Skip to content

Commit 89677d4

Browse files
migruiz4bitnami-bot
migruiz4
and
bitnami-bot
authored
[bitnami/superset] Set usePasswordFiles=true by default (#32778)
* [bitnami/superset] Set `usePasswordFiles=true` by default Signed-off-by: Miguel Ruiz <[email protected]> * Add upgrading notes Signed-off-by: Miguel Ruiz <[email protected]> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <[email protected]> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Bot <[email protected]> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <[email protected]> * Fix init containers Signed-off-by: Miguel Ruiz <[email protected]> * Fix probes Signed-off-by: Miguel Ruiz <[email protected]> --------- Signed-off-by: Miguel Ruiz <[email protected]> Signed-off-by: Bitnami Bot <[email protected]> Co-authored-by: Bitnami Bot <[email protected]>
1 parent d31ec15 commit 89677d4

File tree

11 files changed

+186
-19
lines changed

11 files changed

+186
-19
lines changed

bitnami/superset/CHANGELOG.md

+6-2
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,12 @@
11
# Changelog
22

3-
## 1.1.3 (2025-04-02)
3+
## 2.0.0 (2025-04-04)
44

5-
* [bitnami/superset] Release 1.1.3 ([#32777](https://github.com/bitnami/charts/pull/32777))
5+
* [bitnami/superset] Set `usePasswordFiles=true` by default ([#32778](https://github.com/bitnami/charts/pull/32778))
6+
7+
## <small>1.1.3 (2025-04-02)</small>
8+
9+
* [bitnami/superset] Release 1.1.3 (#32777) ([d856953](https://github.com/bitnami/charts/commit/d856953250bfdba841d438923045fdc67808d47c)), closes [#32777](https://github.com/bitnami/charts/issues/32777)
610

711
## <small>1.1.2 (2025-03-25)</small>
812

bitnami/superset/Chart.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -38,4 +38,4 @@ sources:
3838
- https://github.com/bitnami/charts/tree/main/bitnami/superset
3939
- https://github.com/bitnami/containers/tree/main/bitnami/superset
4040
- https://github.com/apache/superset
41-
version: 1.1.3
41+
version: 2.0.0

bitnami/superset/README.md

+8-2
Original file line numberDiff line numberDiff line change
@@ -172,6 +172,7 @@ As an alternative, use one of the preset configurations for pod affinity, pod an
172172
| `commonAnnotations` | Annotations to add to all deployed objects | `{}` |
173173
| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` |
174174
| `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
175+
| `usePasswordFiles` | Mount credentials as files instead of using an environment variable | `true` |
175176
| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` |
176177
| `diagnosticMode.command` | Command to override all containers in the chart release | `["sleep"]` |
177178
| `diagnosticMode.args` | Args to override all containers in the chart release | `["infinity"]` |
@@ -516,7 +517,6 @@ As an alternative, use one of the preset configurations for pod affinity, pod an
516517
| `flower.auth.enabled` | Enables Apache Celery flower HTTP basic authentication | `true` |
517518
| `flower.auth.username` | Apache Celery flower username | `user` |
518519
| `flower.auth.password` | Apache Celery flower password | `""` |
519-
| `flower.auth.usePasswordFiles` | Mount credentials as files instead of using an environment variable | `true` |
520520
| `flower.auth.existingSecret` | Name of existing secret to use for Superset Celery flower | `""` |
521521
| `flower.livenessProbe.enabled` | Enable livenessProbe on Superset celery flower containers | `true` |
522522
| `flower.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
@@ -740,6 +740,12 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/super
740740

741741
Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
742742

743+
## Upgrading
744+
745+
### To 2.0.0
746+
747+
This version replaces the value `flower.auth.usePasswordFiles` with the new value `usePasswordFiles`. When using `usePasswordFiles=true`, , all credentials will be mounted as files instead of using an environment variable.
748+
743749
## License
744750

745751
Copyright &copy; 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
@@ -754,4 +760,4 @@ Unless required by applicable law or agreed to in writing, software
754760
distributed under the License is distributed on an "AS IS" BASIS,
755761
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
756762
See the License for the specific language governing permissions and
757-
limitations under the License.
763+
limitations under the License.

bitnami/superset/templates/_helpers.tpl

+45
Original file line numberDiff line numberDiff line change
@@ -201,11 +201,16 @@ Add environment variables to configure database values
201201
- name: SUPERSET_DATABASE_USER
202202
value: {{ include "superset.database.user" . | quote }}
203203
{{- if or (not .Values.postgresql.enabled) .Values.postgresql.auth.enablePostgresUser }}
204+
{{- if .Values.usePasswordFiles }}
205+
- name: SUPERSET_DATABASE_PASSWORD_FILE
206+
value: {{ printf "/opt/bitnami/superset/secrets/%s" (include "superset.database.secretKey" .) }}
207+
{{- else }}
204208
- name: SUPERSET_DATABASE_PASSWORD
205209
valueFrom:
206210
secretKeyRef:
207211
name: {{ include "superset.postgresql.secretName" . }}
208212
key: {{ include "superset.database.secretKey" . }}
213+
{{- end }}
209214
{{- else }}
210215
- name: ALLOW_EMPTY_PASSWORD
211216
value: "true"
@@ -222,22 +227,32 @@ Add environment variables to configure redis values
222227
value: {{ include "superset.redis.port" . | quote }}
223228
- name: REDIS_USER
224229
value: {{ ternary "default" .Values.externalRedis.username .Values.redis.enabled | quote }}
230+
{{- if .Values.usePasswordFiles }}
231+
- name: REDIS_PASSWORD_FILE
232+
value: {{ printf "/opt/bitnami/superset/secrets/%s" (include "superset.redis.secretKey" .) }}
233+
{{- else }}
225234
- name: REDIS_PASSWORD
226235
valueFrom:
227236
secretKeyRef:
228237
name: {{ include "superset.redis.secretName" . }}
229238
key: {{ include "superset.redis.secretKey" . }}
239+
{{- end }}
230240
{{- end -}}
231241

232242
{{/*
233243
Add environment variables to configure superset common values
234244
*/}}
235245
{{- define "superset.configure.common" -}}
246+
{{- if .Values.usePasswordFiles }}
247+
- name: SUPERSET_SECRET_KEY_FILE
248+
value: "/opt/bitnami/superset/secrets/superset-secret-key"
249+
{{- else }}
236250
- name: SUPERSET_SECRET_KEY
237251
valueFrom:
238252
secretKeyRef:
239253
name: {{ include "superset.secretName" . }}
240254
key: superset-secret-key
255+
{{- end }}
241256
{{- if or .Values.existingConfigmap .Values.config }}
242257
- name: SUPERSET_CONF_FILE
243258
value: "/bitnami/superset/conf/superset_config.py"
@@ -276,6 +291,10 @@ Init container definition to wait for PostgreSQL
276291
. /opt/bitnami/scripts/liblog.sh
277292
. /opt/bitnami/scripts/libpostgresql.sh
278293

294+
{{- if .Values.usePasswordFiles }}
295+
export SUPERSET_DATABASE_PASSWORD="$(< $SUPERSET_DATABASE_PASSWORD_FILE)"
296+
{{- end }}
297+
279298
check_postgresql_connection() {
280299
echo "SELECT 1" | postgresql_remote_execute "$SUPERSET_DATABASE_HOST" "$SUPERSET_DATABASE_PORT_NUMBER" "$SUPERSET_DATABASE_NAME" "$SUPERSET_DATABASE_USER" "$SUPERSET_DATABASE_PASSWORD"
281300
}
@@ -289,6 +308,12 @@ Init container definition to wait for PostgreSQL
289308
fi
290309
env:
291310
{{- include "superset.configure.database" . | nindent 4 }}
311+
{{- if .Values.usePasswordFiles }}
312+
volumeMounts:
313+
- name: superset-secrets
314+
mountPath: /opt/bitnami/superset/secrets
315+
readOnly: true
316+
{{- end }}
292317
{{- end -}}
293318

294319
{{/*
@@ -320,6 +345,10 @@ Init container definition to wait for Redis
320345
. /opt/bitnami/scripts/libos.sh
321346
. /opt/bitnami/scripts/liblog.sh
322347

348+
{{- if .Values.usePasswordFiles }}
349+
export REDIS_PASSWORD="$(< $REDIS_PASSWORD_FILE)"
350+
{{- end }}
351+
323352
check_redis_connection() {
324353
local result="$(redis-cli -h ${REDIS_HOST} -p ${REDIS_PORT_NUMBER} -a ${REDIS_PASSWORD} --user ${REDIS_USER} PING)"
325354
if [[ "$result" != "PONG" ]]; then
@@ -336,6 +365,12 @@ Init container definition to wait for Redis
336365
fi
337366
env:
338367
{{- include "superset.configure.redis" . | nindent 4 }}
368+
{{- if .Values.usePasswordFiles }}
369+
volumeMounts:
370+
- name: superset-secrets
371+
mountPath: /opt/bitnami/superset/secrets
372+
readOnly: true
373+
{{- end }}
339374
{{- end }}
340375

341376
{{- define "superset.initContainers.waitForExamples" -}}
@@ -365,6 +400,10 @@ Init container definition to wait for Redis
365400
. /opt/bitnami/scripts/liblog.sh
366401
. /opt/bitnami/scripts/libpostgresql.sh
367402

403+
{{- if .Values.usePasswordFiles }}
404+
export SUPERSET_DATABASE_PASSWORD="$(< $SUPERSET_DATABASE_PASSWORD_FILE)"
405+
{{- end }}
406+
368407
check_examples_database() {
369408
echo "SELECT dashboard_title FROM dashboards" | postgresql_remote_execute_print_output "$SUPERSET_DATABASE_HOST" "$SUPERSET_DATABASE_PORT_NUMBER" "$SUPERSET_DATABASE_NAME" "$SUPERSET_DATABASE_USER" "$SUPERSET_DATABASE_PASSWORD" | grep "Dashboard"
370409
}
@@ -378,6 +417,12 @@ Init container definition to wait for Redis
378417
fi
379418
env:
380419
{{- include "superset.configure.database" . | nindent 4 }}
420+
{{- if .Values.usePasswordFiles }}
421+
volumeMounts:
422+
- name: superset-secrets
423+
mountPath: /opt/bitnami/superset/secrets
424+
readOnly: true
425+
{{- end }}
381426
{{- end }}
382427

383428
{{/*

bitnami/superset/templates/beat/deployment.yaml

+21
Original file line numberDiff line numberDiff line change
@@ -161,6 +161,11 @@ spec:
161161
- name: empty-dir
162162
mountPath: /opt/bitnami/superset/tmp
163163
subPath: app-tmp-dir
164+
{{- if .Values.usePasswordFiles }}
165+
- name: superset-secrets
166+
mountPath: /opt/bitnami/superset/secrets
167+
readOnly: true
168+
{{- end }}
164169
{{- if or .Values.existingConfigmap .Values.config }}
165170
- name: superset-config
166171
mountPath: /bitnami/superset/conf
@@ -174,6 +179,22 @@ spec:
174179
volumes:
175180
- name: empty-dir
176181
emptyDir: {}
182+
{{- if .Values.usePasswordFiles }}
183+
- name: superset-secrets
184+
projected:
185+
sources:
186+
- secret:
187+
name: {{ include "superset.secretName" . }}
188+
items:
189+
- key: superset-secret-key
190+
path: superset-secret-key
191+
- secret:
192+
name: {{ include "superset.redis.secretName" . }}
193+
{{- if or (not .Values.postgresql.enabled) .Values.postgresql.auth.enablePostgresUser }}
194+
- secret:
195+
name: {{ include "superset.postgresql.secretName" . }}
196+
{{- end }}
197+
{{- end }}
177198
{{- if or .Values.existingConfigmap .Values.config }}
178199
- name: superset-config
179200
configMap:

bitnami/superset/templates/externaldb-secrets.yaml

+2-2
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ Copyright Broadcom, Inc. All Rights Reserved.
33
SPDX-License-Identifier: APACHE-2.0
44
*/}}
55

6-
{{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.existingSecret) .Values.externalDatabase.password -}}
6+
{{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.existingSecret) .Values.externalDatabase.password }}
77
apiVersion: v1
88
kind: Secret
99
metadata:
@@ -17,7 +17,7 @@ type: Opaque
1717
data:
1818
{{ .Values.externalDatabase.existingSecretPasswordKey }}: {{ .Values.externalDatabase.password | b64enc | quote }}
1919
{{- end }}
20-
{{- if and (not .Values.redis.enabled) (not .Values.externalRedis.existingSecret) .Values.externalRedis.password -}}
20+
{{- if and (not .Values.redis.enabled) (not .Values.externalRedis.existingSecret) .Values.externalRedis.password }}
2121
---
2222
apiVersion: v1
2323
kind: Secret

bitnami/superset/templates/flower/deployment.yaml

+21-9
Original file line numberDiff line numberDiff line change
@@ -175,8 +175,8 @@ spec:
175175
- name: empty-dir
176176
mountPath: /opt/bitnami/superset/superset_home
177177
subPath: superset-home
178-
{{- if and .Values.flower.auth.enabled .Values.flower.auth.usePasswordFiles }}
179-
- name: flower-basic-auth
178+
{{- if .Values.usePasswordFiles }}
179+
- name: superset-secrets
180180
mountPath: /opt/bitnami/superset/secrets
181181
readOnly: true
182182
{{- end }}
@@ -193,13 +193,25 @@ spec:
193193
volumes:
194194
- name: empty-dir
195195
emptyDir: {}
196-
{{- if and .Values.flower.auth.enabled .Values.flower.auth.usePasswordFiles }}
197-
- name: flower-basic-auth
198-
secret:
199-
secretName: {{ template "superset.flower.secretName" . }}
200-
items:
201-
- key: flower-basic-auth
202-
path: flower-basic-auth
196+
{{- if .Values.usePasswordFiles }}
197+
- name: superset-secrets
198+
projected:
199+
sources:
200+
- secret:
201+
name: {{ include "superset.secretName" . }}
202+
items:
203+
- key: superset-secret-key
204+
path: superset-secret-key
205+
- secret:
206+
name: {{ include "superset.redis.secretName" . }}
207+
{{- if .Values.flower.auth.enabled }}
208+
- secret:
209+
name: {{ include "superset.flower.secretName" . }}
210+
{{- end }}
211+
{{- if or (not .Values.postgresql.enabled) .Values.postgresql.auth.enablePostgresUser }}
212+
- secret:
213+
name: {{ include "superset.postgresql.secretName" . }}
214+
{{- end }}
203215
{{- end }}
204216
{{- if or .Values.existingConfigmap .Values.config }}
205217
- name: superset-config

bitnami/superset/templates/init/init-job.yaml

+28
Original file line numberDiff line numberDiff line change
@@ -74,11 +74,16 @@ spec:
7474
value: {{ .Values.auth.username | quote }}
7575
- name: SUPERSET_EMAIL
7676
value: {{ .Values.auth.email | quote }}
77+
{{- if .Values.usePasswordFiles }}
78+
- name: SUPERSET_PASSWORD_FILE
79+
value: "/opt/bitnami/superset/secrets/superset-password"
80+
{{- else }}
7781
- name: SUPERSET_PASSWORD
7882
valueFrom:
7983
secretKeyRef:
8084
name: {{ include "superset.secretName" . }}
8185
key: superset-password
86+
{{- end }}
8287
- name: SUPERSET_LOAD_EXAMPLES
8388
value: {{ ternary "true" "false" .Values.loadExamples | quote }}
8489
{{- if .Values.init.extraEnvVars }}
@@ -105,6 +110,11 @@ spec:
105110
- name: empty-dir
106111
mountPath: /opt/bitnami/superset/superset_home
107112
subPath: superset-home
113+
{{- if .Values.usePasswordFiles }}
114+
- name: superset-secrets
115+
mountPath: /opt/bitnami/superset/secrets
116+
readOnly: true
117+
{{- end }}
108118
{{- if or .Values.existingConfigmap .Values.config }}
109119
- name: superset-config
110120
mountPath: /bitnami/superset/conf
@@ -118,6 +128,24 @@ spec:
118128
volumes:
119129
- name: empty-dir
120130
emptyDir: {}
131+
{{- if .Values.usePasswordFiles }}
132+
- name: superset-secrets
133+
projected:
134+
sources:
135+
- secret:
136+
name: {{ include "superset.secretName" . }}
137+
items:
138+
- key: superset-secret-key
139+
path: superset-secret-key
140+
- key: superset-password
141+
path: superset-password
142+
- secret:
143+
name: {{ include "superset.redis.secretName" . }}
144+
{{- if or (not .Values.postgresql.enabled) .Values.postgresql.auth.enablePostgresUser }}
145+
- secret:
146+
name: {{ include "superset.postgresql.secretName" . }}
147+
{{- end }}
148+
{{- end }}
121149
{{- if or .Values.existingConfigmap .Values.config }}
122150
- name: superset-config
123151
configMap:

bitnami/superset/templates/web/deployment.yaml

+21
Original file line numberDiff line numberDiff line change
@@ -167,6 +167,11 @@ spec:
167167
- name: empty-dir
168168
mountPath: /opt/bitnami/superset/superset_home
169169
subPath: superset-home
170+
{{- if .Values.usePasswordFiles }}
171+
- name: superset-secrets
172+
mountPath: /opt/bitnami/superset/secrets
173+
readOnly: true
174+
{{- end }}
170175
{{- if or .Values.existingConfigmap .Values.config }}
171176
- name: superset-config
172177
mountPath: /bitnami/superset/conf
@@ -180,6 +185,22 @@ spec:
180185
volumes:
181186
- name: empty-dir
182187
emptyDir: {}
188+
{{- if .Values.usePasswordFiles }}
189+
- name: superset-secrets
190+
projected:
191+
sources:
192+
- secret:
193+
name: {{ include "superset.secretName" . }}
194+
items:
195+
- key: superset-secret-key
196+
path: superset-secret-key
197+
- secret:
198+
name: {{ include "superset.redis.secretName" . }}
199+
{{- if or (not .Values.postgresql.enabled) .Values.postgresql.auth.enablePostgresUser }}
200+
- secret:
201+
name: {{ include "superset.postgresql.secretName" . }}
202+
{{- end }}
203+
{{- end }}
183204
{{- if or .Values.existingConfigmap .Values.config }}
184205
- name: superset-config
185206
configMap:

0 commit comments

Comments
 (0)