Update values for demo01-super9

3 months ago · c7516204d2
parent 1c9ebfd117
commit c7516204d2
1 changed files with 183 additions and 0 deletions
--- a/demo01-super9/values.yaml
+++ b/demo01-super9/values.yaml
@ -0,0 +1,183 @@
+#version: superset, 0.13.5-1
+configOverrides:
+  secret: |
+    SECRET_KEY = 'qXsytMNKfyjK'
+  my_override: |
+    FEATURE_FLAGS = {
+    	"ENABLE_TEMPLATE_REMOVE_FILTERS" : True,
+    	"ENABLE_TEMPLATE_PROCESSING": True,	
+        "DASHBOARD_NATIVE_FILTERS" : True,
+        "DASHBOARD_NATIVE_FILTERS_SET": True
+    }     
+  enable_oauth: |
+    from flask_appbuilder.security.manager import (AUTH_DB, AUTH_OAUTH)
+    from superset.security import SupersetSecurityManager
+    from flask import request
+
+    import requests
+    import logging
+
+    class CustomSsoSecurityManager(SupersetSecurityManager):
+        def oauth_user_info(self, provider, response=None):
+            me = self.appbuilder.sm.oauth_remotes[provider].get("openid-connect/userinfo")
+            me.raise_for_status()
+            data = me.json()
+
+            logging.debug("User info from Keycloak: %s", data)
+
+            role = []
+            username = data.get("preferred_username", "")
+            host = request.host
+            dip_api_url =  "http://dip-api.platform.svc.cluster.local:8087"
+            
+            url = f"{dip_api_url}/gwapi/v1/projectusers/{username}"
+            request_data = {"url": f"https://{host}"}
+            response = requests.post(url, json=request_data, headers={"Content-Type": "application/json"}, verify=False)
+
+            if response.status_code == 200:
+                logging.info(f"API 요청 성공: {response.status_code}, {response.text}")
+                role.append(response.json().get("roleName",""))
+            else:
+                logging.info(f"API 요청 실패: {response.status_code}, {response.text}")
+                role.append("")
+
+            return {
+                "username": data.get("preferred_username", ""),
+                "first_name": data.get("given_name", ""),
+                "last_name": data.get("family_name", ""),
+                "email": data.get("email", ""),
+                "role_keys": role,
+            }
+
+    AUTH_TYPE = AUTH_OAUTH
+    AUTH_USER_REGISTRATION = True
+    AUTH_USER_REGISTRATION_ROLE = "Public"
+    AUTH_ROLES_SYNC_AT_LOGIN = True
+    CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
+
+    OAUTH_PROVIDERS = [
+        {
+            "name": "keycloak",
+            "icon": "fa-key",
+            "token_key": "access_token",
+            "remote_app": {
+                "client_id": "service-demo01-super9",
+                "client_secret": "cb5ddcf2-63ab-4eaa-a2d5-dd3796f6d46c",
+                "client_kwargs": {
+                  "scope": "openid email profile",
+                  'verify': False
+                },
+                'server_metadata_url': 'https://keycloak.gke.paasup.io/realms/paasup/.well-known/openid-configuration',
+                'api_base_url': 'https://keycloak.gke.paasup.io/realms/paasup/protocol/'
+            }
+        }
+    ]
+
+    AUTH_ROLES_MAPPING = {
+    'root': ['Admin'],
+    'admin': ['Admin'],
+    'manager': ['Admin'],
+    'member': ['Alpha'],
+    }
+
+bootstrapScript: |
+  #!/bin/bash
+  pip install sqlalchemy-drill psycopg2-binary Authlib
+
+image:
+  repository: apachesuperset.docker.scarf.sh/apache/superset
+  tag: ~
+  pullPolicy: IfNotPresent
+resources: {}
+nodeSelector: {}
+tolerations: []
+
+ingress:
+  enabled: true
+  annotations:
+    cert-manager.io/cluster-issuer: "root-ca-issuer"
+    cert-manager.io/duration: 8760h
+    cert-manager.io/renew-before: 720h
+    konghq.com/plugins: oidc-plugin, keycloak-authz-plugin
+  path: /
+  pathType: ImplementationSpecific
+  hosts:
+    - "demo01-super9.gke.paasup.io"
+  tls:
+    - hosts:
+        - "demo01-super9.gke.paasup.io"
+      secretName: "demo01-super9-tls-secret"
+
+supersetNode:
+  replicas:
+    enabled: true
+    replicaCount: 1
+
+  connections:
+    redis_host: "demo01-super9-redis-headless"
+    redis_port: "6379"
+    redis_user: ""
+    redis_cache_db: "1"
+    redis_celery_db: "0"
+    redis_ssl:
+      enabled: false
+      ssl_cert_reqs: CERT_NONE
+    db_host: "demo01-super9-postgresql"
+    db_port: "5432"
+    db_user: superset
+    db_pass: "Gb58gQx8Nhw8"
+    db_name: superset
+  resources: {}
+
+supersetWorker:
+  replicas:
+    enabled: true
+    replicaCount: 1
+  resources: {}
+
+supersetCeleryBeat:
+  enabled: false
+  resources: {}
+
+supersetCeleryFlower:
+  enabled: false
+  replicaCount: 1
+  resources: {}
+
+postgresql:
+  enabled: true
+  auth:
+    username: superset
+    password: ""
+    database: superset
+    existingSecret: "demo01-super9-infisicalsecret"
+  image:
+    registry: docker.io
+  primary:
+    resources:
+      limits: {}
+      requests:
+        memory: 256Mi
+        cpu: 250m
+    persistence:
+      enabled: true
+      storageClass: ""
+      size: 8Gi
+
+redis:
+  enabled: true
+  architecture: standalone
+  auth:
+    enabled: false
+    existingSecret: ""
+    existingSecretPasswordKey: ""
+  image:
+    registry: docker.io
+  master:
+    resources:
+      limits: {}
+      requests: {}
+    persistence:
+      enabled: true
+      storageClass: ""
+      size: 8Gi