diff --git a/.gitignore b/.gitignore index 4d6cff6..855e09e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,12 @@ *.tgz +packages/ # Helm Charts dependencies /charts *.lock +.DS_Store + .idea .vscode diff --git a/.helmignore b/.helmignore index 63b945c..294b74f 100644 --- a/.helmignore +++ b/.helmignore @@ -25,3 +25,9 @@ .circleci/ docs/ + +# Makefile and other stuff +Makefile +CONTRIBUTING.md +README.md.gotmpl +packages/ diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f6fa217..1cb9052 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -7,7 +7,8 @@ # Contributing -* Install the follow packages: ``git``, ``kubectl``, ``helm``, ``helm-docs``. See this [tutorial](docs/requirements.md). +* Have the ``make`` command and *docker* installed on your system. With this, you don't need the below mentioned ``helm`` and ``helm-docs`` and use containers for the needed steps instead. +* [OPTIONAL] Install the follow packages: ``git``, ``kubectl``, ``helm``, ``helm-docs``. See this [tutorial](docs/requirements.md). * [OPTIONAL] Configure authentication on your Github account to use the SSH protocol instead of HTTP. Watch this tutorial to learn how to set up: https://help.github.com/en/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account * Create a fork this repository. * Clone the forked repository to your local system: @@ -37,7 +38,30 @@ git branch ``` * Make your changes and tests to the new branch. +* Verify your changed do not introduce syntactical/semantic errors: + +Method using make and docker: +```bash +make lint +```` + +Method using locally installed ``helm`` command: +```bash +helm lint . +``` + * Run command ``helm-docs`` to update content of ``README.md`` file using the ``README.md.gotmpl`` template. More info about [helm-docs](https://github.com/norwoodj/helm-docs). + +Method using make and docker: +```bash +make gen-docs +``` + +Method using locally installed ``helm-docs`` command: +```bash +helm-docs +``` + * Commit the changes to the branch. * Push files to repository remote with command: diff --git a/Chart.yaml b/Chart.yaml index 67c0cf3..ff17ad3 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,8 +1,8 @@ --- apiVersion: v2 name: zabbix -version: 2.0.1 -appVersion: 6.0.4 +version: 3.0.0 +appVersion: 6.0.5 description: Zabbix is a mature and effortless enterprise-class open source monitoring solution for network monitoring and application monitoring of millions of metrics. keywords: - zabbix @@ -10,7 +10,7 @@ keywords: - metrics home: https://www.zabbix.com/ icon: https://assets.zabbix.com/img/logo/zabbix_logo_500x131.png -source: +sources: - https://github.com/cetic/helm-zabbix maintainers: - name: Aecio Pires @@ -22,6 +22,9 @@ maintainers: - name: Amen Ayadi email: amen.ayadi@cetic.be url: https://github.com/AyadiAmen + - name: Christian Anton + email: christian.anton@secadm.de + url: https://secadm.de - name: Sebastien Dupont email: sebastien.dupont@cetic.be url: https://github.com/banzo diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..d6bb739 --- /dev/null +++ b/Makefile @@ -0,0 +1,33 @@ +URL=https://github.com/cetic/helm-zabbix/ +HELM_IMAGE=alpine/helm:3.9.0 +HELM_DOCS_IMAGE=jnorwood/helm-docs:v1.10.0 +KNOWN_TARGETS=helm + + +helm: + docker run --rm --name helm-exec \ + --user $(shell id -u):$(shell id -g) \ + --mount type=bind,src="$(shell pwd)",dst=/helm-chart \ + -w /helm-chart \ + -e HELM_CACHE_HOME=/helm-chart/.helm/cache \ + -e HELM_CONFIG_HOME=/helm-chart/.helm/config \ + -e HELM_DATA_HOME=/helm-chart/.helm/data \ + $(HELM_IMAGE) \ + $(CMD) + +# Run linter for helm chart +lint: + CMD="lint ." $(MAKE) helm + +# Package chart into zip file +package: + CMD="package . -d packages" $(MAKE) helm + +gen-docs: + docker run --rm --name helm-docs \ + --user $(shell id -u):$(shell id -g) \ + --mount type=bind,src="$(shell pwd)",dst=/helm-chart \ + -w /helm-chart \ + $(HELM_DOCS_IMAGE) \ + helm-docs + diff --git a/README.md b/README.md index 9a0335e..29ca036 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Helm Chart For Zabbix. -[![CircleCI](https://circleci.com/gh/cetic/helm-zabbix.svg?style=svg)](https://circleci.com/gh/cetic/helm-zabbix/tree/master) [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) ![version](https://img.shields.io/github/tag/cetic/helm-zabbix.svg?label=release) ![Version: 2.0.1](https://img.shields.io/badge/Version-2.0.1-informational?style=flat-square) +[![CircleCI](https://circleci.com/gh/cetic/helm-zabbix.svg?style=svg)](https://circleci.com/gh/cetic/helm-zabbix/tree/master) [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) ![version](https://img.shields.io/github/tag/cetic/helm-zabbix.svg?label=release) ![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) Zabbix is a mature and effortless enterprise-class open source monitoring solution for network monitoring and application monitoring of millions of metrics. @@ -12,6 +12,15 @@ This Helm chart installs [Zabbix](https://www.zabbix.com) in a Kubernetes cluste > **This helm chart is still under development** +> **Break change 3.0.0** +* This version removes the possibility to specify database username/password per + subsection in favor of specifying all of them centrally at one place. +* Also, the names of the values have changed from upper to lowercase. +* It is now possible to start the Zabbix Server pods with replicas of more than 1. + HA functionality of Zabbix will automatically be enabled and it is made sure that + the database schema publication will only happen once, and not by all of the Zabbix + server pods at the same time. + > **Break change 2.0.0** * The version 2.0.0 has a break change. * Will be used Postgresql 14.x and Zabbix 6.0.4. @@ -41,7 +50,7 @@ possible is possible, while still obtaining a good level of security. - Kubernetes cluster 1.10+ - Helm 3.0+ - Kubectl -- PV provisioner support in the underlying infrastructure. +- PV provisioner support in the underlying infrastructure (optional). Install requirement ``kubectl`` and ``helm`` following the instructions this [tutorial](docs/requirements.md). @@ -51,7 +60,7 @@ Install requirement ``kubectl`` and ``helm`` following the instructions this [tu **Zabbix server** is the central process of Zabbix software. -The server performs the polling and trapping of data, it calculates triggers, sends notifications to users. It is the central component to which Zabbix agents and proxies report data on availability and integrity of systems. The server can itself remotely check networked services (such as web servers and mail servers) using simple service checks. +The server performs the polling and trapping of data, it calculates triggers, sends notifications to users. It is the central component to which Zabbix agents and proxies report data on availability and integrity of systems. The server can itself remotely check networked services (such as web servers and mail servers) using simple service checks. Zabbix Server can be operated in a High Availability mode since version 6.0 which is automatically enabled by this Helm chart when setting the Zabbix server component to run more than 1 replica. In this HA mode, all Zabbix server instances periodically send a heartbeat to the Database server (just updating a timestamp in a table) as well as which of the nodes is the "active" one. In case the active node does not send a heartbeat within a certain time, any of the remaining ones automatically take over. It is everytime possible to join new nodes to the HA cluster by just raising the amount of replicas of the Zabbix server. ## Zabbix Agent @@ -73,15 +82,58 @@ The server performs the polling and trapping of data, it calculates triggers, se A database is required for zabbix to work, in this helm chart we're using Postgresql 14.x. -> To use a different database make sure you use the right docker image, the docker image we're using here is for postgresql only. +> We use plain postgresql database by default WITHOUT persistence. If you want persistence or would like to use TimescaleDB instead, check the comments in the ``values.yaml`` file. ## Configure the chart The items of section [Configuration](#Configuration) can be set via ``--set`` flag during installation or change the values according to the need of the environment in ``helm-zabbix/values.yaml`` file. +### Configure central database access related settings + +All settings referring to how the different components that this Chart installs access the Zabbix Database (either an external, already existing database or one deployed within this Helm chart) are being configured centrally under the ``db_access`` section of the ``values.yaml`` file. + +By default, this Chart will deploy it's own very simple PostgreSQL database. All settings relevant to how to access this database will be held in one central unified secret with the name configured with the ``db_access.unified_secret_name`` setting. + +Instead of letting the Chart automatically generate such a secret with a random password (which will NOT be recreated on upgrade/redeploy), you can supply such a secret yourself. Use ``db_access.unified_secret_autocreate=false`` in such a case and read the comments in ``values.yaml`` for how the values inside the secret should be set. + +If you want to connect your Zabbix installation to a Postgres database deployed using the [CrunchyData PGO Operator](https://access.crunchydata.com/documentation/postgres-operator/latest/), you can use the secret that PGO generates for your DB automatically directly to connect Zabbix to it, by just referring to its name with the ``db_access.unified_secret_name`` setting to it. + +There is also the possibility to set all DB relevant settings directly inside the ``db_access`` section of the ``values.yaml`` file by using the settings noted there (``db_server_host``, ``postgres_user``, etc). If doing so, you still can use one single secret to told just and only the database password. If you want to do so, supply the ``db_access.postgres_password_secret`` and ``db_access.postgres_password_secret_key`` settings, accordingly. + +## Configure Postgresql database to match with your performance expectations + +While the default database configuration shipped with this Chart is fine for most (very small, for testing only) Zabbix installations, you will want to set some specific settings to better match your setup. First of all, you should consider enabling Postgresql database persistence (``postgresql.persistence.enabled``), as otherwise all your changes and historical data will be gone as soon as you remove the installation of Zabbix. Additionally, you might want to tune Postgresql by supplying extra postgresql runtime parameters using the ``postgresql.extraRuntimeParameters`` dictionary: + +```yaml +postgresql: + enabled: true + persistence: + enabled: true + storage_size: 50Gi + extraRuntimeParameters: + max_connections: 250 + dynamic_shared_memory_type: posix + shared_buffers: 4GB + temp_buffers: 16MB + work_mem: 128MB + maintenance_work_mem: 256MB + effective_cache_size: 6GB + min_wal_size: 80MB +``` + +Alternatively, you can add your own configuration file for postgresql (using a ConfigMap and the ``postgresql.extraVolumes`` setting) to mount it into the postgresql container and referring to this config file with the ``postgresql.extraRuntimeParameters`` set to: + +```yaml +postgresql: + extraRuntimeParameters: + config.file: /path/to/your/config.file +``` + ### Configure the way how to expose Zabbix service: - **Ingress**: The ingress controller must be installed in the Kubernetes cluster. +- **IngressRoute**: The custom resource definition if you use the [Traefik](https://traefik.io/traefik/) ingress controller. +- **Route**: The ingress controller used by Red Hat Openshift, based on HAProxy - **ClusterIP**: Exposes the service on a cluster-internal IP. Choosing this value makes the service only reachable from within the cluster. - **NodePort**: Exposes the service on each Node’s IP at a static port (the NodePort). You’ll be able to contact the NodePort service, from outside the cluster, by requesting ``NodeIP:NodePort``. - **LoadBalancer**: Exposes the service externally using a cloud provider’s load balancer. @@ -217,28 +269,34 @@ The following tables lists the configurable parameters of the chart and their de | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | Affinity configurations | -| db_access.secret_autocreate | bool | `true` | automatically create secret if not already present (works only in combination with postgresql.enabled=true) | -| db_access.secret_name | string | `"zabbixdb-pguser-zabbix"` | * password | +| db_access.db_server_host | string | `"zabbix-postgresql"` | Address of database host - ignored if postgresql.enabled=true | +| db_access.db_server_port | string | `"5432"` | Port of database host - ignored if postgresql.enabled=true | +| db_access.postgres_db | string | `"zabbix"` | Name of database | +| db_access.postgres_password | string | `"zabbix"` | Password of database - ignored if postgres_password_secret is set | +| db_access.postgres_user | string | `"zabbix"` | User of database | +| db_access.unified_secret_autocreate | bool | `true` | automatically create secret if not already present (works only in combination with postgresql.enabled=true) | +| db_access.unified_secret_name | string | `"zabbixdb-pguser-zabbix"` | Name of one secret for unified configuration of DB access | +| db_access.use_unified_secret | bool | `true` | Whether to use the unified db access secret | | ingress.annotations | object | `{}` | Ingress annotations | | ingress.enabled | bool | `false` | Enables Ingress | -| ingress.extraLabels | object | `{}` | Ingress extra labels | | ingress.hosts | list | `[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}]` | Ingress hosts | | ingress.pathType | string | `"Prefix"` | pathType is only for k8s >= 1.1= | | ingress.tls | list | `[]` | Ingress TLS configuration | -| livenessProbe.failureThreshold | int | `6` | When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. In case of readiness probe the Pod will be marked Unready | -| livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before liveness | -| livenessProbe.path | string | `"/"` | Path of health check of application | -| livenessProbe.periodSeconds | int | `10` | Specifies that the kubelet should perform a liveness probe every N seconds | -| livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed | -| livenessProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out | +| ingressroute.annotations | object | `{}` | IngressRoute annotations | +| ingressroute.enabled | bool | `false` | Enables Traefik IngressRoute | +| ingressroute.entryPoints | list | `["websecure"]` | Ingressroute entrypoints | +| ingressroute.hostName | string | `"chart-example.local"` | Ingressroute host name | | nodeSelector | object | `{}` | nodeSelector configurations | | postgresql.enabled | bool | `true` | Create a database using Postgresql | +| postgresql.extraContainers | list | `[]` | additional containers to start within the postgresql pod | | postgresql.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. | +| postgresql.extraRuntimeParameters | object | `{"max_connections":50}` | Extra Postgresql runtime parameters ("-c" options) | +| postgresql.extraVolumeMounts | list | `[]` | additional volumeMounts to the postgresql container | +| postgresql.extraVolumes | list | `[]` | additional volumes to make available to the postgresql pod | | postgresql.image.pullPolicy | string | `"IfNotPresent"` | Pull policy of Docker image | | postgresql.image.pullSecrets | list | `[]` | List of dockerconfig secrets names to use when pulling images | | postgresql.image.repository | string | `"postgres"` | Postgresql Docker image name: chose one of "postgres" or "timescale/timescaledb" | | postgresql.image.tag | int | `14` | Tag of Docker image of Postgresql server, chose "14" for postgres or "latest-pg14" for timescaledb | -| postgresql.max_connections | int | `50` | Name of database POSTGRES_DB: "zabbix" - max simultaneous connections to accept for the Postgres server | | postgresql.persistence.enabled | bool | `false` | whether to enable persistent storage for the postgres container or not | | postgresql.persistence.existing_claim_name | bool | `false` | existing persistent volume claim name to be used to store posgres data | | postgresql.persistence.storage_size | string | `"5Gi"` | size of the PVC to be automatically generated | @@ -246,13 +304,12 @@ The following tables lists the configurable parameters of the chart and their de | postgresql.service.clusterIP | string | `nil` | Cluster IP for Zabbix server | | postgresql.service.port | int | `5432` | Port of service in Kubernetes cluster | | postgresql.service.type | string | `"ClusterIP"` | Type of service in Kubernetes cluster | -| readinessProbe.failureThreshold | int | `6` | When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. In case of readiness probe the Pod will be marked Unready | -| readinessProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before readiness | -| readinessProbe.path | string | `"/"` | Path of health check of application | -| readinessProbe.periodSeconds | int | `10` | Specifies that the kubelet should perform a readiness probe every N seconds | -| readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed | -| readinessProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out | +| route.annotations | object | `{}` | Openshift Route extra annotations | +| route.enabled | bool | `false` | Enables Route object for Openshift | +| route.hostName | string | `"chart-example.local"` | Host Name for the route. Can be left empty | +| route.tls | object | `{"termination":"edge"}` | Openshift Route TLS settings | | tolerations | list | `[]` | Tolerations configurations | +| zabbix_image_tag | string | `"ubuntu-6.0.5"` | zabbix components (server, agent, web frontend, ...) image tag to use. Overwritten by zabbixserver.image.tag etc. | | zabbixagent.ZBX_ACTIVE_ALLOW | bool | `true` | This variable is boolean (true or false) and enables or disables feature of active checks | | zabbixagent.ZBX_JAVAGATEWAY_ENABLE | bool | `false` | The variable enable communication with Zabbix Java Gateway to collect Java related checks. By default, value is false. | | zabbixagent.ZBX_PASSIVESERVERS | string | `"127.0.0.1"` | The variable is comma separated list of allowed Zabbix server or proxy hosts for connections to Zabbix agent container. | @@ -262,10 +319,10 @@ The following tables lists the configurable parameters of the chart and their de | zabbixagent.ZBX_VMWARECACHESIZE | string | `"128M"` | Cache size | | zabbixagent.enabled | bool | `true` | Enables use of **Zabbix Agent** | | zabbixagent.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml | +| zabbixagent.extraVolumeMounts | list | `[]` | additional volumeMounts to the zabbix agent container | | zabbixagent.image.pullPolicy | string | `"IfNotPresent"` | Pull policy of Docker image | | zabbixagent.image.pullSecrets | list | `[]` | List of dockerconfig secrets names to use when pulling images | -| zabbixagent.image.repository | string | `"zabbix/zabbix-agent"` | Zabbix agent Docker image name. Can use zabbix/zabbix-agent or zabbix/zabbix-agent2 | -| zabbixagent.image.tag | string | `"ubuntu-6.0.4"` | Tag of Docker image of Zabbix agent | +| zabbixagent.image.repository | string | `"zabbix/zabbix-agent2"` | Zabbix agent Docker image name. Can use zabbix/zabbix-agent or zabbix/zabbix-agent2 | | zabbixagent.resources | object | `{}` | | | zabbixagent.service.annotations | object | `{}` | Annotations for the zabbix-agent service | | zabbixagent.service.clusterIP | string | `nil` | Cluster IP for Zabbix agent | @@ -277,12 +334,14 @@ The following tables lists the configurable parameters of the chart and their de | zabbixproxy.ZBX_SERVER_HOST | string | `"zabbix-zabbix-server"` | Zabbix server host | | zabbixproxy.ZBX_SERVER_PORT | int | `10051` | Zabbix server port | | zabbixproxy.ZBX_VMWARECACHESIZE | string | `"128M"` | Cache size | -| zabbixproxy.enabled | bool | `true` | Enables use of **Zabbix Proxy** | +| zabbixproxy.enabled | bool | `false` | Enables use of **Zabbix Proxy** | +| zabbixproxy.extraContainers | list | `[]` | additional containers to start within the zabbix proxy pod | | zabbixproxy.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml | +| zabbixproxy.extraVolumeMounts | list | `[]` | additional volumeMounts to the zabbix proxy container | +| zabbixproxy.extraVolumes | list | `[]` | additional volumes to make available to the zabbix proxy pod | | zabbixproxy.image.pullPolicy | string | `"IfNotPresent"` | Pull policy of Docker image | | zabbixproxy.image.pullSecrets | list | `[]` | List of dockerconfig secrets names to use when pulling images | | zabbixproxy.image.repository | string | `"zabbix/zabbix-proxy-sqlite3"` | Zabbix proxy Docker image name | -| zabbixproxy.image.tag | string | `"ubuntu-6.0.4"` | Tag of Docker image of Zabbix proxy | | zabbixproxy.replicaCount | int | `1` | Number of replicas of ``zabbixproxy`` module | | zabbixproxy.resources | object | `{}` | | | zabbixproxy.service.annotations | object | `{}` | Annotations for the zabbix-proxy service | @@ -290,30 +349,65 @@ The following tables lists the configurable parameters of the chart and their de | zabbixproxy.service.port | int | `10051` | Port to expose service | | zabbixproxy.service.type | string | `"ClusterIP"` | Type of service for Zabbix proxy | | zabbixserver.enabled | bool | `true` | Enables use of **Zabbix Server** | +| zabbixserver.extraContainers | list | `[]` | additional containers to start within the zabbix server pod | | zabbixserver.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml | +| zabbixserver.extraVolumeMounts | list | `[]` | additional volumeMounts to the zabbix server container | +| zabbixserver.extraVolumes | list | `[]` | additional volumes to make available to the zabbix server pod | +| zabbixserver.ha_nodes_autoclean | object | `{"delete_older_than_seconds":3600,"enabled":true,"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"postgres","tag":"14"},"schedule":"0 1 * * *"}` | automatically clean orphaned ha nodes from ha_nodes db table | | zabbixserver.hostIP | string | `"0.0.0.0"` | optional set hostIP different from 0.0.0.0 to open port only on this IP | -| zabbixserver.hostPort | bool | `false` | optional set true open a port direct on node where zabbix server runs | +| zabbixserver.hostPort | bool | `false` | optional set true open a port direct on node where zabbix server runs | | zabbixserver.image.pullPolicy | string | `"IfNotPresent"` | Pull policy of Docker image | | zabbixserver.image.pullSecrets | list | `[]` | List of dockerconfig secrets names to use when pulling images | | zabbixserver.image.repository | string | `"zabbix/zabbix-server-pgsql"` | Zabbix server Docker image name | -| zabbixserver.image.tag | string | `"ubuntu-6.0.4"` | Tag of Docker image of Zabbix server | +| zabbixserver.pod_anti_affinity | bool | `true` | set permissive podAntiAffinity to spread replicas over cluster nodes if replicaCount>1 | | zabbixserver.replicaCount | int | `1` | Number of replicas of ``zabbixserver`` module | | zabbixserver.resources | object | `{}` | | -| zabbixserver.service | object | `{"annotations":{},"clusterIP":null,"nodePort":31051,"port":10051,"type":"ClusterIP"}` | Name of database POSTGRES_DB: "zabbix" | | zabbixserver.service.annotations | object | `{}` | Annotations for the zabbix-server service | | zabbixserver.service.clusterIP | string | `nil` | Cluster IP for Zabbix server | | zabbixserver.service.nodePort | int | `31051` | NodePort of service on each node | | zabbixserver.service.port | int | `10051` | Port of service in Kubernetes cluster | | zabbixserver.service.type | string | `"ClusterIP"` | Type of service in Kubernetes cluster | | zabbixweb.enabled | bool | `true` | Enables use of **Zabbix Web** | +| zabbixweb.extraContainers | list | `[]` | additional containers to start within the zabbix web pod | | zabbixweb.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml | +| zabbixweb.extraVolumeMounts | list | `[]` | additional volumeMounts to the zabbix web container | +| zabbixweb.extraVolumes | list | `[]` | additional volumes to make available to the zabbix web pod | | zabbixweb.image.pullPolicy | string | `"IfNotPresent"` | Pull policy of Docker image | | zabbixweb.image.pullSecrets | list | `[]` | List of dockerconfig secrets names to use when pulling images | -| zabbixweb.image.repository | string | `"zabbix/zabbix-web-apache-pgsql"` | Zabbix web Docker image name | -| zabbixweb.image.tag | string | `"ubuntu-6.0.4"` | Tag of Docker image of Zabbix web | +| zabbixweb.image.repository | string | `"zabbix/zabbix-web-nginx-pgsql"` | Zabbix web Docker image name | +| zabbixweb.livenessProbe.failureThreshold | int | `6` | When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. In case of readiness probe the Pod will be marked Unready | +| zabbixweb.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before liveness | +| zabbixweb.livenessProbe.path | string | `"/"` | Path of health check of application | +| zabbixweb.livenessProbe.periodSeconds | int | `10` | Specifies that the kubelet should perform a liveness probe every N seconds | +| zabbixweb.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed | +| zabbixweb.livenessProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out | +| zabbixweb.pod_anti_affinity | bool | `true` | set permissive podAntiAffinity to spread replicas over cluster nodes if replicaCount>1 | +| zabbixweb.readinessProbe.failureThreshold | int | `6` | When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. In case of readiness probe the Pod will be marked Unready | +| zabbixweb.readinessProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before readiness | +| zabbixweb.readinessProbe.path | string | `"/"` | Path of health check of application | +| zabbixweb.readinessProbe.periodSeconds | int | `10` | Specifies that the kubelet should perform a readiness probe every N seconds | +| zabbixweb.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed | +| zabbixweb.readinessProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out | +| zabbixweb.replicaCount | int | `1` | | | zabbixweb.resources | object | `{}` | | -| zabbixweb.service | object | `{"annotations":{},"clusterIP":null,"port":80,"type":"NodePort"}` | Name of database POSTGRES_DB: zabbix | +| zabbixweb.service | object | `{"annotations":{},"clusterIP":null,"port":80,"type":"ClusterIP"}` | Certificate containing certificates for SAML configuration saml_certs_secret_name: zabbix-web-samlcerts | | zabbixweb.service.annotations | object | `{}` | Annotations for the zabbix-web service | | zabbixweb.service.clusterIP | string | `nil` | Cluster IP for Zabbix web | | zabbixweb.service.port | int | `80` | Port to expose service | -| zabbixweb.service.type | string | `"NodePort"` | Type of service for Zabbix web | +| zabbixweb.service.type | string | `"ClusterIP"` | Type of service for Zabbix web | +| zabbixwebservice.enabled | bool | `true` | Enables use of **Zabbix Web Service** | +| zabbixwebservice.extraContainers | list | `[]` | additional containers to start within the zabbix webservice pod | +| zabbixwebservice.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml | +| zabbixwebservice.extraVolumeMounts | list | `[]` | additional volumeMounts to the zabbix webservice container | +| zabbixwebservice.extraVolumes | list | `[]` | additional volumes to make available to the zabbix webservice pod | +| zabbixwebservice.image.pullPolicy | string | `"IfNotPresent"` | Pull policy of Docker image | +| zabbixwebservice.image.pullSecrets | list | `[]` | List of dockerconfig secrets names to use when pulling images | +| zabbixwebservice.image.repository | string | `"zabbix/zabbix-web-service"` | Zabbix web Docker image name | +| zabbixwebservice.pod_anti_affinity | bool | `true` | set permissive podAntiAffinity to spread replicas over cluster nodes if replicaCount>1 | +| zabbixwebservice.replicaCount | int | `1` | | +| zabbixwebservice.resources | object | `{}` | | +| zabbixwebservice.service | object | `{"annotations":{},"clusterIP":null,"port":10053,"type":"ClusterIP"}` | set the IgnoreURLCertErrors configuration setting of Zabbix web service ignore_url_cert_errors=1 | +| zabbixwebservice.service.annotations | object | `{}` | Annotations for the zabbix-web service | +| zabbixwebservice.service.clusterIP | string | `nil` | Cluster IP for Zabbix web | +| zabbixwebservice.service.port | int | `10053` | Port to expose service | +| zabbixwebservice.service.type | string | `"ClusterIP"` | Type of service for Zabbix web | diff --git a/README.md.gotmpl b/README.md.gotmpl index 64c4aaf..8b59915 100644 --- a/README.md.gotmpl +++ b/README.md.gotmpl @@ -12,6 +12,15 @@ This Helm chart installs [Zabbix](https://www.zabbix.com) in a Kubernetes cluste > **This helm chart is still under development** +> **Break change 3.0.0** +* This version removes the possibility to specify database username/password per + subsection in favor of specifying all of them centrally at one place. +* Also, the names of the values have changed from upper to lowercase. +* It is now possible to start the Zabbix Server pods with replicas of more than 1. + HA functionality of Zabbix will automatically be enabled and it is made sure that + the database schema publication will only happen once, and not by all of the Zabbix + server pods at the same time. + > **Break change 2.0.0** * The version 2.0.0 has a break change. * Will be used Postgresql 14.x and Zabbix 6.0.4. @@ -41,7 +50,7 @@ possible is possible, while still obtaining a good level of security. - Kubernetes cluster 1.10+ - Helm 3.0+ - Kubectl -- PV provisioner support in the underlying infrastructure. +- PV provisioner support in the underlying infrastructure (optional). Install requirement ``kubectl`` and ``helm`` following the instructions this [tutorial](docs/requirements.md). @@ -51,7 +60,8 @@ Install requirement ``kubectl`` and ``helm`` following the instructions this [tu **Zabbix server** is the central process of Zabbix software. -The server performs the polling and trapping of data, it calculates triggers, sends notifications to users. It is the central component to which Zabbix agents and proxies report data on availability and integrity of systems. The server can itself remotely check networked services (such as web servers and mail servers) using simple service checks. +The server performs the polling and trapping of data, it calculates triggers, sends notifications to users. It is the central component to which Zabbix agents and proxies report data on availability and integrity of systems. The server can itself remotely check networked services (such as web servers and mail servers) using simple service checks. Zabbix Server can be operated in a High Availability mode since version 6.0 which is automatically enabled by this Helm chart when setting the Zabbix server component to run more than 1 replica. In this HA mode, all Zabbix server instances periodically send a heartbeat to the Database server (just updating a timestamp in a table) as well as which of the nodes is the "active" one. In case the active node does not send a heartbeat within a certain time, any of the remaining ones automatically take over. It is everytime possible to join new nodes to the HA cluster by just raising the amount of replicas of the Zabbix server. + ## Zabbix Agent @@ -73,15 +83,59 @@ The server performs the polling and trapping of data, it calculates triggers, se A database is required for zabbix to work, in this helm chart we're using Postgresql 14.x. -> To use a different database make sure you use the right docker image, the docker image we're using here is for postgresql only. +> We use plain postgresql database by default WITHOUT persistence. If you want persistence or would like to use TimescaleDB instead, check the comments in the ``values.yaml`` file. + ## Configure the chart The items of section [Configuration](#Configuration) can be set via ``--set`` flag during installation or change the values according to the need of the environment in ``helm-zabbix/values.yaml`` file. +### Configure central database access related settings + +All settings referring to how the different components that this Chart installs access the Zabbix Database (either an external, already existing database or one deployed within this Helm chart) are being configured centrally under the ``db_access`` section of the ``values.yaml`` file. + +By default, this Chart will deploy it's own very simple PostgreSQL database. All settings relevant to how to access this database will be held in one central unified secret with the name configured with the ``db_access.unified_secret_name`` setting. + +Instead of letting the Chart automatically generate such a secret with a random password (which will NOT be recreated on upgrade/redeploy), you can supply such a secret yourself. Use ``db_access.unified_secret_autocreate=false`` in such a case and read the comments in ``values.yaml`` for how the values inside the secret should be set. + +If you want to connect your Zabbix installation to a Postgres database deployed using the [CrunchyData PGO Operator](https://access.crunchydata.com/documentation/postgres-operator/latest/), you can use the secret that PGO generates for your DB automatically directly to connect Zabbix to it, by just referring to its name with the ``db_access.unified_secret_name`` setting to it. + +There is also the possibility to set all DB relevant settings directly inside the ``db_access`` section of the ``values.yaml`` file by using the settings noted there (``db_server_host``, ``postgres_user``, etc). If doing so, you still can use one single secret to told just and only the database password. If you want to do so, supply the ``db_access.postgres_password_secret`` and ``db_access.postgres_password_secret_key`` settings, accordingly. + +## Configure Postgresql database to match with your performance expectations + +While the default database configuration shipped with this Chart is fine for most (very small, for testing only) Zabbix installations, you will want to set some specific settings to better match your setup. First of all, you should consider enabling Postgresql database persistence (``postgresql.persistence.enabled``), as otherwise all your changes and historical data will be gone as soon as you remove the installation of Zabbix. Additionally, you might want to tune Postgresql by supplying extra postgresql runtime parameters using the ``postgresql.extraRuntimeParameters`` dictionary: + +```yaml +postgresql: + enabled: true + persistence: + enabled: true + storage_size: 50Gi + extraRuntimeParameters: + max_connections: 250 + dynamic_shared_memory_type: posix + shared_buffers: 4GB + temp_buffers: 16MB + work_mem: 128MB + maintenance_work_mem: 256MB + effective_cache_size: 6GB + min_wal_size: 80MB +``` + +Alternatively, you can add your own configuration file for postgresql (using a ConfigMap and the ``postgresql.extraVolumes`` setting) to mount it into the postgresql container and referring to this config file with the ``postgresql.extraRuntimeParameters`` set to: + +```yaml +postgresql: + extraRuntimeParameters: + config.file: /path/to/your/config.file +``` + ### Configure the way how to expose Zabbix service: - **Ingress**: The ingress controller must be installed in the Kubernetes cluster. +- **IngressRoute**: The custom resource definition if you use the [Traefik](https://traefik.io/traefik/) ingress controller. +- **Route**: The ingress controller used by Red Hat Openshift, based on HAProxy - **ClusterIP**: Exposes the service on a cluster-internal IP. Choosing this value makes the service only reachable from within the cluster. - **NodePort**: Exposes the service on each Node’s IP at a static port (the NodePort). You’ll be able to contact the NodePort service, from outside the cluster, by requesting ``NodeIP:NodePort``. - **LoadBalancer**: Exposes the service externally using a cloud provider’s load balancer. diff --git a/docs/example/README.md b/docs/example/README.md index 154e576..f2a9cb3 100644 --- a/docs/example/README.md +++ b/docs/example/README.md @@ -28,13 +28,6 @@ cd ~/mygit/helm-zabbix Edit ``~/mygit/helm-zabbix/docs/example/kind/values.yaml`` file. -Download the dependences charts. - -```bash -helm repo add cetic https://cetic.github.io/helm-charts -helm repo update -``` - Test the installation/upgrade with command (update the YAML files paths if necessary): ```bash diff --git a/docs/example/kind/values.yaml b/docs/example/kind/values.yaml index c2e3535..3f8b909 100644 --- a/docs/example/kind/values.yaml +++ b/docs/example/kind/values.yaml @@ -1,22 +1,22 @@ # Custom values for zabbix. + +zabbix_image_tag: alpine-6.0.5 + db_access: # central place for all database related parameters (db name, host, user, password) in one secret # which will be used by all relevant components which are installed by this chart (Zabbix server, # database, frontend). # In case you are using the CrunchyData Postgres Operator, you can refer to a secret generated by # this operator to use a PGO database for your Zabbix instance. - secret_name: myzabbixdbaccess + use_unified_secret: true + unified_secret_name: myzabbixdbaccess # generate this secret if it does not yet exist and set a random password. Only useful if also using # postgresql.enabled=true - secret_autocreate: true + unified_secret_autocreate: true zabbixserver: enabled: true - replicaCount: 1 - image: - repository: zabbix/zabbix-server-pgsql - tag: ubuntu-6.0.4 - pullPolicy: IfNotPresent + replicaCount: 2 service: type: NodePort port: 10051 @@ -37,12 +37,8 @@ postgresql: storage_size: 5Gi # generate a PVC in default storage class with the given size for the DB zabbixproxy: - enabled: true + enabled: false replicaCount: 1 - image: - repository: zabbix/zabbix-proxy-sqlite3 - tag: ubuntu-6.0.4 - pullPolicy: IfNotPresent ZBX_PROXYMODE: 0 # The variable allows to switch Zabbix proxy mode. Bu default, value is 0 - active proxy. Allowed values are 0 - active proxy and 1 - passive proxy. ZBX_HOSTNAME: zabbix-proxy # This variable is unique, case sensitive hostname. ZBX_SERVER_HOST: zabbix-zabbix-server @@ -65,11 +61,6 @@ zabbixproxy: zabbixagent: enabled: true - image: - # Zabbix agent Docker image name. Can use zabbix/zabbix-agent or zabbix/zabbix-agent2 - repository: zabbix/zabbix-agent2 - tag: ubuntu-6.0.4 - pullPolicy: IfNotPresent ZBX_HOSTNAME: zabbix-agent ZBX_SERVER_HOST: 127.0.0.1 ZBX_SERVER_PORT: 10051 @@ -95,14 +86,10 @@ zabbixagent: zabbixweb: enabled: true - image: - repository: zabbix/zabbix-web-apache-pgsql - tag: ubuntu-6.0.4 - pullPolicy: IfNotPresent ZBX_SERVER_HOST: zabbix-zabbix-server ZBX_SERVER_PORT: 10051 service: - type: NodePort + type: ClusterIP port: 80 extraEnv: - name: "ZBX_EXAMPLE_MY_ENV_10" diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index da32021..2c681d0 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -88,3 +88,88 @@ Return if ingress supports pathType. {{- define "zabbix.ingress.supportsPathType" -}} {{- or (eq (include "zabbix.ingress.isStable" .) "true") (and (eq (include "zabbix.ingress.apiVersion" .) "networking.k8s.io/v1beta1")) -}} {{- end -}} + +{{/* +Define env var names + +*/}} + + +{{/* +Return the entire logic of setting DB access related env vars for the containers which need them +*/}} +{{- define "zabbix.db_access.env_vars" -}} +{{- $ := index . 0 }} +{{- $cntxt := index . 2 }} +{{- $hostvar := "DB_SERVER_HOST" }} +{{- $portvar := "DB_SERVER_PORT" }} +{{- $uservar := "POSTGRES_USER" }} +{{- $passwordvar := "POSTGRES_PASSWORD" }} +{{- $dbvar := "POSTGRES_DB" }} +{{/* special settings for the DB client (autoclean cron job) container, needs different env variable names */}} +{{- if eq $cntxt "db_client" }} +{{- $hostvar = "PGHOST" }} +{{- $portvar = "PGPORT" }} +{{- $uservar = "PGUSER" }} +{{- $passwordvar = "PGPASSWORD" }} +{{- $dbvar = "PGDATABASE" }} +{{- end }} +{{- with index . 1 }} +{{- if .Values.postgresql.enabled }} +- name: {{ $hostvar }} + value: {{ template "zabbix.fullname" . }}-postgresql +- name: {{ $portvar }} + value: {{ .Values.postgresql.service.port | quote }} +{{- else if .Values.db_access.use_unified_secret }} +- name: {{ $hostvar }} + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.unified_secret_name }} + key: host +- name: {{ $portvar }} + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.unified_secret_name }} + key: port + optional: true +{{- else }} +- name: {{ $hostvar }} + value: {{ .Values.db_access.db_server_host | quote }} +- name: {{ $portvar }} + value: {{ .Values.db_access.db_server_port | quote }} +{{- end }} +{{- if .Values.db_access.use_unified_secret }} +- name: {{ $uservar }} + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.unified_secret_name }} + key: user + optional: true +- name: {{ $passwordvar }} + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.unified_secret_name }} + key: password +- name: {{ $dbvar }} + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.unified_secret_name }} + key: dbname + optional: true +{{- else }} +- name: {{ $uservar }} + value: {{ .Values.db_access.postgres_user | quote }} +- name: {{ $passwordvar }} + {{- if .Values.db_access.postgres_password_secret }} + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.postgres_password_secret }} + key: {{ default "password" .Values.db_access.postgres_password_secret_key }} + {{- else }} + value: {{ .Values.db_access.postgres_password | quote }} + {{- end }} +- name: {{ $dbvar }} + value: {{ .Values.db_access.postgres_db | quote }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/templates/configmap-zabbix-server-init-waitschema.yaml b/templates/configmap-zabbix-server-init-waitschema.yaml new file mode 100644 index 0000000..5bb2ec9 --- /dev/null +++ b/templates/configmap-zabbix-server-init-waitschema.yaml @@ -0,0 +1,188 @@ +{{- if gt (.Values.zabbixserver.replicaCount | int) 1 }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "zabbix.fullname" . }}-waitdbschema-script + labels: + app: {{ template "zabbix.fullname" . }}-waitdbschema-script + app.kubernetes.io/name: waitdbschema-script + helm.sh/chart: {{ include "zabbix.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }}-waitdbschema-script + app.kubernetes.io/managed-by: {{ .Release.Service }}-waitdbschema-script +data: + wait_db_schema.sh: | + #!/bin/bash + + set -o pipefail + + set +e + + # Script trace mode + if [ "${DEBUG_MODE,,}" == "true" ]; then + set -o xtrace + fi + + # Default directories + # User 'zabbix' home directory + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" + # Configuration files directory + ZABBIX_ETC_DIR="/etc/zabbix" + + # usage: file_env VAR [DEFAULT] + # as example: file_env 'MYSQL_PASSWORD' 'zabbix' + # (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) + # unsets the VAR_FILE afterwards and just leaving VAR + file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" + } + + # Check prerequisites for PostgreSQL database + check_variables_postgresql() { + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + + : ${DB_SERVER_HOST:="postgres-server"} + : ${DB_SERVER_PORT:="5432"} + + DB_SERVER_ROOT_USER=${POSTGRES_USER:-"postgres"} + DB_SERVER_ROOT_PASS=${POSTGRES_PASSWORD:-""} + + DB_SERVER_ZBX_USER=${POSTGRES_USER:-"zabbix"} + DB_SERVER_ZBX_PASS=${POSTGRES_PASSWORD:-"zabbix"} + + : ${DB_SERVER_SCHEMA:="public"} + + DB_SERVER_DBNAME=${POSTGRES_DB:-"zabbix"} + } + + check_db_connect_postgresql() { + echo "********************" + echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}" + echo "* DB_SERVER_PORT: ${DB_SERVER_PORT}" + echo "* DB_SERVER_DBNAME: ${DB_SERVER_DBNAME}" + echo "* DB_SERVER_SCHEMA: ${DB_SERVER_SCHEMA}" + if [ "${DEBUG_MODE,,}" == "true" ]; then + echo "* DB_SERVER_ZBX_USER: ${DB_SERVER_ZBX_USER}" + echo "* DB_SERVER_ZBX_PASS: ${DB_SERVER_ZBX_PASS}" + fi + echo "********************" + + if [ -n "${DB_SERVER_ZBX_PASS}" ]; then + export PGPASSWORD="${DB_SERVER_ZBX_PASS}" + fi + + WAIT_TIMEOUT=5 + + if [ -n "${DB_SERVER_SCHEMA}" ]; then + PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}" + export PGOPTIONS + fi + + while true : + do + psql --host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} --username ${DB_SERVER_ROOT_USER} --list --quiet 1>/dev/null 2>&1 && break + psql --host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} --username ${DB_SERVER_ROOT_USER} --list --dbname ${DB_SERVER_DBNAME} --quiet 1>/dev/null 2>&1 && break + + echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..." + sleep $WAIT_TIMEOUT + done + + unset PGPASSWORD + unset PGOPTIONS + } + + psql_query() { + query=$1 + db=$2 + + local result="" + + if [ -n "${DB_SERVER_ZBX_PASS}" ]; then + export PGPASSWORD="${DB_SERVER_ZBX_PASS}" + fi + + if [ -n "${DB_SERVER_SCHEMA}" ]; then + PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}" + export PGOPTIONS + fi + + result=$(psql --no-align --quiet --tuples-only --host "${DB_SERVER_HOST}" --port "${DB_SERVER_PORT}" \ + --username "${DB_SERVER_ROOT_USER}" --command "$query" --dbname "$db" 2>/dev/null); + + unset PGPASSWORD + unset PGOPTIONS + + echo $result + } + + check_db_schema_present() { + WAIT_TIMEOUT=5 + while true : + do + DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = + c.relnamespace WHERE n.nspname = '$DB_SERVER_SCHEMA' AND c.relname = 'dbversion'" "${DB_SERVER_DBNAME}") + + if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then + echo "** Table '${DB_SERVER_DBNAME}.dbversion' exists." + ZBX_DB_VERSION=$(psql_query "SELECT mandatory FROM ${DB_SERVER_SCHEMA}.dbversion" "${DB_SERVER_DBNAME}") + fi + + if [ -n "${ZBX_DB_VERSION}" ]; then + echo "** dbversion is ${ZBX_DB_VERSION}, continuing with next step of checks..." + break + fi + + echo "**** DB Version not found yet, assuming DB schema is not yet created. Waiting $WAIT_TIMEOUT seconds..." + sleep $WAIT_TIMEOUT + done + } + + check_db_users() { + WAIT_TIMEOUT=5 + while true : + do + DB_AMOUNT_USERS=$(psql_query "SELECT count(*) FROM users" "${DB_SERVER_DBNAME}") + + if [ ${DB_AMOUNT_USERS} -gt 0 ]; then + echo "** amount of users in users table is ${DB_AMOUNT_USERS}, letting the Zabbix Server container start" + break + fi + + echo "**** DB amount of entries in user table is ${DB_AMOUNT_USERS}. Waiting $WAIT_TIMEOUT seconds..." + sleep $WAIT_TIMEOUT + done + } + + wait_for_db_and_schema() { + echo "** waiting for Zabbix DB to be operational to start Zabbix server container" + check_variables_postgresql + check_db_connect_postgresql + check_db_schema_present + check_db_users + } + + wait_for_db_and_schema +{{- end }} diff --git a/templates/cronjob-hanodes-autoclean.yaml b/templates/cronjob-hanodes-autoclean.yaml new file mode 100644 index 0000000..69ce8d3 --- /dev/null +++ b/templates/cronjob-hanodes-autoclean.yaml @@ -0,0 +1,33 @@ +{{- if .Values.zabbixserver.ha_nodes_autoclean.enabled }} +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ template "zabbix.fullname" . }}-nodesclean + labels: + app: {{ template "zabbix.fullname" . }}-nodesclean + app.kubernetes.io/name: nodesclean + helm.sh/chart: {{ include "zabbix.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }}-nodesclean + app.kubernetes.io/managed-by: {{ .Release.Service }}-nodesclean +spec: + schedule: {{ .Values.zabbixserver.ha_nodes_autoclean.schedule|quote }} + jobTemplate: + spec: + template: + spec: + containers: + - name: hanodes-autoclean + image: {{ .Values.zabbixserver.ha_nodes_autoclean.image.repository }}:{{ .Values.zabbixserver.ha_nodes_autoclean.image.tag }} + imagePullPolicy: {{ .Values.zabbixserver.ha_nodes_autoclean.image.pullPolicy }} + command: + - /bin/bash + - -c + - echo "deleting all stopped and unavailable HANodes older than {{ .Values.zabbixserver.ha_nodes_autoclean.delete_older_than_seconds }} seconds..." && psql -c "delete from ha_node where status in (1,2) and extract(epoch from now())-lastaccess>{{ .Values.zabbixserver.ha_nodes_autoclean.delete_older_than_seconds }}" + env: + {{- include "zabbix.db_access.env_vars" (list $ . "db_client") | nindent 12 }} + imagePullSecrets: + {{- range .Values.zabbixserver.image.pullSecrets }} + - name: {{ . | quote }} + {{- end }} + restartPolicy: OnFailure +{{- end }} diff --git a/templates/statefulset-zabbix-server.yaml b/templates/deployment-zabbix-server.yaml similarity index 56% rename from templates/statefulset-zabbix-server.yaml rename to templates/deployment-zabbix-server.yaml index e2b3a50..e826d1f 100644 --- a/templates/statefulset-zabbix-server.yaml +++ b/templates/deployment-zabbix-server.yaml @@ -1,7 +1,7 @@ {{- if .Values.zabbixserver.enabled }} --- apiVersion: apps/v1 -kind: StatefulSet +kind: Deployment metadata: name: {{ template "zabbix.fullname" . }}-zabbix-server labels: @@ -12,7 +12,6 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }}-zabbix-server spec: replicas: {{ .Values.zabbixserver.replicaCount }} - serviceName: {{ template "zabbix.fullname" . }} selector: matchLabels: app: {{ template "zabbix.fullname" . }}-zabbix-server @@ -29,19 +28,42 @@ spec: nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- if gt (len .Values.affinity) 0 }} affinity: - {{- toYaml . | nindent 8 }} + {{- toYaml .Values.affinity | nindent 8 }} + {{- else if .Values.zabbixserver.pod_anti_affinity }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name }}-zabbix-server {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- if gt (.Values.zabbixserver.replicaCount | int) 1 }} + initContainers: + - name: init-wait-for-database-schema + image: "{{ .Values.zabbixserver.image.repository }}:{{ .Values.zabbix_image_tag }}" + env: + {{- include "zabbix.db_access.env_vars" (list $ . "zabbix") | nindent 12 }} + command: + - "/bin/bash" + - "/script/wait_db_schema.sh" + volumeMounts: + - name: init-waitschema-script + mountPath: /script + {{- end }} containers: - name: zabbix-server resources: {{- toYaml .Values.zabbixserver.resources | nindent 12 }} - image: {{ .Values.zabbixserver.image.repository }}:{{ .Values.zabbixserver.image.tag }} + image: "{{ .Values.zabbixserver.image.repository }}:{{ .Values.zabbix_image_tag }}" ports: - containerPort: 10051 name: zabbix-server @@ -60,91 +82,34 @@ spec: hostIP: {{ .Values.zabbixserver.hostIP }} {{- end}} env: - {{- if .Values.postgresql.enabled }} - - name: DB_SERVER_HOST - value: {{ template "zabbix.fullname" . }}-postgresql - - name: DB_SERVER_PORT - value: {{ .Values.postgresql.service.port | quote }} - {{- else if .Values.db_access.secret_name }} - - name: DB_SERVER_HOST - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.secret_name }} - key: host - - name: DB_SERVER_PORT - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.secret_name }} - key: port - optional: true - {{- else }} - - name: DB_SERVER_HOST - {{- if .Values.db_access.DB_SERVER_HOST }} - value: {{ .Values.db_access.DB_SERVER_HOST | quote }} - {{- else }} - value: {{ .Values.zabbixweb.DB_SERVER_HOST | quote }} - {{- end }} - - name: DB_SERVER_PORT - {{- if .Values.db_access.DB_SERVER_PORT }} - value: {{ .Values.db_access.DB_SERVER_PORT | quote }} - {{- else }} - value: {{ .Values.zabbixweb.DB_SERVER_PORT | quote }} - {{- end }} - {{- end }} - {{- if .Values.db_access.secret_name }} - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.secret_name }} - key: user - optional: true - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.secret_name }} - key: password - - name: POSTGRES_DB - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.secret_name }} - key: dbname - optional: true - {{- else }} - - name: POSTGRES_USER - {{- if .Values.db_access.POSTGRES_USER }} - value: {{ .Values.db_access.POSTGRES_USER | quote }} - {{- else }} - value: {{ .Values.zabbixserver.POSTGRES_USER | quote }} - {{ end }} - - name: POSTGRES_PASSWORD - {{- if .Values.db_access.POSTGRES_PASSWORD }} - value: {{ .Values.db_access.POSTGRES_PASSWORD | quote }} - {{- else if .Values.zabbixserver.POSTGRES_PASSWORD_SECRET }} - valueFrom: - secretKeyRef: - name: {{ .Values.zabbixserver.POSTGRES_PASSWORD_SECRET }} - key: {{ default "password" .Values.zabbixserver.POSTGRES_PASSWORD_SECRET_KEY }} - {{- else }} - value: {{ .Values.zabbixserver.POSTGRES_PASSWORD | quote }} - {{- end }} - - name: POSTGRES_DB - {{- if .Values.db_access.POSTGRES_DB }} - value: {{ .Values.db_access.POSTGRES_DB | quote }} - {{- else }} - value: {{ .Values.zabbixserver.POSTGRES_DB | quote }} - {{- end }} - {{- end }} + {{- include "zabbix.db_access.env_vars" (list $ . "zabbix") | nindent 12 }} {{- range $item := .Values.zabbixserver.extraEnv }} - name: {{ $item.name }} value: {{ $item.value | quote }} {{- end }} + - name: ZBX_AUTOHANODENAME + value: "hostname" + - name: ZBX_NODEADDRESS + valueFrom: + fieldRef: + fieldPath: status.podIP + {{- if .Values.zabbixwebservice.enabled }} + - name: ZBX_WEBSERVICEURL + value: "http://{{ template "zabbix.fullname" . }}-zabbix-webservice:{{ .Values.zabbixwebservice.service.port }}/report" + - name: ZBX_STARTREPORTWRITERS + value: {{ .Values.zabbixwebservice.replicaCount|quote }} + {{- end }} + {{- with .Values.zabbixserver.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} {{- if .Values.zabbixagent.enabled }} - name: zabbix-agent resources: {{- toYaml .Values.zabbixagent.resources | nindent 12 }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.zabbixagent.image.repository }}:{{ .Values.zabbixagent.image.tag }}" + image: "{{ .Values.zabbixagent.image.repository }}:{{ .Values.zabbix_image_tag }}" imagePullPolicy: {{ .Values.zabbixagent.image.pullPolicy }} env: - name: ZBX_HOSTNAME @@ -175,6 +140,13 @@ spec: - name: zabbix-agent containerPort: 10050 protocol: TCP + {{- with .Values.zabbixagent.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- with .Values.zabbixserver.extraContainers }} + {{- toYaml . | nindent 8 }} {{- end }} imagePullSecrets: {{- range .Values.zabbixserver.image.pullSecrets }} @@ -183,4 +155,13 @@ spec: {{- range .Values.zabbixagent.image.pullSecrets }} - name: {{ . | quote }} {{- end }} + volumes: + {{- if gt (.Values.zabbixserver.replicaCount | int) 1 }} + - name: init-waitschema-script + configMap: + name: {{ template "zabbix.fullname" . }}-waitdbschema-script + {{- end }} + {{- with .Values.zabbixserver.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/templates/deployment-zabbix-web.yaml b/templates/deployment-zabbix-web.yaml index bb58e38..1278999 100644 --- a/templates/deployment-zabbix-web.yaml +++ b/templates/deployment-zabbix-web.yaml @@ -10,7 +10,7 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }}-zabbix-web app.kubernetes.io/managed-by: {{ .Release.Service }}-zabbix-web spec: - replicas: 1 + replicas: {{ .Values.zabbixweb.replicaCount }} selector: matchLabels: app: {{ template "zabbix.fullname" . }}-zabbix-web @@ -27,9 +27,19 @@ spec: nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- if gt (len .Values.affinity) 0 }} affinity: - {{- toYaml . | nindent 8 }} + {{- toYaml .Values.affinity | nindent 8 }} + {{- else if .Values.zabbixweb.pod_anti_affinity }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name }}-zabbix-web {{- end }} {{- with .Values.tolerations }} tolerations: @@ -41,91 +51,10 @@ spec: {{- toYaml .Values.zabbixweb.resources | nindent 10 }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.zabbixweb.image.repository }}:{{ .Values.zabbixweb.image.tag }}" + image: "{{ .Values.zabbixweb.image.repository }}:{{ .Values.zabbix_image_tag }}" imagePullPolicy: {{ .Values.zabbixweb.image.pullPolicy }} env: - - name: ZBX_SERVER_HOST - value: {{ .Values.zabbixweb.ZBX_SERVER_HOST | quote }} - - name: ZBX_SERVER_PORT - value: {{ .Values.zabbixweb.ZBX_SERVER_PORT | quote }} - {{- if .Values.postgresql.enabled }} - - name: DB_SERVER_HOST - value: {{ template "zabbix.fullname" . }}-postgresql - - name: DB_SERVER_PORT - value: {{ .Values.postgresql.service.port | quote }} - {{- else if .Values.db_access.secret_name }} - - name: DB_SERVER_HOST - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.secret_name }} - key: host - - name: DB_SERVER_PORT - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.secret_name }} - key: port - optional: true - {{- else }} - - name: DB_SERVER_HOST - {{- if .Values.db_access.DB_SERVER_HOST }} - value: {{ .Values.db_access.DB_SERVER_HOST | quote }} - {{- else }} - value: {{ .Values.zabbixweb.DB_SERVER_HOST | quote }} - {{- end }} - - name: DB_SERVER_PORT - {{- if .Values.db_access.DB_SERVER_PORT }} - value: {{ .Values.db_access.DB_SERVER_PORT | quote }} - {{- else }} - value: {{ .Values.zabbixweb.DB_SERVER_PORT | quote }} - {{- end -}} - {{- end }} - {{- if .Values.db_access.secret_name }} - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.secret_name }} - key: user - optional: true - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.secret_name }} - key: password - - name: POSTGRES_DB - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.secret_name }} - key: dbname - optional: true - {{- else }} - - name: POSTGRES_USER - {{- if .Values.db_access.POSTGRES_USER }} - value: {{ .Values.db_access.POSTGRES_USER | quote }} - {{- else }} - value: {{ .Values.zabbixweb.POSTGRES_USER | quote }} - {{- end }} - - name: POSTGRES_PASSWORD - {{- if .Values.db_access.POSTGRES_PASSWORD }} - value: {{ .Values.db_access.POSTGRES_PASSWORD | quote }} - {{- else if .Values.zabbixserver.POSTGRES_PASSWORD_SECRET }} - valueFrom: - secretKeyRef: - name: {{ .Values.zabbixserver.POSTGRES_PASSWORD_SECRET }} - key: {{ default "password" .Values.zabbixserver.POSTGRES_PASSWORD_SECRET_KEY }} - {{- else }} - value: {{ .Values.zabbixweb.POSTGRES_PASSWORD | quote }} - {{- end }} - - name: POSTGRES_DB - {{- if .Values.db_access.POSTGRES_DB }} - value: {{ .Values.db_access.POSTGRES_DB | quote }} - {{- else }} - value: {{ .Values.zabbixweb.POSTGRES_DB | quote }} - {{- end }} - {{- end }} - # - name: POSTGRES_USER_FILE - # value: value: {{ .Values.zabbixweb.POSTGRES_USER_FILE | quote }} - #- name: POSTGRES_PASSWORD_FILE - # value: value: {{ .Values.zabbixweb.POSTGRES_PASSWORD_FILE | quote }} + {{- include "zabbix.db_access.env_vars" (list $ . "zabbix") | nindent 10 }} {{- range $item := .Values.zabbixweb.extraEnv }} - name: {{ $item.name }} value: {{ $item.value | quote }} @@ -134,26 +63,46 @@ spec: - name: zabbix-web containerPort: 8080 protocol: TCP + volumeMounts: + {{- if .Values.zabbixweb.saml_certs_secret_name }} + - name: zabbix-web-samlcerts + mountPath: /etc/zabbix/web/certs + {{- end }} + {{- with .Values.zabbixweb.extraVolumeMounts }} + {{- toYaml . | nindent 10 }} + {{- end }} livenessProbe: httpGet: - path: {{ .Values.livenessProbe.path }} + path: {{ .Values.zabbixweb.livenessProbe.path }} port: zabbix-web - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + initialDelaySeconds: {{ .Values.zabbixweb.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.zabbixweb.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.zabbixweb.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.zabbixweb.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.zabbixweb.livenessProbe.failureThreshold }} readinessProbe: httpGet: - path: {{ .Values.readinessProbe.path }} + path: {{ .Values.zabbixweb.readinessProbe.path }} port: zabbix-web - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + initialDelaySeconds: {{ .Values.zabbixweb.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.zabbixweb.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.zabbixweb.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.zabbixweb.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.zabbixweb.readinessProbe.failureThreshold }} + {{- with .Values.zabbixweb.extraContainers }} + {{- toYaml . | nindent 6 }} + {{- end }} imagePullSecrets: {{- range .Values.zabbixweb.image.pullSecrets }} - name: {{ . | quote }} {{- end }} + volumes: + {{- if .Values.zabbixweb.saml_certs_secret_name }} + - name: zabbix-web-samlcerts + secret: + secretName: {{ .Values.zabbixweb.saml_certs_secret_name }} + {{- end }} + {{- with .Values.zabbixweb.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/templates/deployment-zabbix-webservice.yaml b/templates/deployment-zabbix-webservice.yaml new file mode 100644 index 0000000..fd52ac4 --- /dev/null +++ b/templates/deployment-zabbix-webservice.yaml @@ -0,0 +1,86 @@ +{{- if .Values.zabbixwebservice.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "zabbix.fullname" . }}-zabbix-webservice + labels: + app: {{ template "zabbix.fullname" . }}-zabbix-webservice + app.kubernetes.io/name: zabbix-webservice + helm.sh/chart: {{ include "zabbix.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }}-zabbix-webservice + app.kubernetes.io/managed-by: {{ .Release.Service }}-zabbix-webservice +spec: + replicas: {{ .Values.zabbixwebservice.replicaCount }} + selector: + matchLabels: + app: {{ template "zabbix.fullname" . }}-zabbix-webservice + template: + metadata: + labels: + app: {{ template "zabbix.fullname" . }}-zabbix-webservice + app.kubernetes.io/name: zabbix-webservice + helm.sh/chart: {{ include "zabbix.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }}-zabbix-webservice + app.kubernetes.io/managed-by: {{ .Release.Service }}-zabbix-webservice + spec: + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if gt (len .Values.affinity) 0 }} + affinity: + {{- toYaml .Values.affinity | nindent 8 }} + {{- else if .Values.zabbixwebservice.pod_anti_affinity }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name }}-zabbix-webservice + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: zabbix-webservice + resources: + {{- toYaml .Values.zabbixwebservice.resources | nindent 10 }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.zabbixwebservice.image.repository }}:{{ .Values.zabbix_image_tag }}" + imagePullPolicy: {{ .Values.zabbixwebservice.image.pullPolicy }} + env: + {{- if .Values.zabbixwebservice.ignore_url_cert_errors }} + - name: ZBX_IGNOREURLCERTERRORS + value: {{ .Values.zabbixwebservice.ignore_url_cert_errors }} + {{- end }} + {{- range $item := .Values.zabbixwebservice.extraEnv }} + - name: {{ $item.name }} + value: {{ $item.value | quote }} + {{- end }} + - name: ZBX_ALLOWEDIP + value: "::/0" + ports: + - name: webservice + containerPort: 10053 + protocol: TCP + {{- with .Values.zabbixwebservice.extraVolumeMounts }} + volumeMounts: + {{ toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.zabbixwebservice.extraContainers }} + {{- toYaml . | nindent 6 }} + {{- end }} + imagePullSecrets: + {{- range .Values.zabbixweb.image.pullSecrets }} + - name: {{ . | quote }} + {{- end }} + {{- with .Values.zabbixwebservice.extraVolumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/templates/ingressroute.yml b/templates/ingressroute.yml new file mode 100644 index 0000000..e3b8985 --- /dev/null +++ b/templates/ingressroute.yml @@ -0,0 +1,32 @@ +{{- if .Values.ingressroute.enabled -}} +{{- $fullName := include "zabbix.fullname" . -}} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: {{ $fullName }} + labels: + {{- include "zabbix.labels" . | nindent 4 }} + {{- with .Values.ingressroute.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingressroute.entryPoints }} + entryPoints: + {{- with .Values.ingressroute.entryPoints }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + routes: + - match: Host(`{{ .Values.ingressroute.hostName }}`) + kind: Rule + services: + - name: {{ template "zabbix.fullname" . }}-zabbix-web + port: {{ .Values.zabbixweb.service.port }} + {{- if .Values.ingressroute.tls }} + tls: + {{- with .Values.ingressroute.tls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/templates/job-init-db-schema.yaml b/templates/job-init-db-schema.yaml new file mode 100644 index 0000000..b57bbcf --- /dev/null +++ b/templates/job-init-db-schema.yaml @@ -0,0 +1,25 @@ +{{- if gt (.Values.zabbixserver.replicaCount | int) 1 }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "zabbix.fullname" . }}-init-db-schema + labels: + app: {{ template "zabbix.fullname" . }}-init-db-schema + app.kubernetes.io/name: init-db-schema + helm.sh/chart: {{ include "zabbix.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }}-init-db-schema + app.kubernetes.io/managed-by: {{ .Release.Service }}-init-db-schema +spec: + template: + spec: + containers: + - name: init-db-schema + image: {{ .Values.zabbixserver.image.repository }}:{{ .Values.zabbix_image_tag }} + env: + {{- include "zabbix.db_access.env_vars" (list $ . "zabbix") | nindent 10 }} + command: + - "/bin/sh" + - "-c" + - 'sed -e "s/^exec \"\$@\"$/prepare_server/" -e "/^ *update_zbx_config$/d" /usr/bin/docker-entrypoint.sh >~/docker-entrypoint.sh && bash ~/docker-entrypoint.sh' + restartPolicy: Never +{{- end}} diff --git a/templates/route.yaml b/templates/route.yaml new file mode 100644 index 0000000..e43e22b --- /dev/null +++ b/templates/route.yaml @@ -0,0 +1,32 @@ +{{- if .Values.route.enabled }} +{{- $fullName := include "zabbix.fullname" . -}} +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ $fullName }} + labels: + {{- include "zabbix.labels" . | nindent 4 }} + {{- with .Values.route.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.route.hostName }} + host: {{ .Values.route.hostName }} + {{- end }} + port: + targetPort: zabbix-web + {{- with .Values.route.tls }} + tls: + {{- toYaml . | nindent 4 }} + {{- end }} + to: + kind: Service + name: {{ template "zabbix.fullname" . }}-zabbix-web + weight: 100 + {{- if .Values.route.wildcardPolicy }} + wildcardPolicy: {{ .Values.route.wildcardPolicy }} + {{- else }} + wildcardPolicy: None + {{- end }} +{{- end }} diff --git a/templates/secret-db-access.yaml b/templates/secret-db-access.yaml index 7473f0a..4209682 100644 --- a/templates/secret-db-access.yaml +++ b/templates/secret-db-access.yaml @@ -1,8 +1,8 @@ -{{- if and .Values.db_access.secret_autocreate .Values.postgresql.enabled }} +{{- if and .Values.db_access.use_unified_secret .Values.db_access.unified_secret_autocreate .Values.postgresql.enabled }} apiVersion: v1 kind: Secret metadata: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} labels: app: {{ template "zabbix.fullname" . }}-db-access app.kubernetes.io/name: db-access @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }}-db-access type: Opaque data: - {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace .Values.db_access.secret_name) | default dict }} + {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace .Values.db_access.unified_secret_name) | default dict }} {{- $secretData := (get $secretObj "data") | default dict }} {{- $secretHost := (get $secretData "host") | default (printf "%s-%s" (include "zabbix.fullname" .) "postgresql" | b64enc) }} {{- $secretPort := (get $secretData "port") | default (.Values.postgresql.service.port | toString | b64enc) }} diff --git a/templates/service.yaml b/templates/service.yaml index ebf1475..5331dec 100644 --- a/templates/service.yaml +++ b/templates/service.yaml @@ -99,11 +99,47 @@ spec: targetPort: 8080 protocol: TCP name: zabbix-web + {{- if .Values.zabbixweb.service.nodePort }} + nodePort: {{ .Values.zabbixweb.service.nodePort }} + {{- end }} selector: app: {{ template "zabbix.fullname" . }}-zabbix-web {{- end }} +{{- if .Values.zabbixwebservice.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "zabbix.fullname" . }}-zabbix-webservice + labels: + app: {{ template "zabbix.fullname" . }}-zabbix-webservice + app.kubernetes.io/name: zabbix-webservice + helm.sh/chart: {{ include "zabbix.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }}-zabbix-webservice + app.kubernetes.io/managed-by: {{ .Release.Service }}-zabbix-webservice + {{- if .Values.zabbixwebservice.service.annotations }} + annotations: + {{- range $key,$value := .Values.zabbixwebservice.service.annotations }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.zabbixwebservice.service.type }} + {{- if .Values.zabbixwebservice.service.clusterIP }} + clusterIP: {{ .Values.zabbixwebservice.service.clusterIP }} + {{- end }} + ports: + - port: {{ .Values.zabbixwebservice.service.port }} + targetPort: 10053 + protocol: TCP + name: webservice + selector: + app: {{ template "zabbix.fullname" . }}-zabbix-webservice + {{- end }} + + {{- if .Values.zabbixproxy.enabled }} --- apiVersion: v1 diff --git a/templates/statefulset-postgresql.yaml b/templates/statefulset-postgresql.yaml index 196712e..471059f 100644 --- a/templates/statefulset-postgresql.yaml +++ b/templates/statefulset-postgresql.yaml @@ -65,67 +65,47 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }}" imagePullPolicy: {{ .Values.postgresql.image.pullPolicy }} - args: ["-c", "max_connections={{ .Values.postgresql.max_connections }}"] - env: - {{- if .Values.db_access.secret_name }} - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.secret_name }} - key: user - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.secret_name }} - key: password - - name: POSTGRES_DB - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.secret_name }} - key: dbname - {{- else }} - - name: POSTGRES_USER - {{- if .Values.db_access.POSTGRES_USER }} - value: {{ .Values.db_access.POSTGRES_USER | quote }} - {{- else }} - value: {{ .Values.postgresql.POSTGRES_USER | quote }} - {{- end }} - - name: POSTGRES_PASSWORD - {{- if .Values.db_access.POSTGRES_PASSWORD }} - value: {{ .Values.db_access.POSTGRES_PASSWORD | quote }} - {{- else }} - value: {{ .Values.postgresql.POSTGRES_PASSWORD | quote }} - {{- end }} - - name: POSTGRES_DB - {{- if .Values.db_access.POSTGRES_DB }} - value: {{ .Values.db_access.POSTGRES_DB | quote }} - {{- else }} - value: {{ .Values.postgresql.POSTGRES_DB | quote }} - {{- end }} + {{- with .Values.postgresql.extraRuntimeParameters }} + args: + {{- range $key, $value := . }} + - "-c" + - "{{ $key }}={{ $value }}" {{- end }} + {{- end }} + env: + {{- include "zabbix.db_access.env_vars" (list $ . "database") | nindent 12 }} - name: PGDATA value: /var/lib/postgresql/data/pgdata {{- range $item := .Values.zabbixproxy.extraEnv }} - name: {{ $item.name }} value: {{ $item.value | quote }} {{- end }} - {{- if .Values.postgresql.persistence.enabled }} volumeMounts: + {{- if .Values.postgresql.persistence.enabled }} - name: postgresql-data mountPath: /var/lib/postgresql/data {{- end }} + {{- with .Values.postgresql.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} ports: - name: db containerPort: 5432 protocol: TCP + {{- with .Values.postgresql.extraContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: {{- if .Values.postgresql.persistence.enabled }} {{- if .Values.postgresql.persistence.existing_claim_name }} - volumes: - name: postgresql-data persistentVolumeClaim: claimName: {{ .Values.postgresql.persistence.existing_claim_name }} {{- end }} {{- end }} + {{- with .Values.postgresql.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} imagePullSecrets: {{- range .Values.postgresql.image.pullSecrets }} - name: {{ . | quote }} diff --git a/templates/statefulset-zabbix-proxy.yaml b/templates/statefulset-zabbix-proxy.yaml index bba87b2..9565d96 100644 --- a/templates/statefulset-zabbix-proxy.yaml +++ b/templates/statefulset-zabbix-proxy.yaml @@ -44,7 +44,7 @@ spec: {{- toYaml .Values.zabbixagent.resources | nindent 12 }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.zabbixagent.image.repository }}:{{ .Values.zabbixagent.image.tag }}" + image: "{{ .Values.zabbixagent.image.repository }}:{{ .Values.zabbix_image_tag }}" imagePullPolicy: {{ .Values.zabbixagent.image.pullPolicy }} env: - name: ZBX_HOSTNAME @@ -77,13 +77,17 @@ spec: - name: zabbix-agent containerPort: 10050 protocol: TCP + {{- with .Values.zabbixagent.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} - name: zabbix-proxy resources: {{- toYaml .Values.zabbixproxy.resources | nindent 12 }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.zabbixproxy.image.repository }}:{{ .Values.zabbixproxy.image.tag }}" + image: "{{ .Values.zabbixproxy.image.repository }}:{{ .Values.zabbix_image_tag }}" imagePullPolicy: {{ .Values.zabbixproxy.image.pullPolicy }} env: - name: ZBX_PROXYMODE @@ -110,6 +114,13 @@ spec: - name: zabbix-proxy containerPort: 10051 protocol: TCP + {{- with .Values.zabbixproxy.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.zabbixproxy.extraContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} imagePullSecrets: {{- range .Values.zabbixagent.image.pullSecrets }} - name: {{ . | quote }} @@ -117,4 +128,8 @@ spec: {{- range .Values.zabbixproxy.image.pullSecrets }} - name: {{ . | quote }} {{- end }} + {{- with .Values.zabbixproxy.extraVolumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/values.yaml b/values.yaml index c3113ab..2b9a683 100644 --- a/values.yaml +++ b/values.yaml @@ -2,38 +2,50 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +# -- zabbix components (server, agent, web frontend, ...) image tag to use. Overwritten by zabbixserver.image.tag etc. +zabbix_image_tag: ubuntu-6.0.5 + +# **Zabbix DB access / credentials** configurations # with this dict, you can set unified DB access credentials, IP and so on for both Zabbix server and Zabbix web frontend # you can either chose from having all this in one named (preexisting) secret or setting the values one by one with vars # whatever set here overrides the credential settings within the "zabbixserver" and "zabbixweb" sections. db_access: - # -- under this section you can configure DB access and credentials centrally for the entire helm chart. - # -- All relevant components installed by this chart will respect it: zabbixserver, zabbixweb and postgresql (if enabled) + # under this section you can configure DB access and credentials centrally for the entire helm chart. + # All relevant components installed by this chart will respect it: zabbixserver, zabbixweb and postgresql (if enabled) # - # -- USING A SECRET - # -- DB access details all in one existing secret (matches the structure of secrets the CrunchyData pgo operator generates) - # -- if this option is chosen the below listed "DB_SERVER_*" and "POSTGRES_*" settings are being ignored - # -- the secret must contain the following keys: - # -- * host - # -- * port - # -- * dbname - # -- * user - # -- * password - secret_name: zabbixdb-pguser-zabbix + # USING ONE SECRET CONTAINING ALL DB RELEVANT SETTINGS + # DB access details all in one existing secret (matches the structure of secrets the CrunchyData pgo operator generates) + # if this option is chosen the below listed "db_server_*" and "postgres_*" settings are being ignored + # the secret must contain the following keys: + # * host + # * port + # * dbname + # * user + # * password + # -- Whether to use the unified db access secret + use_unified_secret: true + # -- Name of one secret for unified configuration of DB access + unified_secret_name: zabbixdb-pguser-zabbix # -- automatically create secret if not already present (works only in combination with postgresql.enabled=true) - secret_autocreate: true + unified_secret_autocreate: true # - # -- If you do NOT want to use a secret for all settings, you can still either set the credentials manually here for all - # -- components at once, or if left uncommented, set the credentials for each of the components manually + # If you do NOT want to use one unified secret for all settings, you can still set the credentials manually here. + # These settings will be used for all components of this chart where it makes sense (zabbix server, postgresql, + # web frontend, ...) # -- Address of database host - ignored if postgresql.enabled=true - #DB_SERVER_HOST: "zabbix-postgresql" + db_server_host: "zabbix-postgresql" # -- Port of database host - ignored if postgresql.enabled=true - #DB_SERVER_PORT: "5432" + db_server_port: "5432" # -- User of database - #POSTGRES_USER: "zabbix" - # -- Password of database - #POSTGRES_PASSWORD: "zabbix" + postgres_user: "zabbix" + # -- Name of a secret used for Postgres Password, if set, it overrules the POSTGRES_PASSWORD value + #postgres_password_secret: mysecret + # -- Key of the secret used for Postgres Password, requires POSTGRES_PASSWORD_SECRET, defaults to password + #postgres_password_secret_key: "password" + # -- Password of database - ignored if postgres_password_secret is set + postgres_password: "zabbix" # -- Name of database - #POSTGRES_DB: "zabbix" + postgres_db: "zabbix" # **Zabbix Server** configurations zabbixserver: @@ -41,7 +53,9 @@ zabbixserver: enabled: true # -- Number of replicas of ``zabbixserver`` module replicaCount: 1 - # -- optional set true open a port direct on node where zabbix server runs + # -- set permissive podAntiAffinity to spread replicas over cluster nodes if replicaCount>1 + pod_anti_affinity: true + # -- optional set true open a port direct on node where zabbix server runs hostPort: false # -- optional set hostIP different from 0.0.0.0 to open port only on this IP hostIP: 0.0.0.0 @@ -49,26 +63,20 @@ zabbixserver: image: # -- Zabbix server Docker image name repository: zabbix/zabbix-server-pgsql - # -- Tag of Docker image of Zabbix server - tag: ubuntu-6.0.4 # -- Pull policy of Docker image pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images pullSecrets: [] - # -- Address of database host - #DB_SERVER_HOST: "zabbix-postgresql" - # -- Port of database host - #DB_SERVER_PORT: "5432" - # -- User of database - #POSTGRES_USER: "zabbix" - # -- Password of database - #POSTGRES_PASSWORD: "zabbix" - # -- Name of a secret used for Postgres Password, if set, it overrules the POSTGRES_PASSWORD value - #POSTGRES_PASSWORD_SECRET: "" - # -- Key of the secret used for Postgres Password, requires POSTGRES_PASSWORD_SECRET, defaults to password - #POSTGRES_PASSWORD_SECRET_KEY: "password" - # -- Name of database - #POSTGRES_DB: "zabbix" + # -- automatically clean orphaned ha nodes from ha_nodes db table + ha_nodes_autoclean: + enabled: true + image: + repository: postgres + tag: "14" + pullPolicy: IfNotPresent + pullSecrets: [] + schedule: "0 1 * * *" + delete_older_than_seconds: 3600 service: # -- Type of service in Kubernetes cluster type: ClusterIP @@ -85,6 +93,12 @@ zabbixserver: extraEnv: [] #- name: ENABLE_TIMESCALED # value: "true" + # -- additional volumeMounts to the zabbix server container + extraVolumeMounts: [] + # -- additional containers to start within the zabbix server pod + extraContainers: [] + # -- additional volumes to make available to the zabbix server pod + extraVolumes: [] # **PostgreSQL** configurations postgresql: @@ -99,14 +113,6 @@ postgresql: pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images pullSecrets: [] - # -- User of database - #POSTGRES_USER: "zabbix" - # -- Password of database - #POSTGRES_PASSWORD: "zabbix" - # -- Name of database - #POSTGRES_DB: "zabbix" - #- max simultaneous connections to accept for the Postgres server - max_connections: 50 persistence: # -- whether to enable persistent storage for the postgres container or not enabled: false @@ -126,21 +132,28 @@ postgresql: # -- Annotations for the zabbix-server service annotations: {} # metallb.universe.tf/address-pool: production-public-ips + # -- Extra Postgresql runtime parameters ("-c" options) + extraRuntimeParameters: + max_connections: 50 # -- Extra environment variables. A list of additional environment variables. extraEnv: [] + # -- additional volumeMounts to the postgresql container + extraVolumeMounts: [] + # -- additional containers to start within the postgresql pod + extraContainers: [] + # -- additional volumes to make available to the postgresql pod + extraVolumes: [] # **Zabbix Proxy** configurations zabbixproxy: # -- Enables use of **Zabbix Proxy** - enabled: true + enabled: false # -- Number of replicas of ``zabbixproxy`` module replicaCount: 1 resources: {} image: # -- Zabbix proxy Docker image name repository: zabbix/zabbix-proxy-sqlite3 - # -- Tag of Docker image of Zabbix proxy - tag: ubuntu-6.0.4 # -- Pull policy of Docker image pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images @@ -176,6 +189,12 @@ zabbixproxy: # metallb.universe.tf/address-pool: production-public-ips # -- Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml extraEnv: [] + # -- additional volumeMounts to the zabbix proxy container + extraVolumeMounts: [] + # -- additional containers to start within the zabbix proxy pod + extraContainers: [] + # -- additional volumes to make available to the zabbix proxy pod + extraVolumes: [] # **Zabbix Agent** configurations zabbixagent: @@ -184,9 +203,7 @@ zabbixagent: resources: {} image: # -- Zabbix agent Docker image name. Can use zabbix/zabbix-agent or zabbix/zabbix-agent2 - repository: zabbix/zabbix-agent - # -- Tag of Docker image of Zabbix agent - tag: ubuntu-6.0.4 + repository: zabbix/zabbix-agent2 # -- Pull policy of Docker image pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images @@ -226,43 +243,112 @@ zabbixagent: # metallb.universe.tf/address-pool: production-public-ips # -- Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml extraEnv: [] + # -- additional volumeMounts to the zabbix agent container + extraVolumeMounts: [] # **Zabbix Web** configurations zabbixweb: # -- Enables use of **Zabbix Web** enabled: true + replicaCount: 1 + # -- set permissive podAntiAffinity to spread replicas over cluster nodes if replicaCount>1 + pod_anti_affinity: true resources: {} image: # -- Zabbix web Docker image name - repository: zabbix/zabbix-web-apache-pgsql - # -- Tag of Docker image of Zabbix web - tag: ubuntu-6.0.4 + repository: zabbix/zabbix-web-nginx-pgsql # -- Pull policy of Docker image pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images pullSecrets: [] - # -- Zabbix server host - #DB_SERVER_HOST: zabbix-postgresql - # -- Port of database - #DB_SERVER_PORT: 5432 - # -- User of database - #POSTGRES_USER: zabbix - # -- Password of database - #POSTGRES_PASSWORD: zabbix - # -- Name of database - #POSTGRES_DB: zabbix + # -- Certificate containing certificates for SAML configuration + #saml_certs_secret_name: zabbix-web-samlcerts service: # -- Type of service for Zabbix web - type: NodePort + type: ClusterIP # -- Cluster IP for Zabbix web clusterIP: # -- Port to expose service port: 80 + # -- NodePort port to allocate (only if service.type = NodePort) + #nodePort: 31080 # -- Annotations for the zabbix-web service annotations: {} # metallb.universe.tf/address-pool: production-public-ips # -- Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml extraEnv: [] + #- name: ZBX_SSO_SETTINGS + # value: '{"baseurl": "https://zabbix.example.com"}' + #- name: ZBX_SERVER_NAME + # value: Demo Zabbix + # -- additional volumeMounts to the zabbix web container + extraVolumeMounts: [] + # -- additional containers to start within the zabbix web pod + extraContainers: [] + # -- additional volumes to make available to the zabbix web pod + extraVolumes: [] + livenessProbe: + # -- Path of health check of application + path: / + # -- Number of seconds after the container has started before liveness + initialDelaySeconds: 30 + # -- Specifies that the kubelet should perform a liveness probe every N seconds + periodSeconds: 10 + # -- Number of seconds after which the probe times out + timeoutSeconds: 5 + # -- When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. In case of readiness probe the Pod will be marked Unready + failureThreshold: 6 + # -- Minimum consecutive successes for the probe to be considered successful after having failed + successThreshold: 1 + readinessProbe: + # -- Path of health check of application + path: / + # -- Number of seconds after the container has started before readiness + initialDelaySeconds: 5 + # -- Specifies that the kubelet should perform a readiness probe every N seconds + periodSeconds: 10 + # -- Number of seconds after which the probe times out + timeoutSeconds: 5 + # -- When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. In case of readiness probe the Pod will be marked Unready + failureThreshold: 6 + # -- Minimum consecutive successes for the probe to be considered successful after having failed + successThreshold: 1 + +# **Zabbix Web Service** configurations +zabbixwebservice: + # -- Enables use of **Zabbix Web Service** + enabled: true + replicaCount: 1 + # -- set permissive podAntiAffinity to spread replicas over cluster nodes if replicaCount>1 + pod_anti_affinity: true + resources: {} + image: + # -- Zabbix web Docker image name + repository: zabbix/zabbix-web-service + # -- Pull policy of Docker image + pullPolicy: IfNotPresent + # -- List of dockerconfig secrets names to use when pulling images + pullSecrets: [] + # -- set the IgnoreURLCertErrors configuration setting of Zabbix web service + #ignore_url_cert_errors=1 + service: + # -- Type of service for Zabbix web + type: ClusterIP + # -- Cluster IP for Zabbix web + clusterIP: + # -- Port to expose service + port: 10053 + # -- Annotations for the zabbix-web service + annotations: {} + # metallb.universe.tf/address-pool: production-public-ips + # -- Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml + extraEnv: [] + # -- additional volumeMounts to the zabbix webservice container + extraVolumeMounts: [] + # -- additional containers to start within the zabbix webservice pod + extraContainers: [] + # -- additional volumes to make available to the zabbix webservice pod + extraVolumes: [] # Ingress configurations ingress: @@ -272,8 +358,6 @@ ingress: annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" - # -- Ingress extra labels - extraLabels: {} # -- Ingress hosts hosts: - host: chart-example.local @@ -291,33 +375,34 @@ ingress: # -- pathType is only for k8s >= 1.1= pathType: Prefix -livenessProbe: - # -- Path of health check of application - path: / - # -- Number of seconds after the container has started before liveness - initialDelaySeconds: 30 - # -- Specifies that the kubelet should perform a liveness probe every N seconds - periodSeconds: 10 - # -- Number of seconds after which the probe times out - timeoutSeconds: 5 - # -- When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. In case of readiness probe the Pod will be marked Unready - failureThreshold: 6 - # -- Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 +# Ingress CRD object for the Traefik Ingresscontroller +ingressroute: + # -- Enables Traefik IngressRoute + enabled: false + # -- IngressRoute annotations + annotations: {} + # -- Ingressroute entrypoints + entryPoints: + - websecure + # -- Ingressroute host name + hostName: chart-example.local + # -- IngressRoute TLS configuration + #tls: + # certResolver: myresolver -readinessProbe: - # -- Path of health check of application - path: / - # -- Number of seconds after the container has started before readiness - initialDelaySeconds: 5 - # -- Specifies that the kubelet should perform a readiness probe every N seconds - periodSeconds: 10 - # -- Number of seconds after which the probe times out - timeoutSeconds: 5 - # -- When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. In case of readiness probe the Pod will be marked Unready - failureThreshold: 6 - # -- Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 +route: + # -- Enables Route object for Openshift + enabled: false + # -- Host Name for the route. Can be left empty + hostName: chart-example.local + # -- Openshift Route wildcardPolicy + #wildcardPolicy: + # -- Openshift Route TLS settings + tls: + termination: edge + #insecureEdgeTerminationPolicy: Redirect + # -- Openshift Route extra annotations + annotations: {} # -- nodeSelector configurations nodeSelector: {}