diff --git a/docker/Dockerfile.superset b/docker/Dockerfile.superset index 9712321..64ede13 100644 --- a/docker/Dockerfile.superset +++ b/docker/Dockerfile.superset @@ -1,6 +1,6 @@ -# Custom Superset image with Trino + Redis drivers +# Custom Superset image with Trino, PostgreSQL, and Redis drivers FROM apache/superset:latest USER root -RUN pip install --no-cache-dir trino[sqlalchemy] redis +RUN /app/docker/pip-install.sh --no-cache trino[sqlalchemy] psycopg2-binary redis USER superset diff --git a/infra/helm/stonks-oracle/templates/superset.yaml b/infra/helm/stonks-oracle/templates/superset.yaml index 6830c22..cbc0439 100644 --- a/infra/helm/stonks-oracle/templates/superset.yaml +++ b/infra/helm/stonks-oracle/templates/superset.yaml @@ -26,6 +26,9 @@ spec: {{- end }} securityContext: runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 seccompProfile: type: RuntimeDefault containers: @@ -54,6 +57,11 @@ spec: key: SUPERSET_ADMIN_PASSWORD - name: ADMIN_EMAIL value: admin@stonks.local + envFrom: + - configMapRef: + name: stonks-config + - secretRef: + name: stonks-core-secrets volumeMounts: - name: superset-home mountPath: /app/superset_home @@ -109,7 +117,13 @@ data: superset_config.py: | import os SECRET_KEY = os.getenv("SUPERSET_SECRET_KEY", "stonks-dev-secret-key-change-me") - SQLALCHEMY_DATABASE_URI = "trino://trino@trino.{{ .Release.Namespace }}.svc.cluster.local:8080/lakehouse/stonks" + # Superset metadata DB — use PostgreSQL + SQLALCHEMY_DATABASE_URI = ( + f"postgresql+psycopg2://{os.getenv('POSTGRES_USER', 'stonks')}:" + f"{os.getenv('POSTGRES_PASSWORD', 'stonks_dev')}@" + f"{os.getenv('POSTGRES_HOST', 'postgresql-rw.postgresql-service.svc.cluster.local')}:" + f"{os.getenv('POSTGRES_PORT', '5432')}/stonks" + ) FEATURE_FLAGS = {"ENABLE_TEMPLATE_PROCESSING": True} CACHE_CONFIG = { "CACHE_TYPE": "RedisCache",