[PR] feat(api): improve Helm migration parity for release [superset-kubernetes-operator]

Thu, 28 May 2026 10:34:53 -0700 


villebro opened a new pull request, #90:
URL: https://github.com/apache/superset-kubernetes-operator/pull/90

   ## Summary
   
   This prepares the operator for the initial 0.1.0 release by closing several 
Helm chart migration gaps and tightening release/security documentation.
   
   The changes add typed Valkey ACL username support, websocket `config.json` 
support, clearer Helm migration guidance, and checksum/pinning improvements for 
CI Helm installation. They also align the security docs and CRD validation 
wording with the current `Development` / `Staging` / `Production` environment 
model.
   
   ## Details
   
   - Add `spec.valkey.username` and `spec.valkey.usernameFrom`
     - Mirrors the existing `password` / `passwordFrom` pattern.
     - Adds mutual-exclusion CEL validation.
     - Renders Redis/Valkey ACL usernames into cache, Celery, and results 
backend configuration.
   - Add websocket `config.json` support
     - `spec.websocketServer.config` renders Development-only inline config to 
a parent-owned ConfigMap.
     - `spec.websocketServer.configFrom` mounts an existing Secret key directly 
at `/home/superset-websocket/config.json`.
     - Secret-backed config does not require the operator to read or copy 
Secrets.   - Inline config changes roll the Deployment automatically; Secret 
content changes continue to use `spec.forceReload`.
   
   - Improve Helm migration parity docs
     - Document Redis username migration.
     - Document Redis SSL `CERT_NONE` to `certRequired: none`.
     - Clarify cache DB default differences.
     - Add websocket config migration examples.
     - Clarify Ingress `path` / `pathType` migration to `hosts[].paths[]`.
     - Document both `className` and legacy `kubernetes.io/ingress.class`.
     - Call out CeleryBeat PDB and `loadBalancerIP` as intentional non-parity.
   
   - Tighten security and release docs
     - Align docs with `Development`, `Staging`, and `Production` behavior.
     - Clarify that raw config, custom commands, env vars, and mounted files 
follow the CR author trust model.
       - Add a pre-RC validation checklist.
     - Replace mutable Helm installer usage in CI/release workflows with a 
pinned/checksum-verified `scripts/install-helm.sh`.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to