From 3e74ff174c61fe884d8cca5a7bc5eedce80042c1 Mon Sep 17 00:00:00 2001 From: Asaf Levy Date: Fri, 3 May 2024 07:08:32 +0300 Subject: [PATCH] refactor(helm): Allow chart operators to exclude the creation of the secret manifest (#28308) --- helm/superset/Chart.yaml | 2 +- helm/superset/README.md | 4 +++- helm/superset/templates/secret-env.yaml | 3 ++- helm/superset/values.yaml | 6 ++++++ 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/helm/superset/Chart.yaml b/helm/superset/Chart.yaml index cc5780b97a0d0..96a3ae82e32a5 100644 --- a/helm/superset/Chart.yaml +++ b/helm/superset/Chart.yaml @@ -29,7 +29,7 @@ maintainers: - name: craig-rueda email: craig@craigrueda.com url: https://github.com/craig-rueda -version: 0.12.9 +version: 0.12.10 dependencies: - name: postgresql version: 12.1.6 diff --git a/helm/superset/README.md b/helm/superset/README.md index 02d21cbc61652..e3f6412bb14bd 100644 --- a/helm/superset/README.md +++ b/helm/superset/README.md @@ -23,7 +23,7 @@ NOTE: This file is generated by helm-docs: https://github.com/norwoodj/helm-docs # superset -![Version: 0.12.9](https://img.shields.io/badge/Version-0.12.9-informational?style=flat-square) +![Version: 0.12.10](https://img.shields.io/badge/Version-0.12.10-informational?style=flat-square) Apache Superset is a modern, enterprise-ready business intelligence web application @@ -117,6 +117,8 @@ On helm this can be set on `extraSecretEnv.SUPERSET_SECRET_KEY` or `configOverri | redis | object | see `values.yaml` | Configuration values for the Redis dependency. ref: https://github.com/bitnami/charts/blob/master/bitnami/redis More documentation can be found here: https://artifacthub.io/packages/helm/bitnami/redis | | resources | object | `{}` | | | runAsUser | int | `0` | User ID directive. This user must have enough permissions to run the bootstrap script Running containers as root is not recommended in production. Change this to another UID - e.g. 1000 to be more secure | +| secretEnv | object | `{"create":true}` | Specify rather or not helm should create the secret described in `secret-env.yaml` template | +| secretEnv.create | bool | `true` | Change to false in order to support externally created secret (Binami "Sealed Secrets" for Kubernetes or External Secrets Operator) note: when externally creating the secret, the chart still expects to pull values from a secret with the name of the release defaults to `release-name-superset-env` - full logic located in _helpers.tpl file: `define "superset.fullname"` | | service.annotations | object | `{}` | | | service.loadBalancerIP | string | `nil` | | | service.nodePort.http | int | `"nil"` | | diff --git a/helm/superset/templates/secret-env.yaml b/helm/superset/templates/secret-env.yaml index f2a9d7af03f91..653799496076d 100644 --- a/helm/superset/templates/secret-env.yaml +++ b/helm/superset/templates/secret-env.yaml @@ -16,7 +16,7 @@ limitations under the License. */}} - +{{- if .Values.secretEnv.create -}} apiVersion: v1 kind: Secret metadata: @@ -51,3 +51,4 @@ stringData: {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} +{{- end }} diff --git a/helm/superset/values.yaml b/helm/superset/values.yaml index 2e5517ebe97e3..7b05e0a290935 100644 --- a/helm/superset/values.yaml +++ b/helm/superset/values.yaml @@ -31,6 +31,12 @@ fullnameOverride: ~ # Running containers as root is not recommended in production. Change this to another UID - e.g. 1000 to be more secure runAsUser: 0 +# -- Specify rather or not helm should create the secret described in `secret-env.yaml` template +secretEnv: + # -- Change to false in order to support externally created secret (Binami "Sealed Secrets" for Kubernetes or External Secrets Operator) + # note: when externally creating the secret, the chart still expects to pull values from a secret with the name of the release defaults to `release-name-superset-env` - full logic located in _helpers.tpl file: `define "superset.fullname"` + create: true + # -- Specify service account name to be used serviceAccountName: ~ serviceAccount: