From 85b49d3cd4b23345180798b22cbd63355f6c1aa2 Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Fri, 22 Apr 2022 21:24:48 +0200 Subject: [PATCH 01/39] update the chart to be better compliant with ZBX 6 * Zabbix server now always has "HA Cluster" mode set to "on", making it possible to easily raise replicaCount and have multiple redundant server containers * added cronjob to autoclean orphaned HA nodes (pods being restarted by K8S...) * easy-to-use Pod anti affinity to make instances of Zabbix Server, Zabbix web frontend run on different cluster nodes if possible * converted zabbix server from statefulset to deployment * switched from Apache container to Nginx container for web frontend by default * added ZBX_SERVER_NAME as an explicit value, not to have to remember to add the according env variable manually as a extraEnv --- templates/cronjob-hanodes-autoclean.yaml | 97 +++++++++++++++++++ ...ver.yaml => deployment-zabbix-server.yaml} | 33 +++++-- templates/deployment-zabbix-web.yaml | 26 +++-- values.yaml | 18 +++- 4 files changed, 158 insertions(+), 16 deletions(-) create mode 100644 templates/cronjob-hanodes-autoclean.yaml rename templates/{statefulset-zabbix-server.yaml => deployment-zabbix-server.yaml} (85%) diff --git a/templates/cronjob-hanodes-autoclean.yaml b/templates/cronjob-hanodes-autoclean.yaml new file mode 100644 index 0000000..0681d49 --- /dev/null +++ b/templates/cronjob-hanodes-autoclean.yaml @@ -0,0 +1,97 @@ +{{- if .Values.zabbixserver.ha_nodes_autoclean.enabled }} +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ template "zabbix.fullname" . }}-nodesclean + labels: + app: {{ template "zabbix.fullname" . }}-nodesclean + app.kubernetes.io/name: nodesclean + helm.sh/chart: {{ include "zabbix.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }}-nodesclean + app.kubernetes.io/managed-by: {{ .Release.Service }}-nodesclean +spec: + schedule: {{ .Values.zabbixserver.ha_nodes_autoclean.schedule|quote }} + jobTemplate: + spec: + template: + spec: + containers: + - name: hanodes-autoclean + image: postgres:14 + imagePullPolicy: IfNotPresent + command: + - /bin/bash + - -c + - echo "deleting all stopped and unavailable HANodes older than {{ .Values.zabbixserver.ha_nodes_autoclean.delete_older_than_seconds }} seconds..." && psql -c "delete from ha_node where status in (1,2) and extract(epoch from now())-lastaccess>{{ .Values.zabbixserver.ha_nodes_autoclean.delete_older_than_seconds }}" + env: + {{- if .Values.postgresql.enabled }} + - name: PGHOST + value: {{ template "zabbix.fullname" . }}-postgresql + - name: PGPORT + value: {{ .Values.postgresql.service.port | quote }} + {{- else if .Values.db_access.secret_name }} + - name: PGHOST + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.secret_name }} + key: host + - name: PGPORT + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.secret_name }} + key: port + optional: true + {{- else }} + - name: PGHOST + {{- if .Values.db_access.DB_SERVER_HOST }} + value: {{ .Values.db_access.DB_SERVER_HOST | quote }} + {{- else }} + value: {{ .Values.zabbixserver.DB_SERVER_HOST | quote }} + {{- end }} + - name: PGPORT + {{- if .Values.db_access.DB_SERVER_PORT }} + value: {{ .Values.db_access.DB_SERVER_PORT | quote }} + {{- else }} + value: {{ .Values.zabbixserver.DB_SERVER_PORT | quote }} + {{- end }} + {{- end }} + {{- if .Values.db_access.secret_name }} + - name: PGUSER + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.secret_name }} + key: user + optional: true + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.secret_name }} + key: password + - name: PGDATABASE + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.secret_name }} + key: dbname + optional: true + {{- else }} + - name: PGUSER + {{- if .Values.db_access.POSTGRES_USER }} + value: {{ .Values.db_access.POSTGRES_USER | quote }} + {{- else }} + value: {{ .Values.zabbixserver.POSTGRES_USER | quote }} + {{ end }} + - name: PGPASSWORD + {{- if .Values.db_access.POSTGRES_PASSWORD }} + value: {{ .Values.db_access.POSTGRES_PASSWORD | quote }} + {{- else }} + value: {{ .Values.zabbixserver.POSTGRES_PASSWORD | quote }} + {{- end }} + - name: PGDATABASE + {{- if .Values.db_access.POSTGRES_DB }} + value: {{ .Values.db_access.POSTGRES_DB | quote }} + {{- else }} + value: {{ .Values.zabbixserver.POSTGRES_DB | quote }} + {{- end }} + {{- end }} + restartPolicy: OnFailure +{{- end }} \ No newline at end of file diff --git a/templates/statefulset-zabbix-server.yaml b/templates/deployment-zabbix-server.yaml similarity index 85% rename from templates/statefulset-zabbix-server.yaml rename to templates/deployment-zabbix-server.yaml index e2b3a50..ed006ab 100644 --- a/templates/statefulset-zabbix-server.yaml +++ b/templates/deployment-zabbix-server.yaml @@ -1,7 +1,7 @@ {{- if .Values.zabbixserver.enabled }} --- apiVersion: apps/v1 -kind: StatefulSet +kind: Deployment metadata: name: {{ template "zabbix.fullname" . }}-zabbix-server labels: @@ -12,7 +12,6 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }}-zabbix-server spec: replicas: {{ .Values.zabbixserver.replicaCount }} - serviceName: {{ template "zabbix.fullname" . }} selector: matchLabels: app: {{ template "zabbix.fullname" . }}-zabbix-server @@ -29,9 +28,19 @@ spec: nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- if gt (len .Values.affinity) 0 }} affinity: - {{- toYaml . | nindent 8 }} + {{- toYaml .Values.affinity | nindent 8 }} + {{- else if .Values.zabbixserver.pod_anti_affinity }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name }}-zabbix-server {{- end }} {{- with .Values.tolerations }} tolerations: @@ -82,13 +91,13 @@ spec: {{- if .Values.db_access.DB_SERVER_HOST }} value: {{ .Values.db_access.DB_SERVER_HOST | quote }} {{- else }} - value: {{ .Values.zabbixweb.DB_SERVER_HOST | quote }} + value: {{ .Values.zabbixserver.DB_SERVER_HOST | quote }} {{- end }} - name: DB_SERVER_PORT {{- if .Values.db_access.DB_SERVER_PORT }} value: {{ .Values.db_access.DB_SERVER_PORT | quote }} {{- else }} - value: {{ .Values.zabbixweb.DB_SERVER_PORT | quote }} + value: {{ .Values.zabbixserver.DB_SERVER_PORT | quote }} {{- end }} {{- end }} {{- if .Values.db_access.secret_name }} @@ -138,6 +147,18 @@ spec: - name: {{ $item.name }} value: {{ $item.value | quote }} {{- end }} + - name: ZBX_AUTOHANODENAME + value: "hostname" + - name: ZBX_NODEADDRESS + valueFrom: + fieldRef: + fieldPath: status.podIP + {{- if .Values.zabbixwebservice.enabled }} + - name: ZBX_WEBSERVICEURL + value: "http://{{ template "zabbix.fullname" . }}-zabbix-webservice:{{ .Values.zabbixwebservice.service.port }}/report" + - name: ZBX_STARTREPORTWRITERS + value: {{ .Values.zabbixwebservice.replicaCount|quote }} + {{- end }} {{- if .Values.zabbixagent.enabled }} - name: zabbix-agent resources: diff --git a/templates/deployment-zabbix-web.yaml b/templates/deployment-zabbix-web.yaml index bc4ab48..dad73c2 100644 --- a/templates/deployment-zabbix-web.yaml +++ b/templates/deployment-zabbix-web.yaml @@ -10,7 +10,7 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }}-zabbix-web app.kubernetes.io/managed-by: {{ .Release.Service }}-zabbix-web spec: - replicas: 1 + replicas: {{ .Values.zabbixweb.replicaCount }} selector: matchLabels: app: {{ template "zabbix.fullname" . }}-zabbix-web @@ -27,9 +27,19 @@ spec: nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- if gt (len .Values.affinity) 0 }} affinity: - {{- toYaml . | nindent 8 }} + {{- toYaml .Values.affinity | nindent 8 }} + {{- else if .Values.zabbixweb.pod_anti_affinity }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name }}-zabbix-web {{- end }} {{- with .Values.tolerations }} tolerations: @@ -44,10 +54,12 @@ spec: image: "{{ .Values.zabbixweb.image.repository }}:{{ .Values.zabbixweb.image.tag }}" imagePullPolicy: {{ .Values.zabbixweb.image.pullPolicy }} env: - - name: ZBX_SERVER_HOST - value: {{ .Values.zabbixweb.ZBX_SERVER_HOST | quote }} - - name: ZBX_SERVER_PORT - value: {{ .Values.zabbixweb.ZBX_SERVER_PORT | quote }} + - name: ZBX_SERVER_NAME + {{- if .Values.zabbixweb.zbx_server_name }} + value: {{ .Values.zabbixweb.zbx_server_name }} + {{- else }} + value: Zabbix in K8S + {{- end }} {{- if .Values.postgresql.enabled }} - name: DB_SERVER_HOST value: {{ template "zabbix.fullname" . }}-postgresql diff --git a/values.yaml b/values.yaml index c3113ab..f0b49f3 100644 --- a/values.yaml +++ b/values.yaml @@ -41,7 +41,9 @@ zabbixserver: enabled: true # -- Number of replicas of ``zabbixserver`` module replicaCount: 1 - # -- optional set true open a port direct on node where zabbix server runs + # -- set permissive podAntiAffinity to spread replicas over cluster nodes if replicaCount>1 + pod_anti_affinity: true + # -- optional set true open a port direct on node where zabbix server runs hostPort: false # -- optional set hostIP different from 0.0.0.0 to open port only on this IP hostIP: 0.0.0.0 @@ -55,6 +57,11 @@ zabbixserver: pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images pullSecrets: [] + # -- automatically clean orphaned ha nodes from ha_nodes db table + ha_nodes_autoclean: + enabled: true + schedule: "0 1 * * *" + delete_older_than_seconds: 3600 # -- Address of database host #DB_SERVER_HOST: "zabbix-postgresql" # -- Port of database host @@ -184,7 +191,7 @@ zabbixagent: resources: {} image: # -- Zabbix agent Docker image name. Can use zabbix/zabbix-agent or zabbix/zabbix-agent2 - repository: zabbix/zabbix-agent + repository: zabbix/zabbix-agent2 # -- Tag of Docker image of Zabbix agent tag: ubuntu-6.0.4 # -- Pull policy of Docker image @@ -231,10 +238,13 @@ zabbixagent: zabbixweb: # -- Enables use of **Zabbix Web** enabled: true + replicaCount: 1 + # -- set permissive podAntiAffinity to spread replicas over cluster nodes if replicaCount>1 + pod_anti_affinity: true resources: {} image: # -- Zabbix web Docker image name - repository: zabbix/zabbix-web-apache-pgsql + repository: zabbix/zabbix-web-nginx-pgsql # -- Tag of Docker image of Zabbix web tag: ubuntu-6.0.4 # -- Pull policy of Docker image @@ -251,6 +261,8 @@ zabbixweb: #POSTGRES_PASSWORD: zabbix # -- Name of database #POSTGRES_DB: zabbix + # -- Name of the Zabbix server in GUI + #zbx_server_name: something service: # -- Type of service for Zabbix web type: NodePort From d3300a36bd3028e04f4c120e73df2142ef8d729e Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Fri, 22 Apr 2022 21:37:13 +0200 Subject: [PATCH 02/39] added support for Zabbix Webservice * Deployment with configurable replicaCount * automatic configuration of Zabbix Server accordingly * pod anti affinity to spread multiple instances of cluster nodes if possible and replicaCount >1 --- templates/deployment-zabbix-webservice.yaml | 75 +++++++++++++++++++++ templates/service.yaml | 33 +++++++++ values.yaml | 32 +++++++++ 3 files changed, 140 insertions(+) create mode 100644 templates/deployment-zabbix-webservice.yaml diff --git a/templates/deployment-zabbix-webservice.yaml b/templates/deployment-zabbix-webservice.yaml new file mode 100644 index 0000000..2e2d900 --- /dev/null +++ b/templates/deployment-zabbix-webservice.yaml @@ -0,0 +1,75 @@ +{{- if .Values.zabbixwebservice.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "zabbix.fullname" . }}-zabbix-webservice + labels: + app: {{ template "zabbix.fullname" . }}-zabbix-webservice + app.kubernetes.io/name: zabbix-webservice + helm.sh/chart: {{ include "zabbix.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }}-zabbix-webservice + app.kubernetes.io/managed-by: {{ .Release.Service }}-zabbix-webservice +spec: + replicas: {{ .Values.zabbixwebservice.replicaCount }} + selector: + matchLabels: + app: {{ template "zabbix.fullname" . }}-zabbix-webservice + template: + metadata: + labels: + app: {{ template "zabbix.fullname" . }}-zabbix-webservice + app.kubernetes.io/name: zabbix-webservice + helm.sh/chart: {{ include "zabbix.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }}-zabbix-webservice + app.kubernetes.io/managed-by: {{ .Release.Service }}-zabbix-webservice + spec: + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if gt (len .Values.affinity) 0 }} + affinity: + {{- toYaml .Values.affinity | nindent 8 }} + {{- else if .Values.zabbixwebservice.pod_anti_affinity }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name }}-zabbix-webservice + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: zabbix-webservice + resources: + {{- toYaml .Values.zabbixwebservice.resources | nindent 10 }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.zabbixwebservice.image.repository }}:{{ .Values.zabbixwebservice.image.tag }}" + imagePullPolicy: {{ .Values.zabbixwebservice.image.pullPolicy }} + env: + {{- if .Values.zabbixwebservice.ignore_url_cert_errors }} + - name: ZBX_IGNOREURLCERTERRORS + value: {{ .Values.zabbixwebservice.ignore_url_cert_errors }} + {{- end }} + {{- range $item := .Values.zabbixwebservice.extraEnv }} + - name: {{ $item.name }} + value: {{ $item.value | quote }} + {{- end }} + - name: ZBX_ALLOWEDIP + value: "::/0" + ports: + - name: webservice + containerPort: 10053 + protocol: TCP + imagePullSecrets: + {{- range .Values.zabbixweb.image.pullSecrets }} + - name: {{ . | quote }} + {{- end }} +{{- end }} diff --git a/templates/service.yaml b/templates/service.yaml index ebf1475..6beffba 100644 --- a/templates/service.yaml +++ b/templates/service.yaml @@ -104,6 +104,39 @@ spec: {{- end }} +{{- if .Values.zabbixwebservice.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "zabbix.fullname" . }}-zabbix-webservice + labels: + app: {{ template "zabbix.fullname" . }}-zabbix-webservice + app.kubernetes.io/name: zabbix-webservice + helm.sh/chart: {{ include "zabbix.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }}-zabbix-webservice + app.kubernetes.io/managed-by: {{ .Release.Service }}-zabbix-webservice + {{- if .Values.zabbixwebservice.service.annotations }} + annotations: + {{- range $key,$value := .Values.zabbixwebservice.service.annotations }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.zabbixwebservice.service.type }} + {{- if .Values.zabbixwebservice.service.clusterIP }} + clusterIP: {{ .Values.zabbixwebservice.service.clusterIP }} + {{- end }} + ports: + - port: {{ .Values.zabbixwebservice.service.port }} + targetPort: 10053 + protocol: TCP + name: webservice + selector: + app: {{ template "zabbix.fullname" . }}-zabbix-webservice + {{- end }} + + {{- if .Values.zabbixproxy.enabled }} --- apiVersion: v1 diff --git a/values.yaml b/values.yaml index f0b49f3..adacf28 100644 --- a/values.yaml +++ b/values.yaml @@ -276,6 +276,38 @@ zabbixweb: # -- Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml extraEnv: [] +# **Zabbix Web** configurations +zabbixwebservice: + # -- Enables use of **Zabbix Web Service** + enabled: true + replicaCount: 1 + # -- set permissive podAntiAffinity to spread replicas over cluster nodes if replicaCount>1 + pod_anti_affinity: true + resources: {} + image: + # -- Zabbix web Docker image name + repository: zabbix/zabbix-web-service + # -- Tag of Docker image of Zabbix web + tag: alpine-6.0-latest + # -- Pull policy of Docker image + pullPolicy: IfNotPresent + # -- List of dockerconfig secrets names to use when pulling images + pullSecrets: [] + # -- set the IgnoreURLCertErrors configuration setting of Zabbix web service + #ignore_url_cert_errors=1 + service: + # -- Type of service for Zabbix web + type: ClusterIP + # -- Cluster IP for Zabbix web + clusterIP: + # -- Port to expose service + port: 10053 + # -- Annotations for the zabbix-web service + annotations: {} + # metallb.universe.tf/address-pool: production-public-ips + # -- Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml + extraEnv: [] + # Ingress configurations ingress: # -- Enables Ingress From f65c050c1699849addf4161a6a68a54a868e83de Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Wed, 25 May 2022 23:17:00 +0200 Subject: [PATCH 03/39] unifying tag names --- values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values.yaml b/values.yaml index adacf28..b55585d 100644 --- a/values.yaml +++ b/values.yaml @@ -288,7 +288,7 @@ zabbixwebservice: # -- Zabbix web Docker image name repository: zabbix/zabbix-web-service # -- Tag of Docker image of Zabbix web - tag: alpine-6.0-latest + tag: ubuntu-6.0.4 # -- Pull policy of Docker image pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images From 92b3c4c44c578e7ffba4f992a94b730a669818ea Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Sat, 23 Apr 2022 17:37:14 +0200 Subject: [PATCH 04/39] make image for ha_nodes_autoclean configurable --- templates/cronjob-hanodes-autoclean.yaml | 8 ++++++-- values.yaml | 5 +++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/templates/cronjob-hanodes-autoclean.yaml b/templates/cronjob-hanodes-autoclean.yaml index 0681d49..bd6d85f 100644 --- a/templates/cronjob-hanodes-autoclean.yaml +++ b/templates/cronjob-hanodes-autoclean.yaml @@ -17,8 +17,8 @@ spec: spec: containers: - name: hanodes-autoclean - image: postgres:14 - imagePullPolicy: IfNotPresent + image: {{ .Values.zabbixserver.ha_nodes_autoclean.image.repository }}:{{ .Values.zabbixserver.ha_nodes_autoclean.image.tag }} + imagePullPolicy: {{ .Values.zabbixserver.ha_nodes_autoclean.image.pullPolicy }} command: - /bin/bash - -c @@ -93,5 +93,9 @@ spec: value: {{ .Values.zabbixserver.POSTGRES_DB | quote }} {{- end }} {{- end }} + imagePullSecrets: + {{- range .Values.zabbixserver.image.pullSecrets }} + - name: {{ . | quote }} + {{- end }} restartPolicy: OnFailure {{- end }} \ No newline at end of file diff --git a/values.yaml b/values.yaml index b55585d..38605b4 100644 --- a/values.yaml +++ b/values.yaml @@ -60,6 +60,11 @@ zabbixserver: # -- automatically clean orphaned ha nodes from ha_nodes db table ha_nodes_autoclean: enabled: true + image: + repository: postgres + tag: "14" + pullPolicy: IfNotPresent + pullSecrets: [] schedule: "0 1 * * *" delete_older_than_seconds: 3600 # -- Address of database host From 99d587d361e52275346e7df9a7d8f488ea95707e Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Sat, 23 Apr 2022 17:38:45 +0200 Subject: [PATCH 05/39] support DB init with multiple zabbix servers When starting more than one Zabbix server containers with valid DB connection credentials at the same time on an empty database, all of them would try to connect and install the Zabbix DB schema to it at the same time, leading to errors and invalid queries. This commit implements an init container on the Zabbix Server pods that not only waits for the DB to be accessible IP-wise, but also for the schema to be available. This practically deactivates the schema auto-creation for the Zabbix Server pods. At the same time, a one-time Job has been added, which uses the Zabbix Server image with a slightly modified docker-entrypoint.sh in order to only wait for DB connection and then to install Zabbix DB schema, but not to prepare config nor start Zabbix server. With the combination of these two, we can now start off with a multinode Zabbix HA cluster in Kubernetes. --- ...nfigmap-zabbix-server-init-waitschema.yaml | 172 ++++++++++++++++++ templates/deployment-zabbix-server.yaml | 87 +++++++++ templates/job-init-db-schema.yaml | 93 ++++++++++ 3 files changed, 352 insertions(+) create mode 100644 templates/configmap-zabbix-server-init-waitschema.yaml create mode 100644 templates/job-init-db-schema.yaml diff --git a/templates/configmap-zabbix-server-init-waitschema.yaml b/templates/configmap-zabbix-server-init-waitschema.yaml new file mode 100644 index 0000000..080e156 --- /dev/null +++ b/templates/configmap-zabbix-server-init-waitschema.yaml @@ -0,0 +1,172 @@ +{{- if gt (.Values.zabbixserver.replicaCount | int) 1 }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: test + name: {{ template "zabbix.fullname" . }}-waitdbschema-script + labels: + app: {{ template "zabbix.fullname" . }}-waitdbschema-script + app.kubernetes.io/name: waitdbschema-script + helm.sh/chart: {{ include "zabbix.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }}-waitdbschema-script + app.kubernetes.io/managed-by: {{ .Release.Service }}-waitdbschema-script +data: + wait_db_schema.sh: | + #!/bin/bash + + set -o pipefail + + set +e + + # Script trace mode + if [ "${DEBUG_MODE,,}" == "true" ]; then + set -o xtrace + fi + + # Default directories + # User 'zabbix' home directory + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" + # Configuration files directory + ZABBIX_ETC_DIR="/etc/zabbix" + + # usage: file_env VAR [DEFAULT] + # as example: file_env 'MYSQL_PASSWORD' 'zabbix' + # (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) + # unsets the VAR_FILE afterwards and just leaving VAR + file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" + } + + # Check prerequisites for PostgreSQL database + check_variables_postgresql() { + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + + : ${DB_SERVER_HOST:="postgres-server"} + : ${DB_SERVER_PORT:="5432"} + + DB_SERVER_ROOT_USER=${POSTGRES_USER:-"postgres"} + DB_SERVER_ROOT_PASS=${POSTGRES_PASSWORD:-""} + + DB_SERVER_ZBX_USER=${POSTGRES_USER:-"zabbix"} + DB_SERVER_ZBX_PASS=${POSTGRES_PASSWORD:-"zabbix"} + + : ${DB_SERVER_SCHEMA:="public"} + + DB_SERVER_DBNAME=${POSTGRES_DB:-"zabbix"} + } + + check_db_connect_postgresql() { + echo "********************" + echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}" + echo "* DB_SERVER_PORT: ${DB_SERVER_PORT}" + echo "* DB_SERVER_DBNAME: ${DB_SERVER_DBNAME}" + echo "* DB_SERVER_SCHEMA: ${DB_SERVER_SCHEMA}" + if [ "${DEBUG_MODE,,}" == "true" ]; then + echo "* DB_SERVER_ZBX_USER: ${DB_SERVER_ZBX_USER}" + echo "* DB_SERVER_ZBX_PASS: ${DB_SERVER_ZBX_PASS}" + fi + echo "********************" + + if [ -n "${DB_SERVER_ZBX_PASS}" ]; then + export PGPASSWORD="${DB_SERVER_ZBX_PASS}" + fi + + WAIT_TIMEOUT=5 + + if [ -n "${DB_SERVER_SCHEMA}" ]; then + PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}" + export PGOPTIONS + fi + + while true : + do + psql --host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} --username ${DB_SERVER_ROOT_USER} --list --quiet 1>/dev/null 2>&1 && break + psql --host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} --username ${DB_SERVER_ROOT_USER} --list --dbname ${DB_SERVER_DBNAME} --quiet 1>/dev/null 2>&1 && break + + echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..." + sleep $WAIT_TIMEOUT + done + + unset PGPASSWORD + unset PGOPTIONS + } + + psql_query() { + query=$1 + db=$2 + + local result="" + + if [ -n "${DB_SERVER_ZBX_PASS}" ]; then + export PGPASSWORD="${DB_SERVER_ZBX_PASS}" + fi + + if [ -n "${DB_SERVER_SCHEMA}" ]; then + PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}" + export PGOPTIONS + fi + + result=$(psql --no-align --quiet --tuples-only --host "${DB_SERVER_HOST}" --port "${DB_SERVER_PORT}" \ + --username "${DB_SERVER_ROOT_USER}" --command "$query" --dbname "$db" 2>/dev/null); + + unset PGPASSWORD + unset PGOPTIONS + + echo $result + } + + check_db_schema_present() { + WAIT_TIMEOUT=5 + while true : + do + DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = + c.relnamespace WHERE n.nspname = '$DB_SERVER_SCHEMA' AND c.relname = 'dbversion'" "${DB_SERVER_DBNAME}") + + if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then + echo "** Table '${DB_SERVER_DBNAME}.dbversion' already exists." + ZBX_DB_VERSION=$(psql_query "SELECT mandatory FROM ${DB_SERVER_SCHEMA}.dbversion" "${DB_SERVER_DBNAME}") + fi + + if [ -n "${ZBX_DB_VERSION}" ]; then + echo "** dbversion is ${ZBX_DB_VERSION}, letting the Zabbix Server container start" + break + fi + + echo "**** DB Version not found yet, assuming DB schema is not yet created. Waiting $WAIT_TIMEOUT seconds..." + sleep $WAIT_TIMEOUT + done + } + + wait_for_db_and_schema() { + echo "** waiting for Zabbix DB to be operational to start Zabbix server container" + check_variables_postgresql + check_db_connect_postgresql + check_db_schema_present + } + + wait_for_db_and_schema +{{- end }} diff --git a/templates/deployment-zabbix-server.yaml b/templates/deployment-zabbix-server.yaml index ed006ab..123f06e 100644 --- a/templates/deployment-zabbix-server.yaml +++ b/templates/deployment-zabbix-server.yaml @@ -46,6 +46,87 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- if gt (.Values.zabbixserver.replicaCount | int) 1 }} + initContainers: + - name: init-wait-for-database-schema + image: {{ .Values.zabbixserver.image.repository }}:{{ .Values.zabbixserver.image.tag }} + env: + {{- if .Values.postgresql.enabled }} + - name: DB_SERVER_HOST + value: {{ template "zabbix.fullname" . }}-postgresql + - name: DB_SERVER_PORT + value: {{ .Values.postgresql.service.port | quote }} + {{- else if .Values.db_access.secret_name }} + - name: DB_SERVER_HOST + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.secret_name }} + key: host + - name: DB_SERVER_PORT + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.secret_name }} + key: port + optional: true + {{- else }} + - name: DB_SERVER_HOST + {{- if .Values.db_access.DB_SERVER_HOST }} + value: {{ .Values.db_access.DB_SERVER_HOST | quote }} + {{- else }} + value: {{ .Values.zabbixserver.DB_SERVER_HOST | quote }} + {{- end }} + - name: DB_SERVER_PORT + {{- if .Values.db_access.DB_SERVER_PORT }} + value: {{ .Values.db_access.DB_SERVER_PORT | quote }} + {{- else }} + value: {{ .Values.zabbixserver.DB_SERVER_PORT | quote }} + {{- end }} + {{- end }} + {{- if .Values.db_access.secret_name }} + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.secret_name }} + key: user + optional: true + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.secret_name }} + key: password + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.secret_name }} + key: dbname + optional: true + {{- else }} + - name: POSTGRES_USER + {{- if .Values.db_access.POSTGRES_USER }} + value: {{ .Values.db_access.POSTGRES_USER | quote }} + {{- else }} + value: {{ .Values.zabbixserver.POSTGRES_USER | quote }} + {{ end }} + - name: POSTGRES_PASSWORD + {{- if .Values.db_access.POSTGRES_PASSWORD }} + value: {{ .Values.db_access.POSTGRES_PASSWORD | quote }} + {{- else }} + value: {{ .Values.zabbixserver.POSTGRES_PASSWORD | quote }} + {{- end }} + - name: POSTGRES_DB + {{- if .Values.db_access.POSTGRES_DB }} + value: {{ .Values.db_access.POSTGRES_DB | quote }} + {{- else }} + value: {{ .Values.zabbixserver.POSTGRES_DB | quote }} + {{- end }} + {{- end }} + command: + - "/bin/bash" + - "/script/wait_db_schema.sh" + volumeMounts: + - name: init-waitschema-script + mountPath: /script + {{- end }} containers: - name: zabbix-server resources: @@ -204,4 +285,10 @@ spec: {{- range .Values.zabbixagent.image.pullSecrets }} - name: {{ . | quote }} {{- end }} + {{- if gt (.Values.zabbixserver.replicaCount | int) 1 }} + volumes: + - name: init-waitschema-script + configMap: + name: {{ template "zabbix.fullname" . }}-waitdbschema-script + {{- end }} {{- end }} diff --git a/templates/job-init-db-schema.yaml b/templates/job-init-db-schema.yaml new file mode 100644 index 0000000..b9057e7 --- /dev/null +++ b/templates/job-init-db-schema.yaml @@ -0,0 +1,93 @@ +{{- if gt (.Values.zabbixserver.replicaCount | int) 1 }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "zabbix.fullname" . }}-init-db-schema + labels: + app: {{ template "zabbix.fullname" . }}-init-db-schema + app.kubernetes.io/name: init-db-schema + helm.sh/chart: {{ include "zabbix.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }}-init-db-schema + app.kubernetes.io/managed-by: {{ .Release.Service }}-init-db-schema +spec: + template: + spec: + containers: + - name: init-db-schema + image: {{ .Values.zabbixserver.image.repository }}:{{ .Values.zabbixserver.image.tag }} + env: + {{- if .Values.postgresql.enabled }} + - name: DB_SERVER_HOST + value: {{ template "zabbix.fullname" . }}-postgresql + - name: DB_SERVER_PORT + value: {{ .Values.postgresql.service.port | quote }} + {{- else if .Values.db_access.secret_name }} + - name: DB_SERVER_HOST + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.secret_name }} + key: host + - name: DB_SERVER_PORT + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.secret_name }} + key: port + optional: true + {{- else }} + - name: DB_SERVER_HOST + {{- if .Values.db_access.DB_SERVER_HOST }} + value: {{ .Values.db_access.DB_SERVER_HOST | quote }} + {{- else }} + value: {{ .Values.zabbixserver.DB_SERVER_HOST | quote }} + {{- end }} + - name: DB_SERVER_PORT + {{- if .Values.db_access.DB_SERVER_PORT }} + value: {{ .Values.db_access.DB_SERVER_PORT | quote }} + {{- else }} + value: {{ .Values.zabbixserver.DB_SERVER_PORT | quote }} + {{- end }} + {{- end }} + {{- if .Values.db_access.secret_name }} + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.secret_name }} + key: user + optional: true + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.secret_name }} + key: password + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.secret_name }} + key: dbname + optional: true + {{- else }} + - name: POSTGRES_USER + {{- if .Values.db_access.POSTGRES_USER }} + value: {{ .Values.db_access.POSTGRES_USER | quote }} + {{- else }} + value: {{ .Values.zabbixserver.POSTGRES_USER | quote }} + {{ end }} + - name: POSTGRES_PASSWORD + {{- if .Values.db_access.POSTGRES_PASSWORD }} + value: {{ .Values.db_access.POSTGRES_PASSWORD | quote }} + {{- else }} + value: {{ .Values.zabbixserver.POSTGRES_PASSWORD | quote }} + {{- end }} + - name: POSTGRES_DB + {{- if .Values.db_access.POSTGRES_DB }} + value: {{ .Values.db_access.POSTGRES_DB | quote }} + {{- else }} + value: {{ .Values.zabbixserver.POSTGRES_DB | quote }} + {{- end }} + {{- end }} + command: + - "/bin/sh" + - "-c" + - 'sed -e "s/^exec \"\$@\"$/prepare_server/" -e "/^ *update_zbx_config$/d" /usr/bin/docker-entrypoint.sh >~/docker-entrypoint.sh && bash ~/docker-entrypoint.sh' + restartPolicy: Never +{{- end}} From 17cde01ed68e4b7da8dc858bdd2624b62f6b4ab7 Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Wed, 4 May 2022 11:12:43 +0200 Subject: [PATCH 06/39] Probes moved to correct section in values --- templates/deployment-zabbix-web.yaml | 24 ++++++------- values.yaml | 53 ++++++++++++++-------------- 2 files changed, 38 insertions(+), 39 deletions(-) diff --git a/templates/deployment-zabbix-web.yaml b/templates/deployment-zabbix-web.yaml index dad73c2..c097cff 100644 --- a/templates/deployment-zabbix-web.yaml +++ b/templates/deployment-zabbix-web.yaml @@ -148,22 +148,22 @@ spec: protocol: TCP livenessProbe: httpGet: - path: {{ .Values.livenessProbe.path }} + path: {{ .Values.zabbixweb.livenessProbe.path }} port: zabbix-web - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + initialDelaySeconds: {{ .Values.zabbixweb.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.zabbixweb.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.zabbixweb.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.zabbixweb.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.zabbixweb.livenessProbe.failureThreshold }} readinessProbe: httpGet: - path: {{ .Values.readinessProbe.path }} + path: {{ .Values.zabbixweb.readinessProbe.path }} port: zabbix-web - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + initialDelaySeconds: {{ .Values.zabbixweb.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.zabbixweb.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.zabbixweb.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.zabbixweb.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.zabbixweb.readinessProbe.failureThreshold }} imagePullSecrets: {{- range .Values.zabbixweb.image.pullSecrets }} - name: {{ . | quote }} diff --git a/values.yaml b/values.yaml index 38605b4..08f9ccd 100644 --- a/values.yaml +++ b/values.yaml @@ -280,6 +280,32 @@ zabbixweb: # metallb.universe.tf/address-pool: production-public-ips # -- Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml extraEnv: [] + livenessProbe: + # -- Path of health check of application + path: / + # -- Number of seconds after the container has started before liveness + initialDelaySeconds: 30 + # -- Specifies that the kubelet should perform a liveness probe every N seconds + periodSeconds: 10 + # -- Number of seconds after which the probe times out + timeoutSeconds: 5 + # -- When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. In case of readiness probe the Pod will be marked Unready + failureThreshold: 6 + # -- Minimum consecutive successes for the probe to be considered successful after having failed + successThreshold: 1 + readinessProbe: + # -- Path of health check of application + path: / + # -- Number of seconds after the container has started before readiness + initialDelaySeconds: 5 + # -- Specifies that the kubelet should perform a readiness probe every N seconds + periodSeconds: 10 + # -- Number of seconds after which the probe times out + timeoutSeconds: 5 + # -- When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. In case of readiness probe the Pod will be marked Unready + failureThreshold: 6 + # -- Minimum consecutive successes for the probe to be considered successful after having failed + successThreshold: 1 # **Zabbix Web** configurations zabbixwebservice: @@ -340,33 +366,6 @@ ingress: # -- pathType is only for k8s >= 1.1= pathType: Prefix -livenessProbe: - # -- Path of health check of application - path: / - # -- Number of seconds after the container has started before liveness - initialDelaySeconds: 30 - # -- Specifies that the kubelet should perform a liveness probe every N seconds - periodSeconds: 10 - # -- Number of seconds after which the probe times out - timeoutSeconds: 5 - # -- When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. In case of readiness probe the Pod will be marked Unready - failureThreshold: 6 - # -- Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - -readinessProbe: - # -- Path of health check of application - path: / - # -- Number of seconds after the container has started before readiness - initialDelaySeconds: 5 - # -- Specifies that the kubelet should perform a readiness probe every N seconds - periodSeconds: 10 - # -- Number of seconds after which the probe times out - timeoutSeconds: 5 - # -- When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. In case of readiness probe the Pod will be marked Unready - failureThreshold: 6 - # -- Minimum consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 # -- nodeSelector configurations nodeSelector: {} From 26b11892d93e18e567f0ebb723b5f3fb924a4f7d Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Fri, 13 May 2022 16:15:26 +0200 Subject: [PATCH 07/39] max_connections for postgresql server From 918e85e77b0763513432efd412cd2719a9bdc1ee Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Thu, 19 May 2022 13:21:57 +0300 Subject: [PATCH 08/39] adding nodePort option to values for zabbixweb --- templates/service.yaml | 3 +++ values.yaml | 2 ++ 2 files changed, 5 insertions(+) diff --git a/templates/service.yaml b/templates/service.yaml index 6beffba..5331dec 100644 --- a/templates/service.yaml +++ b/templates/service.yaml @@ -99,6 +99,9 @@ spec: targetPort: 8080 protocol: TCP name: zabbix-web + {{- if .Values.zabbixweb.service.nodePort }} + nodePort: {{ .Values.zabbixweb.service.nodePort }} + {{- end }} selector: app: {{ template "zabbix.fullname" . }}-zabbix-web {{- end }} diff --git a/values.yaml b/values.yaml index 08f9ccd..7c8c4f2 100644 --- a/values.yaml +++ b/values.yaml @@ -275,6 +275,8 @@ zabbixweb: clusterIP: # -- Port to expose service port: 80 + # -- NodePort port to allocate (only if service.type = NodePort) + #nodePort: 31080 # -- Annotations for the zabbix-web service annotations: {} # metallb.universe.tf/address-pool: production-public-ips From 1be84cd5d6b6952695c47e90ff5384184eca44bb Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Thu, 19 May 2022 13:22:26 +0300 Subject: [PATCH 09/39] fix: added additionally step to wait for db schema if the step to create the db schema takes too long, the wait-job that should prevent the Zabbix server container to start unless the database is "really" ready, is leaving off too early and Zabbix server crashes at start. This commit prevents this error by adding an additional step to only start the Zabbix server container if there are more than 0 users in the users table. --- ...nfigmap-zabbix-server-init-waitschema.yaml | 21 +++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/templates/configmap-zabbix-server-init-waitschema.yaml b/templates/configmap-zabbix-server-init-waitschema.yaml index 080e156..565de40 100644 --- a/templates/configmap-zabbix-server-init-waitschema.yaml +++ b/templates/configmap-zabbix-server-init-waitschema.yaml @@ -147,12 +147,12 @@ data: c.relnamespace WHERE n.nspname = '$DB_SERVER_SCHEMA' AND c.relname = 'dbversion'" "${DB_SERVER_DBNAME}") if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then - echo "** Table '${DB_SERVER_DBNAME}.dbversion' already exists." + echo "** Table '${DB_SERVER_DBNAME}.dbversion' exists." ZBX_DB_VERSION=$(psql_query "SELECT mandatory FROM ${DB_SERVER_SCHEMA}.dbversion" "${DB_SERVER_DBNAME}") fi if [ -n "${ZBX_DB_VERSION}" ]; then - echo "** dbversion is ${ZBX_DB_VERSION}, letting the Zabbix Server container start" + echo "** dbversion is ${ZBX_DB_VERSION}, continuing with next step of checks..." break fi @@ -161,11 +161,28 @@ data: done } + check_db_users() { + WAIT_TIMEOUT=5 + while true : + do + DB_AMOUNT_USERS=$(psql_query "SELECT count(*) FROM users" "${DB_SERVER_DBNAME}") + + if [ ${DB_AMOUNT_USERS} -gt 0 ]; then + echo "** amount of users in users table is ${DB_AMOUNT_USERS}, letting the Zabbix Server container start" + break + fi + + echo "**** DB amount of entries in user table is ${DB_AMOUNT_USERS}. Waiting $WAIT_TIMEOUT seconds..." + sleep $WAIT_TIMEOUT + done + } + wait_for_db_and_schema() { echo "** waiting for Zabbix DB to be operational to start Zabbix server container" check_variables_postgresql check_db_connect_postgresql check_db_schema_present + check_db_users } wait_for_db_and_schema From 073c0a34c239f5f4700e51cbcae2337f8d469c6a Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Wed, 25 May 2022 22:56:11 +0200 Subject: [PATCH 10/39] added SAML related settings - certificate secret - frontend settings example (via env) --- templates/deployment-zabbix-web.yaml | 11 +++++++++++ values.yaml | 4 ++++ 2 files changed, 15 insertions(+) diff --git a/templates/deployment-zabbix-web.yaml b/templates/deployment-zabbix-web.yaml index c097cff..5368d2e 100644 --- a/templates/deployment-zabbix-web.yaml +++ b/templates/deployment-zabbix-web.yaml @@ -146,6 +146,11 @@ spec: - name: zabbix-web containerPort: 8080 protocol: TCP + {{- if .Values.zabbixweb.saml_certs_secret_name }} + volumeMounts: + - name: zabbix-web-samlcerts + mountPath: /etc/zabbix/web/certs + {{- end }} livenessProbe: httpGet: path: {{ .Values.zabbixweb.livenessProbe.path }} @@ -168,4 +173,10 @@ spec: {{- range .Values.zabbixweb.image.pullSecrets }} - name: {{ . | quote }} {{- end }} + {{- if .Values.zabbixweb.saml_certs_secret_name }} + volumes: + - name: zabbix-web-samlcerts + secret: + secretName: {{ .Values.zabbixweb.saml_certs_secret_name }} + {{- end }} {{- end }} diff --git a/values.yaml b/values.yaml index 7c8c4f2..1d8e1ce 100644 --- a/values.yaml +++ b/values.yaml @@ -268,6 +268,8 @@ zabbixweb: #POSTGRES_DB: zabbix # -- Name of the Zabbix server in GUI #zbx_server_name: something + # -- Certificate containing certificates for SAML configuration + #saml_certs_secret_name: zabbix-web-samlcerts service: # -- Type of service for Zabbix web type: NodePort @@ -282,6 +284,8 @@ zabbixweb: # metallb.universe.tf/address-pool: production-public-ips # -- Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml extraEnv: [] + #- name: ZBX_SSO_SETTINGS + # value: '{"baseurl": "https://zabbix.example.com"}' livenessProbe: # -- Path of health check of application path: / From 4027aec56fc86348acf57f4dca9e086dbc06e9c4 Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Thu, 26 May 2022 11:28:11 +0200 Subject: [PATCH 11/39] implemented POSTGRES_PASSWORD_SECRET into db-init-job and init container --- templates/deployment-zabbix-server.yaml | 5 +++++ templates/job-init-db-schema.yaml | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/templates/deployment-zabbix-server.yaml b/templates/deployment-zabbix-server.yaml index 123f06e..a2d3c13 100644 --- a/templates/deployment-zabbix-server.yaml +++ b/templates/deployment-zabbix-server.yaml @@ -110,6 +110,11 @@ spec: - name: POSTGRES_PASSWORD {{- if .Values.db_access.POSTGRES_PASSWORD }} value: {{ .Values.db_access.POSTGRES_PASSWORD | quote }} + {{- else if .Values.zabbixserver.POSTGRES_PASSWORD_SECRET }} + valueFrom: + secretKeyRef: + name: {{ .Values.zabbixserver.POSTGRES_PASSWORD_SECRET }} + key: {{ default "password" .Values.zabbixserver.POSTGRES_PASSWORD_SECRET_KEY }} {{- else }} value: {{ .Values.zabbixserver.POSTGRES_PASSWORD | quote }} {{- end }} diff --git a/templates/job-init-db-schema.yaml b/templates/job-init-db-schema.yaml index b9057e7..fedff98 100644 --- a/templates/job-init-db-schema.yaml +++ b/templates/job-init-db-schema.yaml @@ -75,6 +75,11 @@ spec: - name: POSTGRES_PASSWORD {{- if .Values.db_access.POSTGRES_PASSWORD }} value: {{ .Values.db_access.POSTGRES_PASSWORD | quote }} + {{- else if .Values.zabbixserver.POSTGRES_PASSWORD_SECRET }} + valueFrom: + secretKeyRef: + name: {{ .Values.zabbixserver.POSTGRES_PASSWORD_SECRET }} + key: {{ default "password" .Values.zabbixserver.POSTGRES_PASSWORD_SECRET_KEY }} {{- else }} value: {{ .Values.zabbixserver.POSTGRES_PASSWORD | quote }} {{- end }} From ab1d741e76e96da8c1fd813a9e3b45dce8956f77 Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Thu, 26 May 2022 11:56:09 +0200 Subject: [PATCH 12/39] central tag setting for all zbx images --- templates/deployment-zabbix-server.yaml | 16 ++++++++++++++-- templates/deployment-zabbix-web.yaml | 4 ++++ templates/deployment-zabbix-webservice.yaml | 4 ++++ templates/job-init-db-schema.yaml | 4 ++++ templates/statefulset-zabbix-proxy.yaml | 8 ++++++++ values.yaml | 13 ++++++++----- 6 files changed, 42 insertions(+), 7 deletions(-) diff --git a/templates/deployment-zabbix-server.yaml b/templates/deployment-zabbix-server.yaml index a2d3c13..11605c2 100644 --- a/templates/deployment-zabbix-server.yaml +++ b/templates/deployment-zabbix-server.yaml @@ -49,7 +49,11 @@ spec: {{- if gt (.Values.zabbixserver.replicaCount | int) 1 }} initContainers: - name: init-wait-for-database-schema - image: {{ .Values.zabbixserver.image.repository }}:{{ .Values.zabbixserver.image.tag }} + {{- if .Values.zabbix_image_tag }} + image: "{{ .Values.zabbixserver.image.repository }}:{{ .Values.zabbix_image_tag }}" + {{- else }} + image: "{{ .Values.zabbixserver.image.repository }}:{{ .Values.zabbixserver.image.tag }}" + {{- end }} env: {{- if .Values.postgresql.enabled }} - name: DB_SERVER_HOST @@ -136,7 +140,11 @@ spec: - name: zabbix-server resources: {{- toYaml .Values.zabbixserver.resources | nindent 12 }} - image: {{ .Values.zabbixserver.image.repository }}:{{ .Values.zabbixserver.image.tag }} + {{- if .Values.zabbix_image_tag }} + image: "{{ .Values.zabbixserver.image.repository }}:{{ .Values.zabbix_image_tag }}" + {{- else }} + image: "{{ .Values.zabbixserver.image.repository }}:{{ .Values.zabbixserver.image.tag }}" + {{- end }} ports: - containerPort: 10051 name: zabbix-server @@ -251,7 +259,11 @@ spec: {{- toYaml .Values.zabbixagent.resources | nindent 12 }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} + {{- if .Values.zabbix_image_tag }} + image: "{{ .Values.zabbixagent.image.repository }}:{{ .Values.zabbix_image_tag }}" + {{- else }} image: "{{ .Values.zabbixagent.image.repository }}:{{ .Values.zabbixagent.image.tag }}" + {{- end }} imagePullPolicy: {{ .Values.zabbixagent.image.pullPolicy }} env: - name: ZBX_HOSTNAME diff --git a/templates/deployment-zabbix-web.yaml b/templates/deployment-zabbix-web.yaml index 5368d2e..3826559 100644 --- a/templates/deployment-zabbix-web.yaml +++ b/templates/deployment-zabbix-web.yaml @@ -51,7 +51,11 @@ spec: {{- toYaml .Values.zabbixweb.resources | nindent 10 }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} + {{- if .Values.zabbix_image_tag }} + image: "{{ .Values.zabbixweb.image.repository }}:{{ .Values.zabbix_image_tag }}" + {{- else }} image: "{{ .Values.zabbixweb.image.repository }}:{{ .Values.zabbixweb.image.tag }}" + {{- end }} imagePullPolicy: {{ .Values.zabbixweb.image.pullPolicy }} env: - name: ZBX_SERVER_NAME diff --git a/templates/deployment-zabbix-webservice.yaml b/templates/deployment-zabbix-webservice.yaml index 2e2d900..c395151 100644 --- a/templates/deployment-zabbix-webservice.yaml +++ b/templates/deployment-zabbix-webservice.yaml @@ -51,7 +51,11 @@ spec: {{- toYaml .Values.zabbixwebservice.resources | nindent 10 }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} + {{- if .Values.zabbix_image_tag }} + image: "{{ .Values.zabbixwebservice.image.repository }}:{{ .Values.zabbix_image_tag }}" + {{- else }} image: "{{ .Values.zabbixwebservice.image.repository }}:{{ .Values.zabbixwebservice.image.tag }}" + {{- end }} imagePullPolicy: {{ .Values.zabbixwebservice.image.pullPolicy }} env: {{- if .Values.zabbixwebservice.ignore_url_cert_errors }} diff --git a/templates/job-init-db-schema.yaml b/templates/job-init-db-schema.yaml index fedff98..35c3fc6 100644 --- a/templates/job-init-db-schema.yaml +++ b/templates/job-init-db-schema.yaml @@ -14,7 +14,11 @@ spec: spec: containers: - name: init-db-schema + {{- if .Values.zabbix_image_tag }} + image: {{ .Values.zabbixserver.image.repository }}:{{ .Values.zabbix_image_tag }} + {{- else }} image: {{ .Values.zabbixserver.image.repository }}:{{ .Values.zabbixserver.image.tag }} + {{- end }} env: {{- if .Values.postgresql.enabled }} - name: DB_SERVER_HOST diff --git a/templates/statefulset-zabbix-proxy.yaml b/templates/statefulset-zabbix-proxy.yaml index bba87b2..7d83d2f 100644 --- a/templates/statefulset-zabbix-proxy.yaml +++ b/templates/statefulset-zabbix-proxy.yaml @@ -44,7 +44,11 @@ spec: {{- toYaml .Values.zabbixagent.resources | nindent 12 }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} + {{- if .Values.zabbix_image_tag }} + image: "{{ .Values.zabbixagent.image.repository }}:{{ .Values.zabbix_image_tag }}" + {{- else }} image: "{{ .Values.zabbixagent.image.repository }}:{{ .Values.zabbixagent.image.tag }}" + {{- end }} imagePullPolicy: {{ .Values.zabbixagent.image.pullPolicy }} env: - name: ZBX_HOSTNAME @@ -83,7 +87,11 @@ spec: {{- toYaml .Values.zabbixproxy.resources | nindent 12 }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} + {{- if .Values.zabbix_image_tag }} + image: "{{ .Values.zabbixproxy.image.repository }}:{{ .Values.zabbix_image_tag }}" + {{- else }} image: "{{ .Values.zabbixproxy.image.repository }}:{{ .Values.zabbixproxy.image.tag }}" + {{- end }} imagePullPolicy: {{ .Values.zabbixproxy.image.pullPolicy }} env: - name: ZBX_PROXYMODE diff --git a/values.yaml b/values.yaml index 1d8e1ce..6d17a31 100644 --- a/values.yaml +++ b/values.yaml @@ -2,6 +2,9 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +# -- zabbix components (server, agent, web frontend, ...) image tag to use. Overwritten by zabbixserver.image.tag etc. +zabbix_image_tag: ubuntu-6.0.4 + # with this dict, you can set unified DB access credentials, IP and so on for both Zabbix server and Zabbix web frontend # you can either chose from having all this in one named (preexisting) secret or setting the values one by one with vars # whatever set here overrides the credential settings within the "zabbixserver" and "zabbixweb" sections. @@ -52,7 +55,7 @@ zabbixserver: # -- Zabbix server Docker image name repository: zabbix/zabbix-server-pgsql # -- Tag of Docker image of Zabbix server - tag: ubuntu-6.0.4 + #tag: ubuntu-6.0.4 # -- Pull policy of Docker image pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images @@ -152,7 +155,7 @@ zabbixproxy: # -- Zabbix proxy Docker image name repository: zabbix/zabbix-proxy-sqlite3 # -- Tag of Docker image of Zabbix proxy - tag: ubuntu-6.0.4 + #tag: ubuntu-6.0.4 # -- Pull policy of Docker image pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images @@ -198,7 +201,7 @@ zabbixagent: # -- Zabbix agent Docker image name. Can use zabbix/zabbix-agent or zabbix/zabbix-agent2 repository: zabbix/zabbix-agent2 # -- Tag of Docker image of Zabbix agent - tag: ubuntu-6.0.4 + #tag: ubuntu-6.0.4 # -- Pull policy of Docker image pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images @@ -251,7 +254,7 @@ zabbixweb: # -- Zabbix web Docker image name repository: zabbix/zabbix-web-nginx-pgsql # -- Tag of Docker image of Zabbix web - tag: ubuntu-6.0.4 + #tag: ubuntu-6.0.4 # -- Pull policy of Docker image pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images @@ -325,7 +328,7 @@ zabbixwebservice: # -- Zabbix web Docker image name repository: zabbix/zabbix-web-service # -- Tag of Docker image of Zabbix web - tag: ubuntu-6.0.4 + #tag: ubuntu-6.0.4 # -- Pull policy of Docker image pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images From fde596270ffb339310fdaf1128930892375b3814 Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Sat, 21 May 2022 22:55:05 +0200 Subject: [PATCH 13/39] added ingressroute for traefik ingress controller --- templates/ingressroute.yml | 32 ++++++++++++++++++++++++++++++++ values.yaml | 16 ++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 templates/ingressroute.yml diff --git a/templates/ingressroute.yml b/templates/ingressroute.yml new file mode 100644 index 0000000..e3b8985 --- /dev/null +++ b/templates/ingressroute.yml @@ -0,0 +1,32 @@ +{{- if .Values.ingressroute.enabled -}} +{{- $fullName := include "zabbix.fullname" . -}} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: {{ $fullName }} + labels: + {{- include "zabbix.labels" . | nindent 4 }} + {{- with .Values.ingressroute.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingressroute.entryPoints }} + entryPoints: + {{- with .Values.ingressroute.entryPoints }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + routes: + - match: Host(`{{ .Values.ingressroute.hostName }}`) + kind: Rule + services: + - name: {{ template "zabbix.fullname" . }}-zabbix-web + port: {{ .Values.zabbixweb.service.port }} + {{- if .Values.ingressroute.tls }} + tls: + {{- with .Values.ingressroute.tls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/values.yaml b/values.yaml index 6d17a31..1f95dd1 100644 --- a/values.yaml +++ b/values.yaml @@ -375,6 +375,22 @@ ingress: # -- pathType is only for k8s >= 1.1= pathType: Prefix +# Ingress CRD object for the Traefik Ingresscontroller +ingressroute: + # -- Enables Traefik IngressRoute + enabled: false + # -- IngressRoute annotations + annotations: {} + # -- Ingressroute extra labels + extraLabels: {} + # -- Ingressroute entrypoints + entryPoints: + - websecure + # -- Ingressroute host name + hostName: chart-example.local + # -- IngressRoute TLS configuration + #tls: + # certResolver: myresolver # -- nodeSelector configurations nodeSelector: {} From 9d9d32771b5df013b5a571779c5d10c6dcb18fdd Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Thu, 26 May 2022 12:30:28 +0200 Subject: [PATCH 14/39] default service type for frontend ClusterIP We shouldn avoid exposing any part of the application by accident/default --- values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values.yaml b/values.yaml index 1f95dd1..fc2312f 100644 --- a/values.yaml +++ b/values.yaml @@ -275,7 +275,7 @@ zabbixweb: #saml_certs_secret_name: zabbix-web-samlcerts service: # -- Type of service for Zabbix web - type: NodePort + type: ClusterIP # -- Cluster IP for Zabbix web clusterIP: # -- Port to expose service From 67850f3ac22b63c847b3f2cd4954da1c1a937886 Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Mon, 30 May 2022 17:28:43 +0200 Subject: [PATCH 15/39] reworked/unified DB auth/access settings From now on, all settings related to database access credentials are being managed centrally for the entire chart: - either by using a "unified_db_secret" containing ALL aspects of the db access configuration, conforming to the format being used by the PGO Postgres operator, - explicit settings in the "db_access" section of the values.yaml. In case these are used, it is possible to use a secret just and only for the DB password, which will then be used by all components that apply. This commit removes all postgres related username/password and DB name settings on the levels of each of the components of the chart, and only keeps the central ones. --- templates/cronjob-hanodes-autoclean.yaml | 51 +++++------- templates/deployment-zabbix-server.yaml | 98 ++++++++---------------- templates/deployment-zabbix-web.yaml | 52 ++++--------- templates/job-init-db-schema.yaml | 48 ++++-------- templates/secret-db-access.yaml | 6 +- templates/statefulset-postgresql.yaml | 29 +++---- values.yaml | 84 ++++++++------------ 7 files changed, 126 insertions(+), 242 deletions(-) diff --git a/templates/cronjob-hanodes-autoclean.yaml b/templates/cronjob-hanodes-autoclean.yaml index bd6d85f..9e43f46 100644 --- a/templates/cronjob-hanodes-autoclean.yaml +++ b/templates/cronjob-hanodes-autoclean.yaml @@ -29,73 +29,60 @@ spec: value: {{ template "zabbix.fullname" . }}-postgresql - name: PGPORT value: {{ .Values.postgresql.service.port | quote }} - {{- else if .Values.db_access.secret_name }} + {{- else if .Values.db_access.use_unified_secret }} - name: PGHOST valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: host - name: PGPORT valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: port optional: true {{- else }} - name: PGHOST - {{- if .Values.db_access.DB_SERVER_HOST }} - value: {{ .Values.db_access.DB_SERVER_HOST | quote }} - {{- else }} - value: {{ .Values.zabbixserver.DB_SERVER_HOST | quote }} - {{- end }} + value: {{ .Values.db_access.db_server_host | quote }} - name: PGPORT - {{- if .Values.db_access.DB_SERVER_PORT }} - value: {{ .Values.db_access.DB_SERVER_PORT | quote }} - {{- else }} - value: {{ .Values.zabbixserver.DB_SERVER_PORT | quote }} - {{- end }} + value: {{ .Values.db_access.db_server_port | quote }} {{- end }} - {{- if .Values.db_access.secret_name }} + {{- if .Values.db_access.use_unified_secret }} - name: PGUSER valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: user optional: true - name: PGPASSWORD valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: password - name: PGDATABASE valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: dbname optional: true {{- else }} - name: PGUSER - {{- if .Values.db_access.POSTGRES_USER }} - value: {{ .Values.db_access.POSTGRES_USER | quote }} - {{- else }} - value: {{ .Values.zabbixserver.POSTGRES_USER | quote }} - {{ end }} + value: {{ .Values.db_access.postgres_user | quote }} - name: PGPASSWORD - {{- if .Values.db_access.POSTGRES_PASSWORD }} - value: {{ .Values.db_access.POSTGRES_PASSWORD | quote }} - {{- else }} - value: {{ .Values.zabbixserver.POSTGRES_PASSWORD | quote }} + {{- if .Values.db_access.postgres_password_secret }} + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.postgres_password_secret }} + key: {{ default "password" .Values.db_access.postgres_password_secret_key }} + {{- else }} + value: {{ .Values.db_access.postgres_password | quote }} {{- end }} - name: PGDATABASE - {{- if .Values.db_access.POSTGRES_DB }} - value: {{ .Values.db_access.POSTGRES_DB | quote }} - {{- else }} - value: {{ .Values.zabbixserver.POSTGRES_DB | quote }} - {{- end }} + value: {{ .Values.db_access.postgres_db | quote }} {{- end }} imagePullSecrets: {{- range .Values.zabbixserver.image.pullSecrets }} - name: {{ . | quote }} {{- end }} restartPolicy: OnFailure -{{- end }} \ No newline at end of file +{{- end }} diff --git a/templates/deployment-zabbix-server.yaml b/templates/deployment-zabbix-server.yaml index 11605c2..46f334f 100644 --- a/templates/deployment-zabbix-server.yaml +++ b/templates/deployment-zabbix-server.yaml @@ -60,74 +60,56 @@ spec: value: {{ template "zabbix.fullname" . }}-postgresql - name: DB_SERVER_PORT value: {{ .Values.postgresql.service.port | quote }} - {{- else if .Values.db_access.secret_name }} + {{- else if .Values.db_access.use_unified_secret }} - name: DB_SERVER_HOST valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: host - name: DB_SERVER_PORT valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: port optional: true {{- else }} - name: DB_SERVER_HOST - {{- if .Values.db_access.DB_SERVER_HOST }} - value: {{ .Values.db_access.DB_SERVER_HOST | quote }} - {{- else }} - value: {{ .Values.zabbixserver.DB_SERVER_HOST | quote }} - {{- end }} + value: {{ .Values.db_access.db_server_host | quote }} - name: DB_SERVER_PORT - {{- if .Values.db_access.DB_SERVER_PORT }} - value: {{ .Values.db_access.DB_SERVER_PORT | quote }} - {{- else }} - value: {{ .Values.zabbixserver.DB_SERVER_PORT | quote }} - {{- end }} + value: {{ .Values.db_access.db_server_port | quote }} {{- end }} - {{- if .Values.db_access.secret_name }} + {{- if .Values.db_access.use_unified_secret }} - name: POSTGRES_USER valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: user optional: true - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: password - name: POSTGRES_DB valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: dbname optional: true {{- else }} - name: POSTGRES_USER - {{- if .Values.db_access.POSTGRES_USER }} - value: {{ .Values.db_access.POSTGRES_USER | quote }} - {{- else }} - value: {{ .Values.zabbixserver.POSTGRES_USER | quote }} - {{ end }} + value: {{ .Values.db_access.postgres_user | quote }} - name: POSTGRES_PASSWORD - {{- if .Values.db_access.POSTGRES_PASSWORD }} - value: {{ .Values.db_access.POSTGRES_PASSWORD | quote }} - {{- else if .Values.zabbixserver.POSTGRES_PASSWORD_SECRET }} + {{- if .Values.db_access.postgres_password_secret }} valueFrom: secretKeyRef: - name: {{ .Values.zabbixserver.POSTGRES_PASSWORD_SECRET }} - key: {{ default "password" .Values.zabbixserver.POSTGRES_PASSWORD_SECRET_KEY }} + name: {{ .Values.db_access.postgres_password_secret }} + key: {{ default "password" .Values.db_access.postgres_password_secret_key }} {{- else }} - value: {{ .Values.zabbixserver.POSTGRES_PASSWORD | quote }} + value: {{ .Values.db_access.postgres_password | quote }} {{- end }} - name: POSTGRES_DB - {{- if .Values.db_access.POSTGRES_DB }} - value: {{ .Values.db_access.POSTGRES_DB | quote }} - {{- else }} - value: {{ .Values.zabbixserver.POSTGRES_DB | quote }} - {{- end }} + value: {{ .Values.db_access.postgres_db | quote }} {{- end }} command: - "/bin/bash" @@ -168,74 +150,56 @@ spec: value: {{ template "zabbix.fullname" . }}-postgresql - name: DB_SERVER_PORT value: {{ .Values.postgresql.service.port | quote }} - {{- else if .Values.db_access.secret_name }} + {{- else if .Values.db_access.use_unified_secret }} - name: DB_SERVER_HOST valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: host - name: DB_SERVER_PORT valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: port optional: true {{- else }} - name: DB_SERVER_HOST - {{- if .Values.db_access.DB_SERVER_HOST }} - value: {{ .Values.db_access.DB_SERVER_HOST | quote }} - {{- else }} - value: {{ .Values.zabbixserver.DB_SERVER_HOST | quote }} - {{- end }} + value: {{ .Values.db_access.db_server_host | quote }} - name: DB_SERVER_PORT - {{- if .Values.db_access.DB_SERVER_PORT }} - value: {{ .Values.db_access.DB_SERVER_PORT | quote }} - {{- else }} - value: {{ .Values.zabbixserver.DB_SERVER_PORT | quote }} - {{- end }} + value: {{ .Values.db_access.db_server_port | quote }} {{- end }} - {{- if .Values.db_access.secret_name }} + {{- if .Values.db_access.use_unified_secret }} - name: POSTGRES_USER valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: user optional: true - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: password - name: POSTGRES_DB valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: dbname optional: true {{- else }} - name: POSTGRES_USER - {{- if .Values.db_access.POSTGRES_USER }} - value: {{ .Values.db_access.POSTGRES_USER | quote }} - {{- else }} - value: {{ .Values.zabbixserver.POSTGRES_USER | quote }} - {{ end }} + value: {{ .Values.db_access.postgres_user | quote }} - name: POSTGRES_PASSWORD - {{- if .Values.db_access.POSTGRES_PASSWORD }} - value: {{ .Values.db_access.POSTGRES_PASSWORD | quote }} - {{- else if .Values.zabbixserver.POSTGRES_PASSWORD_SECRET }} + {{- if .Values.db_access.postgres_password_secret }} valueFrom: secretKeyRef: - name: {{ .Values.zabbixserver.POSTGRES_PASSWORD_SECRET }} - key: {{ default "password" .Values.zabbixserver.POSTGRES_PASSWORD_SECRET_KEY }} - {{- else }} - value: {{ .Values.zabbixserver.POSTGRES_PASSWORD | quote }} + name: {{ .Values.db_access.postgres_password_secret }} + key: {{ default "password" .Values.db_access.postgres_password_secret_key }} + {{- else }} + value: {{ .Values.db_access.postgres_password | quote }} {{- end }} - name: POSTGRES_DB - {{- if .Values.db_access.POSTGRES_DB }} - value: {{ .Values.db_access.POSTGRES_DB | quote }} - {{- else }} - value: {{ .Values.zabbixserver.POSTGRES_DB | quote }} - {{- end }} + value: {{ .Values.db_access.postgres_db | quote }} {{- end }} {{- range $item := .Values.zabbixserver.extraEnv }} - name: {{ $item.name }} diff --git a/templates/deployment-zabbix-web.yaml b/templates/deployment-zabbix-web.yaml index 3826559..f9ce09d 100644 --- a/templates/deployment-zabbix-web.yaml +++ b/templates/deployment-zabbix-web.yaml @@ -69,79 +69,57 @@ spec: value: {{ template "zabbix.fullname" . }}-postgresql - name: DB_SERVER_PORT value: {{ .Values.postgresql.service.port | quote }} - {{- else if .Values.db_access.secret_name }} + {{- else if .Values.db_access.use_unified_secret }} - name: DB_SERVER_HOST valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: host - name: DB_SERVER_PORT valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: port optional: true {{- else }} - name: DB_SERVER_HOST - {{- if .Values.db_access.DB_SERVER_HOST }} - value: {{ .Values.db_access.DB_SERVER_HOST | quote }} - {{- else }} - value: {{ .Values.zabbixweb.DB_SERVER_HOST | quote }} - {{- end -}} + value: {{ .Values.db_access.db_server_host | quote }} - name: DB_SERVER_PORT - {{- if .Values.db_access.DB_SERVER_PORT }} - value: {{ .Values.db_access.DB_SERVER_PORT | quote }} - {{- else }} - value: {{ .Values.zabbixweb.DB_SERVER_PORT | quote }} - {{- end -}} + value: {{ .Values.db_access.db_server_port | quote }} {{- end }} - {{- if .Values.db_access.secret_name }} + {{- if .Values.db_access.use_unified_secret }} - name: POSTGRES_USER valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: user optional: true - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: password - name: POSTGRES_DB valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: dbname optional: true {{- else }} - name: POSTGRES_USER - {{- if .Values.db_access.POSTGRES_USER }} - value: {{ .Values.db_access.POSTGRES_USER | quote }} - {{- else }} - value: {{ .Values.zabbixweb.POSTGRES_USER | quote }} - {{- end }} + value: {{ .Values.db_access.postgres_user | quote }} - name: POSTGRES_PASSWORD - {{- if .Values.db_access.POSTGRES_PASSWORD }} - value: {{ .Values.db_access.POSTGRES_PASSWORD | quote }} - {{- else if .Values.zabbixserver.POSTGRES_PASSWORD_SECRET }} + {{- if .Values.db_access.postgres_password_secret }} valueFrom: secretKeyRef: - name: {{ .Values.zabbixserver.POSTGRES_PASSWORD_SECRET }} - key: {{ default "password" .Values.zabbixserver.POSTGRES_PASSWORD_SECRET_KEY }} + name: {{ .Values.db_access.postgres_password_secret }} + key: {{ default "password" .Values.db_access.postgres_password_secret_key }} {{- else }} - value: {{ .Values.zabbixweb.POSTGRES_PASSWORD | quote }} + value: {{ .Values.db_access.postgres_password | quote }} {{- end }} - name: POSTGRES_DB - {{- if .Values.db_access.POSTGRES_DB }} - value: {{ .Values.db_access.POSTGRES_DB | quote }} - {{- else }} - value: {{ .Values.zabbixweb.POSTGRES_DB | quote }} - {{- end }} + value: {{ .Values.db_access.postgres_db | quote }} {{- end }} - # - name: POSTGRES_USER_FILE - # value: value: {{ .Values.zabbixweb.POSTGRES_USER_FILE | quote }} - #- name: POSTGRES_PASSWORD_FILE - # value: value: {{ .Values.zabbixweb.POSTGRES_PASSWORD_FILE | quote }} {{- range $item := .Values.zabbixweb.extraEnv }} - name: {{ $item.name }} value: {{ $item.value | quote }} diff --git a/templates/job-init-db-schema.yaml b/templates/job-init-db-schema.yaml index 35c3fc6..e576b2d 100644 --- a/templates/job-init-db-schema.yaml +++ b/templates/job-init-db-schema.yaml @@ -25,74 +25,56 @@ spec: value: {{ template "zabbix.fullname" . }}-postgresql - name: DB_SERVER_PORT value: {{ .Values.postgresql.service.port | quote }} - {{- else if .Values.db_access.secret_name }} + {{- else if .Values.db_access.use_unified_secret }} - name: DB_SERVER_HOST valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: host - name: DB_SERVER_PORT valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: port optional: true {{- else }} - name: DB_SERVER_HOST - {{- if .Values.db_access.DB_SERVER_HOST }} - value: {{ .Values.db_access.DB_SERVER_HOST | quote }} - {{- else }} - value: {{ .Values.zabbixserver.DB_SERVER_HOST | quote }} - {{- end }} + value: {{ .Values.db_access.db_server_host | quote }} - name: DB_SERVER_PORT - {{- if .Values.db_access.DB_SERVER_PORT }} - value: {{ .Values.db_access.DB_SERVER_PORT | quote }} - {{- else }} - value: {{ .Values.zabbixserver.DB_SERVER_PORT | quote }} - {{- end }} + value: {{ .Values.db_access.db_server_port | quote }} {{- end }} - {{- if .Values.db_access.secret_name }} + {{- if .Values.db_access.use_unified_secret }} - name: POSTGRES_USER valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: user optional: true - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: password - name: POSTGRES_DB valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: dbname optional: true {{- else }} - name: POSTGRES_USER - {{- if .Values.db_access.POSTGRES_USER }} - value: {{ .Values.db_access.POSTGRES_USER | quote }} - {{- else }} - value: {{ .Values.zabbixserver.POSTGRES_USER | quote }} - {{ end }} + value: {{ .Values.db_access.postgres_user | quote }} - name: POSTGRES_PASSWORD - {{- if .Values.db_access.POSTGRES_PASSWORD }} - value: {{ .Values.db_access.POSTGRES_PASSWORD | quote }} - {{- else if .Values.zabbixserver.POSTGRES_PASSWORD_SECRET }} + {{- if .Values.db_access.postgres_password_secret }} valueFrom: secretKeyRef: - name: {{ .Values.zabbixserver.POSTGRES_PASSWORD_SECRET }} - key: {{ default "password" .Values.zabbixserver.POSTGRES_PASSWORD_SECRET_KEY }} + name: {{ .Values.db_access.postgres_password_secret }} + key: {{ default "password" .Values.db_access.postgres_password_secret_key }} {{- else }} - value: {{ .Values.zabbixserver.POSTGRES_PASSWORD | quote }} + value: {{ .Values.db_access.postgres_password | quote }} {{- end }} - name: POSTGRES_DB - {{- if .Values.db_access.POSTGRES_DB }} - value: {{ .Values.db_access.POSTGRES_DB | quote }} - {{- else }} - value: {{ .Values.zabbixserver.POSTGRES_DB | quote }} - {{- end }} + value: {{ .Values.db_access.postgres_db | quote }} {{- end }} command: - "/bin/sh" diff --git a/templates/secret-db-access.yaml b/templates/secret-db-access.yaml index 7473f0a..4209682 100644 --- a/templates/secret-db-access.yaml +++ b/templates/secret-db-access.yaml @@ -1,8 +1,8 @@ -{{- if and .Values.db_access.secret_autocreate .Values.postgresql.enabled }} +{{- if and .Values.db_access.use_unified_secret .Values.db_access.unified_secret_autocreate .Values.postgresql.enabled }} apiVersion: v1 kind: Secret metadata: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} labels: app: {{ template "zabbix.fullname" . }}-db-access app.kubernetes.io/name: db-access @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }}-db-access type: Opaque data: - {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace .Values.db_access.secret_name) | default dict }} + {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace .Values.db_access.unified_secret_name) | default dict }} {{- $secretData := (get $secretObj "data") | default dict }} {{- $secretHost := (get $secretData "host") | default (printf "%s-%s" (include "zabbix.fullname" .) "postgresql" | b64enc) }} {{- $secretPort := (get $secretData "port") | default (.Values.postgresql.service.port | toString | b64enc) }} diff --git a/templates/statefulset-postgresql.yaml b/templates/statefulset-postgresql.yaml index 196712e..2cbb447 100644 --- a/templates/statefulset-postgresql.yaml +++ b/templates/statefulset-postgresql.yaml @@ -67,41 +67,36 @@ spec: imagePullPolicy: {{ .Values.postgresql.image.pullPolicy }} args: ["-c", "max_connections={{ .Values.postgresql.max_connections }}"] env: - {{- if .Values.db_access.secret_name }} + {{- if .Values.db_access.use_unified_secret }} - name: POSTGRES_USER valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: user - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: password - name: POSTGRES_DB valueFrom: secretKeyRef: - name: {{ .Values.db_access.secret_name }} + name: {{ .Values.db_access.unified_secret_name }} key: dbname {{- else }} - name: POSTGRES_USER - {{- if .Values.db_access.POSTGRES_USER }} - value: {{ .Values.db_access.POSTGRES_USER | quote }} - {{- else }} - value: {{ .Values.postgresql.POSTGRES_USER | quote }} - {{- end }} + value: {{ .Values.db_access.postgres_user | quote }} - name: POSTGRES_PASSWORD - {{- if .Values.db_access.POSTGRES_PASSWORD }} - value: {{ .Values.db_access.POSTGRES_PASSWORD | quote }} + {{- if .Values.db_access.postgres_password_secret }} + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.postgres_password_secret }} + key: {{ default "password" .Values.db_access.postgres_password_secret_key }} {{- else }} - value: {{ .Values.postgresql.POSTGRES_PASSWORD | quote }} + value: {{ .Values.db_access.postgres_password | quote }} {{- end }} - name: POSTGRES_DB - {{- if .Values.db_access.POSTGRES_DB }} - value: {{ .Values.db_access.POSTGRES_DB | quote }} - {{- else }} - value: {{ .Values.postgresql.POSTGRES_DB | quote }} - {{- end }} + value: {{ .Values.db_access.postgres_db | quote }} {{- end }} - name: PGDATA value: /var/lib/postgresql/data/pgdata diff --git a/values.yaml b/values.yaml index fc2312f..34c3553 100644 --- a/values.yaml +++ b/values.yaml @@ -5,38 +5,47 @@ # -- zabbix components (server, agent, web frontend, ...) image tag to use. Overwritten by zabbixserver.image.tag etc. zabbix_image_tag: ubuntu-6.0.4 +# **Zabbix DB access / credentials** configurations # with this dict, you can set unified DB access credentials, IP and so on for both Zabbix server and Zabbix web frontend # you can either chose from having all this in one named (preexisting) secret or setting the values one by one with vars # whatever set here overrides the credential settings within the "zabbixserver" and "zabbixweb" sections. db_access: - # -- under this section you can configure DB access and credentials centrally for the entire helm chart. - # -- All relevant components installed by this chart will respect it: zabbixserver, zabbixweb and postgresql (if enabled) + # under this section you can configure DB access and credentials centrally for the entire helm chart. + # All relevant components installed by this chart will respect it: zabbixserver, zabbixweb and postgresql (if enabled) # - # -- USING A SECRET - # -- DB access details all in one existing secret (matches the structure of secrets the CrunchyData pgo operator generates) - # -- if this option is chosen the below listed "DB_SERVER_*" and "POSTGRES_*" settings are being ignored - # -- the secret must contain the following keys: - # -- * host - # -- * port - # -- * dbname - # -- * user - # -- * password - secret_name: zabbixdb-pguser-zabbix + # USING ONE SECRET CONTAINING ALL DB RELEVANT SETTINGS + # DB access details all in one existing secret (matches the structure of secrets the CrunchyData pgo operator generates) + # if this option is chosen the below listed "db_server_*" and "postgres_*" settings are being ignored + # the secret must contain the following keys: + # * host + # * port + # * dbname + # * user + # * password + # -- Whether to use the unified db access secret + use_unified_secret: true + # -- Name of one secret for unified configuration of DB access + unified_secret_name: zabbixdb-pguser-zabbix # -- automatically create secret if not already present (works only in combination with postgresql.enabled=true) - secret_autocreate: true + unified_secret_autocreate: true # - # -- If you do NOT want to use a secret for all settings, you can still either set the credentials manually here for all - # -- components at once, or if left uncommented, set the credentials for each of the components manually + # If you do NOT want to use one unified secret for all settings, you can still set the credentials manually here. + # These settings will be used for all components of this chart where it makes sense (zabbix server, postgresql, + # web frontend, ...) # -- Address of database host - ignored if postgresql.enabled=true - #DB_SERVER_HOST: "zabbix-postgresql" + db_server_host: "zabbix-postgresql" # -- Port of database host - ignored if postgresql.enabled=true - #DB_SERVER_PORT: "5432" + db_server_port: "5432" # -- User of database - #POSTGRES_USER: "zabbix" - # -- Password of database - #POSTGRES_PASSWORD: "zabbix" + postgres_user: "zabbix" + # -- Name of a secret used for Postgres Password, if set, it overrules the POSTGRES_PASSWORD value + #postgres_password_secret: mysecret + # -- Key of the secret used for Postgres Password, requires POSTGRES_PASSWORD_SECRET, defaults to password + #postgres_password_secret_key: "password" + # -- Password of database - ignored if postgres_password_secret is set + postgres_password: "zabbix" # -- Name of database - #POSTGRES_DB: "zabbix" + postgres_db: "zabbix" # **Zabbix Server** configurations zabbixserver: @@ -70,20 +79,6 @@ zabbixserver: pullSecrets: [] schedule: "0 1 * * *" delete_older_than_seconds: 3600 - # -- Address of database host - #DB_SERVER_HOST: "zabbix-postgresql" - # -- Port of database host - #DB_SERVER_PORT: "5432" - # -- User of database - #POSTGRES_USER: "zabbix" - # -- Password of database - #POSTGRES_PASSWORD: "zabbix" - # -- Name of a secret used for Postgres Password, if set, it overrules the POSTGRES_PASSWORD value - #POSTGRES_PASSWORD_SECRET: "" - # -- Key of the secret used for Postgres Password, requires POSTGRES_PASSWORD_SECRET, defaults to password - #POSTGRES_PASSWORD_SECRET_KEY: "password" - # -- Name of database - #POSTGRES_DB: "zabbix" service: # -- Type of service in Kubernetes cluster type: ClusterIP @@ -114,13 +109,6 @@ postgresql: pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images pullSecrets: [] - # -- User of database - #POSTGRES_USER: "zabbix" - # -- Password of database - #POSTGRES_PASSWORD: "zabbix" - # -- Name of database - #POSTGRES_DB: "zabbix" - #- max simultaneous connections to accept for the Postgres server max_connections: 50 persistence: # -- whether to enable persistent storage for the postgres container or not @@ -259,16 +247,6 @@ zabbixweb: pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images pullSecrets: [] - # -- Zabbix server host - #DB_SERVER_HOST: zabbix-postgresql - # -- Port of database - #DB_SERVER_PORT: 5432 - # -- User of database - #POSTGRES_USER: zabbix - # -- Password of database - #POSTGRES_PASSWORD: zabbix - # -- Name of database - #POSTGRES_DB: zabbix # -- Name of the Zabbix server in GUI #zbx_server_name: something # -- Certificate containing certificates for SAML configuration @@ -316,7 +294,7 @@ zabbixweb: # -- Minimum consecutive successes for the probe to be considered successful after having failed successThreshold: 1 -# **Zabbix Web** configurations +# **Zabbix Web Service** configurations zabbixwebservice: # -- Enables use of **Zabbix Web Service** enabled: true From dda0a0b5cc060780a7f3a763e00b1da6a4a03e47 Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Mon, 30 May 2022 17:34:06 +0200 Subject: [PATCH 16/39] removed zabbix_server_name instead, there is now an example placed in the values.yaml that shows how to configure the ZBX_SERVER_NAME for the frontend by using additional env variables. --- templates/deployment-zabbix-web.yaml | 6 ------ values.yaml | 4 ++-- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/templates/deployment-zabbix-web.yaml b/templates/deployment-zabbix-web.yaml index f9ce09d..7dbd619 100644 --- a/templates/deployment-zabbix-web.yaml +++ b/templates/deployment-zabbix-web.yaml @@ -58,12 +58,6 @@ spec: {{- end }} imagePullPolicy: {{ .Values.zabbixweb.image.pullPolicy }} env: - - name: ZBX_SERVER_NAME - {{- if .Values.zabbixweb.zbx_server_name }} - value: {{ .Values.zabbixweb.zbx_server_name }} - {{- else }} - value: Zabbix in K8S - {{- end }} {{- if .Values.postgresql.enabled }} - name: DB_SERVER_HOST value: {{ template "zabbix.fullname" . }}-postgresql diff --git a/values.yaml b/values.yaml index 34c3553..07083c7 100644 --- a/values.yaml +++ b/values.yaml @@ -247,8 +247,6 @@ zabbixweb: pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images pullSecrets: [] - # -- Name of the Zabbix server in GUI - #zbx_server_name: something # -- Certificate containing certificates for SAML configuration #saml_certs_secret_name: zabbix-web-samlcerts service: @@ -267,6 +265,8 @@ zabbixweb: extraEnv: [] #- name: ZBX_SSO_SETTINGS # value: '{"baseurl": "https://zabbix.example.com"}' + #- name: ZBX_SERVER_NAME + # value: Demo Zabbix livenessProbe: # -- Path of health check of application path: / From 35a8fcf2a6c0b2038ef64320c96374c7e89eab3e Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Mon, 30 May 2022 20:13:50 +0200 Subject: [PATCH 17/39] disabled proxy by default --- values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values.yaml b/values.yaml index 07083c7..7416af0 100644 --- a/values.yaml +++ b/values.yaml @@ -135,7 +135,7 @@ postgresql: # **Zabbix Proxy** configurations zabbixproxy: # -- Enables use of **Zabbix Proxy** - enabled: true + enabled: false # -- Number of replicas of ``zabbixproxy`` module replicaCount: 1 resources: {} From 6051a924bc5739e6f76b3e00d7ca78c628261f40 Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Mon, 30 May 2022 20:14:23 +0200 Subject: [PATCH 18/39] helm-docs --- README.md | 77 ++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 51 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index e4ceae5..06c36a8 100644 --- a/README.md +++ b/README.md @@ -217,20 +217,25 @@ The following tables lists the configurable parameters of the chart and their de | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | Affinity configurations | -| db_access.secret_autocreate | bool | `true` | automatically create secret if not already present (works only in combination with postgresql.enabled=true) | -| db_access.secret_name | string | `"zabbixdb-pguser-zabbix"` | * password | +| db_access.db_server_host | string | `"zabbix-postgresql"` | Address of database host - ignored if postgresql.enabled=true | +| db_access.db_server_port | string | `"5432"` | Port of database host - ignored if postgresql.enabled=true | +| db_access.postgres_db | string | `"zabbix"` | Name of database | +| db_access.postgres_password | string | `"zabbix"` | Password of database - ignored if postgres_password_secret is set | +| db_access.postgres_user | string | `"zabbix"` | User of database | +| db_access.unified_secret_autocreate | bool | `true` | automatically create secret if not already present (works only in combination with postgresql.enabled=true) | +| db_access.unified_secret_name | string | `"zabbixdb-pguser-zabbix"` | Name of one secret for unified configuration of DB access | +| db_access.use_unified_secret | bool | `true` | Whether to use the unified db access secret | | ingress.annotations | object | `{}` | Ingress annotations | | ingress.enabled | bool | `false` | Enables Ingress | | ingress.extraLabels | object | `{}` | Ingress extra labels | | ingress.hosts | list | `[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}]` | Ingress hosts | | ingress.pathType | string | `"Prefix"` | pathType is only for k8s >= 1.1= | | ingress.tls | list | `[]` | Ingress TLS configuration | -| livenessProbe.failureThreshold | int | `6` | When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. In case of readiness probe the Pod will be marked Unready | -| livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before liveness | -| livenessProbe.path | string | `"/"` | Path of health check of application | -| livenessProbe.periodSeconds | int | `10` | Specifies that the kubelet should perform a liveness probe every N seconds | -| livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed | -| livenessProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out | +| ingressroute.annotations | object | `{}` | IngressRoute annotations | +| ingressroute.enabled | bool | `false` | Enables Traefik IngressRoute | +| ingressroute.entryPoints | list | `["websecure"]` | Ingressroute entrypoints | +| ingressroute.extraLabels | object | `{}` | Ingressroute extra labels | +| ingressroute.hostName | string | `"chart-example.local"` | Ingressroute host name | | nodeSelector | object | `{}` | nodeSelector configurations | | postgresql.enabled | bool | `true` | Create a database using Postgresql | | postgresql.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. | @@ -238,7 +243,7 @@ The following tables lists the configurable parameters of the chart and their de | postgresql.image.pullSecrets | list | `[]` | List of dockerconfig secrets names to use when pulling images | | postgresql.image.repository | string | `"postgres"` | Postgresql Docker image name: chose one of "postgres" or "timescale/timescaledb" | | postgresql.image.tag | int | `14` | Tag of Docker image of Postgresql server, chose "14" for postgres or "latest-pg14" for timescaledb | -| postgresql.max_connections | int | `50` | Name of database POSTGRES_DB: "zabbix" - max simultaneous connections to accept for the Postgres server | +| postgresql.max_connections | int | `50` | | | postgresql.persistence.enabled | bool | `false` | whether to enable persistent storage for the postgres container or not | | postgresql.persistence.existing_claim_name | bool | `false` | existing persistent volume claim name to be used to store posgres data | | postgresql.persistence.storage_size | string | `"5Gi"` | size of the PVC to be automatically generated | @@ -246,13 +251,9 @@ The following tables lists the configurable parameters of the chart and their de | postgresql.service.clusterIP | string | `nil` | Cluster IP for Zabbix server | | postgresql.service.port | int | `5432` | Port of service in Kubernetes cluster | | postgresql.service.type | string | `"ClusterIP"` | Type of service in Kubernetes cluster | -| readinessProbe.failureThreshold | int | `6` | When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. In case of readiness probe the Pod will be marked Unready | -| readinessProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before readiness | -| readinessProbe.path | string | `"/"` | Path of health check of application | -| readinessProbe.periodSeconds | int | `10` | Specifies that the kubelet should perform a readiness probe every N seconds | -| readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed | -| readinessProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out | +| route.enabled | bool | `false` | | | tolerations | list | `[]` | Tolerations configurations | +| zabbix_image_tag | string | `"ubuntu-6.0.4"` | zabbix components (server, agent, web frontend, ...) image tag to use. Overwritten by zabbixserver.image.tag etc. | | zabbixagent.ZBX_ACTIVE_ALLOW | bool | `true` | This variable is boolean (true or false) and enables or disables feature of active checks | | zabbixagent.ZBX_JAVAGATEWAY_ENABLE | bool | `false` | The variable enable communication with Zabbix Java Gateway to collect Java related checks. By default, value is false. | | zabbixagent.ZBX_PASSIVESERVERS | string | `"127.0.0.1"` | The variable is comma separated list of allowed Zabbix server or proxy hosts for connections to Zabbix agent container. | @@ -264,8 +265,7 @@ The following tables lists the configurable parameters of the chart and their de | zabbixagent.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml | | zabbixagent.image.pullPolicy | string | `"IfNotPresent"` | Pull policy of Docker image | | zabbixagent.image.pullSecrets | list | `[]` | List of dockerconfig secrets names to use when pulling images | -| zabbixagent.image.repository | string | `"zabbix/zabbix-agent"` | Zabbix agent Docker image name. Can use zabbix/zabbix-agent or zabbix/zabbix-agent2 | -| zabbixagent.image.tag | string | `"ubuntu-6.0.4"` | Tag of Docker image of Zabbix agent | +| zabbixagent.image.repository | string | `"zabbix/zabbix-agent2"` | Zabbix agent Docker image name. Can use zabbix/zabbix-agent or zabbix/zabbix-agent2 | | zabbixagent.resources | object | `{}` | | | zabbixagent.service.annotations | object | `{}` | Annotations for the zabbix-agent service | | zabbixagent.service.clusterIP | string | `nil` | Cluster IP for Zabbix agent | @@ -277,12 +277,11 @@ The following tables lists the configurable parameters of the chart and their de | zabbixproxy.ZBX_SERVER_HOST | string | `"zabbix-zabbix-server"` | Zabbix server host | | zabbixproxy.ZBX_SERVER_PORT | int | `10051` | Zabbix server port | | zabbixproxy.ZBX_VMWARECACHESIZE | string | `"128M"` | Cache size | -| zabbixproxy.enabled | bool | `true` | Enables use of **Zabbix Proxy** | +| zabbixproxy.enabled | bool | `false` | Enables use of **Zabbix Proxy** | | zabbixproxy.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml | | zabbixproxy.image.pullPolicy | string | `"IfNotPresent"` | Pull policy of Docker image | | zabbixproxy.image.pullSecrets | list | `[]` | List of dockerconfig secrets names to use when pulling images | | zabbixproxy.image.repository | string | `"zabbix/zabbix-proxy-sqlite3"` | Zabbix proxy Docker image name | -| zabbixproxy.image.tag | string | `"ubuntu-6.0.4"` | Tag of Docker image of Zabbix proxy | | zabbixproxy.replicaCount | int | `1` | Number of replicas of ``zabbixproxy`` module | | zabbixproxy.resources | object | `{}` | | | zabbixproxy.service.annotations | object | `{}` | Annotations for the zabbix-proxy service | @@ -291,15 +290,15 @@ The following tables lists the configurable parameters of the chart and their de | zabbixproxy.service.type | string | `"ClusterIP"` | Type of service for Zabbix proxy | | zabbixserver.enabled | bool | `true` | Enables use of **Zabbix Server** | | zabbixserver.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml | +| zabbixserver.ha_nodes_autoclean | object | `{"delete_older_than_seconds":3600,"enabled":true,"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"postgres","tag":"14"},"schedule":"0 1 * * *"}` | automatically clean orphaned ha nodes from ha_nodes db table | | zabbixserver.hostIP | string | `"0.0.0.0"` | optional set hostIP different from 0.0.0.0 to open port only on this IP | -| zabbixserver.hostPort | bool | `false` | optional set true open a port direct on node where zabbix server runs | +| zabbixserver.hostPort | bool | `false` | optional set true open a port direct on node where zabbix server runs | | zabbixserver.image.pullPolicy | string | `"IfNotPresent"` | Pull policy of Docker image | | zabbixserver.image.pullSecrets | list | `[]` | List of dockerconfig secrets names to use when pulling images | | zabbixserver.image.repository | string | `"zabbix/zabbix-server-pgsql"` | Zabbix server Docker image name | -| zabbixserver.image.tag | string | `"ubuntu-6.0.4"` | Tag of Docker image of Zabbix server | +| zabbixserver.pod_anti_affinity | bool | `true` | set permissive podAntiAffinity to spread replicas over cluster nodes if replicaCount>1 | | zabbixserver.replicaCount | int | `1` | Number of replicas of ``zabbixserver`` module | | zabbixserver.resources | object | `{}` | | -| zabbixserver.service | object | `{"annotations":{},"clusterIP":null,"nodePort":31051,"port":10051,"type":"ClusterIP"}` | Name of database POSTGRES_DB: "zabbix" | | zabbixserver.service.annotations | object | `{}` | Annotations for the zabbix-server service | | zabbixserver.service.clusterIP | string | `nil` | Cluster IP for Zabbix server | | zabbixserver.service.nodePort | int | `31051` | NodePort of service on each node | @@ -309,11 +308,37 @@ The following tables lists the configurable parameters of the chart and their de | zabbixweb.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml | | zabbixweb.image.pullPolicy | string | `"IfNotPresent"` | Pull policy of Docker image | | zabbixweb.image.pullSecrets | list | `[]` | List of dockerconfig secrets names to use when pulling images | -| zabbixweb.image.repository | string | `"zabbix/zabbix-web-apache-pgsql"` | Zabbix web Docker image name | -| zabbixweb.image.tag | string | `"ubuntu-6.0.4"` | Tag of Docker image of Zabbix web | +| zabbixweb.image.repository | string | `"zabbix/zabbix-web-nginx-pgsql"` | Zabbix web Docker image name | +| zabbixweb.livenessProbe.failureThreshold | int | `6` | When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. In case of readiness probe the Pod will be marked Unready | +| zabbixweb.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before liveness | +| zabbixweb.livenessProbe.path | string | `"/"` | Path of health check of application | +| zabbixweb.livenessProbe.periodSeconds | int | `10` | Specifies that the kubelet should perform a liveness probe every N seconds | +| zabbixweb.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed | +| zabbixweb.livenessProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out | +| zabbixweb.pod_anti_affinity | bool | `true` | set permissive podAntiAffinity to spread replicas over cluster nodes if replicaCount>1 | +| zabbixweb.readinessProbe.failureThreshold | int | `6` | When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. In case of readiness probe the Pod will be marked Unready | +| zabbixweb.readinessProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before readiness | +| zabbixweb.readinessProbe.path | string | `"/"` | Path of health check of application | +| zabbixweb.readinessProbe.periodSeconds | int | `10` | Specifies that the kubelet should perform a readiness probe every N seconds | +| zabbixweb.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed | +| zabbixweb.readinessProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out | +| zabbixweb.replicaCount | int | `1` | | | zabbixweb.resources | object | `{}` | | -| zabbixweb.service | object | `{"annotations":{},"clusterIP":null,"port":80,"type":"NodePort"}` | Name of database POSTGRES_DB: zabbix | +| zabbixweb.service | object | `{"annotations":{},"clusterIP":null,"port":80,"type":"ClusterIP"}` | Certificate containing certificates for SAML configuration saml_certs_secret_name: zabbix-web-samlcerts | | zabbixweb.service.annotations | object | `{}` | Annotations for the zabbix-web service | | zabbixweb.service.clusterIP | string | `nil` | Cluster IP for Zabbix web | | zabbixweb.service.port | int | `80` | Port to expose service | -| zabbixweb.service.type | string | `"NodePort"` | Type of service for Zabbix web | +| zabbixweb.service.type | string | `"ClusterIP"` | Type of service for Zabbix web | +| zabbixwebservice.enabled | bool | `true` | Enables use of **Zabbix Web Service** | +| zabbixwebservice.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml | +| zabbixwebservice.image.pullPolicy | string | `"IfNotPresent"` | Pull policy of Docker image | +| zabbixwebservice.image.pullSecrets | list | `[]` | List of dockerconfig secrets names to use when pulling images | +| zabbixwebservice.image.repository | string | `"zabbix/zabbix-web-service"` | Zabbix web Docker image name | +| zabbixwebservice.pod_anti_affinity | bool | `true` | set permissive podAntiAffinity to spread replicas over cluster nodes if replicaCount>1 | +| zabbixwebservice.replicaCount | int | `1` | | +| zabbixwebservice.resources | object | `{}` | | +| zabbixwebservice.service | object | `{"annotations":{},"clusterIP":null,"port":10053,"type":"ClusterIP"}` | set the IgnoreURLCertErrors configuration setting of Zabbix web service ignore_url_cert_errors=1 | +| zabbixwebservice.service.annotations | object | `{}` | Annotations for the zabbix-web service | +| zabbixwebservice.service.clusterIP | string | `nil` | Cluster IP for Zabbix web | +| zabbixwebservice.service.port | int | `10053` | Port to expose service | +| zabbixwebservice.service.type | string | `"ClusterIP"` | Type of service for Zabbix web | From 5e88f2ce0b7180b5562f808614522af3a87c13d7 Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Mon, 30 May 2022 20:32:05 +0200 Subject: [PATCH 19/39] raised version, updated, docs/README new version is 3.0.0 --- Chart.yaml | 5 ++++- docs/example/README.md | 7 ------- docs/example/kind/values.yaml | 31 +++++++++---------------------- 3 files changed, 13 insertions(+), 30 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index e9a1b49..7f6deb6 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v2 name: zabbix -version: 2.0.0 +version: 3.0.0 appVersion: 6.0.4 description: Zabbix is a mature and effortless enterprise-class open source monitoring solution for network monitoring and application monitoring of millions of metrics. keywords: @@ -22,6 +22,9 @@ maintainers: - name: Amen Ayadi email: amen.ayadi@cetic.be url: https://github.com/AyadiAmen + - name: Christian Anton + email: christian.anton@secadm.de + url: https://secadm.de - name: Sebastien Dupont email: sebastien.dupont@cetic.be url: https://github.com/banzo diff --git a/docs/example/README.md b/docs/example/README.md index 154e576..f2a9cb3 100644 --- a/docs/example/README.md +++ b/docs/example/README.md @@ -28,13 +28,6 @@ cd ~/mygit/helm-zabbix Edit ``~/mygit/helm-zabbix/docs/example/kind/values.yaml`` file. -Download the dependences charts. - -```bash -helm repo add cetic https://cetic.github.io/helm-charts -helm repo update -``` - Test the installation/upgrade with command (update the YAML files paths if necessary): ```bash diff --git a/docs/example/kind/values.yaml b/docs/example/kind/values.yaml index c2e3535..d24dfa7 100644 --- a/docs/example/kind/values.yaml +++ b/docs/example/kind/values.yaml @@ -1,22 +1,22 @@ # Custom values for zabbix. + +zabbix_image_tag: alpine-6.0.4 + db_access: # central place for all database related parameters (db name, host, user, password) in one secret # which will be used by all relevant components which are installed by this chart (Zabbix server, # database, frontend). # In case you are using the CrunchyData Postgres Operator, you can refer to a secret generated by # this operator to use a PGO database for your Zabbix instance. - secret_name: myzabbixdbaccess + use_unified_secret: true + unified_secret_name: myzabbixdbaccess # generate this secret if it does not yet exist and set a random password. Only useful if also using # postgresql.enabled=true - secret_autocreate: true + unified_secret_autocreate: true zabbixserver: enabled: true - replicaCount: 1 - image: - repository: zabbix/zabbix-server-pgsql - tag: ubuntu-6.0.4 - pullPolicy: IfNotPresent + replicaCount: 2 service: type: NodePort port: 10051 @@ -37,12 +37,8 @@ postgresql: storage_size: 5Gi # generate a PVC in default storage class with the given size for the DB zabbixproxy: - enabled: true + enabled: false replicaCount: 1 - image: - repository: zabbix/zabbix-proxy-sqlite3 - tag: ubuntu-6.0.4 - pullPolicy: IfNotPresent ZBX_PROXYMODE: 0 # The variable allows to switch Zabbix proxy mode. Bu default, value is 0 - active proxy. Allowed values are 0 - active proxy and 1 - passive proxy. ZBX_HOSTNAME: zabbix-proxy # This variable is unique, case sensitive hostname. ZBX_SERVER_HOST: zabbix-zabbix-server @@ -65,11 +61,6 @@ zabbixproxy: zabbixagent: enabled: true - image: - # Zabbix agent Docker image name. Can use zabbix/zabbix-agent or zabbix/zabbix-agent2 - repository: zabbix/zabbix-agent2 - tag: ubuntu-6.0.4 - pullPolicy: IfNotPresent ZBX_HOSTNAME: zabbix-agent ZBX_SERVER_HOST: 127.0.0.1 ZBX_SERVER_PORT: 10051 @@ -95,14 +86,10 @@ zabbixagent: zabbixweb: enabled: true - image: - repository: zabbix/zabbix-web-apache-pgsql - tag: ubuntu-6.0.4 - pullPolicy: IfNotPresent ZBX_SERVER_HOST: zabbix-zabbix-server ZBX_SERVER_PORT: 10051 service: - type: NodePort + type: ClusterIP port: 80 extraEnv: - name: "ZBX_EXAMPLE_MY_ENV_10" From cbefba219f9fc91bb8be21e8eb823a2e65cebe0b Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Tue, 31 May 2022 12:31:14 +0200 Subject: [PATCH 20/39] raised Zabbix version to 6.0.5 --- Chart.yaml | 2 +- values.yaml | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 7f6deb6..0504903 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: zabbix version: 3.0.0 -appVersion: 6.0.4 +appVersion: 6.0.5 description: Zabbix is a mature and effortless enterprise-class open source monitoring solution for network monitoring and application monitoring of millions of metrics. keywords: - zabbix diff --git a/values.yaml b/values.yaml index 7416af0..85d764b 100644 --- a/values.yaml +++ b/values.yaml @@ -3,7 +3,7 @@ # Declare variables to be passed into your templates. # -- zabbix components (server, agent, web frontend, ...) image tag to use. Overwritten by zabbixserver.image.tag etc. -zabbix_image_tag: ubuntu-6.0.4 +zabbix_image_tag: ubuntu-6.0.5 # **Zabbix DB access / credentials** configurations # with this dict, you can set unified DB access credentials, IP and so on for both Zabbix server and Zabbix web frontend @@ -64,7 +64,7 @@ zabbixserver: # -- Zabbix server Docker image name repository: zabbix/zabbix-server-pgsql # -- Tag of Docker image of Zabbix server - #tag: ubuntu-6.0.4 + #tag: ubuntu-6.0.5 # -- Pull policy of Docker image pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images @@ -143,7 +143,7 @@ zabbixproxy: # -- Zabbix proxy Docker image name repository: zabbix/zabbix-proxy-sqlite3 # -- Tag of Docker image of Zabbix proxy - #tag: ubuntu-6.0.4 + #tag: ubuntu-6.0.5 # -- Pull policy of Docker image pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images @@ -189,7 +189,7 @@ zabbixagent: # -- Zabbix agent Docker image name. Can use zabbix/zabbix-agent or zabbix/zabbix-agent2 repository: zabbix/zabbix-agent2 # -- Tag of Docker image of Zabbix agent - #tag: ubuntu-6.0.4 + #tag: ubuntu-6.0.5 # -- Pull policy of Docker image pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images @@ -242,7 +242,7 @@ zabbixweb: # -- Zabbix web Docker image name repository: zabbix/zabbix-web-nginx-pgsql # -- Tag of Docker image of Zabbix web - #tag: ubuntu-6.0.4 + #tag: ubuntu-6.0.5 # -- Pull policy of Docker image pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images @@ -306,7 +306,7 @@ zabbixwebservice: # -- Zabbix web Docker image name repository: zabbix/zabbix-web-service # -- Tag of Docker image of Zabbix web - #tag: ubuntu-6.0.4 + #tag: ubuntu-6.0.5 # -- Pull policy of Docker image pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images From 704959aa2ef52ae034afbc0e8b202081609984a7 Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Tue, 31 May 2022 12:42:25 +0200 Subject: [PATCH 21/39] remark regarding breaking change in 3.0.0 --- README.md | 10 +++++++--- README.md.gotmpl | 5 +++++ 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 06c36a8..26a13cd 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Helm Chart For Zabbix. -[![CircleCI](https://circleci.com/gh/cetic/helm-zabbix.svg?style=svg)](https://circleci.com/gh/cetic/helm-zabbix/tree/master) [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) ![version](https://img.shields.io/github/tag/cetic/helm-zabbix.svg?label=release) ![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) +[![CircleCI](https://circleci.com/gh/cetic/helm-zabbix.svg?style=svg)](https://circleci.com/gh/cetic/helm-zabbix/tree/master) [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) ![version](https://img.shields.io/github/tag/cetic/helm-zabbix.svg?label=release) ![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) Zabbix is a mature and effortless enterprise-class open source monitoring solution for network monitoring and application monitoring of millions of metrics. @@ -12,6 +12,11 @@ This Helm chart installs [Zabbix](https://www.zabbix.com) in a Kubernetes cluste > **This helm chart is still under development** +> **Break change 3.0.0** +* This version removes the possibility to specify database username/password per + subsection in favor of specifying all of them centrally at one place. +* Also, the names of the values have changed from upper to lowercase. + > **Break change 2.0.0** * The version 2.0.0 has a break change. * Will be used Postgresql 14.x and Zabbix 6.0.4. @@ -251,9 +256,8 @@ The following tables lists the configurable parameters of the chart and their de | postgresql.service.clusterIP | string | `nil` | Cluster IP for Zabbix server | | postgresql.service.port | int | `5432` | Port of service in Kubernetes cluster | | postgresql.service.type | string | `"ClusterIP"` | Type of service in Kubernetes cluster | -| route.enabled | bool | `false` | | | tolerations | list | `[]` | Tolerations configurations | -| zabbix_image_tag | string | `"ubuntu-6.0.4"` | zabbix components (server, agent, web frontend, ...) image tag to use. Overwritten by zabbixserver.image.tag etc. | +| zabbix_image_tag | string | `"ubuntu-6.0.5"` | zabbix components (server, agent, web frontend, ...) image tag to use. Overwritten by zabbixserver.image.tag etc. | | zabbixagent.ZBX_ACTIVE_ALLOW | bool | `true` | This variable is boolean (true or false) and enables or disables feature of active checks | | zabbixagent.ZBX_JAVAGATEWAY_ENABLE | bool | `false` | The variable enable communication with Zabbix Java Gateway to collect Java related checks. By default, value is false. | | zabbixagent.ZBX_PASSIVESERVERS | string | `"127.0.0.1"` | The variable is comma separated list of allowed Zabbix server or proxy hosts for connections to Zabbix agent container. | diff --git a/README.md.gotmpl b/README.md.gotmpl index 64c4aaf..5186079 100644 --- a/README.md.gotmpl +++ b/README.md.gotmpl @@ -12,6 +12,11 @@ This Helm chart installs [Zabbix](https://www.zabbix.com) in a Kubernetes cluste > **This helm chart is still under development** +> **Break change 3.0.0** +* This version removes the possibility to specify database username/password per + subsection in favor of specifying all of them centrally at one place. +* Also, the names of the values have changed from upper to lowercase. + > **Break change 2.0.0** * The version 2.0.0 has a break change. * Will be used Postgresql 14.x and Zabbix 6.0.4. From 41288f9ef669857c677da91264e3de7f8a503f7d Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Tue, 7 Jun 2022 06:50:25 +0200 Subject: [PATCH 22/39] added Route object for Openshift --- templates/route.yaml | 32 ++++++++++++++++++++++++++++++++ values.yaml | 14 ++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 templates/route.yaml diff --git a/templates/route.yaml b/templates/route.yaml new file mode 100644 index 0000000..e43e22b --- /dev/null +++ b/templates/route.yaml @@ -0,0 +1,32 @@ +{{- if .Values.route.enabled }} +{{- $fullName := include "zabbix.fullname" . -}} +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ $fullName }} + labels: + {{- include "zabbix.labels" . | nindent 4 }} + {{- with .Values.route.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.route.hostName }} + host: {{ .Values.route.hostName }} + {{- end }} + port: + targetPort: zabbix-web + {{- with .Values.route.tls }} + tls: + {{- toYaml . | nindent 4 }} + {{- end }} + to: + kind: Service + name: {{ template "zabbix.fullname" . }}-zabbix-web + weight: 100 + {{- if .Values.route.wildcardPolicy }} + wildcardPolicy: {{ .Values.route.wildcardPolicy }} + {{- else }} + wildcardPolicy: None + {{- end }} +{{- end }} diff --git a/values.yaml b/values.yaml index 85d764b..ed4db87 100644 --- a/values.yaml +++ b/values.yaml @@ -370,6 +370,20 @@ ingressroute: #tls: # certResolver: myresolver +route: + # -- Enables Route object for Openshift + enabled: false + # -- Host Name for the route. Can be left empty + hostName: chart-example.local + # -- Openshift Route wildcardPolicy + #wildcardPolicy: + # -- Openshift Route TLS settings + tls: + termination: edge + #insecureEdgeTerminationPolicy: Redirect + # -- Openshift Route extra annotations + annotations: {} + # -- nodeSelector configurations nodeSelector: {} From 8ce1a45b471c0cf5dae11c12f650337d6ad38bae Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Tue, 7 Jun 2022 06:51:24 +0200 Subject: [PATCH 23/39] gitignore and helmignore --- .gitignore | 3 +++ .helmignore | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/.gitignore b/.gitignore index 4d6cff6..855e09e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,12 @@ *.tgz +packages/ # Helm Charts dependencies /charts *.lock +.DS_Store + .idea .vscode diff --git a/.helmignore b/.helmignore index 63b945c..294b74f 100644 --- a/.helmignore +++ b/.helmignore @@ -25,3 +25,9 @@ .circleci/ docs/ + +# Makefile and other stuff +Makefile +CONTRIBUTING.md +README.md.gotmpl +packages/ From 7158ec8c479846c6aa68a1d9710189b5d2273a91 Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Tue, 7 Jun 2022 06:51:43 +0200 Subject: [PATCH 24/39] fixes in values.yaml and reformatting of comment --- Chart.yaml | 2 +- README.md | 5 +++-- values.yaml | 4 ---- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 0504903..ff17ad3 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -10,7 +10,7 @@ keywords: - metrics home: https://www.zabbix.com/ icon: https://assets.zabbix.com/img/logo/zabbix_logo_500x131.png -source: +sources: - https://github.com/cetic/helm-zabbix maintainers: - name: Aecio Pires diff --git a/README.md b/README.md index 26a13cd..edeb953 100644 --- a/README.md +++ b/README.md @@ -13,8 +13,9 @@ This Helm chart installs [Zabbix](https://www.zabbix.com) in a Kubernetes cluste > **This helm chart is still under development** > **Break change 3.0.0** -* This version removes the possibility to specify database username/password per - subsection in favor of specifying all of them centrally at one place. +* This version removes the possibility to specify database username/password + per subsection in favor of specifying all of them centrally at one place + (see 2.0.0 changes). * Also, the names of the values have changed from upper to lowercase. > **Break change 2.0.0** diff --git a/values.yaml b/values.yaml index ed4db87..144a1de 100644 --- a/values.yaml +++ b/values.yaml @@ -334,8 +334,6 @@ ingress: annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" - # -- Ingress extra labels - extraLabels: {} # -- Ingress hosts hosts: - host: chart-example.local @@ -359,8 +357,6 @@ ingressroute: enabled: false # -- IngressRoute annotations annotations: {} - # -- Ingressroute extra labels - extraLabels: {} # -- Ingressroute entrypoints entryPoints: - websecure From 14d29070f0cb0d1d9627b4ac4bf975e524fdfd70 Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Tue, 7 Jun 2022 07:01:21 +0200 Subject: [PATCH 25/39] added makefile for automating pre-release tasks --- Makefile | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 Makefile diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..615fb84 --- /dev/null +++ b/Makefile @@ -0,0 +1,41 @@ +URL=https://github.com/cetic/helm-zabbix/ +HELM_IMAGE = alpine/helm:3.9.0 +HELM_DOCS_IMAGE = jnorwood/helm-docs:v1.10.0 +KNOWN_TARGETS=helm + + +helm: + docker run --rm --name helm-exec \ + --user $(shell id -u):$(shell id -g) \ + --mount type=bind,src="$(shell pwd)",dst=/helm-chart \ + -w /helm-chart \ + -e HELM_CACHE_HOME=/helm-chart/.helm/cache \ + -e HELM_CONFIG_HOME=/helm-chart/.helm/config \ + -e HELM_DATA_HOME=/helm-chart/.helm/data \ + $(HELM_IMAGE) \ + $(CMD) + +# Run linter for helm chart +lint: + CMD="lint ." $(MAKE) helm + +# Package chart into zip file +package: + CMD="package . -d packages" $(MAKE) helm + +# Create index file (use only for initial setup) +index: + CMD="repo index --url ${URL} ." $(MAKE) helm + +# Update index file add new version of package into it +merge: + CMD="repo index --url ${URL} --merge index.yaml ." $(MAKE) helm + +gen-docs: + docker run --rm --name helm-docs \ + --user $(shell id -u):$(shell id -g) \ + --mount type=bind,src="$(shell pwd)",dst=/helm-chart \ + -w /helm-chart \ + $(HELM_DOCS_IMAGE) \ + helm-docs + From f64bd82176a0cd4d2206f81bffa29d438385785c Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Tue, 7 Jun 2022 07:01:41 +0200 Subject: [PATCH 26/39] updated docs --- README.md | 11 ++++++----- index.yaml | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+), 5 deletions(-) create mode 100644 index.yaml diff --git a/README.md b/README.md index edeb953..4eca1e0 100644 --- a/README.md +++ b/README.md @@ -13,9 +13,8 @@ This Helm chart installs [Zabbix](https://www.zabbix.com) in a Kubernetes cluste > **This helm chart is still under development** > **Break change 3.0.0** -* This version removes the possibility to specify database username/password - per subsection in favor of specifying all of them centrally at one place - (see 2.0.0 changes). +* This version removes the possibility to specify database username/password per + subsection in favor of specifying all of them centrally at one place. * Also, the names of the values have changed from upper to lowercase. > **Break change 2.0.0** @@ -233,14 +232,12 @@ The following tables lists the configurable parameters of the chart and their de | db_access.use_unified_secret | bool | `true` | Whether to use the unified db access secret | | ingress.annotations | object | `{}` | Ingress annotations | | ingress.enabled | bool | `false` | Enables Ingress | -| ingress.extraLabels | object | `{}` | Ingress extra labels | | ingress.hosts | list | `[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}]` | Ingress hosts | | ingress.pathType | string | `"Prefix"` | pathType is only for k8s >= 1.1= | | ingress.tls | list | `[]` | Ingress TLS configuration | | ingressroute.annotations | object | `{}` | IngressRoute annotations | | ingressroute.enabled | bool | `false` | Enables Traefik IngressRoute | | ingressroute.entryPoints | list | `["websecure"]` | Ingressroute entrypoints | -| ingressroute.extraLabels | object | `{}` | Ingressroute extra labels | | ingressroute.hostName | string | `"chart-example.local"` | Ingressroute host name | | nodeSelector | object | `{}` | nodeSelector configurations | | postgresql.enabled | bool | `true` | Create a database using Postgresql | @@ -257,6 +254,10 @@ The following tables lists the configurable parameters of the chart and their de | postgresql.service.clusterIP | string | `nil` | Cluster IP for Zabbix server | | postgresql.service.port | int | `5432` | Port of service in Kubernetes cluster | | postgresql.service.type | string | `"ClusterIP"` | Type of service in Kubernetes cluster | +| route.annotations | object | `{}` | Openshift Route extra annotations | +| route.enabled | bool | `false` | Enables Route object for Openshift | +| route.hostName | string | `"chart-example.local"` | Host Name for the route. Can be left empty | +| route.tls | object | `{"termination":"edge"}` | Openshift Route TLS settings | | tolerations | list | `[]` | Tolerations configurations | | zabbix_image_tag | string | `"ubuntu-6.0.5"` | zabbix components (server, agent, web frontend, ...) image tag to use. Overwritten by zabbixserver.image.tag etc. | | zabbixagent.ZBX_ACTIVE_ALLOW | bool | `true` | This variable is boolean (true or false) and enables or disables feature of active checks | diff --git a/index.yaml b/index.yaml new file mode 100644 index 0000000..fe16baa --- /dev/null +++ b/index.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +entries: + zabbix: + - apiVersion: v2 + appVersion: 6.0.5 + created: "2022-06-07T04:56:42.303987013Z" + description: Zabbix is a mature and effortless enterprise-class open source monitoring + solution for network monitoring and application monitoring of millions of metrics. + digest: c9a40d9f1c0e4dc832fec132c62b1a39e4aba951092ce441665f067160473d3c + home: https://www.zabbix.com/ + icon: https://assets.zabbix.com/img/logo/zabbix_logo_500x131.png + keywords: + - zabbix + - monitoring + - metrics + maintainers: + - email: aeciopires@gmail.com + name: Aecio Pires + url: https://github.com/aeciopires + - email: alexandre.nuttinck@cetic.be + name: Alexandre Nuttinck + url: https://github.com/alexnuttinck + - email: amen.ayadi@cetic.be + name: Amen Ayadi + url: https://github.com/AyadiAmen + - email: christian.anton@secadm.de + name: Christian Anton + url: https://secadm.de + - email: sebastien.dupont@cetic.be + name: Sebastien Dupont + url: https://github.com/banzo + name: zabbix + sources: + - https://github.com/cetic/helm-zabbix + urls: + - https://github.com/cetic/helm-zabbix/packages/zabbix-3.0.0.tgz + version: 3.0.0 +generated: "2022-06-07T04:56:42.299422388Z" From 376c81eff37ec5efaa5a38fcbca270c8ae5640bb Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Sun, 12 Jun 2022 18:00:49 +0200 Subject: [PATCH 27/39] remove duplicate name --- templates/configmap-zabbix-server-init-waitschema.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/templates/configmap-zabbix-server-init-waitschema.yaml b/templates/configmap-zabbix-server-init-waitschema.yaml index 565de40..5bb2ec9 100644 --- a/templates/configmap-zabbix-server-init-waitschema.yaml +++ b/templates/configmap-zabbix-server-init-waitschema.yaml @@ -2,7 +2,6 @@ apiVersion: v1 kind: ConfigMap metadata: - name: test name: {{ template "zabbix.fullname" . }}-waitdbschema-script labels: app: {{ template "zabbix.fullname" . }}-waitdbschema-script From 3f529c74927d723cc63823da186755b4cf73e0c1 Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Sun, 12 Jun 2022 18:10:08 +0200 Subject: [PATCH 28/39] only use unified tag for all Zabbix components --- templates/deployment-zabbix-server.yaml | 12 ------------ templates/deployment-zabbix-web.yaml | 4 ---- templates/deployment-zabbix-webservice.yaml | 4 ---- templates/job-init-db-schema.yaml | 4 ---- templates/statefulset-zabbix-proxy.yaml | 8 -------- values.yaml | 10 ---------- 6 files changed, 42 deletions(-) diff --git a/templates/deployment-zabbix-server.yaml b/templates/deployment-zabbix-server.yaml index 46f334f..2edd62d 100644 --- a/templates/deployment-zabbix-server.yaml +++ b/templates/deployment-zabbix-server.yaml @@ -49,11 +49,7 @@ spec: {{- if gt (.Values.zabbixserver.replicaCount | int) 1 }} initContainers: - name: init-wait-for-database-schema - {{- if .Values.zabbix_image_tag }} image: "{{ .Values.zabbixserver.image.repository }}:{{ .Values.zabbix_image_tag }}" - {{- else }} - image: "{{ .Values.zabbixserver.image.repository }}:{{ .Values.zabbixserver.image.tag }}" - {{- end }} env: {{- if .Values.postgresql.enabled }} - name: DB_SERVER_HOST @@ -122,11 +118,7 @@ spec: - name: zabbix-server resources: {{- toYaml .Values.zabbixserver.resources | nindent 12 }} - {{- if .Values.zabbix_image_tag }} image: "{{ .Values.zabbixserver.image.repository }}:{{ .Values.zabbix_image_tag }}" - {{- else }} - image: "{{ .Values.zabbixserver.image.repository }}:{{ .Values.zabbixserver.image.tag }}" - {{- end }} ports: - containerPort: 10051 name: zabbix-server @@ -223,11 +215,7 @@ spec: {{- toYaml .Values.zabbixagent.resources | nindent 12 }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - {{- if .Values.zabbix_image_tag }} image: "{{ .Values.zabbixagent.image.repository }}:{{ .Values.zabbix_image_tag }}" - {{- else }} - image: "{{ .Values.zabbixagent.image.repository }}:{{ .Values.zabbixagent.image.tag }}" - {{- end }} imagePullPolicy: {{ .Values.zabbixagent.image.pullPolicy }} env: - name: ZBX_HOSTNAME diff --git a/templates/deployment-zabbix-web.yaml b/templates/deployment-zabbix-web.yaml index 7dbd619..834a0c4 100644 --- a/templates/deployment-zabbix-web.yaml +++ b/templates/deployment-zabbix-web.yaml @@ -51,11 +51,7 @@ spec: {{- toYaml .Values.zabbixweb.resources | nindent 10 }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - {{- if .Values.zabbix_image_tag }} image: "{{ .Values.zabbixweb.image.repository }}:{{ .Values.zabbix_image_tag }}" - {{- else }} - image: "{{ .Values.zabbixweb.image.repository }}:{{ .Values.zabbixweb.image.tag }}" - {{- end }} imagePullPolicy: {{ .Values.zabbixweb.image.pullPolicy }} env: {{- if .Values.postgresql.enabled }} diff --git a/templates/deployment-zabbix-webservice.yaml b/templates/deployment-zabbix-webservice.yaml index c395151..542f177 100644 --- a/templates/deployment-zabbix-webservice.yaml +++ b/templates/deployment-zabbix-webservice.yaml @@ -51,11 +51,7 @@ spec: {{- toYaml .Values.zabbixwebservice.resources | nindent 10 }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - {{- if .Values.zabbix_image_tag }} image: "{{ .Values.zabbixwebservice.image.repository }}:{{ .Values.zabbix_image_tag }}" - {{- else }} - image: "{{ .Values.zabbixwebservice.image.repository }}:{{ .Values.zabbixwebservice.image.tag }}" - {{- end }} imagePullPolicy: {{ .Values.zabbixwebservice.image.pullPolicy }} env: {{- if .Values.zabbixwebservice.ignore_url_cert_errors }} diff --git a/templates/job-init-db-schema.yaml b/templates/job-init-db-schema.yaml index e576b2d..38a7d20 100644 --- a/templates/job-init-db-schema.yaml +++ b/templates/job-init-db-schema.yaml @@ -14,11 +14,7 @@ spec: spec: containers: - name: init-db-schema - {{- if .Values.zabbix_image_tag }} image: {{ .Values.zabbixserver.image.repository }}:{{ .Values.zabbix_image_tag }} - {{- else }} - image: {{ .Values.zabbixserver.image.repository }}:{{ .Values.zabbixserver.image.tag }} - {{- end }} env: {{- if .Values.postgresql.enabled }} - name: DB_SERVER_HOST diff --git a/templates/statefulset-zabbix-proxy.yaml b/templates/statefulset-zabbix-proxy.yaml index 7d83d2f..e4aa552 100644 --- a/templates/statefulset-zabbix-proxy.yaml +++ b/templates/statefulset-zabbix-proxy.yaml @@ -44,11 +44,7 @@ spec: {{- toYaml .Values.zabbixagent.resources | nindent 12 }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - {{- if .Values.zabbix_image_tag }} image: "{{ .Values.zabbixagent.image.repository }}:{{ .Values.zabbix_image_tag }}" - {{- else }} - image: "{{ .Values.zabbixagent.image.repository }}:{{ .Values.zabbixagent.image.tag }}" - {{- end }} imagePullPolicy: {{ .Values.zabbixagent.image.pullPolicy }} env: - name: ZBX_HOSTNAME @@ -87,11 +83,7 @@ spec: {{- toYaml .Values.zabbixproxy.resources | nindent 12 }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - {{- if .Values.zabbix_image_tag }} image: "{{ .Values.zabbixproxy.image.repository }}:{{ .Values.zabbix_image_tag }}" - {{- else }} - image: "{{ .Values.zabbixproxy.image.repository }}:{{ .Values.zabbixproxy.image.tag }}" - {{- end }} imagePullPolicy: {{ .Values.zabbixproxy.image.pullPolicy }} env: - name: ZBX_PROXYMODE diff --git a/values.yaml b/values.yaml index 144a1de..407a13f 100644 --- a/values.yaml +++ b/values.yaml @@ -63,8 +63,6 @@ zabbixserver: image: # -- Zabbix server Docker image name repository: zabbix/zabbix-server-pgsql - # -- Tag of Docker image of Zabbix server - #tag: ubuntu-6.0.5 # -- Pull policy of Docker image pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images @@ -142,8 +140,6 @@ zabbixproxy: image: # -- Zabbix proxy Docker image name repository: zabbix/zabbix-proxy-sqlite3 - # -- Tag of Docker image of Zabbix proxy - #tag: ubuntu-6.0.5 # -- Pull policy of Docker image pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images @@ -188,8 +184,6 @@ zabbixagent: image: # -- Zabbix agent Docker image name. Can use zabbix/zabbix-agent or zabbix/zabbix-agent2 repository: zabbix/zabbix-agent2 - # -- Tag of Docker image of Zabbix agent - #tag: ubuntu-6.0.5 # -- Pull policy of Docker image pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images @@ -241,8 +235,6 @@ zabbixweb: image: # -- Zabbix web Docker image name repository: zabbix/zabbix-web-nginx-pgsql - # -- Tag of Docker image of Zabbix web - #tag: ubuntu-6.0.5 # -- Pull policy of Docker image pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images @@ -306,8 +298,6 @@ zabbixwebservice: # -- Zabbix web Docker image name repository: zabbix/zabbix-web-service # -- Tag of Docker image of Zabbix web - #tag: ubuntu-6.0.5 - # -- Pull policy of Docker image pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images pullSecrets: [] From 950ca3cd9777e4a0c693bae0cc2b71f8840eb155 Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Sun, 12 Jun 2022 18:11:51 +0200 Subject: [PATCH 29/39] remove whitespace --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 615fb84..7ab699c 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ URL=https://github.com/cetic/helm-zabbix/ -HELM_IMAGE = alpine/helm:3.9.0 -HELM_DOCS_IMAGE = jnorwood/helm-docs:v1.10.0 +HELM_IMAGE=alpine/helm:3.9.0 +HELM_DOCS_IMAGE=jnorwood/helm-docs:v1.10.0 KNOWN_TARGETS=helm From 6d6243f6e0f06109a6dbf5e9addb284088607ad2 Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Sun, 12 Jun 2022 21:53:01 +0200 Subject: [PATCH 30/39] raised version of tag in example --- docs/example/kind/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/example/kind/values.yaml b/docs/example/kind/values.yaml index d24dfa7..3f8b909 100644 --- a/docs/example/kind/values.yaml +++ b/docs/example/kind/values.yaml @@ -1,6 +1,6 @@ # Custom values for zabbix. -zabbix_image_tag: alpine-6.0.4 +zabbix_image_tag: alpine-6.0.5 db_access: # central place for all database related parameters (db name, host, user, password) in one secret From 9f7bc56312758a8e0f112cb7529cf7aee76f41ca Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Sun, 12 Jun 2022 22:17:03 +0200 Subject: [PATCH 31/39] ran helm-docs --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4eca1e0..33a1b7d 100644 --- a/README.md +++ b/README.md @@ -337,7 +337,7 @@ The following tables lists the configurable parameters of the chart and their de | zabbixweb.service.type | string | `"ClusterIP"` | Type of service for Zabbix web | | zabbixwebservice.enabled | bool | `true` | Enables use of **Zabbix Web Service** | | zabbixwebservice.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml | -| zabbixwebservice.image.pullPolicy | string | `"IfNotPresent"` | Pull policy of Docker image | +| zabbixwebservice.image.pullPolicy | string | `"IfNotPresent"` | Tag of Docker image of Zabbix web | | zabbixwebservice.image.pullSecrets | list | `[]` | List of dockerconfig secrets names to use when pulling images | | zabbixwebservice.image.repository | string | `"zabbix/zabbix-web-service"` | Zabbix web Docker image name | | zabbixwebservice.pod_anti_affinity | bool | `true` | set permissive podAntiAffinity to spread replicas over cluster nodes if replicaCount>1 | From 7cde28675abd8b3e82f6bf8002a49f3a6e23ba66 Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Sun, 12 Jun 2022 22:31:57 +0200 Subject: [PATCH 32/39] added steps using Makefile --- CONTRIBUTING.md | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f6fa217..1cb9052 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -7,7 +7,8 @@ # Contributing -* Install the follow packages: ``git``, ``kubectl``, ``helm``, ``helm-docs``. See this [tutorial](docs/requirements.md). +* Have the ``make`` command and *docker* installed on your system. With this, you don't need the below mentioned ``helm`` and ``helm-docs`` and use containers for the needed steps instead. +* [OPTIONAL] Install the follow packages: ``git``, ``kubectl``, ``helm``, ``helm-docs``. See this [tutorial](docs/requirements.md). * [OPTIONAL] Configure authentication on your Github account to use the SSH protocol instead of HTTP. Watch this tutorial to learn how to set up: https://help.github.com/en/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account * Create a fork this repository. * Clone the forked repository to your local system: @@ -37,7 +38,30 @@ git branch ``` * Make your changes and tests to the new branch. +* Verify your changed do not introduce syntactical/semantic errors: + +Method using make and docker: +```bash +make lint +```` + +Method using locally installed ``helm`` command: +```bash +helm lint . +``` + * Run command ``helm-docs`` to update content of ``README.md`` file using the ``README.md.gotmpl`` template. More info about [helm-docs](https://github.com/norwoodj/helm-docs). + +Method using make and docker: +```bash +make gen-docs +``` + +Method using locally installed ``helm-docs`` command: +```bash +helm-docs +``` + * Commit the changes to the branch. * Push files to repository remote with command: From b386878f00a0a37e12747f7a0bac3bbdbc2e81e7 Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Mon, 13 Jun 2022 00:09:51 +0200 Subject: [PATCH 33/39] put the setting db access env vars into template --- templates/_helpers.tpl | 84 +++++++++++++++++ templates/cronjob-hanodes-autoclean.yaml | 57 +----------- templates/deployment-zabbix-server.yaml | 114 +---------------------- templates/deployment-zabbix-web.yaml | 57 +----------- templates/job-init-db-schema.yaml | 57 +----------- templates/statefulset-postgresql.yaml | 32 +------ 6 files changed, 90 insertions(+), 311 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index da32021..5dc4c3f 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -88,3 +88,87 @@ Return if ingress supports pathType. {{- define "zabbix.ingress.supportsPathType" -}} {{- or (eq (include "zabbix.ingress.isStable" .) "true") (and (eq (include "zabbix.ingress.apiVersion" .) "networking.k8s.io/v1beta1")) -}} {{- end -}} + +{{/* +Define env var names + +*/}} + + +{{/* +Return the entire logic of setting DB access related env vars for the containers which need them +*/}} +{{- define "zabbix.db_access.env_vars" -}} +{{- $ := index . 0 }} +{{- $cntxt := index . 2 }} +{{- $hostvar := "DB_SERVER_HOST" }} +{{- $portvar := "DB_SERVER_PORT" }} +{{- $uservar := "POSTGRES_USER" }} +{{- $passwordvar := "POSTGRES_PASSWORD" }} +{{- $dbvar := "POSTGRES_DB" }} +{{- if eq $cntxt "database" }} +{{- $hostvar = "PGHOST" }} +{{- $portvar = "PGPORT" }} +{{- $uservar = "PGUSER" }} +{{- $passwordvar = "PGPASSWORD" }} +{{- $dbvar = "PGDATABASE" }} +{{- end }} +{{- with index . 1 }} +{{- if .Values.postgresql.enabled }} +- name: {{ $hostvar }} + value: {{ template "zabbix.fullname" . }}-postgresql +- name: {{ $portvar }} + value: {{ .Values.postgresql.service.port | quote }} +{{- else if .Values.db_access.use_unified_secret }} +- name: {{ $hostvar }} + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.unified_secret_name }} + key: host +- name: {{ $portvar }} + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.unified_secret_name }} + key: port + optional: true +{{- else }} +- name: {{ $hostvar }} + value: {{ .Values.db_access.db_server_host | quote }} +- name: {{ $portvar }} + value: {{ .Values.db_access.db_server_port | quote }} +{{- end }} +{{- if .Values.db_access.use_unified_secret }} +- name: {{ $uservar }} + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.unified_secret_name }} + key: user + optional: true +- name: {{ $passwordvar }} + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.unified_secret_name }} + key: password +- name: {{ $dbvar }} + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.unified_secret_name }} + key: dbname + optional: true +{{- else }} +- name: {{ $uservar }} + value: {{ .Values.db_access.postgres_user | quote }} +- name: {{ $passwordvar }} + {{- if .Values.db_access.postgres_password_secret }} + valueFrom: + secretKeyRef: + name: {{ .Values.db_access.postgres_password_secret }} + key: {{ default "password" .Values.db_access.postgres_password_secret_key }} + {{- else }} + value: {{ .Values.db_access.postgres_password | quote }} + {{- end }} +- name: {{ $dbvar }} + value: {{ .Values.db_access.postgres_db | quote }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/templates/cronjob-hanodes-autoclean.yaml b/templates/cronjob-hanodes-autoclean.yaml index 9e43f46..0827e7f 100644 --- a/templates/cronjob-hanodes-autoclean.yaml +++ b/templates/cronjob-hanodes-autoclean.yaml @@ -24,62 +24,7 @@ spec: - -c - echo "deleting all stopped and unavailable HANodes older than {{ .Values.zabbixserver.ha_nodes_autoclean.delete_older_than_seconds }} seconds..." && psql -c "delete from ha_node where status in (1,2) and extract(epoch from now())-lastaccess>{{ .Values.zabbixserver.ha_nodes_autoclean.delete_older_than_seconds }}" env: - {{- if .Values.postgresql.enabled }} - - name: PGHOST - value: {{ template "zabbix.fullname" . }}-postgresql - - name: PGPORT - value: {{ .Values.postgresql.service.port | quote }} - {{- else if .Values.db_access.use_unified_secret }} - - name: PGHOST - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: host - - name: PGPORT - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: port - optional: true - {{- else }} - - name: PGHOST - value: {{ .Values.db_access.db_server_host | quote }} - - name: PGPORT - value: {{ .Values.db_access.db_server_port | quote }} - {{- end }} - {{- if .Values.db_access.use_unified_secret }} - - name: PGUSER - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: user - optional: true - - name: PGPASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: password - - name: PGDATABASE - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: dbname - optional: true - {{- else }} - - name: PGUSER - value: {{ .Values.db_access.postgres_user | quote }} - - name: PGPASSWORD - {{- if .Values.db_access.postgres_password_secret }} - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.postgres_password_secret }} - key: {{ default "password" .Values.db_access.postgres_password_secret_key }} - {{- else }} - value: {{ .Values.db_access.postgres_password | quote }} - {{- end }} - - name: PGDATABASE - value: {{ .Values.db_access.postgres_db | quote }} - {{- end }} + {{- include "zabbix.db_access.env_vars" (list $ . "database") | nindent 12 }} imagePullSecrets: {{- range .Values.zabbixserver.image.pullSecrets }} - name: {{ . | quote }} diff --git a/templates/deployment-zabbix-server.yaml b/templates/deployment-zabbix-server.yaml index 2edd62d..693dad4 100644 --- a/templates/deployment-zabbix-server.yaml +++ b/templates/deployment-zabbix-server.yaml @@ -51,62 +51,7 @@ spec: - name: init-wait-for-database-schema image: "{{ .Values.zabbixserver.image.repository }}:{{ .Values.zabbix_image_tag }}" env: - {{- if .Values.postgresql.enabled }} - - name: DB_SERVER_HOST - value: {{ template "zabbix.fullname" . }}-postgresql - - name: DB_SERVER_PORT - value: {{ .Values.postgresql.service.port | quote }} - {{- else if .Values.db_access.use_unified_secret }} - - name: DB_SERVER_HOST - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: host - - name: DB_SERVER_PORT - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: port - optional: true - {{- else }} - - name: DB_SERVER_HOST - value: {{ .Values.db_access.db_server_host | quote }} - - name: DB_SERVER_PORT - value: {{ .Values.db_access.db_server_port | quote }} - {{- end }} - {{- if .Values.db_access.use_unified_secret }} - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: user - optional: true - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: password - - name: POSTGRES_DB - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: dbname - optional: true - {{- else }} - - name: POSTGRES_USER - value: {{ .Values.db_access.postgres_user | quote }} - - name: POSTGRES_PASSWORD - {{- if .Values.db_access.postgres_password_secret }} - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.postgres_password_secret }} - key: {{ default "password" .Values.db_access.postgres_password_secret_key }} - {{- else }} - value: {{ .Values.db_access.postgres_password | quote }} - {{- end }} - - name: POSTGRES_DB - value: {{ .Values.db_access.postgres_db | quote }} - {{- end }} + {{- include "zabbix.db_access.env_vars" (list $ . "zabbix") | nindent 12 }} command: - "/bin/bash" - "/script/wait_db_schema.sh" @@ -137,62 +82,7 @@ spec: hostIP: {{ .Values.zabbixserver.hostIP }} {{- end}} env: - {{- if .Values.postgresql.enabled }} - - name: DB_SERVER_HOST - value: {{ template "zabbix.fullname" . }}-postgresql - - name: DB_SERVER_PORT - value: {{ .Values.postgresql.service.port | quote }} - {{- else if .Values.db_access.use_unified_secret }} - - name: DB_SERVER_HOST - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: host - - name: DB_SERVER_PORT - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: port - optional: true - {{- else }} - - name: DB_SERVER_HOST - value: {{ .Values.db_access.db_server_host | quote }} - - name: DB_SERVER_PORT - value: {{ .Values.db_access.db_server_port | quote }} - {{- end }} - {{- if .Values.db_access.use_unified_secret }} - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: user - optional: true - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: password - - name: POSTGRES_DB - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: dbname - optional: true - {{- else }} - - name: POSTGRES_USER - value: {{ .Values.db_access.postgres_user | quote }} - - name: POSTGRES_PASSWORD - {{- if .Values.db_access.postgres_password_secret }} - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.postgres_password_secret }} - key: {{ default "password" .Values.db_access.postgres_password_secret_key }} - {{- else }} - value: {{ .Values.db_access.postgres_password | quote }} - {{- end }} - - name: POSTGRES_DB - value: {{ .Values.db_access.postgres_db | quote }} - {{- end }} + {{- include "zabbix.db_access.env_vars" (list $ . "zabbix") | nindent 12 }} {{- range $item := .Values.zabbixserver.extraEnv }} - name: {{ $item.name }} value: {{ $item.value | quote }} diff --git a/templates/deployment-zabbix-web.yaml b/templates/deployment-zabbix-web.yaml index 834a0c4..bfe245e 100644 --- a/templates/deployment-zabbix-web.yaml +++ b/templates/deployment-zabbix-web.yaml @@ -54,62 +54,7 @@ spec: image: "{{ .Values.zabbixweb.image.repository }}:{{ .Values.zabbix_image_tag }}" imagePullPolicy: {{ .Values.zabbixweb.image.pullPolicy }} env: - {{- if .Values.postgresql.enabled }} - - name: DB_SERVER_HOST - value: {{ template "zabbix.fullname" . }}-postgresql - - name: DB_SERVER_PORT - value: {{ .Values.postgresql.service.port | quote }} - {{- else if .Values.db_access.use_unified_secret }} - - name: DB_SERVER_HOST - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: host - - name: DB_SERVER_PORT - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: port - optional: true - {{- else }} - - name: DB_SERVER_HOST - value: {{ .Values.db_access.db_server_host | quote }} - - name: DB_SERVER_PORT - value: {{ .Values.db_access.db_server_port | quote }} - {{- end }} - {{- if .Values.db_access.use_unified_secret }} - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: user - optional: true - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: password - - name: POSTGRES_DB - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: dbname - optional: true - {{- else }} - - name: POSTGRES_USER - value: {{ .Values.db_access.postgres_user | quote }} - - name: POSTGRES_PASSWORD - {{- if .Values.db_access.postgres_password_secret }} - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.postgres_password_secret }} - key: {{ default "password" .Values.db_access.postgres_password_secret_key }} - {{- else }} - value: {{ .Values.db_access.postgres_password | quote }} - {{- end }} - - name: POSTGRES_DB - value: {{ .Values.db_access.postgres_db | quote }} - {{- end }} + {{- include "zabbix.db_access.env_vars" (list $ . "zabbix") | nindent 10 }} {{- range $item := .Values.zabbixweb.extraEnv }} - name: {{ $item.name }} value: {{ $item.value | quote }} diff --git a/templates/job-init-db-schema.yaml b/templates/job-init-db-schema.yaml index 38a7d20..b57bbcf 100644 --- a/templates/job-init-db-schema.yaml +++ b/templates/job-init-db-schema.yaml @@ -16,62 +16,7 @@ spec: - name: init-db-schema image: {{ .Values.zabbixserver.image.repository }}:{{ .Values.zabbix_image_tag }} env: - {{- if .Values.postgresql.enabled }} - - name: DB_SERVER_HOST - value: {{ template "zabbix.fullname" . }}-postgresql - - name: DB_SERVER_PORT - value: {{ .Values.postgresql.service.port | quote }} - {{- else if .Values.db_access.use_unified_secret }} - - name: DB_SERVER_HOST - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: host - - name: DB_SERVER_PORT - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: port - optional: true - {{- else }} - - name: DB_SERVER_HOST - value: {{ .Values.db_access.db_server_host | quote }} - - name: DB_SERVER_PORT - value: {{ .Values.db_access.db_server_port | quote }} - {{- end }} - {{- if .Values.db_access.use_unified_secret }} - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: user - optional: true - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: password - - name: POSTGRES_DB - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: dbname - optional: true - {{- else }} - - name: POSTGRES_USER - value: {{ .Values.db_access.postgres_user | quote }} - - name: POSTGRES_PASSWORD - {{- if .Values.db_access.postgres_password_secret }} - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.postgres_password_secret }} - key: {{ default "password" .Values.db_access.postgres_password_secret_key }} - {{- else }} - value: {{ .Values.db_access.postgres_password | quote }} - {{- end }} - - name: POSTGRES_DB - value: {{ .Values.db_access.postgres_db | quote }} - {{- end }} + {{- include "zabbix.db_access.env_vars" (list $ . "zabbix") | nindent 10 }} command: - "/bin/sh" - "-c" diff --git a/templates/statefulset-postgresql.yaml b/templates/statefulset-postgresql.yaml index 2cbb447..ccc1418 100644 --- a/templates/statefulset-postgresql.yaml +++ b/templates/statefulset-postgresql.yaml @@ -67,37 +67,7 @@ spec: imagePullPolicy: {{ .Values.postgresql.image.pullPolicy }} args: ["-c", "max_connections={{ .Values.postgresql.max_connections }}"] env: - {{- if .Values.db_access.use_unified_secret }} - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: user - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: password - - name: POSTGRES_DB - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.unified_secret_name }} - key: dbname - {{- else }} - - name: POSTGRES_USER - value: {{ .Values.db_access.postgres_user | quote }} - - name: POSTGRES_PASSWORD - {{- if .Values.db_access.postgres_password_secret }} - valueFrom: - secretKeyRef: - name: {{ .Values.db_access.postgres_password_secret }} - key: {{ default "password" .Values.db_access.postgres_password_secret_key }} - {{- else }} - value: {{ .Values.db_access.postgres_password | quote }} - {{- end }} - - name: POSTGRES_DB - value: {{ .Values.db_access.postgres_db | quote }} - {{- end }} + {{- include "zabbix.db_access.env_vars" (list $ . "database") | nindent 12 }} - name: PGDATA value: /var/lib/postgresql/data/pgdata {{- range $item := .Values.zabbixproxy.extraEnv }} From 7c37469c4bf9b70e3b8aefaf811e1cd0c4b0d8b3 Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Mon, 13 Jun 2022 10:26:40 +0200 Subject: [PATCH 34/39] fix: postgres DB uses same env vars as Zabbix but still, special env var names are needed for the "cleanup" cron job --- templates/_helpers.tpl | 3 ++- templates/cronjob-hanodes-autoclean.yaml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 5dc4c3f..2c681d0 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -106,7 +106,8 @@ Return the entire logic of setting DB access related env vars for the containers {{- $uservar := "POSTGRES_USER" }} {{- $passwordvar := "POSTGRES_PASSWORD" }} {{- $dbvar := "POSTGRES_DB" }} -{{- if eq $cntxt "database" }} +{{/* special settings for the DB client (autoclean cron job) container, needs different env variable names */}} +{{- if eq $cntxt "db_client" }} {{- $hostvar = "PGHOST" }} {{- $portvar = "PGPORT" }} {{- $uservar = "PGUSER" }} diff --git a/templates/cronjob-hanodes-autoclean.yaml b/templates/cronjob-hanodes-autoclean.yaml index 0827e7f..69ce8d3 100644 --- a/templates/cronjob-hanodes-autoclean.yaml +++ b/templates/cronjob-hanodes-autoclean.yaml @@ -24,7 +24,7 @@ spec: - -c - echo "deleting all stopped and unavailable HANodes older than {{ .Values.zabbixserver.ha_nodes_autoclean.delete_older_than_seconds }} seconds..." && psql -c "delete from ha_node where status in (1,2) and extract(epoch from now())-lastaccess>{{ .Values.zabbixserver.ha_nodes_autoclean.delete_older_than_seconds }}" env: - {{- include "zabbix.db_access.env_vars" (list $ . "database") | nindent 12 }} + {{- include "zabbix.db_access.env_vars" (list $ . "db_client") | nindent 12 }} imagePullSecrets: {{- range .Values.zabbixserver.image.pullSecrets }} - name: {{ . | quote }} From 05bfc52dff9726f1610f3d39d5ad3584aac6abc9 Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Thu, 23 Jun 2022 19:02:44 +0200 Subject: [PATCH 35/39] added docs on new functionalities to README --- README.md | 24 +++++++++++++++++++++--- README.md.gotmpl | 26 +++++++++++++++++++++++--- 2 files changed, 44 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 33a1b7d..f794b7e 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,10 @@ This Helm chart installs [Zabbix](https://www.zabbix.com) in a Kubernetes cluste * This version removes the possibility to specify database username/password per subsection in favor of specifying all of them centrally at one place. * Also, the names of the values have changed from upper to lowercase. +* It is now possible to start the Zabbix Server pods with replicas of more than 1. + HA functionality of Zabbix will automatically be enabled and it is made sure that + the database schema publication will only happen once, and not by all of the Zabbix + server pods at the same time. > **Break change 2.0.0** * The version 2.0.0 has a break change. @@ -46,7 +50,7 @@ possible is possible, while still obtaining a good level of security. - Kubernetes cluster 1.10+ - Helm 3.0+ - Kubectl -- PV provisioner support in the underlying infrastructure. +- PV provisioner support in the underlying infrastructure (optional). Install requirement ``kubectl`` and ``helm`` following the instructions this [tutorial](docs/requirements.md). @@ -56,7 +60,7 @@ Install requirement ``kubectl`` and ``helm`` following the instructions this [tu **Zabbix server** is the central process of Zabbix software. -The server performs the polling and trapping of data, it calculates triggers, sends notifications to users. It is the central component to which Zabbix agents and proxies report data on availability and integrity of systems. The server can itself remotely check networked services (such as web servers and mail servers) using simple service checks. +The server performs the polling and trapping of data, it calculates triggers, sends notifications to users. It is the central component to which Zabbix agents and proxies report data on availability and integrity of systems. The server can itself remotely check networked services (such as web servers and mail servers) using simple service checks. Zabbix Server can be operated in a High Availability mode since version 6.0 which is automatically enabled by this Helm chart when setting the Zabbix server component to run more than 1 replica. In this HA mode, all Zabbix server instances periodically send a heartbeat to the Database server (just updating a timestamp in a table) as well as which of the nodes is the "active" one. In case the active node does not send a heartbeat within a certain time, any of the remaining ones automatically take over. It is everytime possible to join new nodes to the HA cluster by just raising the amount of replicas of the Zabbix server. ## Zabbix Agent @@ -78,15 +82,29 @@ The server performs the polling and trapping of data, it calculates triggers, se A database is required for zabbix to work, in this helm chart we're using Postgresql 14.x. -> To use a different database make sure you use the right docker image, the docker image we're using here is for postgresql only. +> We use plain postgresql database by default WITHOUT persistence. If you want persistence or would like to use TimescaleDB instead, check the comments in the ``values.yaml`` file. ## Configure the chart The items of section [Configuration](#Configuration) can be set via ``--set`` flag during installation or change the values according to the need of the environment in ``helm-zabbix/values.yaml`` file. +### Configure central database access related settings + +All settings referring to how the different components that this Chart installs access the Zabbix Database (either an external, already existing database or one deployed within this Helm chart) are being configured centrally under the ``db_access`` section of the ``values.yaml`` file. + +By default, this Chart will deploy it's own very simple PostgreSQL database. All settings relevant to how to access this database will be held in one central unified secret with the name configured with the ``db_access.unified_secret_name`` setting. + +Instead of letting the Chart automatically generate such a secret with a random password (which will NOT be recreated on upgrade/redeploy), you can supply such a secret yourself. Use ``db_access.unified_secret_autocreate=false`` in such a case and read the comments in ``values.yaml`` for how the values inside the secret should be set. + +If you want to connect your Zabbix installation to a Postgres database deployed using the [CrunchyData PGO Operator](https://access.crunchydata.com/documentation/postgres-operator/latest/), you can use the secret that PGO generates for your DB automatically directly to connect Zabbix to it, by just referring to its name with the ``db_access.unified_secret_name`` setting to it. + +There is also the possibility to set all DB relevant settings directly inside the ``db_access`` section of the ``values.yaml`` file by using the settings noted there (``db_server_host``, ``postgres_user``, etc). If doing so, you still can use one single secret to told just and only the database password. If you want to do so, supply the ``db_access.postgres_password_secret`` and ``db_access.postgres_password_secret_key`` settings, accordingly. + ### Configure the way how to expose Zabbix service: - **Ingress**: The ingress controller must be installed in the Kubernetes cluster. +- **IngressRoute**: The custom resource definition if you use the [Traefik](https://traefik.io/traefik/) ingress controller. +- **Route**: The ingress controller used by Red Hat Openshift, based on HAProxy - **ClusterIP**: Exposes the service on a cluster-internal IP. Choosing this value makes the service only reachable from within the cluster. - **NodePort**: Exposes the service on each Node’s IP at a static port (the NodePort). You’ll be able to contact the NodePort service, from outside the cluster, by requesting ``NodeIP:NodePort``. - **LoadBalancer**: Exposes the service externally using a cloud provider’s load balancer. diff --git a/README.md.gotmpl b/README.md.gotmpl index 5186079..33a8858 100644 --- a/README.md.gotmpl +++ b/README.md.gotmpl @@ -16,6 +16,10 @@ This Helm chart installs [Zabbix](https://www.zabbix.com) in a Kubernetes cluste * This version removes the possibility to specify database username/password per subsection in favor of specifying all of them centrally at one place. * Also, the names of the values have changed from upper to lowercase. +* It is now possible to start the Zabbix Server pods with replicas of more than 1. + HA functionality of Zabbix will automatically be enabled and it is made sure that + the database schema publication will only happen once, and not by all of the Zabbix + server pods at the same time. > **Break change 2.0.0** * The version 2.0.0 has a break change. @@ -46,7 +50,7 @@ possible is possible, while still obtaining a good level of security. - Kubernetes cluster 1.10+ - Helm 3.0+ - Kubectl -- PV provisioner support in the underlying infrastructure. +- PV provisioner support in the underlying infrastructure (optional). Install requirement ``kubectl`` and ``helm`` following the instructions this [tutorial](docs/requirements.md). @@ -56,7 +60,8 @@ Install requirement ``kubectl`` and ``helm`` following the instructions this [tu **Zabbix server** is the central process of Zabbix software. -The server performs the polling and trapping of data, it calculates triggers, sends notifications to users. It is the central component to which Zabbix agents and proxies report data on availability and integrity of systems. The server can itself remotely check networked services (such as web servers and mail servers) using simple service checks. +The server performs the polling and trapping of data, it calculates triggers, sends notifications to users. It is the central component to which Zabbix agents and proxies report data on availability and integrity of systems. The server can itself remotely check networked services (such as web servers and mail servers) using simple service checks. Zabbix Server can be operated in a High Availability mode since version 6.0 which is automatically enabled by this Helm chart when setting the Zabbix server component to run more than 1 replica. In this HA mode, all Zabbix server instances periodically send a heartbeat to the Database server (just updating a timestamp in a table) as well as which of the nodes is the "active" one. In case the active node does not send a heartbeat within a certain time, any of the remaining ones automatically take over. It is everytime possible to join new nodes to the HA cluster by just raising the amount of replicas of the Zabbix server. + ## Zabbix Agent @@ -78,15 +83,30 @@ The server performs the polling and trapping of data, it calculates triggers, se A database is required for zabbix to work, in this helm chart we're using Postgresql 14.x. -> To use a different database make sure you use the right docker image, the docker image we're using here is for postgresql only. +> We use plain postgresql database by default WITHOUT persistence. If you want persistence or would like to use TimescaleDB instead, check the comments in the ``values.yaml`` file. + ## Configure the chart The items of section [Configuration](#Configuration) can be set via ``--set`` flag during installation or change the values according to the need of the environment in ``helm-zabbix/values.yaml`` file. +### Configure central database access related settings + +All settings referring to how the different components that this Chart installs access the Zabbix Database (either an external, already existing database or one deployed within this Helm chart) are being configured centrally under the ``db_access`` section of the ``values.yaml`` file. + +By default, this Chart will deploy it's own very simple PostgreSQL database. All settings relevant to how to access this database will be held in one central unified secret with the name configured with the ``db_access.unified_secret_name`` setting. + +Instead of letting the Chart automatically generate such a secret with a random password (which will NOT be recreated on upgrade/redeploy), you can supply such a secret yourself. Use ``db_access.unified_secret_autocreate=false`` in such a case and read the comments in ``values.yaml`` for how the values inside the secret should be set. + +If you want to connect your Zabbix installation to a Postgres database deployed using the [CrunchyData PGO Operator](https://access.crunchydata.com/documentation/postgres-operator/latest/), you can use the secret that PGO generates for your DB automatically directly to connect Zabbix to it, by just referring to its name with the ``db_access.unified_secret_name`` setting to it. + +There is also the possibility to set all DB relevant settings directly inside the ``db_access`` section of the ``values.yaml`` file by using the settings noted there (``db_server_host``, ``postgres_user``, etc). If doing so, you still can use one single secret to told just and only the database password. If you want to do so, supply the ``db_access.postgres_password_secret`` and ``db_access.postgres_password_secret_key`` settings, accordingly. + ### Configure the way how to expose Zabbix service: - **Ingress**: The ingress controller must be installed in the Kubernetes cluster. +- **IngressRoute**: The custom resource definition if you use the [Traefik](https://traefik.io/traefik/) ingress controller. +- **Route**: The ingress controller used by Red Hat Openshift, based on HAProxy - **ClusterIP**: Exposes the service on a cluster-internal IP. Choosing this value makes the service only reachable from within the cluster. - **NodePort**: Exposes the service on each Node’s IP at a static port (the NodePort). You’ll be able to contact the NodePort service, from outside the cluster, by requesting ``NodeIP:NodePort``. - **LoadBalancer**: Exposes the service externally using a cloud provider’s load balancer. From c345d890f1690bc9b3be34ca303cf2aeeaace826 Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Thu, 23 Jun 2022 20:47:52 +0200 Subject: [PATCH 36/39] added extraContainers and extraVolumes with this commit it is now possible to add additional (sidecar) containers and volumes to each of the components if necessary. For example, this might be needed if an additional utility would have to run alongside Zabbix Server to pick up "real time export" data and send them to a message bus or a logging sidecar container that needs to catch the logs from the main container into an emptyDir volume and ship them to a central logging system --- README.md | 10 +++++++ templates/deployment-zabbix-server.yaml | 16 ++++++++++- templates/deployment-zabbix-web.yaml | 13 +++++++-- templates/deployment-zabbix-webservice.yaml | 11 +++++++ templates/statefulset-postgresql.yaml | 13 +++++++-- templates/statefulset-zabbix-proxy.yaml | 15 ++++++++++ values.yaml | 32 +++++++++++++++++++++ 7 files changed, 105 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index f794b7e..dd964a7 100644 --- a/README.md +++ b/README.md @@ -259,7 +259,9 @@ The following tables lists the configurable parameters of the chart and their de | ingressroute.hostName | string | `"chart-example.local"` | Ingressroute host name | | nodeSelector | object | `{}` | nodeSelector configurations | | postgresql.enabled | bool | `true` | Create a database using Postgresql | +| postgresql.extraContainers | list | `[]` | additional containers to start within the postgresql pod | | postgresql.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. | +| postgresql.extraVolumes | list | `[]` | additional volumes to make available to the postgresql pod | | postgresql.image.pullPolicy | string | `"IfNotPresent"` | Pull policy of Docker image | | postgresql.image.pullSecrets | list | `[]` | List of dockerconfig secrets names to use when pulling images | | postgresql.image.repository | string | `"postgres"` | Postgresql Docker image name: chose one of "postgres" or "timescale/timescaledb" | @@ -302,7 +304,9 @@ The following tables lists the configurable parameters of the chart and their de | zabbixproxy.ZBX_SERVER_PORT | int | `10051` | Zabbix server port | | zabbixproxy.ZBX_VMWARECACHESIZE | string | `"128M"` | Cache size | | zabbixproxy.enabled | bool | `false` | Enables use of **Zabbix Proxy** | +| zabbixproxy.extraContainers | list | `[]` | additional containers to start within the zabbix proxy pod | | zabbixproxy.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml | +| zabbixproxy.extraVolumes | list | `[]` | additional volumes to make available to the zabbix proxy pod | | zabbixproxy.image.pullPolicy | string | `"IfNotPresent"` | Pull policy of Docker image | | zabbixproxy.image.pullSecrets | list | `[]` | List of dockerconfig secrets names to use when pulling images | | zabbixproxy.image.repository | string | `"zabbix/zabbix-proxy-sqlite3"` | Zabbix proxy Docker image name | @@ -313,7 +317,9 @@ The following tables lists the configurable parameters of the chart and their de | zabbixproxy.service.port | int | `10051` | Port to expose service | | zabbixproxy.service.type | string | `"ClusterIP"` | Type of service for Zabbix proxy | | zabbixserver.enabled | bool | `true` | Enables use of **Zabbix Server** | +| zabbixserver.extraContainers | list | `[]` | additional containers to start within the zabbix server pod | | zabbixserver.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml | +| zabbixserver.extraVolumes | list | `[]` | additional volumes to make available to the zabbix server pod | | zabbixserver.ha_nodes_autoclean | object | `{"delete_older_than_seconds":3600,"enabled":true,"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"postgres","tag":"14"},"schedule":"0 1 * * *"}` | automatically clean orphaned ha nodes from ha_nodes db table | | zabbixserver.hostIP | string | `"0.0.0.0"` | optional set hostIP different from 0.0.0.0 to open port only on this IP | | zabbixserver.hostPort | bool | `false` | optional set true open a port direct on node where zabbix server runs | @@ -329,7 +335,9 @@ The following tables lists the configurable parameters of the chart and their de | zabbixserver.service.port | int | `10051` | Port of service in Kubernetes cluster | | zabbixserver.service.type | string | `"ClusterIP"` | Type of service in Kubernetes cluster | | zabbixweb.enabled | bool | `true` | Enables use of **Zabbix Web** | +| zabbixweb.extraContainers | list | `[]` | additional containers to start within the zabbix web pod | | zabbixweb.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml | +| zabbixweb.extraVolumes | list | `[]` | additional volumes to make available to the zabbix web pod | | zabbixweb.image.pullPolicy | string | `"IfNotPresent"` | Pull policy of Docker image | | zabbixweb.image.pullSecrets | list | `[]` | List of dockerconfig secrets names to use when pulling images | | zabbixweb.image.repository | string | `"zabbix/zabbix-web-nginx-pgsql"` | Zabbix web Docker image name | @@ -354,7 +362,9 @@ The following tables lists the configurable parameters of the chart and their de | zabbixweb.service.port | int | `80` | Port to expose service | | zabbixweb.service.type | string | `"ClusterIP"` | Type of service for Zabbix web | | zabbixwebservice.enabled | bool | `true` | Enables use of **Zabbix Web Service** | +| zabbixwebservice.extraContainers | list | `[]` | additional containers to start within the zabbix webservice pod | | zabbixwebservice.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml | +| zabbixwebservice.extraVolumes | list | `[]` | additional volumes to make available to the zabbix webservice pod | | zabbixwebservice.image.pullPolicy | string | `"IfNotPresent"` | Tag of Docker image of Zabbix web | | zabbixwebservice.image.pullSecrets | list | `[]` | List of dockerconfig secrets names to use when pulling images | | zabbixwebservice.image.repository | string | `"zabbix/zabbix-web-service"` | Zabbix web Docker image name | diff --git a/templates/deployment-zabbix-server.yaml b/templates/deployment-zabbix-server.yaml index 693dad4..e826d1f 100644 --- a/templates/deployment-zabbix-server.yaml +++ b/templates/deployment-zabbix-server.yaml @@ -99,6 +99,10 @@ spec: - name: ZBX_STARTREPORTWRITERS value: {{ .Values.zabbixwebservice.replicaCount|quote }} {{- end }} + {{- with .Values.zabbixserver.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} {{- if .Values.zabbixagent.enabled }} - name: zabbix-agent resources: @@ -136,6 +140,13 @@ spec: - name: zabbix-agent containerPort: 10050 protocol: TCP + {{- with .Values.zabbixagent.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- with .Values.zabbixserver.extraContainers }} + {{- toYaml . | nindent 8 }} {{- end }} imagePullSecrets: {{- range .Values.zabbixserver.image.pullSecrets }} @@ -144,10 +155,13 @@ spec: {{- range .Values.zabbixagent.image.pullSecrets }} - name: {{ . | quote }} {{- end }} - {{- if gt (.Values.zabbixserver.replicaCount | int) 1 }} volumes: + {{- if gt (.Values.zabbixserver.replicaCount | int) 1 }} - name: init-waitschema-script configMap: name: {{ template "zabbix.fullname" . }}-waitdbschema-script {{- end }} + {{- with .Values.zabbixserver.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/templates/deployment-zabbix-web.yaml b/templates/deployment-zabbix-web.yaml index bfe245e..1278999 100644 --- a/templates/deployment-zabbix-web.yaml +++ b/templates/deployment-zabbix-web.yaml @@ -63,11 +63,14 @@ spec: - name: zabbix-web containerPort: 8080 protocol: TCP - {{- if .Values.zabbixweb.saml_certs_secret_name }} volumeMounts: + {{- if .Values.zabbixweb.saml_certs_secret_name }} - name: zabbix-web-samlcerts mountPath: /etc/zabbix/web/certs {{- end }} + {{- with .Values.zabbixweb.extraVolumeMounts }} + {{- toYaml . | nindent 10 }} + {{- end }} livenessProbe: httpGet: path: {{ .Values.zabbixweb.livenessProbe.path }} @@ -86,14 +89,20 @@ spec: timeoutSeconds: {{ .Values.zabbixweb.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.zabbixweb.readinessProbe.successThreshold }} failureThreshold: {{ .Values.zabbixweb.readinessProbe.failureThreshold }} + {{- with .Values.zabbixweb.extraContainers }} + {{- toYaml . | nindent 6 }} + {{- end }} imagePullSecrets: {{- range .Values.zabbixweb.image.pullSecrets }} - name: {{ . | quote }} {{- end }} - {{- if .Values.zabbixweb.saml_certs_secret_name }} volumes: + {{- if .Values.zabbixweb.saml_certs_secret_name }} - name: zabbix-web-samlcerts secret: secretName: {{ .Values.zabbixweb.saml_certs_secret_name }} {{- end }} + {{- with .Values.zabbixweb.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/templates/deployment-zabbix-webservice.yaml b/templates/deployment-zabbix-webservice.yaml index 542f177..fd52ac4 100644 --- a/templates/deployment-zabbix-webservice.yaml +++ b/templates/deployment-zabbix-webservice.yaml @@ -68,8 +68,19 @@ spec: - name: webservice containerPort: 10053 protocol: TCP + {{- with .Values.zabbixwebservice.extraVolumeMounts }} + volumeMounts: + {{ toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.zabbixwebservice.extraContainers }} + {{- toYaml . | nindent 6 }} + {{- end }} imagePullSecrets: {{- range .Values.zabbixweb.image.pullSecrets }} - name: {{ . | quote }} {{- end }} + {{- with .Values.zabbixwebservice.extraVolumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/templates/statefulset-postgresql.yaml b/templates/statefulset-postgresql.yaml index ccc1418..943e8cb 100644 --- a/templates/statefulset-postgresql.yaml +++ b/templates/statefulset-postgresql.yaml @@ -74,23 +74,32 @@ spec: - name: {{ $item.name }} value: {{ $item.value | quote }} {{- end }} - {{- if .Values.postgresql.persistence.enabled }} volumeMounts: + {{- if .Values.postgresql.persistence.enabled }} - name: postgresql-data mountPath: /var/lib/postgresql/data {{- end }} + {{- with .Values.postgresql.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} ports: - name: db containerPort: 5432 protocol: TCP + {{- with .Values.postgresql.extraContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: {{- if .Values.postgresql.persistence.enabled }} {{- if .Values.postgresql.persistence.existing_claim_name }} - volumes: - name: postgresql-data persistentVolumeClaim: claimName: {{ .Values.postgresql.persistence.existing_claim_name }} {{- end }} {{- end }} + {{- with .Values.postgresql.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} imagePullSecrets: {{- range .Values.postgresql.image.pullSecrets }} - name: {{ . | quote }} diff --git a/templates/statefulset-zabbix-proxy.yaml b/templates/statefulset-zabbix-proxy.yaml index e4aa552..9565d96 100644 --- a/templates/statefulset-zabbix-proxy.yaml +++ b/templates/statefulset-zabbix-proxy.yaml @@ -77,6 +77,10 @@ spec: - name: zabbix-agent containerPort: 10050 protocol: TCP + {{- with .Values.zabbixagent.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} - name: zabbix-proxy resources: @@ -110,6 +114,13 @@ spec: - name: zabbix-proxy containerPort: 10051 protocol: TCP + {{- with .Values.zabbixproxy.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.zabbixproxy.extraContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} imagePullSecrets: {{- range .Values.zabbixagent.image.pullSecrets }} - name: {{ . | quote }} @@ -117,4 +128,8 @@ spec: {{- range .Values.zabbixproxy.image.pullSecrets }} - name: {{ . | quote }} {{- end }} + {{- with .Values.zabbixproxy.extraVolumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/values.yaml b/values.yaml index 407a13f..9cc3f9c 100644 --- a/values.yaml +++ b/values.yaml @@ -93,6 +93,12 @@ zabbixserver: extraEnv: [] #- name: ENABLE_TIMESCALED # value: "true" + # -- additional volumeMounts to the zabbix server container + extraVolumeMounts: [] + # -- additional containers to start within the zabbix server pod + extraContainers: [] + # -- additional volumes to make available to the zabbix server pod + extraVolumes: [] # **PostgreSQL** configurations postgresql: @@ -129,6 +135,12 @@ postgresql: # metallb.universe.tf/address-pool: production-public-ips # -- Extra environment variables. A list of additional environment variables. extraEnv: [] + # -- additional volumeMounts to the postgresql container + extraVolumeMounts: [] + # -- additional containers to start within the postgresql pod + extraContainers: [] + # -- additional volumes to make available to the postgresql pod + extraVolumes: [] # **Zabbix Proxy** configurations zabbixproxy: @@ -175,6 +187,12 @@ zabbixproxy: # metallb.universe.tf/address-pool: production-public-ips # -- Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml extraEnv: [] + # -- additional volumeMounts to the zabbix proxy container + extraVolumeMounts: [] + # -- additional containers to start within the zabbix proxy pod + extraContainers: [] + # -- additional volumes to make available to the zabbix proxy pod + extraVolumes: [] # **Zabbix Agent** configurations zabbixagent: @@ -223,6 +241,8 @@ zabbixagent: # metallb.universe.tf/address-pool: production-public-ips # -- Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml extraEnv: [] + # -- additional volumeMounts to the zabbix agent container + extraVolumeMounts: [] # **Zabbix Web** configurations zabbixweb: @@ -259,6 +279,12 @@ zabbixweb: # value: '{"baseurl": "https://zabbix.example.com"}' #- name: ZBX_SERVER_NAME # value: Demo Zabbix + # -- additional volumeMounts to the zabbix web container + extraVolumeMounts: [] + # -- additional containers to start within the zabbix web pod + extraContainers: [] + # -- additional volumes to make available to the zabbix web pod + extraVolumes: [] livenessProbe: # -- Path of health check of application path: / @@ -315,6 +341,12 @@ zabbixwebservice: # metallb.universe.tf/address-pool: production-public-ips # -- Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml extraEnv: [] + # -- additional volumeMounts to the zabbix webservice container + extraVolumeMounts: [] + # -- additional containers to start within the zabbix webservice pod + extraContainers: [] + # -- additional volumes to make available to the zabbix webservice pod + extraVolumes: [] # Ingress configurations ingress: From d90e63dff5746fb878f68133478a7bfe15a47fe1 Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Sun, 26 Jun 2022 16:09:25 +0200 Subject: [PATCH 37/39] implemented extraRuntimeParameters for postgresql with this change, it is now possible to supply arbitrary runtime parameters to the postgresql database. The "max_connections" setting that was formerly a setting of its own inside values.yaml has been moved to use this new structure --- README.md | 37 ++++++++++++++++++++++++++- README.md.gotmpl | 29 +++++++++++++++++++++ templates/statefulset-postgresql.yaml | 8 +++++- values.yaml | 4 ++- 4 files changed, 75 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index dd964a7..0b863bb 100644 --- a/README.md +++ b/README.md @@ -100,6 +100,35 @@ If you want to connect your Zabbix installation to a Postgres database deployed There is also the possibility to set all DB relevant settings directly inside the ``db_access`` section of the ``values.yaml`` file by using the settings noted there (``db_server_host``, ``postgres_user``, etc). If doing so, you still can use one single secret to told just and only the database password. If you want to do so, supply the ``db_access.postgres_password_secret`` and ``db_access.postgres_password_secret_key`` settings, accordingly. +## Configure Postgresql database to match with your performance expectations + +While the default database configuration shipped with this Chart is fine for most (very small, for testing only) Zabbix installations, you will want to set some specific settings to better match your setup. First of all, you should consider enabling Postgresql database persistence (``postgresql.persistence.enabled``), as otherwise all your changes and historical data will be gone as soon as you remove the installation of Zabbix. Additionally, you might want to tune Postgresql by supplying extra postgresql runtime parameters using the ``postgresql.extraRuntimeParameters`` dictionary: + +```yaml +postgresql: + enabled: true + persistence: + enabled: true + storage_size: 50Gi + extraRuntimeParameters: + max_connections: 250 + dynamic_shared_memory_type: posix + shared_buffers: 4GB + temp_buffers: 16MB + work_mem: 128MB + maintenance_work_mem: 256MB + effective_cache_size: 6GB + min_wal_size: 80MB +``` + +Alternatively, you can add your own configuration file for postgresql (using a ConfigMap and the ``postgresql.extraVolumes`` setting) to mount it into the postgresql container and referring to this config file with the ``postgresql.extraRuntimeParameters`` set to: + +```yaml +postgresql: + extraRuntimeParameters: + config.file: /path/to/your/config.file +``` + ### Configure the way how to expose Zabbix service: - **Ingress**: The ingress controller must be installed in the Kubernetes cluster. @@ -261,12 +290,13 @@ The following tables lists the configurable parameters of the chart and their de | postgresql.enabled | bool | `true` | Create a database using Postgresql | | postgresql.extraContainers | list | `[]` | additional containers to start within the postgresql pod | | postgresql.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. | +| postgresql.extraRuntimeParameters | object | `{"max_connections":50}` | Extra Postgresql runtime parameters ("-c" options) | +| postgresql.extraVolumeMounts | list | `[]` | additional volumeMounts to the postgresql container | | postgresql.extraVolumes | list | `[]` | additional volumes to make available to the postgresql pod | | postgresql.image.pullPolicy | string | `"IfNotPresent"` | Pull policy of Docker image | | postgresql.image.pullSecrets | list | `[]` | List of dockerconfig secrets names to use when pulling images | | postgresql.image.repository | string | `"postgres"` | Postgresql Docker image name: chose one of "postgres" or "timescale/timescaledb" | | postgresql.image.tag | int | `14` | Tag of Docker image of Postgresql server, chose "14" for postgres or "latest-pg14" for timescaledb | -| postgresql.max_connections | int | `50` | | | postgresql.persistence.enabled | bool | `false` | whether to enable persistent storage for the postgres container or not | | postgresql.persistence.existing_claim_name | bool | `false` | existing persistent volume claim name to be used to store posgres data | | postgresql.persistence.storage_size | string | `"5Gi"` | size of the PVC to be automatically generated | @@ -289,6 +319,7 @@ The following tables lists the configurable parameters of the chart and their de | zabbixagent.ZBX_VMWARECACHESIZE | string | `"128M"` | Cache size | | zabbixagent.enabled | bool | `true` | Enables use of **Zabbix Agent** | | zabbixagent.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml | +| zabbixagent.extraVolumeMounts | list | `[]` | additional volumeMounts to the zabbix agent container | | zabbixagent.image.pullPolicy | string | `"IfNotPresent"` | Pull policy of Docker image | | zabbixagent.image.pullSecrets | list | `[]` | List of dockerconfig secrets names to use when pulling images | | zabbixagent.image.repository | string | `"zabbix/zabbix-agent2"` | Zabbix agent Docker image name. Can use zabbix/zabbix-agent or zabbix/zabbix-agent2 | @@ -306,6 +337,7 @@ The following tables lists the configurable parameters of the chart and their de | zabbixproxy.enabled | bool | `false` | Enables use of **Zabbix Proxy** | | zabbixproxy.extraContainers | list | `[]` | additional containers to start within the zabbix proxy pod | | zabbixproxy.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml | +| zabbixproxy.extraVolumeMounts | list | `[]` | additional volumeMounts to the zabbix proxy container | | zabbixproxy.extraVolumes | list | `[]` | additional volumes to make available to the zabbix proxy pod | | zabbixproxy.image.pullPolicy | string | `"IfNotPresent"` | Pull policy of Docker image | | zabbixproxy.image.pullSecrets | list | `[]` | List of dockerconfig secrets names to use when pulling images | @@ -319,6 +351,7 @@ The following tables lists the configurable parameters of the chart and their de | zabbixserver.enabled | bool | `true` | Enables use of **Zabbix Server** | | zabbixserver.extraContainers | list | `[]` | additional containers to start within the zabbix server pod | | zabbixserver.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml | +| zabbixserver.extraVolumeMounts | list | `[]` | additional volumeMounts to the zabbix server container | | zabbixserver.extraVolumes | list | `[]` | additional volumes to make available to the zabbix server pod | | zabbixserver.ha_nodes_autoclean | object | `{"delete_older_than_seconds":3600,"enabled":true,"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"postgres","tag":"14"},"schedule":"0 1 * * *"}` | automatically clean orphaned ha nodes from ha_nodes db table | | zabbixserver.hostIP | string | `"0.0.0.0"` | optional set hostIP different from 0.0.0.0 to open port only on this IP | @@ -337,6 +370,7 @@ The following tables lists the configurable parameters of the chart and their de | zabbixweb.enabled | bool | `true` | Enables use of **Zabbix Web** | | zabbixweb.extraContainers | list | `[]` | additional containers to start within the zabbix web pod | | zabbixweb.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml | +| zabbixweb.extraVolumeMounts | list | `[]` | additional volumeMounts to the zabbix web container | | zabbixweb.extraVolumes | list | `[]` | additional volumes to make available to the zabbix web pod | | zabbixweb.image.pullPolicy | string | `"IfNotPresent"` | Pull policy of Docker image | | zabbixweb.image.pullSecrets | list | `[]` | List of dockerconfig secrets names to use when pulling images | @@ -364,6 +398,7 @@ The following tables lists the configurable parameters of the chart and their de | zabbixwebservice.enabled | bool | `true` | Enables use of **Zabbix Web Service** | | zabbixwebservice.extraContainers | list | `[]` | additional containers to start within the zabbix webservice pod | | zabbixwebservice.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml | +| zabbixwebservice.extraVolumeMounts | list | `[]` | additional volumeMounts to the zabbix webservice container | | zabbixwebservice.extraVolumes | list | `[]` | additional volumes to make available to the zabbix webservice pod | | zabbixwebservice.image.pullPolicy | string | `"IfNotPresent"` | Tag of Docker image of Zabbix web | | zabbixwebservice.image.pullSecrets | list | `[]` | List of dockerconfig secrets names to use when pulling images | diff --git a/README.md.gotmpl b/README.md.gotmpl index 33a8858..8b59915 100644 --- a/README.md.gotmpl +++ b/README.md.gotmpl @@ -102,6 +102,35 @@ If you want to connect your Zabbix installation to a Postgres database deployed There is also the possibility to set all DB relevant settings directly inside the ``db_access`` section of the ``values.yaml`` file by using the settings noted there (``db_server_host``, ``postgres_user``, etc). If doing so, you still can use one single secret to told just and only the database password. If you want to do so, supply the ``db_access.postgres_password_secret`` and ``db_access.postgres_password_secret_key`` settings, accordingly. +## Configure Postgresql database to match with your performance expectations + +While the default database configuration shipped with this Chart is fine for most (very small, for testing only) Zabbix installations, you will want to set some specific settings to better match your setup. First of all, you should consider enabling Postgresql database persistence (``postgresql.persistence.enabled``), as otherwise all your changes and historical data will be gone as soon as you remove the installation of Zabbix. Additionally, you might want to tune Postgresql by supplying extra postgresql runtime parameters using the ``postgresql.extraRuntimeParameters`` dictionary: + +```yaml +postgresql: + enabled: true + persistence: + enabled: true + storage_size: 50Gi + extraRuntimeParameters: + max_connections: 250 + dynamic_shared_memory_type: posix + shared_buffers: 4GB + temp_buffers: 16MB + work_mem: 128MB + maintenance_work_mem: 256MB + effective_cache_size: 6GB + min_wal_size: 80MB +``` + +Alternatively, you can add your own configuration file for postgresql (using a ConfigMap and the ``postgresql.extraVolumes`` setting) to mount it into the postgresql container and referring to this config file with the ``postgresql.extraRuntimeParameters`` set to: + +```yaml +postgresql: + extraRuntimeParameters: + config.file: /path/to/your/config.file +``` + ### Configure the way how to expose Zabbix service: - **Ingress**: The ingress controller must be installed in the Kubernetes cluster. diff --git a/templates/statefulset-postgresql.yaml b/templates/statefulset-postgresql.yaml index 943e8cb..471059f 100644 --- a/templates/statefulset-postgresql.yaml +++ b/templates/statefulset-postgresql.yaml @@ -65,7 +65,13 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }}" imagePullPolicy: {{ .Values.postgresql.image.pullPolicy }} - args: ["-c", "max_connections={{ .Values.postgresql.max_connections }}"] + {{- with .Values.postgresql.extraRuntimeParameters }} + args: + {{- range $key, $value := . }} + - "-c" + - "{{ $key }}={{ $value }}" + {{- end }} + {{- end }} env: {{- include "zabbix.db_access.env_vars" (list $ . "database") | nindent 12 }} - name: PGDATA diff --git a/values.yaml b/values.yaml index 9cc3f9c..56f1214 100644 --- a/values.yaml +++ b/values.yaml @@ -113,7 +113,6 @@ postgresql: pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images pullSecrets: [] - max_connections: 50 persistence: # -- whether to enable persistent storage for the postgres container or not enabled: false @@ -133,6 +132,9 @@ postgresql: # -- Annotations for the zabbix-server service annotations: {} # metallb.universe.tf/address-pool: production-public-ips + # -- Extra Postgresql runtime parameters ("-c" options) + extraRuntimeParameters: + max_connections: 50 # -- Extra environment variables. A list of additional environment variables. extraEnv: [] # -- additional volumeMounts to the postgresql container From ea532828a1a6fe27d2ff2305a87daceb6963e618 Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Sun, 26 Jun 2022 16:19:32 +0200 Subject: [PATCH 38/39] deleting unneeded index.yaml and Makefile targets --- Makefile | 8 -------- index.yaml | 38 -------------------------------------- 2 files changed, 46 deletions(-) delete mode 100644 index.yaml diff --git a/Makefile b/Makefile index 7ab699c..d6bb739 100644 --- a/Makefile +++ b/Makefile @@ -23,14 +23,6 @@ lint: package: CMD="package . -d packages" $(MAKE) helm -# Create index file (use only for initial setup) -index: - CMD="repo index --url ${URL} ." $(MAKE) helm - -# Update index file add new version of package into it -merge: - CMD="repo index --url ${URL} --merge index.yaml ." $(MAKE) helm - gen-docs: docker run --rm --name helm-docs \ --user $(shell id -u):$(shell id -g) \ diff --git a/index.yaml b/index.yaml deleted file mode 100644 index fe16baa..0000000 --- a/index.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: v1 -entries: - zabbix: - - apiVersion: v2 - appVersion: 6.0.5 - created: "2022-06-07T04:56:42.303987013Z" - description: Zabbix is a mature and effortless enterprise-class open source monitoring - solution for network monitoring and application monitoring of millions of metrics. - digest: c9a40d9f1c0e4dc832fec132c62b1a39e4aba951092ce441665f067160473d3c - home: https://www.zabbix.com/ - icon: https://assets.zabbix.com/img/logo/zabbix_logo_500x131.png - keywords: - - zabbix - - monitoring - - metrics - maintainers: - - email: aeciopires@gmail.com - name: Aecio Pires - url: https://github.com/aeciopires - - email: alexandre.nuttinck@cetic.be - name: Alexandre Nuttinck - url: https://github.com/alexnuttinck - - email: amen.ayadi@cetic.be - name: Amen Ayadi - url: https://github.com/AyadiAmen - - email: christian.anton@secadm.de - name: Christian Anton - url: https://secadm.de - - email: sebastien.dupont@cetic.be - name: Sebastien Dupont - url: https://github.com/banzo - name: zabbix - sources: - - https://github.com/cetic/helm-zabbix - urls: - - https://github.com/cetic/helm-zabbix/packages/zabbix-3.0.0.tgz - version: 3.0.0 -generated: "2022-06-07T04:56:42.299422388Z" From 1077131f249dce6e6f7283a08119f2899f325efd Mon Sep 17 00:00:00 2001 From: Christian Anton Date: Sun, 26 Jun 2022 18:23:55 +0200 Subject: [PATCH 39/39] corrected comment for correct docs --- README.md | 2 +- values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0b863bb..29ca036 100644 --- a/README.md +++ b/README.md @@ -400,7 +400,7 @@ The following tables lists the configurable parameters of the chart and their de | zabbixwebservice.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. See example: https://github.com/cetic/helm-zabbix/blob/master/docs/example/kind/values.yaml | | zabbixwebservice.extraVolumeMounts | list | `[]` | additional volumeMounts to the zabbix webservice container | | zabbixwebservice.extraVolumes | list | `[]` | additional volumes to make available to the zabbix webservice pod | -| zabbixwebservice.image.pullPolicy | string | `"IfNotPresent"` | Tag of Docker image of Zabbix web | +| zabbixwebservice.image.pullPolicy | string | `"IfNotPresent"` | Pull policy of Docker image | | zabbixwebservice.image.pullSecrets | list | `[]` | List of dockerconfig secrets names to use when pulling images | | zabbixwebservice.image.repository | string | `"zabbix/zabbix-web-service"` | Zabbix web Docker image name | | zabbixwebservice.pod_anti_affinity | bool | `true` | set permissive podAntiAffinity to spread replicas over cluster nodes if replicaCount>1 | diff --git a/values.yaml b/values.yaml index 56f1214..2b9a683 100644 --- a/values.yaml +++ b/values.yaml @@ -325,7 +325,7 @@ zabbixwebservice: image: # -- Zabbix web Docker image name repository: zabbix/zabbix-web-service - # -- Tag of Docker image of Zabbix web + # -- Pull policy of Docker image pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images pullSecrets: []