admin/stonks-oracle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
949324dc89517a0bb0a8770e3c56994907a8b7ef
stonks-oracle/infra/helm/stonks-oracle/templates/superset.yaml
T

154 lines
4.4 KiB
YAML
Raw Blame History

{{- if .Values.superset.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: superset
namespace: {{ .Release.Namespace }}
labels:
app: superset
{{- include "stonks.labels" . | nindent 4 }}
stonks-oracle/tier: dashboard
spec:
replicas: 1
selector:
matchLabels:
app: superset
template:
metadata:
labels:
app: superset
stonks-oracle/tier: dashboard
spec:
automountServiceAccountToken: false
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
seccompProfile:
type: RuntimeDefault
containers:
- name: superset
image: {{ .Values.image.registry }}/superset:{{ .Values.image.tag }}
ports:
- containerPort: 8088
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
env:
- name: SUPERSET_PORT
value: "8088"
- name: SUPERSET_SECRET_KEY
valueFrom:
secretKeyRef:
name: stonks-dashboard-secrets
key: SUPERSET_SECRET_KEY
- name: ADMIN_USERNAME
value: admin
- name: ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: stonks-dashboard-secrets
key: SUPERSET_ADMIN_PASSWORD
- name: ADMIN_EMAIL
value: admin@stonks.local
envFrom:
- configMapRef:
name: stonks-config
- secretRef:
name: stonks-core-secrets
volumeMounts:
- name: superset-home
mountPath: /app/superset_home
- name: superset-config
mountPath: /app/pythonpath/superset_config.py
subPath: superset_config.py
resources:
{{- toYaml .Values.superset.resources | nindent 12 }}
readinessProbe:
httpGet:
path: /health
port: 8088
initialDelaySeconds: 30
periodSeconds: 15
volumes:
- name: superset-home
persistentVolumeClaim:
claimName: superset-data
- name: superset-config
configMap:
name: superset-config
---
apiVersion: v1
kind: Service
metadata:
name: superset
namespace: {{ .Release.Namespace }}
spec:
selector:
app: superset
ports:
- port: 8088
targetPort: 8088
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: superset-data
namespace: {{ .Release.Namespace }}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.superset.storageSize }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: superset-config
namespace: {{ .Release.Namespace }}
data:
superset_config.py: |
import os
SECRET_KEY = os.getenv("SUPERSET_SECRET_KEY", "stonks-dev-secret-key-change-me")
# Superset metadata DB — use PostgreSQL
SQLALCHEMY_DATABASE_URI = (
f"postgresql+psycopg2://{os.getenv('POSTGRES_USER', 'stonks')}:"
f"{os.getenv('POSTGRES_PASSWORD', 'stonks_dev')}@"
f"{os.getenv('POSTGRES_HOST', 'postgresql-rw.postgresql-service.svc.cluster.local')}:"
f"{os.getenv('POSTGRES_PORT', '5432')}/stonks"
)
FEATURE_FLAGS = {"ENABLE_TEMPLATE_PROCESSING": True}
CACHE_CONFIG = {
"CACHE_TYPE": "RedisCache",
"CACHE_DEFAULT_TIMEOUT": 300,
"CACHE_KEY_PREFIX": "superset_",
"CACHE_REDIS_HOST": os.getenv("REDIS_HOST", "redis-master.redis-service.svc.cluster.local"),
"CACHE_REDIS_PORT": int(os.getenv("REDIS_PORT", "6379")),
"CACHE_REDIS_DB": 1,
}
PUBLIC_ROLE_LIKE = None
SESSION_COOKIE_HTTPONLY = True
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_SAMESITE = "Lax"
TALISMAN_ENABLED = True
TALISMAN_CONFIG = {
"content_security_policy": {
"default-src": ["'self'"],
"img-src": ["'self'", "data:"],
"style-src": ["'self'", "'unsafe-inline'"],
"script-src": ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
},
"force_https": False,
}
PREVENT_UNSAFE_DB_CONNECTIONS = True
ROW_LIMIT = 50000
SQL_MAX_ROW = 100000
{{- end }}
Reference in New Issue View Git Blame Copy Permalink