diff --git a/.github/workflows/lint_test_charts.yaml b/.github/workflows/lint_test_charts.yaml index 7caf528..5ea11f7 100644 --- a/.github/workflows/lint_test_charts.yaml +++ b/.github/workflows/lint_test_charts.yaml @@ -24,4 +24,5 @@ jobs: run: | set -x cd charts/icinga-stack - helm unittest . \ No newline at end of file + helm dependency update + helm unittest . diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index dbf76df..3406efa 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -37,5 +37,5 @@ To maintain a certain style of tests throughout the charts, please adhere to the * Tests for subcharts should be placed in the `./tests` directory of the parent chart and prefixed with the subchart's name, e.g. `icingaweb2_deployment_test.yaml`. * Tests should be grouped by the template they are testing. -* Test files should be named after the template they are testing, e.g. IcingaWeb2's `deployment.yaml` should be tested in `icingaweb2_deployment_test.yaml`. -* **Test Suites** should be prefixed with the name of the chart they test, e.g. *[Icinga2] Test Icinga2 persistence* \ No newline at end of file +* Test files should be named after the template they are testing, e.g. Icinga Web's `deployment.yaml` should be tested in `icingaweb2_deployment_test.yaml`. +* **Test Suites** should be prefixed with the name of the product/chart they test, e.g. *[Icinga 2] Test Icinga 2 persistence* diff --git a/README.md b/README.md index d99c07b..707cb00 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,17 @@ -# Icinga2 Kubernetes Helm Charts +# Icinga Kubernetes Helm Charts -This repository serves as a central repository to host all Icinga2 related Helm charts. +This repository serves as a central repository to host all Icinga related Helm charts. -[Icinga2](https://icinga.com) is a monitoring system which checks the availability of your network resources, notifies users of outages, and generates performance data for reporting. +[Icinga](https://icinga.com) is a monitoring system which checks the availability of your network resources, notifies users of outages, and generates performance data for reporting. [Helm](https://helm.sh) is a tool for managing Kubernetes charts. Charts are packages of pre-configured Kubernetes resources. ### Add Helm repository -First you need to add the Icinga2 Helm repository to your Helm installation. Helm repositories are similar to package repositories in Linux distributions as in they contain different available packages of +First you need to add the Icinga Helm repository to your Helm installation. Helm repositories are similar to package repositories in Linux distributions as in they contain different available packages of Kubernetes manifests for users to consume. -The Icinga2 Helm repository is hosted on GitHub Pages and can be added to your Helm installation by running the following command: +The Icinga Helm repository is hosted on GitHub Pages and can be added to your Helm installation by running the following command: ```console helm repo add icinga https://icinga.github.io/helm-charts @@ -34,4 +34,4 @@ For information on how to contribute to this repository, see the [contribution g ## License -This project is licensed under the terms of the [Apache 2.0](LICENSE) open source license. \ No newline at end of file +This project is licensed under the terms of the [Apache 2.0](LICENSE) open source license. diff --git a/charts/icinga-stack/Chart.yaml b/charts/icinga-stack/Chart.yaml index 87f483f..8527542 100644 --- a/charts/icinga-stack/Chart.yaml +++ b/charts/icinga-stack/Chart.yaml @@ -1,3 +1,8 @@ +dependencies: + - name: common + version: 2.x.x + repository: oci://registry-1.docker.io/bitnamicharts + apiVersion: v2 name: icinga-stack description: Icinga is a monitoring system which checks the availability of your network resources, notifies users of outages, and generates performance data for reporting. diff --git a/charts/icinga-stack/README.md b/charts/icinga-stack/README.md index b503120..4ec0565 100644 --- a/charts/icinga-stack/README.md +++ b/charts/icinga-stack/README.md @@ -1,8 +1,8 @@ -# Icinga2 Kubernetes Helm Charts +# Icinga Kubernetes Helm Charts > **WARNING**: This chart is currently in alpha state and should not be used in production. Breaking changes in future releases are well possible. -[Icinga2](https://icinga.com) is a monitoring system which checks the availability of your network resources, notifies users of outages, and generates performance data for reporting. +[Icinga](https://icinga.com) is a monitoring system which checks the availability of your network resources, notifies users of outages, and generates performance data for reporting. [Helm](https://helm.sh) is a tool for managing Kubernetes charts. Charts are packages of pre-configured Kubernetes resources. @@ -19,19 +19,19 @@ This chart bootstraps a complete Icinga environment on a [Kubernetes](http://kub ### Add Helm repository -First you need to add the Icinga2 Helm repository to your Helm installation. Helm repositories are similar to package repositories in Linux distributions as in they contain different available packages of +First you need to add the Icinga Helm repository to your Helm installation. Helm repositories are similar to package repositories in Linux distributions as in they contain different available packages of Kubernetes manifests for users to consume. -The Icinga2 Helm repository is hosted on GitHub Pages and can be added to your Helm installation by running the following command: +The Icinga Helm repository is hosted on GitHub Pages and can be added to your Helm installation by running the following command: ```console helm repo add icinga https://icinga.github.io/helm-charts helm repo update ``` -### Install Icinga2 +### Install Icinga -Once the repository is known to your Helm installation, you can install Icinga2 by running the following command: +Once the repository is known to your Helm installation, you can install Icinga by running the following command: ```console helm install \ @@ -45,6 +45,8 @@ helm install \ --set global.databases.icingaweb2.password.value=CHANGE-ME \ --set global.databases.icingadb.username.value=CHANGE-ME \ --set global.databases.icingadb.password.value=CHANGE-ME \ + --set global.databases.kubernetes.username.value=CHANGE-ME \ + --set global.databases.kubernetes.password.value=CHANGE-ME \ icinga/icinga-stack ``` diff --git a/charts/icinga-stack/charts/icinga-kubernetes/Chart.yaml b/charts/icinga-stack/charts/icinga-kubernetes/Chart.yaml new file mode 100644 index 0000000..7f9e943 --- /dev/null +++ b/charts/icinga-stack/charts/icinga-kubernetes/Chart.yaml @@ -0,0 +1,16 @@ +dependencies: + - name: common + version: 2.x.x + repository: oci://registry-1.docker.io/bitnamicharts + +apiVersion: v2 +name: icinga-kubernetes +description: Icinga Kubernetes +maintainers: + - name: Icinga GmbH + email: info@icinga.com + url: https://icinga.com + +type: application +version: 0.1.0 +appVersion: "edge" diff --git a/charts/icinga-stack/charts/icinga-kubernetes/templates/_config.tpl b/charts/icinga-stack/charts/icinga-kubernetes/templates/_config.tpl new file mode 100644 index 0000000..c93aa29 --- /dev/null +++ b/charts/icinga-stack/charts/icinga-kubernetes/templates/_config.tpl @@ -0,0 +1,27 @@ +{{/* + Create the config + */}} +{{- define "icinga-kubernetes.config" -}} +# This is the configuration file for Icinga Kubernetes. + +# Connection configuration for the database to which Icinga Kubernetes synchronizes data. +# This is also the database used in Icinga Kubernetes Web to view and work with the data. +database: + # Database type. Only 'mysql' is supported yet which is the default. + # type: mysql + + # Database host or absolute Unix socket path. + host: {{ if .Values.global.databases.kubernetes.enabled }} {{ .Release.Name }}-kubernetes-database {{ else }} {{ .Values.global.databases.kubernetes.host | quote }} {{ end }} + + # Database port. By default, the MySQL port. + port: {{ .Values.global.databases.kubernetes.port | default 3306 }} + + # Database name. + database: kubernetes + + # Database user. + user: {{ .Values.global.databases.kubernetes.username.value }} + + # Database password. + password: {{ .Values.global.databases.kubernetes.password.value }} +{{- end -}} diff --git a/charts/icinga-stack/charts/icinga-kubernetes/templates/_helpers.tpl b/charts/icinga-stack/charts/icinga-kubernetes/templates/_helpers.tpl new file mode 100644 index 0000000..5d7051b --- /dev/null +++ b/charts/icinga-stack/charts/icinga-kubernetes/templates/_helpers.tpl @@ -0,0 +1,18 @@ +{{/* + Create the name of the service account to use + */}} +{{- define "icinga-kubernetes.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{- default (include "common.names.fullname" .) .Values.serviceAccount.name -}} +{{- else -}} + {{- default "default" .Values.serviceAccount.name -}} +{{- end -}} +{{- end -}} + +{{/* + Create the name of the config map to use + */}} +{{- define "icinga-kubernetes.configmapName" -}} +{{- printf "%s-configuration" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} + diff --git a/charts/icinga-stack/charts/icinga-kubernetes/templates/clusterrole.yaml b/charts/icinga-stack/charts/icinga-kubernetes/templates/clusterrole.yaml new file mode 100644 index 0000000..5ce0afe --- /dev/null +++ b/charts/icinga-stack/charts/icinga-kubernetes/templates/clusterrole.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create -}} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: ClusterRole +metadata: + name: {{ include "common.names.fullname" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - watch + - list +{{- end }} diff --git a/charts/icinga-stack/charts/icinga-kubernetes/templates/clusterrolebinding.yaml b/charts/icinga-stack/charts/icinga-kubernetes/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..e0702eb --- /dev/null +++ b/charts/icinga-stack/charts/icinga-kubernetes/templates/clusterrolebinding.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.create -}} +kind: ClusterRoleBinding +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ include "common.names.fullname" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "common.names.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "icinga-kubernetes.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} +{{- end }} diff --git a/charts/icinga-stack/charts/icinga-kubernetes/templates/configmap.yaml b/charts/icinga-stack/charts/icinga-kubernetes/templates/configmap.yaml new file mode 100644 index 0000000..863ac76 --- /dev/null +++ b/charts/icinga-stack/charts/icinga-kubernetes/templates/configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "icinga-kubernetes.configmapName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + config.yml: |- + {{- include "icinga-kubernetes.config" . | nindent 4 }} diff --git a/charts/icinga-stack/charts/icinga-kubernetes/templates/deployment.yaml b/charts/icinga-stack/charts/icinga-kubernetes/templates/deployment.yaml new file mode 100644 index 0000000..f55d986 --- /dev/null +++ b/charts/icinga-stack/charts/icinga-kubernetes/templates/deployment.yaml @@ -0,0 +1,39 @@ +{{ if .Values.enabled -}} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: 1 + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + annotations: + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "icinga-kubernetes.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name}} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - name: configuration + mountPath: /config.yml + subPath: config.yml + volumes: + - name: empty-dir + emptyDir: {} + - name: configuration + configMap: + name: {{ include "icinga-kubernetes.configmapName" . }} +{{- end }} diff --git a/charts/icinga-stack/charts/icinga-kubernetes/templates/serviceaccount.yaml b/charts/icinga-stack/charts/icinga-kubernetes/templates/serviceaccount.yaml new file mode 100644 index 0000000..ce45d95 --- /dev/null +++ b/charts/icinga-stack/charts/icinga-kubernetes/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "icinga-kubernetes.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/icinga-stack/charts/icinga-kubernetes/values.yaml b/charts/icinga-stack/charts/icinga-kubernetes/values.yaml new file mode 100644 index 0000000..e856c48 --- /dev/null +++ b/charts/icinga-stack/charts/icinga-kubernetes/values.yaml @@ -0,0 +1,12 @@ +enabled: true + +image: + repository: icinga/icinga-kubernetes + tag: edge + pullPolicy: Always + +rbac: + create: true + +serviceAccount: + create: true diff --git a/charts/icinga-stack/charts/icinga2/templates/_core_config.tpl b/charts/icinga-stack/charts/icinga2/templates/_core_config.tpl index 8032652..fa5aea9 100644 --- a/charts/icinga-stack/charts/icinga2/templates/_core_config.tpl +++ b/charts/icinga-stack/charts/icinga2/templates/_core_config.tpl @@ -1,5 +1,5 @@ {{- define "icinga2.config" -}} -// Constants for Icinga2 from constants.conf +// Constants for Icinga 2 from constants.conf const PluginDir = "/usr/lib/nagios/plugins" const ManubulonPluginDir = "/usr/lib/nagios/plugins" const PluginContribDir = "/usr/lib/nagios/plugins" diff --git a/charts/icinga-stack/charts/icingaweb2/Chart.yaml b/charts/icinga-stack/charts/icingaweb2/Chart.yaml index 7b23f49..e608186 100644 --- a/charts/icinga-stack/charts/icingaweb2/Chart.yaml +++ b/charts/icinga-stack/charts/icingaweb2/Chart.yaml @@ -5,7 +5,7 @@ maintainers: - name: Daniel Bodky email: daniel.bodky@netways.de url: https://github.com/mocdaniel - + # A chart can be either an 'application' or a 'library' chart. # # Application charts are a collection of templates that can be packaged into versioned archives @@ -25,4 +25,4 @@ version: 0.2.0 # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "2.11.4" +appVersion: "2.12.1" diff --git a/charts/icinga-stack/charts/icingaweb2/templates/_icingaweb-config.tpl b/charts/icinga-stack/charts/icingaweb2/templates/_icingaweb-config.tpl index cff5401..17bdb3c 100644 --- a/charts/icinga-stack/charts/icingaweb2/templates/_icingaweb-config.tpl +++ b/charts/icinga-stack/charts/icingaweb2/templates/_icingaweb-config.tpl @@ -36,7 +36,7 @@ name: {{ .Values.auth.admin_password.credSecret | quote }} key: {{ .Values.auth.admin_password.secretKey | quote }} {{- else }} -{{ fail "IcingaWeb2 auth admin password not set. Set either .Values.icingaweb2.auth.admin_password.value or .Values.icingaweb2.auth.admin_password.credSecret and .Values.icingaweb2.auth.admin_password.secretKey" }} +{{ fail "Icinga Web auth admin password not set. Set either .Values.icingaweb2.auth.admin_password.value or .Values.icingaweb2.auth.admin_password.credSecret and .Values.icingaweb2.auth.admin_password.secretKey" }} {{- end}} - name: icingaweb.config.global.config_resource value: {{ .Values.auth.resource | default .Values.global.databases.icingaweb2.database | quote }} diff --git a/charts/icinga-stack/charts/icingaweb2/values.yaml b/charts/icinga-stack/charts/icingaweb2/values.yaml index db09e21..1b0519d 100644 --- a/charts/icinga-stack/charts/icingaweb2/values.yaml +++ b/charts/icinga-stack/charts/icingaweb2/values.yaml @@ -2,8 +2,8 @@ enabled: true image: repository: icinga/icingaweb2 - tag: 2.11.4 - pullPolicy: IfNotPresent + tag: 2.12.1 + pullPolicy: Always imagePullSecrets: [] diff --git a/charts/icinga-stack/docs/configuration.md b/charts/icinga-stack/docs/configuration.md index a35ace2..7d1b63f 100644 --- a/charts/icinga-stack/docs/configuration.md +++ b/charts/icinga-stack/docs/configuration.md @@ -2,9 +2,9 @@ The configuration for this chart is done via entries in `values.yaml` in the project's root directory. The following tables lists the configurable parameters of the chart and their default values. -For configuration of Icinga2's different **features**, please see the section about [Icinga2 features](#icinga2-features). +For configuration of Icinga 2's different **features**, please see the section about [Icinga 2 features](#icinga-2-features). -For configuration of IcingaWeb2's different **modules**, please see the section about [IcingaWeb2 modules](#icingaweb2-modules). +For configuration of Icinga Web's different **modules**, please see the section about [Icinga Web modules](#icinga-web-modules). ## Values configuration @@ -21,9 +21,9 @@ The values can be set in the chart's `values.yaml` file or via the `--set` flag | Parameter | Description | Remarks | Kubernetes secret parameters | | --------- | ----------- | ------- | ---------------------------- | | `icinga2.config.ticket_salt.value` | Salt used to generate API tickets for satellites and agents | - | `icinga2.config.ticket_salt.credSecret`, `icinga2.config.ticket_salt.secretKey` | -| `icingaweb2.auth.admin_password.value` | Password for the Icinga Web 2 admin user | Only needs to be set if Icingaweb2 is `enabled` | `icingaweb2.auth.admin_password.credSecret`, `icingaweb2.auth.admin_password.secretKey` | +| `icingaweb2.auth.admin_password.value` | Password for the Icinga Web admin user | Only needs to be set if Icinga Web is `enabled` | `icingaweb2.auth.admin_password.credSecret`, `icingaweb2.auth.admin_password.secretKey` | | `global.api.users.director.password.value` | Password for the Icinga Director API user | Only needs to be set if Director is `enabled` | `global.api.users.credSecret`, `global.api.users.director.password.secretKey` | -| `global.api.users.icingaweb.password.value` | Password for the Icingaweb2 API user| Only needs to be set if Icingaweb2 is `enabled` | `global.api.users.credSecret`, `global.api.users.icingaweb.password.secretKey` | +| `global.api.users.icingaweb.password.value` | Password for the Icinga Web API user| Only needs to be set if Icinga Web is `enabled` | `global.api.users.credSecret`, `global.api.users.icingaweb.password.secretKey` | ### Global values @@ -33,8 +33,8 @@ These values are used by multiple (sub-)charts and therefore need to be set in t | --------- | ----------- | --------- | ------- | | `global.api.host` | Hostname of the Icinga 2 API | `string` | **not set** | | `global.api.port` | Port of the Icinga 2 API | `number` | `5665` | -| `global.api.users.director.permissions` | Permissions of the Icinga2 API user for Director | `[]string` | `["*"]` | -| `global.api.users.icingaweb.permissions` | Permissions of the Icinga2 API user for Icingaweb2 | `[]string` | `["*"]` | +| `global.api.users.director.permissions` | Permissions of the Icinga 2 API user for Director | `[]string` | `["*"]` | +| `global.api.users.icingaweb.permissions` | Permissions of the Icinga 2 API user for Icinga Web | `[]string` | `["*"]` | | `global.databases..database` | Name of the respective database | `string` | `db`| | `global.databases..username.value` | Username for the respective database. Can be set from secret defined by `global.databases..credSecret` and `global.databases..username.secretKey` | `string` | **not set** | | | `global.databases..password.value` | Password for the respective database. Can be set from secret defined by `global.databases..credSecret` and `global.databases..password.secretKey` | `string` | **not set** | | @@ -53,34 +53,34 @@ These values are used by multiple (sub-)charts and therefore need to be set in t | `global.redis.host` | Hostname of the Redis instance | `string` | **not set** | | `global.redis.port` | Port of the Redis instance | `number` | **not set** | -### Icinga2 values +### Icinga 2 values -These values are used by the Icinga2 sub-chart. For configuration of Icinga2's different **features**, please see the section about [Icinga2 features](#icinga2-features). +These values are used by the Icinga 2 sub-chart. For configuration of Icinga 2's different **features**, please see the section about [Icinga 2 features](#icinga-2-features). | Parameter | Description | Data Type | Default | | --------- | ----------- | --------- | ------- | -| `icinga2.image.repository` | Repository of the Icinga2 image | `string` | `icinga/icinga2` | -| `icinga2.image.tag` | Tag of the Icinga2 image | `string` | `2.13.7` | -| `icinga2.image.pullPolicy` | Pull policy of the Icinga2 image | `string` | `IfNotPresent` | -| `icinga2.imagePullSecrets` | Pull secrets of the Icinga2 image | `[]string` | `[]` | -| `icinga2.nameOverride` | Name override of the Icinga2 deployment | `string` | `""` | -| `icinga2.fullnameOverride` | Fullname override of the Icinga2 deployment | `string` | `""` | -| `icinga2.service.type` | Type of the Icinga2 service | `string` | `ClusterIP` | -| `icinga2.service.port` | Port of the Icinga2 service | `number` | `5665` | -| `icinga2.ingress.enabled` | Whether or not to deploy an ingress for Icinga2 | `boolean` | `false` | -| `icinga2.ingress.className` | Class name of the Icinga2 ingress | `string` | `""` | -| `icinga2.ingress.annotations` | Annotations of the Icinga2 ingress | `map[string]string` | `{}` | -| `icinga2.ingress.hosts[].host` | Host of the Icinga2 ingress | `string` | **not set** | -| `icinga2.ingress.hosts[].paths[].path` | Path of the Icinga2 ingress | `string` | `/` | -| `icinga2.ingress.hosts[].paths[].pathType` | Path type of the Icinga2 ingress | `string` | `ImplementationSpecific` | -| `icinga2.ingress.tls[].hosts[]` | Hosts of the Icinga2 ingress | `[]string` | **not set** | -| `icinga2.ingress.tls[].secretName` | Secret name of the Icinga2 ingress | `string` | **not set** | -| `icinga2.config.node_name` | Name of the Icinga2 node | `string` | `icinga2-master` | -| `icinga2.config.zone_name` | Name of the Icinga2 zone | `string` | `master` | +| `icinga2.image.repository` | Repository of the Icinga 2 image | `string` | `icinga/icinga2` | +| `icinga2.image.tag` | Tag of the Icinga 2 image | `string` | `2.13.7` | +| `icinga2.image.pullPolicy` | Pull policy of the Icinga 2 image | `string` | `IfNotPresent` | +| `icinga2.imagePullSecrets` | Pull secrets of the Icinga 2 image | `[]string` | `[]` | +| `icinga2.nameOverride` | Name override of the Icinga 2 deployment | `string` | `""` | +| `icinga2.fullnameOverride` | Fullname override of the Icinga 2 deployment | `string` | `""` | +| `icinga2.service.type` | Type of the Icinga 2 service | `string` | `ClusterIP` | +| `icinga2.service.port` | Port of the Icinga 2 service | `number` | `5665` | +| `icinga2.ingress.enabled` | Whether or not to deploy an ingress for Icinga 2 | `boolean` | `false` | +| `icinga2.ingress.className` | Class name of the Icinga 2 ingress | `string` | `""` | +| `icinga2.ingress.annotations` | Annotations of the Icinga 2 ingress | `map[string]string` | `{}` | +| `icinga2.ingress.hosts[].host` | Host of the Icinga 2 ingress | `string` | **not set** | +| `icinga2.ingress.hosts[].paths[].path` | Path of the Icinga 2 ingress | `string` | `/` | +| `icinga2.ingress.hosts[].paths[].pathType` | Path type of the Icinga 2 ingress | `string` | `ImplementationSpecific` | +| `icinga2.ingress.tls[].hosts[]` | Hosts of the Icinga 2 ingress | `[]string` | **not set** | +| `icinga2.ingress.tls[].secretName` | Secret name of the Icinga 2 ingress | `string` | **not set** | +| `icinga2.config.node_name` | Name of the Icinga 2 node | `string` | `icinga2-master` | +| `icinga2.config.zone_name` | Name of the Icinga 2 zone | `string` | `master` | | `icinga2.config.disable_confd` | Disables the `include_recursive "conf.d"` directive in icinga2.conf | `boolean` | `true` | | `icinga2.config.ticket_salt.value` | Salt used to generate API tickets for satellites and agents. Can be set from secret specified in `icinga2.config.ticket_salt.credSecret` and `icinga2.config.ticket_salt.secretKey` | `string` | **not set** | | `icinga2.features..enabled` | Whether or not the respective feature should be enabled | `boolean` | **varies** | -| `icinga2.persistence.enabled` | Whether or not the Icinga2 deployment should use a persistent volume | `boolean` | `false` | +| `icinga2.persistence.enabled` | Whether or not the Icinga 2 deployment should use a persistent volume | `boolean` | `false` | | `icinga2.persistence.size` | Size of the persistent volume | `string` | `5Gi` | | `icinga2.persistence.accessMode` | Access mode of the persistent volume | `string` | `ReadWriteOnce` | | `icinga2.persistence.storageClass` | Storage class of the persistent volume | `string` | **not set** | @@ -88,82 +88,82 @@ These values are used by the Icinga2 sub-chart. For configuration of Icinga2's d | `icinga2.persistence.subPath` | Subpath of the persistent volume | `string` | **not set** | | `icinga2.persistence.matchLabels` | Labels to match for the persistent volume | `map[string]string` | `{}` | | `icinga2.persistence.matchExpressions` | Expressions to match for the persistent volume | `[]map[string]string` | `[]`| -| `icinga2.resources` | Resources of the Icinga2 deployment | `map[string]string` | `{}` | -| `icinga2.nodeSelector` | Node selector of the Icinga2 deployment | `map[string]string` | `{}` | -| `icinga2.tolerations` | Tolerations of the Icinga2 deployment | `[]map[string]string` | `[]` | -| `icinga2.affinity` | Affinity of the Icinga2 deployment | `map[string]string` | `{}` | -| `icinga2.serviceAccount.create` | Whether or not to create a service account for the Icinga2 deployment | `boolean` | `false` | -| `icinga2.serviceAccount.annotations` | Annotations of the Icinga2 service account | `map[string]string` | `{}` | -| `icinga2.serviceAccount.name` | Name of the Icinga2 service account | `string` | `""` | -| `icinga2.podAnnotations` | Annotations of the Icinga2 pods | `map[string]string` | `{}` | -| `icinga2.podSecurityContext.fsGroup` | Filesystem group of the Icinga2 pods | `number` | `5665` | -| `icinga2.podSecurityContext` | Security context of the Icinga2 pods | `map[string]string` | `{}` | +| `icinga2.resources` | Resources of the Icinga 2 deployment | `map[string]string` | `{}` | +| `icinga2.nodeSelector` | Node selector of the Icinga 2 deployment | `map[string]string` | `{}` | +| `icinga2.tolerations` | Tolerations of the Icinga 2 deployment | `[]map[string]string` | `[]` | +| `icinga2.affinity` | Affinity of the Icinga 2 deployment | `map[string]string` | `{}` | +| `icinga2.serviceAccount.create` | Whether or not to create a service account for the Icinga 2 deployment | `boolean` | `false` | +| `icinga2.serviceAccount.annotations` | Annotations of the Icinga 2 service account | `map[string]string` | `{}` | +| `icinga2.serviceAccount.name` | Name of the Icinga 2 service account | `string` | `""` | +| `icinga2.podAnnotations` | Annotations of the Icinga 2 pods | `map[string]string` | `{}` | +| `icinga2.podSecurityContext.fsGroup` | Filesystem group of the Icinga 2 pods | `number` | `5665` | +| `icinga2.podSecurityContext` | Security context of the Icinga 2 pods | `map[string]string` | `{}` | -### IcingaDB values +### Icinga DB values -These values are used by the IcingaDB sub-chart. +These values are used by the Icinga DB sub-chart. | Parameter | Description | Data Type | Default | | --------- | ----------- | --------- | ------- | -| `icingadb.enabled` | Whether or not to deploy IcingaDB | `boolean` | `true` | -| `icingadb.image.repository` | Repository of the IcingaDB image | `string` | `icinga/icingadb` | -| `icingadb.image.tag` | Tag of the IcingaDB image | `string` | `1.1.0` | -| `icingadb.image.pullPolicy` | Pull policy of the IcingaDB image | `string` | `IfNotPresent` | -| `icingadb.imagePullSecrets` | Pull secrets of the IcingaDB image | `[]string` | `[]` | -| `icingadb.nameOverride` | Name override of the IcingaDB deployment | `string` | `""` | -| `icingadb.fullnameOverride` | Fullname override of the IcingaDB deployment | `string` | `""` | -| `icingadb.resources` | Resources of the IcingaDB deployment | `map[string]string` | `{}` | -| `icingadb.nodeSelector` | Node selector of the IcingaDB deployment | `map[string]string` | `{}` | -| `icingadb.tolerations` | Tolerations of the IcingaDB deployment | `[]map[string]string` | `[]` | -| `icingadb.affinity` | Affinity of the IcingaDB deployment | `map[string]string` | `{}` | -| `icingadb.serviceAccount.create` | Whether or not to create a service account for the IcingaDB deployment | `boolean` | `false` | -| `icingadb.serviceAccount.annotations` | Annotations of the IcingaDB service account | `map[string]string` | `{}` | -| `icingadb.serviceAccount.name` | Name of the IcingaDB service account | `string` | `""` | -| `icingadb.podAnnotations` | Annotations of the IcingaDB pods | `map[string]string` | `{}` | -| `icingadb.podSecurityContext` | Security context of the IcingaDB pods | `map[string]string` | `{}` | -| `icingadb.securityContext` | Security context of the IcingaDB container | `map[string]string` | `{}` | - -### IcingaWeb2 values - -These values are used by the IcingaWeb2 sub-chart. For configuration of Icingaweb2's different **modules**, please see the section about [Icingaweb2 modules](#icingaweb2-modules). +| `icingadb.enabled` | Whether or not to deploy Icinga DB | `boolean` | `true` | +| `icingadb.image.repository` | Repository of the Icinga DB image | `string` | `icinga/icingadb` | +| `icingadb.image.tag` | Tag of the Icinga DB image | `string` | `1.1.0` | +| `icingadb.image.pullPolicy` | Pull policy of the Icinga DB image | `string` | `IfNotPresent` | +| `icingadb.imagePullSecrets` | Pull secrets of the Icinga DB image | `[]string` | `[]` | +| `icingadb.nameOverride` | Name override of the Icinga DB deployment | `string` | `""` | +| `icingadb.fullnameOverride` | Fullname override of the Icinga DB deployment | `string` | `""` | +| `icingadb.resources` | Resources of the Icinga DB deployment | `map[string]string` | `{}` | +| `icingadb.nodeSelector` | Node selector of the Icinga DB deployment | `map[string]string` | `{}` | +| `icingadb.tolerations` | Tolerations of the Icinga DB deployment | `[]map[string]string` | `[]` | +| `icingadb.affinity` | Affinity of the Icinga DB deployment | `map[string]string` | `{}` | +| `icingadb.serviceAccount.create` | Whether or not to create a service account for the Icinga DB deployment | `boolean` | `false` | +| `icingadb.serviceAccount.annotations` | Annotations of the Icinga DB service account | `map[string]string` | `{}` | +| `icingadb.serviceAccount.name` | Name of the Icinga DB service account | `string` | `""` | +| `icingadb.podAnnotations` | Annotations of the Icinga DB pods | `map[string]string` | `{}` | +| `icingadb.podSecurityContext` | Security context of the Icinga DB pods | `map[string]string` | `{}` | +| `icingadb.securityContext` | Security context of the Icinga DB container | `map[string]string` | `{}` | + +### Icinga Web values + +These values are used by the Icinga Web sub-chart. For configuration of Icinga Web's different **modules**, please see the section about [Icinga Web modules](#icinga-web-modules). | Parameter | Description | Data Type | Default | | --------- | ----------- | --------- | ------- | -| `icingaweb2.enabled` | Whether or not to deploy IcingaWeb2 | `boolean` | `true` | -| `icingaweb2.image.repository` | Repository of the IcingaWeb2 image | `string` | `icinga/icingaweb2` | -| `icingaweb2.image.tag` | Tag of the IcingaWeb2 image | `string` | `2.11.4` | -| `icingaweb2.image.pullPolicy` | Pull policy of the IcingaWeb2 image | `string` | `IfNotPresent` | -| `icingaweb2.imagePullSecrets` | Pull secrets of the IcingaWeb2 image | `[]string` | `[]` | -| `icingaweb2.nameOverride` | Name override of the IcingaWeb2 deployment | `string` | `""` | -| `icingaweb2.fullnameOverride` | Fullname override of the IcingaWeb2 deployment | `string` | `""` | -| `icingaweb2.service.type` | Type of the IcingaWeb2 service | `string` | `ClusterIP` | -| `icingaweb2.service.port` | Port of the IcingaWeb2 service | `number` | `8080` | -| `icingaweb2.ingress.enabled` | Whether or not to create an ingress for the IcingaWeb2 service | `boolean` | `false` | -| `icingaweb2.ingress.className` | Class name of the IcingaWeb2 ingress | `string` | `""` | -| `icingaweb2.ingress.annotations` | Annotations of the IcingaWeb2 ingress | `map[string]string` | `{}` | -| `icingaweb2.ingress.hosts[].host` | Host of the IcingaWeb2 ingress | `string` | **not set** | -| `icingaweb2.ingress.hosts[].paths[].path` | Path of the IcingaWeb2 ingress | `string` | `/` | -| `icingaweb2.ingress.hosts[].paths[].pathType` | Path type of the IcingaWeb2 ingress | `string` | `ImplementationSpecific` | -| `icingaweb2.ingress.tls[].hosts` | Hosts of the IcingaWeb2 ingress | `[]string` | **not set** | -| `icingaweb2.ingress.tls[].secretName` | Secret name of the IcingaWeb2 ingress | `string` | **not set** | -| `icingaweb2.auth.type` | Type of the IcingaWeb2 authentication | `string` | `db` | -| `icingaweb2.auth.admin_user` | Admin user of the IcingaWeb2 authentication | `string` | `icingaadmin` | -| `icingaweb2.auth.admin_password.value` | Admin password of the IcingaWeb2 authentication. Can be set from secret specified in `icingaweb2.auth.admin_password.credSecret` and `icingaweb2.auth.admin_password.secretKey` | `string` | **not set** | -| `icingaweb2.modules..enabled` | Whether or not to enable the IcingaWeb2 module | `boolean` | **varies** | -| `icingaweb2.resources` | Resources of the IcingaWeb2 deployment | `map[string]string` | `{}` | -| `icingaweb2.nodeSelector` | Node selector of the IcingaWeb2 deployment | `map[string]string` | `{}` | -| `icingaweb2.tolerations` | Tolerations of the IcingaWeb2 deployment | `[]map[string]string` | `[]` | -| `icingaweb2.affinity` | Affinity of the IcingaWeb2 deployment | `map[string]string` | `{}` | -| `icingaweb2.serviceAccount.create` | Whether or not to create a service account for the IcingaWeb2 deployment | `boolean` | `false` | -| `icingaweb2.serviceAccount.annotations` | Annotations of the IcingaWeb2 service account | `map[string]string` | `{}` | -| `icingaweb2.serviceAccount.name` | Name of the IcingaWeb2 service account | `string` | `""` | -| `icingaweb2.podAnnotations` | Annotations of the IcingaWeb2 pods | `map[string]string` | `{}` | -| `icingaweb2.podSecurityContext` | Security context of the IcingaWeb2 pods | `map[string]string` | `{}` | -| `icingaweb2.securityContext` | Security context of the IcingaWeb2 container | `map[string]string` | `{}` | - -## Icinga2 Features - -The feature set of Icinga2 supported by this Helmchart is **opinionated**. We deliberately chose to omit some features, either because they are listed as **deprecated** in the official documentation or just have no real use-case when run on Kubernetes. Below is a list of currently supported features, with links to the official documentation, if available: +| `icingaweb2.enabled` | Whether or not to deploy Icinga Web | `boolean` | `true` | +| `icingaweb2.image.repository` | Repository of the Icinga Web image | `string` | `icinga/icingaweb2` | +| `icingaweb2.image.tag` | Tag of the Icinga Web image | `string` | `2.11.4` | +| `icingaweb2.image.pullPolicy` | Pull policy of the Icinga Web image | `string` | `IfNotPresent` | +| `icingaweb2.imagePullSecrets` | Pull secrets of the Icinga Web image | `[]string` | `[]` | +| `icingaweb2.nameOverride` | Name override of the Icinga Web deployment | `string` | `""` | +| `icingaweb2.fullnameOverride` | Fullname override of the Icinga Web deployment | `string` | `""` | +| `icingaweb2.service.type` | Type of the Icinga Web service | `string` | `ClusterIP` | +| `icingaweb2.service.port` | Port of the Icinga Web service | `number` | `8080` | +| `icingaweb2.ingress.enabled` | Whether or not to create an ingress for the Icinga Web service | `boolean` | `false` | +| `icingaweb2.ingress.className` | Class name of the Icinga Web ingress | `string` | `""` | +| `icingaweb2.ingress.annotations` | Annotations of the Icinga Web ingress | `map[string]string` | `{}` | +| `icingaweb2.ingress.hosts[].host` | Host of the Icinga Web ingress | `string` | **not set** | +| `icingaweb2.ingress.hosts[].paths[].path` | Path of the Icinga Web ingress | `string` | `/` | +| `icingaweb2.ingress.hosts[].paths[].pathType` | Path type of the Icinga Web ingress | `string` | `ImplementationSpecific` | +| `icingaweb2.ingress.tls[].hosts` | Hosts of the Icinga Web ingress | `[]string` | **not set** | +| `icingaweb2.ingress.tls[].secretName` | Secret name of the Icinga Web ingress | `string` | **not set** | +| `icingaweb2.auth.type` | Type of the Icinga Web authentication | `string` | `db` | +| `icingaweb2.auth.admin_user` | Admin user of the Icinga Web authentication | `string` | `icingaadmin` | +| `icingaweb2.auth.admin_password.value` | Admin password of the Icinga Web authentication. Can be set from secret specified in `icingaweb2.auth.admin_password.credSecret` and `icingaweb2.auth.admin_password.secretKey` | `string` | **not set** | +| `icingaweb2.modules..enabled` | Whether or not to enable the Icinga Web module | `boolean` | **varies** | +| `icingaweb2.resources` | Resources of the Icinga Web deployment | `map[string]string` | `{}` | +| `icingaweb2.nodeSelector` | Node selector of the Icinga Web deployment | `map[string]string` | `{}` | +| `icingaweb2.tolerations` | Tolerations of the Icinga Web deployment | `[]map[string]string` | `[]` | +| `icingaweb2.affinity` | Affinity of the Icinga Web deployment | `map[string]string` | `{}` | +| `icingaweb2.serviceAccount.create` | Whether or not to create a service account for the Icinga Web deployment | `boolean` | `false` | +| `icingaweb2.serviceAccount.annotations` | Annotations of the Icinga Web service account | `map[string]string` | `{}` | +| `icingaweb2.serviceAccount.name` | Name of the Icinga Web service account | `string` | `""` | +| `icingaweb2.podAnnotations` | Annotations of the Icinga Web pods | `map[string]string` | `{}` | +| `icingaweb2.podSecurityContext` | Security context of the Icinga Web pods | `map[string]string` | `{}` | +| `icingaweb2.securityContext` | Security context of the Icinga Web container | `map[string]string` | `{}` | + +## Icinga 2 Features + +The feature set of Icinga 2 supported by this Helmchart is **opinionated**. We deliberately chose to omit some features, either because they are listed as **deprecated** in the official documentation or just have no real use-case when run on Kubernetes. Below is a list of currently supported features, with links to the official documentation, if available: - `api` [Documentation](https://icinga.com/docs/icinga-2/latest/doc/12-icinga2-api/#icinga2-api) - `checker` @@ -182,9 +182,9 @@ The feature set of Icinga2 supported by this Helmchart is **opinionated**. We de **Configuration** of these features is done via the `values.yaml` file. A **commented** version of all available values is provided with this repository. Please refer to the official documentation linked above for more information on how to configure these features. -## IcingaWeb2 Modules +## Icinga Web Modules -The module set of IcingaWeb2 supported by this Helmchart is **opinionated**. We deliberately chose to omit some modules, either because they are **deprecated** or just have no real use-case when run on Kubernetes. Below is a list of currently supported modules, with links to the official documentation, if available: +The module set of Icinga Web supported by this Helmchart is **opinionated**. We deliberately chose to omit some modules, either because they are **deprecated** or just have no real use-case when run on Kubernetes. Below is a list of currently supported modules, with links to the official documentation, if available: - `audit` [Documentation](https://github.com/icinga/icingaweb2-module-audit) - `businessprocess` [Documentation](https://icinga.com/docs/icinga-business-process-modelling/latest/doc/01-About/) @@ -195,4 +195,4 @@ The module set of IcingaWeb2 supported by this Helmchart is **opinionated**. We - `incubator` [Documentation](https://github.com/icinga/icingaweb2-module-incubator) - `x509` [Documentation](https://icinga.com/docs/icinga-certificate-monitoring/latest/doc/01-About/) -**Configuration** of these modules is done via the `values.yaml` file. A version of all available values is provided with this repository. Please refer to the official documentation linked above for more information on how to configure these features. \ No newline at end of file +**Configuration** of these modules is done via the `values.yaml` file. A version of all available values is provided with this repository. Please refer to the official documentation linked above for more information on how to configure these features. diff --git a/charts/icinga-stack/tests/global_database_statefulset_test.yaml b/charts/icinga-stack/tests/global_database_statefulset_test.yaml index 9ef6792..cad42a2 100644 --- a/charts/icinga-stack/tests/global_database_statefulset_test.yaml +++ b/charts/icinga-stack/tests/global_database_statefulset_test.yaml @@ -2,7 +2,7 @@ suite: "[Global] Internal databases for Icinga services" templates: - internal-databases.yaml tests: - # Director DB + # Director DB - it: deploys a Director database StatefulSet using values documentIndex: 0 values: @@ -81,6 +81,11 @@ tests: secretKey: username password: secretKey: password + kubernetes: + username: + value: kubernetes + password: + value: insecurekubernetespassword release: name: my-icinga asserts: @@ -129,9 +134,9 @@ tests: asserts: - failedTemplate: errorMessage: "director password not set. Set either .Values.global.databases.director.password.value or .Values.global.databases.director.credSecret and .Values.global.databases.director.password.secretKey" - - # IcingaDB DB - - it: deploys an IcingaDB database StatefulSet using values + + # Icinga DB DB + - it: deploys an Icinga DB database StatefulSet using values documentIndex: 2 values: - required_values.yaml @@ -155,7 +160,7 @@ tests: name: MARIADB_PASSWORD value: insecureicingadbpassword - - it: deploys an IcingaDB database StatefulSet using secrets + - it: deploys an Icinga DB database StatefulSet using secrets documentIndex: 2 values: - required_values_secrets.yaml @@ -184,9 +189,9 @@ tests: secretKeyRef: name: database-icingadb key: password - + # IcingaWeb DB - - it: deploys an Icingaweb2 database StatefulSet using values + - it: deploys an Icinga Web database StatefulSet using values documentIndex: 4 values: - required_values.yaml @@ -210,7 +215,7 @@ tests: name: MARIADB_PASSWORD value: insecureicingaweb2password - - it: deploys an Icingaweb2 database StatefulSet using secrets + - it: deploys an Icinga Web database StatefulSet using secrets documentIndex: 4 values: - required_values_secrets.yaml @@ -240,6 +245,31 @@ tests: name: database-icingaweb2 key: password + # Icinga Kubernetes DB + - it: deploys an Icinga Kubernetes database StatefulSet using values + documentIndex: 6 + values: + - required_values.yaml + release: + name: my-icinga + asserts: + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + - equal: + path: metadata.name + value: my-icinga-icinga-stack-kubernetes-database + - contains: + path: spec.template.spec.containers[0].env + content: + name: MARIADB_USER + value: kubernetes + - contains: + path: spec.template.spec.containers[0].env + content: + name: MARIADB_PASSWORD + value: insecurekubernetesdbpassword + # Test persistence for databases - it: deploys a PVC for a database if persistence is enabled documentIndex: 0 @@ -253,6 +283,8 @@ tests: global.databases.icingadb.password.value: insecurepassword global.databases.icingaweb2.username.value: icingaweb2 global.databases.icingaweb2.password.value: insecurepassword + global.databases.kubernetes.username.value: kubernetes + global.databases.kubernetes.password.value: insecurepassword release: name: my-icinga asserts: @@ -268,5 +300,3 @@ tests: requests: storage: 5Gi selector: null - - diff --git a/charts/icinga-stack/tests/icinga-kubernetes_clusterrole_test.yaml b/charts/icinga-stack/tests/icinga-kubernetes_clusterrole_test.yaml new file mode 100644 index 0000000..882a740 --- /dev/null +++ b/charts/icinga-stack/tests/icinga-kubernetes_clusterrole_test.yaml @@ -0,0 +1,32 @@ +suite: "[Icinga Kubernetes] ClusterRole creation" +templates: + - ../charts/icinga-kubernetes/templates/clusterrole.yaml +tests: + - it: creates a ClusterRole if enabled + values: + - required_values.yaml + set: + icinga-kubernetes: + rbac: + create: true + release: + name: my-icinga + namespace: my-namespace + asserts: + - containsDocument: + kind: ClusterRole + apiVersion: rbac.authorization.k8s.io/v1 + - equal: + path: metadata.name + value: my-icinga-icinga-kubernetes + - contains: + path: rules + content: + apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - watch + - list diff --git a/charts/icinga-stack/tests/icinga-kubernetes_clusterrolebinding_test.yaml b/charts/icinga-stack/tests/icinga-kubernetes_clusterrolebinding_test.yaml new file mode 100644 index 0000000..c13f231 --- /dev/null +++ b/charts/icinga-stack/tests/icinga-kubernetes_clusterrolebinding_test.yaml @@ -0,0 +1,37 @@ +suite: "[Icinga Kubernetes] ClusterRoleBinding creation" +templates: + - ../charts/icinga-kubernetes/templates/clusterrolebinding.yaml +tests: + - it: creates a ClusterRoleBinding if enabled + values: + - required_values.yaml + set: + icinga-kubernetes: + rbac: + create: true + release: + name: my-icinga + namespace: my-namespace + asserts: + - containsDocument: + kind: ClusterRoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + - equal: + path: metadata.name + value: my-icinga-icinga-kubernetes + - equal: + path: roleRef.apiGroup + value: rbac.authorization.k8s.io + - equal: + path: roleRef.kind + value: ClusterRole + - equal: + path: roleRef.name + value: my-icinga-icinga-kubernetes + - contains: + path: subjects + content: + kind: ServiceAccount + name: my-icinga-icinga-kubernetes + namespace: my-namespace + diff --git a/charts/icinga-stack/tests/icinga-kubernetes_serviceaccount_test.yaml b/charts/icinga-stack/tests/icinga-kubernetes_serviceaccount_test.yaml new file mode 100644 index 0000000..d51606c --- /dev/null +++ b/charts/icinga-stack/tests/icinga-kubernetes_serviceaccount_test.yaml @@ -0,0 +1,21 @@ +suite: "[Icinga Kubernetes] ServiceAccount creation" +templates: + - ../charts/icinga-kubernetes/templates/serviceaccount.yaml +tests: + - it: creates a ServiceAccount if enabled + values: + - required_values.yaml + set: + icinga-kubernetes: + serviceAccount: + create: true + release: + name: my-icinga + namespace: my-namespace + asserts: + - containsDocument: + kind: ServiceAccount + apiVersion: v1 + - equal: + path: metadata.name + value: my-icinga-icinga-kubernetes diff --git a/charts/icinga-stack/tests/icinga2_configmaps_test.yaml b/charts/icinga-stack/tests/icinga2_configmaps_test.yaml index a2004e4..59dfa1e 100644 --- a/charts/icinga-stack/tests/icinga2_configmaps_test.yaml +++ b/charts/icinga-stack/tests/icinga2_configmaps_test.yaml @@ -1,8 +1,8 @@ -suite: "[Icinga2] Configmaps" +suite: "[Icinga 2] Configmaps" templates: - ../charts/icinga2/templates/configmaps.yaml tests: - - it: Icinga2 configmap ticket_salt and api-users test + - it: Icinga 2 configmap ticket_salt and api-users test values: - required_values.yaml release: @@ -24,7 +24,7 @@ tests: pattern: password = getenv\("ICINGA_ICINGAWEB_API_PASSWORD"\) documentIndex: 0 - - it: Icinga2 configmap elasticsearch test + - it: Icinga 2 configmap elasticsearch test values: - required_values.yaml set: @@ -52,7 +52,7 @@ tests: pattern: password = getenv\("ICINGA_ELASTICSEARCH_PASSWORD"\) documentIndex: 1 - - it: Icinga2 configmap elasticsearch tls test + - it: Icinga 2 configmap elasticsearch tls test values: - required_values.yaml set: @@ -97,7 +97,7 @@ tests: pattern: key_path = "/etc/icinga2-pki/elastic/cert.key" documentIndex: 1 - - it: Icinga2 configmap elasticsearch tls failure + - it: Icinga 2 configmap elasticsearch tls failure values: - required_values.yaml set: @@ -118,7 +118,7 @@ tests: - failedTemplate: errorMessage: "Elasticsearch cert secrets not set. Set .Values.features.elasticsearch.tlsSecret, .Values.features.elasticsearch.caSecretKey, .Values.features.elasticsearch.certSecretKey and .Values.features.elasticsearch.keySecretKey" - - it: Icinga2 configmap gelf tls test + - it: Icinga 2 configmap gelf tls test values: - required_values.yaml set: @@ -150,7 +150,7 @@ tests: pattern: key_path = "/etc/icinga2-pki/gelf/cert.key" documentIndex: 1 - - it: Icinga2 configmap gelf tls failure + - it: Icinga 2 configmap gelf tls failure values: - required_values.yaml set: @@ -167,7 +167,7 @@ tests: - failedTemplate: errorMessage: "GELF cert secrets not set. Set .Values.features.gelf.tlsSecret, .Values.features.gelf.caSecretKey, .Values.features.gelf.certSecretKey and .Values.features.gelf.keySecretKey" - - it: Icinga2 configmap icingadb test without password + - it: Icinga 2 configmap icingadb test without password values: - required_values.yaml set: @@ -187,7 +187,7 @@ tests: documentIndex: 1 not: true - - it: Icinga2 configmap icingadb test with password + - it: Icinga 2 configmap icingadb test with password values: - required_values.yaml set: @@ -209,7 +209,7 @@ tests: pattern: password = getenv\("ICINGA_ICINGADB_PASSWORD"\) documentIndex: 1 - - it: Icinga2 configmap icingadb tls test + - it: Icinga 2 configmap icingadb tls test values: - required_values.yaml set: @@ -246,7 +246,7 @@ tests: pattern: crl_path = "/etc/icinga2-pki/icingadb/crl.pem" documentIndex: 1 - - it: Icinga2 configmap icingadb tls failure + - it: Icinga 2 configmap icingadb tls failure values: - required_values.yaml set: @@ -265,7 +265,7 @@ tests: - failedTemplate: errorMessage: "icingadb cert secrets not set. Set .Values.features.icingadb.tlsSecret, .Values.features.icingadb.caSecretKey, .Values.features.icingadb.certSecretKey, .Values.features.icingadb.keySecretKey and .Values.features.icingadb.crlSecretKey" - - it: Icinga2 configmap influxdb2 ssl test + - it: Icinga 2 configmap influxdb2 ssl test values: - required_values.yaml set: @@ -297,7 +297,7 @@ tests: pattern: ssl_key = "/etc/icinga2-pki/influxdb2/cert.key" documentIndex: 1 - - it: Icinga2 configmap influxdb2 tls failure + - it: Icinga 2 configmap influxdb2 tls failure values: - required_values.yaml set: @@ -316,7 +316,7 @@ tests: - failedTemplate: errorMessage: "influxdb2 cert secrets not set. Set .Values.features.influxdb2.tlsSecret, .Values.features.influxdb2.caSecretKey, .Values.features.influxdb2.certSecretKey and .Values.features.influxdb2.keySecretKey" - - it: Icinga2 configmap influxdb ssl test + - it: Icinga 2 configmap influxdb ssl test values: - required_values.yaml set: @@ -348,7 +348,7 @@ tests: pattern: ssl_key = "/etc/icinga2-pki/influxdb/cert.key" documentIndex: 1 - - it: Icinga2 configmap influxdb tls failure + - it: Icinga 2 configmap influxdb tls failure values: - required_values.yaml set: @@ -367,7 +367,7 @@ tests: - failedTemplate: errorMessage: "influxdb cert secrets not set. Set .Values.features.influxdb.tlsSecret, .Values.features.influxdb.caSecretKey, .Values.features.influxdb.certSecretKey and .Values.features.influxdb.keySecretKey" - - it: Icinga2 configmap influxdb2 test + - it: Icinga 2 configmap influxdb2 test values: - required_values.yaml set: @@ -389,7 +389,7 @@ tests: pattern: auth_token = getenv\("ICINGA_INFLUXDB2_AUTH_TOKEN"\) documentIndex: 1 - - it: Icinga2 configmap influxdb credentials from secret + - it: Icinga 2 configmap influxdb credentials from secret values: - required_values.yaml set: @@ -417,7 +417,7 @@ tests: pattern: password = getenv\("ICINGA_INFLUXDB_PASSWORD"\) documentIndex: 1 - - it: Icinga2 configmap influxdb credentials from value + - it: Icinga 2 configmap influxdb credentials from value values: - required_values.yaml set: @@ -444,7 +444,7 @@ tests: pattern: password = getenv\("ICINGA_INFLUXDB_PASSWORD"\) documentIndex: 1 - - it: Icinga2 configmap influxdb basic auth credentials from secret + - it: Icinga 2 configmap influxdb basic auth credentials from secret values: - required_values.yaml set: diff --git a/charts/icinga-stack/tests/icinga2_ingress_test.yaml b/charts/icinga-stack/tests/icinga2_ingress_test.yaml index 1f24990..b1b3282 100644 --- a/charts/icinga-stack/tests/icinga2_ingress_test.yaml +++ b/charts/icinga-stack/tests/icinga2_ingress_test.yaml @@ -1,4 +1,4 @@ -suite: "[Icinga2] Ingress creation" +suite: "[Icinga 2] Ingress creation" templates: - ../charts/icinga2/templates/ingress.yaml tests: @@ -33,4 +33,4 @@ tests: service: name: my-icinga-icinga2 port: - number: 5665 \ No newline at end of file + number: 5665 diff --git a/charts/icinga-stack/tests/icinga2_statefulset_test.yaml b/charts/icinga-stack/tests/icinga2_statefulset_test.yaml index 3f33f01..0add446 100644 --- a/charts/icinga-stack/tests/icinga2_statefulset_test.yaml +++ b/charts/icinga-stack/tests/icinga2_statefulset_test.yaml @@ -1,8 +1,8 @@ -suite: "[Icinga2] StatefulSet" +suite: "[Icinga 2] StatefulSet" templates: - ../charts/icinga2/templates/statefulset.yaml tests: - - it: deploys an Icinga2 StatefulSet without persistence and with ticket_salt provided as value + - it: deploys an Icinga 2 StatefulSet without persistence and with ticket_salt provided as value values: - required_values.yaml release: @@ -53,7 +53,7 @@ tests: name: ICINGA_ICINGAWEB_API_PASSWORD value: "icingaweb-insecurepassword" - - it: deploys an Icinga2 StatefulSet without persistence and with ticket_salt provided as secret + - it: deploys an Icinga 2 StatefulSet without persistence and with ticket_salt provided as secret values: - required_values_secrets.yaml release: @@ -122,7 +122,7 @@ tests: name: "api-users" key: "icingaweb-password" - - it: failed deployment of Icinga2 StatefulSet due to partial secret definition + - it: failed deployment of Icinga 2 StatefulSet due to partial secret definition values: - required_values_secrets.yaml set: @@ -141,7 +141,7 @@ tests: - failedTemplate: errorMessage: "director api user password not set. Set either .Values.global.api.users.director.password.value or .Values.global.api.users.credSecret and .Values.global.api.users.director.password.secretKey" - - it: deploys an Icinga2 StatefulSet with persistence + - it: deploys an Icinga 2 StatefulSet with persistence values: - required_values.yaml set: @@ -176,7 +176,7 @@ tests: emptyDir: {} any: true - - it: failed deployment of an Icinga2 StatefulSet due to missing ticket_salt + - it: failed deployment of an Icinga 2 StatefulSet due to missing ticket_salt values: - required_values.yaml set: @@ -189,7 +189,7 @@ tests: - failedTemplate: errorMessage: "Icinga TicketSalt not set. Either set .Values.config.ticket_salt.value or .Values.config.ticket_salt.credSecret and .Values.config.ticket_salt.secretKey" - - it: deploys an Icinga2 StatefulSet with elasticsearch values + - it: deploys an Icinga 2 StatefulSet with elasticsearch values values: - required_values.yaml set: @@ -232,7 +232,7 @@ tests: name: ICINGA_ELASTICSEARCH_PASSWORD value: "elastic-password" - - it: deploys an Icinga2 StatefulSet with elasticsearch secrets + - it: deploys an Icinga 2 StatefulSet with elasticsearch secrets values: - required_values.yaml set: @@ -282,7 +282,7 @@ tests: name: "icinga-elasticsearch" key: "elastic-password" - - it: deploys an Icinga2 StatefulSet with elasticsearch secrets with tls + - it: deploys an Icinga 2 StatefulSet with elasticsearch secrets with tls values: - required_values.yaml set: @@ -356,7 +356,7 @@ tests: - key: "elastic-key-key" path: "cert.key" - - it: deploys an Icinga2 StatefulSet with gelf secrets with tls + - it: deploys an Icinga 2 StatefulSet with gelf secrets with tls values: - required_values.yaml set: @@ -409,7 +409,7 @@ tests: - key: "gelf-key-key" path: "cert.key" - - it: deploys an Icinga2 StatefulSet with icingadb password value + - it: deploys an Icinga 2 StatefulSet with icingadb password value values: - required_values.yaml set: @@ -443,7 +443,7 @@ tests: name: ICINGA_ICINGADB_PASSWORD value: "icingadb-password" - - it: deploys an Icinga2 StatefulSet with icingadb secrets with tls + - it: deploys an Icinga 2 StatefulSet with icingadb secrets with tls values: - required_values.yaml set: @@ -510,7 +510,7 @@ tests: - key: "icingadb-crl-key" path: "crl.pem" - - it: deploys an Icinga2 StatefulSet with influxdb2 values + - it: deploys an Icinga 2 StatefulSet with influxdb2 values values: - required_values.yaml set: @@ -546,7 +546,7 @@ tests: name: ICINGA_INFLUXDB2_AUTH_TOKEN value: "influxdb2_auth_token" - - it: deploys an Icinga2 StatefulSet with influxdb2 secrets + - it: deploys an Icinga 2 StatefulSet with influxdb2 secrets values: - required_values.yaml set: @@ -586,7 +586,7 @@ tests: name: "icinga-influxdb2" key: "authToken" - - it: deploys an Icinga2 StatefulSet with influxdb2 secrets with ssl + - it: deploys an Icinga 2 StatefulSet with influxdb2 secrets with ssl values: - required_values.yaml set: @@ -651,7 +651,7 @@ tests: - key: "influxdb2-key-key" path: "cert.key" - - it: failed deployment of an Icinga2 StatefulSet with influxdb2 due to missing auth_token + - it: failed deployment of an Icinga 2 StatefulSet with influxdb2 due to missing auth_token values: - required_values.yaml set: @@ -668,7 +668,7 @@ tests: - failedTemplate: errorMessage: "Icinga InfluxDB2 auth_token not set. Either set .Values.features.influxdb2.auth_token.value or .Values.features.influxdb2.credSecret and .Values.features.influxdb2.auth_token.secretKey" - - it: deploys an Icinga2 StatefulSet with influxdb values + - it: deploys an Icinga 2 StatefulSet with influxdb values values: - required_values.yaml set: @@ -726,7 +726,7 @@ tests: name: ICINGA_INFLUXDB_BASIC_AUTH_PASSWORD value: "influxdb-basic-auth-password" - - it: deploys an Icinga2 StatefulSet with influxdb secrets + - it: deploys an Icinga 2 StatefulSet with influxdb secrets values: - required_values.yaml set: @@ -797,7 +797,7 @@ tests: name: "icinga-influxdb" key: "basic-auth-password" - - it: deploys an Icinga2 StatefulSet with influxdb secrets with ssl + - it: deploys an Icinga 2 StatefulSet with influxdb secrets with ssl values: - required_values.yaml set: @@ -892,7 +892,7 @@ tests: - key: "influxdb-key-key" path: "cert.key" - - it: deploys an Icinga2 StatefulSet with extra environment variables + - it: deploys an Icinga 2 StatefulSet with extra environment variables values: - required_values.yaml set: diff --git a/charts/icinga-stack/tests/icingadb_deployment_test.yaml b/charts/icinga-stack/tests/icingadb_deployment_test.yaml index 1f7610c..b2e3356 100644 --- a/charts/icinga-stack/tests/icingadb_deployment_test.yaml +++ b/charts/icinga-stack/tests/icingadb_deployment_test.yaml @@ -1,8 +1,8 @@ -suite: "[IcingaDB] Deployment" +suite: "[Icinga DB] Deployment" templates: - ../charts/icingadb/templates/deployment.yaml tests: - - it: deploys an IcingaDB deployment + - it: deploys an Icinga DB deployment values: - required_values.yaml release: @@ -15,7 +15,7 @@ tests: path: metadata.name value: my-icinga-icingadb - - it: deploys an IcingaDB deployment using values + - it: deploys an Icinga DB deployment using values values: - required_values.yaml release: @@ -38,7 +38,7 @@ tests: name: ICINGADB_DATABASE_PASSWORD value: insecureicingadbpassword - - it: deploys an IcingaDB deployment using secrets + - it: deploys an Icinga DB deployment using secrets values: - required_values_secrets.yaml release: @@ -67,7 +67,7 @@ tests: name: database-icingadb key: password - - it: deploys an IcingaDB deployment with extra environment variables + - it: deploys an Icinga DB deployment with extra environment variables values: - required_values.yaml set: diff --git a/charts/icinga-stack/tests/icingaweb2_deployment_test.yaml b/charts/icinga-stack/tests/icingaweb2_deployment_test.yaml index 21254ae..0d72d7d 100644 --- a/charts/icinga-stack/tests/icingaweb2_deployment_test.yaml +++ b/charts/icinga-stack/tests/icingaweb2_deployment_test.yaml @@ -1,8 +1,8 @@ -suite: "[Icingaweb2] Deployment" +suite: "[Icinga Web] Deployment" templates: - ../charts/icingaweb2/templates/deployment.yaml tests: - - it: deploys an Icingaweb2 deployment with minimal configuration + - it: deploys an Icinga Web deployment with minimal configuration values: - required_values.yaml release: @@ -26,7 +26,7 @@ tests: name: icingaweb.passwords.icingaweb2.icingaadmin value: insecurepassword - - it: deploys an Icingaweb2 deployment with additional modules + - it: deploys an Icinga Web deployment with additional modules values: - required_values.yaml set: @@ -53,7 +53,7 @@ tests: value: director,icingadb,incubator,x509, any: true - - it: deploys an Icingaweb2 deployment with minimal configuration using secrets + - it: deploys an Icinga Web deployment with minimal configuration using secrets values: - required_values_secrets.yaml release: @@ -80,7 +80,7 @@ tests: name: icingaweb2-secret key: admin_password - - it: deploys an Icingaweb2 deployment with graphite + - it: deploys an Icinga Web deployment with graphite values: - required_values.yaml set: @@ -107,7 +107,7 @@ tests: value: director,graphite,icingadb,incubator, any: true - - it: deploys an Icingaweb2 deployment with graphite, user/password from value + - it: deploys an Icinga Web deployment with graphite, user/password from value values: - required_values.yaml set: @@ -143,7 +143,7 @@ tests: name: icingaweb.modules.graphite.config.graphite.password value: graphite-password - - it: deploys an Icingaweb2 deployment with graphite, user/password from secret + - it: deploys an Icinga Web deployment with graphite, user/password from secret values: - required_values.yaml set: @@ -186,7 +186,7 @@ tests: name: graphite-secret key: graphite-password - - it: failed deployment of Icingaweb2 due to partial secret definition + - it: failed deployment of Icinga Web due to partial secret definition values: - required_values_secrets.yaml set: diff --git a/charts/icinga-stack/tests/icingaweb2_ingress_test.yaml b/charts/icinga-stack/tests/icingaweb2_ingress_test.yaml index 691877e..01a863f 100644 --- a/charts/icinga-stack/tests/icingaweb2_ingress_test.yaml +++ b/charts/icinga-stack/tests/icingaweb2_ingress_test.yaml @@ -1,4 +1,4 @@ -suite: "[Icingaweb2] Ingress creation" +suite: "[Icinga Web] Ingress creation" templates: - ../charts/icingaweb2/templates/ingress.yaml tests: @@ -34,4 +34,4 @@ tests: service: name: my-icinga-icingaweb2 port: - number: 8080 \ No newline at end of file + number: 8080 diff --git a/charts/icinga-stack/tests/required_values.yaml b/charts/icinga-stack/tests/required_values.yaml index b825235..6f501ff 100644 --- a/charts/icinga-stack/tests/required_values.yaml +++ b/charts/icinga-stack/tests/required_values.yaml @@ -32,3 +32,8 @@ global: value: icingadb password: value: insecureicingadbpassword + kubernetes: + username: + value: kubernetes + password: + value: insecurekubernetesdbpassword diff --git a/charts/icinga-stack/tests/required_values_secrets.yaml b/charts/icinga-stack/tests/required_values_secrets.yaml index 48c7e24..09e9fa9 100644 --- a/charts/icinga-stack/tests/required_values_secrets.yaml +++ b/charts/icinga-stack/tests/required_values_secrets.yaml @@ -39,3 +39,9 @@ global: secretKey: username password: secretKey: password + kubernetes: + credSecret: not-yet-supported + username: + secretKey: username + password: + secretKey: password diff --git a/charts/icinga-stack/values.yaml b/charts/icinga-stack/values.yaml index a802832..1f35613 100644 --- a/charts/icinga-stack/values.yaml +++ b/charts/icinga-stack/values.yaml @@ -38,9 +38,9 @@ icinga2: disable_confd: true features: - # The features are configured as described in the official documentation + # The features are configured as described in the official documentation # at https://icinga.com/docs/icinga-2/latest/doc/09-object-types/#features - # Only some features are enabled by default; Some features are missing, for more information + # Only some features are enabled by default; Some features are missing, for more information # see this project's README.md # `Optional` settings for each features are commented out, all other settings are required when enabling # a feature. @@ -59,7 +59,7 @@ icinga2: # acl_allow_origin: # - example.com # - agent1.example.com - # environment: "" + # environment: "" # For configuration information see https://icinga.com/docs/icinga-2/latest/doc/09-object-types/#checkercomponent checker: @@ -125,7 +125,7 @@ icinga2: enabled: true # credSecret: # used for credentials # tlsSecret: # used for certificates - # password: + # password: # value: password # Specify password # secretKey: password # Or use existing secret # enable_tls: false @@ -365,8 +365,8 @@ icingaweb2: image: repository: icinga/icingaweb2 - tag: 2.11.4 - pullPolicy: IfNotPresent + tag: 2.12.1 + pullPolicy: Always imagePullSecrets: [] nameOverride: "" @@ -496,9 +496,23 @@ icingaweb2: extraEnvVars: [] +icinga-kubernetes: + enabled: true + + image: + repository: icinga/icinga-kubernetes + tag: edge + pullPolicy: Always + + rbac: + create: true + + serviceAccount: + create: true + global: api: - # host: # only needed if Icinga2 runs out of cluster + # host: # only needed if Icinga 2 runs out of cluster port: 5665 users: credSecret: # Existing secret for director and icingaweb password @@ -564,7 +578,7 @@ global: icingaweb2: database: icingaweb2db credSecret: # Existing secret name for username and password - username: + username: value: # Set username secretKey: # Or specify secret key password: @@ -586,7 +600,7 @@ global: x509: database: x509db credSecret: # Existing secret name for username and password - username: + username: value: # Set username secretKey: # Or specify secret key password: @@ -605,6 +619,29 @@ global: matchLabels: {} matchExpressions: [] + kubernetes: + # Note that using secrets is not yet supported for Icinga Kubernetes. + database: kubernetes + credSecret: # Existing secret name for username and password + username: + value: # Set username + secretKey: # Or specify secret key + password: + value: # Add a password here + secretKey: # Or specify secret key + enabled: true + # host: mariadb.example.com + # port: 3306 + persistence: + enabled: false + size: 5Gi + accessMode: ReadWriteOnce + # storageClass: "" + # volumeName: "" + # subPath: "" + matchLabels: {} + matchExpressions: [] + redis: enabled: true # host: redis.example.com