API Reference¶
Packages¶
superset.apache.org/v1alpha1¶
Package v1alpha1 contains API Schema definitions for the superset v1alpha1 API group.
Resource Types¶
- Superset
- SupersetCeleryBeat
- SupersetCeleryFlower
- SupersetCeleryWorker
- SupersetLifecycleTask
- SupersetMcpServer
- SupersetWebServer
- SupersetWebsocketServer
AdminUserSpec¶
AdminUserSpec defines admin user credentials for dev-mode initialization.
Appears in: - InitTaskSpec
| Field | Description | Default | Validation |
|---|---|---|---|
username string |
Admin username. | admin | Optional: {} |
password string |
Admin password. Stored as plain-text env var in dev mode. | admin | Optional: {} |
firstName string |
Admin first name. | Superset | Optional: {} |
lastName string |
Admin last name. | Admin | Optional: {} |
email string |
Admin email. | admin@example.com | Optional: {} |
AutoscalingSpec¶
AutoscalingSpec configures a HorizontalPodAutoscaler.
Appears in: - CeleryFlowerComponentSpec - CeleryWorkerComponentSpec - FlatComponentSpec - McpServerComponentSpec - ScalableComponentSpec - SupersetCeleryBeatSpec - SupersetCeleryFlowerSpec - SupersetCeleryWorkerSpec - SupersetLifecycleTaskSpec - SupersetMcpServerSpec - SupersetSpec - SupersetWebServerSpec - SupersetWebsocketServerSpec - WebServerComponentSpec - WebsocketServerComponentSpec
| Field | Description | Default | Validation |
|---|---|---|---|
minReplicas integer |
Minimum replica count (defaults to 1). | Minimum: 1 Optional: {} |
|
maxReplicas integer |
Maximum replica count; HPA will not scale above this. | Maximum: 100 Minimum: 1 |
|
metrics MetricSpec array |
Metrics for the HPA. Supports CPU, memory, custom, and external metrics. When empty, Kubernetes defaults to 80% average CPU utilization. |
Optional: {} |
BaseTaskSpec¶
BaseTaskSpec contains fields shared by all lifecycle task types.
Appears in: - CloneTaskSpec - InitTaskSpec - MigrateTaskSpec - RotateTaskSpec - SchedulableBaseTaskSpec
| Field | Description | Default | Validation |
|---|---|---|---|
command string array |
Command override for the task pod. | Optional: {} |
|
trigger string |
Trigger is an opaque string. Changing its value forces a re-run of this task and all downstream tasks. Use a timestamp, UUID, or CI build ID. |
Optional: {} |
|
requiresDrain boolean |
RequiresDrain controls whether components must be scaled to zero before this task runs. When true, the operator deletes all component child CRs before executing the task pod, preventing database connection conflicts. Defaults vary per task type: true for clone and migrate, false for init. |
Optional: {} |
|
timeout Duration |
Maximum timeout per attempt. | Optional: {} |
|
maxRetries integer |
Maximum number of retries before permanent failure. | 3 | Minimum: 1 Optional: {} |
disabled boolean |
Disabled skips this task entirely when true. | Optional: {} |
CeleryBeatComponentSpec¶
CeleryBeatComponentSpec defines the celery beat component on the parent CRD. The controller forces replicas=1 regardless of spec.
Appears in: - SupersetSpec
| Field | Description | Default | Validation |
|---|---|---|---|
deploymentTemplate DeploymentTemplate |
Deployment-level overrides (strategy, revision history). Always enforces replicas=1. | Optional: {} |
|
podTemplate PodTemplate |
Pod and container template for Celery beat pods. | Optional: {} |
|
image ImageOverrideSpec |
Image tag and/or repository overrides; inherits from spec.image if unset. | Optional: {} |
|
config string |
Per-component raw Python appended after top-level config. | Optional: {} |
|
sqlaEngineOptions SQLAlchemyEngineOptionsSpec |
Per-component SQLAlchemy engine options (overrides spec.sqlaEngineOptions entirely). | Optional: {} |
CeleryFlowerComponentSpec¶
CeleryFlowerComponentSpec defines the celery flower component on the parent CRD.
Appears in: - SupersetSpec
| Field | Description | Default | Validation |
|---|---|---|---|
deploymentTemplate DeploymentTemplate |
Deployment template (Deployment-level configuration). | Optional: {} |
|
podTemplate PodTemplate |
Pod template (Pod and container configuration). | Optional: {} |
|
replicas integer |
Desired replica count; overridden by autoscaling when active. Defaults to spec.replicas if unset. | Optional: {} |
|
autoscaling AutoscalingSpec |
HorizontalPodAutoscaler configuration. When set, the HPA manages replica count. Overrides spec.autoscaling. | Optional: {} |
|
podDisruptionBudget PDBSpec |
PodDisruptionBudget for protecting availability during voluntary disruptions. Overrides spec.podDisruptionBudget. | Optional: {} |
|
image ImageOverrideSpec |
Image tag and/or repository overrides; inherits from spec.image if unset. | Optional: {} |
|
config string |
Per-component raw Python appended after top-level config. | Optional: {} |
|
service ComponentServiceSpec |
Service configuration (type, port, annotations). | Optional: {} |
CeleryWorkerComponentSpec¶
CeleryWorkerComponentSpec defines the celery worker component on the parent CRD.
Appears in: - SupersetSpec
| Field | Description | Default | Validation |
|---|---|---|---|
deploymentTemplate DeploymentTemplate |
Deployment template (Deployment-level configuration). | Optional: {} |
|
podTemplate PodTemplate |
Pod template (Pod and container configuration). | Optional: {} |
|
replicas integer |
Desired replica count; overridden by autoscaling when active. Defaults to spec.replicas if unset. | Optional: {} |
|
autoscaling AutoscalingSpec |
HorizontalPodAutoscaler configuration. When set, the HPA manages replica count. Overrides spec.autoscaling. | Optional: {} |
|
podDisruptionBudget PDBSpec |
PodDisruptionBudget for protecting availability during voluntary disruptions. Overrides spec.podDisruptionBudget. | Optional: {} |
|
image ImageOverrideSpec |
Image tag and/or repository overrides; inherits from spec.image if unset. | Optional: {} |
|
config string |
Per-component raw Python appended after top-level config. | Optional: {} |
|
celery CeleryWorkerProcessSpec |
Celery worker execution configuration. Controls concurrency, pool type, and related parameters. | Optional: {} |
|
sqlaEngineOptions SQLAlchemyEngineOptionsSpec |
Per-component SQLAlchemy engine options (overrides spec.sqlaEngineOptions entirely). | Optional: {} |
CeleryWorkerProcessSpec¶
CeleryWorkerProcessSpec configures Celery worker execution parameters. Fields controlled by presets: concurrency, pool. All other fields have static defaults independent of preset.
Appears in: - CeleryWorkerComponentSpec
| Field | Description | Default | Validation |
|---|---|---|---|
preset string |
Preset controlling concurrency and pool defaults. Individual fields override preset-computed values. |
Enum: [disabled conservative balanced performance aggressive] Optional: {} |
|
concurrency integer |
Number of concurrent task workers (maps to celery -c flag). | Minimum: 1 Optional: {} |
|
pool string |
Celery pool implementation. | Enum: [prefork threads gevent eventlet solo] Optional: {} |
|
optimization string |
Task distribution optimization strategy. | Enum: [default fair] Optional: {} |
|
maxTasksPerChild integer |
Maximum tasks a worker process handles before being replaced (prefork only; 0 = unlimited). | Minimum: 0 Optional: {} |
|
maxMemoryPerChild integer |
Maximum resident memory in bytes per worker before being replaced (prefork only; 0 = disabled). | Minimum: 0 Optional: {} |
|
prefetchMultiplier integer |
Task prefetch multiplier — number of tasks prefetched per worker. | Minimum: 0 Optional: {} |
|
softTimeLimit integer |
Soft time limit in seconds — raises SoftTimeLimitExceeded (0 = disabled). | Minimum: 0 Optional: {} |
|
timeLimit integer |
Hard time limit in seconds — kills the task (0 = disabled). | Minimum: 0 Optional: {} |
ChildComponentStatus¶
ChildComponentStatus reports the operational state of a child component.
Appears in: - SupersetCeleryBeatStatus - SupersetCeleryFlowerStatus - SupersetCeleryWorkerStatus - SupersetMcpServerStatus - SupersetWebServerStatus - SupersetWebsocketServerStatus
| Field | Description | Default | Validation |
|---|---|---|---|
ready string |
"2/2" format showing ready vs desired replicas. | Optional: {} |
|
conditions Condition array |
Standard conditions. | Optional: {} |
|
observedGeneration integer |
ObservedGeneration for leader election consistency. | Optional: {} |
CloneSourceSpec¶
CloneSourceSpec defines the source database connection for cloning.
Appears in: - CloneTaskSpec
| Field | Description | Default | Validation |
|---|---|---|---|
type string |
Database type: PostgreSQL (default) or MySQL. | PostgreSQL | Enum: [PostgreSQL MySQL] Optional: {} |
host string |
Source database hostname. | ||
port integer |
Source database port. Defaults to 5432 (postgresql) or 3306 (mysql). | Optional: {} |
|
database string |
Database name on the source server. | ||
username string |
Username for the source database (should have read-only access). | ||
password string |
Password for the source database (dev mode only). | Optional: {} |
|
passwordFrom SecretKeySelector |
PasswordFrom references a Secret containing the source database password. | Optional: {} |
CloneTaskSpec¶
CloneTaskSpec configures database cloning from an external source into this CR's metastore. Runs before migrate and init tasks. The clone target is always spec.metastore — the metastore user must have CREATEDB rights. Only allowed in Development or Staging mode. Triggers on source config changes and the trigger field (inherited from BaseTaskSpec).
Appears in: - LifecycleSpec
| Field | Description | Default | Validation |
|---|---|---|---|
command string array |
Command override for the task pod. | Optional: {} |
|
trigger string |
Trigger is an opaque string. Changing its value forces a re-run of this task and all downstream tasks. Use a timestamp, UUID, or CI build ID. |
Optional: {} |
|
requiresDrain boolean |
RequiresDrain controls whether components must be scaled to zero before this task runs. When true, the operator deletes all component child CRs before executing the task pod, preventing database connection conflicts. Defaults vary per task type: true for clone and migrate, false for init. |
Optional: {} |
|
timeout Duration |
Maximum timeout per attempt. | Optional: {} |
|
maxRetries integer |
Maximum number of retries before permanent failure. | 3 | Minimum: 1 Optional: {} |
disabled boolean |
Disabled skips this task entirely when true. | Optional: {} |
|
cronSchedule string |
CronSchedule is a 5-field cron expression (minute hour day-of-month month day-of-week) that triggers periodic re-execution of this task and all downstream tasks. When the clock crosses a cron boundary, the task checksum changes and the lifecycle pipeline re-runs. Uses standard cron syntax. Examples: "0 2 * * " (daily 2 AM UTC), "0 /6 * * *" (every 6 hours), "30 1 * * 1" (Mondays 1:30 AM UTC). |
MaxLength: 256 MinLength: 9 Optional: {} |
|
source CloneSourceSpec |
Source database to clone from (typically production, read-only user). | ||
excludeTables string array |
Tables to exclude entirely from the dump (schema and data). | Optional: {} |
|
excludeTableData string array |
Tables where schema is dumped but data is not. Useful for large tables needed by migrations but not for testing (e.g., "logs", "query"). |
Optional: {} |
|
postCloneSQL string array |
SQL statements to execute against the target database after cloning. Useful for sanitizing cloned data (e.g., disabling alerts, deleting OAuth tokens, masking PII). |
Optional: {} |
|
image ImageSpec |
Image for the clone pod. Defaults to postgres:17-alpine (PostgreSQL) or mysql:8-alpine (MySQL) based on source.type. |
Optional: {} |
|
podTemplate PodTemplate |
Pod and container template for the clone task pod. | Optional: {} |
|
podRetention PodRetentionSpec |
Pod retention policy for completed clone pods. | Optional: {} |
ComponentRefStatus¶
ComponentRefStatus holds the status summary of a child component.
Appears in: - ComponentStatusMap
| Field | Description | Default | Validation |
|---|---|---|---|
ready string |
"2/2" format showing ready vs desired replicas. | ||
ref string |
Reference to the child CR. | ||
configChecksum string |
Config checksum on the child. | Optional: {} |
ComponentServiceSpec¶
ComponentServiceSpec defines the Service configuration for a component.
Appears in: - CeleryFlowerComponentSpec - McpServerComponentSpec - SupersetCeleryFlowerSpec - SupersetMcpServerSpec - SupersetWebServerSpec - SupersetWebsocketServerSpec - WebServerComponentSpec - WebsocketServerComponentSpec
| Field | Description | Default | Validation |
|---|---|---|---|
type ServiceType |
Service type (ClusterIP, NodePort, LoadBalancer). | ClusterIP | Enum: [ClusterIP NodePort LoadBalancer] Optional: {} |
port integer |
Service port exposed to clients. Defaults to the component's standard port (8088 for web server, 5555 for Flower). | Optional: {} |
|
nodePort integer |
Fixed NodePort number when type=NodePort (30000-32767). If omitted, Kubernetes auto-assigns. | Optional: {} |
|
annotations object (keys:string, values:string) |
Service annotations (e.g., for cloud load balancer configuration). | Optional: {} |
|
labels object (keys:string, values:string) |
Service labels; merged with operator-managed labels. | Optional: {} |
|
gatewayPath string |
URL path prefix for this component's HTTPRoute rule. Only used when spec.networking.gateway is set. Defaults: /ws (websocket), /mcp (MCP server), /flower (Celery Flower). |
Pattern: ^/[a-zA-Z0-9/_.-]+$ Optional: {} |
ComponentSpec¶
ComponentSpec defines per-component identity fields. Embedded by all component specs except InitSpec.
Appears in: - CeleryBeatComponentSpec - CeleryFlowerComponentSpec - CeleryWorkerComponentSpec - McpServerComponentSpec - WebServerComponentSpec - WebsocketServerComponentSpec
| Field | Description | Default | Validation |
|---|---|---|---|
image ImageOverrideSpec |
Image tag and/or repository overrides; inherits from spec.image if unset. | Optional: {} |
ComponentStatusMap¶
ComponentStatusMap holds status for each component.
Appears in: - SupersetStatus
| Field | Description | Default | Validation |
|---|---|---|---|
webServer ComponentRefStatus |
Optional: {} |
||
celeryWorker ComponentRefStatus |
Optional: {} |
||
celeryBeat ComponentRefStatus |
Optional: {} |
||
celeryFlower ComponentRefStatus |
Optional: {} |
||
websocketServer ComponentRefStatus |
Optional: {} |
||
mcpServer ComponentRefStatus |
Optional: {} |
ContainerTemplate¶
ContainerTemplate configures fields on the main Superset container.
Appears in: - PodTemplate
| Field | Description | Default | Validation |
|---|---|---|---|
resources ResourceRequirements |
Resource requirements (CPU, memory). | Optional: {} |
|
env EnvVar array |
Environment variables. | Optional: {} |
|
envFrom EnvFromSource array |
Environment variable sources (ConfigMaps, Secrets). | Optional: {} |
|
volumeMounts VolumeMount array |
Volume mounts for the main container. | Optional: {} |
|
ports ContainerPort array |
Container ports. Replaces operator defaults when set. | Optional: {} |
|
securityContext SecurityContext |
Container-level security context. | Optional: {} |
|
command string array |
Container entrypoint override. | Optional: {} |
|
args string array |
Container arguments override. | Optional: {} |
|
livenessProbe Probe |
Liveness probe; container is restarted when the probe fails. | Optional: {} |
|
readinessProbe Probe |
Readiness probe; pod is removed from Service endpoints when the probe fails. | Optional: {} |
|
startupProbe Probe |
Startup probe; liveness and readiness probes are deferred until this probe succeeds. | Optional: {} |
|
lifecycle Lifecycle |
Lifecycle hooks for the main container. | Optional: {} |
DeploymentTemplate¶
DeploymentTemplate configures Kubernetes Deployment-level fields for operator-managed Deployments. Pod and container configuration is in the sibling PodTemplate field.
Appears in: - CeleryBeatComponentSpec - CeleryFlowerComponentSpec - CeleryWorkerComponentSpec - FlatComponentSpec - MaintenancePageSpec - McpServerComponentSpec - ScalableComponentSpec - SupersetCeleryBeatSpec - SupersetCeleryFlowerSpec - SupersetCeleryWorkerSpec - SupersetLifecycleTaskSpec - SupersetMcpServerSpec - SupersetSpec - SupersetWebServerSpec - SupersetWebsocketServerSpec - WebServerComponentSpec - WebsocketServerComponentSpec
| Field | Description | Default | Validation |
|---|---|---|---|
revisionHistoryLimit integer |
Number of old ReplicaSets to retain for rollback. | Optional: {} |
|
minReadySeconds integer |
Minimum seconds a pod must be ready before considered available. | Optional: {} |
|
progressDeadlineSeconds integer |
Maximum seconds for a deployment to make progress before considered failed. | Optional: {} |
|
strategy DeploymentStrategy |
Deployment update strategy. | Optional: {} |
FlatComponentSpec¶
FlatComponentSpec defines the common fields for all fully-resolved child specs. This is embedded (inlined) in each child CRD spec type.
Appears in: - SupersetCeleryBeatSpec - SupersetCeleryFlowerSpec - SupersetCeleryWorkerSpec - SupersetLifecycleTaskSpec - SupersetMcpServerSpec - SupersetWebServerSpec - SupersetWebsocketServerSpec
| Field | Description | Default | Validation |
|---|---|---|---|
image ImageSpec |
Container image configuration. | ||
replicas integer |
Desired replica count. | 1 | Optional: {} |
deploymentTemplate DeploymentTemplate |
Fully-resolved deployment template. | Optional: {} |
|
podTemplate PodTemplate |
Fully-resolved pod template. | Optional: {} |
|
serviceAccountName string |
ServiceAccountName to set on the pod. | Optional: {} |
|
autoscaling AutoscalingSpec |
Autoscaling configuration. | Optional: {} |
|
podDisruptionBudget PDBSpec |
PodDisruptionBudget configuration. | Optional: {} |
GatewaySpec¶
GatewaySpec defines HTTPRoute configuration.
Appears in: - NetworkingSpec
| Field | Description | Default | Validation |
|---|---|---|---|
gatewayRef ParentReference |
Reference to the Gateway resource to attach the HTTPRoute to. | ||
hostnames Hostname array |
Hostnames for the HTTPRoute (e.g., "superset.example.com"). | Optional: {} |
|
annotations object (keys:string, values:string) |
HTTPRoute annotations. | Optional: {} |
|
labels object (keys:string, values:string) |
HTTPRoute labels. | Optional: {} |
GunicornSpec¶
GunicornSpec configures Gunicorn worker parameters for the web server. Fields controlled by presets: workers, threads, workerClass. All other fields have static defaults independent of preset.
Appears in: - WebServerComponentSpec
| Field | Description | Default | Validation |
|---|---|---|---|
preset string |
Preset controlling workers, threads, and workerClass defaults. Individual fields override preset-computed values. |
Enum: [disabled conservative balanced performance aggressive] Optional: {} |
|
workers integer |
Number of Gunicorn worker processes. | Minimum: 1 Optional: {} |
|
threads integer |
Number of threads per worker (only effective with gthread worker class). | Minimum: 1 Optional: {} |
|
workerClass string |
Gunicorn worker class. | Enum: [sync gthread gevent eventlet] Optional: {} |
|
timeout integer |
Request timeout in seconds. | Minimum: 1 Optional: {} |
|
keepAlive integer |
Keep-alive timeout in seconds for waiting for requests on a connection. | Minimum: 0 Optional: {} |
|
maxRequests integer |
Maximum requests per worker before recycling (0 = disabled). | Minimum: 0 Optional: {} |
|
maxRequestsJitter integer |
Random jitter added to maxRequests to prevent thundering herd on worker recycling. | Minimum: 0 Optional: {} |
|
limitRequestLine integer |
Maximum size of HTTP request line in bytes (0 = unlimited). | Minimum: 0 Optional: {} |
|
limitRequestFieldSize integer |
Maximum size of HTTP request header field in bytes (0 = unlimited). | Minimum: 0 Optional: {} |
|
logLevel string |
Gunicorn log level. | Enum: [debug info warning error critical] Optional: {} |
ImageOverrideSpec¶
ImageOverrideSpec allows a component to override specific image fields. Unset fields inherit from spec.image.
Appears in: - CeleryBeatComponentSpec - CeleryFlowerComponentSpec - CeleryWorkerComponentSpec - ComponentSpec - LifecycleSpec - McpServerComponentSpec - WebServerComponentSpec - WebsocketServerComponentSpec
| Field | Description | Default | Validation |
|---|---|---|---|
tag string |
Override the image tag for this component; inherits from spec.image.tag if omitted. | Optional: {} |
|
repository string |
Override the image repository for this component; inherits from spec.image.repository if omitted. | Optional: {} |
ImageSpec¶
ImageSpec defines the container image configuration.
Appears in: - CloneTaskSpec - FlatComponentSpec - MaintenancePageSpec - SupersetCeleryBeatSpec - SupersetCeleryFlowerSpec - SupersetCeleryWorkerSpec - SupersetLifecycleTaskSpec - SupersetMcpServerSpec - SupersetSpec - SupersetWebServerSpec - SupersetWebsocketServerSpec
| Field | Description | Default | Validation |
|---|---|---|---|
repository string |
Container image repository. | apachesuperset.docker.scarf.sh/apache/superset | Optional: {} |
tag string |
Image tag. | MinLength: 1 |
|
pullPolicy PullPolicy |
Image pull policy (IfNotPresent, Always, Never). | IfNotPresent | Optional: {} |
pullSecrets LocalObjectReference array |
References to Secrets for pulling images from private registries. | Optional: {} |
IngressHost¶
IngressHost defines a host rule for the Ingress.
Appears in: - IngressSpec
| Field | Description | Default | Validation |
|---|---|---|---|
host string |
Optional: {} |
||
paths IngressPath array |
Optional: {} |
IngressPath¶
IngressPath defines a path rule for an Ingress host.
Appears in: - IngressHost
| Field | Description | Default | Validation |
|---|---|---|---|
path string |
/ | ||
pathType PathType |
Prefix | Optional: {} |
IngressSpec¶
IngressSpec defines Ingress configuration.
Appears in: - NetworkingSpec
| Field | Description | Default | Validation |
|---|---|---|---|
className string |
IngressClass name (e.g., "nginx") that determines which controller processes this Ingress. | Optional: {} |
|
host string |
Primary hostname for the Ingress rule (e.g., "superset.example.com"). | Optional: {} |
|
annotations object (keys:string, values:string) |
Ingress annotations (e.g., for TLS, auth, or controller-specific configuration). | Optional: {} |
|
labels object (keys:string, values:string) |
Ingress labels. | Optional: {} |
|
hosts IngressHost array |
Additional host/path rules beyond the primary host. | Optional: {} |
|
tls IngressTLS array |
TLS configuration (certificate secrets and hostnames). | Optional: {} |
InitTaskSpec¶
InitTaskSpec defines the application initialization task. Triggers on config changes and upstream task re-execution.
Appears in: - LifecycleSpec
| Field | Description | Default | Validation |
|---|---|---|---|
command string array |
Command override for the task pod. | Optional: {} |
|
trigger string |
Trigger is an opaque string. Changing its value forces a re-run of this task and all downstream tasks. Use a timestamp, UUID, or CI build ID. |
Optional: {} |
|
requiresDrain boolean |
RequiresDrain controls whether components must be scaled to zero before this task runs. When true, the operator deletes all component child CRs before executing the task pod, preventing database connection conflicts. Defaults vary per task type: true for clone and migrate, false for init. |
Optional: {} |
|
timeout Duration |
Maximum timeout per attempt. | Optional: {} |
|
maxRetries integer |
Maximum number of retries before permanent failure. | 3 | Minimum: 1 Optional: {} |
disabled boolean |
Disabled skips this task entirely when true. | Optional: {} |
|
adminUser AdminUserSpec |
Admin user to create during initialization. Only allowed in dev mode. When set, the operator appends a superset fab create-admin step to the init command. |
Optional: {} |
|
loadExamples boolean |
Load example dashboards and data during initialization. Only allowed in dev mode. When true, the operator appends a superset load-examples step to the init command. |
Optional: {} |
LifecycleSpec¶
LifecycleSpec defines lifecycle management configuration for database migrations and application initialization tasks.
Appears in: - SupersetSpec
| Field | Description | Default | Validation |
|---|---|---|---|
upgradeMode string |
UpgradeMode controls whether upgrades require manual approval. Automatic runs immediately on image change; Supervised waits for an approval annotation before proceeding. |
Automatic | Enum: [Automatic Supervised] Optional: {} |
disabled boolean |
Set to true to skip all lifecycle tasks entirely. | Optional: {} |
|
image ImageOverrideSpec |
Image override for lifecycle task pods. | Optional: {} |
|
podTemplate PodTemplate |
Pod and container template for lifecycle task pods. | Optional: {} |
|
podRetention PodRetentionSpec |
Pod retention policy for completed task pods. | Optional: {} |
|
config string |
Per-lifecycle raw Python appended after top-level config. | Optional: {} |
|
sqlaEngineOptions SQLAlchemyEngineOptionsSpec |
Per-lifecycle SQLAlchemy engine options (overrides spec.sqlaEngineOptions entirely). | Optional: {} |
|
maintenancePage MaintenancePageSpec |
MaintenancePage configures a lightweight maintenance page served during lifecycle drain and task execution. Presence enables the feature. In managed mode (no image override), an nginx:alpine container serves a default or custom HTML page. In custom mode (image set), the user's image handles serving, and content fields are passed as env vars. |
Optional: {} |
|
clone CloneTaskSpec |
Clone configures database cloning from an external source before running migrations. The clone target is always spec.metastore. Only allowed in dev mode. |
Optional: {} |
|
migrate MigrateTaskSpec |
Database migration task configuration. | Optional: {} |
|
rotate RotateTaskSpec |
Secret key rotation task configuration. Runs after migrate and before init. Presence enables the task; absence disables it. |
Optional: {} |
|
init InitTaskSpec |
Application initialization task configuration. | Optional: {} |
LifecycleStatus¶
LifecycleStatus tracks the current lifecycle task execution state.
Appears in: - SupersetStatus
| Field | Description | Default | Validation |
|---|---|---|---|
phase string |
Phase of the lifecycle: Idle, Cloning, Migrating, Rotating, Initializing, Complete, Blocked, AwaitingApproval. | Optional: {} |
|
maintenanceActive boolean |
MaintenanceActive indicates the maintenance page is currently serving traffic via the web-server Service. |
Optional: {} |
|
lastCompletedChecksums object (keys:string, values:string) |
LastCompletedChecksums maps task type to its ConfigChecksum at last successful completion. Used to detect input drift when task CRs are absent. |
Optional: {} |
|
clone TaskRefStatus |
Clone task status summary. | Optional: {} |
|
migrate TaskRefStatus |
Migrate task status summary. | Optional: {} |
|
rotate TaskRefStatus |
Rotate task status summary. | Optional: {} |
|
init TaskRefStatus |
Init task status summary. | Optional: {} |
|
upgrade UpgradeContext |
Upgrade context (populated during active upgrade). | Optional: {} |
MaintenancePageSpec¶
MaintenancePageSpec configures a lightweight maintenance page served while components are drained for lifecycle tasks. Supports two modes: - Managed (default): uses nginx:alpine with operator-generated HTML and nginx config. - Custom (image set): user provides their own image/command; content fields are passed as SUPERSET_OPERATOR__MAINTENANCE_* env vars.
Appears in: - LifecycleSpec
| Field | Description | Default | Validation |
|---|---|---|---|
title string |
Title displayed on the maintenance page heading (managed mode). In custom mode, passed as env var SUPERSET_OPERATOR__MAINTENANCE_TITLE. |
Optional: {} |
|
message string |
Message displayed below the title (managed mode). In custom mode, passed as env var SUPERSET_OPERATOR__MAINTENANCE_MESSAGE. |
Optional: {} |
|
body string |
Full HTML page content. When set in managed mode, title and message are ignored and this value is served as the complete page. In custom mode, passed as env var SUPERSET_OPERATOR__MAINTENANCE_BODY. |
Optional: {} |
|
image ImageSpec |
Image for the maintenance page container. When set, switches to custom mode: no nginx config is injected, and the user's image is responsible for serving HTTP traffic on the web-server port (default 8088). The port must match the web-server Service's target port since the maintenance page takes over that Service during lifecycle tasks. When unset, defaults to nginx:alpine (managed mode). |
Optional: {} |
|
replicas integer |
Number of maintenance page pod replicas. | 1 | Optional: {} |
deploymentTemplate DeploymentTemplate |
Deployment-level overrides for the maintenance page (strategy, revision history). For pod-level settings, use PodTemplate. |
Optional: {} |
|
podTemplate PodTemplate |
Pod template for the maintenance page pod (nested within deployment template for user convenience). |
Optional: {} |
McpServerComponentSpec¶
McpServerComponentSpec defines the MCP server component on the parent CRD.
Appears in: - SupersetSpec
| Field | Description | Default | Validation |
|---|---|---|---|
deploymentTemplate DeploymentTemplate |
Deployment template (Deployment-level configuration). | Optional: {} |
|
podTemplate PodTemplate |
Pod template (Pod and container configuration). | Optional: {} |
|
replicas integer |
Desired replica count; overridden by autoscaling when active. Defaults to spec.replicas if unset. | Optional: {} |
|
autoscaling AutoscalingSpec |
HorizontalPodAutoscaler configuration. When set, the HPA manages replica count. Overrides spec.autoscaling. | Optional: {} |
|
podDisruptionBudget PDBSpec |
PodDisruptionBudget for protecting availability during voluntary disruptions. Overrides spec.podDisruptionBudget. | Optional: {} |
|
image ImageOverrideSpec |
Image tag and/or repository overrides; inherits from spec.image if unset. | Optional: {} |
|
config string |
Per-component raw Python appended after top-level config. | Optional: {} |
|
service ComponentServiceSpec |
Service configuration (type, port, annotations). | Optional: {} |
|
sqlaEngineOptions SQLAlchemyEngineOptionsSpec |
Per-component SQLAlchemy engine options (overrides spec.sqlaEngineOptions entirely). | Optional: {} |
MetastoreSpec¶
MetastoreSpec defines the database connection for Superset's metastore. Either a URI (passthrough) or structured fields (host, database, etc.) can be used. They are mutually exclusive.
Appears in: - SupersetSpec
| Field | Description | Default | Validation |
|---|---|---|---|
uri string |
Full SQLAlchemy database URI. Mutually exclusive with structured fields and uriFrom. In prod mode, CRD validation rejects plain text URIs — use uriFrom to reference a Kubernetes Secret. |
Optional: {} |
|
uriFrom SecretKeySelector |
Reference to a Secret key containing the full SQLAlchemy URI. Mutually exclusive with uri and structured fields. |
Optional: {} |
|
type string |
Database type. Determines the SQLAlchemy driver. | PostgreSQL | Enum: [PostgreSQL MySQL] Optional: {} |
host string |
Database hostname. | Optional: {} |
|
port integer |
Database port. Defaults per driver (5432 for postgresql, 3306 for mysql). | Optional: {} |
|
database string |
Database name. | Optional: {} |
|
username string |
Database username. | Optional: {} |
|
password string |
Database password. In prod mode, CRD validation rejects plain text passwords — use passwordFrom to reference a Kubernetes Secret. | Optional: {} |
|
passwordFrom SecretKeySelector |
Reference to a Secret key containing the database password. Mutually exclusive with password. |
Optional: {} |
MigrateTaskSpec¶
MigrateTaskSpec defines the database migration task. Triggers on image (version) changes and upstream task re-execution.
Appears in: - LifecycleSpec
| Field | Description | Default | Validation |
|---|---|---|---|
command string array |
Command override for the task pod. | Optional: {} |
|
trigger string |
Trigger is an opaque string. Changing its value forces a re-run of this task and all downstream tasks. Use a timestamp, UUID, or CI build ID. |
Optional: {} |
|
requiresDrain boolean |
RequiresDrain controls whether components must be scaled to zero before this task runs. When true, the operator deletes all component child CRs before executing the task pod, preventing database connection conflicts. Defaults vary per task type: true for clone and migrate, false for init. |
Optional: {} |
|
timeout Duration |
Maximum timeout per attempt. | Optional: {} |
|
maxRetries integer |
Maximum number of retries before permanent failure. | 3 | Minimum: 1 Optional: {} |
disabled boolean |
Disabled skips this task entirely when true. | Optional: {} |
MonitoringSpec¶
MonitoringSpec defines Prometheus monitoring configuration.
Appears in: - SupersetSpec
| Field | Description | Default | Validation |
|---|---|---|---|
serviceMonitor ServiceMonitorSpec |
Optional: {} |
NetworkPolicySpec¶
NetworkPolicySpec defines network segmentation configuration.
Appears in: - SupersetSpec
| Field | Description | Default | Validation |
|---|---|---|---|
extraIngress NetworkPolicyIngressRule array |
Additional ingress rules appended to the operator-generated NetworkPolicy (e.g., allow traffic from monitoring namespace). | Optional: {} |
|
extraEgress NetworkPolicyEgressRule array |
Additional egress rules appended to the operator-generated NetworkPolicy. | Optional: {} |
NetworkingSpec¶
NetworkingSpec defines external access configuration.
Appears in: - SupersetSpec
| Field | Description | Default | Validation |
|---|---|---|---|
gateway GatewaySpec |
Gateway API HTTPRoute configuration. | Optional: {} |
|
ingress IngressSpec |
Ingress configuration. | Optional: {} |
PDBSpec¶
PDBSpec configures a PodDisruptionBudget.
Appears in: - CeleryFlowerComponentSpec - CeleryWorkerComponentSpec - FlatComponentSpec - McpServerComponentSpec - ScalableComponentSpec - SupersetCeleryBeatSpec - SupersetCeleryFlowerSpec - SupersetCeleryWorkerSpec - SupersetLifecycleTaskSpec - SupersetMcpServerSpec - SupersetSpec - SupersetWebServerSpec - SupersetWebsocketServerSpec - WebServerComponentSpec - WebsocketServerComponentSpec
| Field | Description | Default | Validation |
|---|---|---|---|
minAvailable IntOrString |
Minimum pods that must remain available during voluntary disruptions. Mutually exclusive with maxUnavailable. | Optional: {} |
|
maxUnavailable IntOrString |
Maximum pods allowed to be unavailable during voluntary disruptions. Mutually exclusive with minAvailable. | Optional: {} |
PodRetentionSpec¶
PodRetentionSpec defines retention behavior for init pods.
Appears in: - CloneTaskSpec - LifecycleSpec - SupersetLifecycleTaskSpec
| Field | Description | Default | Validation |
|---|---|---|---|
policy string |
Retention policy: Delete removes pods after completion, Retain keeps all, RetainOnFailure keeps only failed pods for debugging. Retained pods are automatically cleaned up by garbage collection when the task CR is deleted on the next lifecycle run. |
Retain | Enum: [Delete Retain RetainOnFailure] Optional: {} |
PodTemplate¶
PodTemplate configures Kubernetes PodSpec fields for the pod template.
Appears in: - CeleryBeatComponentSpec - CeleryFlowerComponentSpec - CeleryWorkerComponentSpec - CloneTaskSpec - FlatComponentSpec - LifecycleSpec - MaintenancePageSpec - McpServerComponentSpec - ScalableComponentSpec - SupersetCeleryBeatSpec - SupersetCeleryFlowerSpec - SupersetCeleryWorkerSpec - SupersetLifecycleTaskSpec - SupersetMcpServerSpec - SupersetSpec - SupersetWebServerSpec - SupersetWebsocketServerSpec - WebServerComponentSpec - WebsocketServerComponentSpec
| Field | Description | Default | Validation |
|---|---|---|---|
annotations object (keys:string, values:string) |
Pod annotations. | Optional: {} |
|
labels object (keys:string, values:string) |
Pod labels (merged with operator-managed labels which cannot be overridden). | Optional: {} |
|
affinity Affinity |
Pod affinity and anti-affinity rules for scheduling. | Optional: {} |
|
tolerations Toleration array |
Tolerations for scheduling on tainted nodes. | Optional: {} |
|
nodeSelector object (keys:string, values:string) |
Node labels for constraining pod scheduling. | Optional: {} |
|
topologySpreadConstraints TopologySpreadConstraint array |
Topology spread constraints for distributing pods across failure domains. | Optional: {} |
|
hostAliases HostAlias array |
Entries added to /etc/hosts in pod containers. | Optional: {} |
|
podSecurityContext PodSecurityContext |
Pod-level security context (runAsUser, fsGroup, seccomp, etc.). | Optional: {} |
|
priorityClassName string |
Priority class name for pod scheduling priority and preemption. | Optional: {} |
|
volumes Volume array |
Additional volumes for the pod (mounted via container.volumeMounts). | Optional: {} |
|
sidecars Container array |
Sidecar containers added alongside the main Superset container. | Optional: {} |
|
initContainers Container array |
Init containers run before the main container starts. | Optional: {} |
|
terminationGracePeriodSeconds integer |
Grace period for pod termination in seconds. | Optional: {} |
|
dnsPolicy DNSPolicy |
DNS policy for pods. | Optional: {} |
|
dnsConfig PodDNSConfig |
Custom DNS configuration for pods. | Optional: {} |
|
runtimeClassName string |
RuntimeClass for pods. | Optional: {} |
|
shareProcessNamespace boolean |
Share a single process namespace between all containers in a pod. | Optional: {} |
|
enableServiceLinks boolean |
Controls whether service environment variables are injected into pods. | Optional: {} |
|
resources ResourceRequirements |
Pod-level resource requirements (CPU, memory). When set, defines the total resources for the entire pod, enabling resource sharing among containers. Requires Kubernetes 1.34+ with the PodLevelResources feature gate. |
Optional: {} |
|
container ContainerTemplate |
Main container configuration. | Optional: {} |
RotateTaskSpec¶
RotateTaskSpec defines the secret key rotation task. Runs superset re-encrypt-secrets between migrate and init when the secret key is rotated. Requires previousSecretKey or previousSecretKeyFrom to be set on the parent spec.
Appears in: - LifecycleSpec
| Field | Description | Default | Validation |
|---|---|---|---|
command string array |
Command override for the task pod. | Optional: {} |
|
trigger string |
Trigger is an opaque string. Changing its value forces a re-run of this task and all downstream tasks. Use a timestamp, UUID, or CI build ID. |
Optional: {} |
|
requiresDrain boolean |
RequiresDrain controls whether components must be scaled to zero before this task runs. When true, the operator deletes all component child CRs before executing the task pod, preventing database connection conflicts. Defaults vary per task type: true for clone and migrate, false for init. |
Optional: {} |
|
timeout Duration |
Maximum timeout per attempt. | Optional: {} |
|
maxRetries integer |
Maximum number of retries before permanent failure. | 3 | Minimum: 1 Optional: {} |
disabled boolean |
Disabled skips this task entirely when true. | Optional: {} |
SQLAlchemyEngineOptionsSpec¶
SQLAlchemyEngineOptionsSpec configures the SQLAlchemy connection pool. Fields controlled by presets: poolClass (NullPool vs QueuePool), poolSize, maxOverflow. Static defaults: poolRecycle=3600, poolPrePing=false.
Appears in: - CeleryBeatComponentSpec - CeleryWorkerComponentSpec - LifecycleSpec - McpServerComponentSpec - SupersetSpec - WebServerComponentSpec
| Field | Description | Default | Validation |
|---|---|---|---|
preset string |
Preset for connection pool behavior. "disabled" suppresses rendering entirely. "conservative" uses NullPool (no persistent connections). "balanced" through "aggressive" use QueuePool with increasing pool sizes. Individual fields override preset-computed values. |
Enum: [disabled conservative balanced performance aggressive] Optional: {} |
|
poolSize integer |
Number of persistent connections in the pool. Overrides preset calculation. | Minimum: 0 Optional: {} |
|
maxOverflow integer |
Maximum overflow connections beyond poolSize (-1 = unlimited). | Optional: {} |
|
poolRecycle integer |
Connection max-age in seconds before recycling. | Minimum: 0 Optional: {} |
|
poolPrePing boolean |
Verify connections are alive before use. | Optional: {} |
|
poolTimeout integer |
Seconds to wait for a connection from the pool before giving up. | Minimum: 0 Optional: {} |
ScalableComponentSpec¶
ScalableComponentSpec provides deployment template and scaling fields. Embedded by scalable components (WebServer, CeleryWorker, CeleryFlower, WebsocketServer, McpServer). Non-scalable components (CeleryBeat, Init) use DeploymentTemplate or PodTemplate directly.
Appears in: - CeleryFlowerComponentSpec - CeleryWorkerComponentSpec - McpServerComponentSpec - WebServerComponentSpec - WebsocketServerComponentSpec
| Field | Description | Default | Validation |
|---|---|---|---|
deploymentTemplate DeploymentTemplate |
Deployment template (Deployment-level configuration). | Optional: {} |
|
podTemplate PodTemplate |
Pod template (Pod and container configuration). | Optional: {} |
|
replicas integer |
Desired replica count; overridden by autoscaling when active. Defaults to spec.replicas if unset. | Optional: {} |
|
autoscaling AutoscalingSpec |
HorizontalPodAutoscaler configuration. When set, the HPA manages replica count. Overrides spec.autoscaling. | Optional: {} |
|
podDisruptionBudget PDBSpec |
PodDisruptionBudget for protecting availability during voluntary disruptions. Overrides spec.podDisruptionBudget. | Optional: {} |
SchedulableBaseTaskSpec¶
SchedulableBaseTaskSpec extends BaseTaskSpec with cron-based scheduling. Tasks that embed this type can be periodically re-executed without external triggers. The schedule is additive to the manual trigger field.
Appears in: - CloneTaskSpec
| Field | Description | Default | Validation |
|---|---|---|---|
command string array |
Command override for the task pod. | Optional: {} |
|
trigger string |
Trigger is an opaque string. Changing its value forces a re-run of this task and all downstream tasks. Use a timestamp, UUID, or CI build ID. |
Optional: {} |
|
requiresDrain boolean |
RequiresDrain controls whether components must be scaled to zero before this task runs. When true, the operator deletes all component child CRs before executing the task pod, preventing database connection conflicts. Defaults vary per task type: true for clone and migrate, false for init. |
Optional: {} |
|
timeout Duration |
Maximum timeout per attempt. | Optional: {} |
|
maxRetries integer |
Maximum number of retries before permanent failure. | 3 | Minimum: 1 Optional: {} |
disabled boolean |
Disabled skips this task entirely when true. | Optional: {} |
|
cronSchedule string |
CronSchedule is a 5-field cron expression (minute hour day-of-month month day-of-week) that triggers periodic re-execution of this task and all downstream tasks. When the clock crosses a cron boundary, the task checksum changes and the lifecycle pipeline re-runs. Uses standard cron syntax. Examples: "0 2 * * " (daily 2 AM UTC), "0 /6 * * *" (every 6 hours), "30 1 * * 1" (Mondays 1:30 AM UTC). |
MaxLength: 256 MinLength: 9 Optional: {} |
ServiceAccountSpec¶
ServiceAccountSpec defines ServiceAccount configuration.
Appears in: - SupersetSpec
| Field | Description | Default | Validation |
|---|---|---|---|
create boolean |
When true (default), the operator creates a ServiceAccount. When false, it references an existing one. | Optional: {} |
|
name string |
ServiceAccount name. Created by the operator when create=true; must pre-exist when create=false. | Optional: {} |
|
annotations object (keys:string, values:string) |
ServiceAccount annotations (e.g., for IAM role bindings on cloud platforms). | Optional: {} |
ServiceMonitorSpec¶
ServiceMonitorSpec defines the ServiceMonitor configuration.
Appears in: - MonitoringSpec
| Field | Description | Default | Validation |
|---|---|---|---|
interval string |
Scrape interval (e.g., "30s"). How often Prometheus scrapes the web server metrics endpoint. | 30s | Optional: {} |
labels object (keys:string, values:string) |
Labels for Prometheus ServiceMonitor discovery (must match your Prometheus selector). | Optional: {} |
|
scrapeTimeout string |
Maximum time to wait for a scrape response before timing out. | Optional: {} |
Superset¶
Superset is the top-level resource representing a complete Superset deployment.
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
superset.apache.org/v1alpha1 |
||
kind string |
Superset |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
spec SupersetSpec |
|||
status SupersetStatus |
SupersetCeleryBeat¶
SupersetCeleryBeat is the Schema for the supersetcelerybeats API. It manages the Celery beat scheduler Deployment (singleton).
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
superset.apache.org/v1alpha1 |
||
kind string |
SupersetCeleryBeat |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
spec SupersetCeleryBeatSpec |
|||
status SupersetCeleryBeatStatus |
SupersetCeleryBeatSpec¶
SupersetCeleryBeatSpec is the fully-resolved, flat spec for celery beat. Beat is always a singleton (1 replica).
Appears in: - SupersetCeleryBeat
| Field | Description | Default | Validation |
|---|---|---|---|
image ImageSpec |
Container image configuration. | ||
replicas integer |
Desired replica count. | 1 | Optional: {} |
deploymentTemplate DeploymentTemplate |
Fully-resolved deployment template. | Optional: {} |
|
podTemplate PodTemplate |
Fully-resolved pod template. | Optional: {} |
|
serviceAccountName string |
ServiceAccountName to set on the pod. | Optional: {} |
|
autoscaling AutoscalingSpec |
Autoscaling configuration. | Optional: {} |
|
podDisruptionBudget PDBSpec |
PodDisruptionBudget configuration. | Optional: {} |
|
configChecksum string |
Checksum for rolling restarts. | Optional: {} |
SupersetCeleryBeatStatus¶
SupersetCeleryBeatStatus defines the observed state of SupersetCeleryBeat.
Appears in: - SupersetCeleryBeat
| Field | Description | Default | Validation |
|---|---|---|---|
ready string |
"2/2" format showing ready vs desired replicas. | Optional: {} |
|
conditions Condition array |
Standard conditions. | Optional: {} |
|
observedGeneration integer |
ObservedGeneration for leader election consistency. | Optional: {} |
SupersetCeleryFlower¶
SupersetCeleryFlower is the Schema for the supersetceleryflowers API. It manages the Celery Flower monitoring UI Deployment and Service.
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
superset.apache.org/v1alpha1 |
||
kind string |
SupersetCeleryFlower |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
spec SupersetCeleryFlowerSpec |
|||
status SupersetCeleryFlowerStatus |
SupersetCeleryFlowerSpec¶
SupersetCeleryFlowerSpec is the fully-resolved, flat spec for celery flower.
Appears in: - SupersetCeleryFlower
| Field | Description | Default | Validation |
|---|---|---|---|
image ImageSpec |
Container image configuration. | ||
replicas integer |
Desired replica count. | 1 | Optional: {} |
deploymentTemplate DeploymentTemplate |
Fully-resolved deployment template. | Optional: {} |
|
podTemplate PodTemplate |
Fully-resolved pod template. | Optional: {} |
|
serviceAccountName string |
ServiceAccountName to set on the pod. | Optional: {} |
|
autoscaling AutoscalingSpec |
Autoscaling configuration. | Optional: {} |
|
podDisruptionBudget PDBSpec |
PodDisruptionBudget configuration. | Optional: {} |
|
configChecksum string |
Checksum for rolling restarts. | Optional: {} |
|
service ComponentServiceSpec |
Service configuration. | Optional: {} |
SupersetCeleryFlowerStatus¶
SupersetCeleryFlowerStatus defines the observed state of SupersetCeleryFlower.
Appears in: - SupersetCeleryFlower
| Field | Description | Default | Validation |
|---|---|---|---|
ready string |
"2/2" format showing ready vs desired replicas. | Optional: {} |
|
conditions Condition array |
Standard conditions. | Optional: {} |
|
observedGeneration integer |
ObservedGeneration for leader election consistency. | Optional: {} |
SupersetCeleryWorker¶
SupersetCeleryWorker is the Schema for the supersetceleryworkers API. It manages the Celery worker Deployment.
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
superset.apache.org/v1alpha1 |
||
kind string |
SupersetCeleryWorker |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
spec SupersetCeleryWorkerSpec |
|||
status SupersetCeleryWorkerStatus |
SupersetCeleryWorkerSpec¶
SupersetCeleryWorkerSpec is the fully-resolved, flat spec for a celery worker.
Appears in: - SupersetCeleryWorker
| Field | Description | Default | Validation |
|---|---|---|---|
image ImageSpec |
Container image configuration. | ||
replicas integer |
Desired replica count. | 1 | Optional: {} |
deploymentTemplate DeploymentTemplate |
Fully-resolved deployment template. | Optional: {} |
|
podTemplate PodTemplate |
Fully-resolved pod template. | Optional: {} |
|
serviceAccountName string |
ServiceAccountName to set on the pod. | Optional: {} |
|
autoscaling AutoscalingSpec |
Autoscaling configuration. | Optional: {} |
|
podDisruptionBudget PDBSpec |
PodDisruptionBudget configuration. | Optional: {} |
|
configChecksum string |
Checksum for rolling restarts. | Optional: {} |
SupersetCeleryWorkerStatus¶
SupersetCeleryWorkerStatus defines the observed state of SupersetCeleryWorker.
Appears in: - SupersetCeleryWorker
| Field | Description | Default | Validation |
|---|---|---|---|
ready string |
"2/2" format showing ready vs desired replicas. | Optional: {} |
|
conditions Condition array |
Standard conditions. | Optional: {} |
|
observedGeneration integer |
ObservedGeneration for leader election consistency. | Optional: {} |
SupersetLifecycleTask¶
SupersetLifecycleTask is the Schema for the supersetlifecycletasks API. It manages lifecycle tasks (database migrations, init commands).
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
superset.apache.org/v1alpha1 |
||
kind string |
SupersetLifecycleTask |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
spec SupersetLifecycleTaskSpec |
|||
status SupersetLifecycleTaskStatus |
SupersetLifecycleTaskSpec¶
SupersetLifecycleTaskSpec defines the fully-resolved spec for a lifecycle task.
Appears in: - SupersetLifecycleTask
| Field | Description | Default | Validation |
|---|---|---|---|
image ImageSpec |
Container image configuration. | ||
replicas integer |
Desired replica count. | 1 | Optional: {} |
deploymentTemplate DeploymentTemplate |
Fully-resolved deployment template. | Optional: {} |
|
podTemplate PodTemplate |
Fully-resolved pod template. | Optional: {} |
|
serviceAccountName string |
ServiceAccountName to set on the pod. | Optional: {} |
|
autoscaling AutoscalingSpec |
Autoscaling configuration. | Optional: {} |
|
podDisruptionBudget PDBSpec |
PodDisruptionBudget configuration. | Optional: {} |
|
type string |
Type identifies the task purpose. Future task types will require schema additions. | Enum: [Clone Migrate Rotate Init] |
|
command string array |
Command to execute in the task pod. | ||
configChecksum string |
Config checksum for detecting changes that require re-run. | Optional: {} |
|
timeout Duration |
Maximum timeout per task pod attempt. | Optional: {} |
|
maxRetries integer |
Maximum number of retries before permanent failure. | 3 | Minimum: 1 Optional: {} |
podRetention PodRetentionSpec |
Pod retention policy for completed task pods. | Optional: {} |
SupersetLifecycleTaskStatus¶
SupersetLifecycleTaskStatus reports the status of a lifecycle task.
Appears in: - SupersetLifecycleTask
| Field | Description | Default | Validation |
|---|---|---|---|
state string |
Enum: [Pending Running Complete Failed] Optional: {} |
||
podName string |
Optional: {} |
||
startedAt Time |
Optional: {} |
||
completedAt Time |
Optional: {} |
||
duration string |
Optional: {} |
||
attempts integer |
Optional: {} |
||
image string |
Optional: {} |
||
message string |
Optional: {} |
||
configChecksum string |
Config checksum that was active when the task last completed. Used to detect changes and trigger re-execution. |
Optional: {} |
|
conditions Condition array |
Optional: {} |
||
observedGeneration integer |
Optional: {} |
SupersetMcpServer¶
SupersetMcpServer is the Schema for the supersetmcpservers API. It manages the FastMCP server Deployment and Service.
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
superset.apache.org/v1alpha1 |
||
kind string |
SupersetMcpServer |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
spec SupersetMcpServerSpec |
|||
status SupersetMcpServerStatus |
SupersetMcpServerSpec¶
SupersetMcpServerSpec is the fully-resolved, flat spec for the MCP server.
Appears in: - SupersetMcpServer
| Field | Description | Default | Validation |
|---|---|---|---|
image ImageSpec |
Container image configuration. | ||
replicas integer |
Desired replica count. | 1 | Optional: {} |
deploymentTemplate DeploymentTemplate |
Fully-resolved deployment template. | Optional: {} |
|
podTemplate PodTemplate |
Fully-resolved pod template. | Optional: {} |
|
serviceAccountName string |
ServiceAccountName to set on the pod. | Optional: {} |
|
autoscaling AutoscalingSpec |
Autoscaling configuration. | Optional: {} |
|
podDisruptionBudget PDBSpec |
PodDisruptionBudget configuration. | Optional: {} |
|
configChecksum string |
Checksum for rolling restarts. | Optional: {} |
|
service ComponentServiceSpec |
Service configuration. | Optional: {} |
SupersetMcpServerStatus¶
SupersetMcpServerStatus defines the observed state of SupersetMcpServer.
Appears in: - SupersetMcpServer
| Field | Description | Default | Validation |
|---|---|---|---|
ready string |
"2/2" format showing ready vs desired replicas. | Optional: {} |
|
conditions Condition array |
Standard conditions. | Optional: {} |
|
observedGeneration integer |
ObservedGeneration for leader election consistency. | Optional: {} |
SupersetSpec¶
SupersetSpec defines the desired state of a Superset deployment.
Appears in: - Superset
| Field | Description | Default | Validation |
|---|---|---|---|
image ImageSpec |
Image configuration inherited by all components. | ||
deploymentTemplate DeploymentTemplate |
Deployment template defaults inherited by all components (field-level merge). | Optional: {} |
|
podTemplate PodTemplate |
Pod template defaults inherited by all components (field-level merge). | Optional: {} |
|
replicas integer |
Default replica count for all scalable components; per-component replicas override this. | Optional: {} |
|
autoscaling AutoscalingSpec |
Default autoscaling for all scalable components (component-level overrides this). | Optional: {} |
|
podDisruptionBudget PDBSpec |
Default pod disruption budget for all scalable components (component-level overrides this). | Optional: {} |
|
environment string |
Environment mode: "Development", "Staging", or "Production". Controls validation strictness. In Production mode, CRD validation rejects plain text secrets and disallows cloning. In Staging mode, secrets are enforced (like Production) but cloning is allowed. In Development mode, plain text secrets, cloning, admin user, and load examples are all permitted. |
Production | Enum: [Development Staging Production] Optional: {} |
secretKey string |
Plain text secret key for session signing. Only allowed in dev mode. In prod, use secretKeyFrom to reference a Kubernetes Secret. |
Optional: {} |
|
secretKeyFrom SecretKeySelector |
Reference to a Secret key containing the secret key for session signing. Mutually exclusive with secretKey. |
Optional: {} |
|
previousSecretKey string |
Plain text previous secret key for key rotation. Only allowed in dev mode. When set, rendered as PREVIOUS_SECRET_KEY in superset_config.py for all Python components, enabling fallback decryption during key transitions. |
Optional: {} |
|
previousSecretKeyFrom SecretKeySelector |
Reference to a Secret key containing the previous secret key for rotation. Mutually exclusive with previousSecretKey. |
Optional: {} |
|
metastore MetastoreSpec |
Metastore database connection configuration. | Optional: {} |
|
valkey ValkeySpec |
Valkey cache, broker, and results backend configuration. | Optional: {} |
|
config string |
Raw Python appended after operator-generated superset_config.py. | Optional: {} |
|
sqlaEngineOptions SQLAlchemyEngineOptionsSpec |
SQLAlchemy engine options for connection pooling. Inherited by all Python components; per-component sqlaEngineOptions overrides this entirely. When unset, the operator computes balanced defaults per component. |
Optional: {} |
|
webServer WebServerComponentSpec |
Web server (gunicorn) component. Presence enables it; absence disables. | Optional: {} |
|
celeryWorker CeleryWorkerComponentSpec |
Celery async task worker component. Requires Valkey for broker/backend. | Optional: {} |
|
celeryBeat CeleryBeatComponentSpec |
Celery periodic task scheduler (singleton, always 1 replica). Requires Valkey. | Optional: {} |
|
celeryFlower CeleryFlowerComponentSpec |
Celery Flower monitoring UI component. | Optional: {} |
|
websocketServer WebsocketServerComponentSpec |
WebSocket server for real-time updates (Node.js, no Python config). | Optional: {} |
|
mcpServer McpServerComponentSpec |
FastMCP server component for AI tooling integration. | Optional: {} |
|
lifecycle LifecycleSpec |
Lifecycle configuration (database migration, init, upgrade mode). | Optional: {} |
|
networking NetworkingSpec |
Networking configuration (Ingress or Gateway API). | Optional: {} |
|
monitoring MonitoringSpec |
Monitoring configuration. | Optional: {} |
|
networkPolicy NetworkPolicySpec |
Network policy configuration. | Optional: {} |
|
serviceAccount ServiceAccountSpec |
ServiceAccount configuration. | Optional: {} |
|
suspend boolean |
Suspend stops reconciliation when true. | Optional: {} |
|
forceReload string |
ForceReload is an opaque string injected into all pod templates. Changing its value triggers a rolling restart of all components. Use a timestamp or incrementing value (e.g. "2026-04-24T12:00:00Z") to force a restart after rotating referenced Secrets. |
Optional: {} |
SupersetStatus¶
SupersetStatus defines the observed state of Superset.
Appears in: - Superset
| Field | Description | Default | Validation |
|---|---|---|---|
conditions Condition array |
Optional: {} |
||
observedGeneration integer |
Optional: {} |
||
components ComponentStatusMap |
Optional: {} |
||
lifecycle LifecycleStatus |
Lifecycle tracks the current lifecycle state. | Optional: {} |
|
lastLifecycleImage string |
Last image (repository:tag) that successfully completed the lifecycle. Used to detect image changes on subsequent reconciles. |
Optional: {} |
|
version string |
Optional: {} |
||
configChecksum string |
Optional: {} |
||
phase string |
High-level phase. | Enum: [Initializing Upgrading Draining Running Degraded Suspended Blocked AwaitingApproval] Optional: {} |
SupersetWebServer¶
SupersetWebServer is the Schema for the supersetwebservers API. It manages the Superset web server (gunicorn) Deployment.
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
superset.apache.org/v1alpha1 |
||
kind string |
SupersetWebServer |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
spec SupersetWebServerSpec |
|||
status SupersetWebServerStatus |
SupersetWebServerSpec¶
SupersetWebServerSpec is the fully-resolved, flat spec for a web server.
Appears in: - SupersetWebServer
| Field | Description | Default | Validation |
|---|---|---|---|
image ImageSpec |
Container image configuration. | ||
replicas integer |
Desired replica count. | 1 | Optional: {} |
deploymentTemplate DeploymentTemplate |
Fully-resolved deployment template. | Optional: {} |
|
podTemplate PodTemplate |
Fully-resolved pod template. | Optional: {} |
|
serviceAccountName string |
ServiceAccountName to set on the pod. | Optional: {} |
|
autoscaling AutoscalingSpec |
Autoscaling configuration. | Optional: {} |
|
podDisruptionBudget PDBSpec |
PodDisruptionBudget configuration. | Optional: {} |
|
configChecksum string |
Checksum stamped as pod template annotation for rolling restarts. | Optional: {} |
|
service ComponentServiceSpec |
Service configuration. | Optional: {} |
SupersetWebServerStatus¶
SupersetWebServerStatus defines the observed state of SupersetWebServer.
Appears in: - SupersetWebServer
| Field | Description | Default | Validation |
|---|---|---|---|
ready string |
"2/2" format showing ready vs desired replicas. | Optional: {} |
|
conditions Condition array |
Standard conditions. | Optional: {} |
|
observedGeneration integer |
ObservedGeneration for leader election consistency. | Optional: {} |
SupersetWebsocketServer¶
SupersetWebsocketServer is the Schema for the supersetwebsocketservers API. It manages the Superset websocket server Deployment.
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
superset.apache.org/v1alpha1 |
||
kind string |
SupersetWebsocketServer |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
spec SupersetWebsocketServerSpec |
|||
status SupersetWebsocketServerStatus |
SupersetWebsocketServerSpec¶
SupersetWebsocketServerSpec is the fully-resolved, flat spec for a websocket server. The websocket server is a Node.js application — it does NOT use superset_config.py.
Appears in: - SupersetWebsocketServer
| Field | Description | Default | Validation |
|---|---|---|---|
image ImageSpec |
Container image configuration. | ||
replicas integer |
Desired replica count. | 1 | Optional: {} |
deploymentTemplate DeploymentTemplate |
Fully-resolved deployment template. | Optional: {} |
|
podTemplate PodTemplate |
Fully-resolved pod template. | Optional: {} |
|
serviceAccountName string |
ServiceAccountName to set on the pod. | Optional: {} |
|
autoscaling AutoscalingSpec |
Autoscaling configuration. | Optional: {} |
|
podDisruptionBudget PDBSpec |
PodDisruptionBudget configuration. | Optional: {} |
|
service ComponentServiceSpec |
Service configuration. | Optional: {} |
SupersetWebsocketServerStatus¶
SupersetWebsocketServerStatus defines the observed state of SupersetWebsocketServer.
Appears in: - SupersetWebsocketServer
| Field | Description | Default | Validation |
|---|---|---|---|
ready string |
"2/2" format showing ready vs desired replicas. | Optional: {} |
|
conditions Condition array |
Standard conditions. | Optional: {} |
|
observedGeneration integer |
ObservedGeneration for leader election consistency. | Optional: {} |
TaskRefStatus¶
TaskRefStatus holds the projected status summary of a lifecycle task.
Appears in: - LifecycleStatus
| Field | Description | Default | Validation |
|---|---|---|---|
state string |
Enum: [Pending Running Complete Failed] Optional: {} |
||
startedAt Time |
Optional: {} |
||
completedAt Time |
Optional: {} |
||
duration string |
Optional: {} |
||
attempts integer |
Optional: {} |
||
podName string |
Optional: {} |
||
image string |
Optional: {} |
||
message string |
Optional: {} |
||
lastScheduledAt Time |
LastScheduledAt is the cron tick that triggered the most recent scheduled run. | Optional: {} |
|
nextScheduleAt Time |
NextScheduleAt is the next future cron tick when the schedule will fire. | Optional: {} |
UpgradeContext¶
UpgradeContext tracks the current upgrade operation.
Appears in: - LifecycleStatus
| Field | Description | Default | Validation |
|---|---|---|---|
fromVersion string |
Optional: {} |
||
toVersion string |
Optional: {} |
||
direction string |
Enum: [Upgrade Downgrade Unknown] Optional: {} |
||
startedAt Time |
Optional: {} |
ValkeyCacheSpec¶
ValkeyCacheSpec tunes a Superset Flask-Caching backend backed by Valkey.
Appears in: - ValkeySpec
| Field | Description | Default | Validation |
|---|---|---|---|
disabled boolean |
Disable this cache section. When true, the operator does not render this config — Superset falls back to its built-in default. |
Optional: {} |
|
database integer |
Valkey database number. | Optional: {} |
|
keyPrefix string |
Cache key prefix. | Optional: {} |
|
defaultTimeout integer |
Default cache timeout in seconds. | Optional: {} |
ValkeyCelerySpec¶
ValkeyCelerySpec tunes a Celery Valkey connection.
Appears in: - ValkeySpec
| Field | Description | Default | Validation |
|---|---|---|---|
disabled boolean |
Disable this Celery backend. When true, the operator does not render this config. | Optional: {} |
|
database integer |
Valkey database number. | Optional: {} |
ValkeyResultsBackendSpec¶
ValkeyResultsBackendSpec tunes the SQL Lab async results backend.
Appears in: - ValkeySpec
| Field | Description | Default | Validation |
|---|---|---|---|
disabled boolean |
Disable the results backend. When true, the operator does not render this config. | Optional: {} |
|
database integer |
Valkey database number. | Optional: {} |
|
keyPrefix string |
Cache key prefix for results. | Optional: {} |
ValkeySSLSpec¶
ValkeySSLSpec configures TLS for the Valkey connection.
Appears in: - ValkeySpec
| Field | Description | Default | Validation |
|---|---|---|---|
certRequired string |
Certificate verification mode. | required | Enum: [required optional none] Optional: {} |
keyFile string |
Path to the client private key file (for mTLS). | Optional: {} |
|
certFile string |
Path to the client certificate file (for mTLS). | Optional: {} |
|
caCertFile string |
Path to the CA certificate file for server verification. | Optional: {} |
ValkeySpec¶
ValkeySpec configures Valkey as the shared cache backend, Celery message broker, and SQL Lab results backend for Superset. When set, all sections are enabled with sensible defaults — only host is required.
Appears in: - SupersetSpec
| Field | Description | Default | Validation |
|---|---|---|---|
host string |
Valkey server hostname. | ||
port integer |
Valkey server port. | 6379 | Optional: {} |
password string |
Plain text password. Only allowed in dev mode — use passwordFrom in prod. | Optional: {} |
|
passwordFrom SecretKeySelector |
Reference to a Secret key containing the Valkey password. Mutually exclusive with password. |
Optional: {} |
|
ssl ValkeySSLSpec |
SSL/TLS configuration. When set, enables SSL for the Valkey connection. | Optional: {} |
|
cache ValkeyCacheSpec |
General cache (CACHE_CONFIG). Default: db=1, prefix="superset_", timeout=300s. | Optional: {} |
|
dataCache ValkeyCacheSpec |
Data/query results cache (DATA_CACHE_CONFIG). Default: db=2, prefix="superset_data_", timeout=86400s. | Optional: {} |
|
filterStateCache ValkeyCacheSpec |
Dashboard filter state cache (FILTER_STATE_CACHE_CONFIG). Default: db=3, prefix="superset_filter_", timeout=3600s. | Optional: {} |
|
exploreFormDataCache ValkeyCacheSpec |
Chart builder form state cache (EXPLORE_FORM_DATA_CACHE_CONFIG). Default: db=4, prefix="superset_explore_", timeout=3600s. | Optional: {} |
|
thumbnailCache ValkeyCacheSpec |
Thumbnail cache (THUMBNAIL_CACHE_CONFIG). Default: db=5, prefix="superset_thumbnail_", timeout=3600s. | Optional: {} |
|
celeryBroker ValkeyCelerySpec |
Celery broker (CeleryConfig.broker_url). Default: db=0. | Optional: {} |
|
celeryResultBackend ValkeyCelerySpec |
Celery result backend (CeleryConfig.result_backend). Default: db=0. | Optional: {} |
|
resultsBackend ValkeyResultsBackendSpec |
SQL Lab async results backend (RESULTS_BACKEND). Default: db=6, prefix="superset_results_". | Optional: {} |
WebServerComponentSpec¶
WebServerComponentSpec defines the web server component on the parent CRD.
Appears in: - SupersetSpec
| Field | Description | Default | Validation |
|---|---|---|---|
deploymentTemplate DeploymentTemplate |
Deployment template (Deployment-level configuration). | Optional: {} |
|
podTemplate PodTemplate |
Pod template (Pod and container configuration). | Optional: {} |
|
replicas integer |
Desired replica count; overridden by autoscaling when active. Defaults to spec.replicas if unset. | Optional: {} |
|
autoscaling AutoscalingSpec |
HorizontalPodAutoscaler configuration. When set, the HPA manages replica count. Overrides spec.autoscaling. | Optional: {} |
|
podDisruptionBudget PDBSpec |
PodDisruptionBudget for protecting availability during voluntary disruptions. Overrides spec.podDisruptionBudget. | Optional: {} |
|
image ImageOverrideSpec |
Image tag and/or repository overrides; inherits from spec.image if unset. | Optional: {} |
|
config string |
Per-component raw Python appended after top-level config. | Optional: {} |
|
service ComponentServiceSpec |
Service configuration (type, port, annotations). | Optional: {} |
|
gunicorn GunicornSpec |
Gunicorn worker configuration. Controls worker processes, threads, and related parameters. | Optional: {} |
|
sqlaEngineOptions SQLAlchemyEngineOptionsSpec |
Per-component SQLAlchemy engine options (overrides spec.sqlaEngineOptions entirely). | Optional: {} |
WebsocketServerComponentSpec¶
WebsocketServerComponentSpec defines the websocket server component on the parent CRD.
Appears in: - SupersetSpec
| Field | Description | Default | Validation |
|---|---|---|---|
deploymentTemplate DeploymentTemplate |
Deployment template (Deployment-level configuration). | Optional: {} |
|
podTemplate PodTemplate |
Pod template (Pod and container configuration). | Optional: {} |
|
replicas integer |
Desired replica count; overridden by autoscaling when active. Defaults to spec.replicas if unset. | Optional: {} |
|
autoscaling AutoscalingSpec |
HorizontalPodAutoscaler configuration. When set, the HPA manages replica count. Overrides spec.autoscaling. | Optional: {} |
|
podDisruptionBudget PDBSpec |
PodDisruptionBudget for protecting availability during voluntary disruptions. Overrides spec.podDisruptionBudget. | Optional: {} |
|
image ImageOverrideSpec |
Image tag and/or repository overrides; inherits from spec.image if unset. | Optional: {} |
|
service ComponentServiceSpec |
Service configuration (type, port, annotations). | Optional: {} |