# # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Default values for superset. # This is a YAML-formatted file. # Declare variables to be passed into your templates. replicaCount: 1 # User ID directive. This user must have enough permissions to run the bootstrap script # Runn containers as root is not recommended in production. Change this to another UID - e.g. 1000 to be more secure runAsUser: 0 # Create custom service account for Superset. If create: true and name is not provided, superset.fullname will be used. # serviceAccountName: superset serviceAccount: create: false # Install additional packages and do any other bootstrap configuration in this script # For production clusters it's recommended to build own image with this step done in CI bootstrapScript: | #!/bin/bash rm -rf /var/lib/apt/lists/* && \ pip install \ psycopg2-binary==2.9.1 \ elasticsearch-dbapi \ redis==3.5.3 && \ if [ ! -f ~/bootstrap ]; then echo "Running Superset with uid {{ .Values.runAsUser }}" > ~/bootstrap; fi ## The name of the secret which we will use to generate a superset_config.py file ## Note: this secret must have the key superset_config.py in it and can include other files as well ## configFromSecret: '{{ template "superset.fullname" . }}-config' ## The name of the secret which we will use to populate env vars in deployed pods ## This can be useful for secret keys, etc. ## envFromSecret: '{{ template "superset.fullname" . }}-env' ## This can be a list of template strings envFromSecrets: [] ## Extra environment variables that will be passed into pods ## extraEnv: {} # Extend timeout to allow long running queries. # GUNICORN_TIMEOUT: 300 # OAUTH_HOME_DOMAIN: .. # # If a whitelist is not set, any address that can use your OAuth2 endpoint will be able to login. # # this includes any random Gmail address if your OAuth2 Web App is set to External. # OAUTH_WHITELIST_REGEX: ... ## Extra environment variables in RAW format that will be passed into pods ## extraEnvRaw: [] # Load DB password from other secret (e.g. for zalando operator) # - name: DB_PASS # valueFrom: # secretKeyRef: # name: superset.superset-postgres.credentials.postgresql.acid.zalan.do # key: password ## Extra environment variables to pass as secrets ## extraSecretEnv: {} # MAPBOX_API_KEY: ... # # Google API Keys: https://console.cloud.google.com/apis/credentials # GOOGLE_KEY: ... # GOOGLE_SECRET: ... extraConfigs: {} # datasources-init.yaml: | # databases: # - allow_file_upload: true # allow_ctas: true # allow_cvas: true # database_name: example-db # extra: "{\r\n \"metadata_params\": {},\r\n \"engine_params\": {},\r\n \"\ # metadata_cache_timeout\": {},\r\n \"schemas_allowed_for_file_upload\": []\r\n\ # }" # sqlalchemy_uri: example://example-db.local # tables: [] extraSecrets: {} extraVolumes: [] # - name: customConfig # configMap: # name: '{{ template "superset.fullname" . }}-custom-config' # - name: additionalSecret # secret: # secretName: my-secret # defaultMode: 0600 extraVolumeMounts: [] # - name: customConfig # mountPath: /mnt/config # readOnly: true # - name: additionalSecret: # mountPath: /mnt/secret # A dictionary of overrides to append at the end of superset_config.py - the name does not matter # WARNING: the order is not guaranteed configOverrides: language: | LANGUAGES = { 'en': {'flag': 'us', 'name': 'English'}, 'zh': {'flag': 'cn', 'name': 'Chinese'}, } # extend_timeout: | # # Extend timeout to allow long running queries. # SUPERSET_WEBSERVER_TIMEOUT = ... # enable_oauth: | # from flask_appbuilder.security.manager import (AUTH_DB, AUTH_OAUTH) # AUTH_TYPE = AUTH_OAUTH # OAUTH_PROVIDERS = [ # { # "name": "google", # "whitelist": [ os.getenv("OAUTH_WHITELIST_REGEX", "") ], # "icon": "fa-google", # "token_key": "access_token", # "remote_app": { # "client_id": os.environ.get("GOOGLE_KEY"), # "client_secret": os.environ.get("GOOGLE_SECRET"), # "api_base_url": "https://www.googleapis.com/oauth2/v2/", # "client_kwargs": {"scope": "email profile"}, # "request_token_url": None, # "access_token_url": "https://accounts.google.com/o/oauth2/token", # "authorize_url": "https://accounts.google.com/o/oauth2/auth", # "authorize_params": {"hd": os.getenv("OAUTH_HOME_DOMAIN", "")} # } # } # ] # # Map Authlib roles to superset roles # AUTH_ROLE_ADMIN = 'Admin' # AUTH_ROLE_PUBLIC = 'Public' # # Will allow user self registration, allowing to create Flask users from Authorized User # AUTH_USER_REGISTRATION = True # # The default user self registration role # AUTH_USER_REGISTRATION_ROLE = "Admin" # Same as above but the values are files configOverridesFiles: # extend_timeout: extend_timeout.py # enable_oauth: enable_oauth.py configMountPath: "/app/pythonpath" extraConfigMountPath: "/app/configs" image: repository: apache/superset tag: latest pullPolicy: IfNotPresent imagePullSecrets: [] service: type: ClusterIP port: 8088 annotations: {} # cloud.google.com/load-balancer-type: "Internal" loadBalancerIP: null ingress: enabled: false # ingressClassName: nginx annotations: {} # kubernetes.io/tls-acme: "true" ## Extend timeout to allow long running queries. # nginx.ingress.kubernetes.io/proxy-connect-timeout: "300" # nginx.ingress.kubernetes.io/proxy-read-timeout: "300" # nginx.ingress.kubernetes.io/proxy-send-timeout: "300" path: / pathType: ImplementationSpecific hosts: - chart-example.local tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi ## ## Custom hostAliases for all superset pods ## https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/ hostAliases: [] # - hostnames: # - nodns.my.lan # ip: 18.27.36.45 ## ## Superset node configuration supersetNode: command: - "/bin/sh" - "-c" - ". {{ .Values.configMountPath }}/superset_bootstrap.sh; /usr/bin/run-server.sh" connections: redis_host: '{{ template "superset.fullname" . }}-redis-headless' redis_port: "6379" db_host: '{{ template "superset.fullname" . }}-postgresql' db_port: "5432" db_user: superset db_pass: superset db_name: superset env: {} forceReload: false # If true, forces deployment to reload on each upgrade initContainers: - name: wait-for-postgres image: busybox:latest imagePullPolicy: IfNotPresent envFrom: - secretRef: name: '{{ tpl .Values.envFromSecret . }}' command: [ "/bin/sh", "-c", "until nc -zv $DB_HOST $DB_PORT -w1; do echo 'waiting for db'; sleep 1; done" ] ## Annotations to be added to supersetNode deployment deploymentAnnotations: {} ## Annotations to be added to supersetNode pods podAnnotations: {} ## ## Superset worker configuration supersetWorker: command: - "/bin/sh" - "-c" - ". {{ .Values.configMountPath }}/superset_bootstrap.sh; celery --app=superset.tasks.celery_app:app worker" forceReload: false # If true, forces deployment to reload on each upgrade initContainers: - name: wait-for-postgres image: busybox:latest imagePullPolicy: IfNotPresent envFrom: - secretRef: name: '{{ tpl .Values.envFromSecret . }}' command: [ "/bin/sh", "-c", "until nc -zv $DB_HOST $DB_PORT -w1; do echo 'waiting for db'; sleep 1; done" ] ## Annotations to be added to supersetWorker deployment deploymentAnnotations: {} ## Annotations to be added to supersetWorker pods podAnnotations: {} ## ## Superset beat configuration (to trigger scheduled jobs like reports) supersetCeleryBeat: # This is only required if you intend to use alerts and reports enabled: false command: - "/bin/sh" - "-c" - ". {{ .Values.configMountPath }}/superset_bootstrap.sh; celery --app=superset.tasks.celery_app:app beat --pidfile /tmp/celerybeat.pid --schedule /tmp/celerybeat-schedule" forceReload: false # If true, forces deployment to reload on each upgrade initContainers: - name: wait-for-postgres image: busybox:latest imagePullPolicy: IfNotPresent envFrom: - secretRef: name: '{{ tpl .Values.envFromSecret . }}' command: [ "/bin/sh", "-c", "until nc -zv $DB_HOST $DB_PORT -w1; do echo 'waiting for db'; sleep 1; done" ] ## Annotations to be added to supersetCeleryBeat deployment deploymentAnnotations: {} ## Annotations to be added to supersetCeleryBeat pods podAnnotations: {} ## ## Init job configuration init: # Configure resources # Warning: fab command consumes a lot of ram and can # cause the process to be killed due to OOM if it exceeds limit resources: {} # limits: # cpu: # memory: # requests: # cpu: # memory: command: - "/bin/sh" - "-c" - ". {{ .Values.configMountPath }}/superset_bootstrap.sh; . {{ .Values.configMountPath }}/superset_init.sh" enabled: true loadExamples: false createAdmin: true adminUser: username: admin firstname: Superset lastname: Admin email: admin@superset.com password: admin initContainers: - name: wait-for-postgres image: busybox:latest imagePullPolicy: IfNotPresent envFrom: - secretRef: name: '{{ tpl .Values.envFromSecret . }}' command: [ "/bin/sh", "-c", "until nc -zv $DB_HOST $DB_PORT -w1; do echo 'waiting for db'; sleep 1; done" ] initscript: |- #!/bin/sh set -eu echo "Upgrading DB schema..." superset db upgrade echo "Initializing roles..." superset init {{ if .Values.init.createAdmin }} echo "Creating admin user..." superset fab create-admin \ --username {{ .Values.init.adminUser.username }} \ --firstname {{ .Values.init.adminUser.firstname }} \ --lastname {{ .Values.init.adminUser.lastname }} \ --email {{ .Values.init.adminUser.email }} \ --password {{ .Values.init.adminUser.password }} \ || true {{- end }} {{ if .Values.init.loadExamples }} echo "Loading examples..." superset load_examples {{- end }} if [ -f "{{ .Values.extraConfigMountPath }}/import_datasources.yaml" ]; then echo "Importing database connections.... " superset import_datasources -p {{ .Values.extraConfigMountPath }}/import_datasources.yaml fi ## Annotations to be added to init job pods podAnnotations: {} ## ## Configuration values for the postgresql dependency. ## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md postgresql: ## ## Use the PostgreSQL chart dependency. ## Set to false if bringing your own PostgreSQL. enabled: true ## ## The name of an existing secret that contains the postgres password. existingSecret: ## Name of the key containing the secret. existingSecretKey: postgresql-password ## ## If you are bringing your own PostgreSQL, you should set postgresHost and ## also probably service.port, postgresqlUsername, postgresqlPassword, and postgresqlDatabase ## postgresHost: ## ## PostgreSQL port service: port: 5432 ## PostgreSQL User to create. postgresqlUsername: superset ## ## PostgreSQL Password for the new user. ## If not set, a random 10 characters password will be used. postgresqlPassword: superset ## ## PostgreSQL Database to create. postgresqlDatabase: superset ## ## Persistent Volume Storage configuration. ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes persistence: ## ## Enable PostgreSQL persistence using Persistent Volume Claims. enabled: true ## ## Persistant class # storageClass: classname ## ## Access modes: accessModes: - ReadWriteOnce ## Configuration values for the Redis dependency. ## ref: https://github.com/kubernetes/charts/blob/master/stable/redis/README.md redis: ## ## Use the redis chart dependency. ## Set to false if bringing your own redis. enabled: true usePassword: false ## ## The name of an existing secret that contains the redis password. existingSecret: ## Name of the key containing the secret. existingSecretKey: redis-password ## ## If you are bringing your own redis, you can set the host in redisHost. ## redisHost: ## ## Redis password ## password: superset ## ## Master configuration master: ## ## Image configuration # image: ## ## docker registry secret names (list) # pullSecrets: nil ## ## Configure persistance persistence: ## ## Use a PVC to persist data. enabled: false ## ## Persistant class # storageClass: classname ## ## Access mode: accessModes: - ReadWriteOnce ## ## Disable cluster management by default. cluster: enabled: false nodeSelector: {} tolerations: [] affinity: {}