Merge branch 'master' into database-registry

apache · May 8, 2023 · 8699eba · 8699eba
2 parents 822ad01 + d96b72d
commit 8699eba
Show file tree

Hide file tree

Showing 118 changed files with 1,901 additions and 1,030 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,50 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master" ]
+    paths:
+      - 'superset/**'
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "master" ]
+    paths:
+      - 'superset/**'
+  schedule:
+    - cron: '0 4 * * *'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-22.04
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'python' ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+
+          # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          # queries: security-extended,security-and-quality
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:${{matrix.language}}"
diff --git a/docs/docs/installation/setup-ssh-tunneling.mdx b/docs/docs/installation/setup-ssh-tunneling.mdx
@@ -9,7 +9,7 @@ version: 1
 
 1. Turn on feature flag
     - Change [`SSH_TUNNELING`](https://github.com/apache/superset/blob/eb8386e3f0647df6d1bbde8b42073850796cc16f/superset/config.py#L489) to `True`
-    - If you want to add more security when establishing the tunnel we allow users to overwrite the `SSHTunnelManager` class (here)[https://github.com/apache/superset/blob/eb8386e3f0647df6d1bbde8b42073850796cc16f/superset/config.py#L507]
+    - If you want to add more security when establishing the tunnel we allow users to overwrite the `SSHTunnelManager` class [here](https://github.com/apache/superset/blob/eb8386e3f0647df6d1bbde8b42073850796cc16f/superset/config.py#L507)
     - You can also set the [`SSH_TUNNEL_LOCAL_BIND_ADDRESS`](https://github.com/apache/superset/blob/eb8386e3f0647df6d1bbde8b42073850796cc16f/superset/config.py#L508) this the host address where the tunnel will be accessible on your VPC
 
 2. Create database w/ ssh tunnel enabled

diff --git a/helm/superset/Chart.yaml b/helm/superset/Chart.yaml
@@ -29,7 +29,7 @@ maintainers:
   - name: craig-rueda
     email: [email protected]
     url: https://github.com/craig-rueda
-version: 0.9.3
+version: 0.9.4
 dependencies:
   - name: postgresql
     version: 12.1.6

diff --git a/helm/superset/README.md b/helm/superset/README.md
@@ -23,7 +23,7 @@ NOTE: This file is generated by helm-docs: https://github.com/norwoodj/helm-docs
 
 # superset
 
-![Version: 0.9.3](https://img.shields.io/badge/Version-0.9.3-informational?style=flat-square)
+![Version: 0.9.4](https://img.shields.io/badge/Version-0.9.4-informational?style=flat-square)
 
 Apache Superset is a modern, enterprise-ready business intelligence web application
 
@@ -67,6 +67,7 @@ helm install my-superset superset/superset
 | extraSecrets | object | `{}` | Extra files to mount on `/app/pythonpath` as secrets |
 | extraVolumeMounts | list | `[]` |  |
 | extraVolumes | list | `[]` |  |
+| fullnameOverride | string | `nil` | Provide a name to override the full names of resources |
 | hostAliases | list | `[]` | Custom hostAliases for all superset pods # https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/ |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"apache/superset"` |  |
@@ -76,6 +77,7 @@ helm install my-superset superset/superset
 | ingress.enabled | bool | `false` |  |
 | ingress.extraHostsRaw | list | `[]` |  |
 | ingress.hosts[0] | string | `"chart-example.local"` |  |
+| ingress.ingressClassName | string | `nil` |  |
 | ingress.path | string | `"/"` |  |
 | ingress.pathType | string | `"ImplementationSpecific"` |  |
 | ingress.tls | list | `[]` |  |
@@ -101,6 +103,7 @@ helm install my-superset superset/superset
 | initImage.pullPolicy | string | `"IfNotPresent"` |  |
 | initImage.repository | string | `"jwilder/dockerize"` |  |
 | initImage.tag | string | `"latest"` |  |
+| nameOverride | string | `nil` | Provide a name to override the name of the chart |
 | nodeSelector | object | `{}` |  |
 | postgresql | object | see `values.yaml` | Configuration values for the postgresql dependency. ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md |
 | redis | object | see `values.yaml` | Configuration values for the Redis dependency. ref: https://github.com/bitnami/charts/blob/master/bitnami/redis More documentation can be found here: https://artifacthub.io/packages/helm/bitnami/redis |
@@ -112,7 +115,8 @@ helm install my-superset superset/superset
 | service.port | int | `8088` |  |
 | service.type | string | `"ClusterIP"` |  |
 | serviceAccount.annotations | object | `{}` |  |
-| serviceAccount.create | bool | `false` | Create custom service account for Superset. If create: true and name is not provided, `superset.fullname` will be used. |
+| serviceAccount.create | bool | `false` | Create custom service account for Superset. If create: true and serviceAccountName is not provided, `superset.fullname` will be used. |
+| serviceAccountName | string | `nil` | Specify service account name to be used |
 | supersetCeleryBeat.affinity | object | `{}` | Affinity to be added to supersetCeleryBeat deployment |
 | supersetCeleryBeat.command | list | a `celery beat` command | Command |
 | supersetCeleryBeat.containerSecurityContext | object | `{}` |  |
@@ -151,6 +155,7 @@ helm install my-superset superset/superset
 | supersetCeleryFlower.replicaCount | int | `1` |  |
 | supersetCeleryFlower.resources | object | `{}` | Resource settings for the CeleryBeat pods - these settings overwrite might existing values from the global resources object defined above. |
 | supersetCeleryFlower.service.annotations | object | `{}` |  |
+| supersetCeleryFlower.service.loadBalancerIP | string | `nil` |  |
 | supersetCeleryFlower.service.nodePort.http | int | `"nil"` |  |
 | supersetCeleryFlower.service.port | int | `5555` |  |
 | supersetCeleryFlower.service.type | string | `"ClusterIP"` |  |
@@ -237,6 +242,7 @@ helm install my-superset superset/superset
 | supersetWebsockets.replicaCount | int | `1` |  |
 | supersetWebsockets.resources | object | `{}` |  |
 | supersetWebsockets.service.annotations | object | `{}` |  |
+| supersetWebsockets.service.loadBalancerIP | string | `nil` |  |
 | supersetWebsockets.service.nodePort.http | int | `"nil"` |  |
 | supersetWebsockets.service.port | int | `8080` |  |
 | supersetWebsockets.service.type | string | `"ClusterIP"` |  |
@@ -249,6 +255,7 @@ helm install my-superset superset/superset
 | supersetWebsockets.startupProbe.timeoutSeconds | int | `1` |  |
 | supersetWebsockets.strategy | object | `{}` |  |
 | supersetWebsockets.topologySpreadConstraints | list | `[]` | TopologySpreadConstrains to be added to supersetWebsockets deployments |
+| supersetWorker.affinity | object | `{}` | Affinity to be added to supersetWorker deployment |
 | supersetWorker.command | list | a `celery worker` command | Worker startup command |
 | supersetWorker.containerSecurityContext | object | `{}` |  |
 | supersetWorker.deploymentAnnotations | object | `{}` | Annotations to be added to supersetWorker deployment |
@@ -270,5 +277,6 @@ helm install my-superset superset/superset
 | supersetWorker.resources | object | `{}` | Resource settings for the supersetWorker pods - these settings overwrite might existing values from the global resources object defined above. |
 | supersetWorker.startupProbe | object | `{}` | No startup/readiness probes by default since we don't really care about its startup time (it doesn't serve traffic) |
 | supersetWorker.strategy | object | `{}` |  |
+| supersetWorker.topologySpreadConstraints | list | `[]` | TopologySpreadConstrains to be added to supersetWorker deployments |
 | tolerations | list | `[]` |  |
 | topologySpreadConstraints | list | `[]` | TopologySpreadConstrains to be added to all deployments |
diff --git a/helm/superset/templates/service-flower.yaml b/helm/superset/templates/service-flower.yaml
@@ -0,0 +1,50 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements.  See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+{{- if .Values.supersetCeleryFlower.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: "{{ template "superset.fullname" . }}-flower"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ template "superset.name" . }}
+    chart: {{ template "superset.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  {{- with .Values.supersetCeleryFlower.service.annotations }}
+  annotations: {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ .Values.supersetCeleryFlower.service.type }}
+  ports:
+    - port: {{ .Values.supersetCeleryFlower.service.port }}
+      targetPort: flower
+      protocol: TCP
+      name: flower
+      {{- if and (or (eq .Values.supersetCeleryFlower.service.type "NodePort") (eq .Values.supersetCeleryFlower.service.type "LoadBalancer")) (not (empty .Values.supersetCeleryFlower.service.nodePort.http)) }}
+      nodePort: {{ .Values.supersetCeleryFlower.service.nodePort.http }}
+      {{- end }}
+  selector:
+    app: {{ template "superset.name" . }}-flower
+    release: {{ .Release.Name }}
+  {{- if .Values.supersetCeleryFlower.service.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.supersetCeleryFlower.service.loadBalancerIP }}
+  {{- end }}
+{{- end }}
diff --git a/helm/superset/templates/service-ws.yaml b/helm/superset/templates/service-ws.yaml
@@ -0,0 +1,50 @@
+{{/*
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements.  See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+
+{{- if .Values.supersetWebsockets.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: "{{ template "superset.fullname" . }}-ws"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ template "superset.name" . }}
+    chart: {{ template "superset.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  {{- with .Values.supersetWebsockets.service.annotations }}
+  annotations: {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ .Values.supersetWebsockets.service.type }}
+  ports:
+    - port: {{ .Values.supersetWebsockets.service.port }}
+      targetPort: ws
+      protocol: TCP
+      name: ws
+      {{- if and (or (eq .Values.supersetWebsockets.service.type "NodePort") (eq .Values.supersetWebsockets.service.type "LoadBalancer")) (not (empty .Values.supersetWebsockets.service.nodePort.http)) }}
+      nodePort: {{ .Values.supersetWebsockets.service.nodePort.http }}
+      {{- end }}
+  selector:
+    app: "{{ template "superset.name" . }}-ws"
+    release: {{ .Release.Name }}
+  {{- if .Values.supersetWebsockets.service.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.supersetWebsockets.service.loadBalancerIP }}
+  {{- end }}
+{{- end }}
diff --git a/helm/superset/templates/service.yaml b/helm/superset/templates/service.yaml
@@ -46,67 +46,3 @@ spec:
   {{- if .Values.service.loadBalancerIP }}
   loadBalancerIP: {{ .Values.service.loadBalancerIP }}
   {{- end }}
----
-{{- if .Values.supersetCeleryFlower.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: "{{ template "superset.fullname" . }}-flower"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: {{ template "superset.name" . }}
-    chart: {{ template "superset.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  {{- with .Values.supersetCeleryFlower.service.annotations }}
-  annotations: {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  type: {{ .Values.supersetCeleryFlower.service.type }}
-  ports:
-    - port: {{ .Values.supersetCeleryFlower.service.port }}
-      targetPort: flower
-      protocol: TCP
-      name: flower
-      {{- if and (or (eq .Values.supersetCeleryFlower.service.type "NodePort") (eq .Values.supersetCeleryFlower.service.type "LoadBalancer")) (not (empty .Values.supersetCeleryFlower.service.nodePort.http)) }}
-      nodePort: {{ .Values.supersetCeleryFlower.service.nodePort.http }}
-      {{- end }}
-  selector:
-    app: {{ template "superset.name" . }}-flower
-    release: {{ .Release.Name }}
-  {{- if .Values.supersetCeleryFlower.service.loadBalancerIP }}
-  loadBalancerIP: {{ .Values.supersetCeleryFlower.service.loadBalancerIP }}
-  {{- end }}
-{{- end }}
----
-{{- if .Values.supersetWebsockets.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: "{{ template "superset.fullname" . }}-ws"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: {{ template "superset.name" . }}
-    chart: {{ template "superset.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  {{- with .Values.supersetWebsockets.service.annotations }}
-  annotations: {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  type: {{ .Values.supersetWebsockets.service.type }}
-  ports:
-    - port: {{ .Values.supersetWebsockets.service.port }}
-      targetPort: ws
-      protocol: TCP
-      name: ws
-      {{- if and (or (eq .Values.supersetWebsockets.service.type "NodePort") (eq .Values.supersetWebsockets.service.type "LoadBalancer")) (not (empty .Values.supersetWebsockets.service.nodePort.http)) }}
-      nodePort: {{ .Values.supersetWebsockets.service.nodePort.http }}
-      {{- end }}
-  selector:
-    app: "{{ template "superset.name" . }}-ws"
-    release: {{ .Release.Name }}
-  {{- if .Values.supersetWebsockets.service.loadBalancerIP }}
-  loadBalancerIP: {{ .Values.supersetWebsockets.service.loadBalancerIP }}
-  {{- end }}
-{{- end }}
diff --git a/helm/superset/templates/service-account.yaml → helm/superset/templates/serviceaccount.yaml b/helm/superset/templates/service-account.yaml → helm/superset/templates/serviceaccount.yaml
diff --git a/helm/superset/values.yaml b/helm/superset/values.yaml
@@ -22,13 +22,19 @@
 # A README is automatically generated from this file to document it, using helm-docs (see https://github.com/norwoodj/helm-docs)
 # To update it, install helm-docs and run helm-docs from the root of this chart
 
+# -- Provide a name to override the name of the chart
+nameOverride: ~
+# -- Provide a name to override the full names of resources
+fullnameOverride: ~
+
 # -- User ID directive. This user must have enough permissions to run the bootstrap script
 # Running containers as root is not recommended in production. Change this to another UID - e.g. 1000 to be more secure
 runAsUser: 0
 
-# serviceAccountName: superset
+# -- Specify service account name to be used
+serviceAccountName: ~
 serviceAccount:
-  # -- Create custom service account for Superset. If create: true and name is not provided, `superset.fullname` will be used.
+  # -- Create custom service account for Superset. If create: true and serviceAccountName is not provided, `superset.fullname` will be used.
   create: false
   annotations: {}
 
@@ -184,17 +190,16 @@ initImage:
 service:
   type: ClusterIP
   port: 8088
-  annotations:
-    {}
+  annotations: {}
     # cloud.google.com/load-balancer-type: "Internal"
-  loadBalancerIP: null
+  loadBalancerIP: ~
   nodePort:
     # -- (int)
     http: nil
 
 ingress:
   enabled: false
-  # ingressClassName: nginx
+  ingressClassName: ~
   annotations: {}
     # kubernetes.io/tls-acme: "true"
     ## Extend timeout to allow long running queries.
@@ -356,6 +361,10 @@ supersetWorker:
   deploymentAnnotations: {}
   # -- Labels to be added to supersetWorker deployment
   deploymentLabels: {}
+  # -- Affinity to be added to supersetWorker deployment
+  affinity: {}
+  # -- TopologySpreadConstrains to be added to supersetWorker deployments
+  topologySpreadConstraints: []
   # -- Annotations to be added to supersetWorker pods
   podAnnotations: {}
   # -- Labels to be added to supersetWorker pods
@@ -454,6 +463,7 @@ supersetCeleryFlower:
   service:
     type: ClusterIP
     annotations: {}
+    loadBalancerIP: ~
     port: 5555
     nodePort:
       # -- (int)
@@ -557,6 +567,7 @@ supersetWebsockets:
   service:
     type: ClusterIP
     annotations: {}
+    loadBalancerIP: ~
     port: 8080
     nodePort:
       # -- (int)