Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Custom superset_config.py + secret envs #13096

Merged
merged 1 commit into from
Feb 13, 2021
Merged

feat: Custom superset_config.py + secret envs #13096

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions helm/superset/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,4 +97,13 @@ RESULTS_BACKEND = RedisCache(
port=env('REDIS_PORT'),
key_prefix='superset_results'
)

{{ if .Values.configOverrides }}
# Overrides
{{- range $key, $value := .Values.configOverrides }}
# {{ $key }}
{{ $value }}
{{- end }}
{{- end }}

{{- end }}
5 changes: 5 additions & 0 deletions helm/superset/templates/secret-env.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,3 +32,8 @@ data:
DB_USER: {{ .Values.supersetNode.connections.db_user | b64enc | quote }}
DB_PASS: {{ .Values.supersetNode.connections.db_pass | b64enc | quote }}
DB_NAME: {{ .Values.supersetNode.connections.db_name | b64enc | quote }}
{{- if .Values.extraSecretEnv }}
{{- range $key, $value := .Values.extraSecretEnv }}
{{ $key }}: {{ $value | b64enc | quote }}
{{- end }}
{{- end }}
31 changes: 31 additions & 0 deletions helm/superset/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,13 @@ envFromSecret: '{{ template "superset.fullname" . }}-env'
##
extraEnv: {}

## Extra environment variables to pass as secrets
##
extraSecretEnv: {}
# MAPBOX_API_KEY: ...
# GOOGLE_KEY: ...
# GOOGLE_SECRET: ...

extraConfigs: {}
# datasources-init.yaml: |
# databases:
Expand All @@ -54,6 +61,30 @@ extraConfigs: {}
# sqlalchemy_uri: example://example-db.local
# tables: []

# A dictionary of overrides to append at the end of superset_config.py - the name does not matter
# WARNING: the order is not guaranteed
configOverrides: {}
# enable_oauth: |
# from flask_appbuilder.security.manager import AUTH_DB
# AUTH_TYPE = AUTH_OAUTH

# OAUTH_PROVIDERS = [
# {
# "name": "google",
# "icon": "fa-google",
# "token_key": "access_token",
# "remote_app": {
# "client_id": os.environ.get("GOOGLE_KEY"),
# "client_secret": os.environ.get("GOOGLE_SECRET"),
# "api_base_url": "https://www.googleapis.com/oauth2/v2/",
# "client_kwargs": {"scope": "email profile"},
# "request_token_url": None,
# "access_token_url": "https://accounts.google.com/o/oauth2/token",
# "authorize_url": "https://accounts.google.com/o/oauth2/auth",
# },
# }
Comment on lines +68 to +85
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this be injected from a separate file called enable_oauth_config.py?
by that, we can upgrade configOverrides solution with multiple config modules that can be independent separately and can be mixed with other modules seamlessly

we could have a config_modules folder from which all different config will be loaded from

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I think this is indeed probably a better approach... I went for appending to the existing file because that was the easiest for me, as I'm not 100% confident with my python / FAB skills and didn't want to break things...

I see that /app/pythonpath already had other files:

superset_bootstrap.sh
superset_config.py
superset_init.sh

But I suppose it's safe to simply create those separate config modules in the same directory?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry I just realize you meant loading from a separate file and not into a separate file... :)

I'm not sure if there's a really convenient way to do that in the chart definition itself... it IS possible to read files but I seem to remember this comes with a few limitations...

At install time however, I think something like helm upgrade --set-file configOverrides.enable_oauth_config=oauth.py would work - but AFAIK not with a full directory...

# ]

configMountPath: "/app/pythonpath"

extraConfigMountPath: "/app/configs"
Expand Down