret-env.yaml | 39 ++
.../templates/secret-superset-config.yaml | 40 ++
superset/templates/service-account.yaml | 31 ++
superset/templates/service.yaml | 42 ++
superset/values.yaml | 446 ++++++++++++++++++
19 files changed, 1426 insertions(+), 3 deletions(-)
create mode 100644 superset/.gitignore
create mode 100644 superset/.helmignore
create mode 100644 superset/Chart.yaml
create mode 100644 superset/templates/NOTES.txt
create mode 100644 superset/templates/_helpers.tpl
create mode 100644 superset/templates/configmap-superset.yaml
create mode 100644 superset/templates/deployment-beat.yaml
create mode 100644 superset/templates/deployment-worker.yaml
create mode 100644 superset/templates/deployment.yaml
create mode 100644 superset/templates/ingress.yaml
create mode 100644 superset/templates/init-job.yaml
create mode 100644 superset/templates/secret-env.yaml
create mode 100644 superset/templates/secret-superset-config.yaml
create mode 100644 superset/templates/service-account.yaml
create mode 100644 superset/templates/service.yaml
create mode 100644 superset/values.yaml
diff --git a/README.md b/README.md
index 06e356d..7ba8299 100644
--- a/README.md
+++ b/README.md
@@ -134,4 +134,14 @@ helm upgrade -i torna-server torna/ --values local-values/torna/values.yaml -n
```
-helm upgrade -i --namespace=crm1 new-sino-crm1 doc/helm/new-sino --values doc/helm/new-sino/values.yaml
\ No newline at end of file
+helm upgrade -i --namespace=crm1 new-sino-crm1 doc/helm/new-sino --values doc/helm/new-sino/values.yaml
+
+
+## superset
+https://hub.fastgit.org/apache/superset/tree/master/helm/superset
+
+```
+
+helm upgrade -i superset superset/ -n harbor
+
+```
\ No newline at end of file
diff --git a/local-values/fluentd/values.yaml b/local-values/fluentd/values.yaml
index ada4704..050fc71 100644
--- a/local-values/fluentd/values.yaml
+++ b/local-values/fluentd/values.yaml
@@ -166,7 +166,7 @@ forwarder:
# Get the logs from the containers running in the node
@type tail
- path /var/log/containers/*.log
+ path /var/log/containers/*sa-server-*.log,/var/log/containers/*new-sino-*.log
# exclude Fluentd logs
exclude_path /var/log/containers/*fluentd*.log
pos_file /opt/bitnami/fluentd/logs/buffers/fluentd-docker.pos
@@ -179,8 +179,17 @@ forwarder:
# enrich with kubernetes metadata
+ #
+ #
+ # key tag
+ # pattern /^kubernetes.var.log.containers.(new-sino|sa-server)/
+ #
+ #
@type kubernetes_metadata
+ skip_namespace_metadata true
+ skip_labels true
+ skip_master_url true
fluentd-output.conf: |
# Throw the healthcheck to the standard output instead of forwarding it
diff --git a/local-values/kibana/crm1.yaml b/local-values/kibana/crm1.yaml
index ebb9fa2..3247f80 100644
--- a/local-values/kibana/crm1.yaml
+++ b/local-values/kibana/crm1.yaml
@@ -530,7 +530,6 @@ elasticsearch:
## @param elasticsearch.hosts List of elasticsearch hosts to connect to.
## e.g:
hosts:
- - elasticsearch-master
- elasticsearch-data
##
# hosts: []
diff --git a/superset/.gitignore b/superset/.gitignore
new file mode 100644
index 0000000..2e16b9f
--- /dev/null
+++ b/superset/.gitignore
@@ -0,0 +1,4 @@
+charts
+
+# Don't require this to be pushed, as it will require things to be kept in sync and linted
+requirements.lock
diff --git a/superset/.helmignore b/superset/.helmignore
new file mode 100644
index 0000000..a92a08b
--- /dev/null
+++ b/superset/.helmignore
@@ -0,0 +1,37 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/superset/Chart.yaml b/superset/Chart.yaml
new file mode 100644
index 0000000..1e0b13e
--- /dev/null
+++ b/superset/Chart.yaml
@@ -0,0 +1,34 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+apiVersion: v2
+appVersion: "1.0"
+description: Apache Superset is a modern, enterprise-ready business intelligence web application
+name: superset
+maintainers:
+ - name: craig-rueda
+ email: craig@craigrueda.com
+ url: https://github.com/craig-rueda
+version: 0.5.4
+dependencies:
+- name: postgresql
+ version: 10.2.0
+ repository: https://charts.bitnami.com/bitnami
+ condition: postgresql.enabled
+- name: redis
+ version: 12.3.3
+ repository: https://charts.bitnami.com/bitnami
+ condition: redis.enabled
diff --git a/superset/templates/NOTES.txt b/superset/templates/NOTES.txt
new file mode 100644
index 0000000..07fcba3
--- /dev/null
+++ b/superset/templates/NOTES.txt
@@ -0,0 +1,36 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+ http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "superset.fullname" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get svc -w {{ template "superset.fullname" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "superset.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+ echo "Visit http://127.0.0.1:8088 to use your application"
+ kubectl port-forward service/superset 8088:8088 --namespace {{ .Release.Namespace }}
+{{- end }}
diff --git a/superset/templates/_helpers.tpl b/superset/templates/_helpers.tpl
new file mode 100644
index 0000000..eef1b09
--- /dev/null
+++ b/superset/templates/_helpers.tpl
@@ -0,0 +1,121 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "superset.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "superset.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "superset.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+{{- default (include "superset.fullname" .) .Values.serviceAccountName -}}
+{{- else -}}
+{{- default "default" .Values.serviceAccountName -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "superset.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "superset-config" }}
+import os
+from cachelib.redis import RedisCache
+
+def env(key, default=None):
+ return os.getenv(key, default)
+
+MAPBOX_API_KEY = env('MAPBOX_API_KEY', '')
+CACHE_CONFIG = {
+ 'CACHE_TYPE': 'redis',
+ 'CACHE_DEFAULT_TIMEOUT': 300,
+ 'CACHE_KEY_PREFIX': 'superset_',
+ 'CACHE_REDIS_HOST': env('REDIS_HOST'),
+ 'CACHE_REDIS_PORT': env('REDIS_PORT'),
+ 'CACHE_REDIS_PASSWORD': env('REDIS_PASSWORD'),
+ 'CACHE_REDIS_DB': env('REDIS_DB', 1),
+}
+DATA_CACHE_CONFIG = CACHE_CONFIG
+
+SQLALCHEMY_DATABASE_URI = f"postgresql+psycopg2://{env('DB_USER')}:{env('DB_PASS')}@{env('DB_HOST')}:{env('DB_PORT')}/{env('DB_NAME')}"
+SQLALCHEMY_TRACK_MODIFICATIONS = True
+SECRET_KEY = env('SECRET_KEY', 'thisISaSECRET_1234')
+
+# Flask-WTF flag for CSRF
+WTF_CSRF_ENABLED = True
+# Add endpoints that need to be exempt from CSRF protection
+WTF_CSRF_EXEMPT_LIST = []
+# A CSRF token that expires in 1 year
+WTF_CSRF_TIME_LIMIT = 60 * 60 * 24 * 365
+class CeleryConfig(object):
+ BROKER_URL = f"redis://{env('REDIS_HOST')}:{env('REDIS_PORT')}/0"
+ CELERY_IMPORTS = ('superset.sql_lab', )
+ CELERY_RESULT_BACKEND = f"redis://{env('REDIS_HOST')}:{env('REDIS_PORT')}/0"
+ CELERY_ANNOTATIONS = {'tasks.add': {'rate_limit': '10/s'}}
+
+CELERY_CONFIG = CeleryConfig
+RESULTS_BACKEND = RedisCache(
+ host=env('REDIS_HOST'),
+ port=env('REDIS_PORT'),
+ key_prefix='superset_results'
+)
+
+{{ if .Values.configOverrides }}
+# Overrides
+{{- range $key, $value := .Values.configOverrides }}
+# {{ $key }}
+{{ tpl $value $ }}
+{{- end }}
+{{- end }}
+{{ if .Values.configOverridesFiles }}
+# Overrides from files
+{{- $files := .Files }}
+{{- range $key, $value := .Values.configOverridesFiles }}
+# {{ $key }}
+{{ $files.Get $value }}
+{{- end }}
+{{- end }}
+
+{{- end }}
diff --git a/superset/templates/configmap-superset.yaml b/superset/templates/configmap-superset.yaml
new file mode 100644
index 0000000..a7d7b09
--- /dev/null
+++ b/superset/templates/configmap-superset.yaml
@@ -0,0 +1,32 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+{{- if .Values.extraConfigs }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "superset.fullname" . }}-extra-config
+ labels:
+ app: {{ template "superset.name" . }}
+ chart: {{ template "superset.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{- range $path, $config := .Values.extraConfigs }}
+ {{ $path }}: |
+{{- tpl $config $ | nindent 4 -}}
+{{- end -}}
+{{- end -}}
diff --git a/superset/templates/deployment-beat.yaml b/superset/templates/deployment-beat.yaml
new file mode 100644
index 0000000..c014959
--- /dev/null
+++ b/superset/templates/deployment-beat.yaml
@@ -0,0 +1,122 @@
+{{- if .Values.supersetCeleryBeat.enabled -}}
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "superset.fullname" . }}-celerybeat
+ labels:
+ app: {{ template "superset.name" . }}-celerybeat
+ chart: {{ template "superset.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+{{- if .Values.supersetCeleryBeat.deploymentAnnotations }}
+ annotations:
+ {{ toYaml .Values.supersetCeleryBeat.deploymentAnnotations | nindent 4 }}
+{{- end }}
+spec:
+ # This must be a singleton
+ replicas: 1
+ selector:
+ matchLabels:
+ app: {{ template "superset.name" . }}-celerybeat
+ release: {{ .Release.Name }}
+ template:
+ metadata:
+ annotations:
+ checksum/superset_config.py: {{ include "superset-config" . | sha256sum }}
+ checksum/connections: {{ .Values.supersetNode.connections | toYaml | sha256sum }}
+ checksum/extraConfigs: {{ .Values.extraConfigs | toYaml | sha256sum }}
+ checksum/extraSecrets: {{ .Values.extraSecrets | toYaml | sha256sum }}
+ checksum/extraSecretEnv: {{ .Values.extraSecretEnv | toYaml | sha256sum }}
+ checksum/configOverrides: {{ .Values.configOverrides | toYaml | sha256sum }}
+ checksum/configOverridesFiles: {{ .Values.configOverridesFiles | toYaml | sha256sum }}
+ {{ if .Values.supersetCeleryBeat.forceReload }}
+ # Optionally force the thing to reload
+ force-reload: {{ randAlphaNum 5 | quote }}
+ {{ end }}
+ {{- if .Values.supersetCeleryBeat.podAnnotations }}
+ {{ toYaml .Values.supersetCeleryBeat.podAnnotations | nindent 8 }}
+ {{- end }}
+ labels:
+ app: {{ template "superset.name" . }}-celerybeat
+ release: {{ .Release.Name }}
+ spec:
+ securityContext:
+ runAsUser: {{ .Values.runAsUser }}
+ {{- if .Values.supersetCeleryBeat.initContainers }}
+ initContainers:
+ {{- tpl (toYaml .Values.supersetCeleryBeat.initContainers) . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.hostAliases }}
+ hostAliases: {{ toYaml . | nindent 6 }}
+ {{- end }}
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ command: {{ tpl (toJson .Values.supersetCeleryBeat.command) . }}
+ env:
+ - name: "SUPERSET_PORT"
+ value: {{ .Values.service.port | quote}}
+ {{- range $key, $value := .Values.extraEnv }}
+ - name: {{ $key | quote}}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- if .Values.extraEnvRaw }}
+ {{- toYaml .Values.extraEnvRaw | nindent 12 }}
+ {{- end }}
+ envFrom:
+ - secretRef:
+ name: {{ tpl .Values.envFromSecret . | quote }}
+ {{- range .Values.envFromSecrets }}
+ - secretRef:
+ name: {{ tpl . $ | quote }}
+ {{- end }}
+ volumeMounts:
+ - name: superset-config
+ mountPath: {{ .Values.configMountPath | quote }}
+ readOnly: true
+ {{- with .Values.extraVolumeMounts }}
+ {{- tpl (toYaml .) $ | nindent 12 -}}
+ {{- end }}
+ resources:
+{{ toYaml .Values.resources | indent 12 }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+{{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: superset-config
+ secret:
+ secretName: {{ tpl .Values.configFromSecret . }}
+ {{- with .Values.extraVolumes }}
+ {{- tpl (toYaml .) $ | nindent 8 -}}
+ {{- end }}
+{{- end -}}
diff --git a/superset/templates/deployment-worker.yaml b/superset/templates/deployment-worker.yaml
new file mode 100644
index 0000000..8a86349
--- /dev/null
+++ b/superset/templates/deployment-worker.yaml
@@ -0,0 +1,122 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "superset.fullname" . }}-worker
+ labels:
+ app: {{ template "superset.name" . }}-worker
+ chart: {{ template "superset.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+{{- if .Values.supersetWorker.deploymentAnnotations }}
+ annotations:
+ {{ toYaml .Values.supersetWorker.deploymentAnnotations | nindent 4 }}
+{{- end }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ template "superset.name" . }}-worker
+ release: {{ .Release.Name }}
+ template:
+ metadata:
+ annotations:
+ checksum/superset_config.py: {{ include "superset-config" . | sha256sum }}
+ checksum/connections: {{ .Values.supersetNode.connections | toYaml | sha256sum }}
+ checksum/extraConfigs: {{ .Values.extraConfigs | toYaml | sha256sum }}
+ checksum/extraSecrets: {{ .Values.extraSecrets | toYaml | sha256sum }}
+ checksum/extraSecretEnv: {{ .Values.extraSecretEnv | toYaml | sha256sum }}
+ checksum/configOverrides: {{ .Values.configOverrides | toYaml | sha256sum }}
+ checksum/configOverridesFiles: {{ .Values.configOverridesFiles | toYaml | sha256sum }}
+ {{ if .Values.supersetWorker.forceReload }}
+ # Optionally force the thing to reload
+ force-reload: {{ randAlphaNum 5 | quote }}
+ {{ end }}
+ {{- if .Values.supersetWorker.podAnnotations }}
+ {{ toYaml .Values.supersetWorker.podAnnotations | nindent 8 }}
+ {{- end }}
+ labels:
+ app: {{ template "superset.name" . }}-worker
+ release: {{ .Release.Name }}
+ spec:
+ {{- if or (.Values.serviceAccount.create) (.Values.serviceAccountName) }}
+ serviceAccountName: {{ template "superset.serviceAccountName" . }}
+ {{- end }}
+ securityContext:
+ runAsUser: {{ .Values.runAsUser }}
+ {{- if .Values.supersetWorker.initContainers }}
+ initContainers:
+ {{- tpl (toYaml .Values.supersetWorker.initContainers) . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.hostAliases }}
+ hostAliases: {{ toYaml . | nindent 6 }}
+ {{- end }}
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ command: {{ tpl (toJson .Values.supersetWorker.command) . }}
+ env:
+ - name: "SUPERSET_PORT"
+ value: {{ .Values.service.port | quote}}
+ {{- range $key, $value := .Values.extraEnv }}
+ - name: {{ $key | quote}}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- if .Values.extraEnvRaw }}
+ {{- toYaml .Values.extraEnvRaw | nindent 12 }}
+ {{- end }}
+ envFrom:
+ - secretRef:
+ name: {{ tpl .Values.envFromSecret . | quote }}
+ {{- range .Values.envFromSecrets }}
+ - secretRef:
+ name: {{ tpl . $ | quote }}
+ {{- end }}
+ volumeMounts:
+ - name: superset-config
+ mountPath: {{ .Values.configMountPath | quote }}
+ readOnly: true
+ {{- with .Values.extraVolumeMounts }}
+ {{- tpl (toYaml .) $ | nindent 12 -}}
+ {{- end }}
+ resources:
+{{ toYaml .Values.resources | indent 12 }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+{{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: superset-config
+ secret:
+ secretName: {{ tpl .Values.configFromSecret . }}
+ {{- with .Values.extraVolumes }}
+ {{- tpl (toYaml .) $ | nindent 8 -}}
+ {{- end }}
diff --git a/superset/templates/deployment.yaml b/superset/templates/deployment.yaml
new file mode 100644
index 0000000..10de683
--- /dev/null
+++ b/superset/templates/deployment.yaml
@@ -0,0 +1,144 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "superset.fullname" . }}
+ labels:
+ app: {{ template "superset.name" . }}
+ chart: {{ template "superset.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+{{- if .Values.supersetNode.deploymentAnnotations }}
+ annotations:
+ {{ toYaml .Values.supersetNode.deploymentAnnotations | nindent 4 }}
+{{- end }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ template "superset.name" . }}
+ release: {{ .Release.Name }}
+ template:
+ metadata:
+ annotations:
+ # Force reload on config changes
+ checksum/superset_config.py: {{ include "superset-config" . | sha256sum }}
+ checksum/superset_init.sh: {{ tpl .Values.init.initscript . | sha256sum }}
+ checksum/superset_bootstrap.sh: {{ tpl .Values.bootstrapScript . | sha256sum }}
+ checksum/connections: {{ .Values.supersetNode.connections | toYaml | sha256sum }}
+ checksum/extraConfigs: {{ .Values.extraConfigs | toYaml | sha256sum }}
+ checksum/extraSecrets: {{ .Values.extraSecrets | toYaml | sha256sum }}
+ checksum/extraSecretEnv: {{ .Values.extraSecretEnv | toYaml | sha256sum }}
+ checksum/configOverrides: {{ .Values.configOverrides | toYaml | sha256sum }}
+ checksum/configOverridesFiles: {{ .Values.configOverridesFiles | toYaml | sha256sum }}
+ {{- if .Values.supersetNode.forceReload }}
+ # Optionally force the thing to reload
+ force-reload: {{ randAlphaNum 5 | quote }}
+ {{- end }}
+ {{- if .Values.supersetNode.podAnnotations }}
+ {{ toYaml .Values.supersetNode.podAnnotations | nindent 8 }}
+ {{- end }}
+ labels:
+ app: {{ template "superset.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ {{- if or (.Values.serviceAccount.create) (.Values.serviceAccountName) }}
+ serviceAccountName: {{ template "superset.serviceAccountName" . }}
+ {{- end }}
+ securityContext:
+ runAsUser: {{ .Values.runAsUser }}
+ {{- if .Values.supersetNode.initContainers }}
+ initContainers:
+ {{- tpl (toYaml .Values.supersetNode.initContainers) . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.hostAliases }}
+ hostAliases: {{ toYaml . | nindent 6 }}
+ {{- end }}
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ command: {{ tpl (toJson .Values.supersetNode.command) . }}
+ env:
+ - name: "SUPERSET_PORT"
+ value: {{ .Values.service.port | quote}}
+ {{- range $key, $value := .Values.extraEnv }}
+ - name: {{ $key | quote}}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- range $key, $value := .Values.supersetNode.env }}
+ - name: {{ $key | quote}}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- if .Values.extraEnvRaw }}
+ {{- toYaml .Values.extraEnvRaw | nindent 12 }}
+ {{- end }}
+ envFrom:
+ - secretRef:
+ name: {{ tpl .Values.envFromSecret . | quote }}
+ {{- range .Values.envFromSecrets }}
+ - secretRef:
+ name: {{ tpl . $ | quote }}
+ {{- end }}
+ volumeMounts:
+ - name: superset-config
+ mountPath: {{ .Values.configMountPath | quote }}
+ readOnly: true
+ {{- if .Values.extraConfigs }}
+ - name: superset-extra-config
+ mountPath: {{ .Values.extraConfigMountPath | quote }}
+ readOnly: true
+ {{- end }}
+ {{- with .Values.extraVolumeMounts }}
+ {{- tpl (toYaml .) $ | nindent 12 -}}
+ {{- end }}
+ ports:
+ - name: http
+ containerPort: {{ .Values.service.port }}
+ protocol: TCP
+ resources:
+{{ toYaml .Values.resources | indent 12 }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+{{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+ {{- end }}
+
+ volumes:
+ - name: superset-config
+ secret:
+ secretName: {{ tpl .Values.configFromSecret . }}
+ {{- if .Values.extraConfigs }}
+ - name: superset-extra-config
+ configMap:
+ name: {{ template "superset.fullname" . }}-extra-config
+ {{- end }}
+ {{- with .Values.extraVolumes }}
+ {{- tpl (toYaml .) $ | nindent 8 -}}
+ {{- end }}
diff --git a/superset/templates/ingress.yaml b/superset/templates/ingress.yaml
new file mode 100644
index 0000000..2a151cc
--- /dev/null
+++ b/superset/templates/ingress.yaml
@@ -0,0 +1,59 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+{{ if .Values.ingress.enabled -}}
+{{- $fullName := include "superset.fullname" . -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: {{ $fullName }}
+ labels:
+ app: {{ template "superset.name" . }}
+ chart: {{ template "superset.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+{{- with .Values.ingress.annotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.ingress.ingressClassName }}
+ ingressClassName: {{ .Values.ingress.ingressClassName }}
+{{- end }}
+{{- if .Values.ingress.tls }}
+ tls:
+ {{- range .Values.ingress.tls }}
+ - hosts:
+ {{- range .hosts }}
+ - {{ . }}
+ {{- end }}
+ secretName: {{ .secretName }}
+ {{- end }}
+{{- end }}
+ rules:
+ {{- range .Values.ingress.hosts }}
+ - host: {{ . }}
+ http:
+ paths:
+ - path: {{ $.Values.ingress.path }}
+ pathType: {{ $.Values.ingress.pathType }}
+ backend:
+ service:
+ name: {{ $fullName }}
+ port:
+ name: http
+ {{- end }}
+{{- end }}
diff --git a/superset/templates/init-job.yaml b/superset/templates/init-job.yaml
new file mode 100644
index 0000000..483ced8
--- /dev/null
+++ b/superset/templates/init-job.yaml
@@ -0,0 +1,96 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+{{- if .Values.init.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ template "superset.name" . }}-init-db
+ annotations:
+ "helm.sh/hook": post-install,post-upgrade
+ "helm.sh/hook-delete-policy": "before-hook-creation"
+spec:
+ template:
+ metadata:
+ name: {{ template "superset.name" . }}-init-db
+ {{- if .Values.init.podAnnotations }}
+ annotations:
+ {{ toYaml .Values.init.podAnnotations | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- if or (.Values.serviceAccount.create) (.Values.serviceAccountName) }}
+ serviceAccountName: {{ template "superset.serviceAccountName" . }}
+ {{- end }}
+ securityContext:
+ runAsUser: {{ .Values.runAsUser }}
+ {{- if .Values.init.initContainers }}
+ initContainers:
+ {{- tpl (toYaml .Values.init.initContainers) . | nindent 6 }}
+ {{- end }}
+ containers:
+ - name: {{ template "superset.name" . }}-init-db
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ {{- if or .Values.extraEnv .Values.extraEnvRaw }}
+ env:
+ {{- range $key, $value := .Values.extraEnv }}
+ - name: {{ $key | quote }}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- if .Values.extraEnvRaw }}
+ {{- toYaml .Values.extraEnvRaw | nindent 10 }}
+ {{- end }}
+ {{- end }}
+ envFrom:
+ - secretRef:
+ name: {{ tpl .Values.envFromSecret . }}
+ {{- range .Values.envFromSecrets }}
+ - secretRef:
+ name: {{ tpl . $ }}
+ {{- end }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ volumeMounts:
+ - name: superset-config
+ mountPath: {{ .Values.configMountPath | quote }}
+ readOnly: true
+ {{- if .Values.extraConfigs }}
+ - name: superset-extra-config
+ mountPath: {{ .Values.extraConfigMountPath | quote }}
+ readOnly: true
+ {{- end }}
+ {{- with .Values.extraVolumeMounts }}
+ {{- tpl (toYaml .) $ | nindent 10 -}}
+ {{- end }}
+ command: {{ tpl (toJson .Values.init.command) . }}
+ resources:
+{{ toYaml .Values.init.resources | indent 10 }}
+{{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: superset-config
+ secret:
+ secretName: {{ tpl .Values.configFromSecret . }}
+ {{- if .Values.extraConfigs }}
+ - name: superset-extra-config
+ configMap:
+ name: {{ template "superset.fullname" . }}-extra-config
+ {{- end }}
+ {{- with .Values.extraVolumes }}
+ {{- tpl (toYaml .) $ | nindent 8 -}}
+ {{- end }}
+ restartPolicy: Never
+{{- end }}
diff --git a/superset/templates/secret-env.yaml b/superset/templates/secret-env.yaml
new file mode 100644
index 0000000..278ecc4
--- /dev/null
+++ b/superset/templates/secret-env.yaml
@@ -0,0 +1,39 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "superset.fullname" . }}-env
+ labels:
+ app: {{ template "superset.fullname" . }}
+ chart: {{ template "superset.chart" . }}
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+type: Opaque
+stringData:
+ REDIS_HOST: {{ tpl .Values.supersetNode.connections.redis_host . | quote }}
+ REDIS_PORT: {{ .Values.supersetNode.connections.redis_port | quote }}
+ DB_HOST: {{ tpl .Values.supersetNode.connections.db_host . | quote }}
+ DB_PORT: {{ .Values.supersetNode.connections.db_port | quote }}
+ DB_USER: {{ .Values.supersetNode.connections.db_user | quote }}
+ DB_PASS: {{ .Values.supersetNode.connections.db_pass | quote }}
+ DB_NAME: {{ .Values.supersetNode.connections.db_name | quote }}
+ {{- if .Values.extraSecretEnv }}
+ {{- range $key, $value := .Values.extraSecretEnv }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
diff --git a/superset/templates/secret-superset-config.yaml b/superset/templates/secret-superset-config.yaml
new file mode 100644
index 0000000..ddf0bef
--- /dev/null
+++ b/superset/templates/secret-superset-config.yaml
@@ -0,0 +1,40 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "superset.fullname" . }}-config
+ labels:
+ app: {{ template "superset.fullname" . }}
+ chart: {{ template "superset.chart" . }}
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+type: Opaque
+stringData:
+ superset_config.py: |
+{{- include "superset-config" . | nindent 4 }}
+ superset_init.sh: |
+{{- tpl .Values.init.initscript . | nindent 4 }}
+ superset_bootstrap.sh: |
+{{- tpl .Values.bootstrapScript . | nindent 4 }}
+
+{{- if .Values.extraSecrets }}
+{{- range $path, $config := .Values.extraSecrets }}
+ {{ $path }}: |
+{{- tpl $config $ | nindent 4 -}}
+{{- end -}}
+{{- end -}}
diff --git a/superset/templates/service-account.yaml b/superset/templates/service-account.yaml
new file mode 100644
index 0000000..680b137
--- /dev/null
+++ b/superset/templates/service-account.yaml
@@ -0,0 +1,31 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "superset.serviceAccountName" . }}
+ labels:
+ app.kubernetes.io/name: {{ include "superset.name" . }}
+ helm.sh/chart: {{ include "superset.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ {{- if semverCompare "> 1.6" .Capabilities.KubeVersion.GitVersion }}
+ kubernetes.io/cluster-service: "true"
+ {{- end }}
+ addonmanager.kubernetes.io/mode: Reconcile
+{{- end -}}
diff --git a/superset/templates/service.yaml b/superset/templates/service.yaml
new file mode 100644
index 0000000..0124ad2
--- /dev/null
+++ b/superset/templates/service.yaml
@@ -0,0 +1,42 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "superset.fullname" . }}
+ labels:
+ app: {{ template "superset.name" . }}
+ chart: {{ template "superset.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+{{- with .Values.service.annotations }}
+ annotations:
+{{- toYaml . | nindent 4 }}
+{{- end }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.port }}
+ targetPort: http
+ protocol: TCP
+ name: http
+ selector:
+ app: {{ template "superset.name" . }}
+ release: {{ .Release.Name }}
+ {{- if .Values.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+ {{- end }}
diff --git a/superset/values.yaml b/superset/values.yaml
new file mode 100644
index 0000000..e5eb9a5
--- /dev/null
+++ b/superset/values.yaml
@@ -0,0 +1,446 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Default values for superset.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+# User ID directive. This user must have enough permissions to run the bootstrap script
+# Runn containers as root is not recommended in production. Change this to another UID - e.g. 1000 to be more secure
+runAsUser: 0
+
+# Create custom service account for Superset. If create: true and name is not provided, superset.fullname will be used.
+# serviceAccountName: superset
+serviceAccount:
+ create: false
+
+# Install additional packages and do any other bootstrap configuration in this script
+# For production clusters it's recommended to build own image with this step done in CI
+bootstrapScript: |
+ #!/bin/bash
+ rm -rf /var/lib/apt/lists/* && \
+ pip install \
+ psycopg2-binary==2.9.1 \
+ redis==3.5.3 && \
+ if [ ! -f ~/bootstrap ]; then echo "Running Superset with uid {{ .Values.runAsUser }}" > ~/bootstrap; fi
+
+## The name of the secret which we will use to generate a superset_config.py file
+## Note: this secret must have the key superset_config.py in it and can include other files as well
+##
+configFromSecret: '{{ template "superset.fullname" . }}-config'
+
+## The name of the secret which we will use to populate env vars in deployed pods
+## This can be useful for secret keys, etc.
+##
+envFromSecret: '{{ template "superset.fullname" . }}-env'
+## This can be a list of template strings
+envFromSecrets: []
+
+## Extra environment variables that will be passed into pods
+##
+extraEnv: {}
+ # Extend timeout to allow long running queries.
+ # GUNICORN_TIMEOUT: 300
+
+
+ # OAUTH_HOME_DOMAIN: ..
+ # # If a whitelist is not set, any address that can use your OAuth2 endpoint will be able to login.
+ # # this includes any random Gmail address if your OAuth2 Web App is set to External.
+ # OAUTH_WHITELIST_REGEX: ...
+
+## Extra environment variables in RAW format that will be passed into pods
+##
+extraEnvRaw: []
+ # Load DB password from other secret (e.g. for zalando operator)
+ # - name: DB_PASS
+ # valueFrom:
+ # secretKeyRef:
+ # name: superset.superset-postgres.credentials.postgresql.acid.zalan.do
+ # key: password
+
+## Extra environment variables to pass as secrets
+##
+extraSecretEnv: {}
+ # MAPBOX_API_KEY: ...
+ # # Google API Keys: https://console.cloud.google.com/apis/credentials
+ # GOOGLE_KEY: ...
+ # GOOGLE_SECRET: ...
+
+extraConfigs: {}
+ # datasources-init.yaml: |
+ # databases:
+ # - allow_file_upload: true
+ # allow_ctas: true
+ # allow_cvas: true
+ # database_name: example-db
+ # extra: "{\r\n \"metadata_params\": {},\r\n \"engine_params\": {},\r\n \"\
+ # metadata_cache_timeout\": {},\r\n \"schemas_allowed_for_file_upload\": []\r\n\
+ # }"
+ # sqlalchemy_uri: example://example-db.local
+ # tables: []
+
+extraSecrets: {}
+
+extraVolumes: []
+ # - name: customConfig
+ # configMap:
+ # name: '{{ template "superset.fullname" . }}-custom-config'
+ # - name: additionalSecret
+ # secret:
+ # secretName: my-secret
+ # defaultMode: 0600
+
+extraVolumeMounts: []
+ # - name: customConfig
+ # mountPath: /mnt/config
+ # readOnly: true
+ # - name: additionalSecret:
+ # mountPath: /mnt/secret
+
+# A dictionary of overrides to append at the end of superset_config.py - the name does not matter
+# WARNING: the order is not guaranteed
+configOverrides: {}
+ # extend_timeout: |
+ # # Extend timeout to allow long running queries.
+ # SUPERSET_WEBSERVER_TIMEOUT = ...
+ # enable_oauth: |
+ # from flask_appbuilder.security.manager import (AUTH_DB, AUTH_OAUTH)
+ # AUTH_TYPE = AUTH_OAUTH
+
+ # OAUTH_PROVIDERS = [
+ # {
+ # "name": "google",
+ # "whitelist": [ os.getenv("OAUTH_WHITELIST_REGEX", "") ],
+ # "icon": "fa-google",
+ # "token_key": "access_token",
+ # "remote_app": {
+ # "client_id": os.environ.get("GOOGLE_KEY"),
+ # "client_secret": os.environ.get("GOOGLE_SECRET"),
+ # "api_base_url": "https://www.googleapis.com/oauth2/v2/",
+ # "client_kwargs": {"scope": "email profile"},
+ # "request_token_url": None,
+ # "access_token_url": "https://accounts.google.com/o/oauth2/token",
+ # "authorize_url": "https://accounts.google.com/o/oauth2/auth",
+ # "authorize_params": {"hd": os.getenv("OAUTH_HOME_DOMAIN", "")}
+ # }
+ # }
+ # ]
+ # # Map Authlib roles to superset roles
+ # AUTH_ROLE_ADMIN = 'Admin'
+ # AUTH_ROLE_PUBLIC = 'Public'
+ # # Will allow user self registration, allowing to create Flask users from Authorized User
+ # AUTH_USER_REGISTRATION = True
+ # # The default user self registration role
+ # AUTH_USER_REGISTRATION_ROLE = "Admin"
+# Same as above but the values are files
+configOverridesFiles:
+ # extend_timeout: extend_timeout.py
+ # enable_oauth: enable_oauth.py
+
+
+configMountPath: "/app/pythonpath"
+
+extraConfigMountPath: "/app/configs"
+
+image:
+ repository: apache/superset
+ tag: latest
+ pullPolicy: IfNotPresent
+
+imagePullSecrets: []
+
+
+service:
+ type: ClusterIP
+ port: 8088
+ annotations: {}
+ # cloud.google.com/load-balancer-type: "Internal"
+ loadBalancerIP: null
+
+ingress:
+ enabled: false
+ # ingressClassName: nginx
+ annotations: {}
+ # kubernetes.io/tls-acme: "true"
+ ## Extend timeout to allow long running queries.
+ # nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
+ # nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
+ # nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
+ path: /
+ pathType: ImplementationSpecific
+ hosts:
+ - chart-example.local
+ tls: []
+ # - secretName: chart-example-tls
+ # hosts:
+ # - chart-example.local
+
+resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+##
+## Custom hostAliases for all superset pods
+## https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/
+hostAliases: []
+# - hostnames:
+# - nodns.my.lan
+# ip: 18.27.36.45
+
+
+##
+## Superset node configuration
+supersetNode:
+ command:
+ - "/bin/sh"
+ - "-c"
+ - ". {{ .Values.configMountPath }}/superset_bootstrap.sh; /usr/bin/run-server.sh"
+ connections:
+ redis_host: '{{ template "superset.fullname" . }}-redis-headless'
+ redis_port: "6379"
+ db_host: '{{ template "superset.fullname" . }}-postgresql'
+ db_port: "5432"
+ db_user: superset
+ db_pass: superset
+ db_name: superset
+ env: {}
+ forceReload: false # If true, forces deployment to reload on each upgrade
+ initContainers:
+ - name: wait-for-postgres
+ image: busybox:latest
+ imagePullPolicy: IfNotPresent
+ envFrom:
+ - secretRef:
+ name: '{{ tpl .Values.envFromSecret . }}'
+ command: [ "/bin/sh", "-c", "until nc -zv $DB_HOST $DB_PORT -w1; do echo 'waiting for db'; sleep 1; done" ]
+ ## Annotations to be added to supersetNode deployment
+ deploymentAnnotations: {}
+ ## Annotations to be added to supersetNode pods
+ podAnnotations: {}
+
+##
+## Superset worker configuration
+supersetWorker:
+ command:
+ - "/bin/sh"
+ - "-c"
+ - ". {{ .Values.configMountPath }}/superset_bootstrap.sh; celery --app=superset.tasks.celery_app:app worker"
+ forceReload: false # If true, forces deployment to reload on each upgrade
+ initContainers:
+ - name: wait-for-postgres
+ image: busybox:latest
+ imagePullPolicy: IfNotPresent
+ envFrom:
+ - secretRef:
+ name: '{{ tpl .Values.envFromSecret . }}'
+ command: [ "/bin/sh", "-c", "until nc -zv $DB_HOST $DB_PORT -w1; do echo 'waiting for db'; sleep 1; done" ]
+ ## Annotations to be added to supersetWorker deployment
+ deploymentAnnotations: {}
+ ## Annotations to be added to supersetWorker pods
+ podAnnotations: {}
+
+##
+## Superset beat configuration (to trigger scheduled jobs like reports)
+supersetCeleryBeat:
+ # This is only required if you intend to use alerts and reports
+ enabled: false
+ command:
+ - "/bin/sh"
+ - "-c"
+ - ". {{ .Values.configMountPath }}/superset_bootstrap.sh; celery --app=superset.tasks.celery_app:app beat --pidfile /tmp/celerybeat.pid --schedule /tmp/celerybeat-schedule"
+ forceReload: false # If true, forces deployment to reload on each upgrade
+ initContainers:
+ - name: wait-for-postgres
+ image: busybox:latest
+ imagePullPolicy: IfNotPresent
+ envFrom:
+ - secretRef:
+ name: '{{ tpl .Values.envFromSecret . }}'
+ command: [ "/bin/sh", "-c", "until nc -zv $DB_HOST $DB_PORT -w1; do echo 'waiting for db'; sleep 1; done" ]
+ ## Annotations to be added to supersetCeleryBeat deployment
+ deploymentAnnotations: {}
+ ## Annotations to be added to supersetCeleryBeat pods
+ podAnnotations: {}
+
+##
+## Init job configuration
+init:
+ # Configure resources
+ # Warning: fab command consumes a lot of ram and can
+ # cause the process to be killed due to OOM if it exceeds limit
+ resources: {}
+ # limits:
+ # cpu:
+ # memory:
+ # requests:
+ # cpu:
+ # memory:
+ command:
+ - "/bin/sh"
+ - "-c"
+ - ". {{ .Values.configMountPath }}/superset_bootstrap.sh; . {{ .Values.configMountPath }}/superset_init.sh"
+ enabled: true
+ loadExamples: false
+ createAdmin: true
+ adminUser:
+ username: admin
+ firstname: Superset
+ lastname: Admin
+ email: admin@superset.com
+ password: admin
+ initContainers:
+ - name: wait-for-postgres
+ image: busybox:latest
+ imagePullPolicy: IfNotPresent
+ envFrom:
+ - secretRef:
+ name: '{{ tpl .Values.envFromSecret . }}'
+ command: [ "/bin/sh", "-c", "until nc -zv $DB_HOST $DB_PORT -w1; do echo 'waiting for db'; sleep 1; done" ]
+ initscript: |-
+ #!/bin/sh
+ set -eu
+ echo "Upgrading DB schema..."
+ superset db upgrade
+ echo "Initializing roles..."
+ superset init
+ {{ if .Values.init.createAdmin }}
+ echo "Creating admin user..."
+ superset fab create-admin \
+ --username {{ .Values.init.adminUser.username }} \
+ --firstname {{ .Values.init.adminUser.firstname }} \
+ --lastname {{ .Values.init.adminUser.lastname }} \
+ --email {{ .Values.init.adminUser.email }} \
+ --password {{ .Values.init.adminUser.password }} \
+ || true
+ {{- end }}
+ {{ if .Values.init.loadExamples }}
+ echo "Loading examples..."
+ superset load_examples
+ {{- end }}
+ if [ -f "{{ .Values.extraConfigMountPath }}/import_datasources.yaml" ]; then
+ echo "Importing database connections.... "
+ superset import_datasources -p {{ .Values.extraConfigMountPath }}/import_datasources.yaml
+ fi
+ ## Annotations to be added to init job pods
+ podAnnotations: {}
+##
+## Configuration values for the postgresql dependency.
+## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md
+postgresql:
+ ##
+ ## Use the PostgreSQL chart dependency.
+ ## Set to false if bringing your own PostgreSQL.
+ enabled: true
+ ##
+ ## The name of an existing secret that contains the postgres password.
+ existingSecret:
+ ## Name of the key containing the secret.
+ existingSecretKey: postgresql-password
+ ##
+ ## If you are bringing your own PostgreSQL, you should set postgresHost and
+ ## also probably service.port, postgresqlUsername, postgresqlPassword, and postgresqlDatabase
+ ## postgresHost:
+ ##
+ ## PostgreSQL port
+ service:
+ port: 5432
+ ## PostgreSQL User to create.
+ postgresqlUsername: superset
+ ##
+ ## PostgreSQL Password for the new user.
+ ## If not set, a random 10 characters password will be used.
+ postgresqlPassword: superset
+ ##
+ ## PostgreSQL Database to create.
+ postgresqlDatabase: superset
+ ##
+ ## Persistent Volume Storage configuration.
+ ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes
+ persistence:
+ ##
+ ## Enable PostgreSQL persistence using Persistent Volume Claims.
+ enabled: true
+ ##
+ ## Persistant class
+ # storageClass: classname
+ ##
+ ## Access modes:
+ accessModes:
+ - ReadWriteOnce
+
+## Configuration values for the Redis dependency.
+## ref: https://github.com/kubernetes/charts/blob/master/stable/redis/README.md
+redis:
+ ##
+ ## Use the redis chart dependency.
+ ## Set to false if bringing your own redis.
+ enabled: true
+ usePassword: false
+ ##
+ ## The name of an existing secret that contains the redis password.
+ existingSecret:
+ ## Name of the key containing the secret.
+ existingSecretKey: redis-password
+ ##
+ ## If you are bringing your own redis, you can set the host in redisHost.
+ ## redisHost:
+ ##
+ ## Redis password
+ ##
+ password: superset
+ ##
+ ## Master configuration
+ master:
+ ##
+ ## Image configuration
+ # image:
+ ##
+ ## docker registry secret names (list)
+ # pullSecrets: nil
+ ##
+ ## Configure persistance
+ persistence:
+ ##
+ ## Use a PVC to persist data.
+ enabled: false
+ ##
+ ## Persistant class
+ # storageClass: classname
+ ##
+ ## Access mode:
+ accessModes:
+ - ReadWriteOnce
+ ##
+ ## Disable cluster management by default.
+ cluster:
+ enabled: false
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}