Skip to content
This repository has been archived by the owner on Feb 12, 2024. It is now read-only.

Commit

Permalink
Merge pull request #54 from sa-ChristianAnton/zabbix-6-features
Browse files Browse the repository at this point in the history
Zabbix 6 related features / improvements of the chart
  • Loading branch information
aeciopires authored Jun 26, 2022
2 parents db4f43f + 1077131 commit 88034d5
Show file tree
Hide file tree
Showing 23 changed files with 1,107 additions and 383 deletions.
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,9 +1,12 @@
*.tgz
packages/

# Helm Charts dependencies
/charts
*.lock

.DS_Store

.idea

.vscode
6 changes: 6 additions & 0 deletions .helmignore
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,9 @@

.circleci/
docs/

# Makefile and other stuff
Makefile
CONTRIBUTING.md
README.md.gotmpl
packages/
26 changes: 25 additions & 1 deletion CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,8 @@

# Contributing

* Install the follow packages: ``git``, ``kubectl``, ``helm``, ``helm-docs``. See this [tutorial](docs/requirements.md).
* Have the ``make`` command and *docker* installed on your system. With this, you don't need the below mentioned ``helm`` and ``helm-docs`` and use containers for the needed steps instead.
* [OPTIONAL] Install the follow packages: ``git``, ``kubectl``, ``helm``, ``helm-docs``. See this [tutorial](docs/requirements.md).
* [OPTIONAL] Configure authentication on your Github account to use the SSH protocol instead of HTTP. Watch this tutorial to learn how to set up: https://help.github.com/en/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account
* Create a fork this repository.
* Clone the forked repository to your local system:
Expand Down Expand Up @@ -37,7 +38,30 @@ git branch
```

* Make your changes and tests to the new branch.
* Verify your changed do not introduce syntactical/semantic errors:

Method using make and docker:
```bash
make lint
````

Method using locally installed ``helm`` command:
```bash
helm lint .
```

* Run command ``helm-docs`` to update content of ``README.md`` file using the ``README.md.gotmpl`` template. More info about [helm-docs](https://github.com/norwoodj/helm-docs).

Method using make and docker:
```bash
make gen-docs
```

Method using locally installed ``helm-docs`` command:
```bash
helm-docs
```

* Commit the changes to the branch.
* Push files to repository remote with command:

Expand Down
9 changes: 6 additions & 3 deletions Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
---
apiVersion: v2
name: zabbix
version: 2.0.1
appVersion: 6.0.4
version: 3.0.0
appVersion: 6.0.5
description: Zabbix is a mature and effortless enterprise-class open source monitoring solution for network monitoring and application monitoring of millions of metrics.
keywords:
- zabbix
- monitoring
- metrics
home: https://www.zabbix.com/
icon: https://assets.zabbix.com/img/logo/zabbix_logo_500x131.png
source:
sources:
- https://github.com/cetic/helm-zabbix
maintainers:
- name: Aecio Pires
Expand All @@ -22,6 +22,9 @@ maintainers:
- name: Amen Ayadi
email: amen.ayadi@cetic.be
url: https://github.com/AyadiAmen
- name: Christian Anton
email: christian.anton@secadm.de
url: https://secadm.de
- name: Sebastien Dupont
email: sebastien.dupont@cetic.be
url: https://github.com/banzo
33 changes: 33 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
URL=https://github.com/cetic/helm-zabbix/
HELM_IMAGE=alpine/helm:3.9.0
HELM_DOCS_IMAGE=jnorwood/helm-docs:v1.10.0
KNOWN_TARGETS=helm


helm:
docker run --rm --name helm-exec \
--user $(shell id -u):$(shell id -g) \
--mount type=bind,src="$(shell pwd)",dst=/helm-chart \
-w /helm-chart \
-e HELM_CACHE_HOME=/helm-chart/.helm/cache \
-e HELM_CONFIG_HOME=/helm-chart/.helm/config \
-e HELM_DATA_HOME=/helm-chart/.helm/data \
$(HELM_IMAGE) \
$(CMD)

# Run linter for helm chart
lint:
CMD="lint ." $(MAKE) helm

# Package chart into zip file
package:
CMD="package . -d packages" $(MAKE) helm

gen-docs:
docker run --rm --name helm-docs \
--user $(shell id -u):$(shell id -g) \
--mount type=bind,src="$(shell pwd)",dst=/helm-chart \
-w /helm-chart \
$(HELM_DOCS_IMAGE) \
helm-docs

156 changes: 125 additions & 31 deletions README.md

Large diffs are not rendered by default.

60 changes: 57 additions & 3 deletions README.md.gotmpl
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,15 @@ This Helm chart installs [Zabbix](https://www.zabbix.com) in a Kubernetes cluste

> **This helm chart is still under development**

> **Break change 3.0.0**
* This version removes the possibility to specify database username/password per
subsection in favor of specifying all of them centrally at one place.
* Also, the names of the values have changed from upper to lowercase.
* It is now possible to start the Zabbix Server pods with replicas of more than 1.
HA functionality of Zabbix will automatically be enabled and it is made sure that
the database schema publication will only happen once, and not by all of the Zabbix
server pods at the same time.

> **Break change 2.0.0**
* The version 2.0.0 has a break change.
* Will be used Postgresql 14.x and Zabbix 6.0.4.
Expand Down Expand Up @@ -41,7 +50,7 @@ possible is possible, while still obtaining a good level of security.
- Kubernetes cluster 1.10+
- Helm 3.0+
- Kubectl
- PV provisioner support in the underlying infrastructure.
- PV provisioner support in the underlying infrastructure (optional).

Install requirement ``kubectl`` and ``helm`` following the instructions this [tutorial](docs/requirements.md).

Expand All @@ -51,7 +60,8 @@ Install requirement ``kubectl`` and ``helm`` following the instructions this [tu

**Zabbix server** is the central process of Zabbix software.

The server performs the polling and trapping of data, it calculates triggers, sends notifications to users. It is the central component to which Zabbix agents and proxies report data on availability and integrity of systems. The server can itself remotely check networked services (such as web servers and mail servers) using simple service checks.
The server performs the polling and trapping of data, it calculates triggers, sends notifications to users. It is the central component to which Zabbix agents and proxies report data on availability and integrity of systems. The server can itself remotely check networked services (such as web servers and mail servers) using simple service checks. Zabbix Server can be operated in a High Availability mode since version 6.0 which is automatically enabled by this Helm chart when setting the Zabbix server component to run more than 1 replica. In this HA mode, all Zabbix server instances periodically send a heartbeat to the Database server (just updating a timestamp in a table) as well as which of the nodes is the "active" one. In case the active node does not send a heartbeat within a certain time, any of the remaining ones automatically take over. It is everytime possible to join new nodes to the HA cluster by just raising the amount of replicas of the Zabbix server.


## Zabbix Agent

Expand All @@ -73,15 +83,59 @@ The server performs the polling and trapping of data, it calculates triggers, se

A database is required for zabbix to work, in this helm chart we're using Postgresql 14.x.

> To use a different database make sure you use the right docker image, the docker image we're using here is for postgresql only.
> We use plain postgresql database by default WITHOUT persistence. If you want persistence or would like to use TimescaleDB instead, check the comments in the ``values.yaml`` file.


## Configure the chart

The items of section [Configuration](#Configuration) can be set via ``--set`` flag during installation or change the values according to the need of the environment in ``helm-zabbix/values.yaml`` file.

### Configure central database access related settings

All settings referring to how the different components that this Chart installs access the Zabbix Database (either an external, already existing database or one deployed within this Helm chart) are being configured centrally under the ``db_access`` section of the ``values.yaml`` file.

By default, this Chart will deploy it's own very simple PostgreSQL database. All settings relevant to how to access this database will be held in one central unified secret with the name configured with the ``db_access.unified_secret_name`` setting.

Instead of letting the Chart automatically generate such a secret with a random password (which will NOT be recreated on upgrade/redeploy), you can supply such a secret yourself. Use ``db_access.unified_secret_autocreate=false`` in such a case and read the comments in ``values.yaml`` for how the values inside the secret should be set.

If you want to connect your Zabbix installation to a Postgres database deployed using the [CrunchyData PGO Operator](https://access.crunchydata.com/documentation/postgres-operator/latest/), you can use the secret that PGO generates for your DB automatically directly to connect Zabbix to it, by just referring to its name with the ``db_access.unified_secret_name`` setting to it.

There is also the possibility to set all DB relevant settings directly inside the ``db_access`` section of the ``values.yaml`` file by using the settings noted there (``db_server_host``, ``postgres_user``, etc). If doing so, you still can use one single secret to told just and only the database password. If you want to do so, supply the ``db_access.postgres_password_secret`` and ``db_access.postgres_password_secret_key`` settings, accordingly.

## Configure Postgresql database to match with your performance expectations

While the default database configuration shipped with this Chart is fine for most (very small, for testing only) Zabbix installations, you will want to set some specific settings to better match your setup. First of all, you should consider enabling Postgresql database persistence (``postgresql.persistence.enabled``), as otherwise all your changes and historical data will be gone as soon as you remove the installation of Zabbix. Additionally, you might want to tune Postgresql by supplying extra postgresql runtime parameters using the ``postgresql.extraRuntimeParameters`` dictionary:

```yaml
postgresql:
enabled: true
persistence:
enabled: true
storage_size: 50Gi
extraRuntimeParameters:
max_connections: 250
dynamic_shared_memory_type: posix
shared_buffers: 4GB
temp_buffers: 16MB
work_mem: 128MB
maintenance_work_mem: 256MB
effective_cache_size: 6GB
min_wal_size: 80MB
```

Alternatively, you can add your own configuration file for postgresql (using a ConfigMap and the ``postgresql.extraVolumes`` setting) to mount it into the postgresql container and referring to this config file with the ``postgresql.extraRuntimeParameters`` set to:

```yaml
postgresql:
extraRuntimeParameters:
config.file: /path/to/your/config.file
```

### Configure the way how to expose Zabbix service:

- **Ingress**: The ingress controller must be installed in the Kubernetes cluster.
- **IngressRoute**: The custom resource definition if you use the [Traefik](https://traefik.io/traefik/) ingress controller.
- **Route**: The ingress controller used by Red Hat Openshift, based on HAProxy
- **ClusterIP**: Exposes the service on a cluster-internal IP. Choosing this value makes the service only reachable from within the cluster.
- **NodePort**: Exposes the service on each Node’s IP at a static port (the NodePort). You’ll be able to contact the NodePort service, from outside the cluster, by requesting ``NodeIP:NodePort``.
- **LoadBalancer**: Exposes the service externally using a cloud provider’s load balancer.
Expand Down
7 changes: 0 additions & 7 deletions docs/example/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,13 +28,6 @@ cd ~/mygit/helm-zabbix

Edit ``~/mygit/helm-zabbix/docs/example/kind/values.yaml`` file.

Download the dependences charts.

```bash
helm repo add cetic https://cetic.github.io/helm-charts
helm repo update
```

Test the installation/upgrade with command (update the YAML files paths if necessary):

```bash
Expand Down
31 changes: 9 additions & 22 deletions docs/example/kind/values.yaml
Original file line number Diff line number Diff line change
@@ -1,22 +1,22 @@
# Custom values for zabbix.

zabbix_image_tag: alpine-6.0.5

db_access:
# central place for all database related parameters (db name, host, user, password) in one secret
# which will be used by all relevant components which are installed by this chart (Zabbix server,
# database, frontend).
# In case you are using the CrunchyData Postgres Operator, you can refer to a secret generated by
# this operator to use a PGO database for your Zabbix instance.
secret_name: myzabbixdbaccess
use_unified_secret: true
unified_secret_name: myzabbixdbaccess
# generate this secret if it does not yet exist and set a random password. Only useful if also using
# postgresql.enabled=true
secret_autocreate: true
unified_secret_autocreate: true

zabbixserver:
enabled: true
replicaCount: 1
image:
repository: zabbix/zabbix-server-pgsql
tag: ubuntu-6.0.4
pullPolicy: IfNotPresent
replicaCount: 2
service:
type: NodePort
port: 10051
Expand All @@ -37,12 +37,8 @@ postgresql:
storage_size: 5Gi # generate a PVC in default storage class with the given size for the DB

zabbixproxy:
enabled: true
enabled: false
replicaCount: 1
image:
repository: zabbix/zabbix-proxy-sqlite3
tag: ubuntu-6.0.4
pullPolicy: IfNotPresent
ZBX_PROXYMODE: 0 # The variable allows to switch Zabbix proxy mode. Bu default, value is 0 - active proxy. Allowed values are 0 - active proxy and 1 - passive proxy.
ZBX_HOSTNAME: zabbix-proxy # This variable is unique, case sensitive hostname.
ZBX_SERVER_HOST: zabbix-zabbix-server
Expand All @@ -65,11 +61,6 @@ zabbixproxy:

zabbixagent:
enabled: true
image:
# Zabbix agent Docker image name. Can use zabbix/zabbix-agent or zabbix/zabbix-agent2
repository: zabbix/zabbix-agent2
tag: ubuntu-6.0.4
pullPolicy: IfNotPresent
ZBX_HOSTNAME: zabbix-agent
ZBX_SERVER_HOST: 127.0.0.1
ZBX_SERVER_PORT: 10051
Expand All @@ -95,14 +86,10 @@ zabbixagent:

zabbixweb:
enabled: true
image:
repository: zabbix/zabbix-web-apache-pgsql
tag: ubuntu-6.0.4
pullPolicy: IfNotPresent
ZBX_SERVER_HOST: zabbix-zabbix-server
ZBX_SERVER_PORT: 10051
service:
type: NodePort
type: ClusterIP
port: 80
extraEnv:
- name: "ZBX_EXAMPLE_MY_ENV_10"
Expand Down
85 changes: 85 additions & 0 deletions templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -88,3 +88,88 @@ Return if ingress supports pathType.
{{- define "zabbix.ingress.supportsPathType" -}}
{{- or (eq (include "zabbix.ingress.isStable" .) "true") (and (eq (include "zabbix.ingress.apiVersion" .) "networking.k8s.io/v1beta1")) -}}
{{- end -}}

{{/*
Define env var names
*/}}


{{/*
Return the entire logic of setting DB access related env vars for the containers which need them
*/}}
{{- define "zabbix.db_access.env_vars" -}}
{{- $ := index . 0 }}
{{- $cntxt := index . 2 }}
{{- $hostvar := "DB_SERVER_HOST" }}
{{- $portvar := "DB_SERVER_PORT" }}
{{- $uservar := "POSTGRES_USER" }}
{{- $passwordvar := "POSTGRES_PASSWORD" }}
{{- $dbvar := "POSTGRES_DB" }}
{{/* special settings for the DB client (autoclean cron job) container, needs different env variable names */}}
{{- if eq $cntxt "db_client" }}
{{- $hostvar = "PGHOST" }}
{{- $portvar = "PGPORT" }}
{{- $uservar = "PGUSER" }}
{{- $passwordvar = "PGPASSWORD" }}
{{- $dbvar = "PGDATABASE" }}
{{- end }}
{{- with index . 1 }}
{{- if .Values.postgresql.enabled }}
- name: {{ $hostvar }}
value: {{ template "zabbix.fullname" . }}-postgresql
- name: {{ $portvar }}
value: {{ .Values.postgresql.service.port | quote }}
{{- else if .Values.db_access.use_unified_secret }}
- name: {{ $hostvar }}
valueFrom:
secretKeyRef:
name: {{ .Values.db_access.unified_secret_name }}
key: host
- name: {{ $portvar }}
valueFrom:
secretKeyRef:
name: {{ .Values.db_access.unified_secret_name }}
key: port
optional: true
{{- else }}
- name: {{ $hostvar }}
value: {{ .Values.db_access.db_server_host | quote }}
- name: {{ $portvar }}
value: {{ .Values.db_access.db_server_port | quote }}
{{- end }}
{{- if .Values.db_access.use_unified_secret }}
- name: {{ $uservar }}
valueFrom:
secretKeyRef:
name: {{ .Values.db_access.unified_secret_name }}
key: user
optional: true
- name: {{ $passwordvar }}
valueFrom:
secretKeyRef:
name: {{ .Values.db_access.unified_secret_name }}
key: password
- name: {{ $dbvar }}
valueFrom:
secretKeyRef:
name: {{ .Values.db_access.unified_secret_name }}
key: dbname
optional: true
{{- else }}
- name: {{ $uservar }}
value: {{ .Values.db_access.postgres_user | quote }}
- name: {{ $passwordvar }}
{{- if .Values.db_access.postgres_password_secret }}
valueFrom:
secretKeyRef:
name: {{ .Values.db_access.postgres_password_secret }}
key: {{ default "password" .Values.db_access.postgres_password_secret_key }}
{{- else }}
value: {{ .Values.db_access.postgres_password | quote }}
{{- end }}
- name: {{ $dbvar }}
value: {{ .Values.db_access.postgres_db | quote }}
{{- end }}
{{- end }}
{{- end -}}
Loading

0 comments on commit 88034d5

Please sign in to comment.