Superset
You can deploy an instance of Superset with your Hydrolix cluster. Superset is an open-source data exploration and visualization platform that allows users to query, visualize, and analyze data ingested into Hydrolix.
Deploy Superset
To deploy Superset into your cluster, add the following to your hydrolixcluster.yaml
data_visualization_tools:
- superset
Hydrolix should deploy two additional pods:
superset-xxxxxxxxxx-xxxxx
superset-init-db-xx-x-x-xxxxx
Superset is exposed at the superset.{my-host}.hydrolix.live subdomain. Accessing this URL requires a DNS wildcard record (*.{my-host}.hydrolix.live) and a wildcard certificate for Traefik.
Superset network configuration
Create a DNS record
Set the following environment variable:
export HDX_KUBERNETES_NAMESPACE={your-k8s-namespace}
Run the following command to retrieve the Traefik record:
kubectl get service/traefik --namespace=$HDX_KUBERNETES_NAMESPACE
You should see output similar to the following:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE 8089/TCP 68m
traefik LoadBalancer 10.64.14.42 34.66.136.134 80:31708/TCP,9000:32344/TCP 2m50s
Use the DNS provider of your choice. Set up an A record for your hostname that points to the EXTERNAL-IP from the response.
| Key | Value |
|---|---|
| Record name | *.{my-host}.hydrolix.live |
| Record type | A |
| Value | 34.66.136.134 |
Issue a wildcard certificate for Traefik
Manual
You can manually import a valid wildcard certificate using the instructions to use or renew your own certificate.
Automatic
Must use Route53
Automatic wildcard certificate handling is only available for DNS records managed via AWS Route53.
- Create an IAM policy using the following minimum permissions policy. Replace the values for
{hosted-zone-id}and_acme-challenge.{my-host}.hydrolix.livewith the Route53 hosted zone ID and the Hydrolix cluster hostname.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "route53:GetChange",
"Resource": "arn:aws:route53:::change/*"
},
{
"Effect": "Allow",
"Action": "route53:ListHostedZonesByName",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"route53:ListResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/{hosted-zone-id}"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/{hosted-zone-id}"
],
"Condition": {
"ForAllValues:StringEquals": {
"route53:ChangeResourceRecordSetsNormalizedRecordNames": [
"_acme-challenge.{my-host}.hydrolix.live"
],
"route53:ChangeResourceRecordSetsRecordTypes": [
"TXT"
]
}
}
}
]
}
-
Attach the policy to a user by adding IAM identity permissions. This can be done directly or by attaching to an identity (user group, role) that includes the user.
-
Use the AWS Guide to create a new IAM access key and secret.
-
In
hydrolixcluster.yamlconfiguration, setissue_wildcard_cert: true. -
In Kubernetes, set the following values in the
curatedsecret using the access key ID and secret access key generated for the AWS user. Set the region and hosted zone ID corresponding to the Route53 A record.
ROUTE53_AWS_ACCESS_KEY_ID = {Access key ID}
ROUTE53_AWS_SECRET_ACCESS_KEY = {Secret access key}
ROUTE53_AWS_HOSTED_ZONE_ID = {Route53 zone ID}
ROUTE53_AWS_REGION = {Route53 region}
Using Superset
The Superset instance is now accessible. To visit it in your web browser, go to https://superset.{my-host}.hydrolix.live.
Login using your standard Hydrolix credentials. You should be redirected automatically to https://superset.{my-host}.hydrolix.live/superset/welcome/.
Updated 3 days ago