Skip to content

Commit

Permalink
refactor(helm): Allow chart operators to exclude the creation of the …
Browse files Browse the repository at this point in the history
…secret manifest (#28308)
  • Loading branch information
asaf400 authored May 3, 2024
1 parent b4c4ab7 commit 3e74ff1
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 3 deletions.
2 changes: 1 addition & 1 deletion helm/superset/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ maintainers:
- name: craig-rueda
email: [email protected]
url: https://github.com/craig-rueda
version: 0.12.9
version: 0.12.10
dependencies:
- name: postgresql
version: 12.1.6
Expand Down
4 changes: 3 additions & 1 deletion helm/superset/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ NOTE: This file is generated by helm-docs: https://github.com/norwoodj/helm-docs

# superset

![Version: 0.12.9](https://img.shields.io/badge/Version-0.12.9-informational?style=flat-square)
![Version: 0.12.10](https://img.shields.io/badge/Version-0.12.10-informational?style=flat-square)

Apache Superset is a modern, enterprise-ready business intelligence web application

Expand Down Expand Up @@ -117,6 +117,8 @@ On helm this can be set on `extraSecretEnv.SUPERSET_SECRET_KEY` or `configOverri
| redis | object | see `values.yaml` | Configuration values for the Redis dependency. ref: https://github.com/bitnami/charts/blob/master/bitnami/redis More documentation can be found here: https://artifacthub.io/packages/helm/bitnami/redis |
| resources | object | `{}` | |
| runAsUser | int | `0` | User ID directive. This user must have enough permissions to run the bootstrap script Running containers as root is not recommended in production. Change this to another UID - e.g. 1000 to be more secure |
| secretEnv | object | `{"create":true}` | Specify rather or not helm should create the secret described in `secret-env.yaml` template |
| secretEnv.create | bool | `true` | Change to false in order to support externally created secret (Binami "Sealed Secrets" for Kubernetes or External Secrets Operator) note: when externally creating the secret, the chart still expects to pull values from a secret with the name of the release defaults to `release-name-superset-env` - full logic located in _helpers.tpl file: `define "superset.fullname"` |
| service.annotations | object | `{}` | |
| service.loadBalancerIP | string | `nil` | |
| service.nodePort.http | int | `"nil"` | |
Expand Down
3 changes: 2 additions & 1 deletion helm/superset/templates/secret-env.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
limitations under the License.

*/}}

{{- if .Values.secretEnv.create -}}
apiVersion: v1
kind: Secret
metadata:
Expand Down Expand Up @@ -51,3 +51,4 @@ stringData:
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
6 changes: 6 additions & 0 deletions helm/superset/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,12 @@ fullnameOverride: ~
# Running containers as root is not recommended in production. Change this to another UID - e.g. 1000 to be more secure
runAsUser: 0

# -- Specify rather or not helm should create the secret described in `secret-env.yaml` template
secretEnv:
# -- Change to false in order to support externally created secret (Binami "Sealed Secrets" for Kubernetes or External Secrets Operator)
# note: when externally creating the secret, the chart still expects to pull values from a secret with the name of the release defaults to `release-name-superset-env` - full logic located in _helpers.tpl file: `define "superset.fullname"`
create: true

# -- Specify service account name to be used
serviceAccountName: ~
serviceAccount:
Expand Down

0 comments on commit 3e74ff1

Please sign in to comment.