dip
/
tenant-catalog
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Repository for dip
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
166 Commits
17 Branches
0 Tags
3.2 MiB
Tag: Branch: Tree: 3684e8f7d6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3684e8f7d6'
${ noResults }
tenant-catalog/demo01-super9/values.yaml

185 lines
4.9 KiB
Raw Blame History

#version: superset, 0.13.5-1
configOverrides:
secret: |
SECRET_KEY = 'W5cHzo1QQitb'
my_override: |
FEATURE_FLAGS = {
"ENABLE_TEMPLATE_REMOVE_FILTERS" : True,
"ENABLE_TEMPLATE_PROCESSING": True,
"DASHBOARD_NATIVE_FILTERS" : True,
"DASHBOARD_NATIVE_FILTERS_SET": True
}
enable_oauth: |
from flask_appbuilder.security.manager import (AUTH_DB, AUTH_OAUTH)
from superset.security import SupersetSecurityManager
from flask import request
import requests
import logging
class CustomSsoSecurityManager(SupersetSecurityManager):
def oauth_user_info(self, provider, response=None):
me = self.appbuilder.sm.oauth_remotes[provider].get("openid-connect/userinfo")
me.raise_for_status()
data = me.json()
logging.debug("User info from Keycloak: %s", data)
role = []
username = data.get("preferred_username", "")
host = request.host
dip_api_url = "http://dip-api.platform.svc.cluster.local:8087"
url = f"{dip_api_url}/gwapi/v1/projectusers/{username}"
request_data = {"url": f"https://{host}"}
response = requests.post(url, json=request_data, headers={"Content-Type": "application/json"}, verify=False)
if response.status_code == 200:
logging.info(f"API 요청 성공: {response.status_code}, {response.text}")
role.append(response.json().get("roleName",""))
else:
logging.info(f"API 요청 실패: {response.status_code}, {response.text}")
role.append("")
return {
"username": data.get("preferred_username", ""),
"first_name": data.get("given_name", ""),
"last_name": data.get("family_name", ""),
"email": data.get("email", ""),
"role_keys": role,
}
AUTH_TYPE = AUTH_OAUTH
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Public"
AUTH_ROLES_SYNC_AT_LOGIN = True
CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
OAUTH_PROVIDERS = [
{
"name": "keycloak",
"icon": "fa-key",
"token_key": "access_token",
"remote_app": {
"client_id": "service-demo01-super9",
"client_secret": "ba5646c9-6be0-4355-af0f-66a6b3626530",
"client_kwargs": {
"scope": "openid email profile",
'verify': False
},
'server_metadata_url': 'https://keycloak.gke.paasup.io/realms/paasup/.well-known/openid-configuration',
'api_base_url': 'https://keycloak.gke.paasup.io/realms/paasup/protocol/'
}
}
]
AUTH_ROLES_MAPPING = {
'root': ['Admin'],
'admin': ['Admin'],
'manager': ['Admin'],
'member': ['Alpha'],
}
bootstrapScript: |
#!/bin/bash
apt update
apt install -y pkg-config build-essential default-libmysqlclient-dev libpq-dev
pip install sqlalchemy-drill psycopg2-binary Authlib
pip install mysqlclient
image:
repository: apachesuperset.docker.scarf.sh/apache/superset
tag: ~
pullPolicy: IfNotPresent
resources: {}
nodeSelector: {}
tolerations: []
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
cert-manager.io/duration: 8760h
cert-manager.io/renew-before: 720h
path: /
pathType: ImplementationSpecific
hosts:
- "demo01-super9.gke.paasup.io"
tls:
- hosts:
- "demo01-super9.gke.paasup.io"
secretName: "demo01-super9-tls-secret"
supersetNode:
replicas:
enabled: true
replicaCount: 1
connections:
redis_host: "demo01-super9-redis-headless"
redis_port: "6379"
redis_user: ""
redis_cache_db: "1"
redis_celery_db: "0"
redis_ssl:
enabled: false
ssl_cert_reqs: CERT_NONE
db_host: "demo01-super9-postgresql"
db_port: "5432"
db_user: superset
db_pass: "Gb58gQx8Nhw8"
db_name: superset
resources: {}
supersetWorker:
replicas:
enabled: true
replicaCount: 1
resources: {}
supersetCeleryBeat:
enabled: false
resources: {}
supersetCeleryFlower:
enabled: false
replicaCount: 1
resources: {}
postgresql:
enabled: true
auth:
username: superset
password: ""
database: superset
existingSecret: "demo01-super9-infisicalsecret"
image:
registry: docker.io
primary:
resources:
limits: {}
requests:
memory: 256Mi
cpu: 250m
persistence:
enabled: true
storageClass: ""
size: 8Gi
redis:
enabled: true
architecture: standalone
auth:
enabled: false
existingSecret: ""
existingSecretPasswordKey: ""
image:
registry: docker.io
master:
resources:
limits: {}
requests: {}
persistence:
enabled: true
storageClass: ""
size: 8Gi