diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index b2e13b6..e002b53 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -2,13 +2,8 @@ Thank you for contributing to this repository. Before you submit this PR we'd like to make sure you are aware of our technical requirements and best practices: -* https://github.com/helm/charts/blob/master/CONTRIBUTING.md#technical-requirements -* https://github.com/helm/helm/tree/master/docs/chart_best_practices - -For a quick overview across what we will look at reviewing your PR, please read -the review guidelines form the Helm repository: - -* https://github.com/helm/charts/blob/master/REVIEW_GUIDELINES.md +* https://github.com/zabbix-community/helm-zabbix/blob/master/CONTRIBUTING.md +* https://github.com/zabbix-community/helm-zabbix/blob/master/charts/zabbix/docs/requirements.md Following our best practices right from the start will accelerate the review process and help get your PR merged quicker. @@ -18,11 +13,6 @@ history. This will make it easier to identify new changes. The PR will be squash anyways when it is merged. Thanks. For fast feedback, please @-mention maintainers that are listed in the Chart.yaml file. - -Please make sure you test your changes before you push them. Once pushed, a CircleCI -will run across your changes and do some initial checks and linting. These checks run -very quickly. Please check the results. We would like these checks to pass before we -even continue reviewing your changes. --> #### What this PR does / why we need it: @@ -35,6 +25,6 @@ even continue reviewing your changes. #### Checklist [Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.] -- [ ] [DCO](https://github.com/helm/charts/blob/master/CONTRIBUTING.md#sign-your-work) signed +- [ ] [DCO](https://github.com/zabbix-community/helm-zabbix/blob/master/CONTRIBUTING.md) signed - [ ] Chart Version bumped - [ ] Variables are documented in the README.md diff --git a/charts/zabbix/Chart.yaml b/charts/zabbix/Chart.yaml index 0a64a89..5af874f 100644 --- a/charts/zabbix/Chart.yaml +++ b/charts/zabbix/Chart.yaml @@ -1,9 +1,9 @@ --- apiVersion: v2 # Don't change this name: zabbix -version: 4.0.3 # helm chart version +version: 4.1.0 # helm chart version # LTS Zabbix version by default due to stability. See: https://www.zabbix.com/life_cycle_and_release_policy -appVersion: 6.0.20 # zabbix version +appVersion: 6.0.26 # zabbix version description: Zabbix is a mature and effortless enterprise-class open source monitoring solution for network monitoring and application monitoring of millions of metrics. keywords: - zabbix diff --git a/charts/zabbix/Makefile b/charts/zabbix/Makefile index 33e37b6..e37f5c8 100644 --- a/charts/zabbix/Makefile +++ b/charts/zabbix/Makefile @@ -5,8 +5,8 @@ #--------------------------- URL=https://github.com/zabbix-community/helm-zabbix/ -HELM_IMAGE=alpine/helm:3.9.0 -HELM_DOCS_IMAGE=jnorwood/helm-docs:v1.11.0 +HELM_IMAGE=alpine/helm:3.14.0 +HELM_DOCS_IMAGE=jnorwood/helm-docs:v1.12.0 KNOWN_TARGETS=helm #---------------------------------------------------------------------------------------------------------- diff --git a/charts/zabbix/README.md b/charts/zabbix/README.md index 1c1c591..5172d27 100644 --- a/charts/zabbix/README.md +++ b/charts/zabbix/README.md @@ -1,6 +1,6 @@ # Helm chart for Zabbix. -[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) ![Version: 4.0.3](https://img.shields.io/badge/Version-4.0.3-informational?style=flat-square) +[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) ![Version: 4.1.0](https://img.shields.io/badge/Version-4.1.0-informational?style=flat-square) Zabbix is a mature and effortless enterprise-class open source monitoring solution for network monitoring and application monitoring of millions of metrics. @@ -42,7 +42,7 @@ helm search repo zabbix-community/zabbix -l Set the helm chart version you want to use. Example: ```bash -export ZABBIX_CHART_VERSION='4.0.0' +export ZABBIX_CHART_VERSION='4.1.0' ``` Export default values of ``zabbix`` chart to ``$HOME/zabbix_values.yaml`` file: @@ -302,10 +302,22 @@ The following tables lists the configurable parameters of the chart and their de | ingressRoute.enabled | bool | `false` | Enables Traefik IngressRoute | | ingressRoute.entryPoints | list | `["websecure"]` | Ingressroute entrypoints | | ingressRoute.hostName | string | `"chart-example.local"` | Ingressroute host name | -| karpenter.clusterName | string | `"CHANGE_HERE"` | Name of cluster. Change the term CHANGE_HERE by EKS cluster name if you want to use Karpenter. | -| karpenter.enabled | bool | `false` | Enables support provisioner of Karpenter. Reference: https://karpenter.sh/. Tested only using EKS cluster 1.23 in AWS with Karpenter 0.19.2. | -| karpenter.limits | object | `{"resources":{"cpu":"1000","memory":"1000Gi"}}` | Resource limits constrain the total size of the cluster. Limits prevent Karpenter from creating new instances once the limit is exceeded. | -| karpenter.tag | string | `"karpenter.sh/discovery/CHANGE_HERE: CHANGE_HERE"` | Tag of discovery with name of cluster used by Karpenter. Change the term CHANGE_HERE by EKS cluster name if you want to use Karpenter. The cluster name, security group and subnets must have this tag. | +| karpenter.amiFamily | string | `"Bottlerocket"` | AMIFamily is a required field, dictating both the default bootstrapping logic for nodes provisioned through this EC2NodeClass but also selecting a group of recommended, latest AMIs by default. Currently, Karpenter supports amiFamily values AL2, Bottlerocket, Ubuntu, Windows2019, Windows2022 and Custom. GPUs are only supported by default with AL2 and Bottlerocket. The AL2 amiFamily does not support ARM64 GPU instance type | +| karpenter.clusterName | string | `"CHANGE_HERE"` | Name of cluster. Change the term CHANGE_HERE by EKS cluster name if you want to use Karpenter. Example: testing-my-cluster | +| karpenter.disruption | object | `{"consolidateAfter":"30s","consolidationPolicy":"WhenEmpty","expireAfter":"720h"}` | Disruption section which describes the ways in which Karpenter can disrupt and replace Nodes. Configuration in this section constrains how aggressive Karpenter can be with performing operations like rolling Nodes due to them hitting their maximum lifetime (expiry) or scaling down nodes to reduce cluster cost | +| karpenter.disruption.consolidateAfter | string | `"30s"` | The amount of time Karpenter should wait after discovering a consolidation decision This value can currently only be set when the consolidationPolicy is 'WhenEmpty' You can choose to disable consolidation entirely by setting the string value 'Never' here | +| karpenter.disruption.consolidationPolicy | string | `"WhenEmpty"` | Describes which types of Nodes Karpenter should consider for consolidation. If using 'WhenUnderutilized', Karpenter will consider all nodes for consolidation and attempt to remove or replace Nodes when it discovers that the Node is underutilized and could be changed to reduce cost If using `WhenEmpty`, Karpenter will only consider nodes for consolidation that contain no workload pods | +| karpenter.disruption.expireAfter | string | `"720h"` | The amount of time a Node can live on the cluster before being removed Avoiding long-running Nodes helps to reduce security vulnerabilities as well as to reduce the chance of issues that can plague Nodes with long uptimes such as file fragmentation or memory leaks from system processes You can choose to disable expiration entirely by setting the string value 'Never' here | +| karpenter.enabled | bool | `false` | Enables support provisioner of Karpenter. Reference: https://karpenter.sh/. Tested only using EKS cluster 1.28 in AWS with Karpenter 0.33.0. | +| karpenter.instanceProfile | object | `{"name":"CHANGE_HERE","use":false}` | Name of instanceProfile EKS cluster. Conflicts with karpenter.role. Must specify one of "role" or "instanceProfile" for Karpenter to launch nodes Example: Karpenter-testing-my-cluster-2023120112554517810000001e | +| karpenter.labels | object | `{"app":"zabbix","karpenter":"true"}` | Labels are arbitrary key-values that are applied to all nodes | +| karpenter.limits | object | `{"cpu":"2","memory":"8Gi"}` | Resource limits constrain the total size of the cluster. Limits prevent Karpenter from creating new instances once the limit is exceeded. | +| karpenter.metadataOptions | object | `{"httpEndpoint":"enabled","httpProtocolIPv6":"disabled","httpPutResponseHopLimit":2,"httpTokens":"required"}` | Optional, configures IMDS for the instance | +| karpenter.requirements | list | `[{"key":"karpenter.k8s.aws/instance-category","operator":"In","values":["c","m","r"]},{"key":"karpenter.k8s.aws/instance-cpu","operator":"In","values":["2","4","8","16","32"]},{"key":"kubernetes.io/arch","operator":"In","values":["amd64"]},{"key":"kubernetes.io/os","operator":"In","values":["linux"]},{"key":"karpenter.sh/capacity-type","operator":"In","values":["spot","on-demand"]}]` | Requirements that constrain the parameters of provisioned nodes. These requirements are combined with pod.spec.topologySpreadConstraints, pod.spec.affinity.nodeAffinity, pod.spec.affinity.podAffinity, and pod.spec.nodeSelector rules. Operators { In, NotIn, Exists, DoesNotExist, Gt, and Lt } are supported. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#operators | +| karpenter.resourceTags | object | `{"Environment":"testing","Scost":"zabbix","product":"zabbix"}` | Karpenter adds tags to all resources it creates, including EC2 Instances, EBS volumes, and Launch Templates. See details: https://karpenter.sh/v0.33/concepts/nodeclasses/#spectags | +| karpenter.role | object | `{"name":"CHANGE_HERE","use":true}` | Name of role EKS cluster. The Karpenter spec.instanceProfile field has been removed from the EC2NodeClass in favor of the spec.role field. Karpenter is also removing support for the defaultInstanceProfile specified globally in the karpenter-global-settings, making the spec.role field required for all EC2NodeClasses. Karpenter will now auto-generate the instance profile in your EC2NodeClass, given the role that you specify. If using the Karpenter Getting Started Guide to deploy Karpenter, you can use the karpenter-irsa-$CLUSTER_NAME-$ID role provisioned by that process (which is limited to 64 characters). Example: karpenter-irsa-testing-my-cluster-2023120421433226760000001e | +| karpenter.tag | string | `"karpenter.sh/discovery"` | Tag of discovery with name of cluster used by Karpenter. Change the term CHANGE_HERE by EKS cluster name if you want to use Karpenter. The cluster name, security group and subnets must have this tag. | +| karpenter.weight | int | `10` | Priority given to the NodePool when the scheduler considers which NodePool to select. Higher weights indicate higher priority when comparing NodePools. Specifying no weight is equivalent to specifying a weight of 0. | | nodeSelector | object | `{}` | nodeSelector configurations. Reference: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ | | postgresAccess.database | string | `"zabbix"` | Name of database | | postgresAccess.host | string | `"zabbix-postgresql"` | Address of database host - ignored if postgresql.enabled=true | @@ -331,6 +343,8 @@ The following tables lists the configurable parameters of the chart and their de | postgresql.persistence.enabled | bool | `false` | whether to enable persistent storage for the postgres container or not | | postgresql.persistence.existingClaimName | bool | `false` | existing persistent volume claim name to be used to store posgres data | | postgresql.persistence.storageSize | string | `"5Gi"` | size of the PVC to be automatically generated | +| postgresql.resources | object | `{}` | Requests and limits of pod resources. See: [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers) | +| postgresql.securityContext | object | `{}` | Security Context configurations. Reference: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | | postgresql.service.annotations | object | `{}` | Annotations for the zabbix-server service | | postgresql.service.clusterIP | string | `nil` | Cluster IP for Zabbix Server | | postgresql.service.port | int | `5432` | Port of service in Kubernetes cluster | @@ -365,6 +379,7 @@ The following tables lists the configurable parameters of the chart and their de | zabbixAgent.resources | object | `{}` | Requests and limits of pod resources. See: [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers) | | zabbixAgent.runAsDaemonSet | bool | `false` | Enable this mode if you want to run zabbix-agent as daemonSet. The 'zabbixAgent.runAsSidecar' option must be false. | | zabbixAgent.runAsSidecar | bool | `true` | Its is a default mode. Zabbix-agent will run as sidecar in zabbix-server and zabbix-proxy pods. Disable this mode if you want to run zabbix-agent as daemonSet | +| zabbixAgent.securityContext | object | `{}` | Security Context configurations. Reference: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | | zabbixAgent.service.annotations | object | `{}` | Annotations for the zabbix-agent service | | zabbixAgent.service.clusterIP | string | `nil` | Cluster IP for Zabbix Agent | | zabbixAgent.service.listenOnAllInterfaces | bool | `true` | externalTrafficPolicy for Zabbix Agent service. "Local" to preserve sender's IP address. Please note that this might not work on multi-node clusters, depending on your network settings. externalTrafficPolicy: Local | @@ -394,6 +409,7 @@ The following tables lists the configurable parameters of the chart and their de | zabbixProxy.image.tag | string | `nil` | Zabbix Proxy Docker image tag, if you want to override zabbixImageTag | | zabbixProxy.replicaCount | int | `1` | Number of replicas of ``zabbixProxy`` module | | zabbixProxy.resources | object | `{}` | Requests and limits of pod resources. See: [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers) | +| zabbixProxy.securityContext | object | `{}` | Security Context configurations. Reference: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | | zabbixProxy.service.annotations | object | `{}` | Annotations for the zabbix-proxy service | | zabbixProxy.service.clusterIP | string | `nil` | Cluster IP for Zabbix Proxy | | zabbixProxy.service.port | int | `10051` | Port to expose service | @@ -408,7 +424,7 @@ The following tables lists the configurable parameters of the chart and their de | zabbixServer.extraPodSpecs | object | `{}` | additional specifications to the Zabbix Server pod | | zabbixServer.extraVolumeMounts | list | `[]` | additional volumeMounts to the Zabbix Server container | | zabbixServer.extraVolumes | list | `[]` | additional volumes to make available to the Zabbix Server pod | -| zabbixServer.haNodesAutoClean | object | `{"deleteOlderThanSeconds":3600,"enabled":true,"extraContainers":[],"extraEnv":[],"extraInitContainers":[],"extraPodSpecs":{},"extraVolumeMounts":[],"extraVolumes":[],"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"postgres","tag":15},"schedule":"0 1 * * *"}` | automatically clean orphaned ha nodes from ha_nodes db table | +| zabbixServer.haNodesAutoClean | object | `{"concurrencyPolicy":"Replace","deleteOlderThanSeconds":3600,"enabled":true,"extraContainers":[],"extraEnv":[],"extraInitContainers":[],"extraPodSpecs":{},"extraVolumeMounts":[],"extraVolumes":[],"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"postgres","tag":15},"resources":{},"schedule":"0 1 * * *","securityContext":{}}` | automatically clean orphaned ha nodes from ha_nodes db table | | zabbixServer.haNodesAutoClean.extraContainers | list | `[]` | additional containers to start within the cronjob hanodes autoclean | | zabbixServer.haNodesAutoClean.extraEnv | list | `[]` | Extra environment variables. A list of additional environment variables. | | zabbixServer.haNodesAutoClean.extraInitContainers | list | `[]` | additional init containers to start within the cronjob hanodes autoclean | @@ -417,15 +433,24 @@ The following tables lists the configurable parameters of the chart and their de | zabbixServer.haNodesAutoClean.extraVolumes | list | `[]` | additional volumes to make available to the cronjob hanodes autoclean | | zabbixServer.haNodesAutoClean.image.repository | string | `"postgres"` | Postgresql Docker image name: chose one of "postgres" or "timescale/timescaledb" | | zabbixServer.haNodesAutoClean.image.tag | int | `15` | Tag of Docker image of Postgresql server, choice "15" for postgres "2.10.3-pg15" for timescaledb (Zabbix supports TimescaleDB 2.0.1-2.10.x. More info: https://www.zabbix.com/documentation/6.0/en/manual/installation/requirements) Added support for PostgreSQL versions 15.x since Zabbix 6.0.10 | +| zabbixServer.haNodesAutoClean.resources | object | `{}` | Requests and limits of pod resources. See: [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers) | +| zabbixServer.haNodesAutoClean.securityContext | object | `{}` | Security Context configurations. Reference: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | | zabbixServer.hostIP | string | `"0.0.0.0"` | optional set hostIP different from 0.0.0.0 to open port only on this IP | | zabbixServer.hostPort | bool | `false` | optional set true open a port direct on node where Zabbix Server runs | | zabbixServer.image.pullPolicy | string | `"IfNotPresent"` | Pull policy of Docker image | | zabbixServer.image.pullSecrets | list | `[]` | List of dockerconfig secrets names to use when pulling images | | zabbixServer.image.repository | string | `"zabbix/zabbix-server-pgsql"` | Zabbix Server Docker image name | | zabbixServer.image.tag | string | `nil` | Zabbix Server Docker image tag, if you want to override zabbixImageTag | +| zabbixServer.jobDBSchema.extraContainers | list | `[]` | additional containers to start within the Zabbix Server Job DB Schema pod | +| zabbixServer.jobDBSchema.extraInitContainers | list | `[]` | additional init containers to start within the Zabbix Server Job DB Schema pod | +| zabbixServer.jobDBSchema.extraPodSpecs | object | `{}` | additional specifications to the Zabbix Server Job DB Schema pod | +| zabbixServer.jobDBSchema.extraVolumeMounts | list | `[]` | additional volumeMounts to the Zabbix Server Job DB Schema pod | +| zabbixServer.jobDBSchema.extraVolumes | list | `[]` | additional volumes to make available to the Zabbix Server Job DB Schema pod | +| zabbixServer.jobDBSchema.securityContext | object | `{}` | Security Context configurations. Reference: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | | zabbixServer.podAntiAffinity | bool | `true` | set permissive podAntiAffinity to spread replicas over cluster nodes if replicaCount>1 | | zabbixServer.replicaCount | int | `1` | Number of replicas of ``zabbixServer`` module | | zabbixServer.resources | object | `{}` | Requests and limits of pod resources. See: [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers) | +| zabbixServer.securityContext | object | `{}` | Security Context configurations. Reference: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | | zabbixServer.service.annotations | object | `{}` | Annotations for the zabbix-server service | | zabbixServer.service.clusterIP | string | `nil` | | | zabbixServer.service.externalIPs | list | `[]` | IPs if use service type LoadBalancer" | @@ -461,6 +486,7 @@ The following tables lists the configurable parameters of the chart and their de | zabbixWeb.readinessProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out | | zabbixWeb.replicaCount | int | `1` | Number of replicas of ``zabbixWeb`` module | | zabbixWeb.resources | object | `{}` | Requests and limits of pod resources. See: [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers) | +| zabbixWeb.securityContext | object | `{}` | Security Context configurations. Reference: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | | zabbixWeb.service | object | `{"annotations":{},"clusterIP":null,"externalIPs":[],"loadBalancerIP":"","port":80,"type":"ClusterIP"}` | Certificate containing certificates for SAML configuration samlCertsSecretName: zabbix-web-samlcerts | | zabbixWeb.service.annotations | object | `{}` | Annotations for the Zabbix Web | | zabbixWeb.service.clusterIP | string | `nil` | Cluster IP for Zabbix Web | @@ -483,6 +509,7 @@ The following tables lists the configurable parameters of the chart and their de | zabbixWebService.podAntiAffinity | bool | `true` | set permissive podAntiAffinity to spread replicas over cluster nodes if replicaCount>1 | | zabbixWebService.replicaCount | int | `1` | Number of replicas of ``zabbixWebService`` module | | zabbixWebService.resources | object | `{}` | Requests and limits of pod resources. See: [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers) | +| zabbixWebService.securityContext | object | `{}` | Security Context configurations. Reference: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | | zabbixWebService.service | object | `{"annotations":{},"clusterIP":null,"port":10053,"type":"ClusterIP"}` | set the IgnoreURLCertErrors configuration setting of Zabbix Web Service ignoreURLCertErrors=1 | | zabbixWebService.service.annotations | object | `{}` | Annotations for the Zabbix Web Service | | zabbixWebService.service.clusterIP | string | `nil` | Cluster IP for Zabbix Web | diff --git a/charts/zabbix/README.md.gotmpl b/charts/zabbix/README.md.gotmpl index da4208d..6f6505a 100644 --- a/charts/zabbix/README.md.gotmpl +++ b/charts/zabbix/README.md.gotmpl @@ -42,7 +42,7 @@ helm search repo zabbix-community/zabbix -l Set the helm chart version you want to use. Example: ```bash -export ZABBIX_CHART_VERSION='4.0.0' +export ZABBIX_CHART_VERSION='4.1.0' ``` Export default values of ``zabbix`` chart to ``$HOME/zabbix_values.yaml`` file: diff --git a/charts/zabbix/artifacthub-pkg.yml b/charts/zabbix/artifacthub-pkg.yml index e292419..6d5865a 100644 --- a/charts/zabbix/artifacthub-pkg.yml +++ b/charts/zabbix/artifacthub-pkg.yml @@ -5,9 +5,9 @@ # https://github.com/kedacore/external-scalers/blob/main/artifacthub/azure-cosmos-db/0.1.0/artifacthub-pkg.yml # https://artifacthub.io/packages/keda-scaler/keda-official-external-scalers/external-scaler-azure-cosmos-db?modal=install -version: 4.0.3 # helm chart version +version: 4.1.0 # helm chart version # LTS Zabbix version by default due to stability. See: https://www.zabbix.com/life_cycle_and_release_policy -appVersion: 6.0.20 # zabbix version +appVersion: 6.0.26 # zabbix version name: zabbix category: monitoring, networking, metrics displayName: Zabbix - The Enterprise-Class Open Source Network Monitoring Solution @@ -53,7 +53,7 @@ install: | Set the helm chart version you want to use. Example: ```bash - export ZABBIX_CHART_VERSION='4.0.1' + export ZABBIX_CHART_VERSION='4.1.0' ``` Export default values of ``zabbix`` chart to ``$HOME/zabbix_values.yaml`` file: diff --git a/charts/zabbix/docs/example/kind/values.yaml b/charts/zabbix/docs/example/kind/values.yaml index ff9b9cc..e5423f1 100644 --- a/charts/zabbix/docs/example/kind/values.yaml +++ b/charts/zabbix/docs/example/kind/values.yaml @@ -1,6 +1,6 @@ # Custom values for zabbix. -zabbixImageTag: 6.4.5-alpine +zabbixImageTag: 6.4.11-alpine postgresAccess: useUnifiedSecret: true diff --git a/charts/zabbix/docs/requirements.md b/charts/zabbix/docs/requirements.md index 233c56a..e78b0ae 100644 --- a/charts/zabbix/docs/requirements.md +++ b/charts/zabbix/docs/requirements.md @@ -57,12 +57,12 @@ Simple shell function for Kubectl installation in Linux 64 bits. Copy and paste ```bash sudo su -VERSION=v1.27.4 +VERSION=v1.29.1 KUBECTL_BIN=kubectl function install_kubectl { if [ -z $(which $KUBECTL_BIN) ]; then - curl -LO https://storage.googleapis.com/kubernetes-release/release/$VERSION/bin/linux/amd64/$KUBECTL_BIN + curl -LO "https://dl.k8s.io/$VERSION/bin/linux/amd64/$KUBECTL_BIN" chmod +x ${KUBECTL_BIN} sudo mv ${KUBECTL_BIN} /usr/local/bin/${KUBECTL_BIN} sudo ln -sf /usr/local/bin/${KUBECTL_BIN} /usr/bin/${KUBECTL_BIN} @@ -75,7 +75,7 @@ install_kubectl which kubectl -kubectl version --client +kubectl version --client=true exit ``` @@ -85,7 +85,7 @@ Kubectl documentation: * https://www.downloadkubernetes.com/ * https://kubernetes.io/docs/reference/kubectl/overview/ -**Credits:** Juan Pablo Perez - https://www.linkedin.com/in/juanpabloperezpeelmicro/ +**Credits:** Juan Pablo Perez - https://www.linkedin.com/in/juanpabloperezpeelmicro/ https://github.com/peelmicro/learn-devops-the-complete-kubernetes-course @@ -94,8 +94,8 @@ https://github.com/peelmicro/learn-devops-the-complete-kubernetes-course Run the following commands to install ``helm-docs``. ```bash -HELM_DOCS_VERSION=1.11.0 -HELM_DOCS_PACKAGE=helm-docs_``$HELM_DOCS_VERSION``_linux_x86_64.tar.gz +HELM_DOCS_VERSION=1.12.0 +HELM_DOCS_PACKAGE=helm-docs_``$HELM_DOCS_VERSION``_Linux_x86_64.tar.gz cd /tmp @@ -121,7 +121,7 @@ Execute these commands to install helm. ```bash sudo su -HELM_TAR_FILE=helm-v3.12.2-linux-amd64.tar.gz +HELM_TAR_FILE=helm-v3.14.0-linux-amd64.tar.gz HELM_URL=https://get.helm.sh HELM_BIN=helm3 diff --git a/charts/zabbix/templates/cronjob-hanodes-autoclean.yaml b/charts/zabbix/templates/cronjob-hanodes-autoclean.yaml index 82dee17..78c720d 100644 --- a/charts/zabbix/templates/cronjob-hanodes-autoclean.yaml +++ b/charts/zabbix/templates/cronjob-hanodes-autoclean.yaml @@ -14,7 +14,7 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }}-nodesclean app.kubernetes.io/managed-by: {{ .Release.Service }}-nodesclean spec: - schedule: {{ .Values.zabbixServer.haNodesAutoClean.schedule|quote }} + schedule: {{ .Values.zabbixServer.haNodesAutoClean.schedule | quote }} concurrencyPolicy: {{ .Values.zabbixServer.haNodesAutoClean.concurrencyPolicy }} jobTemplate: spec: @@ -24,6 +24,17 @@ spec: {{- with .Values.zabbixServer.haNodesAutoClean.extraPodSpecs }} {{- toYaml . | nindent 10 }} {{- end }} + {{- if .Values.karpenter.enabled }} + {{- with .Values.karpenter.labels }} + nodeSelector: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- else }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} {{- with .Values.zabbixServer.haNodesAutoClean.extraInitContainers }} initContainers: {{- toYaml . | nindent 12 }} @@ -32,6 +43,10 @@ spec: - name: hanodes-autoclean image: "{{ .Values.zabbixServer.haNodesAutoClean.image.repository }}:{{ .Values.zabbixServer.haNodesAutoClean.image.tag }}" imagePullPolicy: {{ .Values.zabbixServer.haNodesAutoClean.image.pullPolicy }} + resources: + {{- toYaml .Values.zabbixServer.haNodesAutoClean.resources | nindent 14 }} + securityContext: + {{- toYaml .Values.zabbixServer.haNodesAutoClean.securityContext | nindent 14 }} command: - /bin/bash - -c diff --git a/charts/zabbix/templates/daemonset-zabbix-agent.yaml b/charts/zabbix/templates/daemonset-zabbix-agent.yaml index 427f807..ad8faa9 100644 --- a/charts/zabbix/templates/daemonset-zabbix-agent.yaml +++ b/charts/zabbix/templates/daemonset-zabbix-agent.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }}-zabbix-agent annotations: {{- range $key,$value := .Values.zabbixAgent.daemonSetAnnotations }} - {{ $key }}: {{ $value|quote }} + {{ $key }}: {{ $value | quote }} {{- end }} spec: selector: @@ -21,7 +21,7 @@ spec: metadata: annotations: {{- range $key,$value := .Values.zabbixAgent.containerAnnotations }} - {{ $key }}: {{ $value|quote }} + {{ $key }}: {{ $value | quote }} {{- end }} labels: app: {{ template "zabbix.fullname" . }}-zabbix-agent @@ -34,9 +34,10 @@ spec: {{- toYaml . | nindent 6 }} {{- end }} {{- if .Values.karpenter.enabled }} + {{- with .Values.karpenter.labels }} nodeSelector: - karpenter: "true" - app: zabbix + {{- toYaml . | nindent 8 }} + {{- end }} {{- else }} {{- with .Values.nodeSelector }} nodeSelector: @@ -83,7 +84,7 @@ spec: periodSeconds: 10 successThreshold: 1 securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + {{- toYaml .Values.zabbixAgent.securityContext | nindent 12 }} env: - name: ZBX_HOSTNAME valueFrom: @@ -150,7 +151,7 @@ spec: hostPath: path: / {{- end }} - {{- with .Values.zabbixAgent.extraVolumes }} + {{- with .Values.zabbixAgent.extraVolumes }} {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} {{- end }} \ No newline at end of file diff --git a/charts/zabbix/templates/deployment-zabbix-server.yaml b/charts/zabbix/templates/deployment-zabbix-server.yaml index df7fc7b..0ff2d7f 100644 --- a/charts/zabbix/templates/deployment-zabbix-server.yaml +++ b/charts/zabbix/templates/deployment-zabbix-server.yaml @@ -12,7 +12,7 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }}-zabbix-server annotations: {{- range $key,$value := .Values.zabbixServer.deploymentAnnotations }} - {{ $key }}: {{ $value|quote }} + {{ $key }}: {{ $value | quote }} {{- end }} spec: replicas: {{ .Values.zabbixServer.replicaCount }} @@ -23,7 +23,7 @@ spec: metadata: annotations: {{- range $key,$value := .Values.zabbixServer.containerAnnotations }} - {{ $key }}: {{ $value|quote }} + {{ $key }}: {{ $value | quote }} {{- end }} labels: app: {{ template "zabbix.fullname" . }}-zabbix-server @@ -36,9 +36,10 @@ spec: {{- toYaml . | nindent 6 }} {{- end }} {{- if .Values.karpenter.enabled }} + {{- with .Values.karpenter.labels }} nodeSelector: - karpenter: "true" - app: zabbix + {{- toYaml . | nindent 8 }} + {{- end }} {{- else }} {{- with .Values.nodeSelector }} nodeSelector: @@ -73,6 +74,10 @@ spec: {{- end }} env: {{- include "zabbix.postgresAccess.variables" (list $ . "zabbix") | nindent 12 }} + securityContext: + {{- toYaml .Values.zabbixServer.securityContext | nindent 12 }} + resources: + {{- toYaml .Values.zabbixServer.resources | nindent 12 }} command: - "/bin/bash" - "/script/wait_db_schema.sh" @@ -86,7 +91,9 @@ spec: containers: - name: zabbix-server resources: -{{- toYaml .Values.zabbixServer.resources | nindent 12 }} + {{- toYaml .Values.zabbixServer.resources | nindent 12 }} + securityContext: + {{- toYaml .Values.zabbixServer.securityContext | nindent 12 }} {{- if .Values.zabbixServer.image.tag }} image: "{{ .Values.zabbixServer.image.repository }}:{{ .Values.zabbixServer.image.tag }}" {{- else }} @@ -126,18 +133,18 @@ spec: - name: ZBX_WEBSERVICEURL value: "http://{{ template "zabbix.fullname" . }}-zabbix-webservice:{{ .Values.zabbixWebService.service.port }}/report" - name: ZBX_STARTREPORTWRITERS - value: {{ .Values.zabbixWebService.replicaCount|quote }} + value: {{ .Values.zabbixWebService.replicaCount | quote }} {{- end }} {{- with .Values.zabbixServer.extraVolumeMounts }} volumeMounts: - {{- toYaml . | nindent 12 }} + {{- toYaml . | nindent 12 }} {{- end }} {{- if and .Values.zabbixAgent.enabled .Values.zabbixAgent.runAsSidecar }} - name: zabbix-agent resources: -{{- toYaml .Values.zabbixAgent.resources | nindent 12 }} + {{- toYaml .Values.zabbixAgent.resources | nindent 12 }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + {{- toYaml .Values.zabbixAgent.securityContext | nindent 12 }} {{- if .Values.zabbixAgent.image.tag }} image: "{{ .Values.zabbixAgent.image.repository }}:{{ .Values.zabbixAgent.image.tag }}" {{- else }} @@ -195,6 +202,6 @@ spec: name: {{ template "zabbix.fullname" . }}-waitdbschema-script {{- end }} {{- with .Values.zabbixServer.extraVolumes }} - {{- toYaml . | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} {{- end }} diff --git a/charts/zabbix/templates/deployment-zabbix-web.yaml b/charts/zabbix/templates/deployment-zabbix-web.yaml index 63be253..5a58c1d 100644 --- a/charts/zabbix/templates/deployment-zabbix-web.yaml +++ b/charts/zabbix/templates/deployment-zabbix-web.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }}-zabbix-web annotations: {{- range $key,$value := .Values.zabbixWeb.deploymentAnnotations }} - {{ $key }}: {{ $value|quote }} + {{ $key }}: {{ $value | quote }} {{- end }} spec: replicas: {{ .Values.zabbixWeb.replicaCount }} @@ -22,7 +22,7 @@ spec: metadata: annotations: {{- range $key,$value := .Values.zabbixWeb.containerAnnotations }} - {{ $key }}: {{ $value|quote }} + {{ $key }}: {{ $value | quote }} {{- end }} labels: app: {{ template "zabbix.fullname" . }}-zabbix-web @@ -36,12 +36,13 @@ spec: {{- end }} {{- with .Values.zabbixWeb.extraInitContainers }} initContainers: - {{- toYaml . | nindent 6 }} + {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.karpenter.enabled }} + {{- with .Values.karpenter.labels }} nodeSelector: - karpenter: "true" - app: zabbix + {{- toYaml . | nindent 8 }} + {{- end }} {{- else }} {{- with .Values.nodeSelector }} nodeSelector: @@ -71,7 +72,7 @@ spec: resources: {{- toYaml .Values.zabbixWeb.resources | nindent 10 }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + {{- toYaml .Values.zabbixWeb.securityContext | nindent 10 }} {{- if .Values.zabbixWeb.image.tag }} image: "{{ .Values.zabbixWeb.image.repository }}:{{ .Values.zabbixWeb.image.tag }}" {{- else }} @@ -82,7 +83,7 @@ spec: {{- include "zabbix.postgresAccess.variables" (list $ . "zabbix") | nindent 10 }} {{- range $item := .Values.zabbixWeb.extraEnv }} - name: {{ $item.name }} - value: {{ $item.value | quote }} + value: {{ $item.value | quote }} {{- end }} ports: - name: zabbix-web @@ -128,6 +129,6 @@ spec: secretName: {{ .Values.zabbixWeb.samlCertsSecretName }} {{- end }} {{- with .Values.zabbixWeb.extraVolumes }} - {{- toYaml . | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} {{- end }} diff --git a/charts/zabbix/templates/deployment-zabbix-webservice.yaml b/charts/zabbix/templates/deployment-zabbix-webservice.yaml index a938a5c..a5ee37b 100644 --- a/charts/zabbix/templates/deployment-zabbix-webservice.yaml +++ b/charts/zabbix/templates/deployment-zabbix-webservice.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }}-zabbix-webservice annotations: {{- range $key,$value := .Values.zabbixWebService.deploymentAnnotations }} - {{ $key }}: {{ $value|quote }} + {{ $key }}: {{ $value | quote }} {{- end }} spec: replicas: {{ .Values.zabbixWebService.replicaCount }} @@ -22,7 +22,7 @@ spec: metadata: annotations: {{- range $key,$value := .Values.zabbixWebService.containerAnnotations }} - {{ $key }}: {{ $value|quote }} + {{ $key }}: {{ $value | quote }} {{- end }} labels: app: {{ template "zabbix.fullname" . }}-zabbix-webservice @@ -35,9 +35,10 @@ spec: {{- toYaml . | nindent 6 }} {{- end }} {{- if .Values.karpenter.enabled }} + {{- with .Values.karpenter.labels }} nodeSelector: - karpenter: "true" - app: zabbix + {{- toYaml . | nindent 8 }} + {{- end }} {{- else }} {{- with .Values.nodeSelector }} nodeSelector: @@ -64,14 +65,14 @@ spec: {{- end }} {{- with .Values.zabbixWebService.extraInitContainers }} initContainers: - {{- toYaml . | nindent 6 }} + {{- toYaml . | nindent 8 }} {{- end }} containers: - name: zabbix-webservice resources: {{- toYaml .Values.zabbixWebService.resources | nindent 10 }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + {{- toYaml .Values.zabbixWebService.securityContext | nindent 10 }} {{- if .Values.zabbixWebService.image.tag }} image: "{{ .Values.zabbixWebService.image.repository }}:{{ .Values.zabbixWebService.image.tag }}" {{- else }} diff --git a/charts/zabbix/templates/job-init-db-schema.yaml b/charts/zabbix/templates/job-init-db-schema.yaml index a323cb0..f99bdae 100644 --- a/charts/zabbix/templates/job-init-db-schema.yaml +++ b/charts/zabbix/templates/job-init-db-schema.yaml @@ -13,13 +13,35 @@ spec: ttlSecondsAfterFinished: 120 template: spec: + {{- with .Values.zabbixServer.jobDBSchema.extraPodSpecs }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- if .Values.karpenter.enabled }} + {{- with .Values.karpenter.labels }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- else }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- with .Values.zabbixServer.jobDBSchema.extraInitContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} containers: + {{- with .Values.zabbixServer.jobDBSchema.extraContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} - name: init-db-schema {{- if .Values.zabbixServer.image.tag }} image: "{{ .Values.zabbixServer.image.repository }}:{{ .Values.zabbixServer.image.tag }}" {{- else }} image: "{{ .Values.zabbixServer.image.repository }}:{{ .Values.zabbixImageTag }}" {{- end }} + securityContext: + {{- toYaml .Values.zabbixServer.jobDBSchema.securityContext | nindent 10 }} env: {{- include "zabbix.postgresAccess.variables" (list $ . "zabbix") | nindent 10 }} {{- range $item := .Values.zabbixServer.extraEnv }} @@ -32,6 +54,10 @@ spec: valueFrom: fieldRef: fieldPath: status.podIP + {{- with .Values.zabbixServer.jobDBSchema.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 10 }} + {{- end }} command: - "/bin/sh" - "-c" @@ -41,4 +67,8 @@ spec: - name: {{ . | quote }} {{- end }} restartPolicy: Never + {{- with .Values.zabbixServer.jobDBSchema.extraVolumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/charts/zabbix/templates/karpenter-00-default-provisioner.yaml b/charts/zabbix/templates/karpenter-00-default-provisioner.yaml deleted file mode 100644 index 064fa26..0000000 --- a/charts/zabbix/templates/karpenter-00-default-provisioner.yaml +++ /dev/null @@ -1,67 +0,0 @@ -# References: https://karpenter.sh/v0.19.2/ -# https://karpenter.sh/v0.19.2/provisioner/ -# https://karpenter.sh/v0.19.2/aws/provisioning/ -# https://karpenter.sh/v0.19.2/faq/ -# https://aws.github.io/aws-eks-best-practices/karpenter/ -{{- if .Values.karpenter.enabled }} -apiVersion: karpenter.sh/v1alpha5 -kind: Provisioner -metadata: - name: {{ template "zabbix.fullname" . }} -spec: - ## Enables consolidation which attempts to reduce cluster cost by both removing un-needed nodes and down-sizing those - ## that can't be removed. Mutually exclusive with the ttlSecondsAfterEmpty parameter. - consolidation: - enabled: true - - # If omitted, the feature is disabled and nodes will never expire. If set to less time than it requires for a node - # to become ready, the node may expire before any pods successfully start. - # ttlSecondsUntilExpired: 30 - - # If omitted, the feature is disabled, nodes will never scale down due to low utilization - # ttlSecondsAfterEmpty: 600 - - # Labels are arbitrary key-values that are applied to all nodes - labels: - karpenter: "true" - app: "zabbix" - - # Resource limits constrain the total size of the cluster. - # Limits prevent Karpenter from creating new instances once the limit is exceeded. - limits: - resources: - cpu: {{ .Values.karpenter.limits.resources.cpu }} - memory: {{ .Values.karpenter.limits.resources.memory }} - - provider: - ## Bottlerocket (53s to Ready) or AL2 (Amazon Linux 2, 70s to Ready) - amiFamily: Bottlerocket - securityGroupSelector: - {{ .Values.karpenter.tag }} - subnetSelector: - {{ .Values.karpenter.tag }} - tags: - {{ .Values.karpenter.tag }} - - # Requirements that constrain the parameters of provisioned nodes. - # These requirements are combined with pod.spec.affinity.nodeAffinity rules. - # Operators { In, NotIn } are supported to enable including or excluding values - requirements: - - key: karpenter.sh/capacity-type - operator: In - values: - - spot - - ondemand - - key: karpenter.k8s.aws/instance-size - operator: In - values: - - nano - - micro - - small - - medium - - large - - key: kubernetes.io/arch - operator: In - values: - - amd64 -{{- end }} \ No newline at end of file diff --git a/charts/zabbix/templates/karpenter-00-nodeclass.yaml b/charts/zabbix/templates/karpenter-00-nodeclass.yaml new file mode 100644 index 0000000..d44014a --- /dev/null +++ b/charts/zabbix/templates/karpenter-00-nodeclass.yaml @@ -0,0 +1,38 @@ +# References: +# https://karpenter.sh/v0.33/getting-started/getting-started-with-karpenter/ +# https://github.com/aws/karpenter/blob/v0.33.0/charts/karpenter/values.yaml +# https://karpenter.sh/v0.33/upgrading/upgrade-guide/ +# https://karpenter.sh/v0.33/upgrading/compatibility/ +# https://karpenter.sh/v0.33/concepts/nodepools/ +# https://karpenter.sh/v0.33/concepts/nodeclasses/ +# https://karpenter.sh/docs/upgrading/v1beta1-migration/#instanceprofile +# https://karpenter.sh/docs/upgrading/v1beta1-migration/#helm-values +# https://karpenter.sh/docs/troubleshooting/ +{{- if .Values.karpenter.enabled }} +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: karpenter-00-nodeclass-{{ include "zabbix.fullname" . }} +spec: + amiFamily: {{ .Values.karpenter.amiFamily }} + subnetSelectorTerms: + - tags: + {{ .Values.karpenter.tag }}: {{ .Values.karpenter.clusterName }} + securityGroupSelectorTerms: + - tags: + {{ .Values.karpenter.tag }}: {{ .Values.karpenter.clusterName }} + {{- if and .Values.karpenter.role.use ( not .Values.karpenter.instanceProfile.use ) }} + role: {{ .Values.karpenter.role.name }} + {{- end }} + {{- if and .Values.karpenter.instanceProfile.use ( not .Values.karpenter.role.use ) }} + instanceProfile: {{ .Values.karpenter.instanceProfile.name }} + {{- end }} + {{- with .Values.karpenter.resourceTags }} + tags: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.karpenter.metadataOptions }} + metadataOptions: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/zabbix/templates/karpenter-00-nodepool.yaml b/charts/zabbix/templates/karpenter-00-nodepool.yaml new file mode 100644 index 0000000..ab9aca2 --- /dev/null +++ b/charts/zabbix/templates/karpenter-00-nodepool.yaml @@ -0,0 +1,40 @@ +# References: +# https://karpenter.sh/v0.33/getting-started/getting-started-with-karpenter/ +# https://github.com/aws/karpenter/blob/v0.33.0/charts/karpenter/values.yaml +# https://karpenter.sh/v0.33/upgrading/upgrade-guide/ +# https://karpenter.sh/v0.33/upgrading/compatibility/ +# https://karpenter.sh/v0.33/concepts/nodepools/ +# https://karpenter.sh/v0.33/concepts/nodeclasses/ +# https://karpenter.sh/docs/upgrading/v1beta1-migration/#instanceprofile +# https://karpenter.sh/docs/upgrading/v1beta1-migration/#helm-values +# https://karpenter.sh/docs/troubleshooting/ +{{- if .Values.karpenter.enabled }} +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: karpenter-00-{{ include "zabbix.fullname" . }} +spec: + limits: + cpu: {{ .Values.karpenter.limits.cpu }} + memory: {{ .Values.karpenter.limits.memory }} + weight: {{ .Values.karpenter.weight }} + disruption: + consolidationPolicy: {{ .Values.karpenter.disruption.consolidationPolicy }} + consolidateAfter: {{ .Values.karpenter.disruption.consolidateAfter }} + expireAfter: {{ .Values.karpenter.disruption.expireAfter }} + template: + metadata: + {{- with .Values.karpenter.labels }} + labels: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.karpenter.requirements }} + requirements: + {{- toYaml . | nindent 8 }} + {{- end }} + nodeClassRef: + apiVersion: karpenter.k8s.aws/v1beta1 + kind: EC2NodeClass + name: karpenter-00-nodeclass-{{ include "zabbix.fullname" . }} +{{- end }} diff --git a/charts/zabbix/templates/secret-db-access.yaml b/charts/zabbix/templates/secret-db-access.yaml index 7eea5cf..64f0354 100644 --- a/charts/zabbix/templates/secret-db-access.yaml +++ b/charts/zabbix/templates/secret-db-access.yaml @@ -15,11 +15,11 @@ type: Opaque data: {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace .Values.postgresAccess.unifiedSecretName) | default dict }} {{- $secretData := (get $secretObj "data") | default dict }} - {{- $secretHost := (get $secretData "host") | default (printf "%s-%s" (include "zabbix.fullname" .) "postgresql" | b64enc) }} + {{- $secretHost := (get $secretData "host") | default (default (printf "%s-%s" (include "zabbix.fullname" .) "postgresql") .Values.postgresAccess.host | b64enc) }} {{- $secretPort := (get $secretData "port") | default (.Values.postgresql.service.port | toString | b64enc) }} - {{- $secretDbname := (get $secretData "dbname") | default ("zabbix" | b64enc) }} - {{- $secretUser := (get $secretData "user") | default ("zabbix" | b64enc) }} - {{- $secretPassword := (get $secretData "password") | default (randAlphaNum 16 | b64enc) }} + {{- $secretDbname := (get $secretData "dbname") | default ( default "zabbix" .Values.postgresAccess.database | b64enc) }} + {{- $secretUser := (get $secretData "user") | default (default "zabbix" .Values.postgresAccess.user | b64enc) }} + {{- $secretPassword := (get $secretData "password") | default (default (randAlphaNum 16) .Values.postgresAccess.password | b64enc) }} host: {{ $secretHost | quote }} port: {{ $secretPort | quote }} dbname: {{ $secretDbname | quote }} diff --git a/charts/zabbix/templates/statefulset-postgresql.yaml b/charts/zabbix/templates/statefulset-postgresql.yaml index cb934ee..97cf0e2 100644 --- a/charts/zabbix/templates/statefulset-postgresql.yaml +++ b/charts/zabbix/templates/statefulset-postgresql.yaml @@ -12,7 +12,7 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }}-postgresql annotations: {{- range $key,$value := .Values.postgresql.statefulSetAnnotations }} - {{ $key }}: {{ $value|quote }} + {{ $key }}: {{ $value | quote }} {{- end }} spec: {{- if .Values.postgresql.persistence.enabled }} @@ -44,7 +44,7 @@ spec: metadata: annotations: {{- range $key,$value := .Values.postgresql.containerAnnotations }} - {{ $key }}: {{ $value|quote }} + {{ $key }}: {{ $value | quote }} {{- end }} labels: app: {{ template "zabbix.fullname" . }}-postgresql @@ -61,9 +61,10 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.karpenter.enabled }} + {{- with .Values.karpenter.labels }} nodeSelector: - karpenter: "true" - app: zabbix + {{- toYaml . | nindent 8 }} + {{- end }} {{- else }} {{- with .Values.nodeSelector }} nodeSelector: @@ -81,9 +82,9 @@ spec: containers: - name: postgresql resources: -{{- toYaml .Values.postgresql.resources | nindent 12 }} + {{- toYaml .Values.postgresql.resources | nindent 12 }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + {{- toYaml .Values.postgresql.securityContext | nindent 12 }} image: "{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }}" imagePullPolicy: {{ .Values.postgresql.image.pullPolicy }} {{- with .Values.postgresql.extraRuntimeParameters }} @@ -125,7 +126,7 @@ spec: {{- end }} {{- end }} {{- with .Values.postgresql.extraVolumes }} - {{- toYaml . | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} imagePullSecrets: {{- range .Values.postgresql.image.pullSecrets }} diff --git a/charts/zabbix/templates/statefulset-zabbix-proxy.yaml b/charts/zabbix/templates/statefulset-zabbix-proxy.yaml index f597806..d9c36fd 100644 --- a/charts/zabbix/templates/statefulset-zabbix-proxy.yaml +++ b/charts/zabbix/templates/statefulset-zabbix-proxy.yaml @@ -12,7 +12,7 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }}-zabbix-proxy annotations: {{- range $key,$value := .Values.zabbixProxy.statefulSetAnnotations }} - {{ $key }}: {{ $value|quote }} + {{ $key }}: {{ $value | quote }} {{- end }} spec: replicas: {{ .Values.zabbixProxy.replicaCount }} @@ -24,7 +24,7 @@ spec: metadata: annotations: {{- range $key,$value := .Values.zabbixProxy.containerAnnotations }} - {{ $key }}: {{ $value|quote }} + {{ $key }}: {{ $value | quote }} {{- end }} labels: app: {{ template "zabbix.fullname" . }}-zabbix-proxy @@ -41,9 +41,10 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.karpenter.enabled }} + {{- with .Values.karpenter.labels }} nodeSelector: - karpenter: "true" - app: zabbix + {{- toYaml . | nindent 8 }} + {{- end }} {{- else }} {{- with .Values.nodeSelector }} nodeSelector: @@ -62,9 +63,9 @@ spec: {{- if and .Values.zabbixAgent.enabled .Values.zabbixAgent.runAsSidecar }} - name: zabbix-agent resources: -{{- toYaml .Values.zabbixAgent.resources | nindent 12 }} + {{- toYaml .Values.zabbixAgent.resources | nindent 12 }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + {{- toYaml .Values.zabbixAgent.securityContext | nindent 12 }} {{- if .Values.zabbixAgent.image.tag }} image: "{{ .Values.zabbixAgent.image.repository }}:{{ .Values.zabbixAgent.image.tag }}" {{- else }} @@ -109,9 +110,9 @@ spec: {{- end }} - name: zabbix-proxy resources: -{{- toYaml .Values.zabbixProxy.resources | nindent 12 }} + {{- toYaml .Values.zabbixProxy.resources | nindent 12 }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + {{- toYaml .Values.zabbixProxy.securityContext | nindent 12 }} {{- if .Values.zabbixProxy.image.tag }} image: "{{ .Values.zabbixProxy.image.repository }}:{{ .Values.zabbixProxy.image.tag }}" {{- else }} @@ -161,7 +162,7 @@ spec: {{- end }} {{- with .Values.zabbixProxy.extraVolumes }} volumes: - {{- toYaml . | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.zabbixProxy.extraVolumeClaimTemplate }} volumeClaimTemplates: diff --git a/charts/zabbix/values.yaml b/charts/zabbix/values.yaml index d501102..954ce4d 100644 --- a/charts/zabbix/values.yaml +++ b/charts/zabbix/values.yaml @@ -90,6 +90,8 @@ zabbixServer: schedule: "0 1 * * *" concurrencyPolicy: "Replace" deleteOlderThanSeconds: 3600 + # -- Requests and limits of pod resources. See: [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers) + resources: {} # -- Extra environment variables. A list of additional environment variables. extraEnv: [] # -- additional volumeMounts to the cronjob hanodes autoclean @@ -102,6 +104,21 @@ zabbixServer: extraVolumes: [] # -- additional specifications to the cronjob hanodes autoclean extraPodSpecs: {} + # -- Security Context configurations. Reference: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + securityContext: {} + jobDBSchema: + # -- additional init containers to start within the Zabbix Server Job DB Schema pod + extraInitContainers: [] + # -- additional containers to start within the Zabbix Server Job DB Schema pod + extraContainers: [] + # -- additional specifications to the Zabbix Server Job DB Schema pod + extraPodSpecs: {} + # -- additional volumeMounts to the Zabbix Server Job DB Schema pod + extraVolumeMounts: [] + # -- additional volumes to make available to the Zabbix Server Job DB Schema pod + extraVolumes: [] + # -- Security Context configurations. Reference: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + securityContext: {} service: # -- Type of service in Kubernetes cluster type: ClusterIP @@ -137,6 +154,8 @@ zabbixServer: extraVolumes: [] # -- additional specifications to the Zabbix Server pod extraPodSpecs: {} + # -- Security Context configurations. Reference: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + securityContext: {} # **PostgreSQL** configurations postgresql: @@ -153,6 +172,8 @@ postgresql: pullPolicy: IfNotPresent # -- List of dockerconfig secrets names to use when pulling images pullSecrets: [] + # -- Requests and limits of pod resources. See: [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers) + resources: {} persistence: # -- whether to enable persistent storage for the postgres container or not enabled: false @@ -160,6 +181,8 @@ postgresql: existingClaimName: false # -- size of the PVC to be automatically generated storageSize: 5Gi + # -- kubernetes uses volume access modes to match PersistentVolumeClaims and PersistentVolumes. See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes + #claim_access_mode: "ReadWriteOnce" # -- storage PVC storageclass to use #storageClass: my-storage-class service: @@ -191,6 +214,8 @@ postgresql: extraVolumes: [] # -- additional specifications to the postgresql pod extraPodSpecs: {} + # -- Security Context configurations. Reference: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + securityContext: {} # **Zabbix Proxy** configurations zabbixProxy: @@ -253,6 +278,8 @@ zabbixProxy: extraVolumes: [] # -- additional specifications to the Zabbix Proxy pod extraPodSpecs: {} + # -- Security Context configurations. Reference: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + securityContext: {} # -- extra volumeClaimTemplate for zabbixProxy statefulset extraVolumeClaimTemplate: [] @@ -326,6 +353,8 @@ zabbixAgent: extraVolumes: [] # -- additional specifications to the Zabbix Agent pod extraPodSpecs: {} + # -- Security Context configurations. Reference: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + securityContext: {} # **Zabbix Web** configurations zabbixWeb: @@ -385,6 +414,8 @@ zabbixWeb: extraVolumes: [] # -- additional specifications to the Zabbix Web pod extraPodSpecs: {} + # -- Security Context configurations. Reference: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + securityContext: {} livenessProbe: # -- Path of health check of application path: / @@ -459,6 +490,8 @@ zabbixWebService: extraVolumes: [] # -- additional specifications to the Zabbix Web Service pod extraPodSpecs: {} + # -- Security Context configurations. Reference: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + securityContext: {} # Ingress configurations ingress: @@ -527,14 +560,96 @@ affinity: {} securityContext: {} karpenter: - # -- Enables support provisioner of Karpenter. Reference: https://karpenter.sh/. Tested only using EKS cluster 1.23 in AWS with Karpenter 0.19.2. + # -- Enables support provisioner of Karpenter. Reference: https://karpenter.sh/. + # Tested only using EKS cluster 1.28 in AWS with Karpenter 0.33.0. enabled: false # -- Name of cluster. Change the term CHANGE_HERE by EKS cluster name if you want to use Karpenter. + # Example: testing-my-cluster clusterName: "CHANGE_HERE" - # -- Tag of discovery with name of cluster used by Karpenter. Change the term CHANGE_HERE by EKS cluster name if you want to use Karpenter. The cluster name, security group and subnets must have this tag. - tag: "karpenter.sh/discovery/CHANGE_HERE: CHANGE_HERE" - # -- Resource limits constrain the total size of the cluster. Limits prevent Karpenter from creating new instances once the limit is exceeded. + # -- Tag of discovery with name of cluster used by Karpenter. + # Change the term CHANGE_HERE by EKS cluster name if you want to use Karpenter. + # The cluster name, security group and subnets must have this tag. + tag: "karpenter.sh/discovery" + # -- Karpenter adds tags to all resources it creates, including EC2 Instances, EBS volumes, and Launch Templates. + # See details: https://karpenter.sh/v0.33/concepts/nodeclasses/#spectags + resourceTags: + Environment: testing + Scost: zabbix + product: zabbix + # -- Name of instanceProfile EKS cluster. Conflicts with karpenter.role. Must specify one of "role" or "instanceProfile" for Karpenter to launch nodes + # Example: Karpenter-testing-my-cluster-2023120112554517810000001e + instanceProfile: + use: false + name: "CHANGE_HERE" + # -- Name of role EKS cluster. The Karpenter spec.instanceProfile field has been removed from the EC2NodeClass in favor + # of the spec.role field. Karpenter is also removing support for the defaultInstanceProfile specified globally + # in the karpenter-global-settings, making the spec.role field required for all EC2NodeClasses. + # Karpenter will now auto-generate the instance profile in your EC2NodeClass, given the role that you specify. + # If using the Karpenter Getting Started Guide to deploy Karpenter, you can use the karpenter-irsa-$CLUSTER_NAME-$ID role + # provisioned by that process (which is limited to 64 characters). + # Example: karpenter-irsa-testing-my-cluster-2023120421433226760000001e + role: + use: true + name: "CHANGE_HERE" + # -- AMIFamily is a required field, dictating both the default bootstrapping logic for nodes provisioned + # through this EC2NodeClass but also selecting a group of recommended, latest AMIs by default. + # Currently, Karpenter supports amiFamily values AL2, Bottlerocket, Ubuntu, Windows2019, Windows2022 and Custom. + # GPUs are only supported by default with AL2 and Bottlerocket. + # The AL2 amiFamily does not support ARM64 GPU instance type + amiFamily: Bottlerocket + # -- Resource limits constrain the total size of the cluster. + # Limits prevent Karpenter from creating new instances once the limit is exceeded. limits: - resources: - cpu: "1000" - memory: 1000Gi + cpu: "2" + memory: "8Gi" + # -- Labels are arbitrary key-values that are applied to all nodes + labels: + karpenter: "true" + app: "zabbix" + # -- Priority given to the NodePool when the scheduler considers which NodePool to select. + # Higher weights indicate higher priority when comparing NodePools. + # Specifying no weight is equivalent to specifying a weight of 0. + weight: 10 + # -- Disruption section which describes the ways in which Karpenter can disrupt and replace Nodes. + # Configuration in this section constrains how aggressive Karpenter can be with performing operations + # like rolling Nodes due to them hitting their maximum lifetime (expiry) or scaling down nodes to reduce cluster cost + disruption: + # -- Describes which types of Nodes Karpenter should consider for consolidation. + # If using 'WhenUnderutilized', Karpenter will consider all nodes for consolidation and attempt to remove or replace Nodes when it discovers that the Node is underutilized and could be changed to reduce cost + # If using `WhenEmpty`, Karpenter will only consider nodes for consolidation that contain no workload pods + consolidationPolicy: "WhenEmpty" + # -- The amount of time Karpenter should wait after discovering a consolidation decision + # This value can currently only be set when the consolidationPolicy is 'WhenEmpty' + # You can choose to disable consolidation entirely by setting the string value 'Never' here + consolidateAfter: "30s" + # -- The amount of time a Node can live on the cluster before being removed + # Avoiding long-running Nodes helps to reduce security vulnerabilities as well as to reduce the chance of issues that can plague Nodes with long uptimes such as file fragmentation or memory leaks from system processes + # You can choose to disable expiration entirely by setting the string value 'Never' here + expireAfter: "720h" + # -- Requirements that constrain the parameters of provisioned nodes. + # These requirements are combined with pod.spec.topologySpreadConstraints, pod.spec.affinity.nodeAffinity, pod.spec.affinity.podAffinity, and pod.spec.nodeSelector rules. + # Operators { In, NotIn, Exists, DoesNotExist, Gt, and Lt } are supported. + # https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#operators + requirements: + - key: "karpenter.k8s.aws/instance-category" + operator: In + values: ["c", "m", "r"] + - key: "karpenter.k8s.aws/instance-cpu" + operator: In + values: ["2", "4", "8", "16", "32"] + - key: "kubernetes.io/arch" + operator: In + values: ["amd64"] + - key: kubernetes.io/os + operator: In + values: ["linux"] + - key: "karpenter.sh/capacity-type" + operator: In + values: ["spot", "on-demand"] + # -- Optional, configures IMDS for the instance + metadataOptions: + httpEndpoint: enabled + httpProtocolIPv6: disabled + httpPutResponseHopLimit: 2 + httpTokens: required +