From eeb2e32e3f16dc5196d5119527ab692ddd5dd1f7 Mon Sep 17 00:00:00 2001 From: Preet Shah Date: Wed, 6 Dec 2023 19:47:13 +0530 Subject: [PATCH] update the omd chart to provide option to create secrets --- charts/openmetadata/templates/secrets.yaml | 21 +++++++++++++---- charts/openmetadata/values.schema.json | 27 +++++++++++++++++----- charts/openmetadata/values.yaml | 8 ++++++- 3 files changed, 45 insertions(+), 11 deletions(-) diff --git a/charts/openmetadata/templates/secrets.yaml b/charts/openmetadata/templates/secrets.yaml index 7e2a52eb..caba69a0 100644 --- a/charts/openmetadata/templates/secrets.yaml +++ b/charts/openmetadata/templates/secrets.yaml @@ -12,6 +12,7 @@ data: {{ end }} {{ end }} +{{- if .Values.openmetadata.config.database.enabled }} --- apiVersion: v1 kind: Secret @@ -28,7 +29,9 @@ data: DB_PARAMS: {{ .dbParams | b64enc | quote }} DB_USER: {{ .auth.username | b64enc }} {{ end }} +{{ end }} +{{- if .Values.openmetadata.config.elasticsearch.enabled }} --- apiVersion: v1 kind: Secret @@ -50,9 +53,10 @@ data: ELASTICSEARCH_USER: {{ .auth.username | quote | b64enc }} {{ end }} {{ end }} +{{ end }} ---- {{- if .Values.openmetadata.config.pipelineServiceClientConfig.enabled }} +--- apiVersion: v1 kind: Secret metadata: @@ -75,6 +79,7 @@ data: {{ end }} {{ end }} +{{- if .Values.openmetadata.config.authorizer.enabled }} --- apiVersion: v1 kind: Secret @@ -91,6 +96,7 @@ data: {{ end }} AUTHORIZER_ADMIN_PRINCIPALS: {{ include "OpenMetadata.commaJoinedQuotedEncodedList" (dict "value" .Values.openmetadata.config.authorizer.initialAdmins ) }} AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: {{ include "OpenMetadata.commaJoinedQuotedEncodedList" (dict "value" .Values.openmetadata.config.authorizer.allowedEmailRegistrationDomains) }} +{{ end }} --- apiVersion: v1 @@ -106,8 +112,8 @@ data: SERVER_ADMIN_PORT: {{ .adminPort | quote | b64enc }} {{ end }} ---- {{- if .Values.openmetadata.config.smtpConfig.enableSmtpServer }} +--- apiVersion: v1 kind: Secret metadata: @@ -127,6 +133,7 @@ data: {{ end }} {{ end }} +{{- if .Values.openmetadata.config.secretsManager.enabled }} --- apiVersion: v1 kind: Secret @@ -140,9 +147,10 @@ data: OM_SM_REGION: {{ .additionalParameters.region | quote | b64enc }} {{ end }} {{ end }} +{{ end }} ---- {{- if .Values.openmetadata.config.jwtTokenConfiguration.enabled }} +--- apiVersion: v1 kind: Secret metadata: @@ -157,6 +165,7 @@ data: {{ end }} {{ end }} +{{- if .Values.openmetadata.config.web.enabled }} --- apiVersion: v1 kind: Secret @@ -185,7 +194,9 @@ data: WEB_CONF_PERMISSION_POLICY_ENABLED: {{ .permissionPolicy.enabled | quote | b64enc }} WEB_CONF_PERMISSION_POLICY_OPTION: {{ .permissionPolicy.option | quote | b64enc }} {{ end }} +{{ end }} +{{- if .Values.openmetadata.config.authentication.enabled }} --- apiVersion: v1 kind: Secret @@ -251,7 +262,9 @@ data: {{ end }} {{ end }} {{ end }} +{{ end }} +{{- if .Values.openmetadata.config.eventMonitor.enabled }} --- apiVersion: v1 kind: Secret @@ -265,6 +278,7 @@ data: {{ end }} EVENT_MONITOR_PATH_PATTERN: {{ include "OpenMetadata.commaJoinedQuotedEncodedList" (dict "value" .Values.openmetadata.config.eventMonitor.pathPattern) }} EVENT_MONITOR_LATENCY: {{ include "OpenMetadata.commaJoinedQuotedEncodedList" (dict "value" .Values.openmetadata.config.eventMonitor.latency) }} +{{ end }} --- apiVersion: v1 @@ -276,5 +290,4 @@ data: {{- with .Values.openmetadata.config }} LOG_LEVEL: {{ .logLevel | b64enc }} OPENMETADATA_CLUSTER_NAME: {{ .clusterName | b64enc }} - MASK_PASSWORDS_API: {{ .maskPasswordsApi | quote | b64enc }} {{ end }} \ No newline at end of file diff --git a/charts/openmetadata/values.schema.json b/charts/openmetadata/values.schema.json index 3169a681..92f80ed9 100644 --- a/charts/openmetadata/values.schema.json +++ b/charts/openmetadata/values.schema.json @@ -46,6 +46,9 @@ "uriPath": { "type": "string" }, + "enabled": { + "type": "boolean" + }, "hsts": { "type": "object", "additionalProperties": false, @@ -204,9 +207,6 @@ "metadataApiEndpoint": { "type": "string" }, - "maskPasswordsApi": { - "type": "boolean" - }, "sslCertificatePath": { "type": "string" }, @@ -240,6 +240,9 @@ "type": "string" } }, + "enabled": { + "type": "boolean" + }, "provider": { "type": "string", "enum": [ @@ -520,6 +523,9 @@ "org.openmetadata.service.security.DefaultAuthorizer" ] }, + "enabled": { + "type": "boolean" + }, "containerRequestFilter": { "type": "string", "enum": [ @@ -574,6 +580,9 @@ "databaseName": { "type": "string" }, + "enabled": { + "type": "boolean" + }, "dbScheme": { "type": "string" }, @@ -645,6 +654,9 @@ "opensearch" ] }, + "enabled": { + "type": "boolean" + }, "socketTimeoutSecs": { "type": "integer" }, @@ -688,6 +700,9 @@ "cloudwatch" ] }, + "enabled": { + "type": "boolean" + }, "batchSize": { "type": "integer" }, @@ -807,6 +822,9 @@ "managed-aws-ssm", "in-memory" ] + }, + "enabled": { + "type": "boolean" } } }, @@ -854,9 +872,6 @@ "type": "string" } } - }, - "maskPasswordsApi": { - "type": "boolean" } } } diff --git a/charts/openmetadata/values.yaml b/charts/openmetadata/values.yaml index 3e8b6d53..0eb384cb 100644 --- a/charts/openmetadata/values.yaml +++ b/charts/openmetadata/values.yaml @@ -13,7 +13,6 @@ openmetadata: # Values can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL logLevel: INFO clusterName: openmetadata - maskPasswordsApi: false openmetadata: host: openmetadata # URI to use with OpenMetadata Alerts Integrations @@ -21,6 +20,7 @@ openmetadata: port: 8585 adminPort: 8586 elasticsearch: + enabled: true host: opensearch searchType: opensearch port: 9200 @@ -43,6 +43,7 @@ openmetadata: secretRef: elasticsearch-secrets secretKey: openmetadata-elasticsearch-password database: + enabled: true host: mysql port: 3306 driverClass: com.mysql.cj.jdbc.Driver @@ -76,6 +77,7 @@ openmetadata: secretRef: airflow-secrets secretKey: openmetadata-airflow-password authorizer: + enabled: true className: "org.openmetadata.service.security.DefaultAuthorizer" containerRequestFilter: "org.openmetadata.service.security.JwtFilter" initialAdmins: @@ -86,6 +88,7 @@ openmetadata: enforcePrincipalDomain: false enableSecureSocketConnection: false authentication: + enabled: true provider: "basic" publicKeys: - "http://openmetadata:8585/api/v1/system/config/jwks" @@ -174,6 +177,7 @@ openmetadata: secretRef: "" secretKey: "" eventMonitor: + enabled: true # Possible values are prometheus and cloudwatch type: prometheus batchSize: 10 @@ -199,6 +203,7 @@ openmetadata: secretRef: "" secretKey: "" secretsManager: + enabled: true # Possible values are noop, aws, aws-ssm, managed-aws, managed-aws-ssm, in-memory provider: noop additionalParameters: @@ -215,6 +220,7 @@ openmetadata: # --from-literal=aws-access-key-secret= \ # --from-literal=aws-secret-access-key-secret= web: + enabled: true uriPath: "/api" hsts: enabled: false