diff --git a/CHANGELOG.md b/CHANGELOG.md index e4d69ec27..861daa0e2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,9 +11,8 @@ - Enabled AOF persistence by default for data durability - add CounterBasedGauge64 and ZeroBasedCounter64 as metrics types -### Fixed +### Fixes - fix problem with service rendering when `traps.service.usemetallb` is set to false -- fix reusing the snmp engine for snmpv3 calls ## [1.14.1] - update mongodb volumePermission image repository to `bitnamileagcy` diff --git a/Dockerfile b/Dockerfile index c66bba577..a14783df8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,7 +26,7 @@ RUN mkdir /.pysnmp && chown 10001:10001 /.pysnmp RUN chown 10001:10001 /tmp COPY --from=builder /app/.venv /app/.venv COPY entrypoint.sh /app/entrypoint.sh -COPY construct-redis-url.sh /app/construct-redis-url.sh -RUN chmod +x /app/construct-redis-url.sh /app/entrypoint.sh +COPY construct-connection-strings.sh /app/construct-connection-strings.sh +RUN chmod +x /app/construct-connection-strings.sh /app/entrypoint.sh USER 10001:10001 ENTRYPOINT ["/app/entrypoint.sh"] diff --git a/charts/splunk-connect-for-snmp/Chart.lock b/charts/splunk-connect-for-snmp/Chart.lock index d10a549b7..372acdbf0 100644 --- a/charts/splunk-connect-for-snmp/Chart.lock +++ b/charts/splunk-connect-for-snmp/Chart.lock @@ -1,7 +1,4 @@ dependencies: -- name: mongodb - repository: https://charts.bitnami.com/bitnami - version: 15.6.26 - name: mibserver repository: https://pysnmp.github.io/mibs/charts/ version: 1.15.29 diff --git a/charts/splunk-connect-for-snmp/Chart.yaml b/charts/splunk-connect-for-snmp/Chart.yaml index 7d0adce29..f4bdbdba8 100644 --- a/charts/splunk-connect-for-snmp/Chart.yaml +++ b/charts/splunk-connect-for-snmp/Chart.yaml @@ -14,17 +14,14 @@ type: application # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.14.2-beta.6 +version: 1.14.2-beta.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.14.2-beta.6" +appVersion: "1.14.2-beta.7" # dependencies: - - name: mongodb - version: ~15.6.0 - repository: https://charts.bitnami.com/bitnami - name: mibserver version: ~1.15 repository: https://pysnmp.github.io/mibs/charts/ diff --git a/charts/splunk-connect-for-snmp/templates/_helpers.tpl b/charts/splunk-connect-for-snmp/templates/_helpers.tpl index 272726007..c7b687dd2 100644 --- a/charts/splunk-connect-for-snmp/templates/_helpers.tpl +++ b/charts/splunk-connect-for-snmp/templates/_helpers.tpl @@ -1,5 +1,5 @@ {{- define "splunk-connect-for-snmp.mongo_uri" -}} -{{- if eq .Values.mongodb.architecture "replicaset" }} +{{- if eq .Values.mongodb.architecture "replication" }} {{- printf "mongodb+srv://%s-mongodb-headless.%s.svc.%s/?tls=false&ssl=false&replicaSet=rs0" .Release.Name .Release.Namespace .Values.mongodb.clusterDomain}} {{- else }} {{- printf "mongodb://%s-mongodb:27017" .Release.Name }} @@ -110,7 +110,7 @@ Generate Redis environment variables for application pods - name: NAMESPACE value: {{ .Release.Namespace }} - name: REDIS_SENTINEL_REPLICAS - value: {{ .Values.redis.sentinel.replicas | quote }} + value: {{ .Values.redis.sentinel.replicaCount | quote }} - name: REDIS_SENTINEL_PORT value: "26379" - name: REDIS_MASTER_NAME @@ -153,4 +153,69 @@ checksum/redis-config: {{ include (print $.Template.BasePath "/redis/redis-confi {{- if .Values.redis.auth.enabled }} checksum/redis-secret: {{ include (print $.Template.BasePath "/redis/redis-secret.yaml") . | sha256sum }} {{- end -}} +{{- end -}} + + +{{- define "splunk-connect-for-snmp.mongodb-auth" -}} +{{- if .Values.mongodb.auth.existingSecret }} +- name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.mongodb.auth.existingSecret }} + key: {{ .Values.mongodb.auth.rootUserKey | quote | default "root-user" }} +- name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.mongodb.auth.existingSecret }} + key: {{ .Values.mongodb.auth.rootPasswordKey | quote | default "root-password" }} +{{- else -}} +- name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-mongodb-secret + key: root-user +- name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-mongodb-secret + key: root-password +{{- end -}} +{{- end -}} + + +{{/* +MongoDB environment variables - one helper to rule them all +*/}} +{{- define "splunk-connect-for-snmp.mongodb-env" -}} +{{- if .Values.mongodb.auth.enabled }} +{{- include "splunk-connect-for-snmp.mongodb-auth" . -}} +{{- end }} +- name: MONGODB_MODE + value: {{ .Values.mongodb.mode | default "standalone" | quote }} +- name: MONGODB_AUTH_SOURCE + value: "admin" +- name: MONGODB_DATABASE + value: {{ .Values.mongodb.database | default "sc4snmp" | quote }} +{{- if eq .Values.mongodb.mode "replication" }} +- name: MONGODB_HOST + value: {{ include "splunk-connect-for-snmp.mongodb.replication.hosts" . | quote }} +- name: MONGODB_REPLICA_SET + value: {{ .Values.mongodb.replicaSetName | default "rs0" | quote }} +{{- else }} +- name: MONGODB_HOST + value: {{ .Release.Name }}-mongodb-0.{{ .Release.Name }}-mongodb +- name: MONGODB_PORT + value: "27017" +{{- end -}} +{{- end -}} + +{{/* +MongoDB replica set hosts (comma-separated) +*/}} +{{- define "splunk-connect-for-snmp.mongodb.replication.hosts" -}} +{{- $hosts := list -}} +{{- range $i := until (int (.Values.mongodb.replicaCount | default 3)) -}} + {{- $hosts = append $hosts (printf "%s-mongodb-%d.%s-mongodb-headless.%s.svc.cluster.local:27017" $.Release.Name $i $.Release.Name $.Release.Namespace ) -}} +{{- end -}} +{{- join "," $hosts -}} {{- end -}} \ No newline at end of file diff --git a/charts/splunk-connect-for-snmp/templates/inventory/job.yaml b/charts/splunk-connect-for-snmp/templates/inventory/job.yaml index 05e81d93f..3cc2b2b8c 100644 --- a/charts/splunk-connect-for-snmp/templates/inventory/job.yaml +++ b/charts/splunk-connect-for-snmp/templates/inventory/job.yaml @@ -31,10 +31,9 @@ spec: - name: CONFIG_PATH value: /app/config/config.yaml {{- include "splunk-connect-for-snmp.redis-env" . | nindent 10 }} + {{- include "splunk-connect-for-snmp.mongodb-env" . | nindent 10 }} - name: INVENTORY_PATH value: /app/inventory/inventory.csv - - name: MONGO_URI - value: {{ include "splunk-connect-for-snmp.mongo_uri" . }} - name: MIB_SOURCES value: "http://{{ printf "%s-%s" .Release.Name "mibserver" }}/asn1/@mib@" - name: MIB_INDEX diff --git a/charts/splunk-connect-for-snmp/templates/mongodb-6.0-upgrade-job.yaml b/charts/splunk-connect-for-snmp/templates/mongodb-6.0-upgrade-job.yaml deleted file mode 100644 index fd620bbc5..000000000 --- a/charts/splunk-connect-for-snmp/templates/mongodb-6.0-upgrade-job.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- $configMapName := printf "%s-config" (include "splunk-connect-for-snmp.name" .) }} -{{- $existingRelease := (lookup "v1" "ConfigMap" .Release.Namespace $configMapName) }} -{{- if $existingRelease }} -apiVersion: batch/v1 -kind: Job -metadata: - name: mongo-fcv-upgrade-to-6 - annotations: - "helm.sh/hook": pre-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - backoffLimit: 1 - ttlSecondsAfterFinished: 60 - template: - spec: - containers: - - name: mongo-fcv-check - image: {{- if .Values.mongodb.image.registry }} - {{ .Values.mongodb.image.registry }}/{{ .Values.mongodb.image.repository }}:{{ .Values.mongodb.image.tag }} - {{- else }} - {{ .Values.mongodb.image.repository }}:{{ .Values.mongodb.image.tag }} - {{- end }} - command: - - /bin/bash - - -c - - | - echo "Checking current mongo FCV" - FCV=$(mongosh --host {{ include "splunk-connect-for-snmp.mongodbHost" . | quote }} --quiet --eval 'db.adminCommand({ getParameter: 1, featureCompatibilityVersion: 1 }).featureCompatibilityVersion.version') - echo "Current Mongo Feature Compatibility Version: $FCV" - - if [[ "$FCV" < "6.0" ]]; then - echo "FCV < 6.0, setting to 6.0" - mongosh --host {{ include "splunk-connect-for-snmp.mongodbHost" . | quote }} --eval 'db.adminCommand({ setFeatureCompatibilityVersion: "6.0" })' - else - echo "FCV >= 6.0, nothing to be changed" - fi - restartPolicy: Never -{{- end }} \ No newline at end of file diff --git a/charts/splunk-connect-for-snmp/templates/mongodb/mongod-secret-replicaKey.yaml b/charts/splunk-connect-for-snmp/templates/mongodb/mongod-secret-replicaKey.yaml new file mode 100644 index 000000000..a4c223dfc --- /dev/null +++ b/charts/splunk-connect-for-snmp/templates/mongodb/mongod-secret-replicaKey.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.mongodb.auth.enabled (eq .Values.mongodb.mode "replication") (not .Values.mongodb.auth.existingReplicaKeySecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-mongodb-replicakey + labels: + app: {{ .Release.Name }}-mongodb +type: Opaque +data: + replica-key: {{ randAlphaNum 64 | b64enc | quote }} +{{- end }} \ No newline at end of file diff --git a/charts/splunk-connect-for-snmp/templates/mongodb/mongodb-ha-statefulset.yaml b/charts/splunk-connect-for-snmp/templates/mongodb/mongodb-ha-statefulset.yaml new file mode 100644 index 000000000..449883cd8 --- /dev/null +++ b/charts/splunk-connect-for-snmp/templates/mongodb/mongodb-ha-statefulset.yaml @@ -0,0 +1,176 @@ +{{- if eq .Values.mongodb.mode "replication" }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ .Release.Name }}-mongodb + labels: + app: {{ .Release.Name }}-mongodb + mode: replication +spec: + serviceName: {{ .Release.Name }}-mongodb-headless + replicas: {{ .Values.mongodb.replicaCount | default 3 }} + selector: + matchLabels: + app: {{ .Release.Name }}-mongodb + template: + metadata: + labels: + app: {{ .Release.Name }}-mongodb + mode: replication + spec: + {{- with .Values.mongodb.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app: {{ .Release.Name }}-mongodb + topologyKey: kubernetes.io/hostname + + initContainers: + {{- if .Values.mongodb.initPermissions }} + - name: init-permissions + image: busybox:1.36 + command: ["sh", "-c", "mkdir -p /data/db && chown -R 999:999 /data/db && chmod -R 755 /data/db"] + volumeMounts: + - name: data + mountPath: /data/db + securityContext: + runAsUser: 0 + {{- end }} + + {{- if .Values.mongodb.auth.enabled }} + - name: keyfile-setup + image: busybox:1.36 + command: ["sh", "-c", "cp /tmp/keyfile/replica-key /keyfile/replica-key && chmod 400 /keyfile/replica-key && chown 999:999 /keyfile/replica-key"] + volumeMounts: + - name: keyfile-tmp + mountPath: /tmp/keyfile + - name: keyfile + mountPath: /keyfile + securityContext: + runAsUser: 0 + {{- end }} + + containers: + - name: mongodb + image: "{{ .Values.mongodb.image.repository }}:{{ .Values.mongodb.image.tag }}" + imagePullPolicy: {{ .Values.mongodb.image.pullPolicy | default "IfNotPresent" }} + + {{- with .Values.mongodb.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + + args: + - --replSet + - {{ .Values.mongodb.replicaSetName | default "rs0" }} + {{- if .Values.mongodb.auth.enabled }} + - --keyFile + - /etc/keyfile/replica-key + {{- end }} + + ports: + - containerPort: 27017 + name: mongodb + + {{- if .Values.mongodb.auth.enabled }} + env: + {{- if .Values.mongodb.auth.existingSecret }} + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.mongodb.auth.existingSecret }} + key: {{ .Values.mongodb.auth.rootUserKey | default "root-user" }} + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.mongodb.auth.existingSecret }} + key: {{ .Values.mongodb.auth.rootPasswordKey | default "root-password" }} + {{- else }} + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-mongodb-secret + key: root-user + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-mongodb-secret + key: root-password + {{- end }} + {{- end }} + + volumeMounts: + - name: data + mountPath: /data/db + {{- if .Values.mongodb.auth.enabled }} + - name: keyfile + mountPath: /etc/keyfile + readOnly: true + {{- end }} + + {{- with .Values.mongodb.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + {{- if .Values.mongodb.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: {{ .Values.mongodb.livenessProbe.initialDelaySeconds | default 30 }} + periodSeconds: {{ .Values.mongodb.livenessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.mongodb.livenessProbe.timeoutSeconds | default 5 }} + failureThreshold: {{ .Values.mongodb.livenessProbe.failureThreshold | default 3 }} + {{- end }} + + {{- if .Values.mongodb.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: {{ .Values.mongodb.readinessProbe.initialDelaySeconds | default 5 }} + periodSeconds: {{ .Values.mongodb.readinessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.mongodb.readinessProbe.timeoutSeconds | default 5 }} + failureThreshold: {{ .Values.mongodb.readinessProbe.failureThreshold | default 3 }} + {{- end }} + + volumes: + {{- if .Values.mongodb.auth.enabled }} + - name: keyfile-tmp + secret: + secretName: {{ .Release.Name }}-mongodb-replicakey + items: + - key: replica-key + path: replica-key + - name: keyfile + emptyDir: {} + {{- end }} + + {{- if .Values.mongodb.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - {{ .Values.mongodb.persistence.accessMode | default "ReadWriteOnce" }} + {{- if .Values.mongodb.persistence.storageClassName }} + storageClassName: {{ .Values.mongodb.persistence.storageClassName }} + {{- end }} + resources: + requests: + storage: {{ .Values.mongodb.persistence.size | default "10Gi" }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/splunk-connect-for-snmp/templates/mongodb/mongodb-init-rs-job.yaml b/charts/splunk-connect-for-snmp/templates/mongodb/mongodb-init-rs-job.yaml new file mode 100644 index 000000000..6ba7725e0 --- /dev/null +++ b/charts/splunk-connect-for-snmp/templates/mongodb/mongodb-init-rs-job.yaml @@ -0,0 +1,97 @@ +{{- if eq .Values.mongodb.mode "replication" }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Release.Name }}-mongodb-init-rs + labels: + app: {{ .Release.Name }}-mongodb-init +spec: + backoffLimit: 10 + ttlSecondsAfterFinished: 600 + template: + spec: + restartPolicy: OnFailure + serviceAccountName: {{ .Release.Name }}-mongodb-init-sa + containers: + - name: init-replicaset + image: {{ .Values.mongodb.replicaInitJob.image.repository | default "alpine/kubectl" }}:{{ .Values.mongodb.replicaInitJob.image.tag | default "1.34.2" }} + command: + - sh + - -c + - | + set -e + + echo "==========================================" + echo " MongoDB Replica Set Initialization" + echo "==========================================" + echo "" + + echo "Waiting for all {{ .Values.mongodb.replicaCount }} pods to be ready..." + {{- range $i := until (int .Values.mongodb.replicaCount) }} + kubectl wait --for=condition=ready pod/{{ $.Release.Name }}-mongodb-{{ $i }} --timeout={{ $.Values.mongodb.replicaInitJob.timeout | quote }}s + echo " ✅ Pod {{ $i }} ready" + {{- end }} + + {{- range $i := until (int .Values.mongodb.replicaCount) }} + echo "Waiting for DNS entry for pod {{ $i }}..." + for retry in $(seq 1 30); do + if getent hosts {{ $.Release.Name }}-mongodb-{{ $i }}.{{ $.Release.Name }}-mongodb-headless >/dev/null 2>&1; then + echo " DNS resolved for pod {{ $i }}" + break + fi + + if [ "$retry" -eq 30 ]; then + echo "❌ DNS still not ready for pod {{ $i }}" + exit 1 + fi + + sleep 2 + done + {{- end }} + + echo "Checking replica set status..." + RS_STATUS=$(kubectl exec {{ .Release.Name }}-mongodb-0 -- mongosh \ + {{- if .Values.mongodb.auth.enabled }} + -u "$MONGODB_USERNAME" -p "$MONGODB_PASSWORD" --authenticationDatabase admin \ + {{- end }} + --quiet --eval "try { rs.status().ok } catch(e) { 0 }" 2>/dev/null | tail -1) + + if [ "$RS_STATUS" = "1" ]; then + echo "✅ Already initialized" + exit 0 + fi + + echo "Initializing replica set..." + kubectl exec {{ .Release.Name }}-mongodb-0 -- mongosh \ + {{- if .Values.mongodb.auth.enabled }} + -u "$MONGODB_USERNAME" -p "$MONGODB_PASSWORD" --authenticationDatabase admin \ + {{- end }} + --eval "rs.initiate({_id:'{{ .Values.mongodb.replicaSetName }}',members:[{{- range $i := until (int .Values.mongodb.replicaCount) }}{_id:{{ $i }},host:'{{ $.Release.Name }}-mongodb-{{ $i }}.{{ $.Release.Name }}-mongodb-headless:27017'}{{ if ne $i (sub (int $.Values.mongodb.replicaCount) 1) }},{{- end }}{{- end }}]})" || echo "Init completed" + + echo "" + echo "Waiting 15s for PRIMARY election..." + sleep 15 + + echo "" + kubectl exec {{ .Release.Name }}-mongodb-0 -- mongosh \ + {{- if .Values.mongodb.auth.enabled }} + -u "$MONGODB_USERNAME" -p "$MONGODB_PASSWORD" --authenticationDatabase admin \ + {{- end }} + --quiet --eval "rs.status().members.forEach(m => print(m.name + ': ' + m.stateStr))" || true + + echo "" + echo "✅ Initialization complete" + + {{- if .Values.mongodb.auth.enabled }} + env: + {{ include "splunk-connect-for-snmp.mongodb-auth" . | nindent 10}} + {{- end }} + + resources: + requests: + memory: "128Mi" + cpu: "50m" + limits: + memory: "256Mi" + cpu: "100m" +{{- end }} \ No newline at end of file diff --git a/charts/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml b/charts/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml new file mode 100644 index 000000000..fb50355a9 --- /dev/null +++ b/charts/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml @@ -0,0 +1,13 @@ +{{- if and ( not .Values.mongodb.auth.existingSecret ) .Values.mongodb.auth.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-mongodb-secret + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Release.Name }}-mongodb +type: Opaque +data: + root-user: {{ .Values.mongodb.auth.rootUser | default "root" | b64enc | quote }} + root-password: {{ .Values.mongodb.auth.rootPassword | b64enc | quote }} +{{- end }} \ No newline at end of file diff --git a/charts/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml b/charts/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml new file mode 100644 index 000000000..a4f78d095 --- /dev/null +++ b/charts/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml @@ -0,0 +1,140 @@ +{{- if eq .Values.mongodb.mode "standalone" }} + +{{- $bitnamiPVC := printf "datadir-%s-mongodb-0" .Release.Name }} +{{- $existingBitnamiPVC := lookup "v1" "PersistentVolumeClaim" .Release.Namespace $bitnamiPVC }} +{{- $pvcName := ternary "datadir" "data" (not (empty $existingBitnamiPVC)) }} + +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ .Release.Name }}-mongodb + labels: + app: {{ .Release.Name }}-mongodb + mode: standalone +spec: + serviceName: {{ .Release.Name }}-mongodb + replicas: 1 + + selector: + matchLabels: + app: {{ .Release.Name }}-mongodb + + template: + metadata: + labels: + app: {{ .Release.Name }}-mongodb + mode: standalone + spec: + {{- with .Values.mongodb.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + + initContainers: + {{- if .Values.mongodb.initPermissions }} + - name: init-permissions + image: busybox:1.36 + command: ["sh", "-c", "mkdir -p /data/db && chown -R 999:999 /data/db && chmod -R 755 /data/db"] + volumeMounts: + - name: {{ $pvcName }} + mountPath: /data/db + securityContext: + runAsUser: 0 + {{- end }} + + containers: + - name: mongodb + image: "{{ .Values.mongodb.image.repository }}:{{ .Values.mongodb.image.tag }}" + imagePullPolicy: {{ .Values.mongodb.image.pullPolicy | default "IfNotPresent" }} + + {{- with .Values.mongodb.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + + ports: + - containerPort: 27017 + name: mongodb + + {{- if .Values.mongodb.auth.enabled }} + env: + {{- if .Values.mongodb.auth.existingSecret }} + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.mongodb.auth.existingSecret }} + key: {{ .Values.mongodb.auth.rootUserKey | default "root-user" | quote }} + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.mongodb.auth.existingSecret }} + key: {{ .Values.mongodb.auth.rootPasswordKey | default "root-password" | quote }} + {{- else }} + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-mongodb-secret + key: root-user + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-mongodb-secret + key: root-password + {{- end }} + {{- end }} + + volumeMounts: + - name: {{ $pvcName }} + mountPath: /data/db + + {{- with .Values.mongodb.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + + {{- if .Values.mongodb.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: {{ .Values.mongodb.livenessProbe.initialDelaySeconds | default 30 }} + periodSeconds: {{ .Values.mongodb.livenessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.mongodb.livenessProbe.timeoutSeconds | default 5 }} + failureThreshold: {{ .Values.mongodb.livenessProbe.failureThreshold | default 3 }} + {{- end }} + + {{- if .Values.mongodb.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: {{ .Values.mongodb.readinessProbe.initialDelaySeconds | default 5 }} + periodSeconds: {{ .Values.mongodb.readinessProbe.periodSeconds | default 10 }} + timeoutSeconds: {{ .Values.mongodb.readinessProbe.timeoutSeconds | default 5 }} + failureThreshold: {{ .Values.mongodb.readinessProbe.failureThreshold | default 3 }} + {{- end }} + + {{- if .Values.mongodb.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: {{ $pvcName }} + {{- if $existingBitnamiPVC }} + annotations: + migration.mongodb/bitnami-pvc: {{ $bitnamiPVC | quote }} + {{- end }} + spec: + accessModes: + - {{ .Values.mongodb.persistence.accessMode | default "ReadWriteOnce" }} + {{- if .Values.mongodb.persistence.storageClassName }} + storageClassName: {{ .Values.mongodb.persistence.storageClassName }} + {{- end }} + resources: + requests: + storage: {{ .Values.mongodb.persistence.size | default "10Gi" }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/splunk-connect-for-snmp/templates/mongodb/rbac.yaml b/charts/splunk-connect-for-snmp/templates/mongodb/rbac.yaml new file mode 100644 index 000000000..7bc41d888 --- /dev/null +++ b/charts/splunk-connect-for-snmp/templates/mongodb/rbac.yaml @@ -0,0 +1,36 @@ +{{- if eq .Values.mongodb.mode "replication" }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Release.Name }}-mongodb-init-sa + labels: + app: {{ .Release.Name }}-mongodb +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ .Release.Name }}-mongodb-init-role + labels: + app: {{ .Release.Name }}-mongodb +rules: +- apiGroups: [""] + resources: ["pods", "pods/exec"] + verbs: ["get", "list", "create"] +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Release.Name }}-mongodb-init-rb + labels: + app: {{ .Release.Name }}-mongodb +subjects: +- kind: ServiceAccount + name: {{ .Release.Name }}-mongodb-init-sa +roleRef: + kind: Role + name: {{ .Release.Name }}-mongodb-init-role + apiGroup: rbac.authorization.k8s.io +{{- end }} \ No newline at end of file diff --git a/charts/splunk-connect-for-snmp/templates/mongodb/service-headless.yaml b/charts/splunk-connect-for-snmp/templates/mongodb/service-headless.yaml new file mode 100644 index 000000000..23cfa57ce --- /dev/null +++ b/charts/splunk-connect-for-snmp/templates/mongodb/service-headless.yaml @@ -0,0 +1,13 @@ +{{- if eq .Values.mongodb.mode "replication" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-mongodb-headless +spec: + clusterIP: None + ports: + - name: mongodb + port: {{ .Values.mongodb.service.port }} + selector: + app: {{ .Release.Name }}-mongodb +{{- end }} diff --git a/charts/splunk-connect-for-snmp/templates/mongodb/service.yaml b/charts/splunk-connect-for-snmp/templates/mongodb/service.yaml new file mode 100644 index 000000000..6927379b2 --- /dev/null +++ b/charts/splunk-connect-for-snmp/templates/mongodb/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-mongodb +spec: + type: ClusterIP + ports: + - port: {{ .Values.mongodb.service.port | default 27017 }} + targetPort: 27017 + selector: + app: {{ .Release.Name }}-mongodb diff --git a/charts/splunk-connect-for-snmp/templates/redis/redis-ha-statefulset.yaml b/charts/splunk-connect-for-snmp/templates/redis/redis-ha-statefulset.yaml index d7af945d1..559552f6f 100644 --- a/charts/splunk-connect-for-snmp/templates/redis/redis-ha-statefulset.yaml +++ b/charts/splunk-connect-for-snmp/templates/redis/redis-ha-statefulset.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/component: database spec: serviceName: {{ .Release.Name }}-redis-headless - replicas: {{ .Values.redis.replicas | default 3 }} + replicas: {{ .Values.redis.replicaCount | default 3 }} podManagementPolicy: Parallel selector: matchLabels: diff --git a/charts/splunk-connect-for-snmp/templates/redis/sentinel/redis-sentinel-statefulset.yaml b/charts/splunk-connect-for-snmp/templates/redis/sentinel/redis-sentinel-statefulset.yaml index d45cab437..0ea14aae1 100644 --- a/charts/splunk-connect-for-snmp/templates/redis/sentinel/redis-sentinel-statefulset.yaml +++ b/charts/splunk-connect-for-snmp/templates/redis/sentinel/redis-sentinel-statefulset.yaml @@ -9,7 +9,7 @@ metadata: app.kubernetes.io/component: sentinel spec: serviceName: {{ .Release.Name }}-redis-sentinel - replicas: {{ .Values.redis.sentinel.replicas | default 3 }} + replicas: {{ .Values.redis.sentinel.replicaCount | default 3 }} selector: matchLabels: app: {{ .Release.Name }}-redis-sentinel diff --git a/charts/splunk-connect-for-snmp/templates/scheduler/deployment.yaml b/charts/splunk-connect-for-snmp/templates/scheduler/deployment.yaml index c00d2c992..ac4bc5205 100644 --- a/charts/splunk-connect-for-snmp/templates/scheduler/deployment.yaml +++ b/charts/splunk-connect-for-snmp/templates/scheduler/deployment.yaml @@ -47,8 +47,7 @@ spec: - name: CONFIG_PATH value: /app/config/config.yaml {{- include "splunk-connect-for-snmp.redis-env" . | nindent 12 }} - - name: MONGO_URI - value: {{ include "splunk-connect-for-snmp.mongo_uri" . }} + {{- include "splunk-connect-for-snmp.mongodb-env" . | nindent 12 }} - name: MIB_SOURCES value: "http://{{ printf "%s-%s" .Release.Name "mibserver" }}/asn1/@mib@" - name: MIB_INDEX diff --git a/charts/splunk-connect-for-snmp/templates/traps/deployment.yaml b/charts/splunk-connect-for-snmp/templates/traps/deployment.yaml index 479d01438..17dcafca8 100644 --- a/charts/splunk-connect-for-snmp/templates/traps/deployment.yaml +++ b/charts/splunk-connect-for-snmp/templates/traps/deployment.yaml @@ -48,8 +48,7 @@ spec: env: - name: CONFIG_PATH value: /app/config/config.yaml - - name: MONGO_URI - value: {{ include "splunk-connect-for-snmp.mongo_uri" . }} + {{- include "splunk-connect-for-snmp.mongodb-env" . | nindent 12 }} {{- include "splunk-connect-for-snmp.redis-env" . | nindent 12 }} - name: MIB_SOURCES value: "http://{{ printf "%s-%s" .Release.Name "mibserver" }}/asn1/@mib@" diff --git a/charts/splunk-connect-for-snmp/templates/ui/_helpers.tpl b/charts/splunk-connect-for-snmp/templates/ui/_helpers.tpl index 04885d7f9..385a92c7d 100644 --- a/charts/splunk-connect-for-snmp/templates/ui/_helpers.tpl +++ b/charts/splunk-connect-for-snmp/templates/ui/_helpers.tpl @@ -34,10 +34,9 @@ spec: - name: CONFIG_PATH value: /app/config/config.yaml {{ include "splunk-connect-for-snmp.redis-env" . | nindent 10 }} + {{ include "splunk-connect-for-snmp.mongodb-env" . | nindent 10 }} - name: INVENTORY_PATH value: /app/inventory/inventory.csv - - name: MONGO_URI - value: {{ include "splunk-connect-for-snmp.mongo_uri" . }} - name: MIB_SOURCES value: "http://{{ printf "%s-%s" .Release.Name "mibserver" }}/asn1/@mib@" - name: MIB_INDEX diff --git a/charts/splunk-connect-for-snmp/templates/ui/deployment-backend-worker.yaml b/charts/splunk-connect-for-snmp/templates/ui/deployment-backend-worker.yaml index 124f0a920..92df4afb6 100644 --- a/charts/splunk-connect-for-snmp/templates/ui/deployment-backend-worker.yaml +++ b/charts/splunk-connect-for-snmp/templates/ui/deployment-backend-worker.yaml @@ -23,9 +23,8 @@ spec: imagePullPolicy: {{ .Values.UI.backEnd.pullPolicy }} command: ["sh","-c","/celery_start.sh"] env: - - name: MONGO_URI - value: {{ include "splunk-connect-for-snmp.mongo_uri" . }} {{ include "splunk-connect-for-snmp.redis-env" . | nindent 8 }} + {{ include "splunk-connect-for-snmp.mongodb-env" . | nindent 8 }} - name: JOB_CONFIG_PATH value: /config/job_config.yaml - name: JOB_NAMESPACE diff --git a/charts/splunk-connect-for-snmp/templates/ui/deployment-backend.yaml b/charts/splunk-connect-for-snmp/templates/ui/deployment-backend.yaml index dea257b6b..e4364a5cb 100644 --- a/charts/splunk-connect-for-snmp/templates/ui/deployment-backend.yaml +++ b/charts/splunk-connect-for-snmp/templates/ui/deployment-backend.yaml @@ -45,9 +45,8 @@ spec: imagePullPolicy: {{ .Values.UI.backEnd.pullPolicy }} command: ["sh","-c","/flask_start.sh"] env: - - name: MONGO_URI - value: {{ include "splunk-connect-for-snmp.mongo_uri" . }} {{ include "splunk-connect-for-snmp.redis-env" . | nindent 8 }} + {{ include "splunk-connect-for-snmp.mongodb-env" . | nindent 8 }} - name: JOB_CONFIG_PATH value: /config/job_config.yaml - name: JOB_NAMESPACE diff --git a/charts/splunk-connect-for-snmp/templates/worker/_helpers.tpl b/charts/splunk-connect-for-snmp/templates/worker/_helpers.tpl index 766115441..b3ef01632 100644 --- a/charts/splunk-connect-for-snmp/templates/worker/_helpers.tpl +++ b/charts/splunk-connect-for-snmp/templates/worker/_helpers.tpl @@ -94,8 +94,7 @@ Common labels - name: SC4SNMP_VERSION value: {{ .Chart.Version | default "0.0.0" }} {{ include "splunk-connect-for-snmp.redis-env" . }} -- name: MONGO_URI - value: {{ include "splunk-connect-for-snmp.mongo_uri" . }} +{{ include "splunk-connect-for-snmp.mongodb-env" . }} - name: WALK_RETRY_MAX_INTERVAL value: {{ .Values.worker.walkRetryMaxInterval | default "180" | quote }} - name: WALK_MAX_RETRIES diff --git a/charts/splunk-connect-for-snmp/values.yaml b/charts/splunk-connect-for-snmp/values.yaml index f45579177..d76417931 100644 --- a/charts/splunk-connect-for-snmp/values.yaml +++ b/charts/splunk-connect-for-snmp/values.yaml @@ -515,95 +515,66 @@ useDeprecatedAPI: false ############################################################################# ### Please do not modify below values, unless you know what you're doing! ### ############################################################################# -mongodb: - architecture: "standalone" - updateStrategy: - type: Recreate - initdbScripts: - setFeatureCompatibilityVersion.js: | - db.adminCommand({ setFeatureCompatibilityVersion: "6.0" }); - image: - repository: bitnamilegacy/mongodb +# Default values for mongodb-ha - ## @section Global parameters - ## Global Docker image parameters - ## Please, note that this will override the image parameters, including dependencies, configured to use the global value - ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - - ## @section Common parameters - ## +## MongoDB image configuration +# MongoDB image +mongodb: + mode: standalone # options: standalone | replication - ## @param clusterDomain Default Kubernetes cluster domain - ## - clusterDomain: cluster.local + replicaCount: 3 # used only when mode = "replication" + replicaSetName: rs0 + replicaInitJob: + image: + repository: "alpine/kubectl" + tag: "1.34.2" + # MongoDB replicas pod initialisation timeout in seconds + timeout: 600 + image: + repository: mongo + tag: "8.2.2" + pullPolicy: IfNotPresent - ## auth: - ## @param auth.enabled Enable authentication - ## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/ - ## - enabled: false - - ## MongoDB® containers' resource requests and limits. - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param resources.limits The resources limits for MongoDB® containers - ## @param resources.requests The requested resources for MongoDB® containers - ## - rbac: - create: true - resources: {} - # limits: - # cpu: 1000m - # memory: 768Mi - # requests: - # cpu: 250m - # memory: 512Mi + enabled: true + rootUser: admin + rootPassword: "ChangeMe123" + rootUserKey: "root-user" + rootPasswordKey: "root-password" + existingSecret: "" + existingReplicaKeySecret: "" - ## @section Volume Permissions parameters + persistence: + enabled: true + accessMode: ReadWriteOnce + size: 5Gi + storageClassName: "" - ## @section Metrics parameters + service: + port: 27017 - metrics: - ## @param metrics.enabled Enable using a sidecar Prometheus exporter - ## + livenessProbe: enabled: true - containerPort: 9216 - ## Prometheus Exporter service configuration - ## - image: - repository: bitnamilegacy/mongodb-exporter - service: - ## @param metrics.service.annotations [object] Annotations for Prometheus Exporter pods. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9216" - pdb: - create: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 - ## In MicroK8s there is an addon providing PersistentVolumes. - ## "microk8s-hostpath" is the default storageClassName ref: https://microk8s.io/docs/addon-hostpath-storage. - ## If something else than MicroK8s is used, then persistence.storageClass needs to be adjusted accordingly: - ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class-1 - persistence: - storageClass: "microk8s-hostpath" - volumePermissions: - image: - repository: bitnamilegacy/os-shell + # Readiness probe + readinessProbe: enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 redis: # Mode selector: "standalone", "replication" architecture: standalone # Options for Redis replication - replicas: 3 + replicaCount: 3 sentinel: - replicas: 3 + replicaCount: 3 quorum: 2 resources: requests: @@ -642,7 +613,7 @@ redis: # Storage storage: enabled: true - storageClassName: microk8s-hostpath + storageClassName: "" accessModes: - ReadWriteOnce size: 5Gi diff --git a/construct-redis-url.sh b/construct-connection-strings.sh similarity index 61% rename from construct-redis-url.sh rename to construct-connection-strings.sh index c165b43d9..6aa7b523d 100644 --- a/construct-redis-url.sh +++ b/construct-connection-strings.sh @@ -1,5 +1,9 @@ #!/usr/bin/env sh -# Constructs REDIS_URL and CELERY_BROKER_URL from components if not already set +# Constructs Redis and MongoDB connection strings based on environment variables + +############################ + ### REDIS ### +############################ # Detect mode REDIS_MODE="${REDIS_MODE:-standalone}" @@ -61,8 +65,40 @@ if [ -z "$REDIS_URL" ] || [ -z "$CELERY_BROKER_URL" ]; then REDIS_DEPENDENCIES="${REDIS_URL} ${CELERY_BROKER_URL}" fi +############################ + ### MongoDB ### +############################ + + # Build MongoDB URI from environment variables + if [ -n "$MONGODB_PASSWORD" ]; then + # With authentication + if [ -n "$MONGODB_REPLICA_SET" ]; then + # Replica set + export MONGO_URI="mongodb://${MONGODB_USERNAME}:${MONGODB_PASSWORD}@${MONGODB_HOST}/${MONGODB_DATABASE}?replicaSet=${MONGODB_REPLICA_SET}&authSource=${MONGODB_AUTH_SOURCE:-admin}&readPreference=primary" + else + # Standalone + export MONGO_URI="mongodb://${MONGODB_USERNAME}:${MONGODB_PASSWORD}@${MONGODB_HOST}:${MONGODB_PORT}/${MONGODB_DATABASE}?authSource=admin" + fi + else + # Without authentication + if [ -n "$MONGODB_REPLICA_SET" ]; then + export MONGO_URI="mongodb://${MONGODB_HOST}/${MONGODB_DATABASE}?replicaSet=${MONGODB_REPLICA_SET}&authSource=admin&retryWrites=false" + else + export MONGO_URI="mongodb://${MONGODB_HOST}:${MONGODB_PORT}/${MONGODB_DATABASE}?authSource=admin" + fi + fi + + if [ -n "$MONGODB_REPLICA_SET" ]; then + export MONGO_WAIT="mongodb://${MONGODB_HOST}/${MONGODB_DATABASE}?replicaSet=${MONGODB_REPLICA_SET}&authSource=admin&retryWrites=false" + else + export MONGO_WAIT="mongodb://${MONGODB_HOST}:${MONGODB_PORT}/${MONGODB_DATABASE}?authSource=admin" + fi + + export MONGO_WAIT + export MONGO_URI export REDIS_URL export CELERY_BROKER_URL export REDIS_DEPENDENCIES export REDIS_MODE + fi \ No newline at end of file diff --git a/docker_compose/.env b/docker_compose/.env index 6a772da89..75dd4f1a9 100644 --- a/docker_compose/.env +++ b/docker_compose/.env @@ -1,11 +1,11 @@ # Deployment configuration SC4SNMP_IMAGE=ghcr.io/splunk/splunk-connect-for-snmp/container -SC4SNMP_TAG="1.14.2-beta.6" +SC4SNMP_TAG="1.14.2-beta.7" SCHEDULER_CONFIG_FILE_ABSOLUTE_PATH= TRAPS_CONFIG_FILE_ABSOLUTE_PATH= INVENTORY_FILE_ABSOLUTE_PATH= COREFILE_ABS_PATH= -SC4SNMP_VERSION="1.14.2-beta.6" +SC4SNMP_VERSION="1.14.2-beta.7" # Network configuration COREDNS_ADDRESS=172.28.0.255 @@ -23,8 +23,8 @@ MIBSERVER_IMAGE=ghcr.io/pysnmp/mibs/container MIBSERVER_TAG=latest REDIS_IMAGE=docker.io/redis REDIS_TAG=8.2.2 -MONGO_IMAGE=docker.io/bitnamilegacy/mongodb -MONGO_TAG=7.0.14-debian-12-r3 +MONGO_IMAGE=docker.io/mongo +MONGO_TAG=8.2.2 # Splunk instance configuration SPLUNK_HEC_HOST= diff --git a/docs/microk8s/configuration/mongo-configuration.md b/docs/microk8s/configuration/mongo-configuration.md index ab532a57e..a5ccf2543 100644 --- a/docs/microk8s/configuration/mongo-configuration.md +++ b/docs/microk8s/configuration/mongo-configuration.md @@ -1,34 +1,300 @@ -# Mongo DB Configuration +# MongoDB Configuration -Mongo DB is used as the database for keeping schedules. +MongoDB serves as the persistent data store for SC4SNMP, storing device profiles, inventory data, task metadata, and SNMP walk results. It is a critical component for maintaining state and configuration across the application. + +!!!note + Previously, MongoDB in our stack was provided via the Bitnami Helm chart. As Bitnami transitions certain components to a paid model, we have replaced it with our own Kubernetes manifests, implementing the necessary deployment logic in-house. + This change ensures we maintain full control over configuration, compatibility, and licensing. If you encounter any issues or identify missing configuration options, please open an issue in the project repository so we can address it promptly. ### MongoDB configuration file -MongoDB configuration is kept in the `values.yaml` file in the `mongodb` section. -`values.yaml` is used during the installation process for configuring kubernetes values. +MongoDB configuration is maintained in the `mongodb` section of `values.yaml`, which is used during installation to configure Kubernetes resources. -See the following example: ```yaml mongodb: - #Architecture, Architecture for Mongo deployments is immutable to move from standalone to replicaset will require a uninstall. - # "replicaset" for HA or multi node deployments - # "standalone" for single node non HA - #architecture: "standalone" - pdb: - create: true - #The following requests and limits are appropriate starting points - #For productions deployments - resources: - limits: - cpu: 2 - memory: 2Gi + # Mode selector: "standalone", "replication" + mode: standalone + + # Replica set configuration (used only when mode = "replication") + replicaCount: 3 + replicaSetName: rs0 + + # Authentication + auth: + enabled: true + rootUser: "admin" + rootPassword: "" # Set if auth.enabled: true + existingUserSecret: "" # Or reference existing secret + rootUserKey: "root-user" + rootPasswordKey: "root-password" + + # Image + image: + repository: mongo + tag: "7.0" + pullPolicy: IfNotPresent + + # Resources + resources: requests: - cpu: 750m - memory: 512Mi + memory: "512Mi" + cpu: "250m" + limits: + memory: "1Gi" + cpu: "500m" + + # Storage persistence: - storageClass: "microk8s-hostpath" - volumePermissions: enabled: true + size: 10Gi + storageClassName: "" + accessMode: ReadWriteOnce + + # Security + podSecurityContext: + fsGroup: 999 + fsGroupChangePolicy: "OnRootMismatch" + + containerSecurityContext: + runAsUser: 999 + runAsGroup: 999 + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL +``` + +| Key | Type | Default | Description | +|--------------------------------------------|--------|----------------|------------------------------------------------------------------| +| mongodb.mode | string | standalone | Deployment mode (standalone or replication). | +| mongodb.replicaCount | int | 3 | Number of MongoDB pods (used only in replication mode). | +| mongodb.replicaSetName | string | rs0 | Internal replica set identifier (used only in replication mode). | +| mongodb.auth.enabled | bool | true | Enable MongoDB authentication. | +| mongodb.auth.rootUser | string | admin | Root username for MongoDB. | +| mongodb.auth.rootPassword | string | "" | Root password (avoid committing; prefer secret). | +| mongodb.auth.existingUserSecret | string | "" | Name of existing Kubernetes Secret providing credentials. | +| mongodb.auth.rootUserKey | string | root-user | Key inside existing secret containing the username. | +| mongodb.auth.rootPasswordKey | string | root-password | Key inside existing secret containing the password. | +| mongodb.image.repository | string | mongo | Container image repository. | +| mongodb.image.tag | string | 7.0 | Image tag / MongoDB version. | +| mongodb.image.pullPolicy | string | IfNotPresent | Image pull policy. | +| mongodb.resources.requests.cpu | string | "" | Guaranteed minimum CPU. | +| mongodb.resources.requests.memory | string | "" | Guaranteed minimum memory. | +| mongodb.resources.limits.cpu | string | "" | CPU limit. | +| mongodb.resources.limits.memory | string | "" | Memory limit. | +| mongodb.persistence.enabled | bool | true | Create PersistentVolumeClaim. | +| mongodb.persistence.storageClassName | string | "" | StorageClass for the PVC (empty = default). | +| mongodb.persistence.accessMode | string | ReadWriteOnce | PVC access mode. | +| mongodb.persistence.size | string | 10Gi | Requested persistent volume size. | +| mongodb.podSecurityContext.fsGroup | int | 999 | FS group owning mounted volumes. | +| mongodb.containerSecurityContext.runAsUser | int | 999 | UID for the container (non-root hardening). | +| mongodb.replicaInitJob.image.repository | string | alpine/kubectl | Container image for the initialization job. | +| mongodb.replicaInitJob.image.tag | string | 1.34.2 | Image tag / kubectl version. | +| mongodb.replicaInitJob.timeout | int | 600 | Maximum time (in seconds) to wait for each pod to become ready. | + +### Architecture Modes + +#### Standalone Mode (Default) + +**Architecture**: + +* Single MongoDB pod +* Simple deployment +* Minimal resource overhead + +Use cases: + +* Single-node environments +* Development and testing +* Non-critical workloads + +Characteristics: + +* Resources: 1 MongoDB pod +* Complexity: Low +* Recovery time: ~30-60 seconds (Kubernetes reschedules pod on node failure) +* No automatic failover + +##### Configuration + +```yaml +mongodb: + architecture: standalone +``` + +#### Replication Mode + +**Architecture**: + +* 3 MongoDB pods (1 PRIMARY + 2 SECONDARY) +* Automatic failover using MongoDB replica set +* Data replication across all members + +Use cases: + +* Single-node environments +* Development and testing +* Non-critical workloads + +Characteristics: + +* Resources: 1 MongoDB pod +* Complexity: Low +* Recovery time: ~30-60 seconds (Kubernetes reschedules pod on node failure) +* No automatic failover + +##### Configuration + +```yaml +mongodb: + mode: replication + replicaCount: 3 + replicaSetName: rs0 +``` + +!!!note + The replica set is automatically initialized by a Kubernetes Job after all pods are ready. No manual intervention is required. + +##### Storage Considerations + +For true high availability with pod rescheduling across nodes, you must use network-attached storage that supports dynamic provisioning. Node-local storage (like microk8s-hostpath) prevents failed pods from attaching their volumes on different nodes. + +Example using block storage in replication mode: + +#TODO + +!!!note + The storageClassName must point to a StorageClass that supports block storage with ReadWriteOnce access mode. Examples: AWS EBS (gp3), GCP Persistent Disk (pd-ssd), Azure Disk, Ceph RBD, Longhorn. + +### Resource Requirements + +MongoDB memory requirements depend on your working set size, index size, and query patterns. + +Quick sizing guidance: + +Small datasets (<5GB): 1-2GB memory +Medium datasets (5-50GB): 2-4GB memory +Large datasets (>50GB): 4GB+ memory + +Example configuration: + +```yaml +mongodb: + resources: + requests: + cpu: 500m + memory: 2Gi + limits: + cpu: 2000m + memory: 4Gi +``` + +By default, resource limits are set as shown in the configuration table above. Adjust based on your workload. + +### Use authentication for MongoDB + +MongoDB authentication is enabled by default and strongly recommended for production deployments. + +#### Using Direct Password + +Set the password directly in `values.yaml`: + +``` +mongodb: + auth: + enabled: true + rootUser: "admin" + rootPassword: "your_secure_password_here" +``` + +#### Using Existing Kubernetes Secret + +To use an existing Kubernetes Secret, first create it: + +```yaml +kubectl create secret generic prod-mongodb-secret \ + --from-literal=root-user='admin' \ + --from-literal=root-password='your_secure_password_here' +``` + +Then reference it in `values.yaml`: + +```yaml +mongodb: + auth: + enabled: true + existingUserSecret: "prod-mongodb-secret" +``` + +The secret keys (`root-user` and `root-password`) are configurable via `rootUserKey` and `rootPasswordKey` if your secret uses different key names: + +```yaml +mongodb: + auth: + enabled: true + existingUserSecret: "prod-mongodb-secret-with-different-keys" + rootUserKey: "my-username-key" + rootPasswordKey: "my-password-key" +``` + + +### Migration from Bitnami MongoDB + +The chart automatically detects and migrates data from existing Bitnami MongoDB deployments in standalone mode only: + +1. Detects Bitnami PVC: datadir--mongodb-0 +2. Reuses the PVC if found (preserves data) +3. Init container fixes file permissions for compatibility +4. If no existing PVC is found, creates a new one + +No manual intervention required — simply upgrade your deployment with the new chart. + +!!!note + Migration between Bitnami MongoDB and the new chart is possible only to standalone mode. For using replication mode, please reinstall SC4SNMP with a fresh MongoDB deployment. + +### Replica Set Initialization + +When deploying in replication mode, the chart automatically: + +1. Deploys a headless service for stable pod DNS +2. Creates all MongoDB pods with replica set configuration +3. Runs a Kubernetes Job to initialize the replica set +4.Waits for PRIMARY election (typically 10-15 seconds) + +The initialization job: + +1. Waits for all pods to be ready +2. Verifies network connectivity between pods +3. Runs rs.initiate() from inside pod-0 +4. Is idempotent (safe to re-run) + +You can monitor initialization progress: +```bash +kubectl logs -f job/-mongodb-init-rs +``` + +#### Adjusting the timeout: + +For clusters with slow storage provisioning or network latency, you may need to increase the timeout: + +```yaml +mongodb: + replicaInitJob: + timeout: 600 +``` + +#### Using a different kubectl image + +If your environment requires a specific kubectl version or image source: + +```yaml +mongodb: + replicaInitJob: + image: + repository: "alpine/kubectl" + tag: "1.34.2" ``` -It is recommended not to change this setting. If it is necessary to change it, see [MongoDB on Kubernetes](https://github.com/bitnami/charts/tree/master/bitnami/mongodb/). +!!!note + The kubectl image must include a POSIX shell (/bin/sh) and kubectl binary. Distroless images are not supported. \ No newline at end of file diff --git a/docs/microk8s/configuration/redis-configuration.md b/docs/microk8s/configuration/redis-configuration.md index f645b2d2b..8c480be53 100644 --- a/docs/microk8s/configuration/redis-configuration.md +++ b/docs/microk8s/configuration/redis-configuration.md @@ -44,7 +44,7 @@ redis: # Storage storage: enabled: true - storageClassName: microk8s-hostpath + storageClassName: "" accessModes: - ReadWriteOnce size: 5Gi @@ -59,35 +59,35 @@ redis: fsGroup: 999 ``` -| Key | Type | Default | Description | -|------------------------------------------|--------|---------------------|-----------------------------------------------------------------------------------------| -| redis.architecture | string | `standalone` | Deployment mode (standalone or replication). | -| redis.replicas | int | `3` | Data pod count (used only in replication mode). | -| redis.sentinel.replicas | int | `3` | Sentinel pod count (odd recommended). | -| redis.sentinel.quorum | int | `2` | Required Sentinel votes for failover. | -| redis.sentinel.resources.requests.cpu | string | `50m` | Guaranteed Sentinel minimum CPU. | -| redis.sentinel.resources.requests.memory | string | `64Mi` | Guaranteed Sentinel minimum memory. | -| redis.sentinel.resources.limits.cpu | string | `100m` | Guaranteed Sentinel minimum CPU. | -| redis.sentinel.resources.limits.memory | string | `128Mi` | Guaranteed Sentinel minimum memory. | -| redis.auth.enabled | bool | `false` | Enable Redis AUTH. | -| redis.auth.password | string | `""` | Password when AUTH enabled (avoid committing; prefer secret). | -| redis.auth.existingSecret | string | `""` | Name of existing Kubernetes Secret providing the password. | -| redis.auth.existingSecretPasswordKey | string | `password` | Key inside the existing secret containing the password. | -| redis.image.repository | string | `redis` | Container image repository. | -| redis.image.tag | string | `8.2.2` | Image tag / Redis version. | -| redis.image.pullPolicy | string | `IfNotPresent` | Image pull policy. | -| redis.resources.requests.cpu | string | `""` | Guaranteed minimum CPU. | -| redis.resources.requests.memory | string | `""` | Guaranteed minimum memory. | -| redis.resources.limits.cpu | string | `""` | CPU limit. | -| redis.resources.limits.memory | string | `""` | Memory limit. | -| redis.storage.enabled | bool | `true` | Create PersistentVolumeClaim. | -| redis.storage.storageClassName | string | `microk8s-hostpath` | StorageClass for the PVC. | -| redis.storage.accessModes | list | `[ReadWriteOnce]` | PVC access modes. | -| redis.storage.size | string | `5Gi` | Requested persistent volume size. | -| redis.persistence.aof.enabled | bool | `true` | Enable Append Only File persistence. | -| redis.persistence.aof.fsync | string | `everysec` | AOF fsync policy (`always`, `everysec`, `no`). Necessary to migrate from bitnami Redis. | -| redis.podSecurityContext.runAsUser | int | `999` | UID for the container (non-root hardening). | -| redis.podSecurityContext.fsGroup | int | `999` | FS group owning mounted volumes. | +| Key | Type | Default | Description | +|------------------------------------------|--------|-------------------|-----------------------------------------------------------------------------------------| +| redis.architecture | string | `standalone` | Deployment mode (standalone or replication). | +| redis.replicas | int | `3` | Data pod count (used only in replication mode). | +| redis.sentinel.replicas | int | `3` | Sentinel pod count (odd recommended). | +| redis.sentinel.quorum | int | `2` | Required Sentinel votes for failover. | +| redis.sentinel.resources.requests.cpu | string | `50m` | Guaranteed Sentinel minimum CPU. | +| redis.sentinel.resources.requests.memory | string | `64Mi` | Guaranteed Sentinel minimum memory. | +| redis.sentinel.resources.limits.cpu | string | `100m` | Guaranteed Sentinel minimum CPU. | +| redis.sentinel.resources.limits.memory | string | `128Mi` | Guaranteed Sentinel minimum memory. | +| redis.auth.enabled | bool | `false` | Enable Redis AUTH. | +| redis.auth.password | string | `""` | Password when AUTH enabled (avoid committing; prefer secret). | +| redis.auth.existingSecret | string | `""` | Name of existing Kubernetes Secret providing the password. | +| redis.auth.existingSecretPasswordKey | string | `password` | Key inside the existing secret containing the password. | +| redis.image.repository | string | `redis` | Container image repository. | +| redis.image.tag | string | `8.2.2` | Image tag / Redis version. | +| redis.image.pullPolicy | string | `IfNotPresent` | Image pull policy. | +| redis.resources.requests.cpu | string | `""` | Guaranteed minimum CPU. | +| redis.resources.requests.memory | string | `""` | Guaranteed minimum memory. | +| redis.resources.limits.cpu | string | `""` | CPU limit. | +| redis.resources.limits.memory | string | `""` | Memory limit. | +| redis.storage.enabled | bool | `true` | Create PersistentVolumeClaim. | +| redis.storage.storageClassName | string | `""` | StorageClass for the PVC. | +| redis.storage.accessModes | list | `[ReadWriteOnce]` | PVC access modes. | +| redis.storage.size | string | `5Gi` | Requested persistent volume size. | +| redis.persistence.aof.enabled | bool | `true` | Enable Append Only File persistence. | +| redis.persistence.aof.fsync | string | `everysec` | AOF fsync policy (`always`, `everysec`, `no`). Necessary to migrate from bitnami Redis. | +| redis.podSecurityContext.runAsUser | int | `999` | UID for the container (non-root hardening). | +| redis.podSecurityContext.fsGroup | int | `999` | FS group owning mounted volumes. | ### Architecture modes @@ -247,6 +247,8 @@ redis: ``` !!!warning For smoother migration, it's better to create a new secret with the updated values and then update your configuration to reference this new secret, rather than modifying an existing secret in place. + + When changing the content of a Kubernetes Secret that is already in use, the running pods will not automatically pick up the new values. You must recreate the pods for them to use the updated secret. ### Migration from Bitnami Redis diff --git a/entrypoint.sh b/entrypoint.sh index 0af1c0839..70e269ea9 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,11 +1,11 @@ #!/usr/bin/env sh set -e . /app/.venv/bin/activate -. /app/construct-redis-url.sh +. /app/construct-connection-strings.sh LOG_LEVEL=${LOG_LEVEL:=INFO} WORKER_CONCURRENCY=${WORKER_CONCURRENCY:=4} -wait-for-dep ${REDIS_DEPENDENCIES} "${MONGO_URI}" "${MIB_INDEX}" +wait-for-dep ${REDIS_DEPENDENCIES} "${MONGO_WAIT}" "${MIB_INDEX}" case $1 in diff --git a/integration_tests/.env b/integration_tests/.env index fc2103e08..4b990b27f 100644 --- a/integration_tests/.env +++ b/integration_tests/.env @@ -17,8 +17,8 @@ MIBSERVER_IMAGE=ghcr.io/pysnmp/mibs/container MIBSERVER_TAG=latest REDIS_IMAGE=docker.io/redis REDIS_TAG=8.2.2 -MONGO_IMAGE=docker.io/bitnamilegacy/mongodb -MONGO_TAG=7.0.14-debian-12-r3 +MONGO_IMAGE=docker.io/mongo +MONGO_TAG=8.2.2 # Splunk instance configuration SPLUNK_HEC_HOST= diff --git a/pyproject.toml b/pyproject.toml index 31da2fb3f..a23bae433 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "splunk-connect-for-snmp" -version = "1.14.2-beta.6" +version = "1.14.2-beta.7" description = "" authors = ["omrozowicz-splunk "] license = "Apache-2.0" diff --git a/rendered/manifests/tests/splunk-connect-for-snmp/templates/inventory/job.yaml b/rendered/manifests/tests/splunk-connect-for-snmp/templates/inventory/job.yaml index aecb72b45..2a4848462 100644 --- a/rendered/manifests/tests/splunk-connect-for-snmp/templates/inventory/job.yaml +++ b/rendered/manifests/tests/splunk-connect-for-snmp/templates/inventory/job.yaml @@ -39,10 +39,28 @@ spec: value: "1" - name: CELERY_DB value: "0" + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: INVENTORY_PATH value: /app/inventory/inventory.csv - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 - name: MIB_SOURCES value: "http://release-name-mibserver/asn1/@mib@" - name: MIB_INDEX diff --git a/rendered/manifests/tests/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml b/rendered/manifests/tests/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml new file mode 100644 index 000000000..f31ef18f1 --- /dev/null +++ b/rendered/manifests/tests/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml @@ -0,0 +1,13 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: release-name-mongodb-secret + namespace: default + labels: + app: release-name-mongodb +type: Opaque +data: + root-user: "YWRtaW4=" + root-password: "Q2hhbmdlTWUxMjM=" diff --git a/rendered/manifests/tests/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml b/rendered/manifests/tests/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml new file mode 100644 index 000000000..f1d9092c3 --- /dev/null +++ b/rendered/manifests/tests/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml @@ -0,0 +1,99 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: release-name-mongodb + labels: + app: release-name-mongodb + mode: standalone +spec: + serviceName: release-name-mongodb + replicas: 1 + + selector: + matchLabels: + app: release-name-mongodb + + template: + metadata: + labels: + app: release-name-mongodb + mode: standalone + spec: + securityContext: + enabled: true + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + + initContainers: + + containers: + - name: mongodb + image: "mongo:8.2.2" + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + enabled: true + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + + ports: + - containerPort: 27017 + name: mongodb + env: + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + + volumeMounts: + - name: data + mountPath: /data/db + livenessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + storageClassName: microk8s-hostpath + resources: + requests: + storage: 5Gi diff --git a/rendered/manifests/tests/splunk-connect-for-snmp/templates/mongodb/service.yaml b/rendered/manifests/tests/splunk-connect-for-snmp/templates/mongodb/service.yaml new file mode 100644 index 000000000..b0158772b --- /dev/null +++ b/rendered/manifests/tests/splunk-connect-for-snmp/templates/mongodb/service.yaml @@ -0,0 +1,13 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-mongodb +spec: + type: ClusterIP + ports: + - port: 27017 + targetPort: 27017 + selector: + app: release-name-mongodb diff --git a/rendered/manifests/tests/splunk-connect-for-snmp/templates/scheduler/deployment.yaml b/rendered/manifests/tests/splunk-connect-for-snmp/templates/scheduler/deployment.yaml index 38e0d7d50..31abbcd1b 100644 --- a/rendered/manifests/tests/splunk-connect-for-snmp/templates/scheduler/deployment.yaml +++ b/rendered/manifests/tests/splunk-connect-for-snmp/templates/scheduler/deployment.yaml @@ -56,8 +56,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: MIB_SOURCES value: "http://release-name-mibserver/asn1/@mib@" - name: MIB_INDEX diff --git a/rendered/manifests/tests/splunk-connect-for-snmp/templates/traps/deployment.yaml b/rendered/manifests/tests/splunk-connect-for-snmp/templates/traps/deployment.yaml index 8beee8755..da59a525d 100644 --- a/rendered/manifests/tests/splunk-connect-for-snmp/templates/traps/deployment.yaml +++ b/rendered/manifests/tests/splunk-connect-for-snmp/templates/traps/deployment.yaml @@ -46,8 +46,26 @@ spec: env: - name: CONFIG_PATH value: /app/config/config.yaml - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: REDIS_MODE value: "standalone" - name: REDIS_HOST diff --git a/rendered/manifests/tests/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml b/rendered/manifests/tests/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml index f3ce888d1..2446d1cb5 100644 --- a/rendered/manifests/tests/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml +++ b/rendered/manifests/tests/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml @@ -58,8 +58,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml b/rendered/manifests/tests/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml index 18f7815e9..b159e69e0 100644 --- a/rendered/manifests/tests/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml +++ b/rendered/manifests/tests/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml @@ -58,8 +58,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml b/rendered/manifests/tests/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml index 4d432158a..6070d2f97 100644 --- a/rendered/manifests/tests/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml +++ b/rendered/manifests/tests/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml @@ -58,8 +58,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/inventory/job.yaml b/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/inventory/job.yaml index aecb72b45..2a4848462 100644 --- a/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/inventory/job.yaml +++ b/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/inventory/job.yaml @@ -39,10 +39,28 @@ spec: value: "1" - name: CELERY_DB value: "0" + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: INVENTORY_PATH value: /app/inventory/inventory.csv - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 - name: MIB_SOURCES value: "http://release-name-mibserver/asn1/@mib@" - name: MIB_INDEX diff --git a/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml b/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml new file mode 100644 index 000000000..f31ef18f1 --- /dev/null +++ b/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml @@ -0,0 +1,13 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: release-name-mongodb-secret + namespace: default + labels: + app: release-name-mongodb +type: Opaque +data: + root-user: "YWRtaW4=" + root-password: "Q2hhbmdlTWUxMjM=" diff --git a/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml b/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml new file mode 100644 index 000000000..f1d9092c3 --- /dev/null +++ b/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml @@ -0,0 +1,99 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: release-name-mongodb + labels: + app: release-name-mongodb + mode: standalone +spec: + serviceName: release-name-mongodb + replicas: 1 + + selector: + matchLabels: + app: release-name-mongodb + + template: + metadata: + labels: + app: release-name-mongodb + mode: standalone + spec: + securityContext: + enabled: true + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + + initContainers: + + containers: + - name: mongodb + image: "mongo:8.2.2" + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + enabled: true + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + + ports: + - containerPort: 27017 + name: mongodb + env: + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + + volumeMounts: + - name: data + mountPath: /data/db + livenessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + storageClassName: microk8s-hostpath + resources: + requests: + storage: 5Gi diff --git a/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/mongodb/service.yaml b/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/mongodb/service.yaml new file mode 100644 index 000000000..b0158772b --- /dev/null +++ b/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/mongodb/service.yaml @@ -0,0 +1,13 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-mongodb +spec: + type: ClusterIP + ports: + - port: 27017 + targetPort: 27017 + selector: + app: release-name-mongodb diff --git a/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/scheduler/deployment.yaml b/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/scheduler/deployment.yaml index 38e0d7d50..31abbcd1b 100644 --- a/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/scheduler/deployment.yaml +++ b/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/scheduler/deployment.yaml @@ -56,8 +56,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: MIB_SOURCES value: "http://release-name-mibserver/asn1/@mib@" - name: MIB_INDEX diff --git a/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/traps/deployment.yaml b/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/traps/deployment.yaml index a4cca077b..d84222ecc 100644 --- a/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/traps/deployment.yaml +++ b/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/traps/deployment.yaml @@ -45,8 +45,26 @@ spec: env: - name: CONFIG_PATH value: /app/config/config.yaml - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: REDIS_MODE value: "standalone" - name: REDIS_HOST diff --git a/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml b/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml index 23f6532fe..fc2597706 100644 --- a/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml +++ b/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml @@ -57,8 +57,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml b/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml index cf7160b80..fcc2baf8a 100644 --- a/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml +++ b/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml @@ -57,8 +57,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml b/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml index 88a082662..9bbebbba5 100644 --- a/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml +++ b/rendered/manifests/tests_autoscaling_enabled/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml @@ -57,8 +57,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/inventory/job.yaml b/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/inventory/job.yaml index aecb72b45..2a4848462 100644 --- a/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/inventory/job.yaml +++ b/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/inventory/job.yaml @@ -39,10 +39,28 @@ spec: value: "1" - name: CELERY_DB value: "0" + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: INVENTORY_PATH value: /app/inventory/inventory.csv - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 - name: MIB_SOURCES value: "http://release-name-mibserver/asn1/@mib@" - name: MIB_INDEX diff --git a/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml b/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml new file mode 100644 index 000000000..f31ef18f1 --- /dev/null +++ b/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml @@ -0,0 +1,13 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: release-name-mongodb-secret + namespace: default + labels: + app: release-name-mongodb +type: Opaque +data: + root-user: "YWRtaW4=" + root-password: "Q2hhbmdlTWUxMjM=" diff --git a/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml b/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml new file mode 100644 index 000000000..f1d9092c3 --- /dev/null +++ b/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml @@ -0,0 +1,99 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: release-name-mongodb + labels: + app: release-name-mongodb + mode: standalone +spec: + serviceName: release-name-mongodb + replicas: 1 + + selector: + matchLabels: + app: release-name-mongodb + + template: + metadata: + labels: + app: release-name-mongodb + mode: standalone + spec: + securityContext: + enabled: true + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + + initContainers: + + containers: + - name: mongodb + image: "mongo:8.2.2" + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + enabled: true + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + + ports: + - containerPort: 27017 + name: mongodb + env: + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + + volumeMounts: + - name: data + mountPath: /data/db + livenessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + storageClassName: microk8s-hostpath + resources: + requests: + storage: 5Gi diff --git a/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/mongodb/service.yaml b/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/mongodb/service.yaml new file mode 100644 index 000000000..b0158772b --- /dev/null +++ b/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/mongodb/service.yaml @@ -0,0 +1,13 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-mongodb +spec: + type: ClusterIP + ports: + - port: 27017 + targetPort: 27017 + selector: + app: release-name-mongodb diff --git a/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/scheduler/deployment.yaml b/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/scheduler/deployment.yaml index 38e0d7d50..31abbcd1b 100644 --- a/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/scheduler/deployment.yaml +++ b/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/scheduler/deployment.yaml @@ -56,8 +56,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: MIB_SOURCES value: "http://release-name-mibserver/asn1/@mib@" - name: MIB_INDEX diff --git a/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/traps/deployment.yaml b/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/traps/deployment.yaml index a4cca077b..d84222ecc 100644 --- a/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/traps/deployment.yaml +++ b/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/traps/deployment.yaml @@ -45,8 +45,26 @@ spec: env: - name: CONFIG_PATH value: /app/config/config.yaml - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: REDIS_MODE value: "standalone" - name: REDIS_HOST diff --git a/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml b/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml index 23f6532fe..fc2597706 100644 --- a/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml +++ b/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml @@ -57,8 +57,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml b/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml index cf7160b80..fcc2baf8a 100644 --- a/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml +++ b/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml @@ -57,8 +57,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml b/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml index 88a082662..9bbebbba5 100644 --- a/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml +++ b/rendered/manifests/tests_autoscaling_enabled_deprecated/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml @@ -57,8 +57,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/inventory/job.yaml b/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/inventory/job.yaml index bb35b52b2..4b35b5759 100644 --- a/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/inventory/job.yaml +++ b/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/inventory/job.yaml @@ -39,10 +39,28 @@ spec: value: "1" - name: CELERY_DB value: "0" + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: INVENTORY_PATH value: /app/inventory/inventory.csv - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 - name: MIB_SOURCES value: "http://release-name-mibserver/asn1/@mib@" - name: MIB_INDEX diff --git a/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml b/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml new file mode 100644 index 000000000..f31ef18f1 --- /dev/null +++ b/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml @@ -0,0 +1,13 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: release-name-mongodb-secret + namespace: default + labels: + app: release-name-mongodb +type: Opaque +data: + root-user: "YWRtaW4=" + root-password: "Q2hhbmdlTWUxMjM=" diff --git a/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml b/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml new file mode 100644 index 000000000..f1d9092c3 --- /dev/null +++ b/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml @@ -0,0 +1,99 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: release-name-mongodb + labels: + app: release-name-mongodb + mode: standalone +spec: + serviceName: release-name-mongodb + replicas: 1 + + selector: + matchLabels: + app: release-name-mongodb + + template: + metadata: + labels: + app: release-name-mongodb + mode: standalone + spec: + securityContext: + enabled: true + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + + initContainers: + + containers: + - name: mongodb + image: "mongo:8.2.2" + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + enabled: true + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + + ports: + - containerPort: 27017 + name: mongodb + env: + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + + volumeMounts: + - name: data + mountPath: /data/db + livenessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + storageClassName: microk8s-hostpath + resources: + requests: + storage: 5Gi diff --git a/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/mongodb/service.yaml b/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/mongodb/service.yaml new file mode 100644 index 000000000..b0158772b --- /dev/null +++ b/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/mongodb/service.yaml @@ -0,0 +1,13 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-mongodb +spec: + type: ClusterIP + ports: + - port: 27017 + targetPort: 27017 + selector: + app: release-name-mongodb diff --git a/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/scheduler/deployment.yaml b/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/scheduler/deployment.yaml index 38e0d7d50..31abbcd1b 100644 --- a/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/scheduler/deployment.yaml +++ b/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/scheduler/deployment.yaml @@ -56,8 +56,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: MIB_SOURCES value: "http://release-name-mibserver/asn1/@mib@" - name: MIB_INDEX diff --git a/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/traps/deployment.yaml b/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/traps/deployment.yaml index 8beee8755..da59a525d 100644 --- a/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/traps/deployment.yaml +++ b/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/traps/deployment.yaml @@ -46,8 +46,26 @@ spec: env: - name: CONFIG_PATH value: /app/config/config.yaml - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: REDIS_MODE value: "standalone" - name: REDIS_HOST diff --git a/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/ui/deployment-backend-worker.yaml b/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/ui/deployment-backend-worker.yaml index 44d655f55..6644d4edf 100644 --- a/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/ui/deployment-backend-worker.yaml +++ b/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/ui/deployment-backend-worker.yaml @@ -26,7 +26,7 @@ spec: env: - name: MONGO_URI value: mongodb://release-name-mongodb:27017 - + - name: REDIS_MODE value: "standalone" - name: REDIS_HOST diff --git a/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/ui/deployment-backend.yaml b/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/ui/deployment-backend.yaml index a93d49b1f..2f33d1979 100644 --- a/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/ui/deployment-backend.yaml +++ b/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/ui/deployment-backend.yaml @@ -46,7 +46,7 @@ spec: env: - name: MONGO_URI value: mongodb://release-name-mongodb:27017 - + - name: REDIS_MODE value: "standalone" - name: REDIS_HOST diff --git a/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml b/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml index f3ce888d1..2446d1cb5 100644 --- a/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml +++ b/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml @@ -58,8 +58,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml b/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml index 18f7815e9..b159e69e0 100644 --- a/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml +++ b/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml @@ -58,8 +58,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml b/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml index 4d432158a..6070d2f97 100644 --- a/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml +++ b/rendered/manifests/tests_enable_ui/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml @@ -58,8 +58,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml new file mode 100644 index 000000000..f31ef18f1 --- /dev/null +++ b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml @@ -0,0 +1,13 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: release-name-mongodb-secret + namespace: default + labels: + app: release-name-mongodb +type: Opaque +data: + root-user: "YWRtaW4=" + root-password: "Q2hhbmdlTWUxMjM=" diff --git a/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml new file mode 100644 index 000000000..f1d9092c3 --- /dev/null +++ b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml @@ -0,0 +1,99 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: release-name-mongodb + labels: + app: release-name-mongodb + mode: standalone +spec: + serviceName: release-name-mongodb + replicas: 1 + + selector: + matchLabels: + app: release-name-mongodb + + template: + metadata: + labels: + app: release-name-mongodb + mode: standalone + spec: + securityContext: + enabled: true + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + + initContainers: + + containers: + - name: mongodb + image: "mongo:8.2.2" + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + enabled: true + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + + ports: + - containerPort: 27017 + name: mongodb + env: + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + + volumeMounts: + - name: data + mountPath: /data/db + livenessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + storageClassName: microk8s-hostpath + resources: + requests: + storage: 5Gi diff --git a/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/mongodb/service.yaml b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/mongodb/service.yaml new file mode 100644 index 000000000..b0158772b --- /dev/null +++ b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/mongodb/service.yaml @@ -0,0 +1,13 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-mongodb +spec: + type: ClusterIP + ports: + - port: 27017 + targetPort: 27017 + selector: + app: release-name-mongodb diff --git a/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/traps/deployment.yaml b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/traps/deployment.yaml index 8beee8755..da59a525d 100644 --- a/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/traps/deployment.yaml +++ b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/traps/deployment.yaml @@ -46,8 +46,26 @@ spec: env: - name: CONFIG_PATH value: /app/config/config.yaml - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: REDIS_MODE value: "standalone" - name: REDIS_HOST diff --git a/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml index 18f7815e9..b159e69e0 100644 --- a/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml +++ b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml @@ -58,8 +58,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml index 4d432158a..6070d2f97 100644 --- a/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml +++ b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml @@ -58,8 +58,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/inventory/job.yaml b/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/inventory/job.yaml index aecb72b45..2a4848462 100644 --- a/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/inventory/job.yaml +++ b/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/inventory/job.yaml @@ -39,10 +39,28 @@ spec: value: "1" - name: CELERY_DB value: "0" + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: INVENTORY_PATH value: /app/inventory/inventory.csv - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 - name: MIB_SOURCES value: "http://release-name-mibserver/asn1/@mib@" - name: MIB_INDEX diff --git a/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml b/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml new file mode 100644 index 000000000..f31ef18f1 --- /dev/null +++ b/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml @@ -0,0 +1,13 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: release-name-mongodb-secret + namespace: default + labels: + app: release-name-mongodb +type: Opaque +data: + root-user: "YWRtaW4=" + root-password: "Q2hhbmdlTWUxMjM=" diff --git a/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml b/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml new file mode 100644 index 000000000..bf02abce2 --- /dev/null +++ b/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml @@ -0,0 +1,99 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: release-name-mongodb + labels: + app: release-name-mongodb + mode: standalone +spec: + serviceName: release-name-mongodb + replicas: 1 + + selector: + matchLabels: + app: release-name-mongodb + + template: + metadata: + labels: + app: release-name-mongodb + mode: standalone + spec: + securityContext: + enabled: true + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + + initContainers: + + containers: + - name: mongodb + image: "bitnamilegacy/mongodb:8.0.13-debian-10-r0" + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + enabled: true + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + + ports: + - containerPort: 27017 + name: mongodb + env: + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + + volumeMounts: + - name: data + mountPath: /data/db + livenessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + storageClassName: microk8s-hostpath + resources: + requests: + storage: 5Gi diff --git a/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/mongodb/service.yaml b/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/mongodb/service.yaml new file mode 100644 index 000000000..b0158772b --- /dev/null +++ b/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/mongodb/service.yaml @@ -0,0 +1,13 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-mongodb +spec: + type: ClusterIP + ports: + - port: 27017 + targetPort: 27017 + selector: + app: release-name-mongodb diff --git a/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/scheduler/deployment.yaml b/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/scheduler/deployment.yaml index 38e0d7d50..31abbcd1b 100644 --- a/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/scheduler/deployment.yaml +++ b/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/scheduler/deployment.yaml @@ -56,8 +56,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: MIB_SOURCES value: "http://release-name-mibserver/asn1/@mib@" - name: MIB_INDEX diff --git a/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/traps/deployment.yaml b/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/traps/deployment.yaml index 8beee8755..da59a525d 100644 --- a/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/traps/deployment.yaml +++ b/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/traps/deployment.yaml @@ -46,8 +46,26 @@ spec: env: - name: CONFIG_PATH value: /app/config/config.yaml - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: REDIS_MODE value: "standalone" - name: REDIS_HOST diff --git a/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml b/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml index f3ce888d1..2446d1cb5 100644 --- a/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml +++ b/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml @@ -58,8 +58,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml b/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml index 18f7815e9..b159e69e0 100644 --- a/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml +++ b/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml @@ -58,8 +58,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml b/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml index 4d432158a..6070d2f97 100644 --- a/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml +++ b/rendered/manifests/tests_mongodb_custom_image/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml @@ -58,8 +58,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/common/scheduler-config.yaml b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/common/scheduler-config.yaml new file mode 100644 index 000000000..2f7d00cdd --- /dev/null +++ b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/common/scheduler-config.yaml @@ -0,0 +1,42 @@ +--- +# Source: splunk-connect-for-snmp/templates/common/scheduler-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: splunk-connect-for-snmp-config + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-scheduler + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +data: + config.yaml: |- + profiles: + IF_profile: + frequency: 600 + varBinds: + - [ "IF-MIB", "ifDescr" ] + - [ "IF-MIB", "ifAdminStatus" ] + - [ "IF-MIB", "ifName" ] + - [ 'IF-MIB','ifAlias' ] + - [ "IF-MIB", "ifInDiscards" ] + - [ "IF-MIB", "ifInErrors" ] + - [ "IF-MIB", "ifInNUcastPkts" ] + - [ "IF-MIB", "ifInOctets" ] + - [ "IF-MIB", "ifInUcastPkts" ] + - [ "IF-MIB", "ifInUnknownProtos" ] + - [ "IF-MIB", "ifOutDiscards" ] + - [ "IF-MIB", "ifOutErrors" ] + - [ "IF-MIB", "ifOutNUcastPkts" ] + - [ "IF-MIB", "ifOutOctets" ] + - [ "IF-MIB", "ifOutQLen" ] + - [ "IF-MIB", "ifOutUcastPkts" ] + + communities: + public: + communityIndex: + contextEngineId: + contextName: + tag: + securityName: diff --git a/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/common/scheduler-inventory.yaml b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/common/scheduler-inventory.yaml new file mode 100644 index 000000000..632980cd1 --- /dev/null +++ b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/common/scheduler-inventory.yaml @@ -0,0 +1,16 @@ +--- +# Source: splunk-connect-for-snmp/templates/common/scheduler-inventory.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: splunk-connect-for-snmp-inventory + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-scheduler + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +data: + inventory.csv: | + address,port,version,community,secret,security_engine,walk_interval,profiles,smart_profiles,delete + 54.82.41.24,,2c,public,,,1800,IF_profile,false, diff --git a/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/common/splunk-secret.yaml b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/common/splunk-secret.yaml new file mode 100644 index 000000000..21e689f0a --- /dev/null +++ b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/common/splunk-secret.yaml @@ -0,0 +1,9 @@ +--- +# Source: splunk-connect-for-snmp/templates/common/splunk-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: splunk-connect-for-snmp-splunk +type: Opaque +data: + hec_token: "MDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAw" diff --git a/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/common/traps-config.yaml b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/common/traps-config.yaml new file mode 100644 index 000000000..2f4b3f37d --- /dev/null +++ b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/common/traps-config.yaml @@ -0,0 +1,18 @@ +--- +# Source: splunk-connect-for-snmp/templates/common/traps-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: splunk-connect-for-snmp-traps + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-scheduler + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +data: + config.yaml: |- + communities: + 2c: + - public + - homelab diff --git a/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/inventory/job.yaml b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/inventory/job.yaml new file mode 100644 index 000000000..738e6e937 --- /dev/null +++ b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/inventory/job.yaml @@ -0,0 +1,114 @@ +--- +# Source: splunk-connect-for-snmp/templates/inventory/job.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: release-name-splunk-connect-for-snmp-inventory + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-inventory + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +spec: + ttlSecondsAfterFinished: 300 + template: + metadata: + annotations: + checksum/redis-config: e82c09fa615350d9c147a0884485f953308babd6b8842d0cbe695ed5595eb530 + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-inventory + app.kubernetes.io/instance: release-name + spec: + containers: + - name: splunk-connect-for-snmp-inventory + image: "ghcr.io/splunk/splunk-connect-for-snmp/container:CURRENT-VERSION" + imagePullPolicy: Always + args: + ["inventory"] + env: + - name: CONFIG_PATH + value: /app/config/config.yaml + - name: REDIS_MODE + value: "standalone" + - name: REDIS_HOST + value: release-name-redis + - name: REDIS_PORT + value: "6379" + - name: REDIS_DB + value: "1" + - name: CELERY_DB + value: "0" + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "replicaset" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" + - name: INVENTORY_PATH + value: /app/inventory/inventory.csv + - name: MIB_SOURCES + value: "http://release-name-mibserver/asn1/@mib@" + - name: MIB_INDEX + value: "http://release-name-mibserver/index.csv" + - name: MIB_STANDARD + value: "http://release-name-mibserver/standard.txt" + - name: LOG_LEVEL + value: INFO + - name: CHAIN_OF_TASKS_EXPIRY_TIME + value: "60" + - name: CONFIG_FROM_MONGO + value: "false" + - name: ENABLE_FULL_WALK + value: "false" + volumeMounts: + - name: config + mountPath: "/app/config" + readOnly: true + - name: inventory + mountPath: "/app/inventory" + readOnly: true + - name: pysnmp-cache-volume + mountPath: "/.pysnmp/" + readOnly: false + - name: tmp + mountPath: "/tmp/" + readOnly: false + + volumes: + # You set volumes at the Pod level, then mount them into containers inside that Pod + - name: config + configMap: + # Provide the name of the ConfigMap you want to mount. + name: splunk-connect-for-snmp-config + # An array of keys from the ConfigMap to create as files + items: + - key: "config.yaml" + path: "config.yaml" + - name: inventory + configMap: + # Provide the name of the ConfigMap you want to mount. + name: splunk-connect-for-snmp-inventory + # An array of keys from the ConfigMap to create as files + items: + - key: "inventory.csv" + path: "inventory.csv" + - name: pysnmp-cache-volume + emptyDir: {} + - name: tmp + emptyDir: {} + restartPolicy: OnFailure diff --git a/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml new file mode 100644 index 000000000..f31ef18f1 --- /dev/null +++ b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml @@ -0,0 +1,13 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: release-name-mongodb-secret + namespace: default + labels: + app: release-name-mongodb +type: Opaque +data: + root-user: "YWRtaW4=" + root-password: "Q2hhbmdlTWUxMjM=" diff --git a/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/mongodb/service.yaml b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/mongodb/service.yaml new file mode 100644 index 000000000..b0158772b --- /dev/null +++ b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/mongodb/service.yaml @@ -0,0 +1,13 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-mongodb +spec: + type: ClusterIP + ports: + - port: 27017 + targetPort: 27017 + selector: + app: release-name-mongodb diff --git a/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/redis/redis-config.yaml b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/redis/redis-config.yaml new file mode 100644 index 000000000..22da33840 --- /dev/null +++ b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/redis/redis-config.yaml @@ -0,0 +1,33 @@ +--- +# Source: splunk-connect-for-snmp/templates/redis/redis-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: release-name-redis-config + namespace: default + labels: + app: release-name-redis +data: + redis.conf: | + # Data directory + dir /data + + # Persistence - RDB + save 900 1 + save 300 10 + save 60 10000 + + # Persistence - AOF + appendonly yes + appendfsync everysec + + # Logging + loglevel notice + + # Memory + maxmemory-policy noeviction + + # Network + bind 0.0.0.0 + protected-mode no + port 6379 diff --git a/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/redis/redis-standalone-service.yaml b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/redis/redis-standalone-service.yaml new file mode 100644 index 000000000..5b3445437 --- /dev/null +++ b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/redis/redis-standalone-service.yaml @@ -0,0 +1,15 @@ +--- +# Source: splunk-connect-for-snmp/templates/redis/redis-standalone-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-redis + namespace: default +spec: + type: ClusterIP + ports: + - port: 6379 + targetPort: 6379 + name: redis + selector: + app: release-name-redis diff --git a/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/redis/redis-standalone-statefulset.yaml b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/redis/redis-standalone-statefulset.yaml new file mode 100644 index 000000000..49876b6fc --- /dev/null +++ b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/redis/redis-standalone-statefulset.yaml @@ -0,0 +1,107 @@ +--- +# Source: splunk-connect-for-snmp/templates/redis/redis-standalone-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: release-name-redis-standalone + namespace: default + labels: + app: release-name-redis +spec: + serviceName: release-name-redis + replicas: 1 + selector: + matchLabels: + app: release-name-redis + template: + metadata: + labels: + app: release-name-redis + annotations: + checksum/redis-config: e82c09fa615350d9c147a0884485f953308babd6b8842d0cbe695ed5595eb530 + spec: + securityContext: + runAsUser: 999 + fsGroup: 999 + initContainers: + - name: fix-permissions + image: redis:8.2.2 + imagePullPolicy: IfNotPresent + command: + - sh + - -c + - | + echo "=== Redis Init: Fixing Permissions ===" + echo "Current ownership:" + ls -ln /data + echo "" + echo "Fixing ownership to 999:999..." + chown -R 999:999 /data + chmod -R 755 /data + echo "" + echo "New ownership:" + ls -ln /data + echo "=== Permissions Fixed ===" + volumeMounts: + - name: redis-data + mountPath: /data + securityContext: + runAsUser: 0 # Must run as root to chown + containers: + - name: redis + image: redis:8.2.2 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 6379 + name: redis + command: + - sh + - -c + args: + - | + # Copy config to writable location + cp /etc/redis/redis.conf /tmp/redis.conf + + # Start Redis + exec redis-server /tmp/redis.conf + volumeMounts: + - name: redis-data + mountPath: /data + - name: redis-config + mountPath: /etc/redis + resources: + {} + livenessProbe: + exec: + command: + - sh + - -c + - | + redis-cli ping + initialDelaySeconds: 30 + periodSeconds: 10 + readinessProbe: + exec: + command: + - sh + - -c + - | + redis-cli ping + initialDelaySeconds: 5 + periodSeconds: 5 + # Storage enabled but no existing PVC - use volumeClaimTemplates below + volumes: + - name: redis-config + configMap: + name: release-name-redis-config + # No existing PVC found, create new one via volumeClaimTemplates + volumeClaimTemplates: + - metadata: + name: redis-data + spec: + accessModes: + - ReadWriteOnce + storageClassName: microk8s-hostpath + resources: + requests: + storage: 5Gi diff --git a/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/scheduler/deployment.yaml b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/scheduler/deployment.yaml new file mode 100644 index 000000000..33ab23117 --- /dev/null +++ b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/scheduler/deployment.yaml @@ -0,0 +1,122 @@ +--- +# Source: splunk-connect-for-snmp/templates/scheduler/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-splunk-connect-for-snmp-scheduler + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-scheduler + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-scheduler + app.kubernetes.io/instance: release-name + template: + metadata: + annotations: + checksum/redis-config: e82c09fa615350d9c147a0884485f953308babd6b8842d0cbe695ed5595eb530 + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-scheduler + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: release-name-splunk-connect-for-snmp-user + securityContext: + fsGroup: 10001 + containers: + - name: splunk-connect-for-snmp-scheduler + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 10001 + runAsGroup: 10001 + image: "ghcr.io/splunk/splunk-connect-for-snmp/container:CURRENT-VERSION" + imagePullPolicy: Always + args: + [ + "celery", "beat", + ] + env: + - name: CONFIG_PATH + value: /app/config/config.yaml + - name: REDIS_MODE + value: "standalone" + - name: REDIS_HOST + value: release-name-redis + - name: REDIS_PORT + value: "6379" + - name: REDIS_DB + value: "1" + - name: CELERY_DB + value: "0" + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "replicaset" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" + - name: MIB_SOURCES + value: "http://release-name-mibserver/asn1/@mib@" + - name: MIB_INDEX + value: "http://release-name-mibserver/index.csv" + - name: MIB_STANDARD + value: "http://release-name-mibserver/standard.txt" + - name: LOG_LEVEL + value: INFO + volumeMounts: + - name: config + mountPath: "/app/config" + readOnly: true + - name: pysnmp-cache-volume + mountPath: "/.pysnmp/" + readOnly: false + - name: tmp + mountPath: "/tmp/" + readOnly: false + resources: + {} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-scheduler + app.kubernetes.io/instance: release-name + volumes: + # You set volumes at the Pod level, then mount them into containers inside that Pod + - name: config + configMap: + # Provide the name of the ConfigMap you want to mount. + name: splunk-connect-for-snmp-config + # An array of keys from the ConfigMap to create as files + items: + - key: "config.yaml" + path: "config.yaml" + - name: pysnmp-cache-volume + emptyDir: {} + - name: tmp + emptyDir: {} diff --git a/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/scheduler/pdb.yaml b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/scheduler/pdb.yaml new file mode 100644 index 000000000..ef36d43af --- /dev/null +++ b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/scheduler/pdb.yaml @@ -0,0 +1,18 @@ +--- +# Source: splunk-connect-for-snmp/templates/scheduler/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: release-name-splunk-connect-for-snmp-scheduler + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-scheduler + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +spec: + minAvailable: 1 + selector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-scheduler + app.kubernetes.io/instance: release-name diff --git a/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/serviceaccount.yaml b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/serviceaccount.yaml new file mode 100644 index 000000000..59ae809f1 --- /dev/null +++ b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +--- +# Source: splunk-connect-for-snmp/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: release-name-splunk-connect-for-snmp-user + labels: + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm diff --git a/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/sim/pdb.yaml b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/sim/pdb.yaml new file mode 100644 index 000000000..0f1827e83 --- /dev/null +++ b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/sim/pdb.yaml @@ -0,0 +1,18 @@ +--- +# Source: splunk-connect-for-snmp/templates/sim/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: release-name-splunk-connect-for-snmp-sim + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-sim + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +spec: + minAvailable: 80% + selector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-sim + app.kubernetes.io/instance: release-name diff --git a/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/tests/test-connection.yaml b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/tests/test-connection.yaml new file mode 100644 index 000000000..6851a86ec --- /dev/null +++ b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/tests/test-connection.yaml @@ -0,0 +1,35 @@ +--- +# Source: splunk-connect-for-snmp/templates/tests/test-connection.yaml +apiVersion: v1 +kind: Pod +metadata: + name: "release-name-splunk-connect-for-snmp-trap-test-connection" + labels: + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm + annotations: + "helm.sh/hook": test + "kube-score/ignore": "pod-probes,pod-networkpolicy" +spec: + containers: + - name: wget + image: busybox:1.34.1 + imagePullPolicy: Always + command: ['wget'] + args: ['release-name-splunk-connect-for-snmp-trap:162'] + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 10001 + runAsGroup: 10001 + resources: + limits: + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + restartPolicy: Never diff --git a/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/traps/deployment.yaml b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/traps/deployment.yaml new file mode 100644 index 000000000..43a37f056 --- /dev/null +++ b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/traps/deployment.yaml @@ -0,0 +1,150 @@ +--- +# Source: splunk-connect-for-snmp/templates/traps/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-splunk-connect-for-snmp-trap + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-trap + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-trap + app.kubernetes.io/instance: release-name + template: + metadata: + annotations: + checksum/redis-config: e82c09fa615350d9c147a0884485f953308babd6b8842d0cbe695ed5595eb530 + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-trap + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: release-name-splunk-connect-for-snmp-user + securityContext: + fsGroup: 10001 + containers: + - name: splunk-connect-for-snmp-traps + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 10001 + runAsGroup: 10001 + image: "ghcr.io/splunk/splunk-connect-for-snmp/container:CURRENT-VERSION" + imagePullPolicy: Always + args: + [ + "trap" + ] + env: + - name: CONFIG_PATH + value: /app/config/config.yaml + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "replicaset" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" + - name: REDIS_MODE + value: "standalone" + - name: REDIS_HOST + value: release-name-redis + - name: REDIS_PORT + value: "6379" + - name: REDIS_DB + value: "1" + - name: CELERY_DB + value: "0" + - name: MIB_SOURCES + value: "http://release-name-mibserver/asn1/@mib@" + - name: MIB_INDEX + value: "http://release-name-mibserver/index.csv" + - name: MIB_STANDARD + value: "http://release-name-mibserver/standard.txt" + - name: LOG_LEVEL + value: INFO + - name: DISABLE_MONGO_DEBUG_LOGGING + value: "true" + - name: PYSNMP_DEBUG + value: "" + - name: SPLUNK_HEC_SCHEME + value: "https" + - name: SPLUNK_HEC_HOST + value: "10.202.18.152" + - name: SPLUNK_HEC_PORT + value: "8088" + - name: SPLUNK_HEC_INSECURESSL + value: "true" + - name: INCLUDE_SECURITY_CONTEXT_ID + value: "false" + - name: SNMP_V3_SECURITY_ENGINE_ID + value: 80003a8c04 + - name: SPLUNK_HEC_TOKEN + valueFrom: + secretKeyRef: + name: splunk-connect-for-snmp-splunk + key: hec_token + - name: IPv6_ENABLED + value: "false" + ports: + - name: snmp-udp + containerPort: 2162 + protocol: UDP + volumeMounts: + - name: config + mountPath: "/app/config" + readOnly: true + - name: pysnmp-cache-volume + mountPath: "/.pysnmp/" + readOnly: false + - name: tmp + mountPath: "/tmp/" + readOnly: false + + resources: + {} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-trap + app.kubernetes.io/instance: release-name + volumes: + # You set volumes at the Pod level, then mount them into containers inside that Pod + - name: config + configMap: + # Provide the name of the ConfigMap you want to mount. + name: splunk-connect-for-snmp-traps + # An array of keys from the ConfigMap to create as files + items: + - key: "config.yaml" + path: "config.yaml" + - name: pysnmp-cache-volume + emptyDir: {} + - name: tmp + emptyDir: {} diff --git a/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/traps/pdb.yaml b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/traps/pdb.yaml new file mode 100644 index 000000000..34bb78a7f --- /dev/null +++ b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/traps/pdb.yaml @@ -0,0 +1,18 @@ +--- +# Source: splunk-connect-for-snmp/templates/traps/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: release-name-splunk-connect-for-snmp-trap + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-trap + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +spec: + minAvailable: 80% + selector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-trap + app.kubernetes.io/instance: release-name diff --git a/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/traps/service.yaml b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/traps/service.yaml new file mode 100644 index 000000000..399b57e52 --- /dev/null +++ b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/traps/service.yaml @@ -0,0 +1,30 @@ +--- +# Source: splunk-connect-for-snmp/templates/traps/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-splunk-connect-for-snmp-trap + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-trap + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm + annotations: + metallb.universe.tf/allow-shared-ip: "splunk-connect" + metallb.universe.tf/loadBalancerIPs: 10.202.6.213 + +spec: + type: LoadBalancer + externalTrafficPolicy: Local + ipFamilyPolicy: SingleStack + ipFamilies: + - IPv4 + ports: + - port: 162 + targetPort: 2162 + protocol: UDP + name: snmp-udp + selector: + app.kubernetes.io/name: splunk-connect-for-snmp-trap + app.kubernetes.io/instance: release-name diff --git a/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/worker/pdb.yaml b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/worker/pdb.yaml new file mode 100644 index 000000000..4b3ea594c --- /dev/null +++ b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/worker/pdb.yaml @@ -0,0 +1,18 @@ +--- +# Source: splunk-connect-for-snmp/templates/worker/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: release-name-splunk-connect-for-snmp-worker + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +spec: + minAvailable: 80% + selector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker + app.kubernetes.io/instance: release-name diff --git a/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml new file mode 100644 index 000000000..db13ce956 --- /dev/null +++ b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml @@ -0,0 +1,182 @@ +--- +# Source: splunk-connect-for-snmp/templates/worker/poller/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-splunk-connect-for-snmp-worker-poller + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-poller + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-poller + app.kubernetes.io/instance: release-name + template: + metadata: + annotations: + checksum/redis-config: e82c09fa615350d9c147a0884485f953308babd6b8842d0cbe695ed5595eb530 + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-poller + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: release-name-splunk-connect-for-snmp-user + securityContext: + fsGroup: 10001 + containers: + - name: splunk-connect-for-snmp-worker-poller + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 10001 + runAsGroup: 10001 + image: "ghcr.io/splunk/splunk-connect-for-snmp/container:CURRENT-VERSION" + imagePullPolicy: Always + args: + [ + "celery", "worker-poller", + ] + env: + - name: CONFIG_PATH + value: /app/config/config.yaml + - name: SC4SNMP_VERSION + value: CURRENT-VERSION + - name: REDIS_MODE + value: "standalone" + - name: REDIS_HOST + value: release-name-redis + - name: REDIS_PORT + value: "6379" + - name: REDIS_DB + value: "1" + - name: CELERY_DB + value: "0" + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "replicaset" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" + - name: WALK_RETRY_MAX_INTERVAL + value: "180" + - name: WALK_MAX_RETRIES + value: "5" + - name: METRICS_INDEXING_ENABLED + value: "false" + - name: POLL_BASE_PROFILES + value: "true" + - name: LOG_LEVEL + value: INFO + - name: DISABLE_MONGO_DEBUG_LOGGING + value: "true" + - name: UDP_CONNECTION_TIMEOUT + value: "3" + - name: MAX_OID_TO_PROCESS + value: "70" + - name: MAX_REPETITIONS + value: "10" + - name: PYSNMP_DEBUG + value: "" + - name: PROFILES_RELOAD_DELAY + value: "60" + - name: MIB_SOURCES + value: "http://release-name-mibserver/asn1/@mib@" + - name: MIB_INDEX + value: "http://release-name-mibserver/index.csv" + - name: MIB_STANDARD + value: "http://release-name-mibserver/standard.txt" + - name: SPLUNK_HEC_SCHEME + value: "https" + - name: SPLUNK_HEC_HOST + value: "10.202.18.152" + - name: IGNORE_EMPTY_VARBINDS + value: "false" + - name: SPLUNK_HEC_PORT + value: "8088" + - name: SPLUNK_HEC_INSECURESSL + value: "true" + - name: SPLUNK_AGGREGATE_TRAPS_EVENTS + value: "false" + - name: SPLUNK_METRIC_NAME_HYPHEN_TO_UNDERSCORE + value: "false" + - name: SPLUNK_HEC_TOKEN + valueFrom: + secretKeyRef: + name: splunk-connect-for-snmp-splunk + key: hec_token + - name: SPLUNK_HEC_INDEX_EVENTS + value: netops + - name: SPLUNK_HEC_INDEX_METRICS + value: netmetrics + - name: SPLUNK_SOURCETYPE_TRAPS + value: "sc4snmp:traps" + - name: SPLUNK_SOURCETYPE_POLLING_EVENTS + value: "sc4snmp:event" + - name: SPLUNK_SOURCETYPE_POLLING_METRICS + value: "sc4snmp:metric" + - name: WORKER_CONCURRENCY + value: "4" + - name: PREFETCH_COUNT + value: "1" + - name: IPv6_ENABLED + value: "false" + volumeMounts: + - name: config + mountPath: "/app/config" + readOnly: true + - name: pysnmp-cache-volume + mountPath: "/.pysnmp/" + readOnly: false + - name: tmp + mountPath: "/tmp/" + readOnly: false + resources: + limits: + cpu: 500m + requests: + cpu: 250m + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-poller + app.kubernetes.io/instance: release-name + volumes: + # You set volumes at the Pod level, then mount them into containers inside that Pod + - name: config + configMap: + # Provide the name of the ConfigMap you want to mount. + name: splunk-connect-for-snmp-config + # An array of keys from the ConfigMap to create as files + items: + - key: "config.yaml" + path: "config.yaml" + - name: pysnmp-cache-volume + emptyDir: {} + - name: tmp + emptyDir: {} diff --git a/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml new file mode 100644 index 000000000..afa1cfad0 --- /dev/null +++ b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml @@ -0,0 +1,180 @@ +--- +# Source: splunk-connect-for-snmp/templates/worker/sender/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-splunk-connect-for-snmp-worker-sender + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-sender + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-sender + app.kubernetes.io/instance: release-name + template: + metadata: + annotations: + checksum/redis-config: e82c09fa615350d9c147a0884485f953308babd6b8842d0cbe695ed5595eb530 + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-sender + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: release-name-splunk-connect-for-snmp-user + securityContext: + fsGroup: 10001 + containers: + - name: splunk-connect-for-snmp-worker-sender + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 10001 + runAsGroup: 10001 + image: "ghcr.io/splunk/splunk-connect-for-snmp/container:CURRENT-VERSION" + imagePullPolicy: Always + args: + [ + "celery", "worker-sender", + ] + env: + - name: CONFIG_PATH + value: /app/config/config.yaml + - name: SC4SNMP_VERSION + value: CURRENT-VERSION + - name: REDIS_MODE + value: "standalone" + - name: REDIS_HOST + value: release-name-redis + - name: REDIS_PORT + value: "6379" + - name: REDIS_DB + value: "1" + - name: CELERY_DB + value: "0" + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "replicaset" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" + - name: WALK_RETRY_MAX_INTERVAL + value: "180" + - name: WALK_MAX_RETRIES + value: "5" + - name: METRICS_INDEXING_ENABLED + value: "false" + - name: POLL_BASE_PROFILES + value: "true" + - name: LOG_LEVEL + value: INFO + - name: DISABLE_MONGO_DEBUG_LOGGING + value: "true" + - name: UDP_CONNECTION_TIMEOUT + value: "3" + - name: MAX_OID_TO_PROCESS + value: "70" + - name: MAX_REPETITIONS + value: "10" + - name: PYSNMP_DEBUG + value: "" + - name: PROFILES_RELOAD_DELAY + value: "60" + - name: MIB_SOURCES + value: "http://release-name-mibserver/asn1/@mib@" + - name: MIB_INDEX + value: "http://release-name-mibserver/index.csv" + - name: MIB_STANDARD + value: "http://release-name-mibserver/standard.txt" + - name: SPLUNK_HEC_SCHEME + value: "https" + - name: SPLUNK_HEC_HOST + value: "10.202.18.152" + - name: IGNORE_EMPTY_VARBINDS + value: "false" + - name: SPLUNK_HEC_PORT + value: "8088" + - name: SPLUNK_HEC_INSECURESSL + value: "true" + - name: SPLUNK_AGGREGATE_TRAPS_EVENTS + value: "false" + - name: SPLUNK_METRIC_NAME_HYPHEN_TO_UNDERSCORE + value: "false" + - name: SPLUNK_HEC_TOKEN + valueFrom: + secretKeyRef: + name: splunk-connect-for-snmp-splunk + key: hec_token + - name: SPLUNK_HEC_INDEX_EVENTS + value: netops + - name: SPLUNK_HEC_INDEX_METRICS + value: netmetrics + - name: SPLUNK_SOURCETYPE_TRAPS + value: "sc4snmp:traps" + - name: SPLUNK_SOURCETYPE_POLLING_EVENTS + value: "sc4snmp:event" + - name: SPLUNK_SOURCETYPE_POLLING_METRICS + value: "sc4snmp:metric" + - name: WORKER_CONCURRENCY + value: "4" + - name: PREFETCH_COUNT + value: "30" + volumeMounts: + - name: config + mountPath: "/app/config" + readOnly: true + - name: pysnmp-cache-volume + mountPath: "/.pysnmp/" + readOnly: false + - name: tmp + mountPath: "/tmp/" + readOnly: false + resources: + limits: + cpu: 500m + requests: + cpu: 250m + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-sender + app.kubernetes.io/instance: release-name + volumes: + # You set volumes at the Pod level, then mount them into containers inside that Pod + - name: config + configMap: + # Provide the name of the ConfigMap you want to mount. + name: splunk-connect-for-snmp-config + # An array of keys from the ConfigMap to create as files + items: + - key: "config.yaml" + path: "config.yaml" + - name: pysnmp-cache-volume + emptyDir: {} + - name: tmp + emptyDir: {} diff --git a/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml new file mode 100644 index 000000000..60c17f2ca --- /dev/null +++ b/rendered/manifests/tests_mongodb_ha/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml @@ -0,0 +1,188 @@ +--- +# Source: splunk-connect-for-snmp/templates/worker/trap/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-splunk-connect-for-snmp-worker-trap + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-trap + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-trap + app.kubernetes.io/instance: release-name + template: + metadata: + annotations: + checksum/redis-config: e82c09fa615350d9c147a0884485f953308babd6b8842d0cbe695ed5595eb530 + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-trap + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: release-name-splunk-connect-for-snmp-user + securityContext: + fsGroup: 10001 + containers: + - name: splunk-connect-for-snmp-worker-trap + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 10001 + runAsGroup: 10001 + image: "ghcr.io/splunk/splunk-connect-for-snmp/container:CURRENT-VERSION" + imagePullPolicy: Always + args: + [ + "celery", "worker-trap", + ] + env: + - name: CONFIG_PATH + value: /app/config/config.yaml + - name: SC4SNMP_VERSION + value: CURRENT-VERSION + - name: REDIS_MODE + value: "standalone" + - name: REDIS_HOST + value: release-name-redis + - name: REDIS_PORT + value: "6379" + - name: REDIS_DB + value: "1" + - name: CELERY_DB + value: "0" + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "replicaset" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" + - name: WALK_RETRY_MAX_INTERVAL + value: "180" + - name: WALK_MAX_RETRIES + value: "5" + - name: METRICS_INDEXING_ENABLED + value: "false" + - name: POLL_BASE_PROFILES + value: "true" + - name: LOG_LEVEL + value: INFO + - name: DISABLE_MONGO_DEBUG_LOGGING + value: "true" + - name: UDP_CONNECTION_TIMEOUT + value: "3" + - name: MAX_OID_TO_PROCESS + value: "70" + - name: MAX_REPETITIONS + value: "10" + - name: PYSNMP_DEBUG + value: "" + - name: PROFILES_RELOAD_DELAY + value: "60" + - name: MIB_SOURCES + value: "http://release-name-mibserver/asn1/@mib@" + - name: MIB_INDEX + value: "http://release-name-mibserver/index.csv" + - name: MIB_STANDARD + value: "http://release-name-mibserver/standard.txt" + - name: SPLUNK_HEC_SCHEME + value: "https" + - name: SPLUNK_HEC_HOST + value: "10.202.18.152" + - name: IGNORE_EMPTY_VARBINDS + value: "false" + - name: SPLUNK_HEC_PORT + value: "8088" + - name: SPLUNK_HEC_INSECURESSL + value: "true" + - name: SPLUNK_AGGREGATE_TRAPS_EVENTS + value: "false" + - name: SPLUNK_METRIC_NAME_HYPHEN_TO_UNDERSCORE + value: "false" + - name: SPLUNK_HEC_TOKEN + valueFrom: + secretKeyRef: + name: splunk-connect-for-snmp-splunk + key: hec_token + - name: SPLUNK_HEC_INDEX_EVENTS + value: netops + - name: SPLUNK_HEC_INDEX_METRICS + value: netmetrics + - name: SPLUNK_SOURCETYPE_TRAPS + value: "sc4snmp:traps" + - name: SPLUNK_SOURCETYPE_POLLING_EVENTS + value: "sc4snmp:event" + - name: SPLUNK_SOURCETYPE_POLLING_METRICS + value: "sc4snmp:metric" + - name: WORKER_CONCURRENCY + value: "4" + - name: PREFETCH_COUNT + value: "30" + - name: RESOLVE_TRAP_ADDRESS + value: "false" + - name: MAX_DNS_CACHE_SIZE_TRAPS + value: "500" + - name: TTL_DNS_CACHE_TRAPS + value: "1800" + - name: IPv6_ENABLED + value: "false" + volumeMounts: + - name: config + mountPath: "/app/config" + readOnly: true + - name: pysnmp-cache-volume + mountPath: "/.pysnmp/" + readOnly: false + - name: tmp + mountPath: "/tmp/" + readOnly: false + resources: + limits: + cpu: 500m + requests: + cpu: 250m + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-trap + app.kubernetes.io/instance: release-name + volumes: + # You set volumes at the Pod level, then mount them into containers inside that Pod + - name: config + configMap: + # Provide the name of the ConfigMap you want to mount. + name: splunk-connect-for-snmp-config + # An array of keys from the ConfigMap to create as files + items: + - key: "config.yaml" + path: "config.yaml" + - name: pysnmp-cache-volume + emptyDir: {} + - name: tmp + emptyDir: {} diff --git a/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/inventory/job.yaml b/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/inventory/job.yaml index aecb72b45..2a4848462 100644 --- a/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/inventory/job.yaml +++ b/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/inventory/job.yaml @@ -39,10 +39,28 @@ spec: value: "1" - name: CELERY_DB value: "0" + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: INVENTORY_PATH value: /app/inventory/inventory.csv - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 - name: MIB_SOURCES value: "http://release-name-mibserver/asn1/@mib@" - name: MIB_INDEX diff --git a/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml b/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml new file mode 100644 index 000000000..f31ef18f1 --- /dev/null +++ b/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml @@ -0,0 +1,13 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: release-name-mongodb-secret + namespace: default + labels: + app: release-name-mongodb +type: Opaque +data: + root-user: "YWRtaW4=" + root-password: "Q2hhbmdlTWUxMjM=" diff --git a/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml b/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml new file mode 100644 index 000000000..f1d9092c3 --- /dev/null +++ b/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml @@ -0,0 +1,99 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: release-name-mongodb + labels: + app: release-name-mongodb + mode: standalone +spec: + serviceName: release-name-mongodb + replicas: 1 + + selector: + matchLabels: + app: release-name-mongodb + + template: + metadata: + labels: + app: release-name-mongodb + mode: standalone + spec: + securityContext: + enabled: true + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + + initContainers: + + containers: + - name: mongodb + image: "mongo:8.2.2" + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + enabled: true + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + + ports: + - containerPort: 27017 + name: mongodb + env: + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + + volumeMounts: + - name: data + mountPath: /data/db + livenessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + storageClassName: microk8s-hostpath + resources: + requests: + storage: 5Gi diff --git a/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/mongodb/service.yaml b/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/mongodb/service.yaml new file mode 100644 index 000000000..b0158772b --- /dev/null +++ b/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/mongodb/service.yaml @@ -0,0 +1,13 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-mongodb +spec: + type: ClusterIP + ports: + - port: 27017 + targetPort: 27017 + selector: + app: release-name-mongodb diff --git a/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/scheduler/deployment.yaml b/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/scheduler/deployment.yaml index 38e0d7d50..31abbcd1b 100644 --- a/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/scheduler/deployment.yaml +++ b/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/scheduler/deployment.yaml @@ -56,8 +56,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: MIB_SOURCES value: "http://release-name-mibserver/asn1/@mib@" - name: MIB_INDEX diff --git a/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml b/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml index f3ce888d1..2446d1cb5 100644 --- a/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml +++ b/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml @@ -58,8 +58,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml b/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml index 18f7815e9..b159e69e0 100644 --- a/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml +++ b/rendered/manifests/tests_only_polling/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml @@ -58,8 +58,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_only_traps/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml b/rendered/manifests/tests_only_traps/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml new file mode 100644 index 000000000..f31ef18f1 --- /dev/null +++ b/rendered/manifests/tests_only_traps/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml @@ -0,0 +1,13 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: release-name-mongodb-secret + namespace: default + labels: + app: release-name-mongodb +type: Opaque +data: + root-user: "YWRtaW4=" + root-password: "Q2hhbmdlTWUxMjM=" diff --git a/rendered/manifests/tests_only_traps/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml b/rendered/manifests/tests_only_traps/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml new file mode 100644 index 000000000..f1d9092c3 --- /dev/null +++ b/rendered/manifests/tests_only_traps/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml @@ -0,0 +1,99 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: release-name-mongodb + labels: + app: release-name-mongodb + mode: standalone +spec: + serviceName: release-name-mongodb + replicas: 1 + + selector: + matchLabels: + app: release-name-mongodb + + template: + metadata: + labels: + app: release-name-mongodb + mode: standalone + spec: + securityContext: + enabled: true + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + + initContainers: + + containers: + - name: mongodb + image: "mongo:8.2.2" + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + enabled: true + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + + ports: + - containerPort: 27017 + name: mongodb + env: + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + + volumeMounts: + - name: data + mountPath: /data/db + livenessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + storageClassName: microk8s-hostpath + resources: + requests: + storage: 5Gi diff --git a/rendered/manifests/tests_only_traps/splunk-connect-for-snmp/templates/mongodb/service.yaml b/rendered/manifests/tests_only_traps/splunk-connect-for-snmp/templates/mongodb/service.yaml new file mode 100644 index 000000000..b0158772b --- /dev/null +++ b/rendered/manifests/tests_only_traps/splunk-connect-for-snmp/templates/mongodb/service.yaml @@ -0,0 +1,13 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-mongodb +spec: + type: ClusterIP + ports: + - port: 27017 + targetPort: 27017 + selector: + app: release-name-mongodb diff --git a/rendered/manifests/tests_only_traps/splunk-connect-for-snmp/templates/traps/deployment.yaml b/rendered/manifests/tests_only_traps/splunk-connect-for-snmp/templates/traps/deployment.yaml index 8beee8755..da59a525d 100644 --- a/rendered/manifests/tests_only_traps/splunk-connect-for-snmp/templates/traps/deployment.yaml +++ b/rendered/manifests/tests_only_traps/splunk-connect-for-snmp/templates/traps/deployment.yaml @@ -46,8 +46,26 @@ spec: env: - name: CONFIG_PATH value: /app/config/config.yaml - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: REDIS_MODE value: "standalone" - name: REDIS_HOST diff --git a/rendered/manifests/tests_only_traps/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml b/rendered/manifests/tests_only_traps/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml index 18f7815e9..b159e69e0 100644 --- a/rendered/manifests/tests_only_traps/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml +++ b/rendered/manifests/tests_only_traps/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml @@ -58,8 +58,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_only_traps/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml b/rendered/manifests/tests_only_traps/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml index 4d432158a..6070d2f97 100644 --- a/rendered/manifests/tests_only_traps/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml +++ b/rendered/manifests/tests_only_traps/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml @@ -58,8 +58,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/inventory/job.yaml b/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/inventory/job.yaml index aecb72b45..2a4848462 100644 --- a/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/inventory/job.yaml +++ b/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/inventory/job.yaml @@ -39,10 +39,28 @@ spec: value: "1" - name: CELERY_DB value: "0" + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: INVENTORY_PATH value: /app/inventory/inventory.csv - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 - name: MIB_SOURCES value: "http://release-name-mibserver/asn1/@mib@" - name: MIB_INDEX diff --git a/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml b/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml new file mode 100644 index 000000000..f31ef18f1 --- /dev/null +++ b/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml @@ -0,0 +1,13 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: release-name-mongodb-secret + namespace: default + labels: + app: release-name-mongodb +type: Opaque +data: + root-user: "YWRtaW4=" + root-password: "Q2hhbmdlTWUxMjM=" diff --git a/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml b/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml new file mode 100644 index 000000000..f1d9092c3 --- /dev/null +++ b/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml @@ -0,0 +1,99 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: release-name-mongodb + labels: + app: release-name-mongodb + mode: standalone +spec: + serviceName: release-name-mongodb + replicas: 1 + + selector: + matchLabels: + app: release-name-mongodb + + template: + metadata: + labels: + app: release-name-mongodb + mode: standalone + spec: + securityContext: + enabled: true + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + + initContainers: + + containers: + - name: mongodb + image: "mongo:8.2.2" + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + enabled: true + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + + ports: + - containerPort: 27017 + name: mongodb + env: + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + + volumeMounts: + - name: data + mountPath: /data/db + livenessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + storageClassName: microk8s-hostpath + resources: + requests: + storage: 5Gi diff --git a/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/mongodb/service.yaml b/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/mongodb/service.yaml new file mode 100644 index 000000000..b0158772b --- /dev/null +++ b/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/mongodb/service.yaml @@ -0,0 +1,13 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-mongodb +spec: + type: ClusterIP + ports: + - port: 27017 + targetPort: 27017 + selector: + app: release-name-mongodb diff --git a/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/scheduler/deployment.yaml b/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/scheduler/deployment.yaml index 38e0d7d50..31abbcd1b 100644 --- a/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/scheduler/deployment.yaml +++ b/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/scheduler/deployment.yaml @@ -56,8 +56,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: MIB_SOURCES value: "http://release-name-mibserver/asn1/@mib@" - name: MIB_INDEX diff --git a/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/traps/deployment.yaml b/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/traps/deployment.yaml index 8beee8755..da59a525d 100644 --- a/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/traps/deployment.yaml +++ b/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/traps/deployment.yaml @@ -46,8 +46,26 @@ spec: env: - name: CONFIG_PATH value: /app/config/config.yaml - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: REDIS_MODE value: "standalone" - name: REDIS_HOST diff --git a/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml b/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml index bccf3e046..da03c880b 100644 --- a/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml +++ b/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml @@ -58,8 +58,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml b/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml index e129ecdcd..30967695b 100644 --- a/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml +++ b/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml @@ -58,8 +58,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml b/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml index d205cab1b..867aac6cf 100644 --- a/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml +++ b/rendered/manifests/tests_probes_enabled/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml @@ -58,8 +58,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/inventory/job.yaml b/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/inventory/job.yaml index ec42793bc..e3cc333d9 100644 --- a/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/inventory/job.yaml +++ b/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/inventory/job.yaml @@ -54,10 +54,28 @@ spec: secretKeyRef: name: release-name-redis-secret key: password + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: INVENTORY_PATH value: /app/inventory/inventory.csv - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 - name: MIB_SOURCES value: "http://release-name-mibserver/asn1/@mib@" - name: MIB_INDEX diff --git a/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml b/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml new file mode 100644 index 000000000..f31ef18f1 --- /dev/null +++ b/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml @@ -0,0 +1,13 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: release-name-mongodb-secret + namespace: default + labels: + app: release-name-mongodb +type: Opaque +data: + root-user: "YWRtaW4=" + root-password: "Q2hhbmdlTWUxMjM=" diff --git a/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml b/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml new file mode 100644 index 000000000..f1d9092c3 --- /dev/null +++ b/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml @@ -0,0 +1,99 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: release-name-mongodb + labels: + app: release-name-mongodb + mode: standalone +spec: + serviceName: release-name-mongodb + replicas: 1 + + selector: + matchLabels: + app: release-name-mongodb + + template: + metadata: + labels: + app: release-name-mongodb + mode: standalone + spec: + securityContext: + enabled: true + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + + initContainers: + + containers: + - name: mongodb + image: "mongo:8.2.2" + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + enabled: true + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + + ports: + - containerPort: 27017 + name: mongodb + env: + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + + volumeMounts: + - name: data + mountPath: /data/db + livenessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + storageClassName: microk8s-hostpath + resources: + requests: + storage: 5Gi diff --git a/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/mongodb/service.yaml b/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/mongodb/service.yaml new file mode 100644 index 000000000..b0158772b --- /dev/null +++ b/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/mongodb/service.yaml @@ -0,0 +1,13 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-mongodb +spec: + type: ClusterIP + ports: + - port: 27017 + targetPort: 27017 + selector: + app: release-name-mongodb diff --git a/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/scheduler/deployment.yaml b/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/scheduler/deployment.yaml index 6c1c0cb88..9dd7ea581 100644 --- a/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/scheduler/deployment.yaml +++ b/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/scheduler/deployment.yaml @@ -70,8 +70,26 @@ spec: secretKeyRef: name: release-name-redis-secret key: password - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: MIB_SOURCES value: "http://release-name-mibserver/asn1/@mib@" - name: MIB_INDEX diff --git a/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/traps/deployment.yaml b/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/traps/deployment.yaml index 2d6732a8a..3dad88d17 100644 --- a/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/traps/deployment.yaml +++ b/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/traps/deployment.yaml @@ -47,8 +47,26 @@ spec: env: - name: CONFIG_PATH value: /app/config/config.yaml - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: REDIS_MODE value: "replication" - name: REDIS_SENTINEL_SERVICE diff --git a/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml b/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml index ffda765e9..9a7d678f3 100644 --- a/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml +++ b/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/worker/poller/deployment.yaml @@ -72,8 +72,26 @@ spec: secretKeyRef: name: release-name-redis-secret key: password - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml b/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml index 7c140fc52..6f647baa3 100644 --- a/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml +++ b/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml @@ -72,8 +72,26 @@ spec: secretKeyRef: name: release-name-redis-secret key: password - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml b/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml index c9b51059b..083a52eae 100644 --- a/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml +++ b/rendered/manifests/tests_redis_ha/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml @@ -72,8 +72,26 @@ spec: secretKeyRef: name: release-name-redis-secret key: password - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml new file mode 100644 index 000000000..f31ef18f1 --- /dev/null +++ b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml @@ -0,0 +1,13 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/mongodb-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: release-name-mongodb-secret + namespace: default + labels: + app: release-name-mongodb +type: Opaque +data: + root-user: "YWRtaW4=" + root-password: "Q2hhbmdlTWUxMjM=" diff --git a/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml new file mode 100644 index 000000000..f1d9092c3 --- /dev/null +++ b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml @@ -0,0 +1,99 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/mongodb-standalone-statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: release-name-mongodb + labels: + app: release-name-mongodb + mode: standalone +spec: + serviceName: release-name-mongodb + replicas: 1 + + selector: + matchLabels: + app: release-name-mongodb + + template: + metadata: + labels: + app: release-name-mongodb + mode: standalone + spec: + securityContext: + enabled: true + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + + initContainers: + + containers: + - name: mongodb + image: "mongo:8.2.2" + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + enabled: true + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + + ports: + - containerPort: 27017 + name: mongodb + env: + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + + volumeMounts: + - name: data + mountPath: /data/db + livenessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + exec: + command: + - mongosh + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + storageClassName: microk8s-hostpath + resources: + requests: + storage: 5Gi diff --git a/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/mongodb/service.yaml b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/mongodb/service.yaml new file mode 100644 index 000000000..b0158772b --- /dev/null +++ b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/mongodb/service.yaml @@ -0,0 +1,13 @@ +--- +# Source: splunk-connect-for-snmp/templates/mongodb/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-mongodb +spec: + type: ClusterIP + ports: + - port: 27017 + targetPort: 27017 + selector: + app: release-name-mongodb diff --git a/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/traps/deployment.yaml b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/traps/deployment.yaml index 8beee8755..da59a525d 100644 --- a/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/traps/deployment.yaml +++ b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/traps/deployment.yaml @@ -46,8 +46,26 @@ spec: env: - name: CONFIG_PATH value: /app/config/config.yaml - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: REDIS_MODE value: "standalone" - name: REDIS_HOST diff --git a/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml index 18f7815e9..b159e69e0 100644 --- a/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml +++ b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml @@ -58,8 +58,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml index 4d432158a..6070d2f97 100644 --- a/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml +++ b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml @@ -58,8 +58,26 @@ spec: value: "1" - name: CELERY_DB value: "0" - - name: MONGO_URI - value: mongodb://release-name-mongodb:27017 + - name: MONGODB_USERNAME + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-user + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: release-name-mongodb-secret + key: root-password + - name: MONGODB_MODE + value: "standalone" + - name: MONGODB_AUTH_SOURCE + value: "admin" + - name: MONGODB_DATABASE + value: "sc4snmp" + - name: MONGODB_HOST + value: release-name-mongodb-0.release-name-mongodb + - name: MONGODB_PORT + value: "27017" - name: WALK_RETRY_MAX_INTERVAL value: "180" - name: WALK_MAX_RETRIES diff --git a/rendered/values_mongodb_ha.yaml b/rendered/values_mongodb_ha.yaml new file mode 100644 index 000000000..4216cde41 --- /dev/null +++ b/rendered/values_mongodb_ha.yaml @@ -0,0 +1,45 @@ +splunk: + enabled: true + protocol: https + host: 10.202.18.152 + token: 00000000-0000-0000-0000-000000000000 + insecureSSL: "true" + port: "8088" +traps: + communities: + 2c: + - public + - homelab + loadBalancerIP: 10.202.6.213 +scheduler: + profiles: | + IF_profile: + frequency: 600 + varBinds: + - [ "IF-MIB", "ifDescr" ] + - [ "IF-MIB", "ifAdminStatus" ] + - [ "IF-MIB", "ifName" ] + - [ 'IF-MIB','ifAlias' ] + - [ "IF-MIB", "ifInDiscards" ] + - [ "IF-MIB", "ifInErrors" ] + - [ "IF-MIB", "ifInNUcastPkts" ] + - [ "IF-MIB", "ifInOctets" ] + - [ "IF-MIB", "ifInUcastPkts" ] + - [ "IF-MIB", "ifInUnknownProtos" ] + - [ "IF-MIB", "ifOutDiscards" ] + - [ "IF-MIB", "ifOutErrors" ] + - [ "IF-MIB", "ifOutNUcastPkts" ] + - [ "IF-MIB", "ifOutOctets" ] + - [ "IF-MIB", "ifOutQLen" ] + - [ "IF-MIB", "ifOutUcastPkts" ] +poller: + inventory: | + address,port,version,community,secret,security_engine,walk_interval,profiles,smart_profiles,delete + 54.82.41.24,,2c,public,,,1800,IF_profile,false, +mongodb: + mode: replicaset + replicaCount: 3 + auth: + enabled: true + rootUser: admin + rootPassword: "ChangeMe123" \ No newline at end of file diff --git a/splunk_connect_for_snmp/__init__.py b/splunk_connect_for_snmp/__init__.py index de99b0ab9..6d0e20354 100644 --- a/splunk_connect_for_snmp/__init__.py +++ b/splunk_connect_for_snmp/__init__.py @@ -15,4 +15,4 @@ # -__version__ = "1.14.2-beta.6" +__version__ = "1.14.2-beta.7" diff --git a/splunk_connect_for_snmp/celery_config.py b/splunk_connect_for_snmp/celery_config.py index cffe3eb18..16cccb816 100644 --- a/splunk_connect_for_snmp/celery_config.py +++ b/splunk_connect_for_snmp/celery_config.py @@ -64,7 +64,7 @@ "queue_order_strategy": "priority", } -# Should be set by ./construct-redis-url.sh script +# Should be set by ./construct-connection-strings.sh script redbeat_redis_url = os.getenv("REDIS_URL") broker_url = os.getenv("CELERY_BROKER_URL") diff --git a/splunk_connect_for_snmp/common/hummanbool.py b/splunk_connect_for_snmp/common/hummanbool.py index 7dd1e43ba..3182cb510 100644 --- a/splunk_connect_for_snmp/common/hummanbool.py +++ b/splunk_connect_for_snmp/common/hummanbool.py @@ -14,9 +14,15 @@ # limitations under the License. # import logging +import os +import sys +import time import typing from typing import Union +from pymongo import MongoClient +from pymongo.errors import ConnectionFailure, ServerSelectionTimeoutError + def human_bool(flag: Union[str, bool], default: bool = False) -> bool: @@ -62,3 +68,55 @@ def convert_to_float(value: typing.Any, ignore_error: bool = False) -> typing.An def disable_mongo_logging(): logging.getLogger("mongo").setLevel(logging.CRITICAL) logging.getLogger("pymongo").setLevel(logging.CRITICAL) + + +def wait_for_mongodb_replicaset(logger, max_retries=120, retry_interval=5): + """ + Wait for MongoDB to be ready before starting the application. + For replica sets, waits for PRIMARY to be elected. + """ + mongo_mode = os.getenv("MONGODB_MODE", "standalone").lower() + if mongo_mode == "standalone": + logger.info("MongoDB is in standalone mode, skipping ReplicaSet wait") + return + + mongo_uri = os.getenv("MONGO_URI") + + if not mongo_uri: + logger.warning("MONGO_URI not set, exiting application") + sys.exit(1) + + logger.info(f"Waiting for MongoDB ReplicaSet to be ready and elect the primary...") + + for attempt in range(1, max_retries + 1): + try: + # Try to connect + client = MongoClient( + mongo_uri, serverSelectionTimeoutMS=5000, connectTimeoutMS=5000 + ) + + # Execute a simple operation to verify PRIMARY exists + client.admin.command("ping") + + # For replica sets, verify PRIMARY exists + if "replicaSet=" in mongo_uri: + if client.primary is None: + raise Exception("No PRIMARY elected yet") + logger.info(f"PRIMARY found: {client.primary}") + + client.close() + logger.info("MongoDB is ready") + return + + except (ServerSelectionTimeoutError, ConnectionFailure, Exception) as e: + if attempt >= max_retries: + logger.info(f"MongoDB not ready after {max_retries * retry_interval}s") + logger.info(f" Error: {e}") + sys.exit(1) + + if attempt % 6 == 0: # Print every 30 seconds + logger.info( + f" Still waiting... ({attempt}/{max_retries}) - {e.__class__.__name__}" + ) + + time.sleep(retry_interval) diff --git a/splunk_connect_for_snmp/poller.py b/splunk_connect_for_snmp/poller.py index 099cc3c0b..ce6998947 100644 --- a/splunk_connect_for_snmp/poller.py +++ b/splunk_connect_for_snmp/poller.py @@ -13,11 +13,11 @@ # See the License for the specific language governing permissions and # limitations under the License. # -import logging - # Support use of .env file for developers from contextlib import suppress +from splunk_connect_for_snmp.common.hummanbool import wait_for_mongodb_replicaset + with suppress(ImportError, OSError): from dotenv import load_dotenv @@ -36,10 +36,11 @@ trace.set_tracer_provider(provider) logger = get_task_logger(__name__) -# //using rabbitmq as the message broker + + +wait_for_mongodb_replicaset(logger) app = Celery("sc4snmp_poller") app.config_from_object("splunk_connect_for_snmp.celery_config") -# app.conf.update(**config) INVENTORY_PATH = os.getenv("INVENTORY_PATH", "/app/inventory/inventory.csv") diff --git a/splunk_connect_for_snmp/snmp/auth.py b/splunk_connect_for_snmp/snmp/auth.py index 6c5b27597..cf89bc297 100644 --- a/splunk_connect_for_snmp/snmp/auth.py +++ b/splunk_connect_for_snmp/snmp/auth.py @@ -185,7 +185,5 @@ def get_auth( return get_auth_v1(ir) elif ir.version == "2c": return get_auth_v2c(ir) - elif ir.version == "3": - return get_auth_v3(logger, ir, snmp_engine) else: - raise SnmpActionError(f"Wrong SNMP version {ir.version}") + return get_auth_v3(logger, ir, snmp_engine) diff --git a/splunk_connect_for_snmp/snmp/manager.py b/splunk_connect_for_snmp/snmp/manager.py index a1256a3ab..60508bf1f 100644 --- a/splunk_connect_for_snmp/snmp/manager.py +++ b/splunk_connect_for_snmp/snmp/manager.py @@ -291,9 +291,9 @@ def __init__(self, **kwargs): self.profiles_collection = ProfileCollection(self.profiles) self.profiles_collection.process_profiles() self.last_modified = time.time() - self.snmp_engine = SnmpEngine() + self.snmpEngine = SnmpEngine() self.already_loaded_mibs = set() - self.builder = self.snmp_engine.getMibBuilder() + self.builder = self.snmpEngine.getMibBuilder() self.mib_view_controller = view.MibViewController(self.builder) compiler.addMibCompiler(self.builder, sources=[MIB_SOURCES]) @@ -315,18 +315,6 @@ def __init__(self, **kwargs): f"Unable to load mib map from index http error {self.mib_response.status_code}" ) - def get_snmp_engine(self, version="", create_new=False) -> SnmpEngine: - """ - :returns: The new SnmpEngine with mibViewController cache attached if snmp version is 3, - else it reuses already defined snmp poller. - """ - if version == "3" or create_new: - snmp_engine = SnmpEngine() - snmp_engine.cache["mibViewController"] = self.mib_view_controller - return snmp_engine - else: - return self.snmp_engine - def do_work( self, ir: InventoryRecord, @@ -347,7 +335,7 @@ def do_work( address, walk=walk, profiles=profiles ) - auth_data = get_auth(logger, ir, self.get_snmp_engine(ir.version)) + auth_data = get_auth(logger, ir, self.snmpEngine) context_data = get_context_data() transport = setup_transport_target(ir) @@ -411,11 +399,7 @@ def run_get_request( error_index, varbind_table, ) in getCmd( - self.get_snmp_engine(create_new=True), - auth_data, - transport, - context_data, - *varbind_chunk, + self.snmpEngine, auth_data, transport, context_data, *varbind_chunk ): if not _any_failure_happened( error_indication, @@ -445,7 +429,7 @@ def run_bulk_request( error_index, varbind_table, ) in bulkCmd( - self.get_snmp_engine(create_new=True), + self.snmpEngine, auth_data, transport, context_data, diff --git a/splunk_connect_for_snmp/traps.py b/splunk_connect_for_snmp/traps.py index 44767735c..8bacf57ad 100644 --- a/splunk_connect_for_snmp/traps.py +++ b/splunk_connect_for_snmp/traps.py @@ -21,7 +21,11 @@ from pyasn1.type import univ from pysnmp.proto.api import v2c -from splunk_connect_for_snmp.common.hummanbool import disable_mongo_logging, human_bool +from splunk_connect_for_snmp.common.hummanbool import ( + disable_mongo_logging, + human_bool, + wait_for_mongodb_replicaset, +) from splunk_connect_for_snmp.snmp.auth import get_secret_value with suppress(ImportError, OSError): @@ -96,7 +100,7 @@ debug.Debug(*enabled_debug_flags, options={"loggerName": logger}) ) - +wait_for_mongodb_replicaset(logger) app = Celery("sc4snmp_traps") app.config_from_object("splunk_connect_for_snmp.celery_config") diff --git a/test/snmp/test_do_work.py b/test/snmp/test_do_work.py index 2aa17c7e5..92c9132d4 100644 --- a/test/snmp/test_do_work.py +++ b/test/snmp/test_do_work.py @@ -33,7 +33,7 @@ class TestDoWork(TestCase): def test_do_work_no_work_to_do(self): poller = Poller.__new__(Poller) poller.last_modified = 1609675634 - poller.snmp_engine = None + poller.snmpEngine = None poller.profiles_manager = MagicMock() poller.profiles_collection = MagicMock() poller.profiles_collection.process_profiles = MagicMock() @@ -57,7 +57,6 @@ def test_do_work_no_work_to_do(self): @patch("mongolock.MongoLock.release", MagicMock()) @patch("splunk_connect_for_snmp.snmp.auth.get_auth", None) @patch("splunk_connect_for_snmp.snmp.manager.get_context_data", MagicMock()) - @patch("splunk_connect_for_snmp.snmp.manager.Poller.get_snmp_engine", MagicMock()) @patch("splunk_connect_for_snmp.snmp.manager.setup_transport_target", MagicMock()) @patch("splunk_connect_for_snmp.snmp.manager.bulkCmd") @patch("splunk_connect_for_snmp.snmp.manager.getCmd") @@ -65,7 +64,7 @@ def test_do_work_no_work_to_do(self): def test_do_work_bulk(self, load_profiles, getCmd, bulkCmd): poller = Poller.__new__(Poller) poller.last_modified = 1609675634 - poller.snmp_engine = None + poller.snmpEngine = None poller.builder = MagicMock() poller.profiles_manager = MagicMock() m_process_data = MagicMock() @@ -94,7 +93,6 @@ def test_do_work_bulk(self, load_profiles, getCmd, bulkCmd): @patch("mongolock.MongoLock.release", MagicMock()) @patch("splunk_connect_for_snmp.snmp.auth.get_auth", None) @patch("splunk_connect_for_snmp.snmp.manager.get_context_data", MagicMock()) - @patch("splunk_connect_for_snmp.snmp.manager.Poller.get_snmp_engine", MagicMock()) @patch("splunk_connect_for_snmp.snmp.manager.setup_transport_target", MagicMock()) @patch("splunk_connect_for_snmp.snmp.manager.bulkCmd") @patch("splunk_connect_for_snmp.snmp.manager.getCmd") @@ -104,7 +102,7 @@ def test_do_work_bulk(self, load_profiles, getCmd, bulkCmd): def test_do_work_get(self, load_profiles, getCmd, bulkCmd): poller = Poller.__new__(Poller) poller.last_modified = 1609675634 - poller.snmp_engine = None + poller.snmpEngine = None poller.builder = MagicMock() poller.process_snmp_data = MagicMock() poller.profiles_manager = MagicMock() @@ -138,7 +136,6 @@ def test_do_work_get(self, load_profiles, getCmd, bulkCmd): @patch("mongolock.MongoLock.release", MagicMock()) @patch("splunk_connect_for_snmp.snmp.auth.get_auth", None) @patch("splunk_connect_for_snmp.snmp.manager.get_context_data", MagicMock()) - @patch("splunk_connect_for_snmp.snmp.manager.Poller.get_snmp_engine", MagicMock()) @patch("splunk_connect_for_snmp.snmp.manager.setup_transport_target", MagicMock()) @patch("splunk_connect_for_snmp.snmp.manager.bulkCmd") @patch("splunk_connect_for_snmp.snmp.manager.getCmd") @@ -148,7 +145,7 @@ def test_do_work_get(self, load_profiles, getCmd, bulkCmd): def test_do_work_errors(self, load_profiles, getCmd, bulkCmd): poller = Poller.__new__(Poller) poller.last_modified = 1609675634 - poller.snmp_engine = None + poller.snmpEngine = None poller.builder = MagicMock() poller.process_snmp_data = MagicMock() poller.profiles_manager = MagicMock() diff --git a/ui_tests/config/ui_values.yaml b/ui_tests/config/ui_values.yaml index ef81984f0..349cedea6 100644 --- a/ui_tests/config/ui_values.yaml +++ b/ui_tests/config/ui_values.yaml @@ -3,12 +3,12 @@ UI: frontEnd: NodePort: 30001 repository: ghcr.io/splunk/sc4snmp-ui/frontend/container - tag: "1.1.2-beta.1" + tag: "1.1.2-beta.2" pullPolicy: "Always" backEnd: NodePort: 30002 repository: ghcr.io/splunk/sc4snmp-ui/backend/container - tag: "1.1.2-beta.1" + tag: "1.1.2-beta.2" pullPolicy: "Always" init: image: registry.access.redhat.com/ubi9/ubi