From 15d8141c679f98d7cf7ef3b10dd742fcde59f052 Mon Sep 17 00:00:00 2001 From: Andrew Chubatiuk Date: Thu, 8 Feb 2024 07:36:30 +0200 Subject: [PATCH] upgraded chart dependencies, move from circleci to github actions --- .circleci/config.yml | 269 ------------------------------------ .github/workflows/ci.yml | 100 ++++++++++++++ README.md | 291 +++++++++++++++++++-------------------- requirements.lock | 12 +- requirements.yaml | 8 +- templates/_helpers.tpl | 22 +-- values.yaml | 52 +++---- 7 files changed, 281 insertions(+), 473 deletions(-) delete mode 100644 .circleci/config.yml create mode 100644 .github/workflows/ci.yml diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 2ff2f87..0000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,269 +0,0 @@ -version: 2.1 - -jobs: - test: - parameters: - helm: - description: "Helm version to test with" - default: "v3.14.0" - type: string - k8s: - description: "Kubernetes version to test with" - default: "v1.28.6" - type: string - machine: - image: ubuntu-2204:2023.04.2 - - environment: - HELM_VERSION: << parameters.helm >> - K8S_VERSION: << parameters.k8s >> - REDASH_UPGRADE_SOURCE: 8.0.2.b37747 - KUBECONFIG: /home/circleci/.kube/config - MINIKUBE_VERSION: v1.32.0 - MINIKUBE_WANTUPDATENOTIFICATION: false - MINIKUBE_WANTREPORTERRORPROMPT: false - MINIKUBE_HOME: /home/circleci - CHANGE_MINIKUBE_NONE_USER: true - DOCKER_LATEST: 1 - - # Working directory needs to match to pass helm lint. - working_directory: ~/redash - - steps: - # Add read-only SSH deploy key - - add_ssh_keys: - fingerprints: - - "1a:be:96:4d:6b:be:57:8e:ba:83:66:43:99:f7:96:bc" - - - checkout - - - run: - name: Install helm - command: | - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 - chmod 700 get_helm.sh - ./get_helm.sh --version "${HELM_VERSION}" - rm get_helm.sh - - - run: - name: Lint chart - command: | - helm lint . - - - run: - name: Setup minikube - command: | - sudo apt-get update - sudo apt-get install -y conntrack - curl -Lo minikube https://github.com/kubernetes/minikube/releases/download/${MINIKUBE_VERSION}/minikube-linux-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/ - - - run: - name: Start minikube - background: true - command: | - sudo -E minikube start --vm-driver=none --kubernetes-version=${K8S_VERSION} - sudo -E minikube addons enable metrics-server - - - run: - name: Setup kubectl - command: | - curl -Lo kubectl https://storage.googleapis.com/kubernetes-release/release/${K8S_VERSION}/bin/linux/amd64/kubectl && chmod +x kubectl && sudo mv kubectl /usr/local/bin/ - mkdir -p ${HOME}/.kube - touch ${HOME}/.kube/config - - - run: - name: Wait for minikube - command: | - timeout 180s bash \< test-values.yaml \<<- EOM - redash: - cookieSecret: $(openssl rand -base64 32) - secretKey: $(openssl rand -base64 32) - env: - REDASH_WEB_WORKERS: 1 - postgresql: - auth: - password: $(openssl rand -base64 32) - adhocWorker: - env: - WORKERS_COUNT: 1 - scheduledWorker: - env: - WORKERS_COUNT: 1 - EOM - - - run: - name: Install chart - command: | - helm upgrade --install redash . --wait -f test-values.yaml - sleep 10 - helm test redash - helm delete redash - - - run: - name: Test chart upgrade - command: | - helm upgrade --install redashup . --wait --set image.tag="${REDASH_UPGRADE_SOURCE}" -f test-values.yaml - kubectl get pod -l "app.kubernetes.io/instance=redashup,app.kubernetes.io/component=server" -o jsonpath="{..image}" - sleep 10 - helm test redashup - kubectl delete pod -l "app.kubernetes.io/instance=redashup,app.kubernetes.io/component=test-connection" - helm upgrade --install redashup . --wait --reset-values -f test-values.yaml - kubectl get pod -l "app.kubernetes.io/instance=redashup,app.kubernetes.io/component=server" -o jsonpath="{..image}" - sleep 10 - helm test redashup - - - run: - name: Debug outout - when: on_fail - command: | - # In case of error, try to display some resource usage and debug logs - kubectl top node || true - kubectl top pod -A || true - kubectl get all -A || true - echo "TEST LOGS" - kubectl describe pod "$(kubectl get pods -l 'app.kubernetes.io/component=test-connection' -o jsonpath='{.items[0].metadata.name}')" - kubectl logs --tail=20 -l "app.kubernetes.io/component=test-connection" || true - echo "INSTALL LOGS" - kubectl logs --tail=40 -l "job-name=redash-install" || true - echo "UPGRADE LOGS" - kubectl logs --tail=40 -l "job-name=redash-upgrade" || true - echo "SERVER LOGS" - kubectl logs --tail=20 -l "app.kubernetes.io/component=server" || true - echo "MINIKUBE LOGS" - minikube logs -n10 || true - - publish: - machine: - image: ubuntu-2204:2023.04.2 - - environment: - YQ_VERSION: v4.34.1 - HELM_VERSION: v3.14.0 - GITHUB_PAGES_BRANCH: gh-pages - - working_directory: ~/redash - - steps: - # Add read-write SSH deploy key - - add_ssh_keys: - fingerprints: - # Primary repo key - - "36:04:b4:4a:31:a6:16:a1:e8:75:da:ee:b7:05:f4:34" - # Testing repo key - - "a1:20:e5:b6:bc:47:94:d1:59:8d:22:4b:7c:8c:04:63" - - - checkout - - - run: - name: Test if we have a new version to publish or not - if we do, tag the repo - command: | - sudo wget -q "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" -O /usr/local/bin/yq - sudo chmod +x /usr/local/bin/yq - VERSION=$(yq eval '.version' Chart.yaml) - echo "Version: $VERSION" - if git show-ref --tags --quiet --verify -- "refs/tags/v$VERSION"; then - echo "Release already exists, skipping publish job" - circleci-agent step halt - else - echo "Tagging release" - git tag "v$VERSION" - git push origin "v$VERSION" - fi - - - run: - name: Install helm - command: | - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 - chmod 700 get_helm.sh - ./get_helm.sh --version "${HELM_VERSION}" - rm get_helm.sh - - - run: - name: Checking out Github Pages branch - command: | - # use git+ssh instead of https - git config --global url."ssh://git@github.com".insteadOf "https://github.com" || true - git config --global gc.auto 0 || true - mkdir -p /tmp/helm - git clone -b "${GITHUB_PAGES_BRANCH}" "${CIRCLE_REPOSITORY_URL}" /tmp/helm/publish - - - run: - name: Package chart and update chart index - command: | - helm package --destination /tmp/helm/publish --dependency-update . - helm repo index /tmp/helm/publish - - - run: - name: Pushing Github Pages branch - command: | - cd /tmp/helm/publish - git config user.email "${CIRCLE_USERNAME}@users.noreply.github.com" - git config user.name CircleCI - # Skip if no new files - safety check to ensure that already deployed chart versions are never updated in place - if ! git status -s | grep '??'; then echo "No new files"; exit 1; fi - git status -s | grep '??' | awk '{ print $2 }' | xargs git add - git commit -a -m "Published by CircleCI ${CIRCLE_BUILD_URL} [skip ci]" - git push origin "${GITHUB_PAGES_BRANCH}" - -workflows: - version: 2 - ci: - jobs: - # We ensure a single variant passes before running the others - # This makes tests take a bit longer but conserves resources - - test: - name: h3k26 - helm: v3.14.0 - k8s: v1.26.13 - - test: - name: h3k27 - helm: v3.14.0 - k8s: v1.27.10 - requires: - - h3k26 - - test: - name: h3k28 - helm: v3.14.0 - k8s: v1.28.6 - requires: - - h3k26 - - test: - name: h3k29 - helm: v3.14.0 - k8s: v1.29.1 - requires: - - h3k26 - - publish: - # The publish step depends on all the test steps passing - requires: - - h3k26 - - h3k27 - - h3k28 - - h3k29 - filters: - branches: - only: - - master diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..cee7c98 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,100 @@ +yq '.version' Chart.yamlname: Validate on Minikube +on: + push: + branches: + - master + pull_request: +jobs: + test-on-minikube: + strategy: + matrix: + k8s: + - v1.26.13 + - v1.27.10 + - v1.28.6 + - v1.29.1 + runs-on: ubuntu-22.04 + steps: + - uses: medyagh/setup-minikube@v0.0.14 + with: + kubernetes-version: ${{ matrix.k8s }} + - uses: actions/checkout@v4 + with: + fetch-depth: 1 + - uses: azure/setup-helm@v3 + - name: testing helm chart + run: | + helm lint . + helm dependency build . + cat > test-values.yaml <<- EOM + redash: + cookieSecret: $(openssl rand -base64 32) + secretKey: $(openssl rand -base64 32) + env: + REDASH_WEB_WORKERS: 1 + postgresql: + auth: + password: $(openssl rand -base64 32) + adhocWorker: + env: + WORKERS_COUNT: 1 + scheduledWorker: + env: + WORKERS_COUNT: 1 + EOM + helm upgrade --install redash . --wait -f test-values.yaml + sleep 10 + helm test redash + helm delete redash + helm upgrade --install redashup . --wait -f test-values.yaml + kubectl get pod -l "app.kubernetes.io/instance=redashup,app.kubernetes.io/component=server" -o jsonpath="{..image}" + sleep 10 + helm test redashup + kubectl delete pod -l "app.kubernetes.io/instance=redashup,app.kubernetes.io/component=test-connection" + helm upgrade --install redashup . --wait --reset-values -f test-values.yaml + kubectl get pod -l "app.kubernetes.io/instance=redashup,app.kubernetes.io/component=server" -o jsonpath="{..image}" + sleep 10 + helm test redashup + kubectl top node || true + kubectl top pod -A || true + kubectl get all -A || true + echo "TEST LOGS" + kubectl describe pod "$(kubectl get pods -l 'app.kubernetes.io/component=test-connection' -o jsonpath='{.items[0].metadata.name}')" + kubectl logs --tail=20 -l "app.kubernetes.io/component=test-connection" || true + echo "INSTALL LOGS" + kubectl logs --tail=40 -l "job-name=redash-install" || true + echo "UPGRADE LOGS" + kubectl logs --tail=40 -l "job-name=redash-upgrade" || true + echo "SERVER LOGS" + kubectl logs --tail=20 -l "app.kubernetes.io/component=server" || true + echo "MINIKUBE LOGS" + minikube logs -n10 || true + publish-chart: + needs: test-on-minikube + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - uses: azure/setup-helm@v3 + - id: get-chart-version + uses: mikefarah/yq@master + with: + cmd: yq '.version' Chart.yaml + - id: skip-check + env: + VERSION: v${{ steps.get-chart-version.outputs.result }} + run: | + if git show-ref --tags --quiet --verify -- "refs/tags/$VERSION"; then + echo "Release already exists, skipping publish job" + echo skip=true >> "$GITHUB_OUTPUT" + else + echo "Tagging release" + git tag "$VERSION" + git push origin "$VERSION" + echo skip=false >> "$GITHUB_OUTPUT" + fi + - uses: helm/chart-releaser-action@v1.6.0 + if: steps.skip-check.outputs.skip == 'false' + with: + CR_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/README.md b/README.md index eecb756..82ce3dc 100644 --- a/README.md +++ b/README.md @@ -35,9 +35,11 @@ redash: cookieSecret: $(openssl rand -base64 32) secretKey: $(openssl rand -base64 32) postgresql: - postgresqlPassword: $(openssl rand -base64 32) + auth: + password: $(openssl rand -base64 32) redis: - password: $(openssl rand -base64 32) + auth: + password: $(openssl rand -base64 32) EOM ``` @@ -63,10 +65,10 @@ The command removes all the Kubernetes components associated with the chart and ## Requirements -| Repository | Name | Version | -| --------------------------------------------------------------------------- | ---------- | -------- | -| https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami | postgresql | ^8.10.14 | -| https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami | redis | ^10.8.2 | +| Repository | Name | Version | +| ---------------------------------------- | ---------- | ------- | +| oci://registry-1.docker.io/bitnamicharts | postgresql | ^13.4.1 | +| oci://registry-1.docker.io/bitnamicharts | redis | ^18.9.0 | ## Configuration @@ -134,148 +136,141 @@ The following table lists the configurable parameters of the Redash chart and th | ingress.tls | list | `[]` | Ingress TLS configuration | | nameOverride | string | `""` | | | postgresql.enabled | bool | `true` | Whether to deploy a PostgreSQL server to satisfy the applications database requirements. To use an external PostgreSQL set this to false and configure the externalPostgreSQL parameter. | -| postgresql.image.tag | string | `"9.6.17-debian-10-r3"` | Bitnami supported version close to the one specified in Redash [setup docker-compose.yml](https://github.com/getredash/setup/blob/master/data/docker-compose.yml) | -| postgresql.persistence.accessMode | string | `"ReadWriteOnce"` | Use PostgreSQL volume as ReadOnly or ReadWrite | -| postgresql.persistence.enabled | bool | `true` | Use a PVC to persist PostgreSQL data (when postgresql chart enabled) | -| postgresql.persistence.size | string | `"10Gi"` | PVC Storage Request size for PostgreSQL volume | -| postgresql.persistence.storageClass | string | `""` | | -| postgresql.postgresqlDatabase | string | `"redash"` | PostgreSQL database name (when postgresql chart enabled) | -| postgresql.postgresqlPassword | string | `nil` | REQUIRED: PostgreSQL password for redash user (when postgresql chart enabled) | -| postgresql.postgresqlUsername | string | `"redash"` | PostgreSQL username for redash user (when postgresql chart enabled) | -| postgresql.service.port | int | `5432` | | -| postgresql.service.type | string | `"ClusterIP"` | | -| redash.additionalDestinations | string | `""` | `REDASH_ADDITIONAL_DESTINATIONS` value. Comma-separated list of non-default alert destinations to be enabled. | -| redash.additionalQueryRunners | string | `""` | `REDASH_ADDITIONAL_QUERY_RUNNERS` value. Comma-separated list of non-default query runners to be enabled. | -| redash.adhocQueryTimeLimit | string | None | `REDASH_ADHOC_QUERY_TIME_LIMIT` value. Time limit for adhoc queries (in seconds). | -| redash.alertsDefaultMailSubjectTemplate | string | ({state}) {alert_name} | `REDASH_ALERTS_DEFAULT_MAIL_SUBJECT_TEMPLATE` value. Subject used for email alert notifications. `{state}` and `{alert_name}` are the only available variables.. | -| redash.allowScriptsInUserInput | string | false | `REDASH_ALLOW_SCRIPTS_IN_USER_INPUT` value. Disable sanitization of text input, allowing full html. | -| redash.authType | string | api_key | `REDASH_AUTH_TYPE` value. May be either `api_key` or `hmac`. implemented [here](https://github.com/getredash/redash/pull/385). | -| redash.bigqueryHttpTimeout | string | 600 | `REDASH_BIGQUERY_HTTP_TIMEOUT` value. Http timeout for the bigquery query runner. | -| redash.blockedDomains | string | "qq.com" | `REDASH_BLOCKED_DOMAINS` value. Comma separated of email domains that cannot create user accounts. | -| redash.cookieSecret | string | `""` | REQUIRED `REDASH_COOKIE_SECRET` value. Required. used for various cryptographic features of the web server. read more about how redash uses secret keys [here]({% link _kb/open-source/admin-guide/secrets.md %}). Stored as a Secret value. | -| redash.corsAccessControlAllowCredentials | string | false | `REDASH_CORS_ACCESS_CONTROL_ALLOW_CREDENTIALS` value. | -| redash.corsAccessControlAllowHeaders | string | Content-Type | `REDASH_CORS_ACCESS_CONTROL_ALLOW_HEADERS` value. | -| redash.corsAccessControlAllowOrigin | string | `""` | `REDASH_CORS_ACCESS_CONTROL_ALLOW_ORIGIN` value. | -| redash.corsAccessControlRequestMethod | string | GET, POST, PUT | `REDASH_CORS_ACCESS_CONTROL_REQUEST_METHOD` value. | -| redash.dashboardRefreshIntervals | string | 60,300,600,1800,3600,43200,86400 | `REDASH_DASHBOARD_REFRESH_INTERVALS` value. Comma-separated list of integer seconds that will be allowed for dashboard refresh. | -| redash.dateFormat | string | DD/MM/YY | `REDASH_DATE_FORMAT` value. Moment.js format to be used throughout the web application. | -| redash.disablePublicUrls | string | "false" | `REDASH_DISABLE_PUBLIC_URLS` value. Whether to disable access to public urls. | -| redash.disabledQueryRunners | string | `""` | `REDASH_DISABLED_QUERY_RUNNERS` value. Comma-separated list of query runners that will not appear in redash. | -| redash.enabledDestinations | string | ”,”.join(default_destinations) | `REDASH_ENABLED_DESTINATIONS` value. Comma-separated list of alert destinations to be enabled (e.g. `redash.destinations.email,redash.destinations.slack` ). | -| redash.enabledQueryRunners | string | ”,”.join(default_query_runners) | `REDASH_ENABLED_QUERY_RUNNERS` value. Comma-separated list of query runners to be enabled (e.g. `redash.query_runner.pg,redash.query_runner.mysql`). | -| redash.enforceHttps | string | false | `REDASH_ENFORCE_HTTPS` value. This is passed to [flask-talisman](https://github.com/googlecloudplatform/flask-talisman). | -| redash.eventReportingWebhooks | string | `""` | `REDASH_EVENT_REPORTING_WEBHOOKS` value. Comma-separated list of webhook urls that to which events will be forwarded. | -| redash.featureAllowCustomJsVisualizations | string | false | `REDASH_FEATURE_ALLOW_CUSTOM_JS_VISUALIZATIONS` value. Enable the custom visualization option. this appears as a sub-type of "chart" visualizations in the ui.. | -| redash.featureAutoPublishNamedQueries | string | true | `REDASH_FEATURE_AUTO_PUBLISH_NAMED_QUERIES` value. Automatically publish a new query after its name is changed from "new query". | -| redash.featureDisableRefreshQueries | string | false | `REDASH_FEATURE_DISABLE_REFRESH_QUERIES` value. Disable scheduled query execution. | -| redash.featureShowPermissionsControl | string | false | `REDASH_FEATURE_SHOW_PERMISSIONS_CONTROL` value. Enable experimental multiple owners support. | -| redash.featureShowQueryResultsCount | string | true | `REDASH_FEATURE_SHOW_QUERY_RESULTS_COUNT` value. Disable/enable showing count of query results in status. | -| redash.googleClientId | string | `""` | `REDASH_GOOGLE_CLIENT_ID` value. The client id to use for google login, be sure to set a client secret as well. | -| redash.googleClientSecret | string | `""` | `REDASH_GOOGLE_CLIENT_SECRET` value. The client secret to use for google login, be sure to set a client id as well. Stored as a Secret value. | -| redash.host | string | `""` | `REDASH_HOST` value. The url host used in emails sent to users (invites, alerts, notifications) etc.. | -| redash.invitationTokenMaxAge | string | 60 _ 60 _ 24 \* 7 | `REDASH_INVITATION_TOKEN_MAX_AGE` value. An integer number of seconds after which an invitation link will expire. | -| redash.jobExpiryTime | string | 3600 \* 12 | `REDASH_JOB_EXPIRY_TIME` value. Ttl in seconds for jobs placed in queue. if a job is not picked up by a worker within this ttl it will expire.. | -| redash.jwtAuthAlgorithms | string | HS256,RS256,ES256 | `REDASH_JWT_AUTH_ALGORITHMS` value. | -| redash.jwtAuthAudience | string | `""` | `REDASH_JWT_AUTH_AUDIENCE` value. | -| redash.jwtAuthCookieName | string | `""` | `REDASH_JWT_AUTH_COOKIE_NAME` value. | -| redash.jwtAuthHeaderName | string | `""` | `REDASH_JWT_AUTH_HEADER_NAME` value. | -| redash.jwtAuthIssuer | string | `""` | `REDASH_JWT_AUTH_ISSUER` value. | -| redash.jwtAuthPublicCertsUrl | string | `""` | `REDASH_JWT_AUTH_PUBLIC_CERTS_URL` value. | -| redash.jwtLoginEnabled | string | false | `REDASH_JWT_LOGIN_ENABLED` value. | -| redash.ldapBindDn | string | None | `REDASH_LDAP_BIND_DN` value. | -| redash.ldapBindDnPassword | string | `""` | `REDASH_LDAP_BIND_DN_PASSWORD` value. Stored as a Secret value. | -| redash.ldapCustomUsernamePrompt | string | LDAP/AD/SSO username: | `REDASH_LDAP_CUSTOM_USERNAME_PROMPT` value. | -| redash.ldapDisplayNameKey | string | displayName | `REDASH_LDAP_DISPLAY_NAME_KEY` value. | -| redash.ldapEmailKey | string | mail | `REDASH_LDAP_EMAIL_KEY` value. | -| redash.ldapLoginEnabled | string | false | `REDASH_LDAP_LOGIN_ENABLED` value. | -| redash.ldapSearchDn | string | REDASH_SEARCH_DN | `REDASH_LDAP_SEARCH_DN` value. | -| redash.ldapSearchTemplate | string | (cn=%(username)s) | `REDASH_LDAP_SEARCH_TEMPLATE` value. | -| redash.ldapUrl | string | None | `REDASH_LDAP_URL` value. | -| redash.limiterStorage | string | REDIS_URL | `REDASH_LIMITER_STORAGE` value. Mapped directly to flask-limiter's [storage_uri](https://flask-limiter.readthedocs.io/en/stable/configuration.html?highlight=limiter_storage#ratelimit_storage_uri).. | -| redash.logLevel | string | INFO | `REDASH_LOG_LEVEL` value. Logging messages which are less severe than level will be ignored. read more about python logging [here](https://docs.python.org/3/library/logging.html). | -| redash.mailAsciiAttachments | string | false | `REDASH_MAIL_ASCII_ATTACHMENTS` value. | -| redash.mailDefaultSender | string | None | `REDASH_MAIL_DEFAULT_SENDER` value. | -| redash.mailMaxEmails | string | None | `REDASH_MAIL_MAX_EMAILS` value. | -| redash.mailPassword | string | None | `REDASH_MAIL_PASSWORD` value. Stored as a Secret value. | -| redash.mailPort | string | 25 | `REDASH_MAIL_PORT` value. | -| redash.mailServer | string | localhost | `REDASH_MAIL_SERVER` value. | -| redash.mailUseSsl | string | false | `REDASH_MAIL_USE_SSL` value. | -| redash.mailUseTls | string | false | `REDASH_MAIL_USE_TLS` value. | -| redash.mailUsername | string | None | `REDASH_MAIL_USERNAME` value. | -| redash.multiOrg | string | false | `REDASH_MULTI_ORG` value. Whether to enable multi-org mode. **note**: multi-org mode is not documented or supported at this time. | -| redash.passwordLoginEnabled | string | true | `REDASH_PASSWORD_LOGIN_ENABLED` value. Toggle to allow password login. often disabled if google login, saml, ldap, or remote_user_login are enabled.. | -| redash.proxiesCount | string | 1 | `REDASH_PROXIES_COUNT` value. Passed to werkzeug's [proxyfix](https://werkzeug.palletsprojects.com/en/2.1.x/middleware/proxy_fix/) to make sure we get the right referral address even behind proxies like nginx.. | -| redash.queryRefreshIntervals | string | 60, 300, 600, 900, 1800, 3600, 7200, 10800, 14400, 18000, 21600, 25200, 28800, 32400, 36000, 39600, 43200, 86400, 604800, 1209600, 2592000 | `REDASH_QUERY_REFRESH_INTERVALS` value. Comma-separated list of integer seconds that will be allowed for scheduled query refresh. | -| redash.queryResultsCleanupCount | string | 100 | `REDASH_QUERY_RESULTS_CLEANUP_COUNT` value. The number of results to cleanup during each call to `cleanup_query_results`. | -| redash.queryResultsCleanupEnabled | string | true | `REDASH_QUERY_RESULTS_CLEANUP_ENABLED` value. Whether the job to cleanup unused query results should run automatically. | -| redash.queryResultsCleanupMaxAge | string | 7 | `REDASH_QUERY_RESULTS_CLEANUP_MAX_AGE` value. Integer number of days, past which a query result may be cleaned up if it is not referenced by another query.. | -| redash.remoteUserHeader | string | X-Forwarded-Remote-User | `REDASH_REMOTE_USER_HEADER` value. Name of header to use if `redash_remote_user_login_enabled` is true. | -| redash.remoteUserLoginEnabled | string | false | `REDASH_REMOTE_USER_LOGIN_ENABLED` value. Enables the use of an externally-provided and trusted remote user via an http header. the "user" must be an email address. [more details](https://github.com/getredash/redash/blob/e6ebef1e5ab866ce1e706eaee6260edaffdc2bd7/redash/settings/__init__.py#l185-l207). | -| redash.samlEntityId | string | `""` | `REDASH_SAML_ENTITY_ID` value. | -| redash.samlMetadataUrl | string | `""` | `REDASH_SAML_METADATA_URL` value. | -| redash.samlNameidFormat | string | `""` | `REDASH_SAML_NAMEID_FORMAT` value. | -| redash.samlSchemeOverride | string | `""` | `REDASH_SAML_SCHEME_OVERRIDE` value. This setting will allow you to override the saml auth url scheme that gets constructed by flask. this is a useful feature if, for example, you're behind a proxy protocol enabled tcp load balancer (aws elb that terminates ssl) and your nginx proxy or similar adds a x-forwarded-proto of http even though your redash url for saml auth is https.. | -| redash.scheduledQueryTimeLimit | string | None | `REDASH_SCHEDULED_QUERY_TIME_LIMIT` value. Time limit for scheduled queries (in seconds). | -| redash.schemaRunTableSizeCalculations | string | false | `REDASH_SCHEMA_RUN_TABLE_SIZE_CALCULATIONS` value. Enable showing the size of each table in the schema browser.. | -| redash.schemasRefreshSchedule | string | 30 | `REDASH_SCHEMAS_REFRESH_SCHEDULE` value. How often to refresh the data source schemas (in minutes). | -| redash.secretKey | string | `""` | REQUIRED `REDASH_SECRET_KEY` value. Secret key used for data encryption. Stored as a Secret value. | -| redash.sentryDsn | string | `""` | `REDASH_SENTRY_DSN` value. | -| redash.sqlAlchemyEnablePoolPrePing | string | true | `SQLALCHEMY_ENABLE_POOL_PRE_PING` value, controls whether the database connection that's in the pool will be checked by pinging before being used or not. See https://docs.sqlalchemy.org/en/13/core/pooling.html#sqlalchemy.pool.Pool.params.pre_ping | -| redash.staticAssetsPath | string | ”../client/dist/” | `REDASH_STATIC_ASSETS_PATH` value. Directory that contains all front-end assets. relative to the ./redash directory. | -| redash.statsdHost | string | 127.0.0.1 | `REDASH_STATSD_HOST` value. Host for statsd daemon. | -| redash.statsdPort | string | 8125 | `REDASH_STATSD_PORT` value. Port for statsd daemon. | -| redash.statsdPrefix | string | redash | `REDASH_STATSD_PREFIX` value. Prefix for metrics sent to statsd daemon. | -| redash.statsdUseTags | string | false | `REDASH_STATSD_USE_TAGS` value. Whether to use tags in statsd metrics (influxdb’s format). | -| redash.throttleLoginPattern | string | 50/hour | `REDASH_THROTTLE_LOGIN_PATTERN` value. The [flask-limiter](https://flask-limiter.readthedocs.io/en/stable/) string pattern used to rate limit requests to the /login route.. | -| redash.versionCheck | string | true | `REDASH_VERSION_CHECK` value. Toggle whether to periodically check if a newer version of redash is available.. | -| redash.webWorkers | string | 4 | `REDASH_WEB_WORKERS` value. How many processes will gunicorn spawn to handle web requests. | -| redis.cluster.enabled | bool | `false` | | -| redis.databaseNumber | int | `0` | Enable Redis clustering (when redis chart enabled) | -| redis.enabled | bool | `true` | Whether to deploy a Redis server to satisfy the applications database requirements. To use an external Redis set this to false and configure the externalRedis parameter. | -| redis.master.port | int | `6379` | Redis master port to use (when redis chart enabled) | -| scheduledWorker.affinity | object | `{}` | Affinity for scheduled worker pod assignment [ref](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) | -| scheduledWorker.env | object | `{"QUEUES":"scheduled_queries,schemas","WORKERS_COUNT":1}` | Redash scheduled worker specific environment variables. | -| scheduledWorker.nodeSelector | object | `{}` | Node labels for scheduled worker pod assignment [ref](https://kubernetes.io/docs/user-guide/node-selection/) | -| scheduledWorker.podAnnotations | object | `{}` | Annotations for scheduled worker pod assignment [ref](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | -| scheduledWorker.podLabels | object | `{}` | Labels for scheduled worker pod assignment [ref](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) | -| scheduledWorker.podSecurityContext | object | `{}` | Security contexts for scheduled worker pod assignment [ref](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | -| scheduledWorker.replicaCount | int | `1` | Number of scheduled worker pods to run | -| scheduledWorker.resources | string | `nil` | Scheduled worker resource requests and limits [ref](http://kubernetes.io/docs/user-guide/compute-resources/) | -| scheduledWorker.securityContext | object | `{}` | | -| scheduledWorker.tolerations | list | `[]` | Tolerations for scheduled worker pod assignment [ref](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | -| scheduledWorker.volumeMounts | list | `[]` | VolumeMounts for scheduled worker pod assignment [ref](https://kubernetes.io/docs/concepts/storage/volumes/) | -| scheduledWorker.volumes | list | `[]` | Volumes for scheduled pod worker assignment [ref](https://kubernetes.io/docs/concepts/storage/volumes/) | -| scheduler.affinity | object | `{}` | Affinity for scheduler pod assignment [ref](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) | -| scheduler.env | object | `{}` | Redash scheduler specific environment variables. | -| scheduler.nodeSelector | object | `{}` | Node labels for scheduler pod assignment [ref](https://kubernetes.io/docs/user-guide/node-selection/) | -| scheduler.podAnnotations | object | `{}` | Annotations for scheduler pod assignment [ref](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | -| scheduler.podLabels | object | `{}` | Labels for scheduler pod assignment [ref](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) | -| scheduler.podSecurityContext | object | `{}` | Security contexts for scheduler pod assignment [ref](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | -| scheduler.resources | string | `nil` | scheduler resource requests and limits [ref](http://kubernetes.io/docs/user-guide/compute-resources/) | -| scheduler.securityContext | object | `{}` | | -| scheduler.tolerations | list | `[]` | Tolerations for scheduler pod assignment [ref](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | -| scheduler.volumeMounts | list | `[]` | VolumeMounts for scheduler pod assignment [ref](https://kubernetes.io/docs/concepts/storage/volumes/) | -| scheduler.volumes | list | `[]` | Volumes for scheduler pod assignment [ref](https://kubernetes.io/docs/concepts/storage/volumes/) | -| server.affinity | object | `{}` | Affinity for server pod assignment [ref](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) | -| server.env | object | `{}` | Redash server specific environment variables Don't use this for variables that are in the configuration above, however. | -| server.httpPort | int | `5000` | Server container port (only useful if you are using a customized image) | -| server.nodeSelector | object | `{}` | Node labels for server pod assignment [ref](https://kubernetes.io/docs/user-guide/node-selection/) | -| server.podAnnotations | object | `{}` | Annotations for server pod assignment [ref](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | -| server.podLabels | object | `{}` | Labels for server pod assignment [ref](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) | -| server.podSecurityContext | object | `{}` | Security contexts for server pod assignment [ref](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | -| server.replicaCount | int | `1` | Number of server pods to run | -| server.resources | object | `{}` | Server resource requests and limits [ref](http://kubernetes.io/docs/user-guide/compute-resources/) | -| server.securityContext | object | `{}` | | -| server.tolerations | list | `[]` | Tolerations for server pod assignment [ref](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | -| server.volumeMounts | list | `[]` | VolumeMounts for server pod assignment [ref](https://kubernetes.io/docs/concepts/storage/volumes/) | -| server.volumes | list | `[]` | Volumes for server pod assignment [ref](https://kubernetes.io/docs/concepts/storage/volumes/) | -| service.annotations | object | `{}` | Annotations to add to the service | -| service.loadBalancerIP | string | `nil` | Specific IP address to use for cloud providers such as Azure Kubernetes Service [ref](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer) | -| service.port | int | `80` | Service external port | -| service.type | string | `"ClusterIP"` | Kubernetes Service type | -| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | -| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | -| serviceAccount.name | string | `nil` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| postgresql.auth.database | string | `"redash"` | PostgreSQL database name (when postgresql chart enabled) | +| postgresql.auth.password | string | `nil` | REQUIRED: PostgreSQL password for redash user (when postgresql chart enabled) | +| postgresql.auth.username | string | `"redash"` | PostgreSQL username for redash user (when postgresql chart enabled) | +| postgresql.master.service.ports.postgresql | int | `5432` | | +| redash.additionalDestinations | string | `""` | `REDASH_ADDITIONAL_DESTINATIONS` value. Comma-separated list of non-default alert destinations to be enabled. | +| redash.additionalQueryRunners | string | `""` | `REDASH_ADDITIONAL_QUERY_RUNNERS` value. Comma-separated list of non-default query runners to be enabled. | +| redash.adhocQueryTimeLimit | string | None | `REDASH_ADHOC_QUERY_TIME_LIMIT` value. Time limit for adhoc queries (in seconds). | +| redash.alertsDefaultMailSubjectTemplate | string | ({state}) {alert_name} | `REDASH_ALERTS_DEFAULT_MAIL_SUBJECT_TEMPLATE` value. Subject used for email alert notifications. `{state}` and `{alert_name}` are the only available variables.. | +| redash.allowScriptsInUserInput | string | false | `REDASH_ALLOW_SCRIPTS_IN_USER_INPUT` value. Disable sanitization of text input, allowing full html. | +| redash.authType | string | api_key | `REDASH_AUTH_TYPE` value. May be either `api_key` or `hmac`. implemented [here](https://github.com/getredash/redash/pull/385). | +| redash.bigqueryHttpTimeout | string | 600 | `REDASH_BIGQUERY_HTTP_TIMEOUT` value. Http timeout for the bigquery query runner. | +| redash.blockedDomains | string | "qq.com" | `REDASH_BLOCKED_DOMAINS` value. Comma separated of email domains that cannot create user accounts. | +| redash.cookieSecret | string | `""` | REQUIRED `REDASH_COOKIE_SECRET` value. Required. used for various cryptographic features of the web server. read more about how redash uses secret keys [here]({% link _kb/open-source/admin-guide/secrets.md %}). Stored as a Secret value. | +| redash.corsAccessControlAllowCredentials | string | false | `REDASH_CORS_ACCESS_CONTROL_ALLOW_CREDENTIALS` value. | +| redash.corsAccessControlAllowHeaders | string | Content-Type | `REDASH_CORS_ACCESS_CONTROL_ALLOW_HEADERS` value. | +| redash.corsAccessControlAllowOrigin | string | `""` | `REDASH_CORS_ACCESS_CONTROL_ALLOW_ORIGIN` value. | +| redash.corsAccessControlRequestMethod | string | GET, POST, PUT | `REDASH_CORS_ACCESS_CONTROL_REQUEST_METHOD` value. | +| redash.dashboardRefreshIntervals | string | 60,300,600,1800,3600,43200,86400 | `REDASH_DASHBOARD_REFRESH_INTERVALS` value. Comma-separated list of integer seconds that will be allowed for dashboard refresh. | +| redash.dateFormat | string | DD/MM/YY | `REDASH_DATE_FORMAT` value. Moment.js format to be used throughout the web application. | +| redash.disablePublicUrls | string | "false" | `REDASH_DISABLE_PUBLIC_URLS` value. Whether to disable access to public urls. | +| redash.disabledQueryRunners | string | `""` | `REDASH_DISABLED_QUERY_RUNNERS` value. Comma-separated list of query runners that will not appear in redash. | +| redash.enabledDestinations | string | ”,”.join(default_destinations) | `REDASH_ENABLED_DESTINATIONS` value. Comma-separated list of alert destinations to be enabled (e.g. `redash.destinations.email,redash.destinations.slack` ). | +| redash.enabledQueryRunners | string | ”,”.join(default_query_runners) | `REDASH_ENABLED_QUERY_RUNNERS` value. Comma-separated list of query runners to be enabled (e.g. `redash.query_runner.pg,redash.query_runner.mysql`). | +| redash.enforceHttps | string | false | `REDASH_ENFORCE_HTTPS` value. This is passed to [flask-talisman](https://github.com/googlecloudplatform/flask-talisman). | +| redash.eventReportingWebhooks | string | `""` | `REDASH_EVENT_REPORTING_WEBHOOKS` value. Comma-separated list of webhook urls that to which events will be forwarded. | +| redash.featureAllowCustomJsVisualizations | string | false | `REDASH_FEATURE_ALLOW_CUSTOM_JS_VISUALIZATIONS` value. Enable the custom visualization option. this appears as a sub-type of "chart" visualizations in the ui.. | +| redash.featureAutoPublishNamedQueries | string | true | `REDASH_FEATURE_AUTO_PUBLISH_NAMED_QUERIES` value. Automatically publish a new query after its name is changed from "new query". | +| redash.featureDisableRefreshQueries | string | false | `REDASH_FEATURE_DISABLE_REFRESH_QUERIES` value. Disable scheduled query execution. | +| redash.featureShowPermissionsControl | string | false | `REDASH_FEATURE_SHOW_PERMISSIONS_CONTROL` value. Enable experimental multiple owners support. | +| redash.featureShowQueryResultsCount | string | true | `REDASH_FEATURE_SHOW_QUERY_RESULTS_COUNT` value. Disable/enable showing count of query results in status. | +| redash.googleClientId | string | `""` | `REDASH_GOOGLE_CLIENT_ID` value. The client id to use for google login, be sure to set a client secret as well. | +| redash.googleClientSecret | string | `""` | `REDASH_GOOGLE_CLIENT_SECRET` value. The client secret to use for google login, be sure to set a client id as well. Stored as a Secret value. | +| redash.host | string | `""` | `REDASH_HOST` value. The url host used in emails sent to users (invites, alerts, notifications) etc.. | +| redash.invitationTokenMaxAge | string | 60 _ 60 _ 24 \* 7 | `REDASH_INVITATION_TOKEN_MAX_AGE` value. An integer number of seconds after which an invitation link will expire. | +| redash.jobExpiryTime | string | 3600 \* 12 | `REDASH_JOB_EXPIRY_TIME` value. Ttl in seconds for jobs placed in queue. if a job is not picked up by a worker within this ttl it will expire.. | +| redash.jwtAuthAlgorithms | string | HS256,RS256,ES256 | `REDASH_JWT_AUTH_ALGORITHMS` value. | +| redash.jwtAuthAudience | string | `""` | `REDASH_JWT_AUTH_AUDIENCE` value. | +| redash.jwtAuthCookieName | string | `""` | `REDASH_JWT_AUTH_COOKIE_NAME` value. | +| redash.jwtAuthHeaderName | string | `""` | `REDASH_JWT_AUTH_HEADER_NAME` value. | +| redash.jwtAuthIssuer | string | `""` | `REDASH_JWT_AUTH_ISSUER` value. | +| redash.jwtAuthPublicCertsUrl | string | `""` | `REDASH_JWT_AUTH_PUBLIC_CERTS_URL` value. | +| redash.jwtLoginEnabled | string | false | `REDASH_JWT_LOGIN_ENABLED` value. | +| redash.ldapBindDn | string | None | `REDASH_LDAP_BIND_DN` value. | +| redash.ldapBindDnPassword | string | `""` | `REDASH_LDAP_BIND_DN_PASSWORD` value. Stored as a Secret value. | +| redash.ldapCustomUsernamePrompt | string | LDAP/AD/SSO username: | `REDASH_LDAP_CUSTOM_USERNAME_PROMPT` value. | +| redash.ldapDisplayNameKey | string | displayName | `REDASH_LDAP_DISPLAY_NAME_KEY` value. | +| redash.ldapEmailKey | string | mail | `REDASH_LDAP_EMAIL_KEY` value. | +| redash.ldapLoginEnabled | string | false | `REDASH_LDAP_LOGIN_ENABLED` value. | +| redash.ldapSearchDn | string | REDASH_SEARCH_DN | `REDASH_LDAP_SEARCH_DN` value. | +| redash.ldapSearchTemplate | string | (cn=%(username)s) | `REDASH_LDAP_SEARCH_TEMPLATE` value. | +| redash.ldapUrl | string | None | `REDASH_LDAP_URL` value. | +| redash.limiterStorage | string | REDIS_URL | `REDASH_LIMITER_STORAGE` value. Mapped directly to flask-limiter's [storage_uri](https://flask-limiter.readthedocs.io/en/stable/configuration.html?highlight=limiter_storage#ratelimit_storage_uri).. | +| redash.logLevel | string | INFO | `REDASH_LOG_LEVEL` value. Logging messages which are less severe than level will be ignored. read more about python logging [here](https://docs.python.org/3/library/logging.html). | +| redash.mailAsciiAttachments | string | false | `REDASH_MAIL_ASCII_ATTACHMENTS` value. | +| redash.mailDefaultSender | string | None | `REDASH_MAIL_DEFAULT_SENDER` value. | +| redash.mailMaxEmails | string | None | `REDASH_MAIL_MAX_EMAILS` value. | +| redash.mailPassword | string | None | `REDASH_MAIL_PASSWORD` value. Stored as a Secret value. | +| redash.mailPort | string | 25 | `REDASH_MAIL_PORT` value. | +| redash.mailServer | string | localhost | `REDASH_MAIL_SERVER` value. | +| redash.mailUseSsl | string | false | `REDASH_MAIL_USE_SSL` value. | +| redash.mailUseTls | string | false | `REDASH_MAIL_USE_TLS` value. | +| redash.mailUsername | string | None | `REDASH_MAIL_USERNAME` value. | +| redash.multiOrg | string | false | `REDASH_MULTI_ORG` value. Whether to enable multi-org mode. **note**: multi-org mode is not documented or supported at this time. | +| redash.passwordLoginEnabled | string | true | `REDASH_PASSWORD_LOGIN_ENABLED` value. Toggle to allow password login. often disabled if google login, saml, ldap, or remote_user_login are enabled.. | +| redash.proxiesCount | string | 1 | `REDASH_PROXIES_COUNT` value. Passed to werkzeug's [proxyfix](https://werkzeug.palletsprojects.com/en/2.1.x/middleware/proxy_fix/) to make sure we get the right referral address even behind proxies like nginx.. | +| redash.queryRefreshIntervals | string | 60, 300, 600, 900, 1800, 3600, 7200, 10800, 14400, 18000, 21600, 25200, 28800, 32400, 36000, 39600, 43200, 86400, 604800, 1209600, 2592000 | `REDASH_QUERY_REFRESH_INTERVALS` value. Comma-separated list of integer seconds that will be allowed for scheduled query refresh. | +| redash.queryResultsCleanupCount | string | 100 | `REDASH_QUERY_RESULTS_CLEANUP_COUNT` value. The number of results to cleanup during each call to `cleanup_query_results`. | +| redash.queryResultsCleanupEnabled | string | true | `REDASH_QUERY_RESULTS_CLEANUP_ENABLED` value. Whether the job to cleanup unused query results should run automatically. | +| redash.queryResultsCleanupMaxAge | string | 7 | `REDASH_QUERY_RESULTS_CLEANUP_MAX_AGE` value. Integer number of days, past which a query result may be cleaned up if it is not referenced by another query.. | +| redash.remoteUserHeader | string | X-Forwarded-Remote-User | `REDASH_REMOTE_USER_HEADER` value. Name of header to use if `redash_remote_user_login_enabled` is true. | +| redash.remoteUserLoginEnabled | string | false | `REDASH_REMOTE_USER_LOGIN_ENABLED` value. Enables the use of an externally-provided and trusted remote user via an http header. the "user" must be an email address. [more details](https://github.com/getredash/redash/blob/e6ebef1e5ab866ce1e706eaee6260edaffdc2bd7/redash/settings/__init__.py#l185-l207). | +| redash.samlEntityId | string | `""` | `REDASH_SAML_ENTITY_ID` value. | +| redash.samlMetadataUrl | string | `""` | `REDASH_SAML_METADATA_URL` value. | +| redash.samlNameidFormat | string | `""` | `REDASH_SAML_NAMEID_FORMAT` value. | +| redash.samlSchemeOverride | string | `""` | `REDASH_SAML_SCHEME_OVERRIDE` value. This setting will allow you to override the saml auth url scheme that gets constructed by flask. this is a useful feature if, for example, you're behind a proxy protocol enabled tcp load balancer (aws elb that terminates ssl) and your nginx proxy or similar adds a x-forwarded-proto of http even though your redash url for saml auth is https.. | +| redash.scheduledQueryTimeLimit | string | None | `REDASH_SCHEDULED_QUERY_TIME_LIMIT` value. Time limit for scheduled queries (in seconds). | +| redash.schemaRunTableSizeCalculations | string | false | `REDASH_SCHEMA_RUN_TABLE_SIZE_CALCULATIONS` value. Enable showing the size of each table in the schema browser.. | +| redash.schemasRefreshSchedule | string | 30 | `REDASH_SCHEMAS_REFRESH_SCHEDULE` value. How often to refresh the data source schemas (in minutes). | +| redash.secretKey | string | `""` | REQUIRED `REDASH_SECRET_KEY` value. Secret key used for data encryption. Stored as a Secret value. | +| redash.sentryDsn | string | `""` | `REDASH_SENTRY_DSN` value. | +| redash.sqlAlchemyEnablePoolPrePing | string | true | `SQLALCHEMY_ENABLE_POOL_PRE_PING` value, controls whether the database connection that's in the pool will be checked by pinging before being used or not. See https://docs.sqlalchemy.org/en/13/core/pooling.html#sqlalchemy.pool.Pool.params.pre_ping | +| redash.staticAssetsPath | string | ”../client/dist/” | `REDASH_STATIC_ASSETS_PATH` value. Directory that contains all front-end assets. relative to the ./redash directory. | +| redash.statsdHost | string | 127.0.0.1 | `REDASH_STATSD_HOST` value. Host for statsd daemon. | +| redash.statsdPort | string | 8125 | `REDASH_STATSD_PORT` value. Port for statsd daemon. | +| redash.statsdPrefix | string | redash | `REDASH_STATSD_PREFIX` value. Prefix for metrics sent to statsd daemon. | +| redash.statsdUseTags | string | false | `REDASH_STATSD_USE_TAGS` value. Whether to use tags in statsd metrics (influxdb’s format). | +| redash.throttleLoginPattern | string | 50/hour | `REDASH_THROTTLE_LOGIN_PATTERN` value. The [flask-limiter](https://flask-limiter.readthedocs.io/en/stable/) string pattern used to rate limit requests to the /login route.. | +| redash.versionCheck | string | true | `REDASH_VERSION_CHECK` value. Toggle whether to periodically check if a newer version of redash is available.. | +| redash.webWorkers | string | 4 | `REDASH_WEB_WORKERS` value. How many processes will gunicorn spawn to handle web requests. | +| redis.database | int | `0` | Enable Redis clustering (when redis chart enabled) | +| redis.enabled | bool | `true` | Whether to deploy a Redis server to satisfy the applications database requirements. To use an external Redis set this to false and configure the externalRedis parameter. | +| redis.master.service.ports.redis | int | `6379` | Redis master port to use (when redis chart enabled) | +| scheduledWorker.affinity | object | `{}` | Affinity for scheduled worker pod assignment [ref](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) | +| scheduledWorker.env | object | `{"QUEUES":"scheduled_queries,schemas","WORKERS_COUNT":1}` | Redash scheduled worker specific environment variables. | +| scheduledWorker.nodeSelector | object | `{}` | Node labels for scheduled worker pod assignment [ref](https://kubernetes.io/docs/user-guide/node-selection/) | +| scheduledWorker.podAnnotations | object | `{}` | Annotations for scheduled worker pod assignment [ref](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | +| scheduledWorker.podLabels | object | `{}` | Labels for scheduled worker pod assignment [ref](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) | +| scheduledWorker.podSecurityContext | object | `{}` | Security contexts for scheduled worker pod assignment [ref](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scheduledWorker.replicaCount | int | `1` | Number of scheduled worker pods to run | +| scheduledWorker.resources | string | `nil` | Scheduled worker resource requests and limits [ref](http://kubernetes.io/docs/user-guide/compute-resources/) | +| scheduledWorker.securityContext | object | `{}` | | +| scheduledWorker.tolerations | list | `[]` | Tolerations for scheduled worker pod assignment [ref](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | +| scheduledWorker.volumeMounts | list | `[]` | VolumeMounts for scheduled worker pod assignment [ref](https://kubernetes.io/docs/concepts/storage/volumes/) | +| scheduledWorker.volumes | list | `[]` | Volumes for scheduled pod worker assignment [ref](https://kubernetes.io/docs/concepts/storage/volumes/) | +| scheduler.affinity | object | `{}` | Affinity for scheduler pod assignment [ref](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) | +| scheduler.env | object | `{}` | Redash scheduler specific environment variables. | +| scheduler.nodeSelector | object | `{}` | Node labels for scheduler pod assignment [ref](https://kubernetes.io/docs/user-guide/node-selection/) | +| scheduler.podAnnotations | object | `{}` | Annotations for scheduler pod assignment [ref](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | +| scheduler.podLabels | object | `{}` | Labels for scheduler pod assignment [ref](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) | +| scheduler.podSecurityContext | object | `{}` | Security contexts for scheduler pod assignment [ref](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scheduler.resources | string | `nil` | scheduler resource requests and limits [ref](http://kubernetes.io/docs/user-guide/compute-resources/) | +| scheduler.securityContext | object | `{}` | | +| scheduler.tolerations | list | `[]` | Tolerations for scheduler pod assignment [ref](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | +| scheduler.volumeMounts | list | `[]` | VolumeMounts for scheduler pod assignment [ref](https://kubernetes.io/docs/concepts/storage/volumes/) | +| scheduler.volumes | list | `[]` | Volumes for scheduler pod assignment [ref](https://kubernetes.io/docs/concepts/storage/volumes/) | +| server.affinity | object | `{}` | Affinity for server pod assignment [ref](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) | +| server.env | object | `{}` | Redash server specific environment variables Don't use this for variables that are in the configuration above, however. | +| server.httpPort | int | `5000` | Server container port (only useful if you are using a customized image) | +| server.nodeSelector | object | `{}` | Node labels for server pod assignment [ref](https://kubernetes.io/docs/user-guide/node-selection/) | +| server.podAnnotations | object | `{}` | Annotations for server pod assignment [ref](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | +| server.podLabels | object | `{}` | Labels for server pod assignment [ref](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) | +| server.podSecurityContext | object | `{}` | Security contexts for server pod assignment [ref](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| server.replicaCount | int | `1` | Number of server pods to run | +| server.resources | object | `{}` | Server resource requests and limits [ref](http://kubernetes.io/docs/user-guide/compute-resources/) | +| server.securityContext | object | `{}` | | +| server.tolerations | list | `[]` | Tolerations for server pod assignment [ref](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | +| server.volumeMounts | list | `[]` | VolumeMounts for server pod assignment [ref](https://kubernetes.io/docs/concepts/storage/volumes/) | +| server.volumes | list | `[]` | Volumes for server pod assignment [ref](https://kubernetes.io/docs/concepts/storage/volumes/) | +| service.annotations | object | `{}` | Annotations to add to the service | +| service.loadBalancerIP | string | `nil` | Specific IP address to use for cloud providers such as Azure Kubernetes Service [ref](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer) | +| service.port | int | `80` | Service external port | +| service.type | string | `"ClusterIP"` | Kubernetes Service type | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.name | string | `nil` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | ## Upgrading diff --git a/requirements.lock b/requirements.lock index 0e88c58..412a44b 100644 --- a/requirements.lock +++ b/requirements.lock @@ -1,9 +1,9 @@ dependencies: - name: redis - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - version: 10.9.0 + repository: oci://registry-1.docker.io/bitnamicharts + version: 18.12.1 - name: postgresql - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - version: 8.10.14 -digest: sha256:4c3c111f77be1e77c0dffff63dfd997f237ca21bc9036e4cd50402b3ab7860f0 -generated: "2023-06-12T11:19:56.522119522-07:00" + repository: oci://registry-1.docker.io/bitnamicharts + version: 13.4.4 +digest: sha256:1eaf4fb2a3299e8922a03fad1738dfb7895a2956927b8b5dc164e42ac8c67899 +generated: "2024-02-07T13:02:13.441958453+02:00" diff --git a/requirements.yaml b/requirements.yaml index 149077d..ef82f46 100644 --- a/requirements.yaml +++ b/requirements.yaml @@ -1,9 +1,9 @@ dependencies: - name: redis - version: "^10.8.2" - repository: "https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami" + version: "^18.9.0" + repository: oci://registry-1.docker.io/bitnamicharts condition: redis.enabled - name: postgresql - version: "^8.10.14" - repository: "https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami" + version: "^13.4.1" + repository: oci://registry-1.docker.io/bitnamicharts condition: postgresql.enabled diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 5dc4040..d2fb4f8 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -92,27 +92,27 @@ Shared environment block used across each component. {{- if not .Values.redash.selfManagedSecrets }} {{- if not .Values.postgresql.enabled }} - name: REDASH_DATABASE_URL - {{- if .Values.externalPostgreSQLSecret }} + {{ if .Values.externalPostgreSQLSecret -}} valueFrom: secretKeyRef: {{- .Values.externalPostgreSQLSecret | toYaml | nindent 6 }} - {{- else }} + {{ else -}} value: {{ default "" .Values.externalPostgreSQL | quote }} {{- end }} -{{- else }} +{{- else -}} - name: REDASH_DATABASE_USER - value: "{{ .Values.postgresql.postgresqlUsername }}" + value: "{{ .Values.postgresql.auth.username }}" - name: REDASH_DATABASE_PASSWORD valueFrom: secretKeyRef: name: {{ .Release.Name }}-postgresql - key: postgresql-password + key: password - name: REDASH_DATABASE_HOSTNAME value: {{ include "redash.postgresql.fullname" . }} - name: REDASH_DATABASE_PORT - value: "{{ .Values.postgresql.service.port }}" + value: "{{ .Values.postgresql.primary.service.ports.postgresql }}" - name: REDASH_DATABASE_DB - value: "{{ .Values.postgresql.postgresqlDatabase }}" + value: "{{ .Values.postgresql.auth.database }}" {{- end }} {{- if not .Values.redis.enabled }} - name: REDASH_REDIS_URL @@ -136,9 +136,9 @@ Shared environment block used across each component. - name: REDASH_REDIS_HOSTNAME value: {{ include "redash.redis.fullname" . }} - name: REDASH_REDIS_PORT - value: "{{ .Values.redis.master.port }}" + value: "{{ .Values.redis.master.service.ports.redis }}" - name: REDASH_REDIS_DB - value: "{{ .Values.redis.databaseNumber }}" + value: "{{ .Values.redis.database }}" {{- end }} {{- end }} {{- range $key, $value := .Values.env }} @@ -551,5 +551,5 @@ Create the name of the service account to use {{- end -}} {{- end -}} -# This ensures a random value is provided for postgresqlPassword: -required "A secure random value for .postgresql.postgresqlPassword is required" .Values.postgresql.postgresqlPassword +# This ensures a random value is provided for postgresql.auth.password: +required "A secure random value for .postgresql.auth.password is required" .Values.postgresql.auth.password diff --git a/values.yaml b/values.yaml index c42700e..1e14d6f 100644 --- a/values.yaml +++ b/values.yaml @@ -1,5 +1,4 @@ ## Default values for Redash. -## This is a YAML-formatted file. image: # image.repository -- Redash image name used for server and worker pods @@ -597,33 +596,21 @@ externalPostgreSQLSecret: # envSecretName -- DEPRECIATED, use externalPostgreSQLSecret/externalRedisSecret instead. Contents of this secret will be loaded as environment variables into the container. Useful e.g. to set to set PostgreSQL password in externalPostgreSQL parameter: postgresql://user:$(POSTGRESQL_PASSWORD)@host:5432/database [ref](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config) # envSecretName: -## Configuration values for the postgresql dependency. This PostgreSQL instance is used by default for all Redash state storage [ref](https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md) +## Configuration values for the postgresql dependency. This PostgreSQL instance is used by default for all Redash state storage [ref](https://github.com/bitnami/charts/blob/main/bitnami/postgresql/README.md) postgresql: # postgresql.enabled -- Whether to deploy a PostgreSQL server to satisfy the applications database requirements. To use an external PostgreSQL set this to false and configure the externalPostgreSQL parameter. enabled: true - image: - # postgresql.image.tag -- Bitnami supported version close to the one specified in Redash [setup docker-compose.yml](https://github.com/getredash/setup/blob/master/data/docker-compose.yml) - tag: "9.6.17-debian-10-r3" - # postgresql.postgresqlUsername -- PostgreSQL username for redash user (when postgresql chart enabled) - postgresqlUsername: redash - # postgresql.postgresqlPassword -- REQUIRED: PostgreSQL password for redash user (when postgresql chart enabled) - postgresqlPassword: - # postgresql.postgresqlDatabase -- PostgreSQL database name (when postgresql chart enabled) - postgresqlDatabase: redash - service: - type: ClusterIP - port: 5432 - persistence: - # postgresql.persistence.enabled -- Use a PVC to persist PostgreSQL data (when postgresql chart enabled) - enabled: true - # postgresql.persistence.storageClass - Storage Class for PostgreSQL backing PVC. If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack). - storageClass: "" - # postgresql.persistence.accessMode -- Use PostgreSQL volume as ReadOnly or ReadWrite - accessMode: ReadWriteOnce - # postgresql.persistence.size -- PVC Storage Request size for PostgreSQL volume - size: 10Gi - # postgresql.persistence.existingClaim -- Provide an existing PostgreSQL PersistentVolumeClaim - # existingClaim: "" + primary: + service: + ports: + postgresql: 5432 + auth: + # postgresql.auth.username -- PostgreSQL username for redash user (when postgresql chart enabled) + username: redash + # postgresql.auth.password -- REQUIRED: PostgreSQL password for redash user (when postgresql chart enabled) + password: + # postgresql.auth.database -- PostgreSQL database name (when postgresql chart enabled) + database: redash # externalRedis -- External Redis configuration. To use an external Redis instead of the automatically deployed redis chart: set redis.enabled to false then uncomment and configure the externalRedis connection URL (e.g. redis://user:pass@host:6379/database). externalRedis: @@ -633,17 +620,12 @@ externalRedisSecret: # name: redash-redis # key: connectionString -## Configuration values for the redis dependency. This Redis instance is used by default for caching and temporary storage [ref](https://github.com/kubernetes/charts/blob/master/stable/redis/README.md) +## Configuration values for the redis dependency. This Redis instance is used by default for caching and temporary storage [ref](https://github.com/bitnami/charts/blob/main/bitnami/redis/README.md) redis: # redis.enabled -- Whether to deploy a Redis server to satisfy the applications database requirements. To use an external Redis set this to false and configure the externalRedis parameter. enabled: true - # redis.password -- If the password is not specified, a random password will be generated (when redis chart enabled) - # password: - # redis.databaseNumber -- Redis database number to use (when redis chart enabled) - databaseNumber: 0 + database: 0 master: - # redis.master.port -- Redis master port to use (when redis chart enabled) - port: 6379 - cluster: - # redis.databaseNumber -- Enable Redis clustering (when redis chart enabled) - enabled: false + service: + ports: + redis: 6379