superset icon indicating copy to clipboard operation
superset copied to clipboard

Published 20 hours ago verified publisher icon apache

refactor(helm): Allow chart operators to exclude the creation of the secret manifest

Open asaf400 opened this issue 4 months ago • 3 comments

SUMMARY

Allow chart operators to exclude the creation of the secret manifest, This would effectively support externally created secret - specifically for the template secret-env.yaml

From externally created sources such as sealed-secrets or external-secrets and others..

  • [ ] Has associated issue:
  • [ ] Required feature flags:
  • [ ] Changes UI
  • [ ] Includes DB Migration (follow approval process in SIP-59)
    • [ ] Migration is atomic, supports rollback & is backwards-compatible
    • [ ] Confirm DB migration upgrade and downgrade tested
    • [ ] Runtime estimates and downtime expectations provided
  • [ ] Introduces new feature or API
  • [ ] Removes existing feature or API

asaf400 avatar May 01 '24 13:05 asaf400

Looks good! You'll need to re-gen the chart readme and bump the chart version

Sure, will do, also verify, I'm suspicious of how helm would deal with the declaimer header, then the if, Usually the if would be the top level 'item'.

I'll test that as well

asaf400 avatar May 01 '24 15:05 asaf400

seems legit 👍

Locally against my PR branch with default values (explicit default for new parameter)

[root@LAPTOP-ASAF-T14 superset]# helm template . --set secretEnv.create=true -s templates/secret-env.yaml --debug
install.go:218: [debug] Original chart version: ""
install.go:235: [debug] CHART PATH: /opt/gits/superset/helm/superset

---
# Source: superset/templates/secret-env.yaml
apiVersion: v1
kind: Secret
metadata:
  name: release-name-superset-env
  namespace: default
  labels:
    app: release-name-superset
    chart: superset-0.12.9
    release: "release-name"
    heritage: "Helm"
type: Opaque
stringData:
    REDIS_HOST: "release-name-redis-headless"
    REDIS_USER: ""
    REDIS_PORT: "6379"
    REDIS_PROTO: "redis"
    REDIS_DB: "1"
    REDIS_CELERY_DB: "0"
    DB_HOST: "release-name-postgresql"
    DB_PORT: "5432"
    DB_USER: "superset"
    DB_PASS: "superset"
    DB_NAME: "superset"

And now with the new parameter as false:

[root@LAPTOP-ASAF-T14 superset]# helm template . --set secretEnv.create=false -s templates/secret-env.yaml --debug
install.go:218: [debug] Original chart version: ""
install.go:235: [debug] CHART PATH: /opt/gits/superset/helm/superset

Error: could not find template templates/secret-env.yaml in chart
helm.go:84: [debug] could not find template templates/secret-env.yaml in chart

asaf400 avatar May 01 '24 15:05 asaf400

Done, bumped & generated

asaf400 avatar May 01 '24 16:05 asaf400

Just for future reference and search indexing, For those using ArgoCD with the old versions of superset's helm chart and wish to use external secrets, I have had limited success with ignoreDifferences:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: superset
  namespace: argocd
spec:
  ignoreDifferences:
    - kind: "Secret"
      group: "v1"
      jsonPointers:
        - /stringData/DB_HOST
        - /stringData/DB_NAME
        - /stringData/DB_PORT
        - /stringData/DB_PASS
        - /stringData/DB_USER
        - /stringData/REDIS_HOST
        - /stringData/
        - /data/DB_HOST
        - /data/DB_NAME
        - /data/DB_PORT
        - /data/DB_PASS
        - /data/DB_USER
        - /data/REDIS_HOST
        - /data
  project: default
  source:
    chart: superset
    repoURL: https://apache.github.io/superset
    targetRevision: 0.10.0

asaf400 avatar May 06 '24 11:05 asaf400