From 4bf77851bac3576f2b8aaaebcac848b4b4e02e89 Mon Sep 17 00:00:00 2001
From: Leah Tacke genannt Unterberg <leah.tgu@pads.rwth-aachen.de>
Date: Wed, 9 Apr 2025 17:21:01 +0200
Subject: [PATCH] seperated mitm-superset helm chart
---
helm/mitm-superset/.gitignore | 4 +
helm/mitm-superset/.helmignore | 37 +
helm/mitm-superset/Chart.lock | 12 +
helm/mitm-superset/Chart.yaml | 41 +
helm/mitm-superset/README.md | 338 ++++++
helm/mitm-superset/README.md.gotmpl | 50 +
helm/mitm-superset/templates/NOTES.txt | 37 +
helm/mitm-superset/templates/_helpers.tpl | 163 +++
.../templates/configmap-superset.yaml | 39 +
.../templates/deployment-beat.yaml | 173 ++++
.../templates/deployment-flower.yaml | 163 +++
.../templates/deployment-worker.yaml | 187 ++++
.../templates/deployment-ws.yaml | 159 +++
helm/mitm-superset/templates/deployment.yaml | 197 ++++
helm/mitm-superset/templates/hpa-node.yaml | 57 ++
helm/mitm-superset/templates/hpa-worker.yaml | 57 ++
helm/mitm-superset/templates/ingress.yaml | 77 ++
helm/mitm-superset/templates/init-job.yaml | 149 +++
helm/mitm-superset/templates/pdb-beat.yaml | 48 +
helm/mitm-superset/templates/pdb-flower.yaml | 48 +
helm/mitm-superset/templates/pdb-worker.yaml | 48 +
helm/mitm-superset/templates/pdb-ws.yaml | 48 +
helm/mitm-superset/templates/pdb.yaml | 48 +
helm/mitm-superset/templates/secret-env.yaml | 60 ++
.../templates/secret-superset-config.yaml | 47 +
helm/mitm-superset/templates/secret-ws.yaml | 38 +
.../templates/service-flower.yaml | 53 +
helm/mitm-superset/templates/service-ws.yaml | 53 +
helm/mitm-superset/templates/service.yaml | 51 +
.../templates/serviceaccount.yaml | 41 +
helm/mitm-superset/values.yaml | 964 ++++++++++++++++++
31 files changed, 3487 insertions(+)
create mode 100644 helm/mitm-superset/.gitignore
create mode 100644 helm/mitm-superset/.helmignore
create mode 100644 helm/mitm-superset/Chart.lock
create mode 100644 helm/mitm-superset/Chart.yaml
create mode 100644 helm/mitm-superset/README.md
create mode 100644 helm/mitm-superset/README.md.gotmpl
create mode 100644 helm/mitm-superset/templates/NOTES.txt
create mode 100644 helm/mitm-superset/templates/_helpers.tpl
create mode 100644 helm/mitm-superset/templates/configmap-superset.yaml
create mode 100644 helm/mitm-superset/templates/deployment-beat.yaml
create mode 100644 helm/mitm-superset/templates/deployment-flower.yaml
create mode 100644 helm/mitm-superset/templates/deployment-worker.yaml
create mode 100644 helm/mitm-superset/templates/deployment-ws.yaml
create mode 100644 helm/mitm-superset/templates/deployment.yaml
create mode 100644 helm/mitm-superset/templates/hpa-node.yaml
create mode 100644 helm/mitm-superset/templates/hpa-worker.yaml
create mode 100644 helm/mitm-superset/templates/ingress.yaml
create mode 100644 helm/mitm-superset/templates/init-job.yaml
create mode 100644 helm/mitm-superset/templates/pdb-beat.yaml
create mode 100644 helm/mitm-superset/templates/pdb-flower.yaml
create mode 100644 helm/mitm-superset/templates/pdb-worker.yaml
create mode 100644 helm/mitm-superset/templates/pdb-ws.yaml
create mode 100644 helm/mitm-superset/templates/pdb.yaml
create mode 100644 helm/mitm-superset/templates/secret-env.yaml
create mode 100644 helm/mitm-superset/templates/secret-superset-config.yaml
create mode 100644 helm/mitm-superset/templates/secret-ws.yaml
create mode 100644 helm/mitm-superset/templates/service-flower.yaml
create mode 100644 helm/mitm-superset/templates/service-ws.yaml
create mode 100644 helm/mitm-superset/templates/service.yaml
create mode 100644 helm/mitm-superset/templates/serviceaccount.yaml
create mode 100644 helm/mitm-superset/values.yaml
diff --git a/helm/mitm-superset/.gitignore b/helm/mitm-superset/.gitignore
new file mode 100644
index 0000000000..2e16b9f2f7
--- /dev/null
+++ b/helm/mitm-superset/.gitignore
@@ -0,0 +1,4 @@
+charts
+
+# Don't require this to be pushed, as it will require things to be kept in sync and linted
+requirements.lock
diff --git a/helm/mitm-superset/.helmignore b/helm/mitm-superset/.helmignore
new file mode 100644
index 0000000000..a92a08b67e
--- /dev/null
+++ b/helm/mitm-superset/.helmignore
@@ -0,0 +1,37 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/helm/mitm-superset/Chart.lock b/helm/mitm-superset/Chart.lock
new file mode 100644
index 0000000000..b8cc122bb9
--- /dev/null
+++ b/helm/mitm-superset/Chart.lock
@@ -0,0 +1,12 @@
+dependencies:
+- name: postgresql
+ repository: oci://registry-1.docker.io/bitnamicharts
+ version: 13.4.4
+- name: redis
+ repository: oci://registry-1.docker.io/bitnamicharts
+ version: 17.9.4
+- name: superset-mitm-service
+ repository: oci://registry-1.docker.io/leahtgu
+ version: 0.1.1
+digest: sha256:7453ef9a2931ded80c999853692344ec8c3e779e999f1b8120d86d108c1fef14
+generated: "2025-04-09T14:32:24.7839858+02:00"
diff --git a/helm/mitm-superset/Chart.yaml b/helm/mitm-superset/Chart.yaml
new file mode 100644
index 0000000000..ca0403acb7
--- /dev/null
+++ b/helm/mitm-superset/Chart.yaml
@@ -0,0 +1,41 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+apiVersion: v2
+appVersion: "4.1.1"
+description: Apache Superset is a modern, enterprise-ready business intelligence web application
+name: mitm-superset
+icon: https://artifacthub.io/image/68c1d717-0e97-491f-b046-754e46f46922@2x
+home: https://superset.apache.org/
+keywords:
+ - business intelligence
+ - data science
+sources:
+ - https://git-ce.rwth-aachen.de/machine-data/mitm-superset
+version: 0.1.0
+dependencies:
+ - name: postgresql
+ version: 13.4.4
+ repository: oci://registry-1.docker.io/bitnamicharts
+ condition: postgresql.enabled
+ - name: redis
+ version: 17.9.4
+ repository: oci://registry-1.docker.io/bitnamicharts
+ condition: redis.enabled
+ - name: superset-mitm-service
+ version: 0.1.1
+ repository: oci://registry-1.docker.io/leahtgu
+ condition: superset-mitm-service.enabled
diff --git a/helm/mitm-superset/README.md b/helm/mitm-superset/README.md
new file mode 100644
index 0000000000..8f92a40ffa
--- /dev/null
+++ b/helm/mitm-superset/README.md
@@ -0,0 +1,338 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<!--
+NOTE: This file is generated by helm-docs: https://github.com/norwoodj/helm-docs#installation
+-->
+
+# superset
+
+
+
+Apache Superset is a modern, enterprise-ready business intelligence web application
+
+**Homepage:** <https://superset.apache.org/>
+
+## Source Code
+
+* <https://github.com/apache/superset>
+
+## TL;DR
+
+```console
+helm repo add superset http://apache.github.io/superset/
+helm install my-superset superset/superset
+```
+
+Make sure you set your own `SECRET_KEY` to something unique and secret. This secret key is used by Flask for
+securely signing the session cookie and will be used to encrypt sensitive data on Superset's metadata database.
+It should be a long random bytes or str.
+
+On helm this can be set on `extraSecretEnv.SUPERSET_SECRET_KEY` or `configOverrides.secrets`
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| oci://registry-1.docker.io/bitnamicharts | postgresql | 13.4.4 |
+| oci://registry-1.docker.io/bitnamicharts | redis | 17.9.4 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` | |
+| bootstrapScript | string | see `values.yaml` | Install additional packages and do any other bootstrap configuration in this script For production clusters it's recommended to build own image with this step done in CI |
+| configFromSecret | string | `"{{ template \"superset.fullname\" . }}-config"` | The name of the secret which we will use to generate a superset_config.py file Note: this secret must have the key superset_config.py in it and can include other files as well |
+| configMountPath | string | `"/app/pythonpath"` | |
+| configOverrides | object | `{}` | A dictionary of overrides to append at the end of superset_config.py - the name does not matter WARNING: the order is not guaranteed Files can be passed as helm --set-file configOverrides.my-override=my-file.py |
+| configOverridesFiles | object | `{}` | Same as above but the values are files |
+| envFromSecret | string | `"{{ template \"superset.fullname\" . }}-env"` | The name of the secret which we will use to populate env vars in deployed pods This can be useful for secret keys, etc. |
+| envFromSecrets | list | `[]` | This can be a list of templated strings |
+| extraConfigMountPath | string | `"/app/configs"` | |
+| extraConfigs | object | `{}` | Extra files to be mounted as ConfigMap on the path specified in `extraConfigMountPath` |
+| extraEnv | object | `{}` | Extra environment variables that will be passed into pods |
+| extraEnvRaw | list | `[]` | Extra environment variables in RAW format that will be passed into pods |
+| extraLabels | object | `{}` | Labels to be added to all resources |
+| extraSecretEnv | object | `{}` | Extra environment variables to pass as secrets |
+| extraSecrets | object | `{}` | Extra files to be mounted as Secrets on the path specified in `configMountPath` |
+| extraVolumeMounts | list | `[]` | |
+| extraVolumes | list | `[]` | |
+| fullnameOverride | string | `nil` | Provide a name to override the full names of resources |
+| hostAliases | list | `[]` | Custom hostAliases for all superset pods # https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/ |
+| image.pullPolicy | string | `"IfNotPresent"` | |
+| image.repository | string | `"apachesuperset.docker.scarf.sh/apache/superset"` | |
+| image.tag | string | `nil` | |
+| imagePullSecrets | list | `[]` | |
+| ingress.annotations | object | `{}` | |
+| ingress.enabled | bool | `false` | |
+| ingress.extraHostsRaw | list | `[]` | |
+| ingress.hosts[0] | string | `"chart-example.local"` | |
+| ingress.ingressClassName | string | `nil` | |
+| ingress.path | string | `"/"` | |
+| ingress.pathType | string | `"ImplementationSpecific"` | |
+| ingress.tls | list | `[]` | |
+| init.adminUser.email | string | `"admin@superset.com"` | |
+| init.adminUser.firstname | string | `"Superset"` | |
+| init.adminUser.lastname | string | `"Admin"` | |
+| init.adminUser.password | string | `"admin"` | |
+| init.adminUser.username | string | `"admin"` | |
+| init.affinity | object | `{}` | |
+| init.command | list | a `superset_init.sh` command | Command |
+| init.containerSecurityContext | object | `{}` | |
+| init.createAdmin | bool | `true` | |
+| init.enabled | bool | `true` | |
+| init.extraContainers | list | `[]` | Launch additional containers into init job pod |
+| init.initContainers | list | a container waiting for postgres | List of initContainers |
+| init.initscript | string | a script to create admin user and initialize roles | A Superset init script |
+| init.jobAnnotations."helm.sh/hook" | string | `"post-install,post-upgrade"` | |
+| init.jobAnnotations."helm.sh/hook-delete-policy" | string | `"before-hook-creation"` | |
+| init.loadExamples | bool | `false` | |
+| init.podAnnotations | object | `{}` | |
+| init.podLabels | object | `{}` | |
+| init.podSecurityContext | object | `{}` | |
+| init.priorityClassName | string | `nil` | Set priorityClassName for init job pods |
+| init.resources | object | `{}` | |
+| init.tolerations | list | `[]` | |
+| init.topologySpreadConstraints | list | `[]` | TopologySpreadConstrains to be added to init job |
+| initImage.pullPolicy | string | `"IfNotPresent"` | |
+| initImage.repository | string | `"apache/superset"` | |
+| initImage.tag | string | `"dockerize"` | |
+| nameOverride | string | `nil` | Provide a name to override the name of the chart |
+| nodeSelector | object | `{}` | |
+| postgresql | object | see `values.yaml` | Configuration values for the postgresql dependency. ref: https://github.com/bitnami/charts/tree/main/bitnami/postgresql |
+| priorityClassName | string | `nil` | Set priorityClassName for superset pods |
+| redis | object | see `values.yaml` | Configuration values for the Redis dependency. ref: https://github.com/bitnami/charts/blob/master/bitnami/redis More documentation can be found here: https://artifacthub.io/packages/helm/bitnami/redis |
+| resources | object | `{}` | |
+| runAsUser | int | `0` | User ID directive. This user must have enough permissions to run the bootstrap script Running containers as root is not recommended in production. Change this to another UID - e.g. 1000 to be more secure |
+| secretEnv | object | `{"create":true}` | Specify rather or not helm should create the secret described in `secret-env.yaml` template |
+| secretEnv.create | bool | `true` | Change to false in order to support externally created secret (Binami "Sealed Secrets" for Kubernetes or External Secrets Operator) note: when externally creating the secret, the chart still expects to pull values from a secret with the name of the release defaults to `release-name-superset-env` - full logic located in _helpers.tpl file: `define "superset.fullname"` |
+| service.annotations | object | `{}` | |
+| service.loadBalancerIP | string | `nil` | |
+| service.nodePort.http | int | `"nil"` | |
+| service.port | int | `8088` | |
+| service.type | string | `"ClusterIP"` | |
+| serviceAccount.annotations | object | `{}` | |
+| serviceAccount.create | bool | `false` | Create custom service account for Superset. If create: true and serviceAccountName is not provided, `superset.fullname` will be used. |
+| serviceAccountName | string | `nil` | Specify service account name to be used |
+| supersetCeleryBeat.affinity | object | `{}` | Affinity to be added to supersetCeleryBeat deployment |
+| supersetCeleryBeat.command | list | a `celery beat` command | Command |
+| supersetCeleryBeat.containerSecurityContext | object | `{}` | |
+| supersetCeleryBeat.deploymentAnnotations | object | `{}` | Annotations to be added to supersetCeleryBeat deployment |
+| supersetCeleryBeat.enabled | bool | `false` | This is only required if you intend to use alerts and reports |
+| supersetCeleryBeat.extraContainers | list | `[]` | Launch additional containers into supersetCeleryBeat pods |
+| supersetCeleryBeat.forceReload | bool | `false` | If true, forces deployment to reload on each upgrade |
+| supersetCeleryBeat.initContainers | list | a container waiting for postgres | List of init containers |
+| supersetCeleryBeat.podAnnotations | object | `{}` | Annotations to be added to supersetCeleryBeat pods |
+| supersetCeleryBeat.podDisruptionBudget | object | `{"enabled":false,"maxUnavailable":1,"minAvailable":1}` | Sets the [pod disruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) for supersetCeleryBeat pods |
+| supersetCeleryBeat.podDisruptionBudget.enabled | bool | `false` | Whether the pod disruption budget should be created |
+| supersetCeleryBeat.podDisruptionBudget.maxUnavailable | int | `1` | If set, minAvailable must not be set - see https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget |
+| supersetCeleryBeat.podDisruptionBudget.minAvailable | int | `1` | If set, maxUnavailable must not be set - see https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget |
+| supersetCeleryBeat.podLabels | object | `{}` | Labels to be added to supersetCeleryBeat pods |
+| supersetCeleryBeat.podSecurityContext | object | `{}` | |
+| supersetCeleryBeat.priorityClassName | string | `nil` | Set priorityClassName for CeleryBeat pods |
+| supersetCeleryBeat.resources | object | `{}` | Resource settings for the CeleryBeat pods - these settings overwrite might existing values from the global resources object defined above. |
+| supersetCeleryBeat.topologySpreadConstraints | list | `[]` | TopologySpreadConstrains to be added to supersetCeleryBeat deployments |
+| supersetCeleryFlower.affinity | object | `{}` | Affinity to be added to supersetCeleryFlower deployment |
+| supersetCeleryFlower.command | list | a `celery flower` command | Command |
+| supersetCeleryFlower.containerSecurityContext | object | `{}` | |
+| supersetCeleryFlower.deploymentAnnotations | object | `{}` | Annotations to be added to supersetCeleryFlower deployment |
+| supersetCeleryFlower.enabled | bool | `false` | Enables a Celery flower deployment (management UI to monitor celery jobs) WARNING: on superset 1.x, this requires a Superset image that has `flower<1.0.0` installed (which is NOT the case of the default images) flower>=1.0.0 requires Celery 5+ which Superset 1.5 does not support |
+| supersetCeleryFlower.extraContainers | list | `[]` | Launch additional containers into supersetCeleryFlower pods |
+| supersetCeleryFlower.initContainers | list | a container waiting for postgres and redis | List of init containers |
+| supersetCeleryFlower.livenessProbe.failureThreshold | int | `3` | |
+| supersetCeleryFlower.livenessProbe.httpGet.path | string | `"/api/workers"` | |
+| supersetCeleryFlower.livenessProbe.httpGet.port | string | `"flower"` | |
+| supersetCeleryFlower.livenessProbe.initialDelaySeconds | int | `5` | |
+| supersetCeleryFlower.livenessProbe.periodSeconds | int | `5` | |
+| supersetCeleryFlower.livenessProbe.successThreshold | int | `1` | |
+| supersetCeleryFlower.livenessProbe.timeoutSeconds | int | `1` | |
+| supersetCeleryFlower.podAnnotations | object | `{}` | Annotations to be added to supersetCeleryFlower pods |
+| supersetCeleryFlower.podDisruptionBudget | object | `{"enabled":false,"maxUnavailable":1,"minAvailable":1}` | Sets the [pod disruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) for supersetCeleryFlower pods |
+| supersetCeleryFlower.podDisruptionBudget.enabled | bool | `false` | Whether the pod disruption budget should be created |
+| supersetCeleryFlower.podDisruptionBudget.maxUnavailable | int | `1` | If set, minAvailable must not be set - see https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget |
+| supersetCeleryFlower.podDisruptionBudget.minAvailable | int | `1` | If set, maxUnavailable must not be set - see https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget |
+| supersetCeleryFlower.podLabels | object | `{}` | Labels to be added to supersetCeleryFlower pods |
+| supersetCeleryFlower.podSecurityContext | object | `{}` | |
+| supersetCeleryFlower.priorityClassName | string | `nil` | Set priorityClassName for supersetCeleryFlower pods |
+| supersetCeleryFlower.readinessProbe.failureThreshold | int | `3` | |
+| supersetCeleryFlower.readinessProbe.httpGet.path | string | `"/api/workers"` | |
+| supersetCeleryFlower.readinessProbe.httpGet.port | string | `"flower"` | |
+| supersetCeleryFlower.readinessProbe.initialDelaySeconds | int | `5` | |
+| supersetCeleryFlower.readinessProbe.periodSeconds | int | `5` | |
+| supersetCeleryFlower.readinessProbe.successThreshold | int | `1` | |
+| supersetCeleryFlower.readinessProbe.timeoutSeconds | int | `1` | |
+| supersetCeleryFlower.replicaCount | int | `1` | |
+| supersetCeleryFlower.resources | object | `{}` | Resource settings for the CeleryBeat pods - these settings overwrite might existing values from the global resources object defined above. |
+| supersetCeleryFlower.service.annotations | object | `{}` | |
+| supersetCeleryFlower.service.loadBalancerIP | string | `nil` | |
+| supersetCeleryFlower.service.nodePort.http | int | `"nil"` | |
+| supersetCeleryFlower.service.port | int | `5555` | |
+| supersetCeleryFlower.service.type | string | `"ClusterIP"` | |
+| supersetCeleryFlower.startupProbe.failureThreshold | int | `60` | |
+| supersetCeleryFlower.startupProbe.httpGet.path | string | `"/api/workers"` | |
+| supersetCeleryFlower.startupProbe.httpGet.port | string | `"flower"` | |
+| supersetCeleryFlower.startupProbe.initialDelaySeconds | int | `5` | |
+| supersetCeleryFlower.startupProbe.periodSeconds | int | `5` | |
+| supersetCeleryFlower.startupProbe.successThreshold | int | `1` | |
+| supersetCeleryFlower.startupProbe.timeoutSeconds | int | `1` | |
+| supersetCeleryFlower.topologySpreadConstraints | list | `[]` | TopologySpreadConstrains to be added to supersetCeleryFlower deployments |
+| supersetNode.affinity | object | `{}` | Affinity to be added to supersetNode deployment |
+| supersetNode.autoscaling.enabled | bool | `false` | |
+| supersetNode.autoscaling.maxReplicas | int | `100` | |
+| supersetNode.autoscaling.minReplicas | int | `1` | |
+| supersetNode.autoscaling.targetCPUUtilizationPercentage | int | `80` | |
+| supersetNode.command | list | See `values.yaml` | Startup command |
+| supersetNode.connections.db_host | string | `"{{ .Release.Name }}-postgresql"` | |
+| supersetNode.connections.db_name | string | `"superset"` | |
+| supersetNode.connections.db_pass | string | `"superset"` | |
+| supersetNode.connections.db_port | string | `"5432"` | |
+| supersetNode.connections.db_user | string | `"superset"` | |
+| supersetNode.connections.redis_cache_db | string | `"1"` | |
+| supersetNode.connections.redis_celery_db | string | `"0"` | |
+| supersetNode.connections.redis_host | string | `"{{ .Release.Name }}-redis-headless"` | Change in case of bringing your own redis and then also set redis.enabled:false |
+| supersetNode.connections.redis_port | string | `"6379"` | |
+| supersetNode.connections.redis_ssl.enabled | bool | `false` | |
+| supersetNode.connections.redis_ssl.ssl_cert_reqs | string | `"CERT_NONE"` | |
+| supersetNode.connections.redis_user | string | `""` | |
+| supersetNode.containerSecurityContext | object | `{}` | |
+| supersetNode.deploymentAnnotations | object | `{}` | Annotations to be added to supersetNode deployment |
+| supersetNode.deploymentLabels | object | `{}` | Labels to be added to supersetNode deployment |
+| supersetNode.env | object | `{}` | |
+| supersetNode.extraContainers | list | `[]` | Launch additional containers into supersetNode pod |
+| supersetNode.forceReload | bool | `false` | If true, forces deployment to reload on each upgrade |
+| supersetNode.initContainers | list | a container waiting for postgres | Init containers |
+| supersetNode.livenessProbe.failureThreshold | int | `3` | |
+| supersetNode.livenessProbe.httpGet.path | string | `"/health"` | |
+| supersetNode.livenessProbe.httpGet.port | string | `"http"` | |
+| supersetNode.livenessProbe.initialDelaySeconds | int | `15` | |
+| supersetNode.livenessProbe.periodSeconds | int | `15` | |
+| supersetNode.livenessProbe.successThreshold | int | `1` | |
+| supersetNode.livenessProbe.timeoutSeconds | int | `1` | |
+| supersetNode.podAnnotations | object | `{}` | Annotations to be added to supersetNode pods |
+| supersetNode.podDisruptionBudget | object | `{"enabled":false,"maxUnavailable":1,"minAvailable":1}` | Sets the [pod disruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) for supersetNode pods |
+| supersetNode.podDisruptionBudget.enabled | bool | `false` | Whether the pod disruption budget should be created |
+| supersetNode.podDisruptionBudget.maxUnavailable | int | `1` | If set, minAvailable must not be set - see https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget |
+| supersetNode.podDisruptionBudget.minAvailable | int | `1` | If set, maxUnavailable must not be set - see https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget |
+| supersetNode.podLabels | object | `{}` | Labels to be added to supersetNode pods |
+| supersetNode.podSecurityContext | object | `{}` | |
+| supersetNode.readinessProbe.failureThreshold | int | `3` | |
+| supersetNode.readinessProbe.httpGet.path | string | `"/health"` | |
+| supersetNode.readinessProbe.httpGet.port | string | `"http"` | |
+| supersetNode.readinessProbe.initialDelaySeconds | int | `15` | |
+| supersetNode.readinessProbe.periodSeconds | int | `15` | |
+| supersetNode.readinessProbe.successThreshold | int | `1` | |
+| supersetNode.readinessProbe.timeoutSeconds | int | `1` | |
+| supersetNode.replicas.enabled | bool | `true` | |
+| supersetNode.replicas.replicaCount | int | `1` | |
+| supersetNode.resources | object | `{}` | Resource settings for the supersetNode pods - these settings overwrite might existing values from the global resources object defined above. |
+| supersetNode.startupProbe.failureThreshold | int | `60` | |
+| supersetNode.startupProbe.httpGet.path | string | `"/health"` | |
+| supersetNode.startupProbe.httpGet.port | string | `"http"` | |
+| supersetNode.startupProbe.initialDelaySeconds | int | `15` | |
+| supersetNode.startupProbe.periodSeconds | int | `5` | |
+| supersetNode.startupProbe.successThreshold | int | `1` | |
+| supersetNode.startupProbe.timeoutSeconds | int | `1` | |
+| supersetNode.strategy | object | `{}` | |
+| supersetNode.topologySpreadConstraints | list | `[]` | TopologySpreadConstrains to be added to supersetNode deployments |
+| supersetWebsockets.affinity | object | `{}` | Affinity to be added to supersetWebsockets deployment |
+| supersetWebsockets.command | list | `[]` | |
+| supersetWebsockets.config | object | see `values.yaml` | The config.json to pass to the server, see https://github.com/apache/superset/tree/master/superset-websocket Note that the configuration can also read from environment variables (which will have priority), see https://github.com/apache/superset/blob/master/superset-websocket/src/config.ts for a list of supported variables |
+| supersetWebsockets.containerSecurityContext | object | `{}` | |
+| supersetWebsockets.deploymentAnnotations | object | `{}` | |
+| supersetWebsockets.enabled | bool | `false` | This is only required if you intend to use `GLOBAL_ASYNC_QUERIES` in `ws` mode see https://github.com/apache/superset/blob/master/CONTRIBUTING.md#async-chart-queries |
+| supersetWebsockets.extraContainers | list | `[]` | Launch additional containers into supersetWebsockets pods |
+| supersetWebsockets.image.pullPolicy | string | `"IfNotPresent"` | |
+| supersetWebsockets.image.repository | string | `"oneacrefund/superset-websocket"` | There is no official image (yet), this one is community-supported |
+| supersetWebsockets.image.tag | string | `"latest"` | |
+| supersetWebsockets.ingress.path | string | `"/ws"` | |
+| supersetWebsockets.ingress.pathType | string | `"Prefix"` | |
+| supersetWebsockets.livenessProbe.failureThreshold | int | `3` | |
+| supersetWebsockets.livenessProbe.httpGet.path | string | `"/health"` | |
+| supersetWebsockets.livenessProbe.httpGet.port | string | `"ws"` | |
+| supersetWebsockets.livenessProbe.initialDelaySeconds | int | `5` | |
+| supersetWebsockets.livenessProbe.periodSeconds | int | `5` | |
+| supersetWebsockets.livenessProbe.successThreshold | int | `1` | |
+| supersetWebsockets.livenessProbe.timeoutSeconds | int | `1` | |
+| supersetWebsockets.podAnnotations | object | `{}` | |
+| supersetWebsockets.podDisruptionBudget | object | `{"enabled":false,"maxUnavailable":1,"minAvailable":1}` | Sets the [pod disruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) for supersetWebsockets pods |
+| supersetWebsockets.podDisruptionBudget.enabled | bool | `false` | Whether the pod disruption budget should be created |
+| supersetWebsockets.podDisruptionBudget.maxUnavailable | int | `1` | If set, minAvailable must not be set - see https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget |
+| supersetWebsockets.podDisruptionBudget.minAvailable | int | `1` | If set, maxUnavailable must not be set - see https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget |
+| supersetWebsockets.podLabels | object | `{}` | |
+| supersetWebsockets.podSecurityContext | object | `{}` | |
+| supersetWebsockets.priorityClassName | string | `nil` | Set priorityClassName for supersetWebsockets pods |
+| supersetWebsockets.readinessProbe.failureThreshold | int | `3` | |
+| supersetWebsockets.readinessProbe.httpGet.path | string | `"/health"` | |
+| supersetWebsockets.readinessProbe.httpGet.port | string | `"ws"` | |
+| supersetWebsockets.readinessProbe.initialDelaySeconds | int | `5` | |
+| supersetWebsockets.readinessProbe.periodSeconds | int | `5` | |
+| supersetWebsockets.readinessProbe.successThreshold | int | `1` | |
+| supersetWebsockets.readinessProbe.timeoutSeconds | int | `1` | |
+| supersetWebsockets.replicaCount | int | `1` | |
+| supersetWebsockets.resources | object | `{}` | |
+| supersetWebsockets.service.annotations | object | `{}` | |
+| supersetWebsockets.service.loadBalancerIP | string | `nil` | |
+| supersetWebsockets.service.nodePort.http | int | `"nil"` | |
+| supersetWebsockets.service.port | int | `8080` | |
+| supersetWebsockets.service.type | string | `"ClusterIP"` | |
+| supersetWebsockets.startupProbe.failureThreshold | int | `60` | |
+| supersetWebsockets.startupProbe.httpGet.path | string | `"/health"` | |
+| supersetWebsockets.startupProbe.httpGet.port | string | `"ws"` | |
+| supersetWebsockets.startupProbe.initialDelaySeconds | int | `5` | |
+| supersetWebsockets.startupProbe.periodSeconds | int | `5` | |
+| supersetWebsockets.startupProbe.successThreshold | int | `1` | |
+| supersetWebsockets.startupProbe.timeoutSeconds | int | `1` | |
+| supersetWebsockets.strategy | object | `{}` | |
+| supersetWebsockets.topologySpreadConstraints | list | `[]` | TopologySpreadConstrains to be added to supersetWebsockets deployments |
+| supersetWorker.affinity | object | `{}` | Affinity to be added to supersetWorker deployment |
+| supersetWorker.autoscaling.enabled | bool | `false` | |
+| supersetWorker.autoscaling.maxReplicas | int | `100` | |
+| supersetWorker.autoscaling.minReplicas | int | `1` | |
+| supersetWorker.autoscaling.targetCPUUtilizationPercentage | int | `80` | |
+| supersetWorker.command | list | a `celery worker` command | Worker startup command |
+| supersetWorker.containerSecurityContext | object | `{}` | |
+| supersetWorker.deploymentAnnotations | object | `{}` | Annotations to be added to supersetWorker deployment |
+| supersetWorker.deploymentLabels | object | `{}` | Labels to be added to supersetWorker deployment |
+| supersetWorker.extraContainers | list | `[]` | Launch additional containers into supersetWorker pod |
+| supersetWorker.forceReload | bool | `false` | If true, forces deployment to reload on each upgrade |
+| supersetWorker.initContainers | list | a container waiting for postgres and redis | Init container |
+| supersetWorker.livenessProbe.exec.command | list | a `celery inspect ping` command | Liveness probe command |
+| supersetWorker.livenessProbe.failureThreshold | int | `3` | |
+| supersetWorker.livenessProbe.initialDelaySeconds | int | `120` | |
+| supersetWorker.livenessProbe.periodSeconds | int | `60` | |
+| supersetWorker.livenessProbe.successThreshold | int | `1` | |
+| supersetWorker.livenessProbe.timeoutSeconds | int | `60` | |
+| supersetWorker.podAnnotations | object | `{}` | Annotations to be added to supersetWorker pods |
+| supersetWorker.podDisruptionBudget | object | `{"enabled":false,"maxUnavailable":1,"minAvailable":1}` | Sets the [pod disruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) for supersetWorker pods |
+| supersetWorker.podDisruptionBudget.enabled | bool | `false` | Whether the pod disruption budget should be created |
+| supersetWorker.podDisruptionBudget.maxUnavailable | int | `1` | If set, minAvailable must not be set - see https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget |
+| supersetWorker.podDisruptionBudget.minAvailable | int | `1` | If set, maxUnavailable must not be set - see https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget |
+| supersetWorker.podLabels | object | `{}` | Labels to be added to supersetWorker pods |
+| supersetWorker.podSecurityContext | object | `{}` | |
+| supersetWorker.priorityClassName | string | `nil` | Set priorityClassName for supersetWorker pods |
+| supersetWorker.readinessProbe | object | `{}` | No startup/readiness probes by default since we don't really care about its startup time (it doesn't serve traffic) |
+| supersetWorker.replicas.enabled | bool | `true` | |
+| supersetWorker.replicas.replicaCount | int | `1` | |
+| supersetWorker.resources | object | `{}` | Resource settings for the supersetWorker pods - these settings overwrite might existing values from the global resources object defined above. |
+| supersetWorker.startupProbe | object | `{}` | No startup/readiness probes by default since we don't really care about its startup time (it doesn't serve traffic) |
+| supersetWorker.strategy | object | `{}` | |
+| supersetWorker.topologySpreadConstraints | list | `[]` | TopologySpreadConstrains to be added to supersetWorker deployments |
+| tolerations | list | `[]` | |
+| topologySpreadConstraints | list | `[]` | TopologySpreadConstrains to be added to all deployments |
diff --git a/helm/mitm-superset/README.md.gotmpl b/helm/mitm-superset/README.md.gotmpl
new file mode 100644
index 0000000000..facb955e31
--- /dev/null
+++ b/helm/mitm-superset/README.md.gotmpl
@@ -0,0 +1,50 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<!--
+NOTE: This file is generated by helm-docs: https://github.com/norwoodj/helm-docs#installation
+-->
+
+{{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.versionBadge" . }}
+
+{{ template "chart.description" . }}
+
+{{ template "chart.homepageLine" . }}
+
+{{ template "chart.sourcesSection" . }}
+
+## TL;DR
+
+```console
+helm repo add superset http://apache.github.io/superset/
+helm install my-superset superset/superset
+```
+
+Make sure you set your own `SECRET_KEY` to something unique and secret. This secret key is used by Flask for
+securely signing the session cookie and will be used to encrypt sensitive data on Superset's metadata database.
+It should be a long random bytes or str.
+
+On helm this can be set on `extraSecretEnv.SUPERSET_SECRET_KEY` or `configOverrides.secrets`
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesSection" . }}
diff --git a/helm/mitm-superset/templates/NOTES.txt b/helm/mitm-superset/templates/NOTES.txt
new file mode 100644
index 0000000000..a029356f85
--- /dev/null
+++ b/helm/mitm-superset/templates/NOTES.txt
@@ -0,0 +1,37 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+ {{- range .Values.ingress.hosts }}
+ http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
+ {{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "superset.fullname" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get svc -w {{ template "superset.fullname" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "superset.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+ echo "Visit http://127.0.0.1:8088 to use your application"
+ kubectl port-forward service/superset 8088:8088 --namespace {{ .Release.Namespace }}
+{{- end }}
diff --git a/helm/mitm-superset/templates/_helpers.tpl b/helm/mitm-superset/templates/_helpers.tpl
new file mode 100644
index 0000000000..a4f9b65f14
--- /dev/null
+++ b/helm/mitm-superset/templates/_helpers.tpl
@@ -0,0 +1,163 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "superset.name" -}}
+ {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "superset.fullname" -}}
+ {{- if .Values.fullnameOverride -}}
+ {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+ {{- else -}}
+ {{- $name := default .Chart.Name .Values.nameOverride -}}
+ {{- if contains $name .Release.Name -}}
+ {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+ {{- else -}}
+ {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "superset.serviceAccountName" -}}
+ {{- if .Values.serviceAccount.create -}}
+ {{- default (include "superset.fullname" .) .Values.serviceAccountName -}}
+ {{- else -}}
+ {{- default "default" .Values.serviceAccountName -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "superset.chart" -}}
+ {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{- define "superset-config" }}
+import os
+from flask_caching.backends.rediscache import RedisCache
+
+def env(key, default=None):
+ return os.getenv(key, default)
+
+# Redis Base URL
+{{- if .Values.supersetNode.connections.redis_password }}
+REDIS_BASE_URL=f"{env('REDIS_PROTO')}://{env('REDIS_USER', '')}:{env('REDIS_PASSWORD')}@{env('REDIS_HOST')}:{env('REDIS_PORT')}"
+{{- else }}
+REDIS_BASE_URL=f"{env('REDIS_PROTO')}://{env('REDIS_HOST')}:{env('REDIS_PORT')}"
+{{- end }}
+
+# Redis URL Params
+{{- if .Values.supersetNode.connections.redis_ssl.enabled }}
+REDIS_URL_PARAMS = f"?ssl_cert_reqs={env('REDIS_SSL_CERT_REQS')}"
+{{- else }}
+REDIS_URL_PARAMS = ""
+{{- end}}
+
+# Build Redis URLs
+CACHE_REDIS_URL = f"{REDIS_BASE_URL}/{env('REDIS_DB', 1)}{REDIS_URL_PARAMS}"
+CELERY_REDIS_URL = f"{REDIS_BASE_URL}/{env('REDIS_CELERY_DB', 0)}{REDIS_URL_PARAMS}"
+
+MAPBOX_API_KEY = env('MAPBOX_API_KEY', '')
+CACHE_CONFIG = {
+ 'CACHE_TYPE': 'RedisCache',
+ 'CACHE_DEFAULT_TIMEOUT': 300,
+ 'CACHE_KEY_PREFIX': 'superset_',
+ 'CACHE_REDIS_URL': CACHE_REDIS_URL,
+}
+DATA_CACHE_CONFIG = CACHE_CONFIG
+
+SQLALCHEMY_DATABASE_URI = f"postgresql+psycopg2://{env('DB_USER')}:{env('DB_PASS')}@{env('DB_HOST')}:{env('DB_PORT')}/{env('DB_NAME')}"
+SQLALCHEMY_TRACK_MODIFICATIONS = True
+
+class CeleryConfig:
+ imports = ("superset.sql_lab", )
+ broker_url = CELERY_REDIS_URL
+ result_backend = CELERY_REDIS_URL
+
+CELERY_CONFIG = CeleryConfig
+RESULTS_BACKEND = RedisCache(
+ host=env('REDIS_HOST'),
+ {{- if .Values.supersetNode.connections.redis_password }}
+ password=env('REDIS_PASSWORD'),
+ {{- end }}
+ port=env('REDIS_PORT'),
+ key_prefix='superset_results',
+ {{- if .Values.supersetNode.connections.redis_ssl.enabled }}
+ ssl=True,
+ ssl_cert_reqs=env('REDIS_SSL_CERT_REQS'),
+ {{- end }}
+)
+
+{{ if .Values.configOverrides }}
+# Overrides
+{{- range $key, $value := .Values.configOverrides }}
+# {{ $key }}
+{{ tpl $value $ }}
+{{- end }}
+{{- end }}
+
+{{ if .Values.configOverridesFiles }}
+# Overrides from files
+{{- $files := .Files }}
+{{- range $key, $value := .Values.configOverridesFiles }}
+# {{ $key }}
+{{ $files.Get $value }}
+{{- end }}
+{{- end }}
+
+{{- end }}
+
+{{- define "supersetCeleryBeat.selectorLabels" -}}
+app: {{ include "superset.name" . }}-celerybeat
+release: {{ .Release.Name }}
+{{- end }}
+
+{{- define "supersetCeleryFlower.selectorLabels" -}}
+app: {{ include "superset.name" . }}-flower
+release: {{ .Release.Name }}
+{{- end }}
+
+{{- define "supersetNode.selectorLabels" -}}
+app: {{ include "superset.name" . }}
+release: {{ .Release.Name }}
+{{- end }}
+
+{{- define "supersetWebsockets.selectorLabels" -}}
+app: {{ include "superset.name" . }}-ws
+release: {{ .Release.Name }}
+{{- end }}
+
+{{- define "supersetWorker.selectorLabels" -}}
+app: {{ include "superset.name" . }}-worker
+release: {{ .Release.Name }}
+{{- end }}
diff --git a/helm/mitm-superset/templates/configmap-superset.yaml b/helm/mitm-superset/templates/configmap-superset.yaml
new file mode 100644
index 0000000000..fa0928c1fb
--- /dev/null
+++ b/helm/mitm-superset/templates/configmap-superset.yaml
@@ -0,0 +1,39 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+{{- if .Values.extraConfigs }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "superset.fullname" . }}-extra-config
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ template "superset.name" . }}
+ chart: {{ template "superset.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.extraLabels }}
+ {{- toYaml .Values.extraLabels | nindent 4 }}
+ {{- end }}
+data:
+ {{- range $path, $config := .Values.extraConfigs }}
+ {{ $path }}: |
+ {{- tpl $config $ | nindent 4 -}}
+ {{- end -}}
+{{- end -}}
diff --git a/helm/mitm-superset/templates/deployment-beat.yaml b/helm/mitm-superset/templates/deployment-beat.yaml
new file mode 100644
index 0000000000..ff298f478d
--- /dev/null
+++ b/helm/mitm-superset/templates/deployment-beat.yaml
@@ -0,0 +1,173 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+{{- if .Values.supersetCeleryBeat.enabled -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "superset.fullname" . }}-celerybeat
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ template "superset.name" . }}-celerybeat
+ chart: {{ template "superset.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.extraLabels }}
+ {{- toYaml .Values.extraLabels | nindent 4 }}
+ {{- end }}
+ {{- if .Values.supersetCeleryBeat.deploymentAnnotations }}
+ annotations: {{- toYaml .Values.supersetCeleryBeat.deploymentAnnotations | nindent 4 }}
+ {{- end }}
+spec:
+ # This must be a singleton
+ replicas: 1
+ selector:
+ matchLabels:
+ {{- include "supersetCeleryBeat.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ annotations:
+ checksum/superset_config.py: {{ include "superset-config" . | sha256sum }}
+ checksum/superset_bootstrap.sh: {{ tpl .Values.bootstrapScript . | sha256sum }}
+ checksum/connections: {{ .Values.supersetNode.connections | toYaml | sha256sum }}
+ checksum/extraConfigs: {{ .Values.extraConfigs | toYaml | sha256sum }}
+ checksum/extraSecrets: {{ .Values.extraSecrets | toYaml | sha256sum }}
+ checksum/extraSecretEnv: {{ .Values.extraSecretEnv | toYaml | sha256sum }}
+ checksum/configOverrides: {{ .Values.configOverrides | toYaml | sha256sum }}
+ checksum/configOverridesFiles: {{ .Values.configOverridesFiles | toYaml | sha256sum }}
+ {{- if .Values.supersetCeleryBeat.forceReload }}
+ # Optionally force the thing to reload
+ force-reload: {{ randAlphaNum 5 | quote }}
+ {{- end }}
+ {{- if .Values.supersetCeleryBeat.podAnnotations }}
+ {{- toYaml .Values.supersetCeleryBeat.podAnnotations | nindent 8 }}
+ {{- end }}
+ labels:
+ app: "{{ template "superset.name" . }}-celerybeat"
+ release: {{ .Release.Name }}
+ {{- if .Values.extraLabels }}
+ {{- toYaml .Values.extraLabels | nindent 8 }}
+ {{- end }}
+ {{- if .Values.supersetCeleryBeat.podLabels }}
+ {{- toYaml .Values.supersetCeleryBeat.podLabels | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- if or (.Values.serviceAccount.create) (.Values.serviceAccountName) }}
+ serviceAccountName: {{ template "superset.serviceAccountName" . }}
+ {{- end }}
+ securityContext:
+ runAsUser: {{ .Values.runAsUser }}
+ {{- if .Values.supersetCeleryBeat.podSecurityContext }}
+ {{- toYaml .Values.supersetCeleryBeat.podSecurityContext | nindent 8 }}
+ {{- end }}
+ {{- if .Values.supersetCeleryBeat.initContainers }}
+ initContainers: {{- tpl (toYaml .Values.supersetCeleryBeat.initContainers) . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.hostAliases }}
+ hostAliases: {{- toYaml . | nindent 6 }}
+ {{- end }}
+ containers:
+ - name: "{{ .Chart.Name }}-celerybeat"
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{- if .Values.supersetCeleryBeat.containerSecurityContext }}
+ securityContext: {{- toYaml .Values.supersetCeleryBeat.containerSecurityContext | nindent 12 }}
+ {{- end }}
+ command: {{ tpl (toJson .Values.supersetCeleryBeat.command) . }}
+ env:
+ - name: "SUPERSET_PORT"
+ value: {{ .Values.service.port | quote}}
+ {{- range $key, $value := .Values.extraEnv }}
+ - name: {{ $key | quote}}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- if .Values.extraEnvRaw }}
+ {{- toYaml .Values.extraEnvRaw | nindent 12 }}
+ {{- end }}
+ envFrom:
+ - secretRef:
+ name: {{ tpl .Values.envFromSecret . | quote }}
+ {{- range .Values.envFromSecrets }}
+ - secretRef:
+ name: {{ tpl . $ | quote }}
+ {{- end }}
+ volumeMounts:
+ - name: superset-config
+ mountPath: {{ .Values.configMountPath | quote }}
+ readOnly: true
+ {{- if .Values.extraConfigs }}
+ - name: superset-extra-config
+ mountPath: {{ .Values.extraConfigMountPath | quote }}
+ readOnly: true
+ {{- end }}
+ {{- with .Values.extraVolumeMounts }}
+ {{- tpl (toYaml .) $ | nindent 12 }}
+ {{- end }}
+ resources:
+ {{- if .Values.supersetCeleryBeat.resources }}
+ {{- toYaml .Values.supersetCeleryBeat.resources | nindent 12 }}
+ {{- else }}
+ {{- toYaml .Values.resources | nindent 12 }}
+ {{- end }}
+ {{- if .Values.supersetCeleryBeat.extraContainers }}
+ {{- toYaml .Values.supersetCeleryBeat.extraContainers | nindent 8 }}
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector: {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if or .Values.affinity .Values.supersetCeleryBeat.affinity }}
+ affinity:
+ {{- with .Values.affinity }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.supersetCeleryBeat.affinity }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.supersetCeleryBeat.priorityClassName }}
+ priorityClassName: {{ .Values.supersetCeleryBeat.priorityClassName }}
+ {{- end }}
+ {{- if or .Values.topologySpreadConstraints .Values.supersetCeleryBeat.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- with .Values.topologySpreadConstraints }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.supersetCeleryBeat.topologySpreadConstraints }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations: {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets: {{- toYaml .Values.imagePullSecrets | nindent 8 }}
+ {{- end }}
+ volumes:
+ - name: superset-config
+ secret:
+ secretName: {{ tpl .Values.configFromSecret . }}
+ {{- if .Values.extraConfigs }}
+ - name: superset-extra-config
+ configMap:
+ name: {{ template "superset.fullname" . }}-extra-config
+ {{- end }}
+ {{- with .Values.extraVolumes }}
+ {{- tpl (toYaml .) $ | nindent 8 -}}
+ {{- end }}
+{{- end -}}
diff --git a/helm/mitm-superset/templates/deployment-flower.yaml b/helm/mitm-superset/templates/deployment-flower.yaml
new file mode 100644
index 0000000000..179df9309d
--- /dev/null
+++ b/helm/mitm-superset/templates/deployment-flower.yaml
@@ -0,0 +1,163 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+{{- if .Values.supersetCeleryFlower.enabled -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "superset.fullname" . }}-flower
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ template "superset.name" . }}-flower
+ chart: {{ template "superset.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.extraLabels }}
+ {{- toYaml .Values.extraLabels | nindent 4 }}
+ {{- end }}
+ {{- if .Values.supersetCeleryFlower.deploymentAnnotations }}
+ annotations: {{- toYaml .Values.supersetCeleryFlower.deploymentAnnotations | nindent 4 }}
+ {{- end }}
+spec:
+ replicas: {{ .Values.supersetCeleryFlower.replicaCount }}
+ selector:
+ matchLabels:
+ {{- include "supersetCeleryFlower.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ annotations:
+ checksum/config: {{ include "superset-config" . | sha256sum }}
+ checksum/secrets: {{ tpl (toJson .Values.extraSecretEnv) . | sha256sum }}
+ {{- if .Values.supersetCeleryFlower.podAnnotations }}
+ {{- toYaml .Values.supersetCeleryFlower.podAnnotations | nindent 8 }}
+ {{- end }}
+ labels:
+ app: "{{ template "superset.name" . }}-flower"
+ release: {{ .Release.Name }}
+ {{- if .Values.extraLabels }}
+ {{- toYaml .Values.extraLabels | nindent 8 }}
+ {{- end }}
+ {{- if .Values.supersetCeleryFlower.podLabels }}
+ {{- toYaml .Values.supersetCeleryFlower.podLabels | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- if or (.Values.serviceAccount.create) (.Values.serviceAccountName) }}
+ serviceAccountName: {{ template "superset.serviceAccountName" . }}
+ {{- end }}
+ securityContext:
+ runAsUser: {{ .Values.runAsUser }}
+ {{- if .Values.supersetCeleryFlower.podSecurityContext }}
+ {{- toYaml .Values.supersetCeleryFlower.podSecurityContext | nindent 8 }}
+ {{- end }}
+ {{- if .Values.supersetCeleryFlower.initContainers }}
+ initContainers: {{- tpl (toYaml .Values.supersetCeleryFlower.initContainers) . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.hostAliases }}
+ hostAliases: {{- toYaml . | nindent 6 }}
+ {{- end }}
+ containers:
+ - name: "{{ .Chart.Name }}-flower"
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{- if .Values.supersetCeleryFlower.containerSecurityContext }}
+ securityContext: {{- toYaml .Values.supersetCeleryFlower.containerSecurityContext | nindent 12 }}
+ {{- end }}
+ command: {{ tpl (toJson .Values.supersetCeleryFlower.command) . }}
+ env:
+ {{- range $key, $value := .Values.extraEnv }}
+ - name: {{ $key | quote}}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- if .Values.extraEnvRaw }}
+ {{- toYaml .Values.extraEnvRaw | nindent 12 }}
+ {{- end }}
+ envFrom:
+ - secretRef:
+ name: {{ tpl .Values.envFromSecret . | quote }}
+ {{- range .Values.envFromSecrets }}
+ - secretRef:
+ name: {{ tpl . $ | quote }}
+ {{- end }}
+ ports:
+ - name: flower
+ containerPort: 5555
+ protocol: TCP
+ volumeMounts:
+ - name: superset-config
+ mountPath: {{ .Values.configMountPath | quote }}
+ readOnly: true
+ {{- with .Values.extraVolumeMounts }}
+ {{- tpl (toYaml .) $ | nindent 12 -}}
+ {{- end }}
+ {{- if .Values.supersetCeleryFlower.startupProbe }}
+ startupProbe: {{- .Values.supersetCeleryFlower.startupProbe | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.supersetCeleryFlower.readinessProbe }}
+ readinessProbe: {{- .Values.supersetCeleryFlower.readinessProbe | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.supersetCeleryFlower.livenessProbe }}
+ livenessProbe: {{- .Values.supersetCeleryFlower.livenessProbe | toYaml | nindent 12 }}
+ {{- end }}
+ resources:
+ {{- if .Values.supersetCeleryFlower.resources }}
+ {{- toYaml .Values.supersetCeleryFlower.resources | nindent 12 }}
+ {{- else }}
+ {{- toYaml .Values.resources | nindent 12 }}
+ {{- end }}
+ {{- if .Values.supersetCeleryFlower.extraContainers }}
+ {{- toYaml .Values.supersetCeleryFlower.extraContainers | nindent 8 }}
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector: {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if or .Values.affinity .Values.supersetCeleryFlower.affinity }}
+ affinity:
+ {{- with .Values.affinity }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.supersetCeleryFlower.affinity }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.supersetCeleryFlower.priorityClassName }}
+ priorityClassName: {{ .Values.supersetCeleryFlower.priorityClassName }}
+ {{- end }}
+ {{- if or .Values.topologySpreadConstraints .Values.supersetCeleryFlower.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- with .Values.topologySpreadConstraints }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.supersetCeleryFlower.topologySpreadConstraints }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations: {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets: {{- toYaml .Values.imagePullSecrets | nindent 8 }}
+ {{- end }}
+ volumes:
+ - name: superset-config
+ secret:
+ secretName: {{ tpl .Values.configFromSecret . }}
+ {{- with .Values.extraVolumes }}
+ {{- tpl (toYaml .) $ | nindent 8 -}}
+ {{- end }}
+{{- end -}}
diff --git a/helm/mitm-superset/templates/deployment-worker.yaml b/helm/mitm-superset/templates/deployment-worker.yaml
new file mode 100644
index 0000000000..96ee915f29
--- /dev/null
+++ b/helm/mitm-superset/templates/deployment-worker.yaml
@@ -0,0 +1,187 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "superset.fullname" . }}-worker
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ template "superset.name" . }}-worker
+ chart: {{ template "superset.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.extraLabels }}
+ {{- toYaml .Values.extraLabels | nindent 4 }}
+ {{- end }}
+ {{- if .Values.supersetWorker.deploymentLabels }}
+ {{- toYaml .Values.supersetWorker.deploymentLabels | nindent 4 }}
+ {{- end }}
+ {{- if .Values.supersetWorker.deploymentAnnotations }}
+ annotations: {{- toYaml .Values.supersetWorker.deploymentAnnotations | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if and (not .Values.supersetWorker.autoscaling.enabled) .Values.supersetWorker.replicas.enabled }}
+ replicas: {{ .Values.supersetWorker.replicas.replicaCount }}
+ {{- end }}
+ selector:
+ matchLabels:
+ {{- include "supersetWorker.selectorLabels" . | nindent 6 }}
+ {{- if .Values.supersetWorker.strategy }}
+ strategy: {{- toYaml .Values.supersetWorker.strategy | nindent 4 }}
+ {{- end }}
+ template:
+ metadata:
+ annotations:
+ checksum/superset_config.py: {{ include "superset-config" . | sha256sum }}
+ checksum/superset_bootstrap.sh: {{ tpl .Values.bootstrapScript . | sha256sum }}
+ checksum/connections: {{ .Values.supersetNode.connections | toYaml | sha256sum }}
+ checksum/extraConfigs: {{ .Values.extraConfigs | toYaml | sha256sum }}
+ checksum/extraSecrets: {{ .Values.extraSecrets | toYaml | sha256sum }}
+ checksum/extraSecretEnv: {{ .Values.extraSecretEnv | toYaml | sha256sum }}
+ checksum/configOverrides: {{ .Values.configOverrides | toYaml | sha256sum }}
+ checksum/configOverridesFiles: {{ .Values.configOverridesFiles | toYaml | sha256sum }}
+ {{- if .Values.supersetWorker.forceReload }}
+ # Optionally force the thing to reload
+ force-reload: {{ randAlphaNum 5 | quote }}
+ {{- end }}
+ {{- if .Values.supersetWorker.podAnnotations }}
+ {{- toYaml .Values.supersetWorker.podAnnotations | nindent 8 }}
+ {{- end }}
+ labels:
+ app: {{ template "superset.name" . }}-worker
+ release: {{ .Release.Name }}
+ {{- if .Values.extraLabels }}
+ {{- toYaml .Values.extraLabels | nindent 8 }}
+ {{- end }}
+ {{- if .Values.supersetWorker.podLabels }}
+ {{- toYaml .Values.supersetWorker.podLabels | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- if or (.Values.serviceAccount.create) (.Values.serviceAccountName) }}
+ serviceAccountName: {{ template "superset.serviceAccountName" . }}
+ {{- end }}
+ securityContext:
+ runAsUser: {{ .Values.runAsUser }}
+ {{- if .Values.supersetWorker.podSecurityContext }}
+ {{- toYaml .Values.supersetWorker.podSecurityContext | nindent 8 }}
+ {{- end }}
+ {{- if .Values.supersetWorker.initContainers }}
+ initContainers: {{- tpl (toYaml .Values.supersetWorker.initContainers) . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.hostAliases }}
+ hostAliases: {{- toYaml . | nindent 6 }}
+ {{- end }}
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{- if .Values.supersetWorker.containerSecurityContext }}
+ securityContext: {{- toYaml .Values.supersetWorker.containerSecurityContext | nindent 12 }}
+ {{- end }}
+ command: {{ tpl (toJson .Values.supersetWorker.command) . }}
+ env:
+ - name: "SUPERSET_PORT"
+ value: {{ .Values.service.port | quote}}
+ {{- range $key, $value := .Values.extraEnv }}
+ - name: {{ $key | quote}}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- if .Values.extraEnvRaw }}
+ {{- toYaml .Values.extraEnvRaw | nindent 12 }}
+ {{- end }}
+ envFrom:
+ - secretRef:
+ name: {{ tpl .Values.envFromSecret . | quote }}
+ {{- range .Values.envFromSecrets }}
+ - secretRef:
+ name: {{ tpl . $ | quote }}
+ {{- end }}
+ volumeMounts:
+ - name: superset-config
+ mountPath: {{ .Values.configMountPath | quote }}
+ readOnly: true
+ {{- if .Values.extraConfigs }}
+ - name: superset-extra-config
+ mountPath: {{ .Values.extraConfigMountPath | quote }}
+ readOnly: true
+ {{- end }}
+ {{- with .Values.extraVolumeMounts }}
+ {{- tpl (toYaml .) $ | nindent 12 -}}
+ {{- end }}
+ {{- if .Values.supersetWorker.startupProbe }}
+ startupProbe: {{- .Values.supersetWorker.startupProbe | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.supersetWorker.readinessProbe }}
+ readinessProbe: {{- .Values.supersetWorker.readinessProbe | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.supersetWorker.livenessProbe }}
+ livenessProbe: {{- .Values.supersetWorker.livenessProbe | toYaml | nindent 12 }}
+ {{- end }}
+ resources:
+ {{- if .Values.supersetWorker.resources }}
+ {{- toYaml .Values.supersetWorker.resources | nindent 12 }}
+ {{- else }}
+ {{- toYaml .Values.resources | nindent 12 }}
+ {{- end }}
+ {{- if .Values.supersetWorker.extraContainers }}
+ {{- toYaml .Values.supersetWorker.extraContainers | nindent 8 }}
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector: {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if or .Values.affinity .Values.supersetWorker.affinity }}
+ affinity:
+ {{- with .Values.affinity }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.supersetWorker.affinity }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.supersetWorker.priorityClassName }}
+ priorityClassName: {{ .Values.supersetWorker.priorityClassName }}
+ {{- end }}
+ {{- if or .Values.topologySpreadConstraints .Values.supersetWorker.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- with .Values.topologySpreadConstraints }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.supersetWorker.topologySpreadConstraints }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations: {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets: {{- toYaml .Values.imagePullSecrets | nindent 8 }}
+ {{- end }}
+ volumes:
+ - name: superset-config
+ secret:
+ secretName: {{ tpl .Values.configFromSecret . }}
+ {{- if .Values.extraConfigs }}
+ - name: superset-extra-config
+ configMap:
+ name: {{ template "superset.fullname" . }}-extra-config
+ {{- end }}
+ {{- with .Values.extraVolumes }}
+ {{- tpl (toYaml .) $ | nindent 8 -}}
+ {{- end }}
diff --git a/helm/mitm-superset/templates/deployment-ws.yaml b/helm/mitm-superset/templates/deployment-ws.yaml
new file mode 100644
index 0000000000..868b84309f
--- /dev/null
+++ b/helm/mitm-superset/templates/deployment-ws.yaml
@@ -0,0 +1,159 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+{{- if .Values.supersetWebsockets.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: "{{ template "superset.fullname" . }}-ws"
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: "{{ template "superset.name" . }}-ws"
+ chart: {{ template "superset.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.extraLabels }}
+ {{- toYaml .Values.extraLabels | nindent 4 }}
+ {{- end }}
+ {{- if .Values.supersetWebsockets.deploymentAnnotations }}
+ annotations: {{- toYaml .Values.supersetWebsockets.deploymentAnnotations | nindent 4 }}
+ {{- end }}
+spec:
+ replicas: {{ .Values.supersetWebsockets.replicaCount }}
+ selector:
+ matchLabels:
+ {{- include "supersetWebsockets.selectorLabels" . | nindent 6 }}
+ {{- if .Values.supersetWebsockets.strategy }}
+ strategy: {{- toYaml .Values.supersetWebsockets.strategy | nindent 4 }}
+ {{- end }}
+ template:
+ metadata:
+ annotations:
+ checksum/wsconfig: {{ tpl (toJson .Values.supersetWebsockets.config) . | sha256sum }}
+ checksum/secrets: {{ tpl (toJson .Values.extraSecretEnv) . | sha256sum }}
+ {{- if .Values.supersetWebsockets.podAnnotations }}
+ {{- toYaml .Values.supersetWebsockets.podAnnotations | nindent 8 }}
+ {{- end }}
+ labels:
+ app: "{{ template "superset.name" . }}-ws"
+ release: {{ .Release.Name }}
+ {{- if .Values.extraLabels }}
+ {{- toYaml .Values.extraLabels | nindent 8 }}
+ {{- end }}
+ {{- if .Values.supersetWebsockets.podLabels }}
+ {{- toYaml .Values.supersetWebsockets.podLabels | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- if or (.Values.serviceAccount.create) (.Values.serviceAccountName) }}
+ serviceAccountName: {{ template "superset.serviceAccountName" . }}
+ {{- end }}
+ securityContext:
+ runAsUser: {{ .Values.runAsUser }}
+ {{- if .Values.supersetWebsockets.podSecurityContext }}
+ {{- toYaml .Values.supersetWebsockets.podSecurityContext | nindent 8 }}
+ {{- end }}
+ {{- with .Values.hostAliases }}
+ hostAliases: {{- toYaml . | nindent 6 }}
+ {{- end }}
+ containers:
+ - name: "{{ .Chart.Name }}-ws"
+ image: "{{ .Values.supersetWebsockets.image.repository }}:{{ .Values.supersetWebsockets.image.tag }}"
+ imagePullPolicy: {{ .Values.supersetWebsockets.image.pullPolicy }}
+ {{- if .Values.supersetWebsockets.containerSecurityContext }}
+ securityContext: {{- toYaml .Values.supersetWebsockets.containerSecurityContext | nindent 12 }}
+ {{- end }}
+ command: {{ tpl (toJson .Values.supersetWebsockets.command) . }}
+ # Passing all the envs is a bit blunt... we only need a few (see https://github.com/apache/superset/blob/master/superset-websocket/src/config.ts)...
+ env:
+ {{- range $key, $value := .Values.extraEnv }}
+ - name: {{ $key | quote}}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- if .Values.extraEnvRaw }}
+ {{- toYaml .Values.extraEnvRaw | nindent 12 }}
+ {{- end }}
+ envFrom:
+ - secretRef:
+ name: {{ tpl .Values.envFromSecret . | quote }}
+ {{- range .Values.envFromSecrets }}
+ - secretRef:
+ name: {{ tpl . $ | quote }}
+ {{- end }}
+ ports:
+ - name: ws
+ containerPort: {{ .Values.supersetWebsockets.config.port }}
+ protocol: TCP
+ volumeMounts:
+ - name: superset-ws-config
+ mountPath: /home/superset-websocket/config.json
+ subPath: config.json
+ readOnly: true
+ resources:
+ {{- if .Values.supersetWebsockets.resources }}
+ {{- toYaml .Values.supersetWebsockets.resources | nindent 12 }}
+ {{- else }}
+ {{- toYaml .Values.resources | nindent 12 }}
+ {{- end }}
+ {{- if .Values.supersetWebsockets.startupProbe }}
+ startupProbe: {{- .Values.supersetWebsockets.startupProbe | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.supersetWebsockets.readinessProbe }}
+ readinessProbe: {{- .Values.supersetWebsockets.readinessProbe | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.supersetWebsockets.livenessProbe }}
+ livenessProbe: {{- .Values.supersetWebsockets.livenessProbe | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.supersetWebsockets.extraContainers }}
+ {{- toYaml .Values.supersetWebsockets.extraContainers | nindent 8 }}
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector: {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if or .Values.affinity .Values.supersetWebsockets.affinity }}
+ affinity:
+ {{- with .Values.affinity }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.supersetWebsockets.affinity }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.supersetWebsockets.priorityClassName }}
+ priorityClassName: {{ .Values.supersetWebsockets.priorityClassName }}
+ {{- end }}
+ {{- if or .Values.topologySpreadConstraints .Values.supersetWebsockets.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- with .Values.topologySpreadConstraints }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.supersetWebsockets.topologySpreadConstraints }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations: {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets: {{- toYaml .Values.imagePullSecrets | nindent 8 }}
+ {{- end }}
+ volumes:
+ - name: superset-ws-config
+ secret:
+ secretName: "{{ template "superset.fullname" . }}-ws-config"
+{{- end }}
diff --git a/helm/mitm-superset/templates/deployment.yaml b/helm/mitm-superset/templates/deployment.yaml
new file mode 100644
index 0000000000..444ec103da
--- /dev/null
+++ b/helm/mitm-superset/templates/deployment.yaml
@@ -0,0 +1,197 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "superset.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ template "superset.name" . }}
+ chart: {{ template "superset.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.extraLabels }}
+ {{- toYaml .Values.extraLabels | nindent 4 }}
+ {{- end }}
+ {{- if .Values.supersetNode.deploymentLabels }}
+ {{- toYaml .Values.supersetNode.deploymentLabels | nindent 4 }}
+ {{- end }}
+ {{- if .Values.supersetNode.deploymentAnnotations }}
+ annotations: {{- toYaml .Values.supersetNode.deploymentAnnotations | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if and (not .Values.supersetNode.autoscaling.enabled) .Values.supersetNode.replicas.enabled }}
+ replicas: {{ .Values.supersetNode.replicas.replicaCount }}
+ {{- end }}
+ {{- if .Values.supersetNode.strategy }}
+ strategy: {{- toYaml .Values.supersetNode.strategy | nindent 4 }}
+ {{- end }}
+ selector:
+ matchLabels:
+ {{- include "supersetNode.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ annotations:
+ # Force reload on config changes
+ checksum/superset_config.py: {{ include "superset-config" . | sha256sum }}
+ checksum/superset_init.sh: {{ tpl .Values.init.initscript . | sha256sum }}
+ checksum/superset_bootstrap.sh: {{ tpl .Values.bootstrapScript . | sha256sum }}
+ checksum/connections: {{ .Values.supersetNode.connections | toYaml | sha256sum }}
+ checksum/extraConfigs: {{ .Values.extraConfigs | toYaml | sha256sum }}
+ checksum/extraSecrets: {{ .Values.extraSecrets | toYaml | sha256sum }}
+ checksum/extraSecretEnv: {{ .Values.extraSecretEnv | toYaml | sha256sum }}
+ checksum/configOverrides: {{ .Values.configOverrides | toYaml | sha256sum }}
+ checksum/configOverridesFiles: {{ .Values.configOverridesFiles | toYaml | sha256sum }}
+ {{- if .Values.supersetNode.forceReload }}
+ # Optionally force the thing to reload
+ force-reload: {{ randAlphaNum 5 | quote }}
+ {{- end }}
+ {{- if .Values.supersetNode.podAnnotations }}
+ {{- toYaml .Values.supersetNode.podAnnotations | nindent 8 }}
+ {{- end }}
+ labels:
+ app: {{ template "superset.name" . }}
+ release: {{ .Release.Name }}
+ {{- if .Values.extraLabels }}
+ {{- toYaml .Values.extraLabels | nindent 8 }}
+ {{- end }}
+ {{- if .Values.supersetNode.podLabels }}
+ {{- toYaml .Values.supersetNode.podLabels | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- if or (.Values.serviceAccount.create) (.Values.serviceAccountName) }}
+ serviceAccountName: {{ template "superset.serviceAccountName" . }}
+ {{- end }}
+ securityContext:
+ runAsUser: {{ .Values.runAsUser }}
+ {{- if .Values.supersetNode.podSecurityContext }}
+ {{- toYaml .Values.supersetNode.podSecurityContext | nindent 8 }}
+ {{- end }}
+ {{- if .Values.supersetNode.initContainers }}
+ initContainers: {{- tpl (toYaml .Values.supersetNode.initContainers) . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.hostAliases }}
+ hostAliases: {{- toYaml . | nindent 6 }}
+ {{- end }}
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{- if .Values.supersetNode.containerSecurityContext }}
+ securityContext: {{- toYaml .Values.supersetNode.containerSecurityContext | nindent 12 }}
+ {{- end }}
+ command: {{ tpl (toJson .Values.supersetNode.command) . }}
+ env:
+ - name: "SUPERSET_PORT"
+ value: {{ .Values.service.port | quote}}
+ {{- range $key, $value := .Values.extraEnv }}
+ - name: {{ $key | quote}}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- range $key, $value := .Values.supersetNode.env }}
+ - name: {{ $key | quote}}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- if .Values.extraEnvRaw }}
+ {{- toYaml .Values.extraEnvRaw | nindent 12 }}
+ {{- end }}
+ envFrom:
+ - secretRef:
+ name: {{ tpl .Values.envFromSecret . | quote }}
+ {{- range .Values.envFromSecrets }}
+ - secretRef:
+ name: {{ tpl . $ | quote }}
+ {{- end }}
+ volumeMounts:
+ - name: superset-config
+ mountPath: {{ .Values.configMountPath | quote }}
+ readOnly: true
+ {{- if .Values.extraConfigs }}
+ - name: superset-extra-config
+ mountPath: {{ .Values.extraConfigMountPath | quote }}
+ readOnly: true
+ {{- end }}
+ {{- with .Values.extraVolumeMounts }}
+ {{- tpl (toYaml .) $ | nindent 12 -}}
+ {{- end }}
+ ports:
+ - name: http
+ containerPort: {{ .Values.service.port }}
+ protocol: TCP
+ {{- if .Values.supersetNode.startupProbe }}
+ startupProbe: {{- .Values.supersetNode.startupProbe | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.supersetNode.readinessProbe }}
+ readinessProbe: {{- .Values.supersetNode.readinessProbe | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.supersetNode.livenessProbe }}
+ livenessProbe: {{- .Values.supersetNode.livenessProbe | toYaml | nindent 12 }}
+ {{- end }}
+ resources:
+ {{- if .Values.supersetNode.resources }}
+ {{- toYaml .Values.supersetNode.resources | nindent 12 }}
+ {{- else }}
+ {{- toYaml .Values.resources | nindent 12 }}
+ {{- end }}
+ {{- if .Values.supersetNode.extraContainers }}
+ {{- toYaml .Values.supersetNode.extraContainers | nindent 8 }}
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector: {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if or .Values.affinity .Values.supersetNode.affinity }}
+ affinity:
+ {{- with .Values.affinity }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.supersetNode.affinity }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.priorityClassName }}
+ priorityClassName: {{ .Values.priorityClassName }}
+ {{- end }}
+ {{- if or .Values.topologySpreadConstraints .Values.supersetNode.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- with .Values.topologySpreadConstraints }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.supersetNode.topologySpreadConstraints }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations: {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets: {{- toYaml .Values.imagePullSecrets | nindent 8 }}
+ {{- end }}
+ volumes:
+ - name: superset-config
+ secret:
+ secretName: {{ tpl .Values.configFromSecret . }}
+ {{- if .Values.extraConfigs }}
+ - name: superset-extra-config
+ configMap:
+ name: {{ template "superset.fullname" . }}-extra-config
+ {{- end }}
+ {{- with .Values.extraVolumes }}
+ {{- tpl (toYaml .) $ | nindent 8 -}}
+ {{- end }}
diff --git a/helm/mitm-superset/templates/hpa-node.yaml b/helm/mitm-superset/templates/hpa-node.yaml
new file mode 100644
index 0000000000..843620ea15
--- /dev/null
+++ b/helm/mitm-superset/templates/hpa-node.yaml
@@ -0,0 +1,57 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+{{- if .Values.supersetNode.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+ name: {{ include "superset.fullname" . }}-hpa
+ labels:
+ app: {{ template "superset.name" . }}
+ chart: {{ template "superset.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.extraLabels }}
+ {{- toYaml .Values.extraLabels | nindent 4 }}
+ {{- end }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ include "superset.fullname" . }}
+ minReplicas: {{ .Values.supersetNode.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.supersetNode.autoscaling.maxReplicas }}
+ metrics:
+ {{- if .Values.supersetNode.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+ target:
+ type: Utilization
+ averageUtilization: {{ .Values.supersetNode.autoscaling.targetCPUUtilizationPercentage }}
+ {{- end }}
+ {{- if .Values.supersetNode.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+ target:
+ type: Utilization
+ averageUtilization: {{ .Values.supersetNode.autoscaling.targetMemoryUtilizationPercentage }}
+ {{- end }}
+{{- end }}
diff --git a/helm/mitm-superset/templates/hpa-worker.yaml b/helm/mitm-superset/templates/hpa-worker.yaml
new file mode 100644
index 0000000000..fd4f027cc6
--- /dev/null
+++ b/helm/mitm-superset/templates/hpa-worker.yaml
@@ -0,0 +1,57 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+{{- if .Values.supersetWorker.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+ name: {{ include "superset.fullname" . }}-hpa-worker
+ labels:
+ app: {{ template "superset.name" . }}
+ chart: {{ template "superset.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.extraLabels }}
+ {{- toYaml .Values.extraLabels | nindent 4 }}
+ {{- end }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ include "superset.fullname" . }}-worker
+ minReplicas: {{ .Values.supersetWorker.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.supersetWorker.autoscaling.maxReplicas }}
+ metrics:
+ {{- if .Values.supersetWorker.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+ target:
+ type: Utilization
+ averageUtilization: {{ .Values.supersetWorker.autoscaling.targetCPUUtilizationPercentage }}
+ {{- end }}
+ {{- if .Values.supersetWorker.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+ target:
+ type: Utilization
+ averageUtilization: {{ .Values.supersetWorker.autoscaling.targetMemoryUtilizationPercentage }}
+ {{- end }}
+{{- end }}
diff --git a/helm/mitm-superset/templates/ingress.yaml b/helm/mitm-superset/templates/ingress.yaml
new file mode 100644
index 0000000000..05acb20d6f
--- /dev/null
+++ b/helm/mitm-superset/templates/ingress.yaml
@@ -0,0 +1,77 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+{{ if .Values.ingress.enabled -}}
+{{- $fullName := include "superset.fullname" . -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: {{ $fullName }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ template "superset.name" . }}
+ chart: {{ template "superset.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.extraLabels }}
+ {{- toYaml .Values.extraLabels | nindent 4 }}
+ {{- end }}
+ {{- with .Values.ingress.annotations }}
+ annotations: {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if .Values.ingress.ingressClassName }}
+ ingressClassName: {{ .Values.ingress.ingressClassName }}
+ {{- end }}
+ {{- if .Values.ingress.tls }}
+ tls:
+ {{- range .Values.ingress.tls }}
+ - hosts:
+ {{- range .hosts }}
+ - {{ . }}
+ {{- end }}
+ secretName: {{ .secretName }}
+ {{- end }}
+ {{- end }}
+ rules:
+ {{- range .Values.ingress.hosts }}
+ - host: {{ . }}
+ http:
+ paths:
+ - path: {{ $.Values.ingress.path }}
+ pathType: {{ $.Values.ingress.pathType }}
+ backend:
+ service:
+ name: {{ $fullName }}
+ port:
+ name: http
+ {{- if $.Values.supersetWebsockets.enabled }}
+ - path: {{ $.Values.supersetWebsockets.ingress.path }}
+ pathType: {{ $.Values.supersetWebsockets.ingress.pathType }}
+ backend:
+ service:
+ name: "{{ template "superset.fullname" $ }}-ws"
+ port:
+ name: ws
+ {{- end }}
+ {{- end }}
+ {{- if .Values.ingress.extraHostsRaw }}
+ {{- toYaml .Values.ingress.extraHostsRaw | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/helm/mitm-superset/templates/init-job.yaml b/helm/mitm-superset/templates/init-job.yaml
new file mode 100644
index 0000000000..a696312584
--- /dev/null
+++ b/helm/mitm-superset/templates/init-job.yaml
@@ -0,0 +1,149 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+{{- if .Values.init.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ template "superset.fullname" . }}-init-db
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ template "superset.name" . }}
+ chart: {{ template "superset.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.extraLabels }}
+ {{- toYaml .Values.extraLabels | nindent 4 }}
+ {{- end }}
+ {{- if .Values.init.jobAnnotations }}
+ annotations: {{- toYaml .Values.init.jobAnnotations | nindent 4 }}
+ {{- end }}
+spec:
+ template:
+ metadata:
+ name: {{ template "superset.fullname" . }}-init-db
+ {{- if .Values.init.podAnnotations }}
+ annotations: {{- toYaml .Values.init.podAnnotations | nindent 8 }}
+ {{- end }}
+ {{- if or .Values.extraLabels .Values.init.podLabels }}
+ labels:
+ {{- if .Values.extraLabels }}
+ {{- toYaml .Values.extraLabels | nindent 8 }}
+ {{- end }}
+ {{- if .Values.init.podLabels }}
+ {{- toYaml .Values.init.podLabels | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ spec:
+ {{- if or (.Values.serviceAccount.create) (.Values.serviceAccountName) }}
+ serviceAccountName: {{ template "superset.serviceAccountName" . }}
+ {{- end }}
+ securityContext:
+ runAsUser: {{ .Values.runAsUser }}
+ {{- if .Values.init.podSecurityContext }}
+ {{- toYaml .Values.init.podSecurityContext | nindent 8 }}
+ {{- end }}
+ {{- if .Values.init.initContainers }}
+ initContainers: {{- tpl (toYaml .Values.init.initContainers) . | nindent 6 }}
+ {{- end }}
+ containers:
+ - name: {{ template "superset.name" . }}-init-db
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ {{- if or .Values.extraEnv .Values.extraEnvRaw }}
+ env:
+ {{- range $key, $value := .Values.extraEnv }}
+ - name: {{ $key | quote }}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- if .Values.extraEnvRaw }}
+ {{- toYaml .Values.extraEnvRaw | nindent 10 }}
+ {{- end }}
+ {{- end }}
+ envFrom:
+ - secretRef:
+ name: {{ tpl .Values.envFromSecret . }}
+ {{- range .Values.envFromSecrets }}
+ - secretRef:
+ name: {{ tpl . $ | quote }}
+ {{- end }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{- if .Values.init.containerSecurityContext }}
+ securityContext: {{- toYaml .Values.init.containerSecurityContext | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - name: superset-config
+ mountPath: {{ .Values.configMountPath | quote }}
+ readOnly: true
+ {{- if .Values.extraConfigs }}
+ - name: superset-extra-config
+ mountPath: {{ .Values.extraConfigMountPath | quote }}
+ readOnly: true
+ {{- end }}
+ {{- with .Values.extraVolumeMounts }}
+ {{- tpl (toYaml .) $ | nindent 10 -}}
+ {{- end }}
+ command: {{ tpl (toJson .Values.init.command) . }}
+ resources: {{- toYaml .Values.init.resources | nindent 10 }}
+ {{- if .Values.init.extraContainers }}
+ {{- toYaml .Values.init.extraContainers | nindent 6 }}
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector: {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if or .Values.affinity .Values.init.affinity }}
+ affinity:
+ {{- with .Values.affinity }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.init.affinity }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.init.priorityClassName }}
+ priorityClassName: {{ .Values.init.priorityClassName }}
+ {{- end }}
+ {{- if or .Values.topologySpreadConstraints .Values.init.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- with .Values.topologySpreadConstraints }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.init.topologySpreadConstraints }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations: {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets: {{- toYaml .Values.imagePullSecrets | nindent 8 }}
+ {{- end }}
+ volumes:
+ - name: superset-config
+ secret:
+ secretName: {{ tpl .Values.configFromSecret . }}
+ {{- if .Values.extraConfigs }}
+ - name: superset-extra-config
+ configMap:
+ name: {{ template "superset.fullname" . }}-extra-config
+ {{- end }}
+ {{- with .Values.extraVolumes }}
+ {{- tpl (toYaml .) $ | nindent 8 -}}
+ {{- end }}
+ restartPolicy: Never
+{{- end }}
diff --git a/helm/mitm-superset/templates/pdb-beat.yaml b/helm/mitm-superset/templates/pdb-beat.yaml
new file mode 100644
index 0000000000..f7d5bce27a
--- /dev/null
+++ b/helm/mitm-superset/templates/pdb-beat.yaml
@@ -0,0 +1,48 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+{{- with .Values.supersetCeleryBeat.podDisruptionBudget }}
+{{- if .enabled -}}
+{{- if and .minAvailable .maxUnavailable }}
+{{- fail "Only one of minAvailable or maxUnavailable should be set" }}
+{{- end}}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: {{ include "superset.fullname" $ }}-celerybeat-pdb
+ labels:
+ app: {{ template "superset.name" $ }}-celerybeat
+ chart: {{ template "superset.chart" $ }}
+ release: {{ $.Release.Name }}
+ heritage: {{ $.Release.Service }}
+ {{- if $.Values.extraLabels }}
+ {{- toYaml $.Values.extraLabels | nindent 4 }}
+ {{- end }}
+spec:
+{{- if .minAvailable }}
+ minAvailable: {{ .minAvailable }}
+{{- end }}
+{{- if .maxUnavailable }}
+ maxUnavailable: {{ .maxUnavailable }}
+{{- end }}
+ selector:
+ matchLabels:
+ {{- include "supersetCeleryBeat.selectorLabels" $ | nindent 6 }}
+{{- end }}
+{{- end }}
diff --git a/helm/mitm-superset/templates/pdb-flower.yaml b/helm/mitm-superset/templates/pdb-flower.yaml
new file mode 100644
index 0000000000..1be15b65bb
--- /dev/null
+++ b/helm/mitm-superset/templates/pdb-flower.yaml
@@ -0,0 +1,48 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+{{- with .Values.supersetCeleryFlower.podDisruptionBudget }}
+{{- if .enabled -}}
+{{- if and .minAvailable .maxUnavailable }}
+{{- fail "Only one of minAvailable or maxUnavailable should be set" }}
+{{- end}}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: {{ include "superset.fullname" $ }}-flower-pdb
+ labels:
+ app: {{ template "superset.name" $ }}-flower
+ chart: {{ template "superset.chart" $ }}
+ release: {{ $.Release.Name }}
+ heritage: {{ $.Release.Service }}
+ {{- if $.Values.extraLabels }}
+ {{- toYaml $.Values.extraLabels | nindent 4 }}
+ {{- end }}
+spec:
+{{- if .minAvailable }}
+ minAvailable: {{ .minAvailable }}
+{{- end }}
+{{- if .maxUnavailable }}
+ maxUnavailable: {{ .maxUnavailable }}
+{{- end }}
+ selector:
+ matchLabels:
+ {{- include "supersetCeleryFlower.selectorLabels" $ | nindent 6 }}
+{{- end }}
+{{- end }}
diff --git a/helm/mitm-superset/templates/pdb-worker.yaml b/helm/mitm-superset/templates/pdb-worker.yaml
new file mode 100644
index 0000000000..a23c6d9308
--- /dev/null
+++ b/helm/mitm-superset/templates/pdb-worker.yaml
@@ -0,0 +1,48 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+{{- with .Values.supersetWorker.podDisruptionBudget }}
+{{- if .enabled -}}
+{{- if and .minAvailable .maxUnavailable }}
+{{- fail "Only one of minAvailable or maxUnavailable should be set" }}
+{{- end}}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: {{ include "superset.fullname" $ }}-worker-pdb
+ labels:
+ app: {{ template "superset.name" $ }}-worker
+ chart: {{ template "superset.chart" $ }}
+ release: {{ $.Release.Name }}
+ heritage: {{ $.Release.Service }}
+ {{- if $.Values.extraLabels }}
+ {{- toYaml $.Values.extraLabels | nindent 4 }}
+ {{- end }}
+spec:
+{{- if .minAvailable }}
+ minAvailable: {{ .minAvailable }}
+{{- end }}
+{{- if .maxUnavailable }}
+ maxUnavailable: {{ .maxUnavailable }}
+{{- end }}
+ selector:
+ matchLabels:
+ {{- include "supersetWorker.selectorLabels" $ | nindent 6 }}
+{{- end }}
+{{- end }}
diff --git a/helm/mitm-superset/templates/pdb-ws.yaml b/helm/mitm-superset/templates/pdb-ws.yaml
new file mode 100644
index 0000000000..9fe62b4ade
--- /dev/null
+++ b/helm/mitm-superset/templates/pdb-ws.yaml
@@ -0,0 +1,48 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+{{- with .Values.supersetWebsockets.podDisruptionBudget }}
+{{- if .enabled -}}
+{{- if and .minAvailable .maxUnavailable }}
+{{- fail "Only one of minAvailable or maxUnavailable should be set" }}
+{{- end}}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: {{ include "superset.fullname" $ }}-ws-pdb
+ labels:
+ app: {{ template "superset.name" $ }}-ws
+ chart: {{ template "superset.chart" $ }}
+ release: {{ $.Release.Name }}
+ heritage: {{ $.Release.Service }}
+ {{- if $.Values.extraLabels }}
+ {{- toYaml $.Values.extraLabels | nindent 4 }}
+ {{- end }}
+spec:
+{{- if .minAvailable }}
+ minAvailable: {{ .minAvailable }}
+{{- end }}
+{{- if .maxUnavailable }}
+ maxUnavailable: {{ .maxUnavailable }}
+{{- end }}
+ selector:
+ matchLabels:
+ {{- include "supersetWebsockets.selectorLabels" $ | nindent 6 }}
+{{- end }}
+{{- end }}
diff --git a/helm/mitm-superset/templates/pdb.yaml b/helm/mitm-superset/templates/pdb.yaml
new file mode 100644
index 0000000000..9b6be221d0
--- /dev/null
+++ b/helm/mitm-superset/templates/pdb.yaml
@@ -0,0 +1,48 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+{{- with .Values.supersetNode.podDisruptionBudget }}
+{{- if .enabled -}}
+{{- if and .minAvailable .maxUnavailable }}
+{{- fail "Only one of minAvailable or maxUnavailable should be set" }}
+{{- end}}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: {{ include "superset.fullname" $ }}-pdb
+ labels:
+ app: {{ template "superset.name" $ }}
+ chart: {{ template "superset.chart" $ }}
+ release: {{ $.Release.Name }}
+ heritage: {{ $.Release.Service }}
+ {{- if $.Values.extraLabels }}
+ {{- toYaml $.Values.extraLabels | nindent 4 }}
+ {{- end }}
+spec:
+{{- if .minAvailable }}
+ minAvailable: {{ .minAvailable }}
+{{- end }}
+{{- if .maxUnavailable }}
+ maxUnavailable: {{ .maxUnavailable }}
+{{- end }}
+ selector:
+ matchLabels:
+ {{- include "supersetNode.selectorLabels" $ | nindent 6 }}
+{{- end }}
+{{- end }}
diff --git a/helm/mitm-superset/templates/secret-env.yaml b/helm/mitm-superset/templates/secret-env.yaml
new file mode 100644
index 0000000000..d52afdcaf5
--- /dev/null
+++ b/helm/mitm-superset/templates/secret-env.yaml
@@ -0,0 +1,60 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+{{- if .Values.secretEnv.create -}}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "superset.fullname" . }}-env
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ template "superset.fullname" . }}
+ chart: {{ template "superset.chart" . }}
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ {{- if .Values.extraLabels }}
+ {{- toYaml .Values.extraLabels | nindent 4 }}
+ {{- end }}
+type: Opaque
+stringData:
+ REDIS_HOST: {{ tpl .Values.supersetNode.connections.redis_host . | quote }}
+ REDIS_USER: {{ .Values.supersetNode.connections.redis_user | quote }}
+ {{- if .Values.supersetNode.connections.redis_password }}
+ REDIS_PASSWORD: {{ .Values.supersetNode.connections.redis_password | quote }}
+ {{- end }}
+ REDIS_PORT: {{ .Values.supersetNode.connections.redis_port | quote }}
+ REDIS_PROTO: {{ if .Values.supersetNode.connections.redis_ssl.enabled }}"rediss"{{ else }}"redis"{{ end }}
+ REDIS_DB: {{ .Values.supersetNode.connections.redis_cache_db | quote }}
+ REDIS_CELERY_DB: {{ .Values.supersetNode.connections.redis_celery_db | quote }}
+ REDIS_EVENTS_DB: {{ .Values.supersetNode.connections.redis_events_db | quote }}
+ {{- if .Values.supersetNode.connections.redis_ssl.enabled }}
+ REDIS_SSL_CERT_REQS: {{ .Values.supersetNode.connections.redis_ssl.ssl_cert_reqs | default "CERT_NONE" | quote }}
+ {{- end }}
+ DB_HOST: {{ tpl .Values.supersetNode.connections.db_host . | quote }}
+ DB_PORT: {{ .Values.supersetNode.connections.db_port | quote }}
+ DB_USER: {{ .Values.supersetNode.connections.db_user | quote }}
+ DB_PASS: {{ .Values.supersetNode.connections.db_pass | quote }}
+ DB_NAME: {{ .Values.supersetNode.connections.db_name | quote }}
+ MITM_API_HOST: {{ tpl .Values.supersetNode.connections.mitm_service_host . | quote }}
+ MITM_API_PORT: {{ .Values.supersetNode.connections.mitm_service_port | quote }}
+ {{- if .Values.extraSecretEnv }}
+ {{- range $key, $value := .Values.extraSecretEnv }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/helm/mitm-superset/templates/secret-superset-config.yaml b/helm/mitm-superset/templates/secret-superset-config.yaml
new file mode 100644
index 0000000000..c672fe900b
--- /dev/null
+++ b/helm/mitm-superset/templates/secret-superset-config.yaml
@@ -0,0 +1,47 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "superset.fullname" . }}-config
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ template "superset.fullname" . }}
+ chart: {{ template "superset.chart" . }}
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ {{- if .Values.extraLabels }}
+ {{- toYaml .Values.extraLabels | nindent 4 }}
+ {{- end }}
+type: Opaque
+stringData:
+ superset_config.py: |
+ {{- include "superset-config" . | nindent 4 }}
+ superset_init.sh: |
+ {{- tpl .Values.init.initscript . | nindent 4 }}
+ superset_bootstrap.sh: |
+ {{- tpl .Values.bootstrapScript . | nindent 4 }}
+
+ {{- if .Values.extraSecrets }}
+ {{- range $path, $config := .Values.extraSecrets }}
+ {{ $path }}: |
+ {{- tpl $config $ | nindent 4 -}}
+ {{- end -}}
+ {{- end -}}
diff --git a/helm/mitm-superset/templates/secret-ws.yaml b/helm/mitm-superset/templates/secret-ws.yaml
new file mode 100644
index 0000000000..a559ac0056
--- /dev/null
+++ b/helm/mitm-superset/templates/secret-ws.yaml
@@ -0,0 +1,38 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+{{- if .Values.supersetWebsockets.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: "{{ template "superset.fullname" . }}-ws-config"
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ template "superset.fullname" . }}
+ chart: {{ template "superset.chart" . }}
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ {{- if .Values.extraLabels }}
+ {{- toYaml .Values.extraLabels | nindent 4 }}
+ {{- end }}
+type: Opaque
+stringData:
+ config.json: |
+ {{- tpl (toJson .Values.supersetWebsockets.config) . | nindent 4 }}
+{{- end }}
diff --git a/helm/mitm-superset/templates/service-flower.yaml b/helm/mitm-superset/templates/service-flower.yaml
new file mode 100644
index 0000000000..c2bda0fb86
--- /dev/null
+++ b/helm/mitm-superset/templates/service-flower.yaml
@@ -0,0 +1,53 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+{{- if .Values.supersetCeleryFlower.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: "{{ template "superset.fullname" . }}-flower"
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ template "superset.name" . }}
+ chart: {{ template "superset.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.extraLabels }}
+ {{- toYaml .Values.extraLabels | nindent 4 }}
+ {{- end }}
+ {{- with .Values.supersetCeleryFlower.service.annotations }}
+ annotations: {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ type: {{ .Values.supersetCeleryFlower.service.type }}
+ ports:
+ - port: {{ .Values.supersetCeleryFlower.service.port }}
+ targetPort: flower
+ protocol: TCP
+ name: flower
+ {{- if and (or (eq .Values.supersetCeleryFlower.service.type "NodePort") (eq .Values.supersetCeleryFlower.service.type "LoadBalancer")) (not (empty .Values.supersetCeleryFlower.service.nodePort.http)) }}
+ nodePort: {{ .Values.supersetCeleryFlower.service.nodePort.http }}
+ {{- end }}
+ selector:
+ app: {{ template "superset.name" . }}-flower
+ release: {{ .Release.Name }}
+ {{- if .Values.supersetCeleryFlower.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.supersetCeleryFlower.service.loadBalancerIP }}
+ {{- end }}
+{{- end }}
diff --git a/helm/mitm-superset/templates/service-ws.yaml b/helm/mitm-superset/templates/service-ws.yaml
new file mode 100644
index 0000000000..1517e2e577
--- /dev/null
+++ b/helm/mitm-superset/templates/service-ws.yaml
@@ -0,0 +1,53 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+{{- if .Values.supersetWebsockets.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: "{{ template "superset.fullname" . }}-ws"
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ template "superset.name" . }}
+ chart: {{ template "superset.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.extraLabels }}
+ {{- toYaml .Values.extraLabels | nindent 4 }}
+ {{- end }}
+ {{- with .Values.supersetWebsockets.service.annotations }}
+ annotations: {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ type: {{ .Values.supersetWebsockets.service.type }}
+ ports:
+ - port: {{ .Values.supersetWebsockets.service.port }}
+ targetPort: ws
+ protocol: TCP
+ name: ws
+ {{- if and (or (eq .Values.supersetWebsockets.service.type "NodePort") (eq .Values.supersetWebsockets.service.type "LoadBalancer")) (not (empty .Values.supersetWebsockets.service.nodePort.http)) }}
+ nodePort: {{ .Values.supersetWebsockets.service.nodePort.http }}
+ {{- end }}
+ selector:
+ app: "{{ template "superset.name" . }}-ws"
+ release: {{ .Release.Name }}
+ {{- if .Values.supersetWebsockets.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.supersetWebsockets.service.loadBalancerIP }}
+ {{- end }}
+{{- end }}
diff --git a/helm/mitm-superset/templates/service.yaml b/helm/mitm-superset/templates/service.yaml
new file mode 100644
index 0000000000..e435961ba9
--- /dev/null
+++ b/helm/mitm-superset/templates/service.yaml
@@ -0,0 +1,51 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "superset.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ template "superset.name" . }}
+ chart: {{ template "superset.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.extraLabels }}
+ {{- toYaml .Values.extraLabels | nindent 4 }}
+ {{- end }}
+ {{- with .Values.service.annotations }}
+ annotations: {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.port }}
+ targetPort: http
+ protocol: TCP
+ name: http
+ {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePort.http)) }}
+ nodePort: {{ .Values.service.nodePort.http }}
+ {{- end }}
+ selector:
+ app: {{ template "superset.name" . }}
+ release: {{ .Release.Name }}
+ {{- if .Values.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+ {{- end }}
diff --git a/helm/mitm-superset/templates/serviceaccount.yaml b/helm/mitm-superset/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..e92fc6202f
--- /dev/null
+++ b/helm/mitm-superset/templates/serviceaccount.yaml
@@ -0,0 +1,41 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "superset.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: {{ include "superset.name" . }}
+ helm.sh/chart: {{ include "superset.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ {{- if semverCompare "> 1.6" .Capabilities.KubeVersion.GitVersion }}
+ kubernetes.io/cluster-service: "true"
+ {{- end }}
+ addonmanager.kubernetes.io/mode: Reconcile
+ {{- if .Values.extraLabels }}
+ {{- toYaml .Values.extraLabels | nindent 4 }}
+ {{- end }}
+ {{- if .Values.serviceAccount.annotations }}
+ annotations: {{- toYaml .Values.serviceAccount.annotations | nindent 4 }}
+ {{- end }}
+{{- end -}}
diff --git a/helm/mitm-superset/values.yaml b/helm/mitm-superset/values.yaml
new file mode 100644
index 0000000000..8a494c0ce2
--- /dev/null
+++ b/helm/mitm-superset/values.yaml
@@ -0,0 +1,964 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Default values for superset.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# A README is automatically generated from this file to document it,
+# using helm-docs (see https://github.com/norwoodj/helm-docs)
+# To update it, install helm-docs and run helm-docs from the root of this chart
+
+# -- Provide a name to override the name of the chart
+nameOverride: ~
+# -- Provide a name to override the full names of resources
+fullnameOverride: ~
+
+# -- Labels to be added to all resources
+extraLabels: {}
+
+# -- User ID directive. This user must have enough permissions to run the bootstrap script
+# Running containers as root is not recommended in production. Change this to another UID - e.g. 1000 to be more secure
+runAsUser: 0
+
+# -- Specify rather or not helm should create the secret described in `secret-env.yaml` template
+secretEnv:
+ # -- Change to false in order to support externally created secret (Binami "Sealed Secrets" for Kubernetes or External Secrets Operator)
+ # note: when externally creating the secret, the chart still expects to pull values from a secret with the name of the release defaults to `release-name-superset-env` - full logic located in _helpers.tpl file: `define "superset.fullname"`
+ create: true
+
+# -- Specify service account name to be used
+serviceAccountName: ~
+serviceAccount:
+ # -- Create custom service account for Superset. If create: true and serviceAccountName is not provided, `superset.fullname` will be used.
+ create: false
+ annotations: {}
+
+# -- Install additional packages and do any other bootstrap configuration in this script
+# For production clusters it's recommended to build own image with this step done in CI
+# @default -- see `values.yaml`
+bootstrapScript: |
+ #!/bin/bash
+ if [ ! -f ~/bootstrap ]; then echo "Running Superset with uid {{ .Values.runAsUser }}" > ~/bootstrap; fi
+
+# -- The name of the secret which we will use to generate a superset_config.py file
+# Note: this secret must have the key superset_config.py in it and can include other files as well
+configFromSecret: '{{ template "superset.fullname" . }}-config'
+
+# -- The name of the secret which we will use to populate env vars in deployed pods
+# This can be useful for secret keys, etc.
+envFromSecret: '{{ template "superset.fullname" . }}-env'
+# -- This can be a list of templated strings
+envFromSecrets: []
+
+# -- Extra environment variables that will be passed into pods
+extraEnv: {}
+ # Different gunicorn settings, refer to the gunicorn documentation
+ # https://docs.gunicorn.org/en/stable/settings.html#
+ # These variables are used as Flags at the gunicorn startup
+ # https://github.com/apache/superset/blob/master/docker/run-server.sh#L22
+ # Extend timeout to allow long running queries.
+ # GUNICORN_TIMEOUT: 300
+ # Increase the gunicorn worker amount, can improve performance drastically
+ # See: https://docs.gunicorn.org/en/stable/design.html#how-many-workers
+ # SERVER_WORKER_AMOUNT: 4
+ # WORKER_MAX_REQUESTS: 0
+ # WORKER_MAX_REQUESTS_JITTER: 0
+ # SERVER_THREADS_AMOUNT: 20
+ # GUNICORN_KEEPALIVE: 2
+ # SERVER_LIMIT_REQUEST_LINE: 0
+ # SERVER_LIMIT_REQUEST_FIELD_SIZE: 0
+
+ # OAUTH_HOME_DOMAIN: ..
+ # # If a whitelist is not set, any address that can use your OAuth2 endpoint will be able to login.
+ # # this includes any random Gmail address if your OAuth2 Web App is set to External.
+ # OAUTH_WHITELIST_REGEX: ...
+
+# -- Extra environment variables in RAW format that will be passed into pods
+extraEnvRaw: []
+ # Load DB password from other secret (e.g. for zalando operator)
+ # - name: DB_PASS
+ # valueFrom:
+ # secretKeyRef:
+ # name: superset.superset-postgres.credentials.postgresql.acid.zalan.do
+ # key: password
+
+# -- Extra environment variables to pass as secrets
+extraSecretEnv:
+ SUPERSET_SECRET_KEY: 'CHANGE_ME_TO_A_COMPLEX_RANDOM_SECRET'
+ GLOBAL_ASYNC_QUERIES_JWT_SECRET: 'CHANGE_ME_TO_A_COMPLEX_RANDOM_SECRET'
+
+ MITM_API_HOST: "{{ .Release.Name }}-redis-headless"
+ MITM_API_PORT: 8180
+
+ MITM_DATABASE_DIALECT: postgresql
+ MITM_DATABASE_USER: mitm-pg-user
+ MITM_DATABASE_PASSWORD: 'superweirdpasswordpleasedonotcrack'
+ MITM_DATABASE_HOST: mitm-db
+ MITM_DATABASE_PORT: 5432
+ # MAPBOX_API_KEY: ...
+ # # Google API Keys: https://console.cloud.google.com/apis/credentials
+ # GOOGLE_KEY: ...
+ # GOOGLE_SECRET: ...
+ # # Generate your own secret key for encryption. Use openssl rand -base64 42 to generate a good key
+ # SUPERSET_SECRET_KEY: 'CHANGE_ME_TO_A_COMPLEX_RANDOM_SECRET'
+
+# -- Extra files to be mounted as ConfigMap on the path specified in `extraConfigMountPath`
+extraConfigs: {}
+ # import_datasources.yaml: |
+ # databases:
+ # - allow_file_upload: true
+ # allow_ctas: true
+ # allow_cvas: true
+ # database_name: example-db
+ # extra: "{\r\n \"metadata_params\": {},\r\n \"engine_params\": {},\r\n \"\
+ # metadata_cache_timeout\": {},\r\n \"schemas_allowed_for_file_upload\": []\r\n\
+ # }"
+ # sqlalchemy_uri: example://example-db.local
+ # tables: []
+
+# -- Extra files to be mounted as Secrets on the path specified in `configMountPath`
+extraSecrets: {}
+
+extraVolumes: []
+ # - name: customConfig
+ # configMap:
+ # name: '{{ template "superset.fullname" . }}-custom-config'
+ # - name: additionalSecret
+ # secret:
+ # secretName: my-secret
+ # defaultMode: 0600
+
+extraVolumeMounts: []
+ # - name: customConfig
+ # mountPath: /mnt/config
+ # readOnly: true
+ # - name: additionalSecret:
+ # mountPath: /mnt/secret
+
+# -- A dictionary of overrides to append at the end of superset_config.py - the name does not matter
+# WARNING: the order is not guaranteed
+# Files can be passed as helm --set-file configOverrides.my-override=my-file.py
+configOverrides:
+ mitm_service: |
+ import os
+
+ FEATURE_FLAGS = {'ENABLE_TEMPLATE_PROCESSING': True, 'GLOBAL_ASYNC_QUERIES': True,
+ 'MITM_SUPPORT': True}
+ GLOBAL_ASYNC_QUERIES_JWT_SECRET = os.getenv('GLOBAL_ASYNC_QUERIES_JWT_SECRET',
+ 'test-secret-change-me-just-a-little-longer')
+
+ REDIS_EVENTS_DB = os.getenv("REDIS_EVENTS_DB", "2")
+ GLOBAL_ASYNC_QUERIES_CACHE_BACKEND = {
+ "CACHE_REDIS_HOST": os.getenv('REDIS_HOST'),
+ "CACHE_REDIS_PORT": os.getenv('REDIS_PORT'),
+ "CACHE_REDIS_USER": "",
+ "CACHE_REDIS_PASSWORD": "",
+ "CACHE_REDIS_DB": REDIS_EVENTS_DB,
+ }
+ GLOBAL_ASYNC_QUERIES_TRANSPORT = 'ws'
+
+ PREVENT_UNSAFE_DB_CONNECTIONS = False
+
+ ###################################
+ # MITM Related
+ ###################################
+ MITM_API_HOST = os.getenv('MITM_API_HOST', 'superset-mitm-service')
+ MITM_API_PORT = os.getenv('MITM_API_PORT', '8180')
+
+ MITM_API_BASEURL = f'{MITM_API_HOST}:{MITM_API_PORT}/'
+
+ MITM_DATABASE_DIALECT = os.getenv('MITM_DATABASE_DIALECT')
+ MITM_DATABASE_USER = os.getenv('MITM_DATABASE_USER')
+ MITM_DATABASE_PASSWORD = os.getenv('MITM_DATABASE_PASSWORD')
+ MITM_DATABASE_HOST = os.getenv('MITM_DATABASE_HOST')
+ MITM_DATABASE_PORT = os.getenv('MITM_DATABASE_PORT')
+ MITM_DATABASE_DB = os.getenv('MITM_DATABASE_DB')
+
+ MITM_DATABASE_URI = (
+ f'{MITM_DATABASE_DIALECT}://'
+ f'{MITM_DATABASE_USER}:{MITM_DATABASE_PASSWORD}@'
+ f'{MITM_DATABASE_HOST}:{MITM_DATABASE_PORT}/{MITM_DATABASE_DB}'
+ )
+ # extend_timeout: |
+ # # Extend timeout to allow long running queries.
+ # SUPERSET_WEBSERVER_TIMEOUT = ...
+ # enable_oauth: |
+ # from flask_appbuilder.security.manager import (AUTH_DB, AUTH_OAUTH)
+ # AUTH_TYPE = AUTH_OAUTH
+ # OAUTH_PROVIDERS = [
+ # {
+ # "name": "google",
+ # "whitelist": [ os.getenv("OAUTH_WHITELIST_REGEX", "") ],
+ # "icon": "fa-google",
+ # "token_key": "access_token",
+ # "remote_app": {
+ # "client_id": os.environ.get("GOOGLE_KEY"),
+ # "client_secret": os.environ.get("GOOGLE_SECRET"),
+ # "api_base_url": "https://www.googleapis.com/oauth2/v2/",
+ # "client_kwargs": {"scope": "email profile"},
+ # "request_token_url": None,
+ # "access_token_url": "https://accounts.google.com/o/oauth2/token",
+ # "authorize_url": "https://accounts.google.com/o/oauth2/auth",
+ # "authorize_params": {"hd": os.getenv("OAUTH_HOME_DOMAIN", "")}
+ # }
+ # }
+ # ]
+ # # Map Authlib roles to superset roles
+ # AUTH_ROLE_ADMIN = 'Admin'
+ # AUTH_ROLE_PUBLIC = 'Public'
+ # # Will allow user self registration, allowing to create Flask users from Authorized User
+ # AUTH_USER_REGISTRATION = True
+ # # The default user self registration role
+ # AUTH_USER_REGISTRATION_ROLE = "Admin"
+ # secret: |
+ # # Generate your own secret key for encryption. Use `openssl rand -base64 42` to generate a good key
+ # SECRET_KEY = 'CHANGE_ME_TO_A_COMPLEX_RANDOM_SECRET'
+
+# -- Same as above but the values are files
+configOverridesFiles: {}
+ # extend_timeout: extend_timeout.py
+ # enable_oauth: enable_oauth.py
+
+configMountPath: "/app/pythonpath"
+
+extraConfigMountPath: "/app/configs"
+
+image:
+ repository: apachesuperset.docker.scarf.sh/apache/superset
+ tag: ~
+ pullPolicy: IfNotPresent
+
+imagePullSecrets: []
+
+initImage:
+ repository: apache/superset
+ tag: dockerize
+ pullPolicy: IfNotPresent
+
+service:
+ type: ClusterIP
+ port: 8088
+ annotations: {}
+ # cloud.google.com/load-balancer-type: "Internal"
+ loadBalancerIP: ~
+ nodePort:
+ # -- (int)
+ http: nil
+
+ingress:
+ enabled: false
+ ingressClassName: ~
+ annotations: {}
+ # kubernetes.io/tls-acme: "true"
+ ## Extend timeout to allow long running queries.
+ # nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
+ # nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
+ # nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
+ path: /
+ pathType: ImplementationSpecific
+ hosts:
+ - chart-example.local
+ tls: []
+ extraHostsRaw: []
+ # - secretName: chart-example-tls
+ # hosts:
+ # - chart-example.local
+
+resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # The limits below will apply to all Superset components. To set individual resource limitations refer to the pod specific values below.
+ # The pod specific values will overwrite anything that is set here.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+# -- Custom hostAliases for all superset pods
+## https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/
+hostAliases: []
+# - hostnames:
+# - nodns.my.lan
+# ip: 18.27.36.45
+
+# Superset node configuration
+supersetNode:
+ replicas:
+ enabled: true
+ replicaCount: 1
+ autoscaling:
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 100
+ targetCPUUtilizationPercentage: 80
+ # targetMemoryUtilizationPercentage: 80
+ # -- Sets the [pod disruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) for supersetNode pods
+ podDisruptionBudget:
+ # -- Whether the pod disruption budget should be created
+ enabled: false
+ # -- If set, maxUnavailable must not be set - see https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
+ minAvailable: 1
+ # -- If set, minAvailable must not be set - see https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
+ maxUnavailable: 1
+
+ # -- Startup command
+ # @default -- See `values.yaml`
+ command:
+ - "/bin/sh"
+ - "-c"
+ - ". {{ .Values.configMountPath }}/superset_bootstrap.sh; /usr/bin/run-server.sh"
+ connections:
+ # -- Change in case of bringing your own redis and then also set redis.enabled:false
+ redis_host: "{{ .Release.Name }}-redis-headless"
+ redis_port: "6379"
+ redis_user: ""
+ # redis_password: superset
+ redis_cache_db: "1"
+ redis_celery_db: "0"
+ redis_events_db: "2"
+ # Or SSL port is usually 6380
+ # Update following for using Redis with SSL
+ redis_ssl:
+ enabled: false
+ ssl_cert_reqs: CERT_NONE
+ # You need to change below configuration incase bringing own PostgresSQL instance and also set postgresql.enabled:false
+ db_host: "{{ .Release.Name }}-postgresql"
+ db_port: "5432"
+ db_user: superset
+ db_pass: superset
+ db_name: superset
+
+ mitm_service_host: "{{ .Release.Name }}-superset-mitm-service"
+ mitm_service_port: "8180"
+ env: {}
+ # -- If true, forces deployment to reload on each upgrade
+ forceReload: false
+ # -- Init containers
+ # @default -- a container waiting for postgres
+ initContainers:
+ - name: wait-for-postgres
+ image: "{{ .Values.initImage.repository }}:{{ .Values.initImage.tag }}"
+ imagePullPolicy: "{{ .Values.initImage.pullPolicy }}"
+ envFrom:
+ - secretRef:
+ name: "{{ tpl .Values.envFromSecret . }}"
+ command:
+ - /bin/sh
+ - -c
+ - dockerize -wait "tcp://$DB_HOST:$DB_PORT" -timeout 120s
+
+ # -- Launch additional containers into supersetNode pod
+ extraContainers: []
+ # -- Annotations to be added to supersetNode deployment
+ deploymentAnnotations: {}
+ # -- Labels to be added to supersetNode deployment
+ deploymentLabels: {}
+ # -- Affinity to be added to supersetNode deployment
+ affinity: {}
+ # -- TopologySpreadConstrains to be added to supersetNode deployments
+ topologySpreadConstraints: []
+ # -- Annotations to be added to supersetNode pods
+ podAnnotations: {}
+ # -- Labels to be added to supersetNode pods
+ podLabels: {}
+ startupProbe:
+ httpGet:
+ path: /health
+ port: http
+ initialDelaySeconds: 15
+ timeoutSeconds: 1
+ failureThreshold: 60
+ periodSeconds: 5
+ successThreshold: 1
+ livenessProbe:
+ httpGet:
+ path: /health
+ port: http
+ initialDelaySeconds: 15
+ timeoutSeconds: 1
+ failureThreshold: 3
+ periodSeconds: 15
+ successThreshold: 1
+ readinessProbe:
+ httpGet:
+ path: /health
+ port: http
+ initialDelaySeconds: 15
+ timeoutSeconds: 1
+ failureThreshold: 3
+ periodSeconds: 15
+ successThreshold: 1
+ # -- Resource settings for the supersetNode pods - these settings overwrite might existing values from the global resources object defined above.
+ resources: {}
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+ podSecurityContext: {}
+ containerSecurityContext: {}
+ strategy: {}
+ # type: RollingUpdate
+ # rollingUpdate:
+ # maxSurge: 25%
+ # maxUnavailable: 25%
+
+# Superset Celery worker configuration
+supersetWorker:
+ replicas:
+ enabled: true
+ replicaCount: 1
+ autoscaling:
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 100
+ targetCPUUtilizationPercentage: 80
+ # targetMemoryUtilizationPercentage: 80
+ # -- Sets the [pod disruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) for supersetWorker pods
+ podDisruptionBudget:
+ # -- Whether the pod disruption budget should be created
+ enabled: false
+ # -- If set, maxUnavailable must not be set - see https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
+ minAvailable: 1
+ # -- If set, minAvailable must not be set - see https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
+ maxUnavailable: 1
+ # -- Worker startup command
+ # @default -- a `celery worker` command
+ command:
+ - "/bin/sh"
+ - "-c"
+ - ". {{ .Values.configMountPath }}/superset_bootstrap.sh; celery --app=superset.tasks.celery_app:app worker"
+ # -- If true, forces deployment to reload on each upgrade
+ forceReload: false
+ # -- Init container
+ # @default -- a container waiting for postgres and redis
+ initContainers:
+ - name: wait-for-postgres-redis
+ image: "{{ .Values.initImage.repository }}:{{ .Values.initImage.tag }}"
+ imagePullPolicy: "{{ .Values.initImage.pullPolicy }}"
+ envFrom:
+ - secretRef:
+ name: "{{ tpl .Values.envFromSecret . }}"
+ command:
+ - /bin/sh
+ - -c
+ - dockerize -wait "tcp://$DB_HOST:$DB_PORT" -wait "tcp://$REDIS_HOST:$REDIS_PORT" -timeout 120s
+ # -- Launch additional containers into supersetWorker pod
+ extraContainers: []
+ # -- Annotations to be added to supersetWorker deployment
+ deploymentAnnotations: {}
+ # -- Labels to be added to supersetWorker deployment
+ deploymentLabels: {}
+ # -- Affinity to be added to supersetWorker deployment
+ affinity: {}
+ # -- TopologySpreadConstrains to be added to supersetWorker deployments
+ topologySpreadConstraints: []
+ # -- Annotations to be added to supersetWorker pods
+ podAnnotations: {}
+ # -- Labels to be added to supersetWorker pods
+ podLabels: {}
+ # -- Resource settings for the supersetWorker pods - these settings overwrite might existing values from the global resources object defined above.
+ resources: {}
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+ podSecurityContext: {}
+ containerSecurityContext: {}
+ strategy: {}
+ # type: RollingUpdate
+ # rollingUpdate:
+ # maxSurge: 25%
+ # maxUnavailable: 25%
+ livenessProbe:
+ exec:
+ # -- Liveness probe command
+ # @default -- a `celery inspect ping` command
+ command:
+ - sh
+ - -c
+ - celery -A superset.tasks.celery_app:app inspect ping -d celery@$HOSTNAME
+ initialDelaySeconds: 120
+ timeoutSeconds: 60
+ failureThreshold: 3
+ periodSeconds: 60
+ successThreshold: 1
+ # -- No startup/readiness probes by default since we don't really care about its startup time (it doesn't serve traffic)
+ startupProbe: {}
+ # -- No startup/readiness probes by default since we don't really care about its startup time (it doesn't serve traffic)
+ readinessProbe: {}
+ # -- Set priorityClassName for supersetWorker pods
+ priorityClassName: ~
+
+# Superset beat configuration (to trigger scheduled jobs like reports)
+supersetCeleryBeat:
+ # -- This is only required if you intend to use alerts and reports
+ enabled: false
+ # -- Sets the [pod disruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) for supersetCeleryBeat pods
+ podDisruptionBudget:
+ # -- Whether the pod disruption budget should be created
+ enabled: false
+ # -- If set, maxUnavailable must not be set - see https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
+ minAvailable: 1
+ # -- If set, minAvailable must not be set - see https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
+ maxUnavailable: 1
+ # -- Command
+ # @default -- a `celery beat` command
+ command:
+ - "/bin/sh"
+ - "-c"
+ - ". {{ .Values.configMountPath }}/superset_bootstrap.sh; celery --app=superset.tasks.celery_app:app beat --pidfile /tmp/celerybeat.pid --schedule /tmp/celerybeat-schedule"
+ # -- If true, forces deployment to reload on each upgrade
+ forceReload: false
+ # -- List of init containers
+ # @default -- a container waiting for postgres
+ initContainers:
+ - name: wait-for-postgres-redis
+ image: "{{ .Values.initImage.repository }}:{{ .Values.initImage.tag }}"
+ imagePullPolicy: "{{ .Values.initImage.pullPolicy }}"
+ envFrom:
+ - secretRef:
+ name: "{{ tpl .Values.envFromSecret . }}"
+ command:
+ - /bin/sh
+ - -c
+ - dockerize -wait "tcp://$DB_HOST:$DB_PORT" -wait "tcp://$REDIS_HOST:$REDIS_PORT" -timeout 120s
+ # -- Launch additional containers into supersetCeleryBeat pods
+ extraContainers: []
+ # -- Annotations to be added to supersetCeleryBeat deployment
+ deploymentAnnotations: {}
+ # -- Affinity to be added to supersetCeleryBeat deployment
+ affinity: {}
+ # -- TopologySpreadConstrains to be added to supersetCeleryBeat deployments
+ topologySpreadConstraints: []
+ # -- Annotations to be added to supersetCeleryBeat pods
+ podAnnotations: {}
+ # -- Labels to be added to supersetCeleryBeat pods
+ podLabels: {}
+ # -- Resource settings for the CeleryBeat pods - these settings overwrite might existing values from the global resources object defined above.
+ resources: {}
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+ podSecurityContext: {}
+ containerSecurityContext: {}
+ # -- Set priorityClassName for CeleryBeat pods
+ priorityClassName: ~
+
+supersetCeleryFlower:
+ # -- Enables a Celery flower deployment (management UI to monitor celery jobs)
+ # WARNING: on superset 1.x, this requires a Superset image that has `flower<1.0.0` installed (which is NOT the case of the default images)
+ # flower>=1.0.0 requires Celery 5+ which Superset 1.5 does not support
+ enabled: false
+ replicaCount: 1
+ # -- Sets the [pod disruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) for supersetCeleryFlower pods
+ podDisruptionBudget:
+ # -- Whether the pod disruption budget should be created
+ enabled: false
+ # -- If set, maxUnavailable must not be set - see https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
+ minAvailable: 1
+ # -- If set, minAvailable must not be set - see https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
+ maxUnavailable: 1
+ # -- Command
+ # @default -- a `celery flower` command
+ command:
+ - "/bin/sh"
+ - "-c"
+ - "celery --app=superset.tasks.celery_app:app flower"
+ service:
+ type: ClusterIP
+ annotations: {}
+ loadBalancerIP: ~
+ port: 5555
+ nodePort:
+ # -- (int)
+ http: nil
+ startupProbe:
+ httpGet:
+ path: /api/workers
+ port: flower
+ initialDelaySeconds: 5
+ timeoutSeconds: 1
+ failureThreshold: 60
+ periodSeconds: 5
+ successThreshold: 1
+ livenessProbe:
+ httpGet:
+ path: /api/workers
+ port: flower
+ initialDelaySeconds: 5
+ timeoutSeconds: 1
+ failureThreshold: 3
+ periodSeconds: 5
+ successThreshold: 1
+ readinessProbe:
+ httpGet:
+ path: /api/workers
+ port: flower
+ initialDelaySeconds: 5
+ timeoutSeconds: 1
+ failureThreshold: 3
+ periodSeconds: 5
+ successThreshold: 1
+ # -- List of init containers
+ # @default -- a container waiting for postgres and redis
+ initContainers:
+ - name: wait-for-postgres-redis
+ image: "{{ .Values.initImage.repository }}:{{ .Values.initImage.tag }}"
+ imagePullPolicy: "{{ .Values.initImage.pullPolicy }}"
+ envFrom:
+ - secretRef:
+ name: "{{ tpl .Values.envFromSecret . }}"
+ command:
+ - /bin/sh
+ - -c
+ - dockerize -wait "tcp://$DB_HOST:$DB_PORT" -wait "tcp://$REDIS_HOST:$REDIS_PORT" -timeout 120s
+ # -- Launch additional containers into supersetCeleryFlower pods
+ extraContainers: []
+ # -- Annotations to be added to supersetCeleryFlower deployment
+ deploymentAnnotations: {}
+ # -- Affinity to be added to supersetCeleryFlower deployment
+ affinity: {}
+ # -- TopologySpreadConstrains to be added to supersetCeleryFlower deployments
+ topologySpreadConstraints: []
+ # -- Annotations to be added to supersetCeleryFlower pods
+ podAnnotations: {}
+ # -- Labels to be added to supersetCeleryFlower pods
+ podLabels: {}
+ # -- Resource settings for the CeleryBeat pods - these settings overwrite might existing values from the global resources object defined above.
+ resources: {}
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+ podSecurityContext: {}
+ containerSecurityContext: {}
+ # -- Set priorityClassName for supersetCeleryFlower pods
+ priorityClassName: ~
+
+supersetWebsockets:
+ # -- This is only required if you intend to use `GLOBAL_ASYNC_QUERIES` in `ws` mode
+ # see https://github.com/apache/superset/blob/master/CONTRIBUTING.md#async-chart-queries
+ enabled: false
+ replicaCount: 1
+ # -- Sets the [pod disruption budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) for supersetWebsockets pods
+ podDisruptionBudget:
+ # -- Whether the pod disruption budget should be created
+ enabled: false
+ # -- If set, maxUnavailable must not be set - see https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
+ minAvailable: 1
+ # -- If set, minAvailable must not be set - see https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
+ maxUnavailable: 1
+ ingress:
+ path: /ws
+ pathType: Prefix
+ image:
+ # -- There is no official image (yet), this one is community-supported
+ repository: oneacrefund/superset-websocket
+ tag: latest
+ pullPolicy: IfNotPresent
+ # -- The config.json to pass to the server, see https://github.com/apache/superset/tree/master/superset-websocket
+ # Note that the configuration can also read from environment variables (which will have priority), see https://github.com/apache/superset/blob/master/superset-websocket/src/config.ts for a list of supported variables
+ # @default -- see `values.yaml`
+ config:
+ {
+ "port": 8080,
+ "logLevel": "debug",
+ "logToFile": false,
+ "logFilename": "app.log",
+ "statsd": { "host": "127.0.0.1", "port": 8125, "globalTags": [] },
+ "redis":
+ {
+ "port": 6379,
+ "host": "127.0.0.1",
+ "password": "",
+ "db": "{{ .Values.supersetNode.connections.redis_events_db }}",
+ "ssl": false,
+ },
+ "redisStreamPrefix": "async-events-",
+ "jwtSecret": "{{ .Values.extraSecretEnv.GLOBAL_ASYNC_QUERIES_JWT_SECRET }}",
+ "jwtCookieName": "async-token",
+ }
+ service:
+ type: ClusterIP
+ annotations: {}
+ loadBalancerIP: ~
+ port: 8080
+ nodePort:
+ # -- (int)
+ http: nil
+ command: []
+ resources: {}
+ # -- Launch additional containers into supersetWebsockets pods
+ extraContainers: []
+ deploymentAnnotations: {}
+ # -- Affinity to be added to supersetWebsockets deployment
+ affinity: {}
+ # -- TopologySpreadConstrains to be added to supersetWebsockets deployments
+ topologySpreadConstraints: []
+ podAnnotations: {}
+ podLabels: {}
+ strategy: {}
+ podSecurityContext: {}
+ containerSecurityContext: {}
+ startupProbe:
+ httpGet:
+ path: /health
+ port: ws
+ initialDelaySeconds: 5
+ timeoutSeconds: 1
+ failureThreshold: 60
+ periodSeconds: 5
+ successThreshold: 1
+ livenessProbe:
+ httpGet:
+ path: /health
+ port: ws
+ initialDelaySeconds: 5
+ timeoutSeconds: 1
+ failureThreshold: 3
+ periodSeconds: 5
+ successThreshold: 1
+ readinessProbe:
+ httpGet:
+ path: /health
+ port: ws
+ initialDelaySeconds: 5
+ timeoutSeconds: 1
+ failureThreshold: 3
+ periodSeconds: 5
+ successThreshold: 1
+ # -- Set priorityClassName for supersetWebsockets pods
+ priorityClassName: ~
+
+init:
+ # Configure resources
+ # Warning: fab command consumes a lot of ram and can
+ # cause the process to be killed due to OOM if it exceeds limit
+ # Make sure you are giving a strong password for the admin user creation( else make sure you are changing after setup)
+ # Also change the admin email to your own custom email.
+ resources: {}
+ # limits:
+ # cpu:
+ # memory:
+ # requests:
+ # cpu:
+ # memory:
+ # -- Command
+ # @default -- a `superset_init.sh` command
+ command:
+ - "/bin/sh"
+ - "-c"
+ - ". {{ .Values.configMountPath }}/superset_bootstrap.sh; . {{ .Values.configMountPath }}/superset_init.sh"
+ enabled: true
+ jobAnnotations:
+ "helm.sh/hook": post-install,post-upgrade
+ "helm.sh/hook-delete-policy": "before-hook-creation"
+ loadExamples: false
+ createAdmin: true
+ adminUser:
+ username: admin
+ firstname: Superset
+ lastname: Admin
+ email: admin@superset.com
+ password: admin
+ # -- List of initContainers
+ # @default -- a container waiting for postgres
+ initContainers:
+ - name: wait-for-postgres
+ image: "{{ .Values.initImage.repository }}:{{ .Values.initImage.tag }}"
+ imagePullPolicy: "{{ .Values.initImage.pullPolicy }}"
+ envFrom:
+ - secretRef:
+ name: "{{ tpl .Values.envFromSecret . }}"
+ command:
+ - /bin/sh
+ - -c
+ - dockerize -wait "tcp://$DB_HOST:$DB_PORT" -timeout 120s
+ # -- A Superset init script
+ # @default -- a script to create admin user and initialize roles
+ initscript: |-
+ #!/bin/sh
+ set -eu
+ echo "Upgrading DB schema..."
+ superset db upgrade
+ echo "Initializing roles..."
+ superset init
+ {{ if .Values.init.createAdmin }}
+ echo "Creating admin user..."
+ superset fab create-admin \
+ --username {{ .Values.init.adminUser.username }} \
+ --firstname {{ .Values.init.adminUser.firstname }} \
+ --lastname {{ .Values.init.adminUser.lastname }} \
+ --email {{ .Values.init.adminUser.email }} \
+ --password {{ .Values.init.adminUser.password }} \
+ || true
+ {{- end }}
+ {{ if .Values.init.loadExamples }}
+ echo "Loading examples..."
+ superset load_examples
+ {{- end }}
+ if [ -f "{{ .Values.extraConfigMountPath }}/import_datasources.yaml" ]; then
+ echo "Importing database connections.... "
+ superset import_datasources -p {{ .Values.extraConfigMountPath }}/import_datasources.yaml
+ fi
+ # -- Launch additional containers into init job pod
+ extraContainers: []
+ ## Annotations to be added to init job pods
+ podAnnotations: {}
+ # Labels to be added to init job pods
+ podLabels: {}
+ podSecurityContext: {}
+ containerSecurityContext: {}
+ ## Tolerations to be added to init job pods
+ tolerations: []
+ ## Affinity to be added to init job pods
+ affinity: {}
+ # -- TopologySpreadConstrains to be added to init job
+ topologySpreadConstraints: []
+ # -- Set priorityClassName for init job pods
+ priorityClassName: ~
+
+# -- Configuration values for the postgresql dependency.
+# ref: https://github.com/bitnami/charts/tree/main/bitnami/postgresql
+# @default -- see `values.yaml`
+postgresql:
+ ##
+ ## Use the PostgreSQL chart dependency.
+ ## Set to false if bringing your own PostgreSQL.
+ enabled: true
+
+ ## Authentication parameters
+ auth:
+ ## The name of an existing secret that contains the postgres password.
+ existingSecret:
+ ## PostgreSQL name for a custom user to create
+ username: superset
+ ## PostgreSQL password for the custom user to create. Ignored if `auth.existingSecret` with key `password` is provided
+ password: superset
+ ## PostgreSQL name for a custom database to create
+ database: superset
+
+ image:
+ tag: "14.17.0-debian-12-r3"
+
+ ## PostgreSQL Primary parameters
+ primary:
+ ##
+ ## Persistent Volume Storage configuration.
+ ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes
+ persistence:
+ ##
+ ## Enable PostgreSQL persistence using Persistent Volume Claims.
+ enabled: true
+ ##
+ ## Persistent class
+ # storageClass: classname
+ ##
+ ## Access modes:
+ accessModes:
+ - ReadWriteOnce
+ ## PostgreSQL port
+ service:
+ ports:
+ postgresql: "5432"
+
+# -- Configuration values for the Redis dependency.
+# ref: https://github.com/bitnami/charts/blob/master/bitnami/redis
+# More documentation can be found here: https://artifacthub.io/packages/helm/bitnami/redis
+# @default -- see `values.yaml`
+redis:
+ ##
+ ## Use the redis chart dependency.
+ ##
+ ## If you are bringing your own redis, you can set the host in supersetNode.connections.redis_host
+ ##
+ ## Set to false if bringing your own redis.
+ enabled: true
+ ##
+ ## Set architecture to standalone/replication
+ architecture: standalone
+ ##
+ ## Auth configuration:
+ ##
+ auth:
+ ## Enable password authentication
+ enabled: false
+ ## The name of an existing secret that contains the redis password.
+ existingSecret: ""
+ ## Name of the key containing the secret.
+ existingSecretKey: ""
+ ## Redis password
+ password: superset
+ ##
+ ## Master configuration
+ ##
+ master:
+ ##
+ ## Image configuration
+ # image:
+ ##
+ ## docker registry secret names (list)
+ # pullSecrets: nil
+ ##
+ ## Configure persistence
+ persistence:
+ ##
+ ## Use a PVC to persist data.
+ enabled: false
+ ##
+ ## Persistent class
+ # storageClass: classname
+ ##
+ ## Access mode:
+ accessModes:
+ - ReadWriteOnce
+
+superset-mitm-service:
+ enabled: true
+
+ mitmDB:
+ mitm_database_password: "supersaferandommitmdbpasswordwillneverbeguessed"
+
+ service:
+ port: "8180"
+
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+# -- TopologySpreadConstrains to be added to all deployments
+topologySpreadConstraints: []
+
+# -- Set priorityClassName for superset pods
+priorityClassName: ~
--
GitLab