You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by cr...@apache.org on 2024/02/09 15:42:20 UTC
(superset) branch master updated: fix(helm): Include option to use Redis with SSL (#26663)
This is an automated email from the ASF dual-hosted git repository.
craigrueda pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/superset.git
The following commit(s) were added to refs/heads/master by this push:
new f59498fcb9 fix(helm): Include option to use Redis with SSL (#26663)
f59498fcb9 is described below
commit f59498fcb94fcbed4e5ca7ecb8821dd6bec32a8a
Author: Shakeel Ansari <sh...@gmail.com>
AuthorDate: Fri Feb 9 21:12:11 2024 +0530
fix(helm): Include option to use Redis with SSL (#26663)
---
helm/superset/Chart.yaml | 2 +-
helm/superset/README.md | 7 +++++-
helm/superset/templates/_helpers.tpl | 39 +++++++++++++++++++++++----------
helm/superset/templates/secret-env.yaml | 7 ++++++
helm/superset/values.yaml | 10 ++++++++-
5 files changed, 50 insertions(+), 15 deletions(-)
diff --git a/helm/superset/Chart.yaml b/helm/superset/Chart.yaml
index 7ff82d76da..e88c8a67dc 100644
--- a/helm/superset/Chart.yaml
+++ b/helm/superset/Chart.yaml
@@ -29,7 +29,7 @@ maintainers:
- name: craig-rueda
email: craig@craigrueda.com
url: https://github.com/craig-rueda
-version: 0.12.3
+version: 0.12.4
dependencies:
- name: postgresql
version: 12.1.6
diff --git a/helm/superset/README.md b/helm/superset/README.md
index b282a9eb0d..408eb8d930 100644
--- a/helm/superset/README.md
+++ b/helm/superset/README.md
@@ -23,7 +23,7 @@ NOTE: This file is generated by helm-docs: https://github.com/norwoodj/helm-docs
# superset
-
+
Apache Superset is a modern, enterprise-ready business intelligence web application
@@ -188,8 +188,13 @@ On helm this can be set on `extraSecretEnv.SUPERSET_SECRET_KEY` or `configOverri
| supersetNode.connections.db_pass | string | `"superset"` | |
| supersetNode.connections.db_port | string | `"5432"` | |
| supersetNode.connections.db_user | string | `"superset"` | |
+| supersetNode.connections.redis_cache_db | string | `"1"` | |
+| supersetNode.connections.redis_celery_db | string | `"0"` | |
| supersetNode.connections.redis_host | string | `"{{ .Release.Name }}-redis-headless"` | Change in case of bringing your own redis and then also set redis.enabled:false |
| supersetNode.connections.redis_port | string | `"6379"` | |
+| supersetNode.connections.redis_ssl.enabled | bool | `false` | |
+| supersetNode.connections.redis_ssl.ssl_cert_reqs | string | `"CERT_NONE"` | |
+| supersetNode.connections.redis_user | string | `""` | |
| supersetNode.containerSecurityContext | object | `{}` | |
| supersetNode.deploymentAnnotations | object | `{}` | Annotations to be added to supersetNode deployment |
| supersetNode.deploymentLabels | object | `{}` | Labels to be added to supersetNode deployment |
diff --git a/helm/superset/templates/_helpers.tpl b/helm/superset/templates/_helpers.tpl
index 26d68ce603..8d0e862a30 100644
--- a/helm/superset/templates/_helpers.tpl
+++ b/helm/superset/templates/_helpers.tpl
@@ -61,6 +61,7 @@ Create chart name and version as used by the chart label.
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
+
{{- define "superset-config" }}
import os
from flask_caching.backends.rediscache import RedisCache
@@ -68,15 +69,30 @@ from flask_caching.backends.rediscache import RedisCache
def env(key, default=None):
return os.getenv(key, default)
+# Redis Base URL
+{{- if .Values.supersetNode.connections.redis_password }}
+REDIS_BASE_URL=f"{env('REDIS_PROTO')}://{env('REDIS_USER', '')}:{env('REDIS_PASSWORD')}@{env('REDIS_HOST')}:{env('REDIS_PORT')}"
+{{- else }}
+REDIS_BASE_URL=f"{env('REDIS_PROTO')}://{env('REDIS_HOST')}:{env('REDIS_PORT')}"
+{{- end }}
+
+# Redis URL Params
+{{- if .Values.supersetNode.connections.redis_ssl.enabled }}
+REDIS_URL_PARAMS = f"?ssl_cert_req={env('REDIS_SSL_CERT_REQS')}"
+{{- else }}
+REDIS_URL_PARAMS = ""
+{{- end}}
+
+# Build Redis URLs
+CACHE_REDIS_URL = f"{REDIS_BASE_URL}/{env('REDIS_DB', 1)}{REDIS_URL_PARAMS}"
+CELERY_REDIS_URL = f"{REDIS_BASE_URL}/{env('REDIS_CELERY_DB', 0)}{REDIS_URL_PARAMS}"
+
MAPBOX_API_KEY = env('MAPBOX_API_KEY', '')
CACHE_CONFIG = {
'CACHE_TYPE': 'RedisCache',
'CACHE_DEFAULT_TIMEOUT': 300,
'CACHE_KEY_PREFIX': 'superset_',
- 'CACHE_REDIS_HOST': env('REDIS_HOST'),
- 'CACHE_REDIS_PORT': env('REDIS_PORT'),
- 'CACHE_REDIS_PASSWORD': env('REDIS_PASSWORD'),
- 'CACHE_REDIS_DB': env('REDIS_DB', 1),
+ 'CACHE_REDIS_URL': CACHE_REDIS_URL,
}
DATA_CACHE_CONFIG = CACHE_CONFIG
@@ -85,13 +101,8 @@ SQLALCHEMY_TRACK_MODIFICATIONS = True
class CeleryConfig:
imports = ("superset.sql_lab", )
- {{- if .Values.supersetNode.connections.redis_password }}
- broker_url = f"redis://:{env('REDIS_PASSWORD')}@{env('REDIS_HOST')}:{env('REDIS_PORT')}/0"
- result_backend = f"redis://:{env('REDIS_PASSWORD')}@{env('REDIS_HOST')}:{env('REDIS_PORT')}/0"
- {{- else }}
- broker_url = f"redis://{env('REDIS_HOST')}:{env('REDIS_PORT')}/0"
- result_backend = f"redis://{env('REDIS_HOST')}:{env('REDIS_PORT')}/0"
- {{- end }}
+ broker_url = CELERY_REDIS_URL
+ result_backend = CELERY_REDIS_URL
CELERY_CONFIG = CeleryConfig
RESULTS_BACKEND = RedisCache(
@@ -100,7 +111,11 @@ RESULTS_BACKEND = RedisCache(
password=env('REDIS_PASSWORD'),
{{- end }}
port=env('REDIS_PORT'),
- key_prefix='superset_results'
+ key_prefix='superset_results',
+ {{- if .Values.supersetNode.connections.redis_ssl.enabled }}
+ ssl=True,
+ ssl_cert_reqs=env('REDIS_SSL_CERT_REQS'),
+ {{- end }}
)
{{ if .Values.configOverrides }}
diff --git a/helm/superset/templates/secret-env.yaml b/helm/superset/templates/secret-env.yaml
index 0031bdda63..f2a9d7af03 100644
--- a/helm/superset/templates/secret-env.yaml
+++ b/helm/superset/templates/secret-env.yaml
@@ -30,10 +30,17 @@ metadata:
type: Opaque
stringData:
REDIS_HOST: {{ tpl .Values.supersetNode.connections.redis_host . | quote }}
+ REDIS_USER: {{ .Values.supersetNode.connections.redis_user | quote }}
{{- if .Values.supersetNode.connections.redis_password }}
REDIS_PASSWORD: {{ .Values.supersetNode.connections.redis_password | quote }}
{{- end }}
REDIS_PORT: {{ .Values.supersetNode.connections.redis_port | quote }}
+ REDIS_PROTO: {{ if .Values.supersetNode.connections.redis_ssl.enabled }}"rediss"{{ else }}"redis"{{ end }}
+ REDIS_DB: {{ .Values.supersetNode.connections.redis_cache_db | quote }}
+ REDIS_CELERY_DB: {{ .Values.supersetNode.connections.redis_celery_db | quote }}
+ {{- if .Values.supersetNode.connections.redis_ssl.enabled }}
+ REDIS_SSL_CERT_REQS: {{ .Values.supersetNode.connections.redis_ssl.ssl_cert_reqs | default "CERT_NONE" | quote }}
+ {{- end }}
DB_HOST: {{ tpl .Values.supersetNode.connections.db_host . | quote }}
DB_PORT: {{ .Values.supersetNode.connections.db_port | quote }}
DB_USER: {{ .Values.supersetNode.connections.db_user | quote }}
diff --git a/helm/superset/values.yaml b/helm/superset/values.yaml
index 4183ca609d..253555e1ff 100644
--- a/helm/superset/values.yaml
+++ b/helm/superset/values.yaml
@@ -258,8 +258,16 @@ supersetNode:
connections:
# -- Change in case of bringing your own redis and then also set redis.enabled:false
redis_host: '{{ .Release.Name }}-redis-headless'
- # redis_password: superset
redis_port: "6379"
+ redis_user: ""
+ # redis_password: superset
+ redis_cache_db: "1"
+ redis_celery_db: "0"
+ # Or SSL port is usually 6380
+ # Update following for using Redis with SSL
+ redis_ssl:
+ enabled: false
+ ssl_cert_reqs: CERT_NONE
# You need to change below configuration incase bringing own PostgresSQL instance and also set postgresql.enabled:false
db_host: '{{ .Release.Name }}-postgresql'
db_port: "5432"