diff --git a/.github/workflows/blank.yml b/.github/workflows/blank.yml index 93ca8d9..b481df6 100644 --- a/.github/workflows/blank.yml +++ b/.github/workflows/blank.yml @@ -4,9 +4,9 @@ name: CI on: push: - branches: [ master ] + branches: [master] pull_request: - branches: [ master ] + branches: [master] jobs: build: @@ -16,18 +16,18 @@ jobs: - uses: actions/checkout@v2 # Runs a single command using the runners shell - - name: "Download and install HELM" + - name: Download and install HELM run: | curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 chmod 700 get_helm.sh ./get_helm.sh # Runs a set of commands using the runners shell - - name: "Run HELM lint" + - name: Run HELM lint run: helm lint . - - name: "Install unittest plugin" + - name: Install unittest plugin run: helm plugin install https://github.com/quintush/helm-unittest - - name: "Run unit tests" + - name: Run unit tests run: helm unittest -3 . diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7c8cbfc..64a3c4a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -5,8 +5,8 @@ name: MasterRun on: push: branches: - - master - - main + - master + - main workflow_dispatch: @@ -15,35 +15,35 @@ jobs: runs-on: ubuntu-latest steps: - - name: Checkout dj-wasabi-release repo - uses: actions/checkout@v2 - with: - repository: dj-wasabi/dj-wasabi-release - path: dj-wasabi-release - - - name: Checkout current repo - uses: actions/checkout@v2 - with: - path: main - - - name: Commit Changelog file - run: | - # We are cloned in the 'main' directory and the dj-wasabi-release - # repository is the 'dj-wasabi-release' next to 'main' - cd main - - # Generate CHANGELOG.md file - ../dj-wasabi-release/release.sh -d - - # Let commit the changes if there are any? (Well there should be!) - if [[ $(git status | grep -c 'CHANGELOG.md' || true) -gt 0 ]] - then echo "Committing file" - git config --global user.name 'Werner Dijkerman [GH bot]' - git config --global user.email 'github@dj-wasabi.nl' - - git add CHANGELOG.md - git commit -m "Updated CHANGELOG.md on \"$(date "+%Y-%m-%d %H:%M:%S")\"" CHANGELOG.md - git push - fi - env: - CHANGELOG_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Checkout dj-wasabi-release repo + uses: actions/checkout@v2 + with: + repository: dj-wasabi/dj-wasabi-release + path: dj-wasabi-release + + - name: Checkout current repo + uses: actions/checkout@v2 + with: + path: main + + - name: Commit Changelog file + run: | + # We are cloned in the 'main' directory and the dj-wasabi-release + # repository is the 'dj-wasabi-release' next to 'main' + cd main + + # Generate CHANGELOG.md file + ../dj-wasabi-release/release.sh -d + + # Let commit the changes if there are any? (Well there should be!) + if [[ $(git status | grep -c 'CHANGELOG.md' || true) -gt 0 ]] + then echo "Committing file" + git config --global user.name 'Werner Dijkerman [GH bot]' + git config --global user.email 'github@dj-wasabi.nl' + + git add CHANGELOG.md + git commit -m "Updated CHANGELOG.md on \"$(date "+%Y-%m-%d %H:%M:%S")\"" CHANGELOG.md + git push + fi + env: + CHANGELOG_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9fcfe62..5249d7d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,8 +1,7 @@ ---- repos: - repo: https://github.com/dj-wasabi/pre-commit-hooks - rev: d84bb1806ddb7572f38e80a8778f6d13540554d9 + rev: master hooks: - - id: helm-lint - - id: helm-unittest - + - id: helm-lint + - id: helm-unittest + - id: markdown-toc diff --git a/README.md b/README.md index 9c7ed80..b6b9dd6 100644 --- a/README.md +++ b/README.md @@ -4,27 +4,35 @@ ![GitHub Release Date](https://img.shields.io/github/release-date/dj-wasabi/helm-zabbix) ![GitHub release (latest by date)](https://img.shields.io/github/v/release/dj-wasabi/helm-zabbix) [![MIT license](https://img.shields.io/badge/License-MIT-blue.svg)](https://lbesson.mit-license.org/) +[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/dj-wasabi/pre-commit-hooks) Table of content: + - [HELM-ZABBIX](#helm-zabbix) - * [Prerequisites](#prerequisites) - * [Dependencies](#dependencies) +- [Introduction](#introduction) + - [Prerequisites](#prerequisites) + - [Dependencies](#dependencies) - [Installation](#installation) - * [server-db-secret](#server-db-secret) - * [www.example.com](#wwwexamplecom) - * [proxy-db-secret](#proxy-db-secret) - * [Install the HELM Chart](#install-the-helm-chart) + - [server-db-secret](#server-db-secret) + - [www.example.com](#wwwexamplecom) + - [proxy-db-secret](#proxy-db-secret) + - [Install the HELM Chart](#install-the-helm-chart) - [Configuration](#configuration) - * [Zabbix overal](#zabbix-overal) - * [Zabbix Server](#zabbix-server) - * [Zabbix Web](#zabbix-web) - * [Zabbix Agent](#zabbix-agent) - + [agent.volumes_host](#-agentvolumes-host-) - + [agent.volumes](#-agentvolumes) - * [Zabbix Proxy](#zabbix-proxy) - * [Zabbix JavaGateway](#zabbix-javagateway) + - [Zabbix overal](#zabbix-overal) + - [Zabbix Server](#zabbix-server) + - [Zabbix Web](#zabbix-web) + - [Zabbix Agent](#zabbix-agent) + - [`agent.volumes_host`](#agentvolumes_host) + - [`agent.volumes`](#agentvolumes) + - [Zabbix Proxy](#zabbix-proxy) + - [Zabbix JavaGateway](#zabbix-javagateway) + - [Network Policies](#network-policies) + + + +# Introduction [WIP] Work in Progress (I've started a puppet module (owned by vox-populi now), have created several Ansible roles (Now part of the collection.zabbix) so why not starting a HELM Chart for Zabbix.) @@ -156,6 +164,8 @@ Parameter | Description | Default `zabbix.database.type`|The type of database to be used.|`mysql` `zabbix.database.name`|The name of the database.| `zabbix` `zabbix.database.host`|The host of the database.| `zabbix` +`zabbix.namespace`|The namespace on which Zabbix is running..| `zabbix` +`zabbix.networkPolicy.enabled`|If the network policies are enabled.| `true` ## Zabbix Server @@ -231,3 +241,19 @@ Parameter | Description | Default Parameter | Description | Default --------- | ----------- | ------- `javagateway.enabled`|If the Zabbix Java Gateway needs to be deployed or not.|`false` + +## Network Policies + +When `zabbix.networkPolicy.enabled` is set to `true` (Which is default), 3 networkpolicies are installed: + +```sh +$ kubectl -n zabbix get networkpolicies +NAME POD-SELECTOR AGE +zabbix-agent app=zabbix-agent 32m +zabbix-server app=zabbix-server 32m +zabbix-web app=zabbix-web 32m +``` + +The Zabbix Server only allows connections from and to both the Zabbix Web on port 10051 and the Zabbix Agent. The Zabbix Server also allows connections to be made to either port 3306 (MySQL) or 5432 (PostGreSQL), depending on the database type. + +The Zabbix Agent only allows connections from and to the Zabbix Server on port 10050. Both the Zabbix Server and Agent will allow DNS request made to `kube-dns`. diff --git a/templates/NOTES.txt b/templates/NOTES.txt index 535ecfd..cff909d 100644 --- a/templates/NOTES.txt +++ b/templates/NOTES.txt @@ -9,7 +9,9 @@ The following Zabbix components are installed: {{ if .Values.web.enabled -}} * Zabbix Web {{- end }} - +{{ if and .Values.zabbix.networkPolicy.enabled }} +Network policies are enabled. +{{- end }} {{ if .Values.ingress.enabled -}} {{- range .Values.ingress.hosts }} Zabbix web interface is available on: {{ .host | quote }} diff --git a/templates/networkpolicy-agent.yaml b/templates/networkpolicy-agent.yaml new file mode 100644 index 0000000..433af5c --- /dev/null +++ b/templates/networkpolicy-agent.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.zabbix.networkPolicy.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: zabbix-agent + namespace: "{{ .Values.zabbix.namespace }}" +spec: + podSelector: + matchLabels: + app: zabbix-agent + ingress: + - from: + - podSelector: + matchLabels: + app: zabbix-server + ports: + - port: 10050 + egress: + - to: + - podSelector: + matchLabels: + app: zabbix-server + ports: + - port: 10051 + - to: + - namespaceSelector: {} + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP +{{- end }} diff --git a/templates/networkpolicy-server.yaml b/templates/networkpolicy-server.yaml new file mode 100644 index 0000000..5257cb9 --- /dev/null +++ b/templates/networkpolicy-server.yaml @@ -0,0 +1,46 @@ +{{- if and .Values.zabbix.networkPolicy.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: zabbix-server + namespace: "{{ .Values.zabbix.namespace }}" +spec: + podSelector: + matchLabels: + app: zabbix-server + ingress: + - from: + - podSelector: + matchLabels: + app: zabbix-agent + ports: + - port: 10051 + - from: + - podSelector: + matchLabels: + app: zabbix-web + ports: + - port: 10051 + egress: + - ports: +{{- if eq .Values.zabbix.database.type "mysql" }} + - port: 3306 +{{- end }} +{{- if eq .Values.zabbix.database.type "pgsql" }} + - port: 5432 +{{- end }} + - to: + - podSelector: + matchLabels: + app: zabbix-agent + ports: + - port: 10050 + - to: + - namespaceSelector: {} + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP +{{- end }} diff --git a/templates/networkpolicy-web.yaml b/templates/networkpolicy-web.yaml new file mode 100644 index 0000000..02c2060 --- /dev/null +++ b/templates/networkpolicy-web.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.zabbix.networkPolicy.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: zabbix-web + namespace: "{{ .Values.zabbix.namespace }}" +spec: + podSelector: + matchLabels: + app: zabbix-web + ingress: + - {} + egress: + - {} +{{- end }} diff --git a/templates/zabbix-agent.service.yaml b/templates/zabbix-agent.service.yaml deleted file mode 100644 index 04d6819..0000000 --- a/templates/zabbix-agent.service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and .Values.agent.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: zabbix-agent - labels: - app: zabbix - namespace: zabbix -spec: - ports: - - port: 10050 - targetPort: 10050 - name: zabbix-agent - selector: - app: zabbix-agent -{{- end }} \ No newline at end of file diff --git a/templates/zabbix-agent.yaml b/templates/zabbix-agent.yaml index cd352e1..d791e3c 100644 --- a/templates/zabbix-agent.yaml +++ b/templates/zabbix-agent.yaml @@ -3,9 +3,9 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: zabbix-agent + namespace: "{{ .Values.zabbix.namespace }}" labels: - app: zabbix - tier: agent + app: zabbix-agent spec: updateStrategy: type: RollingUpdate @@ -13,13 +13,14 @@ spec: maxUnavailable: 1 selector: matchLabels: - app: zabbix + app: zabbix-agent template: metadata: labels: name: zabbix-agent - app: zabbix + app: zabbix-agent spec: + # hostNetwork: true containers: - name: zabbix-agent {{ if .Values.agent.image }} @@ -43,7 +44,7 @@ spec: {{- if .Values.agent.server.host }} value: "{{ .Values.agent.server.host }}" {{- else }} - value: "zabbix-server.{{ .Release.Namespace }}.svc" + value: "0.0.0.0/0,zabbix-server-0.{{ .Release.Namespace }}.svc" {{- end }} - name: ZBX_PASSIVE_ALLOW value: "{{ .Values.agent.passiveagent }}" diff --git a/templates/zabbix-server.service.yaml b/templates/zabbix-server.service.yaml index 152486d..520e799 100644 --- a/templates/zabbix-server.service.yaml +++ b/templates/zabbix-server.service.yaml @@ -2,24 +2,25 @@ apiVersion: v1 kind: Service metadata: - name: zabbix-server + name: "zabbix-server" labels: app: zabbix namespace: zabbix spec: + clusterIP: None ports: - port: 10051 targetPort: 10051 protocol: TCP - name: zabbix-trapper + name: "zabbix-trapper" {{- if .Values.server.snmptraps.enabled }} - port: 162 targetPort: 1162 protocol: UDP - name: snmp-trap + name: "snmp-trap" {{- end }} selector: - app: zabbix-server + app: "zabbix-server" {{- if .Values.server.externalIPs }} externalIPs: {{- toYaml .Values.server.externalIPs | nindent 8 }} diff --git a/templates/zabbix-server.yaml b/templates/zabbix-server.yaml index bac3bf3..85b07cc 100644 --- a/templates/zabbix-server.yaml +++ b/templates/zabbix-server.yaml @@ -1,12 +1,14 @@ {{- if and .Values.server.enabled -}} apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: zabbix-server + namespace: "{{ .Values.zabbix.namespace }}" labels: app: zabbix-server spec: replicas: 1 + serviceName: zabbix-server selector: matchLabels: app: zabbix-server @@ -36,7 +38,12 @@ spec: tcpSocket: port: zabbix-trapper initialDelaySeconds: 15 - periodSeconds: 20 + periodSeconds: 10 + startupProbe: + tcpSocket: + port: zabbix-trapper + failureThreshold: 30 + periodSeconds: 10 env: {{- if eq .Values.zabbix.database.type "mysql" }} - name: MYSQL_USER @@ -89,10 +96,10 @@ spec: securityContext: privileged: {{ .Values.server.securityContext.privileged }} runAsUser: {{ .Values.server.securityContext.runAsUser }} - {{- if or .Values.server.snmptraps (gt (len .Values.server.volumeMounts) 0) }} + {{- if or .Values.server.snmptraps.enabled (gt (len .Values.server.volumeMounts) 0) }} volumeMounts: {{- end }} - {{- if .Values.server.snmptraps }} + {{- if .Values.server.snmptraps.enabled }} - name: zabbix-db-storage mountPath: /var/lib/zabbix/snmptraps/ readOnly: true @@ -100,7 +107,7 @@ spec: {{- if .Values.server.volumeMounts }} {{- toYaml .Values.server.volumeMounts | nindent 12 }} {{- end }} - {{- if .Values.server.snmptraps }} + {{- if .Values.server.snmptraps.enabled }} - name: zabbix-snmptraps image: "zabbix/zabbix-snmptraps:alpine-{{ if .Values.server.version }}{{ .Values.server.version }}{{- else }}{{ .Values.zabbix.version }}{{- end }}" imagePullPolicy: Always @@ -113,10 +120,10 @@ spec: mountPath: /var/lib/zabbix/snmptraps/ readOnly: false {{- end }} - {{- if or .Values.server.snmptraps (gt (len .Values.server.volumes) 0) }} + {{- if or .Values.server.snmptraps.enabled (gt (len .Values.server.volumes) 0) }} volumes: {{- end }} - {{- if .Values.server.snmptraps }} + {{- if .Values.server.snmptraps.enabled }} - hostPath: path: /zabbix/ name: zabbix-db-storage diff --git a/templates/zabbix-web.service.yaml b/templates/zabbix-web.service.yaml index e26444f..ad83859 100644 --- a/templates/zabbix-web.service.yaml +++ b/templates/zabbix-web.service.yaml @@ -1,4 +1,3 @@ ---- apiVersion: v1 kind: Service metadata: diff --git a/templates/zabbix-web.yaml b/templates/zabbix-web.yaml index 9b1236d..9d05774 100644 --- a/templates/zabbix-web.yaml +++ b/templates/zabbix-web.yaml @@ -3,6 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: zabbix-web + namespace: "{{ .Values.zabbix.namespace }}" labels: app: zabbix-web spec: diff --git a/tests/values/zabbix-agent.yaml b/tests/values/zabbix-agent.yaml index 8592520..f26127b 100644 --- a/tests/values/zabbix-agent.yaml +++ b/tests/values/zabbix-agent.yaml @@ -1,6 +1,4 @@ ---- - agent: - image: "this-is-my/zabbix:awesome" + image: this-is-my/zabbix:awesome server: host: zabbix-server.my.name diff --git a/tests/zabbix-agent-service_test.yaml b/tests/zabbix-agent-service_test.yaml deleted file mode 100644 index 05dfbc2..0000000 --- a/tests/zabbix-agent-service_test.yaml +++ /dev/null @@ -1,17 +0,0 @@ -suite: test zabbix-agent service -templates: - - zabbix-agent.service.yaml -tests: - - it: should pass - # set: - # server.snmptraps.enabled: false - # release: - # name: my-release - asserts: - - contains: - path: spec.ports - content: - port: 10050 - targetPort: 10050 - name: zabbix-agent - diff --git a/tests/zabbix-agent_test.yaml b/tests/zabbix-agent_test.yaml index 3108635..4d8b694 100644 --- a/tests/zabbix-agent_test.yaml +++ b/tests/zabbix-agent_test.yaml @@ -1,32 +1,32 @@ suite: test zabbix-agent templates: - - zabbix-agent.yaml +- zabbix-agent.yaml tests: - - it: should work - values: - - ./values/zabbix-agent.yaml - asserts: - - isKind: - of: DaemonSet - - equal: - path: spec.template.spec.containers[0].image - value: "this-is-my/zabbix:awesome" - - notEqual: - path: spec.template.spec.containers[0].image - value: "zabbix/zabbix-agent:alpine-5.0-latest" - - equal: - path: spec.template.spec.containers[0].imagePullPolicy - value: IfNotPresent - - equal: - path: spec.template.spec.containers[0].securityContext.privileged - value: true - - equal: - path: spec.template.spec.containers[0].securityContext.runAsUser - value: 1997 - - equal: - path: spec.template.spec.containers[0].env[0].value - value: zabbix-server.my.name - - isNotNull: - path: spec.template.spec.containers[0].volumeMounts - - isNotNull: - path: spec.template.spec.volumes +- it: should work + values: + - ./values/zabbix-agent.yaml + asserts: + - isKind: + of: DaemonSet + - equal: + path: spec.template.spec.containers[0].image + value: this-is-my/zabbix:awesome + - notEqual: + path: spec.template.spec.containers[0].image + value: zabbix/zabbix-agent:alpine-5.2-latest + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: IfNotPresent + - equal: + path: spec.template.spec.containers[0].securityContext.privileged + value: true + - equal: + path: spec.template.spec.containers[0].securityContext.runAsUser + value: 1997 + - equal: + path: spec.template.spec.containers[0].env[0].value + value: zabbix-server.my.name + - isNotNull: + path: spec.template.spec.containers[0].volumeMounts + - isNotNull: + path: spec.template.spec.volumes diff --git a/tests/zabbix-server-service_test.yaml b/tests/zabbix-server-service_test.yaml index 2b64289..d6c480b 100644 --- a/tests/zabbix-server-service_test.yaml +++ b/tests/zabbix-server-service_test.yaml @@ -1,22 +1,22 @@ suite: test zabbix-server service templates: - - zabbix-server.service.yaml +- zabbix-server.service.yaml tests: - - it: should pass - set: - server.snmptraps.enabled: false - release: - name: my-release - asserts: - - contains: - path: spec.ports - content: - port: 10051 - targetPort: 10051 - protocol: TCP - name: zabbix-trapper +- it: should pass + set: + server.snmptraps.enabled: false + release: + name: my-release + asserts: + - contains: + path: spec.ports + content: + port: 10051 + targetPort: 10051 + protocol: TCP + name: zabbix-trapper - - equal: - path: spec.selector - value: - app: zabbix-server + - equal: + path: spec.selector + value: + app: zabbix-server diff --git a/tests/zabbix-server_test.yaml b/tests/zabbix-server_test.yaml index d8537d7..ef144e6 100644 --- a/tests/zabbix-server_test.yaml +++ b/tests/zabbix-server_test.yaml @@ -1,27 +1,27 @@ suite: test zabbix-server templates: - - zabbix-server.yaml +- zabbix-server.yaml tests: - - it: should work - asserts: - - isKind: - of: Deployment - - equal: - path: spec.template.spec.containers[0].image - value: "zabbix/zabbix-server-mysql:alpine-5.0-latest" - - equal: - path: spec.template.spec.containers[0].imagePullPolicy - value: IfNotPresent - - equal: - path: spec.template.spec.containers[0].securityContext.privileged - value: true - - equal: - path: spec.template.spec.containers[0].securityContext.runAsUser - value: 1997 - - equal: - path: spec.template.spec.containers[0].env[0].name - value: MYSQL_USER - - isNotNull: - path: spec.template.spec.containers[0].volumeMounts - - isNotNull: - path: spec.template.spec.volumes +- it: should work + asserts: + - isKind: + of: StatefulSet + - equal: + path: spec.template.spec.containers[0].image + value: zabbix/zabbix-server-mysql:alpine-5.2-latest + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: IfNotPresent + - equal: + path: spec.template.spec.containers[0].securityContext.privileged + value: true + - equal: + path: spec.template.spec.containers[0].securityContext.runAsUser + value: 1997 + - equal: + path: spec.template.spec.containers[0].env[0].name + value: MYSQL_USER + - isNotNull: + path: spec.template.spec.containers[0].volumeMounts + - isNotNull: + path: spec.template.spec.volumes diff --git a/tests/zabbix-web_test.yaml b/tests/zabbix-web_test.yaml index 0ab88ab..a8764ef 100644 --- a/tests/zabbix-web_test.yaml +++ b/tests/zabbix-web_test.yaml @@ -1,27 +1,27 @@ suite: test zabbix-web templates: - - zabbix-web.yaml +- zabbix-web.yaml tests: - - it: should work - asserts: - - isKind: - of: Deployment - - equal: - path: spec.template.spec.containers[0].image - value: "zabbix/zabbix-web-nginx-mysql:alpine-5.0-latest" - - equal: - path: spec.template.spec.containers[0].imagePullPolicy - value: IfNotPresent - - equal: - path: spec.template.spec.containers[0].securityContext.privileged - value: true - - equal: - path: spec.template.spec.containers[0].securityContext.runAsUser - value: 1997 - - equal: - path: spec.template.spec.containers[0].env[2].name - value: MYSQL_USER - - isNotNull: - path: spec.template.spec.containers[0].volumeMounts - - isNotNull: - path: spec.template.spec.volumes +- it: should work + asserts: + - isKind: + of: Deployment + - equal: + path: spec.template.spec.containers[0].image + value: zabbix/zabbix-web-nginx-mysql:alpine-5.2-latest + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: IfNotPresent + - equal: + path: spec.template.spec.containers[0].securityContext.privileged + value: true + - equal: + path: spec.template.spec.containers[0].securityContext.runAsUser + value: 1997 + - equal: + path: spec.template.spec.containers[0].env[2].name + value: MYSQL_USER + - isNotNull: + path: spec.template.spec.containers[0].volumeMounts + - isNotNull: + path: spec.template.spec.volumes diff --git a/values.yaml b/values.yaml index f9809ab..0f0f9e1 100644 --- a/values.yaml +++ b/values.yaml @@ -7,21 +7,24 @@ ingress: enabled: true annotations: {} hosts: - - host: www.example.com - secretName: www.example.com - paths: - - "/" + - host: www.example.com + secretName: www.example.com + paths: + - / # tls: # - hosts: # - www.example.com # secretName: www.example.com zabbix: - version: 5.0-latest + version: 5.2-latest database: type: mysql name: zabbix host: mysql-8.default.svc.cluster.local + namespace: zabbix + networkPolicy: + enabled: true server: enabled: true @@ -51,7 +54,7 @@ agent: privileged: true runAsUser: 1997 server: - host: "" + host: '' timeout: 10 startagents: 3 passiveagent: true