This is an automated email from the ASF dual-hosted git repository.
rusackas pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/superset.git
The following commit(s) were added to refs/heads/master by this push:
new 3e74ff174c refactor(helm): Allow chart operators to exclude the
creation of the secret manifest (#28308)
3e74ff174c is described below
commit 3e74ff174c61fe884d8cca5a7bc5eedce80042c1
Author: Asaf Levy <[email protected]>
AuthorDate: Fri May 3 07:08:32 2024 +0300
refactor(helm): Allow chart operators to exclude the creation of the secret
manifest (#28308)
---
helm/superset/Chart.yaml | 2 +-
helm/superset/README.md | 4 +++-
helm/superset/templates/secret-env.yaml | 3 ++-
helm/superset/values.yaml | 6 ++++++
4 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/helm/superset/Chart.yaml b/helm/superset/Chart.yaml
index cc5780b97a..96a3ae82e3 100644
--- a/helm/superset/Chart.yaml
+++ b/helm/superset/Chart.yaml
@@ -29,7 +29,7 @@ maintainers:
- name: craig-rueda
email: [email protected]
url: https://github.com/craig-rueda
-version: 0.12.9
+version: 0.12.10
dependencies:
- name: postgresql
version: 12.1.6
diff --git a/helm/superset/README.md b/helm/superset/README.md
index 02d21cbc61..e3f6412bb1 100644
--- a/helm/superset/README.md
+++ b/helm/superset/README.md
@@ -23,7 +23,7 @@ NOTE: This file is generated by helm-docs:
https://github.com/norwoodj/helm-docs
# superset
-
+
Apache Superset is a modern, enterprise-ready business intelligence web
application
@@ -117,6 +117,8 @@ On helm this can be set on
`extraSecretEnv.SUPERSET_SECRET_KEY` or `configOverri
| redis | object | see `values.yaml` | Configuration values for the Redis
dependency. ref: https://github.com/bitnami/charts/blob/master/bitnami/redis
More documentation can be found here:
https://artifacthub.io/packages/helm/bitnami/redis |
| resources | object | `{}` | |
| runAsUser | int | `0` | User ID directive. This user must have enough
permissions to run the bootstrap script Running containers as root is not
recommended in production. Change this to another UID - e.g. 1000 to be more
secure |
+| secretEnv | object | `{"create":true}` | Specify rather or not helm should
create the secret described in `secret-env.yaml` template |
+| secretEnv.create | bool | `true` | Change to false in order to support
externally created secret (Binami "Sealed Secrets" for Kubernetes or External
Secrets Operator) note: when externally creating the secret, the chart still
expects to pull values from a secret with the name of the release defaults to
`release-name-superset-env` - full logic located in _helpers.tpl file: `define
"superset.fullname"` |
| service.annotations | object | `{}` | |
| service.loadBalancerIP | string | `nil` | |
| service.nodePort.http | int | `"nil"` | |
diff --git a/helm/superset/templates/secret-env.yaml
b/helm/superset/templates/secret-env.yaml
index f2a9d7af03..6537994960 100644
--- a/helm/superset/templates/secret-env.yaml
+++ b/helm/superset/templates/secret-env.yaml
@@ -16,7 +16,7 @@
limitations under the License.
*/}}
-
+{{- if .Values.secretEnv.create -}}
apiVersion: v1
kind: Secret
metadata:
@@ -51,3 +51,4 @@ stringData:
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
+{{- end }}
diff --git a/helm/superset/values.yaml b/helm/superset/values.yaml
index 2e5517ebe9..7b05e0a290 100644
--- a/helm/superset/values.yaml
+++ b/helm/superset/values.yaml
@@ -31,6 +31,12 @@ fullnameOverride: ~
# Running containers as root is not recommended in production. Change this to
another UID - e.g. 1000 to be more secure
runAsUser: 0
+# -- Specify rather or not helm should create the secret described in
`secret-env.yaml` template
+secretEnv:
+ # -- Change to false in order to support externally created secret (Binami
"Sealed Secrets" for Kubernetes or External Secrets Operator)
+ # note: when externally creating the secret, the chart still expects to pull
values from a secret with the name of the release defaults to
`release-name-superset-env` - full logic located in _helpers.tpl file: `define
"superset.fullname"`
+ create: true
+
# -- Specify service account name to be used
serviceAccountName: ~
serviceAccount:
