Skip to content

Commit

Permalink
update the omd chart to provide option to create secrets
Browse files Browse the repository at this point in the history
  • Loading branch information
@preetsshah
preetsshah committed Dec 6, 2023
1 parent ee41a27 commit eeb2e32
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 11 deletions.
21 changes: 17 additions & 4 deletions charts/openmetadata/templates/secrets.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ data:
{{ end }}
{{ end }}

{{- if .Values.openmetadata.config.database.enabled }}
---
apiVersion: v1
kind: Secret
Expand All @@ -28,7 +29,9 @@ data:
DB_PARAMS: {{ .dbParams | b64enc | quote }}
DB_USER: {{ .auth.username | b64enc }}
{{ end }}
{{ end }}

{{- if .Values.openmetadata.config.elasticsearch.enabled }}
---
apiVersion: v1
kind: Secret
Expand All @@ -50,9 +53,10 @@ data:
ELASTICSEARCH_USER: {{ .auth.username | quote | b64enc }}
{{ end }}
{{ end }}
{{ end }}

---
{{- if .Values.openmetadata.config.pipelineServiceClientConfig.enabled }}
---
apiVersion: v1
kind: Secret
metadata:
Expand All @@ -75,6 +79,7 @@ data:
{{ end }}
{{ end }}

{{- if .Values.openmetadata.config.authorizer.enabled }}
---
apiVersion: v1
kind: Secret
Expand All @@ -91,6 +96,7 @@ data:
{{ end }}
AUTHORIZER_ADMIN_PRINCIPALS: {{ include "OpenMetadata.commaJoinedQuotedEncodedList" (dict "value" .Values.openmetadata.config.authorizer.initialAdmins ) }}
AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: {{ include "OpenMetadata.commaJoinedQuotedEncodedList" (dict "value" .Values.openmetadata.config.authorizer.allowedEmailRegistrationDomains) }}
{{ end }}

---
apiVersion: v1
Expand All @@ -106,8 +112,8 @@ data:
SERVER_ADMIN_PORT: {{ .adminPort | quote | b64enc }}
{{ end }}

---
{{- if .Values.openmetadata.config.smtpConfig.enableSmtpServer }}
---
apiVersion: v1
kind: Secret
metadata:
Expand All @@ -127,6 +133,7 @@ data:
{{ end }}
{{ end }}

{{- if .Values.openmetadata.config.secretsManager.enabled }}
---
apiVersion: v1
kind: Secret
Expand All @@ -140,9 +147,10 @@ data:
OM_SM_REGION: {{ .additionalParameters.region | quote | b64enc }}
{{ end }}
{{ end }}
{{ end }}

---
{{- if .Values.openmetadata.config.jwtTokenConfiguration.enabled }}
---
apiVersion: v1
kind: Secret
metadata:
Expand All @@ -157,6 +165,7 @@ data:
{{ end }}
{{ end }}

{{- if .Values.openmetadata.config.web.enabled }}
---
apiVersion: v1
kind: Secret
Expand Down Expand Up @@ -185,7 +194,9 @@ data:
WEB_CONF_PERMISSION_POLICY_ENABLED: {{ .permissionPolicy.enabled | quote | b64enc }}
WEB_CONF_PERMISSION_POLICY_OPTION: {{ .permissionPolicy.option | quote | b64enc }}
{{ end }}
{{ end }}

{{- if .Values.openmetadata.config.authentication.enabled }}
---
apiVersion: v1
kind: Secret
Expand Down Expand Up @@ -251,7 +262,9 @@ data:
{{ end }}
{{ end }}
{{ end }}
{{ end }}

{{- if .Values.openmetadata.config.eventMonitor.enabled }}
---
apiVersion: v1
kind: Secret
Expand All @@ -265,6 +278,7 @@ data:
{{ end }}
EVENT_MONITOR_PATH_PATTERN: {{ include "OpenMetadata.commaJoinedQuotedEncodedList" (dict "value" .Values.openmetadata.config.eventMonitor.pathPattern) }}
EVENT_MONITOR_LATENCY: {{ include "OpenMetadata.commaJoinedQuotedEncodedList" (dict "value" .Values.openmetadata.config.eventMonitor.latency) }}
{{ end }}

---
apiVersion: v1
Expand All @@ -276,5 +290,4 @@ data:
{{- with .Values.openmetadata.config }}
LOG_LEVEL: {{ .logLevel | b64enc }}
OPENMETADATA_CLUSTER_NAME: {{ .clusterName | b64enc }}
MASK_PASSWORDS_API: {{ .maskPasswordsApi | quote | b64enc }}
{{ end }}
27 changes: 21 additions & 6 deletions charts/openmetadata/values.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,9 @@
"uriPath": {
"type": "string"
},
"enabled": {
"type": "boolean"
},
"hsts": {
"type": "object",
"additionalProperties": false,
Expand Down Expand Up @@ -204,9 +207,6 @@
"metadataApiEndpoint": {
"type": "string"
},
"maskPasswordsApi": {
"type": "boolean"
},
"sslCertificatePath": {
"type": "string"
},
Expand Down Expand Up @@ -240,6 +240,9 @@
"type": "string"
}
},
"enabled": {
"type": "boolean"
},
"provider": {
"type": "string",
"enum": [
Expand Down Expand Up @@ -520,6 +523,9 @@
"org.openmetadata.service.security.DefaultAuthorizer"
]
},
"enabled": {
"type": "boolean"
},
"containerRequestFilter": {
"type": "string",
"enum": [
Expand Down Expand Up @@ -574,6 +580,9 @@
"databaseName": {
"type": "string"
},
"enabled": {
"type": "boolean"
},
"dbScheme": {
"type": "string"
},
Expand Down Expand Up @@ -645,6 +654,9 @@
"opensearch"
]
},
"enabled": {
"type": "boolean"
},
"socketTimeoutSecs": {
"type": "integer"
},
Expand Down Expand Up @@ -688,6 +700,9 @@
"cloudwatch"
]
},
"enabled": {
"type": "boolean"
},
"batchSize": {
"type": "integer"
},
Expand Down Expand Up @@ -807,6 +822,9 @@
"managed-aws-ssm",
"in-memory"
]
},
"enabled": {
"type": "boolean"
}
}
},
Expand Down Expand Up @@ -854,9 +872,6 @@
"type": "string"
}
}
},
"maskPasswordsApi": {
"type": "boolean"
}
}
}
Expand Down
8 changes: 7 additions & 1 deletion charts/openmetadata/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,14 +13,14 @@ openmetadata:
# Values can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL
logLevel: INFO
clusterName: openmetadata
maskPasswordsApi: false
openmetadata:
host: openmetadata
# URI to use with OpenMetadata Alerts Integrations
uri: "http://openmetadata:8585"
port: 8585
adminPort: 8586
elasticsearch:
enabled: true
host: opensearch
searchType: opensearch
port: 9200
Expand All @@ -43,6 +43,7 @@ openmetadata:
secretRef: elasticsearch-secrets
secretKey: openmetadata-elasticsearch-password
database:
enabled: true
host: mysql
port: 3306
driverClass: com.mysql.cj.jdbc.Driver
Expand Down Expand Up @@ -76,6 +77,7 @@ openmetadata:
secretRef: airflow-secrets
secretKey: openmetadata-airflow-password
authorizer:
enabled: true
className: "org.openmetadata.service.security.DefaultAuthorizer"
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
initialAdmins:
Expand All @@ -86,6 +88,7 @@ openmetadata:
enforcePrincipalDomain: false
enableSecureSocketConnection: false
authentication:
enabled: true
provider: "basic"
publicKeys:
- "http://openmetadata:8585/api/v1/system/config/jwks"
Expand Down Expand Up @@ -174,6 +177,7 @@ openmetadata:
secretRef: ""
secretKey: ""
eventMonitor:
enabled: true
# Possible values are prometheus and cloudwatch
type: prometheus
batchSize: 10
Expand All @@ -199,6 +203,7 @@ openmetadata:
secretRef: ""
secretKey: ""
secretsManager:
enabled: true
# Possible values are noop, aws, aws-ssm, managed-aws, managed-aws-ssm, in-memory
provider: noop
additionalParameters:
Expand All @@ -215,6 +220,7 @@ openmetadata:
# --from-literal=aws-access-key-secret=<access_key_id_value> \
# --from-literal=aws-secret-access-key-secret=<access_key_secret_value>
web:
enabled: true
uriPath: "/api"
hsts:
enabled: false
Expand Down

0 comments on commit eeb2e32

Please sign in to comment.