Skip to content

[bitnami/superset] Set usePasswordFiles=true by default #32778

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Apr 4, 2025
Merged

[bitnami/superset] Set usePasswordFiles=true by default #32778

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
2311de1
[bitnami/superset] Set `usePasswordFiles=true` by default
migruiz4 Apr 2, 2025
1cc5766
Add upgrading notes
migruiz4 Apr 2, 2025
5d2ed56
Update CHANGELOG.md
bitnami-bot Apr 2, 2025
8ce6e02
Update README.md with readme-generator-for-helm
bitnami-bot Apr 2, 2025
49b0fd9
Merge branch 'main' into password-files-superset
migruiz4 Apr 4, 2025
abf40d5
Update CHANGELOG.md
bitnami-bot Apr 4, 2025
6fa4ca5
Fix init containers
migruiz4 Apr 4, 2025
27049c1
Fix probes
migruiz4 Apr 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions bitnami/superset/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,12 @@
# Changelog

## 1.1.3 (2025-04-02)
## 2.0.0 (2025-04-04)

* [bitnami/superset] Release 1.1.3 ([#32777](https://github.com/bitnami/charts/pull/32777))
* [bitnami/superset] Set `usePasswordFiles=true` by default ([#32778](https://github.com/bitnami/charts/pull/32778))

## <small>1.1.3 (2025-04-02)</small>

* [bitnami/superset] Release 1.1.3 (#32777) ([d856953](https://github.com/bitnami/charts/commit/d856953250bfdba841d438923045fdc67808d47c)), closes [#32777](https://github.com/bitnami/charts/issues/32777)

## <small>1.1.2 (2025-03-25)</small>

Expand Down
2 changes: 1 addition & 1 deletion bitnami/superset/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,4 +38,4 @@ sources:
- https://github.com/bitnami/charts/tree/main/bitnami/superset
- https://github.com/bitnami/containers/tree/main/bitnami/superset
- https://github.com/apache/superset
version: 1.1.3
version: 2.0.0
10 changes: 8 additions & 2 deletions bitnami/superset/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,7 @@ As an alternative, use one of the preset configurations for pod affinity, pod an
| `commonAnnotations` | Annotations to add to all deployed objects | `{}` |
| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` |
| `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
| `usePasswordFiles` | Mount credentials as files instead of using an environment variable | `true` |
| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` |
| `diagnosticMode.command` | Command to override all containers in the chart release | `["sleep"]` |
| `diagnosticMode.args` | Args to override all containers in the chart release | `["infinity"]` |
Expand Down Expand Up @@ -516,7 +517,6 @@ As an alternative, use one of the preset configurations for pod affinity, pod an
| `flower.auth.enabled` | Enables Apache Celery flower HTTP basic authentication | `true` |
| `flower.auth.username` | Apache Celery flower username | `user` |
| `flower.auth.password` | Apache Celery flower password | `""` |
| `flower.auth.usePasswordFiles` | Mount credentials as files instead of using an environment variable | `true` |
| `flower.auth.existingSecret` | Name of existing secret to use for Superset Celery flower | `""` |
| `flower.livenessProbe.enabled` | Enable livenessProbe on Superset celery flower containers | `true` |
| `flower.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
Expand Down Expand Up @@ -740,6 +740,12 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/super

Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).

## Upgrading

### To 2.0.0

This version replaces the value `flower.auth.usePasswordFiles` with the new value `usePasswordFiles`. When using `usePasswordFiles=true`, , all credentials will be mounted as files instead of using an environment variable.

## License

Copyright &copy; 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
Expand All @@ -754,4 +760,4 @@ Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
limitations under the License.
45 changes: 45 additions & 0 deletions bitnami/superset/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -201,11 +201,16 @@ Add environment variables to configure database values
- name: SUPERSET_DATABASE_USER
value: {{ include "superset.database.user" . | quote }}
{{- if or (not .Values.postgresql.enabled) .Values.postgresql.auth.enablePostgresUser }}
{{- if .Values.usePasswordFiles }}
- name: SUPERSET_DATABASE_PASSWORD_FILE
value: {{ printf "/opt/bitnami/superset/secrets/%s" (include "superset.database.secretKey" .) }}
{{- else }}
- name: SUPERSET_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "superset.postgresql.secretName" . }}
key: {{ include "superset.database.secretKey" . }}
{{- end }}
{{- else }}
- name: ALLOW_EMPTY_PASSWORD
value: "true"
Expand All @@ -222,22 +227,32 @@ Add environment variables to configure redis values
value: {{ include "superset.redis.port" . | quote }}
- name: REDIS_USER
value: {{ ternary "default" .Values.externalRedis.username .Values.redis.enabled | quote }}
{{- if .Values.usePasswordFiles }}
- name: REDIS_PASSWORD_FILE
value: {{ printf "/opt/bitnami/superset/secrets/%s" (include "superset.redis.secretKey" .) }}
{{- else }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "superset.redis.secretName" . }}
key: {{ include "superset.redis.secretKey" . }}
{{- end }}
{{- end -}}

{{/*
Add environment variables to configure superset common values
*/}}
{{- define "superset.configure.common" -}}
{{- if .Values.usePasswordFiles }}
- name: SUPERSET_SECRET_KEY_FILE
value: "/opt/bitnami/superset/secrets/superset-secret-key"
{{- else }}
- name: SUPERSET_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ include "superset.secretName" . }}
key: superset-secret-key
{{- end }}
{{- if or .Values.existingConfigmap .Values.config }}
- name: SUPERSET_CONF_FILE
value: "/bitnami/superset/conf/superset_config.py"
Expand Down Expand Up @@ -276,6 +291,10 @@ Init container definition to wait for PostgreSQL
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libpostgresql.sh

{{- if .Values.usePasswordFiles }}
export SUPERSET_DATABASE_PASSWORD="$(< $SUPERSET_DATABASE_PASSWORD_FILE)"
{{- end }}

check_postgresql_connection() {
echo "SELECT 1" | postgresql_remote_execute "$SUPERSET_DATABASE_HOST" "$SUPERSET_DATABASE_PORT_NUMBER" "$SUPERSET_DATABASE_NAME" "$SUPERSET_DATABASE_USER" "$SUPERSET_DATABASE_PASSWORD"
}
Expand All @@ -289,6 +308,12 @@ Init container definition to wait for PostgreSQL
fi
env:
{{- include "superset.configure.database" . | nindent 4 }}
{{- if .Values.usePasswordFiles }}
volumeMounts:
- name: superset-secrets
mountPath: /opt/bitnami/superset/secrets
readOnly: true
{{- end }}
{{- end -}}

{{/*
Expand Down Expand Up @@ -320,6 +345,10 @@ Init container definition to wait for Redis
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/liblog.sh

{{- if .Values.usePasswordFiles }}
export REDIS_PASSWORD="$(< $REDIS_PASSWORD_FILE)"
{{- end }}

check_redis_connection() {
local result="$(redis-cli -h ${REDIS_HOST} -p ${REDIS_PORT_NUMBER} -a ${REDIS_PASSWORD} --user ${REDIS_USER} PING)"
if [[ "$result" != "PONG" ]]; then
Expand All @@ -336,6 +365,12 @@ Init container definition to wait for Redis
fi
env:
{{- include "superset.configure.redis" . | nindent 4 }}
{{- if .Values.usePasswordFiles }}
volumeMounts:
- name: superset-secrets
mountPath: /opt/bitnami/superset/secrets
readOnly: true
{{- end }}
{{- end }}

{{- define "superset.initContainers.waitForExamples" -}}
Expand Down Expand Up @@ -365,6 +400,10 @@ Init container definition to wait for Redis
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libpostgresql.sh

{{- if .Values.usePasswordFiles }}
export SUPERSET_DATABASE_PASSWORD="$(< $SUPERSET_DATABASE_PASSWORD_FILE)"
{{- end }}

check_examples_database() {
echo "SELECT dashboard_title FROM dashboards" | postgresql_remote_execute_print_output "$SUPERSET_DATABASE_HOST" "$SUPERSET_DATABASE_PORT_NUMBER" "$SUPERSET_DATABASE_NAME" "$SUPERSET_DATABASE_USER" "$SUPERSET_DATABASE_PASSWORD" | grep "Dashboard"
}
Expand All @@ -378,6 +417,12 @@ Init container definition to wait for Redis
fi
env:
{{- include "superset.configure.database" . | nindent 4 }}
{{- if .Values.usePasswordFiles }}
volumeMounts:
- name: superset-secrets
mountPath: /opt/bitnami/superset/secrets
readOnly: true
{{- end }}
{{- end }}

{{/*
Expand Down
21 changes: 21 additions & 0 deletions bitnami/superset/templates/beat/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -161,6 +161,11 @@ spec:
- name: empty-dir
mountPath: /opt/bitnami/superset/tmp
subPath: app-tmp-dir
{{- if .Values.usePasswordFiles }}
- name: superset-secrets
mountPath: /opt/bitnami/superset/secrets
readOnly: true
{{- end }}
{{- if or .Values.existingConfigmap .Values.config }}
- name: superset-config
mountPath: /bitnami/superset/conf
Expand All @@ -174,6 +179,22 @@ spec:
volumes:
- name: empty-dir
emptyDir: {}
{{- if .Values.usePasswordFiles }}
- name: superset-secrets
projected:
sources:
- secret:
name: {{ include "superset.secretName" . }}
items:
- key: superset-secret-key
path: superset-secret-key
- secret:
name: {{ include "superset.redis.secretName" . }}
{{- if or (not .Values.postgresql.enabled) .Values.postgresql.auth.enablePostgresUser }}
- secret:
name: {{ include "superset.postgresql.secretName" . }}
{{- end }}
{{- end }}
{{- if or .Values.existingConfigmap .Values.config }}
- name: superset-config
configMap:
Expand Down
4 changes: 2 additions & 2 deletions bitnami/superset/templates/externaldb-secrets.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}

{{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.existingSecret) .Values.externalDatabase.password -}}
{{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.existingSecret) .Values.externalDatabase.password }}
apiVersion: v1
kind: Secret
metadata:
Expand All @@ -17,7 +17,7 @@ type: Opaque
data:
{{ .Values.externalDatabase.existingSecretPasswordKey }}: {{ .Values.externalDatabase.password | b64enc | quote }}
{{- end }}
{{- if and (not .Values.redis.enabled) (not .Values.externalRedis.existingSecret) .Values.externalRedis.password -}}
{{- if and (not .Values.redis.enabled) (not .Values.externalRedis.existingSecret) .Values.externalRedis.password }}
---
apiVersion: v1
kind: Secret
Expand Down
30 changes: 21 additions & 9 deletions bitnami/superset/templates/flower/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,8 +175,8 @@ spec:
- name: empty-dir
mountPath: /opt/bitnami/superset/superset_home
subPath: superset-home
{{- if and .Values.flower.auth.enabled .Values.flower.auth.usePasswordFiles }}
- name: flower-basic-auth
{{- if .Values.usePasswordFiles }}
- name: superset-secrets
mountPath: /opt/bitnami/superset/secrets
readOnly: true
{{- end }}
Expand All @@ -193,13 +193,25 @@ spec:
volumes:
- name: empty-dir
emptyDir: {}
{{- if and .Values.flower.auth.enabled .Values.flower.auth.usePasswordFiles }}
- name: flower-basic-auth
secret:
secretName: {{ template "superset.flower.secretName" . }}
items:
- key: flower-basic-auth
path: flower-basic-auth
{{- if .Values.usePasswordFiles }}
- name: superset-secrets
projected:
sources:
- secret:
name: {{ include "superset.secretName" . }}
items:
- key: superset-secret-key
path: superset-secret-key
- secret:
name: {{ include "superset.redis.secretName" . }}
{{- if .Values.flower.auth.enabled }}
- secret:
name: {{ include "superset.flower.secretName" . }}
{{- end }}
{{- if or (not .Values.postgresql.enabled) .Values.postgresql.auth.enablePostgresUser }}
- secret:
name: {{ include "superset.postgresql.secretName" . }}
{{- end }}
{{- end }}
{{- if or .Values.existingConfigmap .Values.config }}
- name: superset-config
Expand Down
28 changes: 28 additions & 0 deletions bitnami/superset/templates/init/init-job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,11 +74,16 @@ spec:
value: {{ .Values.auth.username | quote }}
- name: SUPERSET_EMAIL
value: {{ .Values.auth.email | quote }}
{{- if .Values.usePasswordFiles }}
- name: SUPERSET_PASSWORD_FILE
value: "/opt/bitnami/superset/secrets/superset-password"
{{- else }}
- name: SUPERSET_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "superset.secretName" . }}
key: superset-password
{{- end }}
- name: SUPERSET_LOAD_EXAMPLES
value: {{ ternary "true" "false" .Values.loadExamples | quote }}
{{- if .Values.init.extraEnvVars }}
Expand All @@ -105,6 +110,11 @@ spec:
- name: empty-dir
mountPath: /opt/bitnami/superset/superset_home
subPath: superset-home
{{- if .Values.usePasswordFiles }}
- name: superset-secrets
mountPath: /opt/bitnami/superset/secrets
readOnly: true
{{- end }}
{{- if or .Values.existingConfigmap .Values.config }}
- name: superset-config
mountPath: /bitnami/superset/conf
Expand All @@ -118,6 +128,24 @@ spec:
volumes:
- name: empty-dir
emptyDir: {}
{{- if .Values.usePasswordFiles }}
- name: superset-secrets
projected:
sources:
- secret:
name: {{ include "superset.secretName" . }}
items:
- key: superset-secret-key
path: superset-secret-key
- key: superset-password
path: superset-password
- secret:
name: {{ include "superset.redis.secretName" . }}
{{- if or (not .Values.postgresql.enabled) .Values.postgresql.auth.enablePostgresUser }}
- secret:
name: {{ include "superset.postgresql.secretName" . }}
{{- end }}
{{- end }}
{{- if or .Values.existingConfigmap .Values.config }}
- name: superset-config
configMap:
Expand Down
21 changes: 21 additions & 0 deletions bitnami/superset/templates/web/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,11 @@ spec:
- name: empty-dir
mountPath: /opt/bitnami/superset/superset_home
subPath: superset-home
{{- if .Values.usePasswordFiles }}
- name: superset-secrets
mountPath: /opt/bitnami/superset/secrets
readOnly: true
{{- end }}
{{- if or .Values.existingConfigmap .Values.config }}
- name: superset-config
mountPath: /bitnami/superset/conf
Expand All @@ -180,6 +185,22 @@ spec:
volumes:
- name: empty-dir
emptyDir: {}
{{- if .Values.usePasswordFiles }}
- name: superset-secrets
projected:
sources:
- secret:
name: {{ include "superset.secretName" . }}
items:
- key: superset-secret-key
path: superset-secret-key
- secret:
name: {{ include "superset.redis.secretName" . }}
{{- if or (not .Values.postgresql.enabled) .Values.postgresql.auth.enablePostgresUser }}
- secret:
name: {{ include "superset.postgresql.secretName" . }}
{{- end }}
{{- end }}
{{- if or .Values.existingConfigmap .Values.config }}
- name: superset-config
configMap:
Expand Down
Loading
Loading