refactor(helm): Allow chart operators to exclude the creation of the secret manifest (#28308)

2024-05-03 07:08:32 +03:00 · 2024-05-03 07:08:32 +03:00 · 3e74ff174c
parent b4c4ab7790
commit 3e74ff174c
4 changed files with 12 additions and 3 deletions
--- a/helm/superset/Chart.yaml
+++ b/helm/superset/Chart.yaml
@ -29,7 +29,7 @@ maintainers:
  - name: craig-rueda
    email: craig@craigrueda.com
    url: https://github.com/craig-rueda
-version: 0.12.9
+version: 0.12.10
 dependencies:
  - name: postgresql
    version: 12.1.6
--- a/helm/superset/README.md
+++ b/helm/superset/README.md
@ -23,7 +23,7 @@ NOTE: This file is generated by helm-docs: https://github.com/norwoodj/helm-docs

 # superset

-![Version: 0.12.9](https://img.shields.io/badge/Version-0.12.9-informational?style=flat-square)
+![Version: 0.12.10](https://img.shields.io/badge/Version-0.12.10-informational?style=flat-square)

 Apache Superset is a modern, enterprise-ready business intelligence web application

@ -117,6 +117,8 @@ On helm this can be set on `extraSecretEnv.SUPERSET_SECRET_KEY` or `configOverri
 | redis | object | see `values.yaml` | Configuration values for the Redis dependency. ref: https://github.com/bitnami/charts/blob/master/bitnami/redis More documentation can be found here: https://artifacthub.io/packages/helm/bitnami/redis |
 | resources | object | `{}` |  |
 | runAsUser | int | `0` | User ID directive. This user must have enough permissions to run the bootstrap script Running containers as root is not recommended in production. Change this to another UID - e.g. 1000 to be more secure |
+| secretEnv | object | `{"create":true}` | Specify rather or not helm should create the secret described in `secret-env.yaml` template |
+| secretEnv.create | bool | `true` | Change to false in order to support externally created secret (Binami "Sealed Secrets" for Kubernetes or External Secrets Operator) note: when externally creating the secret, the chart still expects to pull values from a secret with the name of the release defaults to `release-name-superset-env` - full logic located in _helpers.tpl file: `define "superset.fullname"` |
 | service.annotations | object | `{}` |  |
 | service.loadBalancerIP | string | `nil` |  |
 | service.nodePort.http | int | `"nil"` |  |
--- a/helm/superset/templates/secret-env.yaml
+++ b/helm/superset/templates/secret-env.yaml
@ -16,7 +16,7 @@
 limitations under the License.

 */}}
-
+{{- if .Values.secretEnv.create -}}
 apiVersion: v1
 kind: Secret
 metadata:
@ -51,3 +51,4 @@ stringData:
    {{ $key }}: {{ $value | quote }}
    {{- end }}
    {{- end }}
+{{- end }}
--- a/helm/superset/values.yaml
+++ b/helm/superset/values.yaml
@ -31,6 +31,12 @@ fullnameOverride: ~
 # Running containers as root is not recommended in production. Change this to another UID - e.g. 1000 to be more secure
 runAsUser: 0

+# -- Specify rather or not helm should create the secret described in `secret-env.yaml` template
+secretEnv:
+  # -- Change to false in order to support externally created secret (Binami "Sealed Secrets" for Kubernetes or External Secrets Operator)
+  # note: when externally creating the secret, the chart still expects to pull values from a secret with the name of the release defaults to `release-name-superset-env` - full logic located in _helpers.tpl file: `define "superset.fullname"`
+  create: true
+
 # -- Specify service account name to be used
 serviceAccountName: ~
 serviceAccount: