diff --git a/charts/superset/README.md b/charts/superset/README.md new file mode 100644 index 0000000..886623e --- /dev/null +++ b/charts/superset/README.md @@ -0,0 +1,301 @@ + + + + +# superset + +![Version: 0.11.1](https://img.shields.io/badge/Version-0.11.1-informational?style=flat-square) + +Apache Superset is a modern, enterprise-ready business intelligence web application + +**Homepage:** + +## Source Code + +* + +## TL;DR + +```console +helm repo add superset http://apache.github.io/superset/ +helm install my-superset superset/superset +``` + +Make sure you set your own `SECRET_KEY` to something unique and secret. This secret key is used by Flask for +securely signing the session cookie and will be used to encrypt sensitive data on Superset's metadata database. +It should be a long random bytes or str. + +On helm this can be set on `extraSecretEnv.SUPERSET_SECRET_KEY` or `configOverrides.secrets` + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.bitnami.com/bitnami | postgresql | 12.1.6 | +| https://charts.bitnami.com/bitnami | redis | 17.9.4 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| bootstrapScript | string | see `values.yaml` | Install additional packages and do any other bootstrap configuration in this script For production clusters it's recommended to build own image with this step done in CI | +| configFromSecret | string | `"{{ template \"superset.fullname\" . }}-config"` | The name of the secret which we will use to generate a superset_config.py file Note: this secret must have the key superset_config.py in it and can include other files as well | +| configMountPath | string | `"/app/pythonpath"` | | +| configOverrides | object | `{}` | A dictionary of overrides to append at the end of superset_config.py - the name does not matter WARNING: the order is not guaranteed Files can be passed as helm --set-file configOverrides.my-override=my-file.py | +| configOverridesFiles | object | `{}` | Same as above but the values are files | +| envFromSecret | string | `"{{ template \"superset.fullname\" . }}-env"` | The name of the secret which we will use to populate env vars in deployed pods This can be useful for secret keys, etc. | +| envFromSecrets | list | `[]` | This can be a list of templated strings | +| extraConfigMountPath | string | `"/app/configs"` | | +| extraConfigs | object | `{}` | Extra files to mount on `/app/pythonpath` | +| extraEnv | object | `{}` | Extra environment variables that will be passed into pods | +| extraEnvRaw | list | `[]` | Extra environment variables in RAW format that will be passed into pods | +| extraSecretEnv | object | `{}` | Extra environment variables to pass as secrets | +| extraSecrets | object | `{}` | Extra files to mount on `/app/pythonpath` as secrets | +| extraVolumeMounts | list | `[]` | | +| extraVolumes | list | `[]` | | +| fullnameOverride | string | `nil` | Provide a name to override the full names of resources | +| hostAliases | list | `[]` | Custom hostAliases for all superset pods # https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/ | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"apachesuperset.docker.scarf.sh/apache/superset"` | | +| image.tag | string | `""` | | +| imagePullSecrets | list | `[]` | | +| ingress.annotations | object | `{}` | | +| ingress.enabled | bool | `false` | | +| ingress.extraHostsRaw | list | `[]` | | +| ingress.hosts[0] | string | `"chart-example.local"` | | +| ingress.ingressClassName | string | `nil` | | +| ingress.path | string | `"/"` | | +| ingress.pathType | string | `"ImplementationSpecific"` | | +| ingress.tls | list | `[]` | | +| init.adminUser.email | string | `"admin@superset.com"` | | +| init.adminUser.firstname | string | `"Superset"` | | +| init.adminUser.lastname | string | `"Admin"` | | +| init.adminUser.password | string | `"admin"` | | +| init.adminUser.username | string | `"admin"` | | +| init.affinity | object | `{}` | | +| init.command | list | a `superset_init.sh` command | Command | +| init.containerSecurityContext | object | `{}` | | +| init.createAdmin | bool | `true` | | +| init.enabled | bool | `true` | | +| init.extraContainers | list | `[]` | Launch additional containers into init job pod | +| init.initContainers | list | a container waiting for postgres | List of initContainers | +| init.initscript | string | a script to create admin user and initialize roles | A Superset init script | +| init.jobAnnotations."helm.sh/hook" | string | `"post-install,post-upgrade"` | | +| init.jobAnnotations."helm.sh/hook-delete-policy" | string | `"before-hook-creation"` | | +| init.loadExamples | bool | `false` | | +| init.podAnnotations | object | `{}` | | +| init.podSecurityContext | object | `{}` | | +| init.resources | object | `{}` | | +| init.tolerations | list | `[]` | | +| init.topologySpreadConstraints | list | `[]` | TopologySpreadConstrains to be added to init job | +| initImage.pullPolicy | string | `"IfNotPresent"` | | +| initImage.repository | string | `"apache/superset"` | | +| initImage.tag | string | `"dockerize"` | | +| nameOverride | string | `nil` | Provide a name to override the name of the chart | +| nodeSelector | object | `{}` | | +| postgresql | object | see `values.yaml` | Configuration values for the postgresql dependency. ref: https://github.com/bitnami/charts/tree/main/bitnami/postgresql | +| redis | object | see `values.yaml` | Configuration values for the Redis dependency. ref: https://github.com/bitnami/charts/blob/master/bitnami/redis More documentation can be found here: https://artifacthub.io/packages/helm/bitnami/redis | +| resources | object | `{}` | | +| runAsUser | int | `0` | User ID directive. This user must have enough permissions to run the bootstrap script Running containers as root is not recommended in production. Change this to another UID - e.g. 1000 to be more secure | +| service.annotations | object | `{}` | | +| service.loadBalancerIP | string | `nil` | | +| service.nodePort.http | int | `"nil"` | | +| service.port | int | `8088` | | +| service.type | string | `"ClusterIP"` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.create | bool | `false` | Create custom service account for Superset. If create: true and serviceAccountName is not provided, `superset.fullname` will be used. | +| serviceAccountName | string | `nil` | Specify service account name to be used | +| supersetCeleryBeat.affinity | object | `{}` | Affinity to be added to supersetCeleryBeat deployment | +| supersetCeleryBeat.command | list | a `celery beat` command | Command | +| supersetCeleryBeat.containerSecurityContext | object | `{}` | | +| supersetCeleryBeat.deploymentAnnotations | object | `{}` | Annotations to be added to supersetCeleryBeat deployment | +| supersetCeleryBeat.enabled | bool | `false` | This is only required if you intend to use alerts and reports | +| supersetCeleryBeat.extraContainers | list | `[]` | Launch additional containers into supersetCeleryBeat pods | +| supersetCeleryBeat.forceReload | bool | `false` | If true, forces deployment to reload on each upgrade | +| supersetCeleryBeat.initContainers | list | a container waiting for postgres | List of init containers | +| supersetCeleryBeat.podAnnotations | object | `{}` | Annotations to be added to supersetCeleryBeat pods | +| supersetCeleryBeat.podLabels | object | `{}` | Labels to be added to supersetCeleryBeat pods | +| supersetCeleryBeat.podSecurityContext | object | `{}` | | +| supersetCeleryBeat.resources | object | `{}` | Resource settings for the CeleryBeat pods - these settings overwrite might existing values from the global resources object defined above. | +| supersetCeleryBeat.topologySpreadConstraints | list | `[]` | TopologySpreadConstrains to be added to supersetCeleryBeat deployments | +| supersetCeleryFlower.affinity | object | `{}` | Affinity to be added to supersetCeleryFlower deployment | +| supersetCeleryFlower.command | list | a `celery flower` command | Command | +| supersetCeleryFlower.containerSecurityContext | object | `{}` | | +| supersetCeleryFlower.deploymentAnnotations | object | `{}` | Annotations to be added to supersetCeleryFlower deployment | +| supersetCeleryFlower.enabled | bool | `false` | Enables a Celery flower deployment (management UI to monitor celery jobs) WARNING: on superset 1.x, this requires a Superset image that has `flower<1.0.0` installed (which is NOT the case of the default images) flower>=1.0.0 requires Celery 5+ which Superset 1.5 does not support | +| supersetCeleryFlower.extraContainers | list | `[]` | Launch additional containers into supersetCeleryFlower pods | +| supersetCeleryFlower.initContainers | list | a container waiting for postgres and redis | List of init containers | +| supersetCeleryFlower.livenessProbe.failureThreshold | int | `3` | | +| supersetCeleryFlower.livenessProbe.httpGet.path | string | `"/api/workers"` | | +| supersetCeleryFlower.livenessProbe.httpGet.port | string | `"flower"` | | +| supersetCeleryFlower.livenessProbe.initialDelaySeconds | int | `5` | | +| supersetCeleryFlower.livenessProbe.periodSeconds | int | `5` | | +| supersetCeleryFlower.livenessProbe.successThreshold | int | `1` | | +| supersetCeleryFlower.livenessProbe.timeoutSeconds | int | `1` | | +| supersetCeleryFlower.podAnnotations | object | `{}` | Annotations to be added to supersetCeleryFlower pods | +| supersetCeleryFlower.podLabels | object | `{}` | Labels to be added to supersetCeleryFlower pods | +| supersetCeleryFlower.podSecurityContext | object | `{}` | | +| supersetCeleryFlower.readinessProbe.failureThreshold | int | `3` | | +| supersetCeleryFlower.readinessProbe.httpGet.path | string | `"/api/workers"` | | +| supersetCeleryFlower.readinessProbe.httpGet.port | string | `"flower"` | | +| supersetCeleryFlower.readinessProbe.initialDelaySeconds | int | `5` | | +| supersetCeleryFlower.readinessProbe.periodSeconds | int | `5` | | +| supersetCeleryFlower.readinessProbe.successThreshold | int | `1` | | +| supersetCeleryFlower.readinessProbe.timeoutSeconds | int | `1` | | +| supersetCeleryFlower.replicaCount | int | `1` | | +| supersetCeleryFlower.resources | object | `{}` | Resource settings for the CeleryBeat pods - these settings overwrite might existing values from the global resources object defined above. | +| supersetCeleryFlower.service.annotations | object | `{}` | | +| supersetCeleryFlower.service.loadBalancerIP | string | `nil` | | +| supersetCeleryFlower.service.nodePort.http | int | `"nil"` | | +| supersetCeleryFlower.service.port | int | `5555` | | +| supersetCeleryFlower.service.type | string | `"ClusterIP"` | | +| supersetCeleryFlower.startupProbe.failureThreshold | int | `60` | | +| supersetCeleryFlower.startupProbe.httpGet.path | string | `"/api/workers"` | | +| supersetCeleryFlower.startupProbe.httpGet.port | string | `"flower"` | | +| supersetCeleryFlower.startupProbe.initialDelaySeconds | int | `5` | | +| supersetCeleryFlower.startupProbe.periodSeconds | int | `5` | | +| supersetCeleryFlower.startupProbe.successThreshold | int | `1` | | +| supersetCeleryFlower.startupProbe.timeoutSeconds | int | `1` | | +| supersetCeleryFlower.topologySpreadConstraints | list | `[]` | TopologySpreadConstrains to be added to supersetCeleryFlower deployments | +| supersetNode.affinity | object | `{}` | Affinity to be added to supersetNode deployment | +| supersetNode.autoscaling.enabled | bool | `false` | | +| supersetNode.autoscaling.maxReplicas | int | `100` | | +| supersetNode.autoscaling.minReplicas | int | `1` | | +| supersetNode.autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| supersetNode.command | list | See `values.yaml` | Startup command | +| supersetNode.connections.db_host | string | `"{{ .Release.Name }}-postgresql"` | | +| supersetNode.connections.db_name | string | `"superset"` | | +| supersetNode.connections.db_pass | string | `"superset"` | | +| supersetNode.connections.db_port | string | `"5432"` | | +| supersetNode.connections.db_user | string | `"superset"` | | +| supersetNode.connections.redis_host | string | `"{{ .Release.Name }}-redis-headless"` | Change in case of bringing your own redis and then also set redis.enabled:false | +| supersetNode.connections.redis_port | string | `"6379"` | | +| supersetNode.containerSecurityContext | object | `{}` | | +| supersetNode.deploymentAnnotations | object | `{}` | Annotations to be added to supersetNode deployment | +| supersetNode.deploymentLabels | object | `{}` | Labels to be added to supersetNode deployment | +| supersetNode.env | object | `{}` | | +| supersetNode.extraContainers | list | `[]` | Launch additional containers into supersetNode pod | +| supersetNode.forceReload | bool | `false` | If true, forces deployment to reload on each upgrade | +| supersetNode.initContainers | list | a container waiting for postgres | Init containers | +| supersetNode.livenessProbe.failureThreshold | int | `3` | | +| supersetNode.livenessProbe.httpGet.path | string | `"/health"` | | +| supersetNode.livenessProbe.httpGet.port | string | `"http"` | | +| supersetNode.livenessProbe.initialDelaySeconds | int | `15` | | +| supersetNode.livenessProbe.periodSeconds | int | `15` | | +| supersetNode.livenessProbe.successThreshold | int | `1` | | +| supersetNode.livenessProbe.timeoutSeconds | int | `1` | | +| supersetNode.podAnnotations | object | `{}` | Annotations to be added to supersetNode pods | +| supersetNode.podLabels | object | `{}` | Labels to be added to supersetNode pods | +| supersetNode.podSecurityContext | object | `{}` | | +| supersetNode.readinessProbe.failureThreshold | int | `3` | | +| supersetNode.readinessProbe.httpGet.path | string | `"/health"` | | +| supersetNode.readinessProbe.httpGet.port | string | `"http"` | | +| supersetNode.readinessProbe.initialDelaySeconds | int | `15` | | +| supersetNode.readinessProbe.periodSeconds | int | `15` | | +| supersetNode.readinessProbe.successThreshold | int | `1` | | +| supersetNode.readinessProbe.timeoutSeconds | int | `1` | | +| supersetNode.replicaCount | int | `1` | | +| supersetNode.resources | object | `{}` | Resource settings for the supersetNode pods - these settings overwrite might existing values from the global resources object defined above. | +| supersetNode.startupProbe.failureThreshold | int | `60` | | +| supersetNode.startupProbe.httpGet.path | string | `"/health"` | | +| supersetNode.startupProbe.httpGet.port | string | `"http"` | | +| supersetNode.startupProbe.initialDelaySeconds | int | `15` | | +| supersetNode.startupProbe.periodSeconds | int | `5` | | +| supersetNode.startupProbe.successThreshold | int | `1` | | +| supersetNode.startupProbe.timeoutSeconds | int | `1` | | +| supersetNode.strategy | object | `{}` | | +| supersetNode.topologySpreadConstraints | list | `[]` | TopologySpreadConstrains to be added to supersetNode deployments | +| supersetWebsockets.affinity | object | `{}` | Affinity to be added to supersetWebsockets deployment | +| supersetWebsockets.command | list | `[]` | | +| supersetWebsockets.config | object | see `values.yaml` | The config.json to pass to the server, see https://github.com/apache/superset/tree/master/superset-websocket Note that the configuration can also read from environment variables (which will have priority), see https://github.com/apache/superset/blob/master/superset-websocket/src/config.ts for a list of supported variables | +| supersetWebsockets.containerSecurityContext | object | `{}` | | +| supersetWebsockets.deploymentAnnotations | object | `{}` | | +| supersetWebsockets.enabled | bool | `false` | This is only required if you intend to use `GLOBAL_ASYNC_QUERIES` in `ws` mode see https://github.com/apache/superset/blob/master/CONTRIBUTING.md#async-chart-queries | +| supersetWebsockets.extraContainers | list | `[]` | Launch additional containers into supersetWebsockets pods | +| supersetWebsockets.image.pullPolicy | string | `"IfNotPresent"` | | +| supersetWebsockets.image.repository | string | `"oneacrefund/superset-websocket"` | There is no official image (yet), this one is community-supported | +| supersetWebsockets.image.tag | string | `"latest"` | | +| supersetWebsockets.ingress.path | string | `"/ws"` | | +| supersetWebsockets.ingress.pathType | string | `"Prefix"` | | +| supersetWebsockets.livenessProbe.failureThreshold | int | `3` | | +| supersetWebsockets.livenessProbe.httpGet.path | string | `"/health"` | | +| supersetWebsockets.livenessProbe.httpGet.port | string | `"ws"` | | +| supersetWebsockets.livenessProbe.initialDelaySeconds | int | `5` | | +| supersetWebsockets.livenessProbe.periodSeconds | int | `5` | | +| supersetWebsockets.livenessProbe.successThreshold | int | `1` | | +| supersetWebsockets.livenessProbe.timeoutSeconds | int | `1` | | +| supersetWebsockets.podAnnotations | object | `{}` | | +| supersetWebsockets.podLabels | object | `{}` | | +| supersetWebsockets.podSecurityContext | object | `{}` | | +| supersetWebsockets.readinessProbe.failureThreshold | int | `3` | | +| supersetWebsockets.readinessProbe.httpGet.path | string | `"/health"` | | +| supersetWebsockets.readinessProbe.httpGet.port | string | `"ws"` | | +| supersetWebsockets.readinessProbe.initialDelaySeconds | int | `5` | | +| supersetWebsockets.readinessProbe.periodSeconds | int | `5` | | +| supersetWebsockets.readinessProbe.successThreshold | int | `1` | | +| supersetWebsockets.readinessProbe.timeoutSeconds | int | `1` | | +| supersetWebsockets.replicaCount | int | `1` | | +| supersetWebsockets.resources | object | `{}` | | +| supersetWebsockets.service.annotations | object | `{}` | | +| supersetWebsockets.service.loadBalancerIP | string | `nil` | | +| supersetWebsockets.service.nodePort.http | int | `"nil"` | | +| supersetWebsockets.service.port | int | `8080` | | +| supersetWebsockets.service.type | string | `"ClusterIP"` | | +| supersetWebsockets.startupProbe.failureThreshold | int | `60` | | +| supersetWebsockets.startupProbe.httpGet.path | string | `"/health"` | | +| supersetWebsockets.startupProbe.httpGet.port | string | `"ws"` | | +| supersetWebsockets.startupProbe.initialDelaySeconds | int | `5` | | +| supersetWebsockets.startupProbe.periodSeconds | int | `5` | | +| supersetWebsockets.startupProbe.successThreshold | int | `1` | | +| supersetWebsockets.startupProbe.timeoutSeconds | int | `1` | | +| supersetWebsockets.strategy | object | `{}` | | +| supersetWebsockets.topologySpreadConstraints | list | `[]` | TopologySpreadConstrains to be added to supersetWebsockets deployments | +| supersetWorker.affinity | object | `{}` | Affinity to be added to supersetWorker deployment | +| supersetWorker.autoscaling.enabled | bool | `false` | | +| supersetWorker.autoscaling.maxReplicas | int | `100` | | +| supersetWorker.autoscaling.minReplicas | int | `1` | | +| supersetWorker.autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| supersetWorker.command | list | a `celery worker` command | Worker startup command | +| supersetWorker.containerSecurityContext | object | `{}` | | +| supersetWorker.deploymentAnnotations | object | `{}` | Annotations to be added to supersetWorker deployment | +| supersetWorker.deploymentLabels | object | `{}` | Labels to be added to supersetWorker deployment | +| supersetWorker.extraContainers | list | `[]` | Launch additional containers into supersetWorker pod | +| supersetWorker.forceReload | bool | `false` | If true, forces deployment to reload on each upgrade | +| supersetWorker.initContainers | list | a container waiting for postgres and redis | Init container | +| supersetWorker.livenessProbe.exec.command | list | a `celery inspect ping` command | Liveness probe command | +| supersetWorker.livenessProbe.failureThreshold | int | `3` | | +| supersetWorker.livenessProbe.initialDelaySeconds | int | `120` | | +| supersetWorker.livenessProbe.periodSeconds | int | `60` | | +| supersetWorker.livenessProbe.successThreshold | int | `1` | | +| supersetWorker.livenessProbe.timeoutSeconds | int | `60` | | +| supersetWorker.podAnnotations | object | `{}` | Annotations to be added to supersetWorker pods | +| supersetWorker.podLabels | object | `{}` | Labels to be added to supersetWorker pods | +| supersetWorker.podSecurityContext | object | `{}` | | +| supersetWorker.readinessProbe | object | `{}` | No startup/readiness probes by default since we don't really care about its startup time (it doesn't serve traffic) | +| supersetWorker.replicaCount | int | `1` | | +| supersetWorker.resources | object | `{}` | Resource settings for the supersetWorker pods - these settings overwrite might existing values from the global resources object defined above. | +| supersetWorker.startupProbe | object | `{}` | No startup/readiness probes by default since we don't really care about its startup time (it doesn't serve traffic) | +| supersetWorker.strategy | object | `{}` | | +| supersetWorker.topologySpreadConstraints | list | `[]` | TopologySpreadConstrains to be added to supersetWorker deployments | +| tolerations | list | `[]` | | +| topologySpreadConstraints | list | `[]` | TopologySpreadConstrains to be added to all deployments | diff --git a/charts/superset/README.md.gotmpl b/charts/superset/README.md.gotmpl new file mode 100644 index 0000000..facb955 --- /dev/null +++ b/charts/superset/README.md.gotmpl @@ -0,0 +1,50 @@ + + + + +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.versionBadge" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.sourcesSection" . }} + +## TL;DR + +```console +helm repo add superset http://apache.github.io/superset/ +helm install my-superset superset/superset +``` + +Make sure you set your own `SECRET_KEY` to something unique and secret. This secret key is used by Flask for +securely signing the session cookie and will be used to encrypt sensitive data on Superset's metadata database. +It should be a long random bytes or str. + +On helm this can be set on `extraSecretEnv.SUPERSET_SECRET_KEY` or `configOverrides.secrets` + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} diff --git a/charts/superset/charts/postgresql/charts/common/templates/validations/_mysql.tpl b/charts/superset/charts/postgresql/charts/common/templates/validations/_mysql.tpl new file mode 100644 index 0000000..74472a0 --- /dev/null +++ b/charts/superset/charts/postgresql/charts/common/templates/validations/_mysql.tpl @@ -0,0 +1,103 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MySQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mysql.passwords" -}} + {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mysql.values.enabled" . -}} + {{- $architecture := include "common.mysql.values.architecture" . -}} + {{- $authPrefix := include "common.mysql.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mysql. + +Usage: +{{ include "common.mysql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mysql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mysql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.key.auth" -}} + {{- if .subchart -}} + mysql.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/charts/superset/charts/postgresql/templates/read/extended-configmap.yaml b/charts/superset/charts/postgresql/templates/read/extended-configmap.yaml new file mode 100644 index 0000000..e329d13 --- /dev/null +++ b/charts/superset/charts/postgresql/templates/read/extended-configmap.yaml @@ -0,0 +1,18 @@ +{{- if (include "postgresql.readReplicas.createExtendedConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-extended-configuration" (include "postgresql.readReplica.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: read + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + override.conf: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.extendedConfiguration "context" $ ) | nindent 4 }} +{{- end }} diff --git a/charts/superset/charts/postgresql/templates/read/metrics-configmap.yaml b/charts/superset/charts/postgresql/templates/read/metrics-configmap.yaml new file mode 100644 index 0000000..b00a6ec --- /dev/null +++ b/charts/superset/charts/postgresql/templates/read/metrics-configmap.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.metrics.enabled .Values.metrics.customMetrics (eq .Values.architecture "replication") }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-metrics" (include "postgresql.readReplica.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }} +{{- end }} diff --git a/charts/superset/charts/postgresql/templates/read/metrics-svc.yaml b/charts/superset/charts/postgresql/templates/read/metrics-svc.yaml new file mode 100644 index 0000000..b3e5497 --- /dev/null +++ b/charts/superset/charts/postgresql/templates/read/metrics-svc.yaml @@ -0,0 +1,31 @@ +{{- if and .Values.metrics.enabled (eq .Values.architecture "replication") }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "postgresql.readReplica.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics-read + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + sessionAffinity: {{ .Values.metrics.service.sessionAffinity }} + {{- if .Values.metrics.service.clusterIP }} + clusterIP: {{ .Values.metrics.service.clusterIP }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.metrics.service.ports.metrics }} + targetPort: http-metrics + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: read +{{- end }} diff --git a/charts/superset/charts/postgresql/templates/read/servicemonitor.yaml b/charts/superset/charts/postgresql/templates/read/servicemonitor.yaml new file mode 100644 index 0000000..d511d6b --- /dev/null +++ b/charts/superset/charts/postgresql/templates/read/servicemonitor.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled (eq .Values.architecture "replication") }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "postgresql.readReplica.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics-read + {{- if .Values.metrics.serviceMonitor.labels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + app.kubernetes.io/component: metrics-read + endpoints: + - port: http-metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 6 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 6 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} +{{- end }} diff --git a/charts/superset/charts/redis/charts/common/templates/validations/_mysql.tpl b/charts/superset/charts/redis/charts/common/templates/validations/_mysql.tpl new file mode 100644 index 0000000..74472a0 --- /dev/null +++ b/charts/superset/charts/redis/charts/common/templates/validations/_mysql.tpl @@ -0,0 +1,103 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MySQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mysql.passwords" -}} + {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mysql.values.enabled" . -}} + {{- $architecture := include "common.mysql.values.architecture" . -}} + {{- $authPrefix := include "common.mysql.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mysql. + +Usage: +{{ include "common.mysql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mysql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mysql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.key.auth" -}} + {{- if .subchart -}} + mysql.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/charts/superset/charts/redis/templates/master/application.yaml b/charts/superset/charts/redis/templates/master/application.yaml new file mode 100644 index 0000000..184916c --- /dev/null +++ b/charts/superset/charts/redis/templates/master/application.yaml @@ -0,0 +1,524 @@ +{{- if or (not (eq .Values.architecture "replication")) (not .Values.sentinel.enabled) }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: {{ .Values.master.kind }} +metadata: + name: {{ printf "%s-master" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: master + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.master.count }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: master + {{- if (eq .Values.master.kind "StatefulSet") }} + serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }} + {{- end }} + {{- if .Values.master.updateStrategy }} + {{- if (eq .Values.master.kind "Deployment") }} + strategy: {{- toYaml .Values.master.updateStrategy | nindent 4 }} + {{- else }} + updateStrategy: {{- toYaml .Values.master.updateStrategy | nindent 4 }} + {{- end }} + {{- if and .Values.master.minReadySeconds (semverCompare ">= 1.23-0" (include "common.capabilities.kubeVersion" .)) }} + minReadySeconds: {{ .Values.master.minReadySeconds }} + {{- end }} + {{- end }} + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: master + {{- if .Values.master.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.master.podLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }} + {{- end }} + annotations: + {{- if (include "redis.createConfigmap" .) }} + checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} + checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }} + checksum/scripts: {{ include (print $.Template.BasePath "/scripts-configmap.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- if .Values.master.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.master.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + spec: + {{- include "redis.imagePullSecrets" . | nindent 6 }} + {{- if .Values.master.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.master.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.master.podSecurityContext.enabled }} + securityContext: {{- omit .Values.master.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "redis.masterServiceAccountName" . }} + {{- if .Values.master.priorityClassName }} + priorityClassName: {{ .Values.master.priorityClassName | quote }} + {{- end }} + {{- if .Values.master.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.master.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.master.podAffinityPreset "component" "master" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.master.podAntiAffinityPreset "component" "master" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.master.nodeAffinityPreset.type "key" .Values.master.nodeAffinityPreset.key "values" .Values.master.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.master.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.master.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.master.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.master.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.master.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.master.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.master.shareProcessNamespace }} + shareProcessNamespace: {{ .Values.master.shareProcessNamespace }} + {{- end }} + {{- if .Values.master.schedulerName }} + schedulerName: {{ .Values.master.schedulerName | quote }} + {{- end }} + {{- if .Values.master.dnsPolicy }} + dnsPolicy: {{ .Values.master.dnsPolicy }} + {{- end }} + {{- if .Values.master.dnsConfig }} + dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.master.dnsConfig "context" $) | nindent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.master.terminationGracePeriodSeconds }} + containers: + - name: redis + image: {{ template "redis.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.master.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.master.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.master.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.master.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.master.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.master.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.master.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.master.args "context" $) | nindent 12 }} + {{- else }} + args: + - -c + - /opt/bitnami/scripts/start-scripts/start-master.sh + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: REDIS_REPLICATION_MODE + value: master + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} + {{- if .Values.auth.enabled }} + {{- if .Values.auth.usePasswordFiles }} + - name: REDIS_PASSWORD_FILE + value: "/opt/bitnami/redis/secrets/redis-password" + {{- else }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "redis.secretName" . }} + key: {{ template "redis.secretPasswordKey" . }} + {{- end }} + {{- end }} + - name: REDIS_TLS_ENABLED + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: REDIS_TLS_PORT + value: {{ .Values.master.containerPorts.redis | quote }} + - name: REDIS_TLS_AUTH_CLIENTS + value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} + - name: REDIS_TLS_CERT_FILE + value: {{ template "redis.tlsCert" . }} + - name: REDIS_TLS_KEY_FILE + value: {{ template "redis.tlsCertKey" . }} + - name: REDIS_TLS_CA_FILE + value: {{ template "redis.tlsCACert" . }} + {{- if .Values.tls.dhParamsFilename }} + - name: REDIS_TLS_DH_PARAMS_FILE + value: {{ template "redis.tlsDHParams" . }} + {{- end }} + {{- else }} + - name: REDIS_PORT + value: {{ .Values.master.containerPorts.redis | quote }} + {{- end }} + {{- if .Values.master.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.master.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.master.extraEnvVarsCM .Values.master.extraEnvVarsSecret }} + envFrom: + {{- if .Values.master.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.master.extraEnvVarsCM }} + {{- end }} + {{- if .Values.master.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.master.extraEnvVarsSecret }} + {{- end }} + {{- end }} + ports: + - name: redis + containerPort: {{ .Values.master.containerPorts.redis }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.master.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.master.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.master.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: redis + {{- end }} + {{- if .Values.master.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.master.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.master.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.master.livenessProbe.periodSeconds }} + # One second longer than command timeout should prevent generation of zombie processes. + timeoutSeconds: {{ add1 .Values.master.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.master.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.master.livenessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/ping_liveness_local.sh {{ .Values.master.livenessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.master.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.master.readinessProbe.enabled }} + readinessProbe: + initialDelaySeconds: {{ .Values.master.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.master.readinessProbe.periodSeconds }} + timeoutSeconds: {{ add1 .Values.master.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.master.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.master.readinessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/ping_readiness_local.sh {{ .Values.master.readinessProbe.timeoutSeconds }} + {{- end }} + {{- end }} + {{- if .Values.master.resources }} + resources: {{- toYaml .Values.master.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: start-scripts + mountPath: /opt/bitnami/scripts/start-scripts + - name: health + mountPath: /health + {{- if .Values.auth.usePasswordFiles }} + - name: redis-password + mountPath: /opt/bitnami/redis/secrets/ + {{- end }} + - name: redis-data + mountPath: {{ .Values.master.persistence.path }} + {{- if .Values.master.persistence.subPath }} + subPath: {{ .Values.master.persistence.subPath }} + {{- else if .Values.master.persistence.subPathExpr }} + subPathExpr: {{ .Values.master.persistence.subPathExpr }} + {{- end }} + - name: config + mountPath: /opt/bitnami/redis/mounted-etc + - name: redis-tmp-conf + mountPath: /opt/bitnami/redis/etc/ + - name: tmp + mountPath: /tmp + {{- if .Values.tls.enabled }} + - name: redis-certificates + mountPath: /opt/bitnami/redis/certs + readOnly: true + {{- end }} + {{- if .Values.master.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.master.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ include "redis.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.metrics.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} + {{- else }} + command: + - /bin/bash + - -c + - | + if [[ -f '/secrets/redis-password' ]]; then + export REDIS_PASSWORD=$(cat /secrets/redis-password) + fi + redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: REDIS_ALIAS + value: {{ template "common.names.fullname" . }} + {{- if .Values.auth.enabled }} + - name: REDIS_USER + value: default + {{- if (not .Values.auth.usePasswordFiles) }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "redis.secretName" . }} + key: {{ template "redis.secretPasswordKey" . }} + {{- end }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: REDIS_ADDR + value: rediss://{{ .Values.metrics.redisTargetHost }}:{{ .Values.master.containerPorts.redis }} + {{- if .Values.tls.authClients }} + - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE + value: {{ template "redis.tlsCertKey" . }} + - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE + value: {{ template "redis.tlsCert" . }} + {{- end }} + - name: REDIS_EXPORTER_TLS_CA_CERT_FILE + value: {{ template "redis.tlsCACert" . }} + {{- end }} + {{- if .Values.metrics.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + ports: + - name: metrics + containerPort: 9121 + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: metrics + {{- end }} + {{- if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: / + port: metrics + {{- end }} + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.auth.usePasswordFiles }} + - name: redis-password + mountPath: /secrets/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: redis-certificates + mountPath: /opt/bitnami/redis/certs + readOnly: true + {{- end }} + {{- if .Values.metrics.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.master.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.master.sidecars "context" $) | nindent 8 }} + {{- end }} + {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.master.persistence.enabled .Values.master.podSecurityContext.enabled .Values.master.containerSecurityContext.enabled }} + {{- if or .Values.master.initContainers $needsVolumePermissions .Values.sysctl.enabled }} + initContainers: + {{- if .Values.master.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.master.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if $needsVolumePermissions }} + - name: volume-permissions + image: {{ include "redis.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + - -ec + - | + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.master.persistence.path }} + {{- else }} + chown -R {{ .Values.master.containerSecurityContext.runAsUser }}:{{ .Values.master.podSecurityContext.fsGroup }} {{ .Values.master.persistence.path }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: redis-data + mountPath: {{ .Values.master.persistence.path }} + {{- if .Values.master.persistence.subPath }} + subPath: {{ .Values.master.persistence.subPath }} + {{- else if .Values.master.persistence.subPathExpr }} + subPathExpr: {{ .Values.master.persistence.subPathExpr }} + {{- end }} + {{- end }} + {{- if .Values.sysctl.enabled }} + - name: init-sysctl + image: {{ include "redis.sysctl.image" . }} + imagePullPolicy: {{ default "" .Values.sysctl.image.pullPolicy | quote }} + securityContext: + privileged: true + runAsUser: 0 + {{- if .Values.sysctl.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.sysctl.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sysctl.resources }} + resources: {{- toYaml .Values.sysctl.resources | nindent 12 }} + {{- end }} + {{- if .Values.sysctl.mountHostSys }} + volumeMounts: + - name: host-sys + mountPath: /host-sys + {{- end }} + {{- end }} + {{- end }} + volumes: + - name: start-scripts + configMap: + name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} + defaultMode: 0755 + - name: health + configMap: + name: {{ printf "%s-health" (include "common.names.fullname" .) }} + defaultMode: 0755 + {{- if .Values.auth.usePasswordFiles }} + - name: redis-password + secret: + secretName: {{ template "redis.secretName" . }} + items: + - key: {{ template "redis.secretPasswordKey" . }} + path: redis-password + {{- end }} + - name: config + configMap: + name: {{ include "redis.configmapName" . }} + {{- if .Values.sysctl.mountHostSys }} + - name: host-sys + hostPath: + path: /sys + {{- end }} + - name: redis-tmp-conf + {{- if or .Values.master.persistence.medium .Values.master.persistence.sizeLimit }} + emptyDir: + {{- if .Values.master.persistence.medium }} + medium: {{ .Values.master.persistence.medium | quote }} + {{- end }} + {{- if .Values.master.persistence.sizeLimit }} + sizeLimit: {{ .Values.master.persistence.sizeLimit | quote }} + {{- end }} + {{- else }} + emptyDir: {} + {{- end }} + - name: tmp + {{- if or .Values.master.persistence.medium .Values.master.persistence.sizeLimit }} + emptyDir: + {{- if .Values.master.persistence.medium }} + medium: {{ .Values.master.persistence.medium | quote }} + {{- end }} + {{- if .Values.master.persistence.sizeLimit }} + sizeLimit: {{ .Values.master.persistence.sizeLimit | quote }} + {{- end }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.tls.enabled }} + - name: redis-certificates + secret: + secretName: {{ include "redis.tlsSecretName" . }} + defaultMode: 256 + {{- end }} + {{- if .Values.master.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.master.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if not .Values.master.persistence.enabled }} + - name: redis-data + {{- if or .Values.master.persistence.medium .Values.master.persistence.sizeLimit }} + emptyDir: + {{- if .Values.master.persistence.medium }} + medium: {{ .Values.master.persistence.medium | quote }} + {{- end }} + {{- if .Values.master.persistence.sizeLimit }} + sizeLimit: {{ .Values.master.persistence.sizeLimit | quote }} + {{- end }} + {{- else }} + emptyDir: {} + {{- end }} + {{- else if .Values.master.persistence.existingClaim }} + - name: redis-data + persistentVolumeClaim: + claimName: {{ printf "%s" (tpl .Values.master.persistence.existingClaim .) }} + {{- else if (eq .Values.master.kind "Deployment") }} + - name: redis-data + persistentVolumeClaim: + claimName: {{ printf "redis-data-%s-master" (include "common.names.fullname" .) }} + {{- else }} + volumeClaimTemplates: + - metadata: + name: redis-data + labels: {{- include "common.labels.matchLabels" . | nindent 10 }} + app.kubernetes.io/component: master + {{- if .Values.master.persistence.labels }} + {{- toYaml .Values.master.persistence.labels | nindent 4 }} + {{- end }} + {{- if .Values.master.persistence.annotations }} + annotations: {{- toYaml .Values.master.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.master.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.master.persistence.size | quote }} + {{- if .Values.master.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.selector "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.master.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.dataSource "context" $) | nindent 10 }} + {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.master.persistence "global" .Values.global) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/superset/charts/redis/templates/master/pvc.yaml b/charts/superset/charts/redis/templates/master/pvc.yaml new file mode 100644 index 0000000..ee2691a --- /dev/null +++ b/charts/superset/charts/redis/templates/master/pvc.yaml @@ -0,0 +1,30 @@ +{{- if and (eq .Values.architecture "standalone") (eq .Values.master.kind "Deployment") (.Values.master.persistence.enabled) (not .Values.master.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ printf "redis-data-%s-master" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: master + {{- if .Values.master.persistence.labels }} + {{- toYaml .Values.master.persistence.labels | nindent 4 }} + {{- end }} + {{- if .Values.master.persistence.annotations }} + annotations: {{- toYaml .Values.master.persistence.annotations | nindent 4 }} + {{- end }} +spec: + accessModes: + {{- range .Values.master.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.master.persistence.size | quote }} + {{- if .Values.master.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.selector "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.master.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.dataSource "context" $) | nindent 4 }} + {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.master.persistence "global" .Values.global) | nindent 2 }} +{{- end }} diff --git a/charts/superset/charts/redis/templates/master/serviceaccount.yaml b/charts/superset/charts/redis/templates/master/serviceaccount.yaml new file mode 100644 index 0000000..9c62e5f --- /dev/null +++ b/charts/superset/charts/redis/templates/master/serviceaccount.yaml @@ -0,0 +1,21 @@ +{{- if .Values.master.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.master.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ template "redis.masterServiceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.commonAnnotations .Values.master.serviceAccount.annotations }} + annotations: + {{- if or .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.master.serviceAccount.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.master.serviceAccount.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/superset/charts/redis/templates/replicas/serviceaccount.yaml b/charts/superset/charts/redis/templates/replicas/serviceaccount.yaml new file mode 100644 index 0000000..333ec9f --- /dev/null +++ b/charts/superset/charts/redis/templates/replicas/serviceaccount.yaml @@ -0,0 +1,21 @@ +{{- if .Values.replica.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.replica.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ template "redis.replicaServiceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.commonAnnotations .Values.replica.serviceAccount.annotations }} + annotations: + {{- if or .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.replica.serviceAccount.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.replica.serviceAccount.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/superset/templates/deployment-flower.yaml b/charts/superset/templates/deployment-flower.yaml new file mode 100644 index 0000000..e4b05a1 --- /dev/null +++ b/charts/superset/templates/deployment-flower.yaml @@ -0,0 +1,155 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.supersetCeleryFlower.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "superset.fullname" . }}-flower + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "superset.name" . }}-flower + chart: {{ template "superset.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- if .Values.supersetCeleryFlower.deploymentAnnotations }} + annotations: {{- toYaml .Values.supersetCeleryFlower.deploymentAnnotations | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.supersetCeleryFlower.replicaCount }} + selector: + matchLabels: + app: {{ template "superset.name" . }}-flower + release: {{ .Release.Name }} + template: + metadata: + annotations: + checksum/config: {{ include "superset-config" . | sha256sum }} + checksum/secrets: {{ tpl (toJson .Values.extraSecretEnv) . | sha256sum }} + {{- if .Values.supersetCeleryFlower.podAnnotations }} + {{- toYaml .Values.supersetCeleryFlower.podAnnotations | nindent 8 }} + {{- end }} + labels: + app: "{{ template "superset.name" . }}-flower" + release: {{ .Release.Name }} + {{- if .Values.supersetCeleryFlower.podLabels }} + {{- toYaml .Values.supersetCeleryFlower.podLabels | nindent 8 }} + {{- end }} + spec: + {{- if or (.Values.serviceAccount.create) (.Values.serviceAccountName) }} + serviceAccountName: {{ template "superset.serviceAccountName" . }} + {{- end }} + securityContext: + runAsUser: {{ .Values.runAsUser }} + {{- if .Values.supersetCeleryFlower.podSecurityContext }} + {{- toYaml .Values.supersetCeleryFlower.podSecurityContext | nindent 8 }} + {{- end }} + {{- if .Values.supersetCeleryFlower.initContainers }} + initContainers: {{- tpl (toYaml .Values.supersetCeleryFlower.initContainers) . | nindent 6 }} + {{- end }} + {{- with .Values.hostAliases }} + hostAliases: {{- toYaml . | nindent 6 }} + {{- end }} + containers: + - name: "{{ .Chart.Name }}-flower" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.supersetCeleryFlower.containerSecurityContext }} + securityContext: {{- toYaml .Values.supersetCeleryFlower.containerSecurityContext | nindent 12 }} + {{- end }} + command: {{ tpl (toJson .Values.supersetCeleryFlower.command) . }} + env: + {{- range $key, $value := .Values.extraEnv }} + - name: {{ $key | quote}} + value: {{ $value | quote }} + {{- end }} + {{- if .Values.extraEnvRaw }} + {{- toYaml .Values.extraEnvRaw | nindent 12 }} + {{- end }} + envFrom: + - secretRef: + name: {{ tpl .Values.envFromSecret . | quote }} + {{- range .Values.envFromSecrets }} + - secretRef: + name: {{ tpl . $ | quote }} + {{- end }} + ports: + - name: flower + containerPort: 5555 + protocol: TCP + volumeMounts: + - name: superset-config + mountPath: {{ .Values.configMountPath | quote }} + readOnly: true + {{- with .Values.extraVolumeMounts }} + {{- tpl (toYaml .) $ | nindent 12 -}} + {{- end }} + {{- if .Values.supersetCeleryFlower.startupProbe }} + startupProbe: {{- .Values.supersetCeleryFlower.startupProbe | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.supersetCeleryFlower.readinessProbe }} + readinessProbe: {{- .Values.supersetCeleryFlower.readinessProbe | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.supersetCeleryFlower.livenessProbe }} + livenessProbe: {{- .Values.supersetCeleryFlower.livenessProbe | toYaml | nindent 12 }} + {{- end }} + resources: + {{- if .Values.supersetCeleryFlower.resources }} + {{- toYaml .Values.supersetCeleryFlower.resources | nindent 12 }} + {{- else }} + {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.supersetCeleryFlower.extraContainers }} + {{- toYaml .Values.supersetCeleryFlower.extraContainers | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 8 }} + {{- end }} + {{- if or .Values.affinity .Values.supersetCeleryFlower.affinity }} + affinity: + {{- with .Values.affinity }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.supersetCeleryFlower.affinity }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- if or .Values.topologySpreadConstraints .Values.supersetCeleryFlower.topologySpreadConstraints }} + topologySpreadConstraints: + {{- with .Values.topologySpreadConstraints }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.supersetCeleryFlower.topologySpreadConstraints }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: {{- toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + volumes: + - name: superset-config + secret: + secretName: {{ tpl .Values.configFromSecret . }} + {{- with .Values.extraVolumes }} + {{- tpl (toYaml .) $ | nindent 8 -}} + {{- end }} +{{- end -}} diff --git a/charts/superset/templates/deployment-ws.yaml b/charts/superset/templates/deployment-ws.yaml new file mode 100644 index 0000000..7612900 --- /dev/null +++ b/charts/superset/templates/deployment-ws.yaml @@ -0,0 +1,151 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.supersetWebsockets.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ template "superset.fullname" . }}-ws" + namespace: {{ .Release.Namespace }} + labels: + app: "{{ template "superset.name" . }}-ws" + chart: {{ template "superset.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- if .Values.supersetWebsockets.deploymentAnnotations }} + annotations: {{- toYaml .Values.supersetWebsockets.deploymentAnnotations | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.supersetWebsockets.replicaCount }} + selector: + matchLabels: + app: "{{ template "superset.name" . }}-ws" + release: {{ .Release.Name }} + {{- if .Values.supersetWebsockets.strategy }} + strategy: {{- toYaml .Values.supersetWebsockets.strategy | nindent 4 }} + {{- end }} + template: + metadata: + annotations: + checksum/wsconfig: {{ tpl (toJson .Values.supersetWebsockets.config) . | sha256sum }} + checksum/secrets: {{ tpl (toJson .Values.extraSecretEnv) . | sha256sum }} + {{- if .Values.supersetWebsockets.podAnnotations }} + {{- toYaml .Values.supersetWebsockets.podAnnotations | nindent 8 }} + {{- end }} + labels: + app: "{{ template "superset.name" . }}-ws" + release: {{ .Release.Name }} + {{- if .Values.supersetWebsockets.podLabels }} + {{- toYaml .Values.supersetWebsockets.podLabels | nindent 8 }} + {{- end }} + spec: + {{- if or (.Values.serviceAccount.create) (.Values.serviceAccountName) }} + serviceAccountName: {{ template "superset.serviceAccountName" . }} + {{- end }} + securityContext: + runAsUser: {{ .Values.runAsUser }} + {{- if .Values.supersetWebsockets.podSecurityContext }} + {{- toYaml .Values.supersetWebsockets.podSecurityContext | nindent 8 }} + {{- end }} + {{- with .Values.hostAliases }} + hostAliases: {{- toYaml . | nindent 6 }} + {{- end }} + containers: + - name: "{{ .Chart.Name }}-ws" + image: "{{ .Values.supersetWebsockets.image.repository }}:{{ .Values.supersetWebsockets.image.tag }}" + imagePullPolicy: {{ .Values.supersetWebsockets.image.pullPolicy }} + {{- if .Values.supersetWebsockets.containerSecurityContext }} + securityContext: {{- toYaml .Values.supersetWebsockets.containerSecurityContext | nindent 12 }} + {{- end }} + command: {{ tpl (toJson .Values.supersetWebsockets.command) . }} + # Passing all the envs is a bit blunt... we only need a few (see https://github.com/apache/superset/blob/master/superset-websocket/src/config.ts)... + env: + {{- range $key, $value := .Values.extraEnv }} + - name: {{ $key | quote}} + value: {{ $value | quote }} + {{- end }} + {{- if .Values.extraEnvRaw }} + {{- toYaml .Values.extraEnvRaw | nindent 12 }} + {{- end }} + envFrom: + - secretRef: + name: {{ tpl .Values.envFromSecret . | quote }} + {{- range .Values.envFromSecrets }} + - secretRef: + name: {{ tpl . $ | quote }} + {{- end }} + ports: + - name: ws + containerPort: {{ .Values.supersetWebsockets.config.port }} + protocol: TCP + volumeMounts: + - name: superset-ws-config + mountPath: /home/superset-websocket/config.json + subPath: config.json + readOnly: true + resources: + {{- if .Values.supersetWebsockets.resources }} + {{- toYaml .Values.supersetWebsockets.resources | nindent 12 }} + {{- else }} + {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.supersetWebsockets.startupProbe }} + startupProbe: {{- .Values.supersetWebsockets.startupProbe | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.supersetWebsockets.readinessProbe }} + readinessProbe: {{- .Values.supersetWebsockets.readinessProbe | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.supersetWebsockets.livenessProbe }} + livenessProbe: {{- .Values.supersetWebsockets.livenessProbe | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.supersetWebsockets.extraContainers }} + {{- toYaml .Values.supersetWebsockets.extraContainers | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 8 }} + {{- end }} + {{- if or .Values.affinity .Values.supersetWebsockets.affinity }} + affinity: + {{- with .Values.affinity }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.supersetWebsockets.affinity }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- if or .Values.topologySpreadConstraints .Values.supersetWebsockets.topologySpreadConstraints }} + topologySpreadConstraints: + {{- with .Values.topologySpreadConstraints }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.supersetWebsockets.topologySpreadConstraints }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: {{- toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + volumes: + - name: superset-ws-config + secret: + secretName: "{{ template "superset.fullname" . }}-ws-config" +{{- end }} diff --git a/charts/superset/templates/hpa-node.yaml b/charts/superset/templates/hpa-node.yaml new file mode 100644 index 0000000..aee2d1d --- /dev/null +++ b/charts/superset/templates/hpa-node.yaml @@ -0,0 +1,54 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.supersetNode.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "superset.fullname" . }}-hpa + labels: + app: {{ template "superset.name" . }} + chart: {{ template "superset.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "superset.fullname" . }} + minReplicas: {{ .Values.supersetNode.autoscaling.minReplicas }} + maxReplicas: {{ .Values.supersetNode.autoscaling.maxReplicas }} + metrics: + {{- if .Values.supersetNode.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.supersetNode.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.supersetNode.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.supersetNode.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/charts/superset/templates/hpa-worker.yaml b/charts/superset/templates/hpa-worker.yaml new file mode 100644 index 0000000..f2fd215 --- /dev/null +++ b/charts/superset/templates/hpa-worker.yaml @@ -0,0 +1,54 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.supersetWorker.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "superset.fullname" . }}-hpa-worker + labels: + app: {{ template "superset.name" . }} + chart: {{ template "superset.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "superset.fullname" . }}-worker + minReplicas: {{ .Values.supersetWorker.autoscaling.minReplicas }} + maxReplicas: {{ .Values.supersetWorker.autoscaling.maxReplicas }} + metrics: + {{- if .Values.supersetWorker.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.supersetWorker.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.supersetWorker.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.supersetWorker.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/charts/superset/templates/secret-ws.yaml b/charts/superset/templates/secret-ws.yaml new file mode 100644 index 0000000..aaa9a24 --- /dev/null +++ b/charts/superset/templates/secret-ws.yaml @@ -0,0 +1,35 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.supersetWebsockets.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: "{{ template "superset.fullname" . }}-ws-config" + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "superset.fullname" . }} + chart: {{ template "superset.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +type: Opaque +stringData: + config.json: | + {{- tpl (toJson .Values.supersetWebsockets.config) . | nindent 4 }} +{{- end }} diff --git a/charts/superset/templates/service-flower.yaml b/charts/superset/templates/service-flower.yaml new file mode 100644 index 0000000..8c19889 --- /dev/null +++ b/charts/superset/templates/service-flower.yaml @@ -0,0 +1,50 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.supersetCeleryFlower.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: "{{ template "superset.fullname" . }}-flower" + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "superset.name" . }} + chart: {{ template "superset.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- with .Values.supersetCeleryFlower.service.annotations }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.supersetCeleryFlower.service.type }} + ports: + - port: {{ .Values.supersetCeleryFlower.service.port }} + targetPort: flower + protocol: TCP + name: flower + {{- if and (or (eq .Values.supersetCeleryFlower.service.type "NodePort") (eq .Values.supersetCeleryFlower.service.type "LoadBalancer")) (not (empty .Values.supersetCeleryFlower.service.nodePort.http)) }} + nodePort: {{ .Values.supersetCeleryFlower.service.nodePort.http }} + {{- end }} + selector: + app: {{ template "superset.name" . }}-flower + release: {{ .Release.Name }} + {{- if .Values.supersetCeleryFlower.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.supersetCeleryFlower.service.loadBalancerIP }} + {{- end }} +{{- end }} diff --git a/charts/superset/templates/service-ws.yaml b/charts/superset/templates/service-ws.yaml new file mode 100644 index 0000000..3dd02b7 --- /dev/null +++ b/charts/superset/templates/service-ws.yaml @@ -0,0 +1,50 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.supersetWebsockets.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: "{{ template "superset.fullname" . }}-ws" + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "superset.name" . }} + chart: {{ template "superset.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- with .Values.supersetWebsockets.service.annotations }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.supersetWebsockets.service.type }} + ports: + - port: {{ .Values.supersetWebsockets.service.port }} + targetPort: ws + protocol: TCP + name: ws + {{- if and (or (eq .Values.supersetWebsockets.service.type "NodePort") (eq .Values.supersetWebsockets.service.type "LoadBalancer")) (not (empty .Values.supersetWebsockets.service.nodePort.http)) }} + nodePort: {{ .Values.supersetWebsockets.service.nodePort.http }} + {{- end }} + selector: + app: "{{ template "superset.name" . }}-ws" + release: {{ .Release.Name }} + {{- if .Values.supersetWebsockets.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.supersetWebsockets.service.loadBalancerIP }} + {{- end }} +{{- end }} diff --git a/charts/superset/templates/serviceaccount.yaml b/charts/superset/templates/serviceaccount.yaml new file mode 100644 index 0000000..0c2cfb3 --- /dev/null +++ b/charts/superset/templates/serviceaccount.yaml @@ -0,0 +1,38 @@ +{{/* + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "superset.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "superset.name" . }} + helm.sh/chart: {{ include "superset.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- if semverCompare "> 1.6" .Capabilities.KubeVersion.GitVersion }} + kubernetes.io/cluster-service: "true" + {{- end }} + addonmanager.kubernetes.io/mode: Reconcile + {{- if .Values.serviceAccount.annotations }} + annotations: {{- toYaml .Values.serviceAccount.annotations | nindent 4 }} + {{- end }} +{{- end -}}