superset

Helm chart

Last changed

Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Tag:

# This file has been modified by Chainguard, Inc.

# Chainguard, Inc. modifications are subject to the license

# available at: https://www.chainguard.dev/legal/software-license-agreement

# SPDX-License-Identifier: APACHE-2.0

## @section Global parameters

## Global Docker image parameters

## Please, note that this will override the image parameters, including dependencies, configured to use the global value

## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass

## @param global.imageRegistry Global Docker image registry

## @param global.imagePullSecrets Global Docker registry secret names as an array

## @param global.storageClass Global StorageClass for Persistent Volume(s)

global:

imageRegistry: ""

## e.g:

## imagePullSecrets:

## - myRegistryKeySecretName

imagePullSecrets: []

storageClass: ""

## Compatibility adaptations for Kubernetes platforms

compatibility:

## Compatibility adaptations for Openshift

openshift:

## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)

adaptSecurityContext: auto

org: ""

## @section Common parameters

## @param kubeVersion Override Kubernetes version

kubeVersion: ""

## @param apiVersions Override Kubernetes API versions reported by .Capabilities

apiVersions: []

## @param nameOverride String to partially override common.names.name

nameOverride: ""

## @param fullnameOverride String to fully override common.names.fullname

fullnameOverride: ""

## @param namespaceOverride String to fully override common.names.namespace

namespaceOverride: ""

## @param commonLabels Labels to add to all deployed objects

commonLabels: {}

## @param commonAnnotations Annotations to add to all deployed objects

commonAnnotations: {}

## @param clusterDomain Kubernetes cluster domain name

clusterDomain: cluster.local

## @param extraDeploy Array of extra objects to deploy with the release

extraDeploy: []

## @param usePasswordFiles Mount credentials as files instead of using an environment variable

usePasswordFiles: true

## Diagnostic mode

## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)

## @param diagnosticMode.command Command to override all containers in the chart release

## @param diagnosticMode.args Args to override all containers in the chart release

diagnosticMode:

enabled: false

command:

- sleep

args:

- infinity

## @section Superset Parameters

## Iamguarded Superset image

## ref: https://hub.docker.com/r/iamguarded/superset/tags/

## @param image.registry [default: REGISTRY_NAME] Superset image registry

## @param image.repository [default: REPOSITORY_NAME/superset] Superset image repository

## @skip image.tag Superset image tag (immutable tags are recommended)

## @param image.digest Superset image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)

## @param image.pullPolicy Superset image pull policy

## @param image.pullSecrets Superset image pull secrets

## @param image.debug Enable Superset image debug mode

image:

registry: cgr.dev

repository: chainguard-private/superset-iamguarded

tag: 6.0.0

digest: ""

## Specify a imagePullPolicy

100

## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

101

## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images

102

103

pullPolicy: IfNotPresent

104

## Optionally specify an array of imagePullSecrets.

105

## Secrets must be manually created in the namespace.

106

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

107

## e.g:

108

## pullSecrets:

109

## - myRegistryKeySecretName

110

111

pullSecrets: []

112

debug: false

113

## @param config The name of an existing ConfigMap with your custom configuration for Superset

114

115

config: ""

116

## @param existingConfigmap The name of an existing ConfigMap with your custom configuration for Superset

117

118

existingConfigmap: ""

119

## @param loadExamples If set to true, the Superset examples database will be loaded at startup

120

121

loadExamples: false

122

## Authentication parameters

123

## ref: https://github.com/iamguarded/containers/tree/main/iamguarded/superset#environment-variables

124

125

auth:

126

## @param auth.username Username to access web UI

127

128

username: ""

129

## @param auth.email Username email

130

131

email: ""

132

## @param auth.password Password to access web UI

133

134

password: ""

135

## @param auth.secretKey Secret key to run your flask app

136

## ref: https://superset.apache.org/docs/configuration/configuring-superset/#specifying-a-secret_key

137

138

secretKey: ""

139

## @param auth.existingSecret Name of an existing secret to use for Superset credentials

140

## `auth.password` and `auth.secretKey` will be ignored and picked up from this secret

141

## The secret must contain the keys `superset-password` and `superset-secret-key'

142

## The value is evaluated as a template

143

144

existingSecret: ""

145

## Superset Webserver

146

147

web:

148

## @param web.replicaCount Number of Superset webserver replicas to deploy

149

150

replicaCount: 1

151

## @param web.containerPorts.http Superset webserver HTTP container port

152

153

containerPorts:

154

http: 8080

155

## @param web.extraContainerPorts Optionally specify extra list of additional ports for WordPress container(s)

156

## e.g:

157

## extraContainerPorts:

158

## - name: myservice

159

## containerPort: 9090

160

161

extraContainerPorts: []

162

## Configure extra options for Superset webserver containers' liveness and readiness probes

163

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes

164

## @param web.livenessProbe.enabled Enable livenessProbe on Superset webserver containers

165

## @param web.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

166

## @param web.livenessProbe.periodSeconds Period seconds for livenessProbe

167

## @param web.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

168

## @param web.livenessProbe.failureThreshold Failure threshold for livenessProbe

169

## @param web.livenessProbe.successThreshold Success threshold for livenessProbe

170

171

livenessProbe:

172

enabled: false

173

initialDelaySeconds: 15

174

periodSeconds: 15

175

timeoutSeconds: 1

176

failureThreshold: 3

177

successThreshold: 1

178

## @param web.readinessProbe.enabled Enable readinessProbe on Superset webserver containers

179

## @param web.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

180

## @param web.readinessProbe.periodSeconds Period seconds for readinessProbe

181

## @param web.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

182

## @param web.readinessProbe.failureThreshold Failure threshold for readinessProbe

183

## @param web.readinessProbe.successThreshold Success threshold for readinessProbe

184

185

readinessProbe:

186

enabled: true

187

initialDelaySeconds: 15

188

periodSeconds: 15

189

timeoutSeconds: 1

190

failureThreshold: 3

191

successThreshold: 1

192

## @param web.startupProbe.enabled Enable startupProbe on Superset webserver containers

193

## @param web.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

194

## @param web.startupProbe.periodSeconds Period seconds for startupProbe

195

## @param web.startupProbe.timeoutSeconds Timeout seconds for startupProbe

196

## @param web.startupProbe.failureThreshold Failure threshold for startupProbe

197

## @param web.startupProbe.successThreshold Success threshold for startupProbe

198

199

startupProbe:

200

enabled: false

201

initialDelaySeconds: 15

202

periodSeconds: 5

203

timeoutSeconds: 1

204

failureThreshold: 60

205

successThreshold: 1

206

## @param web.customLivenessProbe Custom livenessProbe that overrides the default one

207

208

customLivenessProbe: {}

209

## @param web.customReadinessProbe Custom readinessProbe that overrides the default one

210

211

customReadinessProbe: {}

212

## @param web.customStartupProbe Custom startupProbe that overrides the default one

213

214

customStartupProbe: {}

215

## Superset webserver resource requests and limits

216

## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

217

## @param web.resourcesPreset Set Superset webserver container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if web.resources is set (web.resources is recommended for production).

218

## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15

219

220

resourcesPreset: "small"

221

## @param web.resources Set Superset webserver container requests and limits for different resources like CPU or memory (essential for production workloads)

222

## Example:

223

## resources:

224

## requests:

225

## cpu: 2

226

## memory: 512Mi

227

## limits:

228

## cpu: 3

229

## memory: 1024Mi

230

231

resources: {}

232

## Configure Pods Security Context

233

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod

234

## @param web.podSecurityContext.enabled Enable Superset webserver pods' Security Context

235

## @param web.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for Superset webserver pods

236

## @param web.podSecurityContext.sysctls Set kernel settings using the sysctl interface for Superset webserver pods

237

## @param web.podSecurityContext.supplementalGroups Set filesystem extra groups for Superset webserver pods

238

## @param web.podSecurityContext.fsGroup Set fsGroup in Superset webserver pods' Security Context

239

240

podSecurityContext:

241

enabled: true

242

fsGroupChangePolicy: Always

243

sysctls: []

244

supplementalGroups: []

245

fsGroup: 1001

246

## Configure Container Security Context

247

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container

248

## @param web.containerSecurityContext.enabled Enabled Superset webserver container' Security Context

249

## @param web.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in Superset webserver container

250

## @param web.containerSecurityContext.runAsUser Set runAsUser in Superset webserver container' Security Context

251

## @param web.containerSecurityContext.runAsGroup Set runAsGroup in Superset webserver container' Security Context

252

## @param web.containerSecurityContext.runAsNonRoot Set runAsNonRoot in Superset webserver container' Security Context

253

## @param web.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in Superset webserver container' Security Context

254

## @param web.containerSecurityContext.privileged Set privileged in Superset webserver container' Security Context

255

## @param web.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in Superset webserver container' Security Context

256

## @param web.containerSecurityContext.capabilities.drop List of capabilities to be dropped in Superset webserver container

257

## @param web.containerSecurityContext.seccompProfile.type Set seccomp profile in Superset webserver container

258

259

containerSecurityContext:

260

enabled: true

261

seLinuxOptions: {}

262

runAsUser: 1001

263

runAsGroup: 1001

264

runAsNonRoot: true

265

readOnlyRootFilesystem: false

266

privileged: false

267

allowPrivilegeEscalation: false

268

capabilities:

269

drop: ["ALL"]

270

seccompProfile:

271

type: "RuntimeDefault"

272

## @param web.command Override default Superset webserver container command (useful when using custom images)

273

274

command: []

275

## @param web.args Override default Superset webserver container args (useful when using custom images)

276

277

args: []

278

## @param web.automountServiceAccountToken Mount Service Account token in Superset webserver pods

279

280

automountServiceAccountToken: false

281

## @param web.hostAliases Superset webserver pods host aliases

282

## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

283

284

hostAliases: []

285

## @param web.deploymentAnnotations Annotations for Superset webserver deployment

286

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

287

288

deploymentAnnotations: {}

289

## @param web.podLabels Extra labels for Superset webserver pods

290

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

291

292

podLabels: {}

293

## @param web.podAnnotations Annotations for Superset webserver pods

294

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

295

296

podAnnotations: {}

297

## @param web.podAffinityPreset Pod affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`

298

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

299

300

podAffinityPreset: ""

301

## @param web.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`

302

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

303

304

podAntiAffinityPreset: soft

305

## Node web.affinity preset

306

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

307

308

nodeAffinityPreset:

309

## @param web.nodeAffinityPreset.type Node affinity preset type. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`

310

311

type: ""

312

## @param web.nodeAffinityPreset.key Node label key to match. Ignored if `web.affinity` is set

313

314

key: ""

315

## @param web.nodeAffinityPreset.values Node label values to match. Ignored if `web.affinity` is set

316

## E.g.

317

## values:

318

## - e2e-az1

319

## - e2e-az2

320

321

values: []

322

## @param web.affinity Affinity for Superset webserver pods assignment

323

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

324

## NOTE: `web.podAffinityPreset`, `web.podAntiAffinityPreset`, and `web.nodeAffinityPreset` will be ignored when it's set

325

326

affinity: {}

327

## @param web.nodeSelector Node labels for Superset webserver pods assignment

328

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

329

330

nodeSelector: {}

331

## @param web.tolerations Tolerations for Superset webserver pods assignment

332

## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

333

334

tolerations: []

335

## @param web.updateStrategy.type Superset webserver deployment strategy type

336

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy

337

338

updateStrategy:

339

## Can be set to RollingUpdate or Recreate

340

341

type: RollingUpdate

342

## @param web.priorityClassName Superset webserver pods' priorityClassName

343

344

priorityClassName: ""

345

## @param web.topologySpreadConstraints Topology Spread Constraints for Superset webserver pod assignment spread across your cluster among failure-domains

346

## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods

347

348

topologySpreadConstraints: []

349

## @param web.schedulerName Name of the k8s scheduler (other than default) for Superset webserver pods

350

## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/

351

352

schedulerName: ""

353

## @param web.terminationGracePeriodSeconds Seconds Superset webserver pods need to terminate gracefully

354

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods

355

356

terminationGracePeriodSeconds: ""

357

## @param web.lifecycleHooks for Superset webserver containers to automate configuration before or after startup

358

359

lifecycleHooks: {}

360

## @param web.extraEnvVars Array with extra environment variables to add to Superset webserver containers

361

## e.g:

362

## extraEnvVars:

363

## - name: FOO

364

## value: "bar"

365

366

extraEnvVars: []

367

## @param web.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Superset webserver containers

368

369

extraEnvVarsCM: ""

370

## @param web.extraEnvVarsSecret Name of existing Secret containing extra env vars for Superset webserver containers

371

372

extraEnvVarsSecret: ""

373

## @param web.extraVolumes Optionally specify extra list of additional volumes for the Superset webserver pods

374

375

extraVolumes: []

376

## @param web.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Superset webserver containers

377

378

extraVolumeMounts: []

379

## @param web.sidecars Add additional sidecar containers to the Superset webserver pods

380

## e.g:

381

## sidecars:

382

## - name: your-image-name

383

## image: your-image

384

## imagePullPolicy: Always

385

## ports:

386

## - name: portname

387

## containerPort: 1234

388

389

sidecars: []

390

## @param web.initContainers Add additional init containers to the Superset webserver pods

391

## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

392

## e.g:

393

## initContainers:

394

## - name: your-image-name

395

## image: your-image

396

## imagePullPolicy: Always

397

## command: ['sh', '-c', 'echo "hello world"']

398

399

initContainers: []

400

## Pod Disruption Budget configuration

401

## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb

402

## @param web.pdb.create Enable/disable a Pod Disruption Budget creation

403

## @param web.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled

404

## @param web.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable

405

406

pdb:

407

create: false

408

minAvailable: 1

409

maxUnavailable: ""

410

## Autoscaling configuration

411

## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/

412

autoscaling:

413

vpa:

414

## @param web.autoscaling.vpa.enabled Enable VPA

415

416

enabled: false

417

## @param web.autoscaling.vpa.annotations Annotations for VPA resource

418

419

annotations: {}

420

## @param web.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory

421

422

controlledResources: []

423

## @param web.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod

424

## cpu: 200m

425

## memory: 100Mi

426

maxAllowed: {}

427

## @param web.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod

428

## cpu: 200m

429

## memory: 100Mi

430

minAllowed: {}

431

## VPA update policy

432

433

updatePolicy:

434

## @param web.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod

435

## Possible values are "Off", "Initial", "Recreate", and "Auto".

436

437

updateMode: Auto

438

hpa:

439

## @param web.autoscaling.hpa.enabled Enable HPA

440

441

enabled: false

442

## @param web.autoscaling.hpa.minReplicas Minimum number of replicas

443

444

minReplicas: ""

445

## @param web.autoscaling.hpa.maxReplicas Maximum number of replicas

446

447

maxReplicas: ""

448

## @param web.autoscaling.hpa.targetCPU Target CPU utilization percentage

449

450

targetCPU: ""

451

## @param web.autoscaling.hpa.targetMemory Target Memory utilization percentage

452

453

targetMemory: ""

454

## Superset webserver service parameters

455

456

service:

457

## @param web.service.type Superset webserver service type

458

459

type: LoadBalancer

460

## @param web.service.ports.http Superset webserver service HTTP port

461

462

ports:

463

http: 80

464

## Node ports to expose

465

## @param web.service.nodePorts.http Node port for HTTP

466

## NOTE: choose port between <30000-32767>

467

468

nodePorts:

469

http: ""

470

## @param web.service.clusterIP Superset webserver service Cluster IP

471

## e.g.:

472

## clusterIP: None

473

474

clusterIP: ""

475

## @param web.service.loadBalancerIP Superset webserver service Load Balancer IP

476

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer

477

478

loadBalancerIP: ""

479

## @param web.service.loadBalancerSourceRanges Superset webserver service Load Balancer sources

480

## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

481

## e.g:

482

## loadBalancerSourceRanges:

483

## - 10.10.10.0/24

484

485

loadBalancerSourceRanges: []

486

## @param web.service.externalTrafficPolicy Superset webserver service external traffic policy

487

## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip

488

489

externalTrafficPolicy: Cluster

490

## @param web.service.annotations Additional custom annotations for Superset webserver service

491

492

annotations: {}

493

## @param web.service.extraPorts Extra ports to expose in Superset webserver service (normally used with the `sidecars` value)

494

495

extraPorts: []

496

## @param web.service.sessionAffinity Control where client requests go, to the same pod or round-robin

497

## Values: ClientIP or None

498

## ref: https://kubernetes.io/docs/concepts/services-networking/service/

499

500

sessionAffinity: None

501

## @param web.service.sessionAffinityConfig Additional settings for the sessionAffinity

502

## sessionAffinityConfig:

503

## clientIP:

504

## timeoutSeconds: 300

505

506

sessionAffinityConfig: {}

507

## Network Policies

508

## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/

509

510

networkPolicy:

511

## @param web.networkPolicy.enabled Specifies whether a NetworkPolicy should be created

512

513

enabled: true

514

## @param web.networkPolicy.allowExternal Don't require server label for connections

515

## The Policy model to apply. When set to false, only pods with the correct

516

## server label will have network access to the ports server is listening

517

## on. When true, server will accept connections from any source

518

## (with the correct destination port).

519

520

allowExternal: true

521

## @param web.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.

522

523

allowExternalEgress: true

524

## @param web.networkPolicy.addExternalClientAccess Allow access from pods with client label set to "true". Ignored if `networkPolicy.allowExternal` is true.

525

526

addExternalClientAccess: true

527

## @param web.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy

528

## e.g:

529

## extraIngress:

530

## - ports:

531

## - port: 1234

532

## from:

533

## - podSelector:

534

## - matchLabels:

535

## - role: frontend

536

## - podSelector:

537

## - matchExpressions:

538

## - key: role

539

## operator: In

540

## values:

541

## - frontend

542

extraIngress: []

543

## @param web.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)

544

## e.g:

545

## extraEgress:

546

## - ports:

547

## - port: 1234

548

## to:

549

## - podSelector:

550

## - matchLabels:

551

## - role: frontend

552

## - podSelector:

553

## - matchExpressions:

554

## - key: role

555

## operator: In

556

## values:

557

## - frontend

558

559

extraEgress: []

560

## @param web.networkPolicy.ingressPodMatchLabels [object] Labels to match to allow traffic from other pods. Ignored if `networkPolicy.allowExternal` is true.

561

## e.g:

562

## ingressPodMatchLabels:

563

## my-client: "true"

564

565

ingressPodMatchLabels: {}

566

## @param web.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces

567

## @param web.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces

568

569

ingressNSMatchLabels: {}

570

ingressNSPodMatchLabels: {}

571

## 'wait-for-examples' init container parameters

572

573

waitForExamples:

574

## @param web.waitForExamples.enabled Enable init container that waits for the load_examples command to finish before starting the webserver

575

576

enabled: false

577

## Init container's resource requests and limits

578

## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

579

## @param web.waitForExamples.resourcesPreset Set init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if waitForExamples.resources is set (waitForExamples.resources is recommended for production).

580

## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15

581

582

resourcesPreset: "nano"

583

## @param web.waitForExamples.resources Set init container requests and limits for different resources like CPU or memory (essential for production workloads)

584

## Example:

585

## resources:

586

## requests:

587

## cpu: 2

588

## memory: 512Mi

589

## limits:

590

## cpu: 3

591

## memory: 1024Mi

592

593

resources: {}

594

## InitContainer Security Context

595

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container

596

## @param web.waitForExamples.containerSecurityContext.enabled Enabled wait-for-redis initcontainer's Security Context

597

## @param web.waitForExamples.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in wait-for-redis initcontainer

598

## @param web.waitForExamples.containerSecurityContext.runAsUser Set runAsUser in wait-for-redis initcontainer's Security Context

599

## @param web.waitForExamples.containerSecurityContext.runAsGroup Set runAsGroup in wait-for-redis initcontainer's Security Context

600

## @param web.waitForExamples.containerSecurityContext.runAsNonRoot Set runAsNonRoot in wait-for-redis initcontainer's Security Context

601

## @param web.waitForExamples.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in wait-for-redis initcontainer's Security Context

602

## @param web.waitForExamples.containerSecurityContext.privileged Set privileged in wait-for-redis initcontainer's Security Context

603

## @param web.waitForExamples.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in wait-for-redis initcontainer's Security Context

604

## @param web.waitForExamples.containerSecurityContext.capabilities.drop List of capabilities to be dropped in wait-for-redis initcontainer

605

## @param web.waitForExamples.containerSecurityContext.seccompProfile.type Set seccomp profile in wait-for-redis initcontainer

606

607

containerSecurityContext:

608

enabled: true

609

seLinuxOptions: {}

610

runAsUser: 1001

611

runAsGroup: 1001

612

runAsNonRoot: true

613

readOnlyRootFilesystem: false

614

privileged: false

615

allowPrivilegeEscalation: false

616

capabilities:

617

drop: ["ALL"]

618

seccompProfile:

619

type: "RuntimeDefault"

620

## Superset Celery worker

621

622

worker:

623

## @param worker.replicaCount Number of Superset Celery worker replicas to deploy

624

625

replicaCount: 1

626

## Configure extra options for Superset Celery worker containers' liveness and readiness probes

627

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes

628

## @param worker.livenessProbe.enabled Enable livenessProbe on Superset Celery worker containers

629

## @param worker.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

630

## @param worker.livenessProbe.periodSeconds Period seconds for livenessProbe

631

## @param worker.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

632

## @param worker.livenessProbe.failureThreshold Failure threshold for livenessProbe

633

## @param worker.livenessProbe.successThreshold Success threshold for livenessProbe

634

635

livenessProbe:

636

enabled: true

637

initialDelaySeconds: 15

638

periodSeconds: 60

639

timeoutSeconds: 30

640

failureThreshold: 3

641

successThreshold: 1

642

## @param worker.readinessProbe.enabled Enable readinessProbe on Superset Celery worker containers

643

## @param worker.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

644

## @param worker.readinessProbe.periodSeconds Period seconds for readinessProbe

645

## @param worker.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

646

## @param worker.readinessProbe.failureThreshold Failure threshold for readinessProbe

647

## @param worker.readinessProbe.successThreshold Success threshold for readinessProbe

648

649

readinessProbe:

650

enabled: true

651

initialDelaySeconds: 15

652

periodSeconds: 60

653

timeoutSeconds: 30

654

failureThreshold: 3

655

successThreshold: 1

656

## @param worker.startupProbe.enabled Enable startupProbe on Superset Celery worker containers

657

## @param worker.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

658

## @param worker.startupProbe.periodSeconds Period seconds for startupProbe

659

## @param worker.startupProbe.timeoutSeconds Timeout seconds for startupProbe

660

## @param worker.startupProbe.failureThreshold Failure threshold for startupProbe

661

## @param worker.startupProbe.successThreshold Success threshold for startupProbe

662

663

startupProbe:

664

enabled: false

665

initialDelaySeconds: 15

666

periodSeconds: 15

667

timeoutSeconds: 30

668

failureThreshold: 60

669

successThreshold: 1

670

## @param worker.customLivenessProbe Custom livenessProbe that overrides the default one

671

672

customLivenessProbe: {}

673

## @param worker.customReadinessProbe Custom readinessProbe that overrides the default one

674

675

customReadinessProbe: {}

676

## @param worker.customStartupProbe Custom startupProbe that overrides the default one

677

678

customStartupProbe: {}

679

## Superset Celery worker resource requests and limits

680

## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

681

## @param worker.resourcesPreset Set Superset Celery worker container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if worker.resources is set (worker.resources is recommended for production).

682

## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15

683

684

resourcesPreset: "large"

685

## @param worker.resources Set Superset Celery worker container requests and limits for different resources like CPU or memory (essential for production workloads)

686

## Example:

687

## resources:

688

## requests:

689

## cpu: 2

690

## memory: 512Mi

691

## limits:

692

## cpu: 3

693

## memory: 1024Mi

694

695

resources: {}

696

## Configure Pods Security Context

697

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod

698

## @param worker.podSecurityContext.enabled Enable Superset Celery worker pods' Security Context

699

## @param worker.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for Superset Celery worker pods

700

## @param worker.podSecurityContext.sysctls Set kernel settings using the sysctl interface for Superset Celery worker pods

701

## @param worker.podSecurityContext.supplementalGroups Set filesystem extra groups for Superset Celery worker pods

702

## @param worker.podSecurityContext.fsGroup Set fsGroup in Superset Celery worker pods' Security Context

703

704

podSecurityContext:

705

enabled: true

706

fsGroupChangePolicy: Always

707

sysctls: []

708

supplementalGroups: []

709

fsGroup: 1001

710

## Configure Container Security Context

711

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container

712

## @param worker.containerSecurityContext.enabled Enabled Superset Celery worker container' Security Context

713

## @param worker.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in Superset Celery worker container

714

## @param worker.containerSecurityContext.runAsUser Set runAsUser in Superset Celery worker container' Security Context

715

## @param worker.containerSecurityContext.runAsGroup Set runAsGroup in Superset Celery worker container' Security Context

716

## @param worker.containerSecurityContext.runAsNonRoot Set runAsNonRoot in Superset Celery worker container' Security Context

717

## @param worker.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in Superset Celery worker container' Security Context

718

## @param worker.containerSecurityContext.privileged Set privileged in Superset Celery worker container' Security Context

719

## @param worker.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in Superset Celery worker container' Security Context

720

## @param worker.containerSecurityContext.capabilities.drop List of capabilities to be dropped in Superset Celery worker container

721

## @param worker.containerSecurityContext.seccompProfile.type Set seccomp profile in Superset Celery worker container

722

723

containerSecurityContext:

724

enabled: true

725

seLinuxOptions: {}

726

runAsUser: 1001

727

runAsGroup: 1001

728

runAsNonRoot: true

729

readOnlyRootFilesystem: false

730

privileged: false

731

allowPrivilegeEscalation: false

732

capabilities:

733

drop: ["ALL"]

734

seccompProfile:

735

type: "RuntimeDefault"

736

## @param worker.command Override default Superset Celery worker container command (useful when using custom images)

737

738

command: []

739

## @param worker.args Override default Superset Celery worker container args (useful when using custom images)

740

741

args: []

742

## @param worker.automountServiceAccountToken Mount Service Account token in Superset Celery worker pods

743

744

automountServiceAccountToken: false

745

## @param worker.hostAliases Superset Celery worker pods host aliases

746

## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

747

748

hostAliases: []

749

## @param worker.deploymentAnnotations Annotations for Superset Celery worker deployment

750

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

751

752

deploymentAnnotations: {}

753

## @param worker.podLabels Extra labels for Superset Celery worker pods

754

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

755

756

podLabels: {}

757

## @param worker.podAnnotations Annotations for Superset Celery worker pods

758

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

759

760

podAnnotations: {}

761

## @param worker.podAffinityPreset Pod affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`

762

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

763

764

podAffinityPreset: ""

765

## @param worker.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`

766

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

767

768

podAntiAffinityPreset: soft

769

## Node worker.affinity preset

770

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

771

772

nodeAffinityPreset:

773

## @param worker.nodeAffinityPreset.type Node affinity preset type. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`

774

775

type: ""

776

## @param worker.nodeAffinityPreset.key Node label key to match. Ignored if `worker.affinity` is set

777

778

key: ""

779

## @param worker.nodeAffinityPreset.values Node label values to match. Ignored if `worker.affinity` is set

780

## E.g.

781

## values:

782

## - e2e-az1

783

## - e2e-az2

784

785

values: []

786

## @param worker.affinity Affinity for Superset Celery worker pods assignment

787

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

788

## NOTE: `worker.podAffinityPreset`, `worker.podAntiAffinityPreset`, and `worker.nodeAffinityPreset` will be ignored when it's set

789

790

affinity: {}

791

## @param worker.nodeSelector Node labels for Superset Celery worker pods assignment

792

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

793

794

nodeSelector: {}

795

## @param worker.tolerations Tolerations for Superset Celery worker pods assignment

796

## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

797

798

tolerations: []

799

## @param worker.updateStrategy.type Superset celery worker deployment strategy type

800

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy

801

802

updateStrategy:

803

## Can be set to RollingUpdate or Recreate

804

805

type: RollingUpdate

806

## @param worker.priorityClassName Superset Celery worker pods' priorityClassName

807

808

priorityClassName: ""

809

## @param worker.topologySpreadConstraints Topology Spread Constraints for Superset Celery worker pod assignment spread across your cluster among failure-domains

810

## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods

811

812

topologySpreadConstraints: []

813

## @param worker.schedulerName Name of the k8s scheduler (other than default) for Superset Celery worker pods

814

## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/

815

816

schedulerName: ""

817

## @param worker.terminationGracePeriodSeconds Seconds Superset Celery worker pods need to terminate gracefully

818

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods

819

820

terminationGracePeriodSeconds: ""

821

## @param worker.lifecycleHooks for Superset Celery worker containers to automate configuration before or after startup

822

823

lifecycleHooks: {}

824

## @param worker.extraEnvVars Array with extra environment variables to add to Superset Celery worker containers

825

## e.g:

826

## extraEnvVars:

827

## - name: FOO

828

## value: "bar"

829

830

extraEnvVars: []

831

## @param worker.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Superset Celery worker containers

832

833

extraEnvVarsCM: ""

834

## @param worker.extraEnvVarsSecret Name of existing Secret containing extra env vars for Superset Celery worker containers

835

836

extraEnvVarsSecret: ""

837

## @param worker.extraVolumes Optionally specify extra list of additional volumes for the Superset Celery worker pods

838

839

extraVolumes: []

840

## @param worker.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Superset Celery worker containers

841

842

extraVolumeMounts: []

843

## @param worker.sidecars Add additional sidecar containers to the Superset Celery worker pods

844

## e.g:

845

## sidecars:

846

## - name: your-image-name

847

## image: your-image

848

## imagePullPolicy: Always

849

## ports:

850

## - name: portname

851

## containerPort: 1234

852

853

sidecars: []

854

## @param worker.initContainers Add additional init containers to the Superset Celery worker pods

855

## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

856

## e.g:

857

## initContainers:

858

## - name: your-image-name

859

## image: your-image

860

## imagePullPolicy: Always

861

## command: ['sh', '-c', 'echo "hello world"']

862

863

initContainers: []

864

## Pod Disruption Budget configuration

865

## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb

866

## @param worker.pdb.create Enable/disable a Pod Disruption Budget creation

867

## @param worker.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled

868

## @param worker.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable

869

870

pdb:

871

create: false

872

minAvailable: 1

873

maxUnavailable: ""

874

## Autoscaling configuration

875

## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/

876

autoscaling:

877

vpa:

878

## @param worker.autoscaling.vpa.enabled Enable VPA

879

880

enabled: false

881

## @param worker.autoscaling.vpa.annotations Annotations for VPA resource

882

883

annotations: {}

884

## @param worker.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory

885

886

controlledResources: []

887

## @param worker.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod

888

## cpu: 200m

889

## memory: 100Mi

890

maxAllowed: {}

891

## @param worker.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod

892

## cpu: 200m

893

## memory: 100Mi

894

minAllowed: {}

895

## VPA update policy

896

897

updatePolicy:

898

## @param worker.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod

899

## Possible values are "Off", "Initial", "Recreate", and "Auto".

900

901

updateMode: Auto

902

hpa:

903

## @param worker.autoscaling.hpa.enabled Enable HPA

904

905

enabled: false

906

## @param worker.autoscaling.hpa.minReplicas Minimum number of replicas

907

908

minReplicas: ""

909

## @param worker.autoscaling.hpa.maxReplicas Maximum number of replicas

910

911

maxReplicas: ""

912

## @param worker.autoscaling.hpa.targetCPU Target CPU utilization percentage

913

914

targetCPU: ""

915

## @param worker.autoscaling.hpa.targetMemory Target Memory utilization percentage

916

917

targetMemory: ""

918

## Network Policies

919

## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/

920

921

networkPolicy:

922

## @param worker.networkPolicy.enabled Specifies whether a NetworkPolicy should be created

923

924

enabled: true

925

## @param worker.networkPolicy.allowExternal Don't require server label for connections

926

## The Policy model to apply. When set to false, only pods with the correct

927

## server label will have network access to the ports server is listening

928

## on. When true, server will accept connections from any source

929

## (with the correct destination port).

930

931

allowExternal: true

932

## @param worker.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.

933

934

allowExternalEgress: true

935

## @param worker.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy

936

## e.g:

937

## extraIngress:

938

## - ports:

939

## - port: 1234

940

## from:

941

## - podSelector:

942

## - matchLabels:

943

## - role: frontend

944

## - podSelector:

945

## - matchExpressions:

946

## - key: role

947

## operator: In

948

## values:

949

## - frontend

950

extraIngress: []

951

## @param worker.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)

952

## e.g:

953

## extraEgress:

954

## - ports:

955

## - port: 1234

956

## to:

957

## - podSelector:

958

## - matchLabels:

959

## - role: frontend

960

## - podSelector:

961

## - matchExpressions:

962

## - key: role

963

## operator: In

964

## values:

965

## - frontend

966

967

extraEgress: []

968

## Superset Init Job

969

970

init:

971

## @param init.enabled Enables the Superset init job, which is in charge of initialising the database, admin user credentials, DB upgrade, etc.

972

973

enabled: true

974

## @param init.extraEnvVars Array with extra environment variables to add to Superset init-job containers

975

## e.g:

976

## extraEnvVars:

977

## - name: FOO

978

## value: "bar"

979

980

extraEnvVars: []

981

## @param init.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Superset init-job containers

982

983

extraEnvVarsCM: ""

984

## @param init.extraEnvVarsSecret Name of existing Secret containing extra env vars for Superset init-job containers

985

986

extraEnvVarsSecret: ""

987

## @param init.extraVolumes Optionally specify extra list of additional volumes for the Superset init-job pods

988

989

extraVolumes: []

990

## @param init.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Superset init-job containers

991

992

extraVolumeMounts: []

993

## @param init.sidecars Add additional sidecar containers to the Superset init-job pods

994

## e.g:

995

## sidecars:

996

## - name: your-image-name

997

## image: your-image

998

## imagePullPolicy: Always

999

## ports:

1000

## - name: portname

1001

## containerPort: 1234

1002

1003

sidecars: []

1004

## @param init.initContainers Add additional init containers to the Superset init-job pods

1005

## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

1006

## e.g:

1007

## initContainers:

1008

## - name: your-image-name

1009

## image: your-image

1010

## imagePullPolicy: Always

1011

## command: ['sh', '-c', 'echo "hello world"']

1012

1013

initContainers: []

1014

## @param init.command Override default Superset init-job container command (useful when using custom images)

1015

1016

command: []

1017

## @param init.args Override default Superset init-job container args (useful when using custom images)

1018

1019

args: []

1020

## Superset init-job resource requests and limits

1021

## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

1022

## @param init.resourcesPreset Set Superset init-job container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if init.resources is set (init.resources is recommended for production).

1023

## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15

1024

1025

resourcesPreset: "medium"

1026

## @param init.resources Set Superset init-job container requests and limits for different resources like CPU or memory (essential for production workloads)

1027

## Example:

1028

## resources:

1029

## requests:

1030

## cpu: 2

1031

## memory: 512Mi

1032

## limits:

1033

## cpu: 3

1034

## memory: 1024Mi

1035

1036

resources: {}

1037

## Configure Pods Security Context

1038

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod

1039

## @param init.podSecurityContext.enabled Enable Superset init-job pods' Security Context

1040

## @param init.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for Superset init-job pods

1041

## @param init.podSecurityContext.sysctls Set kernel settings using the sysctl interface for Superset init-job pods

1042

## @param init.podSecurityContext.supplementalGroups Set filesystem extra groups for Superset init-job pods

1043

## @param init.podSecurityContext.fsGroup Set fsGroup in Superset init-job pods' Security Context

1044

1045

podSecurityContext:

1046

enabled: true

1047

fsGroupChangePolicy: Always

1048

sysctls: []

1049

supplementalGroups: []

1050

fsGroup: 1001

1051

## Configure Container Security Context

1052

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container

1053

## @param init.containerSecurityContext.enabled Enabled Superset init-job container' Security Context

1054

## @param init.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in Superset init-job container

1055

## @param init.containerSecurityContext.runAsUser Set runAsUser in Superset init-job container' Security Context

1056

## @param init.containerSecurityContext.runAsGroup Set runAsGroup in Superset init-job container' Security Context

1057

## @param init.containerSecurityContext.runAsNonRoot Set runAsNonRoot in Superset init-job container' Security Context

1058

## @param init.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in Superset init-job container' Security Context

1059

## @param init.containerSecurityContext.privileged Set privileged in Superset init-job container' Security Context

1060

## @param init.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in Superset init-job container' Security Context

1061

## @param init.containerSecurityContext.capabilities.drop List of capabilities to be dropped in Superset init-job container

1062

## @param init.containerSecurityContext.seccompProfile.type Set seccomp profile in Superset init-job container

1063

1064

containerSecurityContext:

1065

enabled: true

1066

seLinuxOptions: {}

1067

runAsUser: 1001

1068

runAsGroup: 1001

1069

runAsNonRoot: true

1070

readOnlyRootFilesystem: false

1071

privileged: false

1072

allowPrivilegeEscalation: false

1073

capabilities:

1074

drop: ["ALL"]

1075

seccompProfile:

1076

type: "RuntimeDefault"

1077

## @param init.backoffLimit set backoff limit of the job

1078

1079

backoffLimit: 10

1080

## @param init.automountServiceAccountToken Mount Service Account token in Superset init-job pods

1081

1082

automountServiceAccountToken: false

1083

## @param init.hostAliases Superset init-job pods host aliases

1084

## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

1085

1086

hostAliases: []

1087

## @param init.jobAnnotations Annotations for Superset init-job job

1088

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

1089

1090

jobAnnotations: {}

1091

## @param init.podLabels Extra labels for Superset init-job pods

1092

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

1093

1094

podLabels: {}

1095

## @param init.podAnnotations Annotations for Superset init-job pods

1096

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

1097

1098

podAnnotations: {}

1099

## Network Policies

1100

## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/

1101

1102

networkPolicy:

1103

## @param init.networkPolicy.enabled Specifies whether a NetworkPolicy should be created

1104

1105

enabled: true

1106

## @param init.networkPolicy.allowExternal Don't require server label for connections

1107

## The Policy model to apply. When set to false, only pods with the correct

1108

## server label will have network access to the ports server is listening

1109

## on. When true, server will accept connections from any source

1110

## (with the correct destination port).

1111

1112

allowExternal: true

1113

## @param init.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.

1114

1115

allowExternalEgress: true

1116

## @param init.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy

1117

## e.g:

1118

## extraIngress:

1119

## - ports:

1120

## - port: 1234

1121

## from:

1122

## - podSelector:

1123

## - matchLabels:

1124

## - role: frontend

1125

## - podSelector:

1126

## - matchExpressions:

1127

## - key: role

1128

## operator: In

1129

## values:

1130

## - frontend

1131

extraIngress: []

1132

## @param init.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)

1133

## e.g:

1134

## extraEgress:

1135

## - ports:

1136

## - port: 1234

1137

## to:

1138

## - podSelector:

1139

## - matchLabels:

1140

## - role: frontend

1141

## - podSelector:

1142

## - matchExpressions:

1143

## - key: role

1144

## operator: In

1145

## values:

1146

## - frontend

1147

1148

extraEgress: []

1149

## Superset Celery beat

1150

1151

beat:

1152

## @param beat.enabled Set to true to enable Superset celery beat. Required if you intend to use alerts and reports

1153

1154

enabled: false

1155

## Configure extra options for Superset celery beat containers' liveness and readiness probes

1156

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes

1157

## @param beat.livenessProbe.enabled Enable livenessProbe on Superset celery beat containers

1158

## @param beat.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

1159

## @param beat.livenessProbe.periodSeconds Period seconds for livenessProbe

1160

## @param beat.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

1161

## @param beat.livenessProbe.failureThreshold Failure threshold for livenessProbe

1162

## @param beat.livenessProbe.successThreshold Success threshold for livenessProbe

1163

1164

livenessProbe:

1165

enabled: true

1166

initialDelaySeconds: 15

1167

periodSeconds: 15

1168

timeoutSeconds: 1

1169

failureThreshold: 3

1170

successThreshold: 1

1171

## @param beat.readinessProbe.enabled Enable readinessProbe on Superset celery beat containers

1172

## @param beat.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

1173

## @param beat.readinessProbe.periodSeconds Period seconds for readinessProbe

1174

## @param beat.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

1175

## @param beat.readinessProbe.failureThreshold Failure threshold for readinessProbe

1176

## @param beat.readinessProbe.successThreshold Success threshold for readinessProbe

1177

1178

readinessProbe:

1179

enabled: true

1180

initialDelaySeconds: 15

1181

periodSeconds: 15

1182

timeoutSeconds: 1

1183

failureThreshold: 3

1184

successThreshold: 1

1185

## @param beat.startupProbe.enabled Enable startupProbe on Superset celery beat containers

1186

## @param beat.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

1187

## @param beat.startupProbe.periodSeconds Period seconds for startupProbe

1188

## @param beat.startupProbe.timeoutSeconds Timeout seconds for startupProbe

1189

## @param beat.startupProbe.failureThreshold Failure threshold for startupProbe

1190

## @param beat.startupProbe.successThreshold Success threshold for startupProbe

1191

1192

startupProbe:

1193

enabled: false

1194

initialDelaySeconds: 15

1195

periodSeconds: 5

1196

timeoutSeconds: 1

1197

failureThreshold: 60

1198

successThreshold: 1

1199

## @param beat.customLivenessProbe Custom livenessProbe that overrides the default one

1200

1201

customLivenessProbe: {}

1202

## @param beat.customReadinessProbe Custom readinessProbe that overrides the default one

1203

1204

customReadinessProbe: {}

1205

## @param beat.customStartupProbe Custom startupProbe that overrides the default one

1206

1207

customStartupProbe: {}

1208

## Superset celery beat resource requests and limits

1209

## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

1210

## @param beat.resourcesPreset Set Superset celery beat container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if beat.resources is set (beat.resources is recommended for production).

1211

## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15

1212

1213

resourcesPreset: "small"

1214

## @param beat.resources Set Superset celery beat container requests and limits for different resources like CPU or memory (essential for production workloads)

1215

## Example:

1216

## resources:

1217

## requests:

1218

## cpu: 2

1219

## memory: 512Mi

1220

## limits:

1221

## cpu: 3

1222

## memory: 1024Mi

1223

1224

resources: {}

1225

## Configure Pods Security Context

1226

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod

1227

## @param beat.podSecurityContext.enabled Enable Superset celery beat pods' Security Context

1228

## @param beat.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for Superset celery beat pods

1229

## @param beat.podSecurityContext.sysctls Set kernel settings using the sysctl interface for Superset celery beat pods

1230

## @param beat.podSecurityContext.supplementalGroups Set filesystem extra groups for Superset celery beat pods

1231

## @param beat.podSecurityContext.fsGroup Set fsGroup in Superset celery beat pods' Security Context

1232

1233

podSecurityContext:

1234

enabled: true

1235

fsGroupChangePolicy: Always

1236

sysctls: []

1237

supplementalGroups: []

1238

fsGroup: 1001

1239

## Configure Container Security Context

1240

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container

1241

## @param beat.containerSecurityContext.enabled Enabled Superset celery beat container' Security Context

1242

## @param beat.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in Superset celery beat container

1243

## @param beat.containerSecurityContext.runAsUser Set runAsUser in Superset celery beat container' Security Context

1244

## @param beat.containerSecurityContext.runAsGroup Set runAsGroup in Superset celery beat container' Security Context

1245

## @param beat.containerSecurityContext.runAsNonRoot Set runAsNonRoot in Superset celery beat container' Security Context

1246

## @param beat.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in Superset celery beat container' Security Context

1247

## @param beat.containerSecurityContext.privileged Set privileged in Superset celery beat container' Security Context

1248

## @param beat.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in Superset celery beat container' Security Context

1249

## @param beat.containerSecurityContext.capabilities.drop List of capabilities to be dropped in Superset celery beat container

1250

## @param beat.containerSecurityContext.seccompProfile.type Set seccomp profile in Superset celery beat container

1251

1252

containerSecurityContext:

1253

enabled: true

1254

seLinuxOptions: {}

1255

runAsUser: 1001

1256

runAsGroup: 1001

1257

runAsNonRoot: true

1258

readOnlyRootFilesystem: false

1259

privileged: false

1260

allowPrivilegeEscalation: false

1261

capabilities:

1262

drop: ["ALL"]

1263

seccompProfile:

1264

type: "RuntimeDefault"

1265

## @param beat.command Override default Superset celery beat container command (useful when using custom images)

1266

1267

command: []

1268

## @param beat.args Override default Superset celery beat container args (useful when using custom images)

1269

1270

args: []

1271

## @param beat.automountServiceAccountToken Mount Service Account token in Superset celery beat pods

1272

1273

automountServiceAccountToken: false

1274

## @param beat.hostAliases Superset celery beat pods host aliases

1275

## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

1276

1277

hostAliases: []

1278

## @param beat.deploymentAnnotations Annotations for Superset celery beat deployment

1279

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

1280

1281

deploymentAnnotations: {}

1282

## @param beat.podLabels Extra labels for Superset celery beat pods

1283

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

1284

1285

podLabels: {}

1286

## @param beat.podAnnotations Annotations for Superset celery beat pods

1287

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

1288

1289

podAnnotations: {}

1290

## @param beat.podAffinityPreset Pod affinity preset. Ignored if `beat.affinity` is set. Allowed values: `soft` or `hard`

1291

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

1292

1293

podAffinityPreset: ""

1294

## @param beat.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `beat.affinity` is set. Allowed values: `soft` or `hard`

1295

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

1296

1297

podAntiAffinityPreset: soft

1298

## Node beat.affinity preset

1299

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

1300

1301

nodeAffinityPreset:

1302

## @param beat.nodeAffinityPreset.type Node affinity preset type. Ignored if `beat.affinity` is set. Allowed values: `soft` or `hard`

1303

1304

type: ""

1305

## @param beat.nodeAffinityPreset.key Node label key to match. Ignored if `beat.affinity` is set

1306

1307

key: ""

1308

## @param beat.nodeAffinityPreset.values Node label values to match. Ignored if `beat.affinity` is set

1309

## E.g.

1310

## values:

1311

## - e2e-az1

1312

## - e2e-az2

1313

1314

values: []

1315

## @param beat.affinity Affinity for Superset celery beat pods assignment

1316

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

1317

## NOTE: `beat.podAffinityPreset`, `beat.podAntiAffinityPreset`, and `beat.nodeAffinityPreset` will be ignored when it's set

1318

1319

affinity: {}

1320

## @param beat.nodeSelector Node labels for Superset celery beat pods assignment

1321

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

1322

1323

nodeSelector: {}

1324

## @param beat.tolerations Tolerations for Superset celery beat pods assignment

1325

## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

1326

1327

tolerations: []

1328

## @param beat.updateStrategy.type Superset celery beat deployment strategy type

1329

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy

1330

1331

updateStrategy:

1332

## Can be set to RollingUpdate or Recreate

1333

1334

type: RollingUpdate

1335

## @param beat.priorityClassName Superset celery beat pods' priorityClassName

1336

1337

priorityClassName: ""

1338

## @param beat.topologySpreadConstraints Topology Spread Constraints for Superset celery beat pod assignment spread across your cluster among failure-domains

1339

## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods

1340

1341

topologySpreadConstraints: []

1342

## @param beat.schedulerName Name of the k8s scheduler (other than default) for Superset celery beat pods

1343

## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/

1344

1345

schedulerName: ""

1346

## @param beat.terminationGracePeriodSeconds Seconds Superset celery beat pods need to terminate gracefully

1347

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods

1348

1349

terminationGracePeriodSeconds: ""

1350

## @param beat.lifecycleHooks for Superset celery beat containers to automate configuration before or after startup

1351

1352

lifecycleHooks: {}

1353

## @param beat.extraEnvVars Array with extra environment variables to add to Superset celery beat containers

1354

## e.g:

1355

## extraEnvVars:

1356

## - name: FOO

1357

## value: "bar"

1358

1359

extraEnvVars: []

1360

## @param beat.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Superset celery beat containers

1361

1362

extraEnvVarsCM: ""

1363

## @param beat.extraEnvVarsSecret Name of existing Secret containing extra env vars for Superset celery beat containers

1364

1365

extraEnvVarsSecret: ""

1366

## @param beat.extraVolumes Optionally specify extra list of additional volumes for the Superset celery beat pods

1367

1368

extraVolumes: []

1369

## @param beat.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Superset celery beat containers

1370

1371

extraVolumeMounts: []

1372

## @param beat.sidecars Add additional sidecar containers to the Superset celery beat pods

1373

## e.g:

1374

## sidecars:

1375

## - name: your-image-name

1376

## image: your-image

1377

## imagePullPolicy: Always

1378

## ports:

1379

## - name: portname

1380

## containerPort: 1234

1381

1382

sidecars: []

1383

## @param beat.initContainers Add additional init containers to the Superset celery beat pods

1384

## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

1385

## e.g:

1386

## initContainers:

1387

## - name: your-image-name

1388

## image: your-image

1389

## imagePullPolicy: Always

1390

## command: ['sh', '-c', 'echo "hello world"']

1391

1392

initContainers: []

1393

## Pod Disruption Budget configuration

1394

## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb

1395

## @param beat.pdb.create Enable/disable a Pod Disruption Budget creation

1396

## @param beat.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled

1397

## @param beat.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable

1398

1399

pdb:

1400

create: false

1401

minAvailable: 1

1402

maxUnavailable: ""

1403

## Network Policies

1404

## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/

1405

1406

networkPolicy:

1407

## @param beat.networkPolicy.enabled Specifies whether a NetworkPolicy should be created

1408

1409

enabled: true

1410

## @param beat.networkPolicy.allowExternal Don't require server label for connections

1411

## The Policy model to apply. When set to false, only pods with the correct

1412

## server label will have network access to the ports server is listening

1413

## on. When true, server will accept connections from any source

1414

## (with the correct destination port).

1415

1416

allowExternal: true

1417

## @param beat.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.

1418

1419

allowExternalEgress: true

1420

## @param beat.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy

1421

## e.g:

1422

## extraIngress:

1423

## - ports:

1424

## - port: 1234

1425

## from:

1426

## - podSelector:

1427

## - matchLabels:

1428

## - role: frontend

1429

## - podSelector:

1430

## - matchExpressions:

1431

## - key: role

1432

## operator: In

1433

## values:

1434

## - frontend

1435

extraIngress: []

1436

## @param beat.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)

1437

## e.g:

1438

## extraEgress:

1439

## - ports:

1440

## - port: 1234

1441

## to:

1442

## - podSelector:

1443

## - matchLabels:

1444

## - role: frontend

1445

## - podSelector:

1446

## - matchExpressions:

1447

## - key: role

1448

## operator: In

1449

## values:

1450

## - frontend

1451

1452

extraEgress: []

1453

## Superset Celery flower

1454

1455

flower:

1456

## @param flower.enabled Set to true to enable Superset celery flower. Required if you intend to use alerts and reports

1457

1458

1459

enabled: false

1460

## @param flower.replicaCount Number of Superset Celery flower replicas to deploy

1461

1462

replicaCount: 1

1463

## @param flower.containerPorts.flower Superset celery flower container port

1464

1465

containerPorts:

1466

flower: 5555

1467

## @param flower.extraContainerPorts Optionally specify extra list of additional ports for WordPress container(s)

1468

## e.g:

1469

## extraContainerPorts:

1470

## - name: myservice

1471

## containerPort: 9090

1472

1473

extraContainerPorts: []

1474

## Flower HTTP Basic authentication parameters

1475

1476

auth:

1477

## @param flower.auth.enabled Enables Apache Celery flower HTTP basic authentication

1478

1479

enabled: true

1480

## @param flower.auth.username Apache Celery flower username

1481

1482

username: "user"

1483

## @param flower.auth.password Apache Celery flower password

1484

## If empty, a random password will be autogenerated

1485

1486

password: ""

1487

## @param flower.auth.existingSecret Name of existing secret to use for Superset Celery flower

1488

## The secret must contain the key 'flower-basic-auth' encoding the HTTP basic auth string

1489

1490

existingSecret: ""

1491

## Configure extra options for Superset celery flower containers' liveness and readiness probes

1492

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes

1493

## @param flower.livenessProbe.enabled Enable livenessProbe on Superset celery flower containers

1494

## @param flower.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

1495

## @param flower.livenessProbe.periodSeconds Period seconds for livenessProbe

1496

## @param flower.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

1497

## @param flower.livenessProbe.failureThreshold Failure threshold for livenessProbe

1498

## @param flower.livenessProbe.successThreshold Success threshold for livenessProbe

1499

1500

livenessProbe:

1501

enabled: true

1502

initialDelaySeconds: 30

1503

periodSeconds: 15

1504

timeoutSeconds: 1

1505

failureThreshold: 3

1506

successThreshold: 1

1507

## @param flower.readinessProbe.enabled Enable readinessProbe on Superset celery flower containers

1508

## @param flower.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

1509

## @param flower.readinessProbe.periodSeconds Period seconds for readinessProbe

1510

## @param flower.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

1511

## @param flower.readinessProbe.failureThreshold Failure threshold for readinessProbe

1512

## @param flower.readinessProbe.successThreshold Success threshold for readinessProbe

1513

1514

readinessProbe:

1515

enabled: true

1516

initialDelaySeconds: 15

1517

periodSeconds: 15

1518

timeoutSeconds: 1

1519

failureThreshold: 3

1520

successThreshold: 1

1521

## @param flower.startupProbe.enabled Enable startupProbe on Superset celery flower containers

1522

## @param flower.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

1523

## @param flower.startupProbe.periodSeconds Period seconds for startupProbe

1524

## @param flower.startupProbe.timeoutSeconds Timeout seconds for startupProbe

1525

## @param flower.startupProbe.failureThreshold Failure threshold for startupProbe

1526

## @param flower.startupProbe.successThreshold Success threshold for startupProbe

1527

1528

startupProbe:

1529

enabled: false

1530

initialDelaySeconds: 15

1531

periodSeconds: 5

1532

timeoutSeconds: 1

1533

failureThreshold: 60

1534

successThreshold: 1

1535

## @param flower.customLivenessProbe Custom livenessProbe that overrides the default one

1536

1537

customLivenessProbe: {}

1538

## @param flower.customReadinessProbe Custom readinessProbe that overrides the default one

1539

1540

customReadinessProbe: {}

1541

## @param flower.customStartupProbe Custom startupProbe that overrides the default one

1542

1543

customStartupProbe: {}

1544

## Superset celery flower resource requests and limits

1545

## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

1546

## @param flower.resourcesPreset Set Superset celery flower container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if flower.resources is set (flower.resources is recommended for production).

1547

## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15

1548

1549

resourcesPreset: "small"

1550

## @param flower.resources Set Superset celery flower container requests and limits for different resources like CPU or memory (essential for production workloads)

1551

## Example:

1552

## resources:

1553

## requests:

1554

## cpu: 2

1555

## memory: 512Mi

1556

## limits:

1557

## cpu: 3

1558

## memory: 1024Mi

1559

1560

resources: {}

1561

## Configure Pods Security Context

1562

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod

1563

## @param flower.podSecurityContext.enabled Enable Superset celery flower pods' Security Context

1564

## @param flower.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for Superset celery flower pods

1565

## @param flower.podSecurityContext.sysctls Set kernel settings using the sysctl interface for Superset celery flower pods

1566

## @param flower.podSecurityContext.supplementalGroups Set filesystem extra groups for Superset celery flower pods

1567

## @param flower.podSecurityContext.fsGroup Set fsGroup in Superset celery flower pods' Security Context

1568

1569

podSecurityContext:

1570

enabled: true

1571

fsGroupChangePolicy: Always

1572

sysctls: []

1573

supplementalGroups: []

1574

fsGroup: 1001

1575

## Configure Container Security Context

1576

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container

1577

## @param flower.containerSecurityContext.enabled Enabled Superset celery flower container' Security Context

1578

## @param flower.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in Superset celery flower container

1579

## @param flower.containerSecurityContext.runAsUser Set runAsUser in Superset celery flower container' Security Context

1580

## @param flower.containerSecurityContext.runAsGroup Set runAsGroup in Superset celery flower container' Security Context

1581

## @param flower.containerSecurityContext.runAsNonRoot Set runAsNonRoot in Superset celery flower container' Security Context

1582

## @param flower.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in Superset celery flower container' Security Context

1583

## @param flower.containerSecurityContext.privileged Set privileged in Superset celery flower container' Security Context

1584

## @param flower.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in Superset celery flower container' Security Context

1585

## @param flower.containerSecurityContext.capabilities.drop List of capabilities to be dropped in Superset celery flower container

1586

## @param flower.containerSecurityContext.seccompProfile.type Set seccomp profile in Superset celery flower container

1587

1588

containerSecurityContext:

1589

enabled: true

1590

seLinuxOptions: {}

1591

runAsUser: 1001

1592

runAsGroup: 1001

1593

runAsNonRoot: true

1594

readOnlyRootFilesystem: false

1595

privileged: false

1596

allowPrivilegeEscalation: false

1597

capabilities:

1598

drop: ["ALL"]

1599

seccompProfile:

1600

type: "RuntimeDefault"

1601

## @param flower.command Override default Superset celery flower container command (useful when using custom images)

1602

1603

command: []

1604

## @param flower.args Override default Superset celery flower container args (useful when using custom images)

1605

1606

args: []

1607

## @param flower.automountServiceAccountToken Mount Service Account token in Superset celery flower pods

1608

1609

automountServiceAccountToken: false

1610

## @param flower.hostAliases Superset celery flower pods host aliases

1611

## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

1612

1613

hostAliases: []

1614

## @param flower.deploymentAnnotations Annotations for Superset celery flower deployment

1615

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

1616

1617

deploymentAnnotations: {}

1618

## @param flower.podLabels Extra labels for Superset celery flower pods

1619

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

1620

1621

podLabels: {}

1622

## @param flower.podAnnotations Annotations for Superset celery flower pods

1623

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

1624

1625

podAnnotations: {}

1626

## @param flower.podAffinityPreset Pod affinity preset. Ignored if `flower.affinity` is set. Allowed values: `soft` or `hard`

1627

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

1628

1629

podAffinityPreset: ""

1630

## @param flower.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `flower.affinity` is set. Allowed values: `soft` or `hard`

1631

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

1632

1633

podAntiAffinityPreset: soft

1634

## Node flower.affinity preset

1635

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

1636

1637

nodeAffinityPreset:

1638

## @param flower.nodeAffinityPreset.type Node affinity preset type. Ignored if `flower.affinity` is set. Allowed values: `soft` or `hard`

1639

1640

type: ""

1641

## @param flower.nodeAffinityPreset.key Node label key to match. Ignored if `flower.affinity` is set

1642

1643

key: ""

1644

## @param flower.nodeAffinityPreset.values Node label values to match. Ignored if `flower.affinity` is set

1645

## E.g.

1646

## values:

1647

## - e2e-az1

1648

## - e2e-az2

1649

1650

values: []

1651

## @param flower.affinity Affinity for Superset celery flower pods assignment

1652

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

1653

## NOTE: `flower.podAffinityPreset`, `flower.podAntiAffinityPreset`, and `flower.nodeAffinityPreset` will be ignored when it's set

1654

1655

affinity: {}

1656

## @param flower.nodeSelector Node labels for Superset celery flower pods assignment

1657

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

1658

1659

nodeSelector: {}

1660

## @param flower.tolerations Tolerations for Superset celery flower pods assignment

1661

## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

1662

1663

tolerations: []

1664

## @param flower.updateStrategy.type Superset celery flower deployment strategy type

1665

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy

1666

1667

updateStrategy:

1668

## Can be set to RollingUpdate or Recreate

1669

1670

type: RollingUpdate

1671

## @param flower.priorityClassName Superset celery flower pods' priorityClassName

1672

1673

priorityClassName: ""

1674

## @param flower.topologySpreadConstraints Topology Spread Constraints for Superset celery flower pod assignment spread across your cluster among failure-domains

1675

## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods

1676

1677

topologySpreadConstraints: []

1678

## @param flower.schedulerName Name of the k8s scheduler (other than default) for Superset celery flower pods

1679

## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/

1680

1681

schedulerName: ""

1682

## @param flower.terminationGracePeriodSeconds Seconds Superset celery flower pods need to terminate gracefully

1683

## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods

1684

1685

terminationGracePeriodSeconds: ""

1686

## @param flower.lifecycleHooks for Superset celery flower containers to automate configuration before or after startup

1687

1688

lifecycleHooks: {}

1689

## @param flower.extraEnvVars Array with extra environment variables to add to Superset celery flower containers

1690

## e.g:

1691

## extraEnvVars:

1692

## - name: FOO

1693

## value: "bar"

1694

1695

extraEnvVars: []

1696

## @param flower.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Superset celery flower containers

1697

1698

extraEnvVarsCM: ""

1699

## @param flower.extraEnvVarsSecret Name of existing Secret containing extra env vars for Superset celery flower containers

1700

1701

extraEnvVarsSecret: ""

1702

## @param flower.extraVolumes Optionally specify extra list of additional volumes for the Superset celery flower pods

1703

1704

extraVolumes: []

1705

## @param flower.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Superset celery flower containers

1706

1707

extraVolumeMounts: []

1708

## @param flower.sidecars Add additional sidecar containers to the Superset celery flower pods

1709

## e.g:

1710

## sidecars:

1711

## - name: your-image-name

1712

## image: your-image

1713

## imagePullPolicy: Always

1714

## ports:

1715

## - name: portname

1716

## containerPort: 1234

1717

1718

sidecars: []

1719

## @param flower.initContainers Add additional init containers to the Superset celery flower pods

1720

## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

1721

## e.g:

1722

## initContainers:

1723

## - name: your-image-name

1724

## image: your-image

1725

## imagePullPolicy: Always

1726

## command: ['sh', '-c', 'echo "hello world"']

1727

1728

initContainers: []

1729

## Pod Disruption Budget configuration

1730

## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb

1731

## @param flower.pdb.create Enable/disable a Pod Disruption Budget creation

1732

## @param flower.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled

1733

## @param flower.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable

1734

1735

pdb:

1736

create: false

1737

minAvailable: 1

1738

maxUnavailable: ""

1739

## Autoscaling configuration

1740

## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/

1741

autoscaling:

1742

vpa:

1743

## @param flower.autoscaling.vpa.enabled Enable VPA

1744

1745

enabled: false

1746

## @param flower.autoscaling.vpa.annotations Annotations for VPA resource

1747

1748

annotations: {}

1749

## @param flower.autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory

1750

1751

controlledResources: []

1752

## @param flower.autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod

1753

## cpu: 200m

1754

## memory: 100Mi

1755

maxAllowed: {}

1756

## @param flower.autoscaling.vpa.minAllowed VPA Min allowed resources for the pod

1757

## cpu: 200m

1758

## memory: 100Mi

1759

minAllowed: {}

1760

## VPA update policy

1761

1762

updatePolicy:

1763

## @param flower.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod

1764

## Possible values are "Off", "Initial", "Recreate", and "Auto".

1765

1766

updateMode: Auto

1767

hpa:

1768

## @param flower.autoscaling.hpa.enabled Enable HPA

1769

1770

enabled: false

1771

## @param flower.autoscaling.hpa.minReplicas Minimum number of replicas

1772

1773

minReplicas: ""

1774

## @param flower.autoscaling.hpa.maxReplicas Maximum number of replicas

1775

1776

maxReplicas: ""

1777

## @param flower.autoscaling.hpa.targetCPU Target CPU utilization percentage

1778

1779

targetCPU: ""

1780

## @param flower.autoscaling.hpa.targetMemory Target Memory utilization percentage

1781

1782

targetMemory: ""

1783

## Superset celery flower service parameters

1784

1785

service:

1786

## @param flower.service.type Superset celery flower service type

1787

1788

type: LoadBalancer

1789

## @param flower.service.ports.flower Superset celery flower service port

1790

1791

ports:

1792

flower: 5555

1793

## Node ports to expose

1794

## @param flower.service.nodePorts.flower Node port for flower

1795

## NOTE: choose port between <30000-32767>

1796

1797

nodePorts:

1798

flower: ""

1799

## @param flower.service.clusterIP Superset celery flower service Cluster IP

1800

## e.g.:

1801

## clusterIP: None

1802

1803

clusterIP: ""

1804

## @param flower.service.loadBalancerIP Superset celery flower service Load Balancer IP

1805

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer

1806

1807

loadBalancerIP: ""

1808

## @param flower.service.loadBalancerSourceRanges Superset celery flower service Load Balancer sources

1809

## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

1810

## e.g:

1811

## loadBalancerSourceRanges:

1812

## - 10.10.10.0/24

1813

1814

loadBalancerSourceRanges: []

1815

## @param flower.service.externalTrafficPolicy Superset celery flower service external traffic policy

1816

## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip

1817

1818

externalTrafficPolicy: Cluster

1819

## @param flower.service.annotations Additional custom annotations for Superset celery flower service

1820

1821

annotations: {}

1822

## @param flower.service.extraPorts Extra ports to expose in Superset celery flower service (normally used with the `sidecars` value)

1823

1824

extraPorts: []

1825

## @param flower.service.sessionAffinity Control where client requests go, to the same pod or round-robin

1826

## Values: ClientIP or None

1827

## ref: https://kubernetes.io/docs/concepts/services-networking/service/

1828

1829

sessionAffinity: None

1830

## @param flower.service.sessionAffinityConfig Additional settings for the sessionAffinity

1831

## sessionAffinityConfig:

1832

## clientIP:

1833

## timeoutSeconds: 300

1834

1835

sessionAffinityConfig: {}

1836

## Network Policies

1837

## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/

1838

1839

networkPolicy:

1840

## @param flower.networkPolicy.enabled Specifies whether a NetworkPolicy should be created

1841

1842

enabled: true

1843

## @param flower.networkPolicy.allowExternal Don't require server label for connections

1844

## The Policy model to apply. When set to false, only pods with the correct

1845

## server label will have network access to the ports server is listening

1846

## on. When true, server will accept connections from any source

1847

## (with the correct destination port).

1848

1849

allowExternal: true

1850

## @param flower.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.

1851

1852

allowExternalEgress: true

1853

## @param flower.networkPolicy.addExternalClientAccess Allow access from pods with client label set to "true". Ignored if `networkPolicy.allowExternal` is true.

1854

1855

addExternalClientAccess: true

1856

## @param flower.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy

1857

## e.g:

1858

## extraIngress:

1859

## - ports:

1860

## - port: 1234

1861

## from:

1862

## - podSelector:

1863

## - matchLabels:

1864

## - role: frontend

1865

## - podSelector:

1866

## - matchExpressions:

1867

## - key: role

1868

## operator: In

1869

## values:

1870

## - frontend

1871

extraIngress: []

1872

## @param flower.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)

1873

## e.g:

1874

## extraEgress:

1875

## - ports:

1876

## - port: 1234

1877

## to:

1878

## - podSelector:

1879

## - matchLabels:

1880

## - role: frontend

1881

## - podSelector:

1882

## - matchExpressions:

1883

## - key: role

1884

## operator: In

1885

## values:

1886

## - frontend

1887

1888

extraEgress: []

1889

## @param flower.networkPolicy.ingressPodMatchLabels [object] Labels to match to allow traffic from other pods. Ignored if `networkPolicy.allowExternal` is true.

1890

## e.g:

1891

## ingressPodMatchLabels:

1892

## my-client: "true"

1893

1894

ingressPodMatchLabels: {}

1895

## @param flower.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces

1896

## @param flower.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces

1897

1898

ingressNSMatchLabels: {}

1899

ingressNSPodMatchLabels: {}

1900

## Superset ingress parameters

1901

## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/

1902

1903

ingress:

1904

## @param ingress.enabled Enable ingress record generation for Superset

1905

1906

enabled: false

1907

## @param ingress.pathType Ingress path type

1908

1909

pathType: ImplementationSpecific

1910

## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)

1911

1912

apiVersion: ""

1913

## @param ingress.hostname Default host for the ingress record

1914

1915

hostname: superset.local

1916

## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)

1917

## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .

1918

## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/

1919

1920

ingressClassName: ""

1921

## @param ingress.path Default path for the ingress record

1922

## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers

1923

1924

path: /

1925

## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.

1926

## Use this parameter to set the required annotations for cert-manager, see

1927

## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations

1928

## e.g:

1929

## annotations:

1930

## kubernetes.io/ingress.class: nginx

1931

## cert-manager.io/cluster-issuer: cluster-issuer-name

1932

1933

annotations: {}

1934

## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter

1935

## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`

1936

## You can:

1937

## - Use the `ingress.secrets` parameter to create this TLS secret

1938

## - Rely on cert-manager to create it by setting the corresponding annotations

1939

## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`

1940

1941

tls: false

1942

## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm

1943

1944

selfSigned: false

1945

## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record

1946

## e.g:

1947

## extraHosts:

1948

## - name: superset.local

1949

## path: /

1950

1951

extraHosts: []

1952

## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host

1953

## e.g:

1954

## extraPaths:

1955

## - path: /*

1956

## backend:

1957

## serviceName: ssl-redirect

1958

## servicePort: use-annotation

1959

1960

extraPaths: []

1961

## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record

1962

## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls

1963

## e.g:

1964

## extraTls:

1965

## - hosts:

1966

## - superset.local

1967

## secretName: superset.local-tls

1968

1969

extraTls: []

1970

## @param ingress.secrets Custom TLS certificates as secrets

1971

## NOTE: 'key' and 'certificate' are expected in PEM format

1972

## NOTE: 'name' should line up with a 'secretName' set further up

1973

## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates

1974

## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days

1975

## It is also possible to create and manage the certificates outside of this helm chart

1976

## Please see README.md for more information

1977

## e.g:

1978

## secrets:

1979

## - name: superset.local-tls

1980

## key: |-

1981

## -----BEGIN RSA PRIVATE KEY-----

1982

## ...

1983

## -----END RSA PRIVATE KEY-----

1984

## certificate: |-

1985

## -----BEGIN CERTIFICATE-----

1986

## ...

1987

## -----END CERTIFICATE-----

1988

1989

secrets: []

1990

## @param ingress.extraRules Additional rules to be covered with this ingress record

1991

## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules

1992

## e.g:

1993

## extraRules:

1994

## - host: example.local

1995

## http:

1996

## path: /

1997

## backend:

1998

## service:

1999

## name: example-svc

2000

## port:

2001

## name: http

2002

2003

extraRules: []

2004

## @section Default Init Container Parameters

2005

2006

defaultInitContainers:

2007

## 'wait-for-db' init container parameters

2008

2009

waitForDB:

2010

## @param defaultInitContainers.waitForDB.enabled Enable init container that waits for the Database to be available

2011

2012

enabled: true

2013

## Init container's resource requests and limits

2014

## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

2015

## @param defaultInitContainers.waitForDB.resourcesPreset Set init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if waitForDB.resources is set (waitForDB.resources is recommended for production).

2016

## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15

2017

2018

resourcesPreset: "nano"

2019

## @param defaultInitContainers.waitForDB.resources Set init container requests and limits for different resources like CPU or memory (essential for production workloads)

2020

## Example:

2021

## resources:

2022

## requests:

2023

## cpu: 2

2024

## memory: 512Mi

2025

## limits:

2026

## cpu: 3

2027

## memory: 1024Mi

2028

2029

resources: {}

2030

## InitContainer Security Context

2031

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container

2032

## @param defaultInitContainers.waitForDB.containerSecurityContext.enabled Enabled wait-for-db initcontainer's Security Context

2033

## @param defaultInitContainers.waitForDB.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in wait-for-db initcontainer

2034

## @param defaultInitContainers.waitForDB.containerSecurityContext.runAsUser Set runAsUser in wait-for-db initcontainer's Security Context

2035

## @param defaultInitContainers.waitForDB.containerSecurityContext.runAsGroup Set runAsGroup in wait-for-db initcontainer's Security Context

2036

## @param defaultInitContainers.waitForDB.containerSecurityContext.runAsNonRoot Set runAsNonRoot in wait-for-db initcontainer's Security Context

2037

## @param defaultInitContainers.waitForDB.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in wait-for-db initcontainer's Security Context

2038

## @param defaultInitContainers.waitForDB.containerSecurityContext.privileged Set privileged in wait-for-db initcontainer's Security Context

2039

## @param defaultInitContainers.waitForDB.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in wait-for-db initcontainer's Security Context

2040

## @param defaultInitContainers.waitForDB.containerSecurityContext.capabilities.drop List of capabilities to be dropped in wait-for-db initcontainer

2041

## @param defaultInitContainers.waitForDB.containerSecurityContext.seccompProfile.type Set seccomp profile in wait-for-db initcontainer

2042

2043

containerSecurityContext:

2044

enabled: true

2045

seLinuxOptions: {}

2046

runAsUser: 1001

2047

runAsGroup: 1001

2048

runAsNonRoot: true

2049

readOnlyRootFilesystem: false

2050

privileged: false

2051

allowPrivilegeEscalation: false

2052

capabilities:

2053

drop: ["ALL"]

2054

seccompProfile:

2055

type: "RuntimeDefault"

2056

## 'wait-for-redis' init container parameters

2057

2058

waitForRedis:

2059

## @param defaultInitContainers.waitForRedis.enabled Enable init container that waits for Redis to be available

2060

2061

enabled: true

2062

## Init container's resource requests and limits

2063

## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

2064

## @param defaultInitContainers.waitForRedis.resourcesPreset Set init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if waitForRedis.resources is set (waitForRedis.resources is recommended for production).

2065

## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15

2066

2067

resourcesPreset: "nano"

2068

## @param defaultInitContainers.waitForRedis.resources Set init container requests and limits for different resources like CPU or memory (essential for production workloads)

2069

## Example:

2070

## resources:

2071

## requests:

2072

## cpu: 2

2073

## memory: 512Mi

2074

## limits:

2075

## cpu: 3

2076

## memory: 1024Mi

2077

2078

resources: {}

2079

## InitContainer Security Context

2080

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container

2081

## @param defaultInitContainers.waitForRedis.containerSecurityContext.enabled Enabled wait-for-redis initcontainer's Security Context

2082

## @param defaultInitContainers.waitForRedis.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in wait-for-redis initcontainer

2083

## @param defaultInitContainers.waitForRedis.containerSecurityContext.runAsUser Set runAsUser in wait-for-redis initcontainer's Security Context

2084

## @param defaultInitContainers.waitForRedis.containerSecurityContext.runAsGroup Set runAsGroup in wait-for-redis initcontainer's Security Context

2085

## @param defaultInitContainers.waitForRedis.containerSecurityContext.runAsNonRoot Set runAsNonRoot in wait-for-redis initcontainer's Security Context

2086

## @param defaultInitContainers.waitForRedis.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in wait-for-redis initcontainer's Security Context

2087

## @param defaultInitContainers.waitForRedis.containerSecurityContext.privileged Set privileged in wait-for-redis initcontainer's Security Context

2088

## @param defaultInitContainers.waitForRedis.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in wait-for-redis initcontainer's Security Context

2089

## @param defaultInitContainers.waitForRedis.containerSecurityContext.capabilities.drop List of capabilities to be dropped in wait-for-redis initcontainer

2090

## @param defaultInitContainers.waitForRedis.containerSecurityContext.seccompProfile.type Set seccomp profile in wait-for-redis initcontainer

2091

2092

containerSecurityContext:

2093

enabled: true

2094

seLinuxOptions: {}

2095

runAsUser: 1001

2096

runAsGroup: 1001

2097

runAsNonRoot: true

2098

readOnlyRootFilesystem: false

2099

privileged: false

2100

allowPrivilegeEscalation: false

2101

capabilities:

2102

drop: ["ALL"]

2103

seccompProfile:

2104

type: "RuntimeDefault"

2105

## @section Other Parameters

2106

2107

2108

## ServiceAccount configuration

2109

2110

serviceAccount:

2111

## @param serviceAccount.create Specifies whether a ServiceAccount should be created

2112

2113

create: true

2114

## @param serviceAccount.name The name of the ServiceAccount to use.

2115

## If not set and create is true, a name is generated using the common.names.fullname template

2116

2117

name: ""

2118

## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template)

2119

2120

annotations: {}

2121

## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account

2122

2123

automountServiceAccountToken: true

2124

## @section Superset database parameters

2125

2126

## PostgreSQL chart configuration

2127

## ref: https://github.com/iamguarded/charts/blob/main/iamguarded/postgresql/values.yaml

2128

## @param postgresql.enabled Switch to enable or disable the PostgreSQL helm chart

2129

## @param postgresql.auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user

2130

## @param postgresql.auth.username Name for a custom user to create

2131

## @param postgresql.auth.password Password for the custom user to create

2132

## @param postgresql.auth.database Name for a custom database to create

2133

## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials

2134

## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`)

2135

2136

postgresql:

2137

enabled: true

2138

auth:

2139

enablePostgresUser: true

2140

username: ig_superset

2141

password: ""

2142

database: iamguarded_superset

2143

existingSecret: ""

2144

architecture: standalone

2145

primary:

2146

## @param postgresql.primary.service.ports.postgresql PostgreSQL service port

2147

2148

service:

2149

ports:

2150

postgresql: 5432

2151

## PostgreSQL Primary resource requests and limits

2152

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

2153

## @param postgresql.primary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production).

2154

## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15

2155

2156

resourcesPreset: "nano"

2157

## @param postgresql.primary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

2158

## Example:

2159

## resources:

2160

## requests:

2161

## cpu: 2

2162

## memory: 512Mi

2163

## limits:

2164

## cpu: 3

2165

## memory: 1024Mi

2166

2167

resources: {}

2168

image:

2169

registry: cgr.dev

2170

repository: chainguard-private/postgres-iamguarded

2171

tag: 18.3-r3

2172

digest: ""

2173

metrics:

2174

image:

2175

registry: cgr.dev

2176

repository: chainguard-private/prometheus-postgres-exporter-iamguarded

2177

tag: 0.19.1

2178

digest: ""

2179

volumePermissions:

2180

image:

2181

registry: cgr.dev

2182

repository: chainguard-private/os-shell-iamguarded

2183

tag: 1.0.0

2184

digest: ""

2185

## External PostgreSQL configuration

2186

## All of these values are only used when postgresql.enabled is set to false

2187

## @param externalDatabase.host Database host

2188

## @param externalDatabase.port Database port number

2189

## @param externalDatabase.user Non-root username for Superset

2190

## @param externalDatabase.password Password for the non-root username for Superset

2191

## @param externalDatabase.database Superset database name

2192

## @param externalDatabase.existingSecret Name of an existing secret resource containing the database credentials

2193

## @param externalDatabase.existingSecretPasswordKey Name of an existing secret key containing the database credentials

2194

2195

externalDatabase:

2196

host: ""

2197

port: 5432

2198

user: ig_superset

2199

database: iamguarded_superset

2200

password: ""

2201

existingSecret: ""

2202

existingSecretPasswordKey: "db-password"

2203

## Redis® chart configuration

2204

## ref: https://github.com/iamguarded/charts/blob/main/iamguarded/redis/values.yaml

2205

## @param redis.enabled Switch to enable or disable the Redis® helm

2206

## @param redis.auth.enabled Enable password authentication

2207

## @param redis.auth.password Redis® password

2208

## @param redis.auth.existingSecret The name of an existing secret with Redis® credentials

2209

## @param redis.architecture Redis® architecture. Allowed values: `standalone` or `replication`

2210

2211

redis:

2212

enabled: true

2213

auth:

2214

enabled: true

2215

## Redis® password (both master and slave). Defaults to a random 10-character alphanumeric string if not set and auth.enabled is true.

2216

## The password value is ignored if existingSecret is set

2217

password: ""

2218

existingSecret: ""

2219

architecture: standalone

2220

master:

2221

## @param redis.master.service.ports.redis Redis® port

2222

2223

service:

2224

ports:

2225

redis: 6379

2226

## Redis® master resource requests and limits

2227

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

2228

## @param redis.master.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production).

2229

## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15

2230

2231

resourcesPreset: "nano"

2232

## @param redis.master.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

2233

## Example:

2234

## resources:

2235

## requests:

2236

## cpu: 2

2237

## memory: 512Mi

2238

## limits:

2239

## cpu: 3

2240

## memory: 1024Mi

2241

2242

resources: {}

2243

image:

2244

registry: cgr.dev

2245

repository: chainguard-private/redis-server-iamguarded

2246

tag: 8.6.1

2247

digest: ""

2248

sentinel:

2249

image:

2250

registry: cgr.dev

2251

repository: chainguard-private/redis-sentinel-iamguarded

2252

tag: 8.6.1

2253

digest: ""

2254

metrics:

2255

image:

2256

registry: cgr.dev

2257

repository: chainguard-private/prometheus-redis-exporter-iamguarded

2258

tag: 1.82.0

2259

digest: ""

2260

kubectl:

2261

image:

2262

registry: cgr.dev

2263

repository: chainguard-private/kubectl-iamguarded

2264

tag: 1.35.2

2265

digest: ""

2266

volumePermissions:

2267

image:

2268

registry: cgr.dev

2269

repository: chainguard-private/os-shell-iamguarded

2270

tag: 1.0.0

2271

digest: ""

2272

sysctl:

2273

image:

2274

registry: cgr.dev

2275

repository: chainguard-private/os-shell-iamguarded

2276

tag: 1.0.0

2277

digest: ""

2278

## External Redis® configuration

2279

## All of these values are only used when redis.enabled is set to false

2280

## @param externalRedis.host Redis® host

2281

## @param externalRedis.port Redis® port number

2282

## @param externalRedis.username Redis® username

2283

## @param externalRedis.password Redis® password

2284

## @param externalRedis.existingSecret Name of an existing secret resource containing the Redis&trade credentials

2285

## @param externalRedis.existingSecretPasswordKey Name of an existing secret key containing the Redis&trade credentials

2286

2287

externalRedis:

2288

host: ""

2289

port: 6379

2290

## Most Redis® implementations do not require a username

2291

## to authenticate and it should be enough with the password

2292

username: "default"

2293

password: ""

2294

existingSecret: ""

2295

existingSecretPasswordKey: "redis-password"

2296

The trusted source for open source

Talk to an expert

Privacy

Terms

© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.

superset

The trusted source for open source

Product

Solutions

Customers

Resources

Company