diff --git a/install/helm/superset/Chart.yaml b/install/helm/superset/Chart.yaml index 83bbd394d1766..973f6c70479cf 100644 --- a/install/helm/superset/Chart.yaml +++ b/install/helm/superset/Chart.yaml @@ -16,7 +16,7 @@ # apiVersion: v1 appVersion: "1.0" -description: A Helm chart for Kubernetes +description: Apache Superset is a modern, enterprise-ready business intelligence web application name: superset maintainers: - name: Chuan-Yen Chiang diff --git a/install/helm/superset/templates/configmap.yaml b/install/helm/superset/requirements.yaml similarity index 72% rename from install/helm/superset/templates/configmap.yaml rename to install/helm/superset/requirements.yaml index 7a4e5151d1095..1f47d5a082b40 100644 --- a/install/helm/superset/templates/configmap.yaml +++ b/install/helm/superset/requirements.yaml @@ -14,14 +14,12 @@ # See the License for the specific language governing permissions and # limitations under the License. # -apiVersion: v1 -kind: ConfigMap -metadata: - name: superset-configmap - labels: - app: {{ template "superset.name" . }} - chart: {{ template "superset.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: -{{ (.Files.Glob "config/*").AsConfig | indent 2 }} +dependencies: +- name: postgresql + version: 8.1.4 + repository: https://kubernetes-charts.storage.googleapis.com/ + condition: postgresql.enabled +- name: redis + version: 10.3.4 + repository: https://kubernetes-charts.storage.googleapis.com/ + condition: redis.enabled \ No newline at end of file diff --git a/install/helm/superset/templates/_helpers.tpl b/install/helm/superset/templates/_helpers.tpl index 3c104330a32da..d5dd26f6af0d4 100644 --- a/install/helm/superset/templates/_helpers.tpl +++ b/install/helm/superset/templates/_helpers.tpl @@ -48,3 +48,39 @@ Create chart name and version as used by the chart label. {{- define "superset.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{- define "superset-connections.script" }} +import os +from werkzeug.contrib.cache import RedisCache +MAPBOX_API_KEY = os.getenv('MAPBOX_API_KEY', '') + +CACHE_CONFIG = { + 'CACHE_TYPE': 'redis', + 'CACHE_DEFAULT_TIMEOUT': 300, + 'CACHE_KEY_PREFIX': 'superset_', + 'CACHE_REDIS_HOST': os.getenv('REDIS_HOST'), + 'CACHE_REDIS_PORT': os.getenv('REDIS_PORT'), + 'CACHE_REDIS_DB': 1, + 'CACHE_REDIS_URL': 'redis://%s:%s/1' % (os.getenv('REDIS_HOST'),os.getenv('REDIS_PORT'))} +SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://%s:%s@%s:%s/%s' % (os.getenv('DB_USER'), os.getenv('DB_PASS'), os.getenv('DB_HOST'), os.getenv('DB_PORT'), os.getenv('DB_NAME')) +SQLALCHEMY_TRACK_MODIFICATIONS = True +SECRET_KEY = 'thisISaSECRET_1234' +# Flask-WTF flag for CSRF +WTF_CSRF_ENABLED = True +# Add endpoints that need to be exempt from CSRF protection +WTF_CSRF_EXEMPT_LIST = [] +# A CSRF token that expires in 1 year +WTF_CSRF_TIME_LIMIT = 60 * 60 * 24 * 365 +class CeleryConfig(object): + BROKER_URL = 'redis://%s:%s/0' % (os.getenv('REDIS_HOST'),os.getenv('REDIS_PORT')) + CELERY_IMPORTS = ('superset.sql_lab', ) + CELERY_RESULT_BACKEND = 'redis://%s:%s/0' % (os.getenv('REDIS_HOST'),os.getenv('REDIS_PORT')) + CELERY_ANNOTATIONS = {'tasks.add': {'rate_limit': '10/s'}} + +CELERY_CONFIG = CeleryConfig +RESULTS_BACKEND = RedisCache( + host= os.getenv('REDIS_HOST'), + port= os.getenv('REDIS_PORT'), + key_prefix='superset_results' +) +{{- end }} \ No newline at end of file diff --git a/install/helm/superset/templates/deployment.yaml b/install/helm/superset/templates/deployment.yaml index d56c59e282597..da2ee886759b9 100644 --- a/install/helm/superset/templates/deployment.yaml +++ b/install/helm/superset/templates/deployment.yaml @@ -39,9 +39,46 @@ spec: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: superset-secret + key: redis_host + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: superset-secret + key: redis_port + - name: DB_HOST + valueFrom: + secretKeyRef: + name: superset-secret + key: db_host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: superset-secret + key: db_port + - name: DB_USER + valueFrom: + secretKeyRef: + name: superset-secret + key: db_user + - name: DB_PASS + valueFrom: + secretKeyRef: + name: superset-secret + key: db_pass + - name: DB_NAME + valueFrom: + secretKeyRef: + name: superset-secret + key: db_name volumeMounts: - name: superset-config - mountPath: /etc/superset/ + mountPath: "/etc/superset" + readOnly: true ports: - name: http containerPort: 8088 @@ -61,6 +98,6 @@ spec: {{ toYaml . | indent 8 }} {{- end }} volumes: - - name: "superset-config" - configMap: - name: superset-configmap + - name: superset-config + secret: + secretName: superset-config \ No newline at end of file diff --git a/install/helm/superset/templates/init-job.yaml b/install/helm/superset/templates/init-job.yaml new file mode 100644 index 0000000000000..5b287a4218bcc --- /dev/null +++ b/install/helm/superset/templates/init-job.yaml @@ -0,0 +1,80 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +{{- if and ( .Values.initContainers ) ( .Values.init.enabled ) }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "superset.name" . }}-init-db + annotations: +spec: + template: + metadata: + name: {{ template "superset.name" . }}-init-db + spec: + initContainers: + {{- toYaml .Values.initContainers | nindent 6 }} + containers: + - name: {{ template "superset.name" . }}-init-db + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + env: + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: superset-secret + key: redis_host + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: superset-secret + key: redis_port + - name: DB_HOST + valueFrom: + secretKeyRef: + name: superset-secret + key: db_host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: superset-secret + key: db_port + - name: DB_USER + valueFrom: + secretKeyRef: + name: superset-secret + key: db_user + - name: DB_PASS + valueFrom: + secretKeyRef: + name: superset-secret + key: db_pass + - name: DB_NAME + valueFrom: + secretKeyRef: + name: superset-secret + key: db_name + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - name: superset-config + mountPath: "/etc/superset" + readOnly: true + command: [ "/bin/sh", "-c", "{{ .Values.init.initscript }}" ] + volumes: + - name: superset-config + secret: + secretName: superset-config + restartPolicy: Never +{{- end }} \ No newline at end of file diff --git a/install/helm/superset/templates/secret-superset-config.yaml b/install/helm/superset/templates/secret-superset-config.yaml new file mode 100644 index 0000000000000..2886cfad6d5a9 --- /dev/null +++ b/install/helm/superset/templates/secret-superset-config.yaml @@ -0,0 +1,28 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "superset.fullname" . }}-config + labels: + app: {{ template "superset.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +type: Opaque +data: + superset_config.py: {{ include "superset-connections.script" . | b64enc }} \ No newline at end of file diff --git a/install/helm/superset/templates/secret.yaml b/install/helm/superset/templates/secret.yaml new file mode 100644 index 0000000000000..6f326154aa350 --- /dev/null +++ b/install/helm/superset/templates/secret.yaml @@ -0,0 +1,34 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "superset.fullname" . }}-secret + labels: + app: {{ template "superset.fullname" . }} + chart: {{ template "superset.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +type: Opaque +data: + redis_host: {{ .Values.supersetNode.connections.redis_host | b64enc | quote }} + redis_port: {{ .Values.supersetNode.connections.redis_port | b64enc | quote }} + db_host: {{ .Values.supersetNode.connections.db_host | b64enc | quote }} + db_port: {{ .Values.supersetNode.connections.db_port | b64enc | quote }} + db_user: {{ .Values.supersetNode.connections.db_user | b64enc | quote }} + db_pass: {{ .Values.supersetNode.connections.db_pass | b64enc | quote }} + db_name: {{ .Values.supersetNode.connections.db_name | b64enc | quote }} \ No newline at end of file diff --git a/install/helm/superset/values.yaml b/install/helm/superset/values.yaml index 0fc3c76588db2..4db713e4b159d 100644 --- a/install/helm/superset/values.yaml +++ b/install/helm/superset/values.yaml @@ -26,6 +26,22 @@ image: tag: latest pullPolicy: IfNotPresent +initContainers: + - name: wait-for-postgres + image: busybox:latest + imagePullPolicy: IfNotPresent + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: superset-secret + key: db_host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: superset-secret + key: db_port + command: [ "/bin/sh", "-c", "until nc -zv $DB_HOST $DB_PORT -w1; do echo 'waiting for db'; sleep 1; done" ] service: type: NodePort port: 8088 @@ -54,9 +70,133 @@ resources: {} # requests: # cpu: 100m # memory: 128Mi +#Superset node configuration +supersetNode: + connections: + redis_host: superset-redis-headless + redis_port: "6379" + db_host: superset-postgresql + db_port: "5432" + db_user: superset + db_pass: superset + db_name: superset + +# ----------------------------------------------------------------------------- +# Miscellaneous parameters +# ----------------------------------------------------------------------------- + +init: + enabled: true + initscript: |- + superset db upgrade && \ + superset init && \ + superset fab create-admin \ + --username admin \ + --firstname Superset \ + --lastname Admin \ + --email admin@superset.com \ + --password admin || true +## +## Configuration values for the postgresql dependency. +## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md +postgresql: + ## + ## Use the PostgreSQL chart dependency. + ## Set to false if bringing your own PostgreSQL. + enabled: true + + ## + ## The name of an existing secret that contains the postgres password. + existingSecret: + + ## Name of the key containing the secret. + existingSecretKey: postgresql-password + + ## + ## If you are bringing your own PostgreSQL, you should set postgresHost and + ## also probably service.port, postgresqlUsername, postgresqlPassword, and postgresqlDatabase + ## postgresHost: + ## + ## PostgreSQL port + service: + port: 5432 + ## PostgreSQL User to create. + postgresqlUsername: superset + ## + ## PostgreSQL Password for the new user. + ## If not set, a random 10 characters password will be used. + postgresqlPassword: superset + ## + ## PostgreSQL Database to create. + postgresqlDatabase: superset + ## + ## Persistent Volume Storage configuration. + ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes + persistence: + ## + ## Enable PostgreSQL persistence using Persistent Volume Claims. + enabled: true + ## + ## Persistant class + # storageClass: classname + ## + ## Access modes: + accessModes: + - ReadWriteOnce + +## Configuration values for the Redis dependency. +## ref: https://github.com/kubernetes/charts/blob/master/stable/redis/README.md +redis: + ## + ## Use the redis chart dependency. + ## Set to false if bringing your own redis. + enabled: true + + usePassword: false + + ## + ## The name of an existing secret that contains the redis password. + existingSecret: + + ## Name of the key containing the secret. + existingSecretKey: redis-password + + ## + ## If you are bringing your own redis, you can set the host in redisHost. + ## redisHost: + ## + ## Redis password + ## + password: superset + ## + ## Master configuration + master: + ## + ## Image configuration + # image: + ## + ## docker registry secret names (list) + # pullSecrets: nil + ## + ## Configure persistance + persistence: + ## + ## Use a PVC to persist data. + enabled: false + ## + ## Persistant class + # storageClass: classname + ## + ## Access mode: + accessModes: + - ReadWriteOnce + ## + ## Disable cluster management by default. + cluster: + enabled: false nodeSelector: {} tolerations: [] -affinity: {} +affinity: {} \ No newline at end of file