cetic · aeciopires · Jun 26, 2022 · Apr 22, 2022 · Apr 22, 2022 · May 25, 2022
@@ -1,9 +1,12 @@
 *.tgz
+packages/
 
 # Helm Charts dependencies
 /charts
 *.lock
 
+.DS_Store
+
 .idea
 
 .vscode
@@ -25,3 +25,9 @@
 
 .circleci/
 docs/
+
+# Makefile and other stuff
+Makefile
+CONTRIBUTING.md
+README.md.gotmpl
+packages/
@@ -7,7 +7,8 @@
 
 # Contributing
 
-* Install the follow packages: ``git``, ``kubectl``, ``helm``, ``helm-docs``. See this [tutorial](docs/requirements.md).
+* Have the ``make`` command and *docker* installed on your system. With this, you don't need the below mentioned ``helm`` and ``helm-docs`` and use containers for the needed steps instead.
+* [OPTIONAL] Install the follow packages: ``git``, ``kubectl``, ``helm``, ``helm-docs``. See this [tutorial](docs/requirements.md).
 * [OPTIONAL] Configure authentication on your Github account to use the SSH protocol instead of HTTP. Watch this tutorial to learn how to set up: https://help.github.com/en/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account
 * Create a fork this repository.
 * Clone the forked repository to your local system:
@@ -37,7 +38,30 @@ git branch
 ```
 
 * Make your changes and tests to the new branch.
+* Verify your changed do not introduce syntactical/semantic errors:
+
+Method using make and docker:
+```bash
+make lint
+````
+
+Method using locally installed ``helm`` command:
+```bash
+helm lint .
+```
+
 * Run command ``helm-docs`` to update content of ``README.md`` file using the ``README.md.gotmpl`` template. More info about [helm-docs](https://github.com/norwoodj/helm-docs).
+
+Method using make and docker:
+```bash
+make gen-docs
+```
+
+Method using locally installed ``helm-docs`` command:
+```bash
+helm-docs
+```
+
 * Commit the changes to the branch.
 * Push files to repository remote with command:
 

@@ -1,16 +1,16 @@
 ---
 apiVersion: v2
 name: zabbix
-version: 2.0.1
-appVersion: 6.0.4
+version: 3.0.0
+appVersion: 6.0.5
 description: Zabbix is a mature and effortless enterprise-class open source monitoring solution for network monitoring and application monitoring of millions of metrics.
 keywords:
   - zabbix
   - monitoring
   - metrics
 home: https://www.zabbix.com/
 icon: https://assets.zabbix.com/img/logo/zabbix_logo_500x131.png
-source:
+sources:
   - https://github.com/cetic/helm-zabbix
 maintainers:
   - name: Aecio Pires
@@ -22,6 +22,9 @@ maintainers:
   - name: Amen Ayadi
     email: amen.ayadi@cetic.be
     url: https://github.com/AyadiAmen
+  - name: Christian Anton
+    email: christian.anton@secadm.de
+    url: https://secadm.de
   - name: Sebastien Dupont
     email: sebastien.dupont@cetic.be
     url: https://github.com/banzo
@@ -0,0 +1,33 @@
+URL=https://github.com/cetic/helm-zabbix/
+HELM_IMAGE=alpine/helm:3.9.0
+HELM_DOCS_IMAGE=jnorwood/helm-docs:v1.10.0
+KNOWN_TARGETS=helm
+
+
+helm:
+	docker run --rm --name helm-exec  \
+		--user $(shell id -u):$(shell id -g) \
+		--mount type=bind,src="$(shell pwd)",dst=/helm-chart \
+		-w /helm-chart \
+		-e HELM_CACHE_HOME=/helm-chart/.helm/cache \
+		-e HELM_CONFIG_HOME=/helm-chart/.helm/config \
+		-e HELM_DATA_HOME=/helm-chart/.helm/data \
+		$(HELM_IMAGE) \
+		$(CMD)
+
+# Run linter for helm chart
+lint:
+	CMD="lint ." $(MAKE) helm
+
+# Package chart into zip file
+package:
+	CMD="package . -d packages" $(MAKE) helm
+
+gen-docs:
+	docker run --rm --name helm-docs  \
+		--user $(shell id -u):$(shell id -g) \
+		--mount type=bind,src="$(shell pwd)",dst=/helm-chart \
+		-w /helm-chart \
+		$(HELM_DOCS_IMAGE) \
+		helm-docs
+
@@ -12,6 +12,15 @@ This Helm chart installs [Zabbix](https://www.zabbix.com) in a Kubernetes cluste
 
 > **This helm chart is still under development**
 
+> **Break change 3.0.0**
+* This version removes the possibility to specify database username/password per
+  subsection in favor of specifying all of them centrally at one place.
+* Also, the names of the values have changed from upper to lowercase.
+* It is now possible to start the Zabbix Server pods with replicas of more than 1.
+  HA functionality of Zabbix will automatically be enabled and it is made sure that 
+  the database schema publication will only happen once, and not by all of the Zabbix
+  server pods at the same time.
+
 > **Break change 2.0.0**
 * The version 2.0.0 has a break change.
 * Will be used Postgresql 14.x and Zabbix 6.0.4.
@@ -41,7 +50,7 @@ possible is possible, while still obtaining a good level of security.
 - Kubernetes cluster 1.10+
 - Helm 3.0+
 - Kubectl
-- PV provisioner support in the underlying infrastructure.
+- PV provisioner support in the underlying infrastructure (optional).
 
 Install requirement ``kubectl`` and ``helm`` following the instructions this [tutorial](docs/requirements.md).
 
@@ -51,7 +60,8 @@ Install requirement ``kubectl`` and ``helm`` following the instructions this [tu
 
 **Zabbix server** is the central process of Zabbix software.
 
-The server performs the polling and trapping of data, it calculates triggers, sends notifications to users. It is the central component to which Zabbix agents and proxies report data on availability and integrity of systems. The server can itself remotely check networked services (such as web servers and mail servers) using simple service checks.
+The server performs the polling and trapping of data, it calculates triggers, sends notifications to users. It is the central component to which Zabbix agents and proxies report data on availability and integrity of systems. The server can itself remotely check networked services (such as web servers and mail servers) using simple service checks. Zabbix Server can be operated in a High Availability mode since version 6.0 which is automatically enabled by this Helm chart when setting the Zabbix server component to run more than 1 replica. In this HA mode, all Zabbix server instances periodically send a heartbeat to the Database server (just updating a timestamp in a table) as well as which of the nodes is the "active" one. In case the active node does not send a heartbeat within a certain time, any of the remaining ones automatically take over. It is everytime possible to join new nodes to the HA cluster by just raising the amount of replicas of the Zabbix server.
+
 
 ## Zabbix Agent
 
@@ -73,15 +83,59 @@ The server performs the polling and trapping of data, it calculates triggers, se
 
 A database is required for zabbix to work, in this helm chart we're using Postgresql 14.x.
 
-> To use a different database make sure you use the right docker image, the docker image we're using here is for postgresql only.
+> We use plain postgresql database by default WITHOUT persistence. If you want persistence or would like to use TimescaleDB instead, check the comments in the ``values.yaml`` file.
+
 
 ## Configure the chart
 
 The items of section [Configuration](#Configuration) can be set via ``--set`` flag during installation or change the values according to the need of the environment in ``helm-zabbix/values.yaml`` file.
 
+### Configure central database access related settings
+
+All settings referring to how the different components that this Chart installs access the Zabbix Database (either an external, already existing database or one deployed within this Helm chart) are being configured centrally under the ``db_access`` section of the ``values.yaml`` file.
+
+By default, this Chart will deploy it's own very simple PostgreSQL database. All settings relevant to how to access this database will be held in one central unified secret with the name configured with the ``db_access.unified_secret_name`` setting.
+
+Instead of letting the Chart automatically generate such a secret with a random password (which will NOT be recreated on upgrade/redeploy), you can supply such a secret yourself. Use ``db_access.unified_secret_autocreate=false`` in such a case and read the comments in ``values.yaml`` for how the values inside the secret should be set.
+
+If you want to connect your Zabbix installation to a Postgres database deployed using the [CrunchyData PGO Operator](https://access.crunchydata.com/documentation/postgres-operator/latest/), you can use the secret that PGO generates for your DB automatically directly to connect Zabbix to it, by just referring to its name with the ``db_access.unified_secret_name`` setting to it.
+
+There is also the possibility to set all DB relevant settings directly inside the ``db_access`` section of the ``values.yaml`` file by using the settings noted there (``db_server_host``, ``postgres_user``, etc). If doing so, you still can use one single secret to told just and only the database password. If you want to do so, supply the ``db_access.postgres_password_secret`` and ``db_access.postgres_password_secret_key`` settings, accordingly.
+
+## Configure Postgresql database to match with your performance expectations
+
+While the default database configuration shipped with this Chart is fine for most (very small, for testing only) Zabbix installations, you will want to set some specific settings to better match your setup. First of all, you should consider enabling Postgresql database persistence (``postgresql.persistence.enabled``), as otherwise all your changes and historical data will be gone as soon as you remove the installation of Zabbix. Additionally, you might want to tune Postgresql by supplying extra postgresql runtime parameters using the ``postgresql.extraRuntimeParameters`` dictionary:
+
+```yaml
+postgresql:
+  enabled: true
+  persistence:
+    enabled: true
+    storage_size: 50Gi
+  extraRuntimeParameters:
+    max_connections: 250
+    dynamic_shared_memory_type: posix
+    shared_buffers: 4GB
+    temp_buffers: 16MB
+    work_mem: 128MB
+    maintenance_work_mem: 256MB
+    effective_cache_size: 6GB
+    min_wal_size: 80MB
+```
+
+Alternatively, you can add your own configuration file for postgresql (using a ConfigMap and the ``postgresql.extraVolumes`` setting) to mount it into the postgresql container and referring to this config file with the ``postgresql.extraRuntimeParameters`` set to:
+
+```yaml
+postgresql:
+  extraRuntimeParameters:
+    config.file: /path/to/your/config.file
+```
+
 ### Configure the way how to expose Zabbix service:
 
 - **Ingress**: The ingress controller must be installed in the Kubernetes cluster.
+- **IngressRoute**: The custom resource definition if you use the [Traefik](https://traefik.io/traefik/) ingress controller.
+- **Route**: The ingress controller used by Red Hat Openshift, based on HAProxy
 - **ClusterIP**: Exposes the service on a cluster-internal IP. Choosing this value makes the service only reachable from within the cluster.
 - **NodePort**: Exposes the service on each Node’s IP at a static port (the NodePort). You’ll be able to contact the NodePort service, from outside the cluster, by requesting ``NodeIP:NodePort``.
 - **LoadBalancer**: Exposes the service externally using a cloud provider’s load balancer.

@@ -28,13 +28,6 @@ cd ~/mygit/helm-zabbix
 
 Edit ``~/mygit/helm-zabbix/docs/example/kind/values.yaml`` file.
 
-Download the dependences charts.
-
-```bash
-helm repo add cetic https://cetic.github.io/helm-charts
-helm repo update
-```
-
 Test the installation/upgrade with command (update the YAML files paths if necessary):
 
 ```bash

@@ -1,22 +1,22 @@
 # Custom values for zabbix.
+
+zabbix_image_tag: alpine-6.0.5
+
 db_access:
   # central place for all database related parameters (db name, host, user, password) in one secret
   # which will be used by all relevant components which are installed by this chart (Zabbix server,
   # database, frontend).
   # In case you are using the CrunchyData Postgres Operator, you can refer to a secret generated by
   # this operator to use a PGO database for your Zabbix instance.
-  secret_name: myzabbixdbaccess
+  use_unified_secret: true
+  unified_secret_name: myzabbixdbaccess
   # generate this secret if it does not yet exist and set a random password. Only useful if also using
   # postgresql.enabled=true
-  secret_autocreate: true
+  unified_secret_autocreate: true
 
 zabbixserver:
   enabled: true
-  replicaCount: 1
-  image:
-    repository: zabbix/zabbix-server-pgsql
-    tag: ubuntu-6.0.4
-    pullPolicy: IfNotPresent
+  replicaCount: 2
   service:
     type: NodePort
     port: 10051
@@ -37,12 +37,8 @@ postgresql:
     storage_size: 5Gi # generate a PVC in default storage class with the given size for the DB
 
 zabbixproxy:
-  enabled: true
+  enabled: false
   replicaCount: 1
-  image:
-    repository: zabbix/zabbix-proxy-sqlite3
-    tag: ubuntu-6.0.4
-    pullPolicy: IfNotPresent
   ZBX_PROXYMODE: 0 # The variable allows to switch Zabbix proxy mode. Bu default, value is 0 - active proxy. Allowed values are 0 - active proxy and 1 - passive proxy.
   ZBX_HOSTNAME: zabbix-proxy # This variable is unique, case sensitive hostname.
   ZBX_SERVER_HOST: zabbix-zabbix-server
@@ -65,11 +61,6 @@ zabbixproxy:
 
 zabbixagent:
   enabled: true
-  image:
-    # Zabbix agent Docker image name. Can use zabbix/zabbix-agent or zabbix/zabbix-agent2
-    repository: zabbix/zabbix-agent2
-    tag: ubuntu-6.0.4
-    pullPolicy: IfNotPresent
   ZBX_HOSTNAME: zabbix-agent
   ZBX_SERVER_HOST: 127.0.0.1
   ZBX_SERVER_PORT: 10051
@@ -95,14 +86,10 @@ zabbixagent:
 
 zabbixweb:
   enabled: true
-  image:
-    repository: zabbix/zabbix-web-apache-pgsql
-    tag: ubuntu-6.0.4
-    pullPolicy: IfNotPresent
   ZBX_SERVER_HOST: zabbix-zabbix-server
   ZBX_SERVER_PORT: 10051
   service:
-    type: NodePort
+    type: ClusterIP
     port: 80
   extraEnv:
     - name: "ZBX_EXAMPLE_MY_ENV_10"

@@ -88,3 +88,88 @@ Return if ingress supports pathType.
 {{- define "zabbix.ingress.supportsPathType" -}}
   {{- or (eq (include "zabbix.ingress.isStable" .) "true") (and (eq (include "zabbix.ingress.apiVersion" .) "networking.k8s.io/v1beta1")) -}}
 {{- end -}}
+
+{{/*
+Define env var names
+
+*/}}
+
+
+{{/*
+Return the entire logic of setting DB access related env vars for the containers which need them
+*/}}
+{{- define "zabbix.db_access.env_vars" -}}
+{{- $ := index . 0 }}
+{{- $cntxt := index . 2 }}
+{{- $hostvar := "DB_SERVER_HOST" }}
+{{- $portvar := "DB_SERVER_PORT" }}
+{{- $uservar := "POSTGRES_USER" }}
+{{- $passwordvar := "POSTGRES_PASSWORD" }}
+{{- $dbvar := "POSTGRES_DB" }}
+{{/* special settings for the DB client (autoclean cron job) container, needs different env variable names */}}
+{{- if eq $cntxt "db_client" }}
+{{- $hostvar = "PGHOST" }}
+{{- $portvar = "PGPORT" }}
+{{- $uservar = "PGUSER" }}
+{{- $passwordvar = "PGPASSWORD" }}
+{{- $dbvar = "PGDATABASE" }}
+{{- end }}
+{{- with index . 1 }}
+{{- if .Values.postgresql.enabled }}
+- name: {{ $hostvar }}
+  value: {{ template "zabbix.fullname" . }}-postgresql
+- name: {{ $portvar }}
+  value: {{ .Values.postgresql.service.port | quote }}
+{{- else if .Values.db_access.use_unified_secret }}
+- name: {{ $hostvar }}
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.db_access.unified_secret_name }}
+      key: host
+- name: {{ $portvar }}
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.db_access.unified_secret_name }}
+      key: port
+      optional: true
+{{- else }}
+- name: {{ $hostvar }}
+  value: {{ .Values.db_access.db_server_host | quote }}
+- name: {{ $portvar }}
+  value: {{ .Values.db_access.db_server_port | quote }}
+{{- end }}
+{{- if .Values.db_access.use_unified_secret }}
+- name: {{ $uservar }}
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.db_access.unified_secret_name }}
+      key: user
+      optional: true
+- name: {{ $passwordvar }}
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.db_access.unified_secret_name }}
+      key: password
+- name: {{ $dbvar }}
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.db_access.unified_secret_name }}
+      key: dbname
+      optional: true
+{{- else }}
+- name: {{ $uservar }}
+  value: {{ .Values.db_access.postgres_user | quote }}
+- name: {{ $passwordvar }}
+  {{- if .Values.db_access.postgres_password_secret }}
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.db_access.postgres_password_secret }}
+      key: {{ default "password" .Values.db_access.postgres_password_secret_key }}
+  {{- else  }}
+  value: {{ .Values.db_access.postgres_password | quote }}
+  {{- end }}
+- name: {{ $dbvar }}
+  value: {{ .Values.db_access.postgres_db | quote }}
+{{- end }}
+{{- end }}
+{{- end -}}