From f59498fcb94fcbed4e5ca7ecb8821dd6bec32a8a Mon Sep 17 00:00:00 2001 From: Shakeel Ansari Date: Fri, 9 Feb 2024 21:12:11 +0530 Subject: [PATCH] fix(helm): Include option to use Redis with SSL (#26663) --- helm/superset/Chart.yaml | 2 +- helm/superset/README.md | 7 ++++- helm/superset/templates/_helpers.tpl | 39 +++++++++++++++++-------- helm/superset/templates/secret-env.yaml | 7 +++++ helm/superset/values.yaml | 10 ++++++- 5 files changed, 50 insertions(+), 15 deletions(-) diff --git a/helm/superset/Chart.yaml b/helm/superset/Chart.yaml index 7ff82d76da50b..e88c8a67dcade 100644 --- a/helm/superset/Chart.yaml +++ b/helm/superset/Chart.yaml @@ -29,7 +29,7 @@ maintainers: - name: craig-rueda email: craig@craigrueda.com url: https://github.com/craig-rueda -version: 0.12.3 +version: 0.12.4 dependencies: - name: postgresql version: 12.1.6 diff --git a/helm/superset/README.md b/helm/superset/README.md index b282a9eb0dd59..408eb8d93014f 100644 --- a/helm/superset/README.md +++ b/helm/superset/README.md @@ -23,7 +23,7 @@ NOTE: This file is generated by helm-docs: https://github.com/norwoodj/helm-docs # superset -![Version: 0.12.3](https://img.shields.io/badge/Version-0.12.3-informational?style=flat-square) +![Version: 0.12.4](https://img.shields.io/badge/Version-0.12.4-informational?style=flat-square) Apache Superset is a modern, enterprise-ready business intelligence web application @@ -188,8 +188,13 @@ On helm this can be set on `extraSecretEnv.SUPERSET_SECRET_KEY` or `configOverri | supersetNode.connections.db_pass | string | `"superset"` | | | supersetNode.connections.db_port | string | `"5432"` | | | supersetNode.connections.db_user | string | `"superset"` | | +| supersetNode.connections.redis_cache_db | string | `"1"` | | +| supersetNode.connections.redis_celery_db | string | `"0"` | | | supersetNode.connections.redis_host | string | `"{{ .Release.Name }}-redis-headless"` | Change in case of bringing your own redis and then also set redis.enabled:false | | supersetNode.connections.redis_port | string | `"6379"` | | +| supersetNode.connections.redis_ssl.enabled | bool | `false` | | +| supersetNode.connections.redis_ssl.ssl_cert_reqs | string | `"CERT_NONE"` | | +| supersetNode.connections.redis_user | string | `""` | | | supersetNode.containerSecurityContext | object | `{}` | | | supersetNode.deploymentAnnotations | object | `{}` | Annotations to be added to supersetNode deployment | | supersetNode.deploymentLabels | object | `{}` | Labels to be added to supersetNode deployment | diff --git a/helm/superset/templates/_helpers.tpl b/helm/superset/templates/_helpers.tpl index 26d68ce6038e6..8d0e862a304af 100644 --- a/helm/superset/templates/_helpers.tpl +++ b/helm/superset/templates/_helpers.tpl @@ -61,6 +61,7 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} + {{- define "superset-config" }} import os from flask_caching.backends.rediscache import RedisCache @@ -68,15 +69,30 @@ from flask_caching.backends.rediscache import RedisCache def env(key, default=None): return os.getenv(key, default) +# Redis Base URL +{{- if .Values.supersetNode.connections.redis_password }} +REDIS_BASE_URL=f"{env('REDIS_PROTO')}://{env('REDIS_USER', '')}:{env('REDIS_PASSWORD')}@{env('REDIS_HOST')}:{env('REDIS_PORT')}" +{{- else }} +REDIS_BASE_URL=f"{env('REDIS_PROTO')}://{env('REDIS_HOST')}:{env('REDIS_PORT')}" +{{- end }} + +# Redis URL Params +{{- if .Values.supersetNode.connections.redis_ssl.enabled }} +REDIS_URL_PARAMS = f"?ssl_cert_req={env('REDIS_SSL_CERT_REQS')}" +{{- else }} +REDIS_URL_PARAMS = "" +{{- end}} + +# Build Redis URLs +CACHE_REDIS_URL = f"{REDIS_BASE_URL}/{env('REDIS_DB', 1)}{REDIS_URL_PARAMS}" +CELERY_REDIS_URL = f"{REDIS_BASE_URL}/{env('REDIS_CELERY_DB', 0)}{REDIS_URL_PARAMS}" + MAPBOX_API_KEY = env('MAPBOX_API_KEY', '') CACHE_CONFIG = { 'CACHE_TYPE': 'RedisCache', 'CACHE_DEFAULT_TIMEOUT': 300, 'CACHE_KEY_PREFIX': 'superset_', - 'CACHE_REDIS_HOST': env('REDIS_HOST'), - 'CACHE_REDIS_PORT': env('REDIS_PORT'), - 'CACHE_REDIS_PASSWORD': env('REDIS_PASSWORD'), - 'CACHE_REDIS_DB': env('REDIS_DB', 1), + 'CACHE_REDIS_URL': CACHE_REDIS_URL, } DATA_CACHE_CONFIG = CACHE_CONFIG @@ -85,13 +101,8 @@ SQLALCHEMY_TRACK_MODIFICATIONS = True class CeleryConfig: imports = ("superset.sql_lab", ) - {{- if .Values.supersetNode.connections.redis_password }} - broker_url = f"redis://:{env('REDIS_PASSWORD')}@{env('REDIS_HOST')}:{env('REDIS_PORT')}/0" - result_backend = f"redis://:{env('REDIS_PASSWORD')}@{env('REDIS_HOST')}:{env('REDIS_PORT')}/0" - {{- else }} - broker_url = f"redis://{env('REDIS_HOST')}:{env('REDIS_PORT')}/0" - result_backend = f"redis://{env('REDIS_HOST')}:{env('REDIS_PORT')}/0" - {{- end }} + broker_url = CELERY_REDIS_URL + result_backend = CELERY_REDIS_URL CELERY_CONFIG = CeleryConfig RESULTS_BACKEND = RedisCache( @@ -100,7 +111,11 @@ RESULTS_BACKEND = RedisCache( password=env('REDIS_PASSWORD'), {{- end }} port=env('REDIS_PORT'), - key_prefix='superset_results' + key_prefix='superset_results', + {{- if .Values.supersetNode.connections.redis_ssl.enabled }} + ssl=True, + ssl_cert_reqs=env('REDIS_SSL_CERT_REQS'), + {{- end }} ) {{ if .Values.configOverrides }} diff --git a/helm/superset/templates/secret-env.yaml b/helm/superset/templates/secret-env.yaml index 0031bdda63ed2..f2a9d7af03f91 100644 --- a/helm/superset/templates/secret-env.yaml +++ b/helm/superset/templates/secret-env.yaml @@ -30,10 +30,17 @@ metadata: type: Opaque stringData: REDIS_HOST: {{ tpl .Values.supersetNode.connections.redis_host . | quote }} + REDIS_USER: {{ .Values.supersetNode.connections.redis_user | quote }} {{- if .Values.supersetNode.connections.redis_password }} REDIS_PASSWORD: {{ .Values.supersetNode.connections.redis_password | quote }} {{- end }} REDIS_PORT: {{ .Values.supersetNode.connections.redis_port | quote }} + REDIS_PROTO: {{ if .Values.supersetNode.connections.redis_ssl.enabled }}"rediss"{{ else }}"redis"{{ end }} + REDIS_DB: {{ .Values.supersetNode.connections.redis_cache_db | quote }} + REDIS_CELERY_DB: {{ .Values.supersetNode.connections.redis_celery_db | quote }} + {{- if .Values.supersetNode.connections.redis_ssl.enabled }} + REDIS_SSL_CERT_REQS: {{ .Values.supersetNode.connections.redis_ssl.ssl_cert_reqs | default "CERT_NONE" | quote }} + {{- end }} DB_HOST: {{ tpl .Values.supersetNode.connections.db_host . | quote }} DB_PORT: {{ .Values.supersetNode.connections.db_port | quote }} DB_USER: {{ .Values.supersetNode.connections.db_user | quote }} diff --git a/helm/superset/values.yaml b/helm/superset/values.yaml index 4183ca609d1f9..253555e1ffa65 100644 --- a/helm/superset/values.yaml +++ b/helm/superset/values.yaml @@ -258,8 +258,16 @@ supersetNode: connections: # -- Change in case of bringing your own redis and then also set redis.enabled:false redis_host: '{{ .Release.Name }}-redis-headless' - # redis_password: superset redis_port: "6379" + redis_user: "" + # redis_password: superset + redis_cache_db: "1" + redis_celery_db: "0" + # Or SSL port is usually 6380 + # Update following for using Redis with SSL + redis_ssl: + enabled: false + ssl_cert_reqs: CERT_NONE # You need to change below configuration incase bringing own PostgresSQL instance and also set postgresql.enabled:false db_host: '{{ .Release.Name }}-postgresql' db_port: "5432"