splunk · omrozowicz-splunk · Nov 18, 2025 · Dec 8, 2025 · Dec 8, 2025 · Dec 9, 2025
@@ -11,9 +11,8 @@
   - Enabled AOF persistence by default for data durability
 - add CounterBasedGauge64 and ZeroBasedCounter64 as metrics types
 
-### Fixed
+### Fixes
 - fix problem with service rendering when `traps.service.usemetallb` is set to false
-- fix reusing the snmp engine for snmpv3 calls
 
 ## [1.14.1]
 - update mongodb volumePermission image repository to `bitnamileagcy`

@@ -26,7 +26,7 @@ RUN mkdir /.pysnmp && chown 10001:10001 /.pysnmp
 RUN chown 10001:10001 /tmp
 COPY --from=builder /app/.venv /app/.venv
 COPY entrypoint.sh /app/entrypoint.sh
-COPY construct-redis-url.sh /app/construct-redis-url.sh
-RUN chmod +x /app/construct-redis-url.sh /app/entrypoint.sh
+COPY construct-connection-strings.sh /app/construct-connection-strings.sh
+RUN chmod +x /app/construct-connection-strings.sh /app/entrypoint.sh
 USER 10001:10001
 ENTRYPOINT ["/app/entrypoint.sh"]
@@ -1,7 +1,4 @@
 dependencies:
-- name: mongodb
-  repository: https://charts.bitnami.com/bitnami
-  version: 15.6.26
 - name: mibserver
   repository: https://pysnmp.github.io/mibs/charts/
   version: 1.15.29

@@ -14,17 +14,14 @@ type: application
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 
-version: 1.14.2-beta.6
+version: 1.14.2-beta.7
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.14.2-beta.6"
+appVersion: "1.14.2-beta.7"
 #
 dependencies:
-  - name: mongodb
-    version: ~15.6.0
-    repository: https://charts.bitnami.com/bitnami
   - name: mibserver
     version: ~1.15
     repository: https://pysnmp.github.io/mibs/charts/

@@ -1,5 +1,5 @@
 {{- define "splunk-connect-for-snmp.mongo_uri" -}}
-{{- if eq .Values.mongodb.architecture "replicaset" }}
+{{- if eq .Values.mongodb.architecture "replication" }}
 {{- printf "mongodb+srv://%s-mongodb-headless.%s.svc.%s/?tls=false&ssl=false&replicaSet=rs0" .Release.Name .Release.Namespace .Values.mongodb.clusterDomain}}
 {{- else }}
 {{- printf "mongodb://%s-mongodb:27017" .Release.Name }}
@@ -110,7 +110,7 @@ Generate Redis environment variables for application pods
 - name: NAMESPACE
   value: {{ .Release.Namespace }}
 - name: REDIS_SENTINEL_REPLICAS
-  value: {{ .Values.redis.sentinel.replicas | quote }}
+  value: {{ .Values.redis.sentinel.replicaCount | quote }}
 - name: REDIS_SENTINEL_PORT
   value: "26379"
 - name: REDIS_MASTER_NAME
@@ -153,4 +153,69 @@ checksum/redis-config: {{ include (print $.Template.BasePath "/redis/redis-confi
 {{- if .Values.redis.auth.enabled }}
 checksum/redis-secret: {{ include (print $.Template.BasePath "/redis/redis-secret.yaml") . | sha256sum }}
 {{- end -}}
+{{- end -}}
+
+
+{{- define "splunk-connect-for-snmp.mongodb-auth" -}}
+{{- if .Values.mongodb.auth.existingSecret }}
+- name: MONGODB_USERNAME
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.mongodb.auth.existingSecret }}
+      key: {{ .Values.mongodb.auth.rootUserKey | quote | default "root-user" }}
+- name: MONGODB_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.mongodb.auth.existingSecret }}
+      key: {{ .Values.mongodb.auth.rootPasswordKey | quote | default "root-password" }}
+{{- else -}}
+- name: MONGODB_USERNAME
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Release.Name }}-mongodb-secret
+      key: root-user
+- name: MONGODB_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Release.Name }}-mongodb-secret
+      key: root-password
+{{- end -}}
+{{- end -}}
+
+
+{{/*
+MongoDB environment variables - one helper to rule them all
+*/}}
+{{- define "splunk-connect-for-snmp.mongodb-env" -}}
+{{- if .Values.mongodb.auth.enabled }}
+{{- include "splunk-connect-for-snmp.mongodb-auth" . -}}
+{{- end }}
+- name: MONGODB_MODE
+  value: {{ .Values.mongodb.mode | default "standalone" | quote }}
+- name: MONGODB_AUTH_SOURCE
+  value: "admin"
+- name: MONGODB_DATABASE
+  value: {{ .Values.mongodb.database | default "sc4snmp" | quote }}
+{{- if eq .Values.mongodb.mode "replication" }}
+- name: MONGODB_HOST
+  value: {{ include "splunk-connect-for-snmp.mongodb.replication.hosts" . | quote }}
+- name: MONGODB_REPLICA_SET
+  value: {{ .Values.mongodb.replicaSetName | default "rs0" | quote }}
+{{- else }}
+- name: MONGODB_HOST
+  value: {{ .Release.Name }}-mongodb-0.{{ .Release.Name }}-mongodb
+- name: MONGODB_PORT
+  value: "27017"
+{{- end -}}
+{{- end -}}
+
+{{/*
+MongoDB replica set hosts (comma-separated)
+*/}}
+{{- define "splunk-connect-for-snmp.mongodb.replication.hosts" -}}
+{{- $hosts := list -}}
+{{- range $i := until (int (.Values.mongodb.replicaCount | default 3)) -}}
+  {{- $hosts = append $hosts (printf "%s-mongodb-%d.%s-mongodb-headless.%s.svc.cluster.local:27017" $.Release.Name $i $.Release.Name $.Release.Namespace ) -}}
+{{- end -}}
+{{- join "," $hosts -}}
 {{- end -}}
@@ -31,10 +31,9 @@ spec:
           - name: CONFIG_PATH
             value: /app/config/config.yaml
           {{- include "splunk-connect-for-snmp.redis-env" . | nindent 10 }}
+          {{- include "splunk-connect-for-snmp.mongodb-env" . | nindent 10 }}
           - name: INVENTORY_PATH
             value: /app/inventory/inventory.csv
-          - name: MONGO_URI
-            value: {{ include "splunk-connect-for-snmp.mongo_uri" . }}
           - name: MIB_SOURCES
             value: "http://{{ printf "%s-%s" .Release.Name "mibserver" }}/asn1/@mib@"
           - name: MIB_INDEX

@@ -0,0 +1,11 @@
+{{- if and .Values.mongodb.auth.enabled (eq .Values.mongodb.mode "replication") (not .Values.mongodb.auth.existingReplicaKeySecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-mongodb-replicakey
+  labels:
+    app: {{ .Release.Name }}-mongodb
+type: Opaque
+data:
+  replica-key: {{ randAlphaNum 64 | b64enc | quote }}
+{{- end }}
@@ -0,0 +1,176 @@
+{{- if eq .Values.mongodb.mode "replication" }}
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ .Release.Name }}-mongodb
+  labels:
+    app: {{ .Release.Name }}-mongodb
+    mode: replication
+spec:
+  serviceName: {{ .Release.Name }}-mongodb-headless
+  replicas: {{ .Values.mongodb.replicaCount | default 3 }}
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}-mongodb
+  template:
+    metadata:
+      labels:
+        app: {{ .Release.Name }}-mongodb
+        mode: replication
+    spec:
+      {{- with .Values.mongodb.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            podAffinityTerm:
+              labelSelector:
+                matchLabels:
+                  app: {{ .Release.Name }}-mongodb
+              topologyKey: kubernetes.io/hostname
+
+      initContainers:
+      {{- if .Values.mongodb.initPermissions }}
+      - name: init-permissions
+        image: busybox:1.36
+        command: ["sh", "-c", "mkdir -p /data/db && chown -R 999:999 /data/db && chmod -R 755 /data/db"]
+        volumeMounts:
+        - name: data
+          mountPath: /data/db
+        securityContext:
+          runAsUser: 0
+      {{- end }}
+
+      {{- if .Values.mongodb.auth.enabled }}
+      - name: keyfile-setup
+        image: busybox:1.36
+        command: ["sh", "-c", "cp /tmp/keyfile/replica-key /keyfile/replica-key && chmod 400 /keyfile/replica-key && chown 999:999 /keyfile/replica-key"]
+        volumeMounts:
+        - name: keyfile-tmp
+          mountPath: /tmp/keyfile
+        - name: keyfile
+          mountPath: /keyfile
+        securityContext:
+          runAsUser: 0
+      {{- end }}
+
+      containers:
+      - name: mongodb
+        image: "{{ .Values.mongodb.image.repository }}:{{ .Values.mongodb.image.tag }}"
+        imagePullPolicy: {{ .Values.mongodb.image.pullPolicy | default "IfNotPresent" }}
+
+        {{- with .Values.mongodb.containerSecurityContext }}
+        securityContext:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        args:
+        - --replSet
+        - {{ .Values.mongodb.replicaSetName | default "rs0" }}
+        {{- if .Values.mongodb.auth.enabled }}
+        - --keyFile
+        - /etc/keyfile/replica-key
+        {{- end }}
+
+        ports:
+        - containerPort: 27017
+          name: mongodb
+
+        {{- if .Values.mongodb.auth.enabled }}
+        env:
+          {{- if .Values.mongodb.auth.existingSecret }}
+          - name: MONGO_INITDB_ROOT_USERNAME
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Values.mongodb.auth.existingSecret }}
+                key: {{ .Values.mongodb.auth.rootUserKey | default "root-user" }}
+          - name: MONGO_INITDB_ROOT_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Values.mongodb.auth.existingSecret }}
+                key: {{ .Values.mongodb.auth.rootPasswordKey | default "root-password" }}
+          {{- else }}
+          - name: MONGO_INITDB_ROOT_USERNAME
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Release.Name }}-mongodb-secret
+                key: root-user
+          - name: MONGO_INITDB_ROOT_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Release.Name }}-mongodb-secret
+                key: root-password
+        {{- end }}
+        {{- end }}
+
+        volumeMounts:
+        - name: data
+          mountPath: /data/db
+        {{- if .Values.mongodb.auth.enabled }}
+        - name: keyfile
+          mountPath: /etc/keyfile
+          readOnly: true
+        {{- end }}
+
+        {{- with .Values.mongodb.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        {{- if .Values.mongodb.livenessProbe.enabled }}
+        livenessProbe:
+          exec:
+            command:
+            - mongosh
+            - --eval
+            - "db.adminCommand('ping')"
+          initialDelaySeconds: {{ .Values.mongodb.livenessProbe.initialDelaySeconds | default 30 }}
+          periodSeconds: {{ .Values.mongodb.livenessProbe.periodSeconds | default 10 }}
+          timeoutSeconds: {{ .Values.mongodb.livenessProbe.timeoutSeconds | default 5 }}
+          failureThreshold: {{ .Values.mongodb.livenessProbe.failureThreshold | default 3 }}
+        {{- end }}
+
+        {{- if .Values.mongodb.readinessProbe.enabled }}
+        readinessProbe:
+          exec:
+            command:
+            - mongosh
+            - --eval
+            - "db.adminCommand('ping')"
+          initialDelaySeconds: {{ .Values.mongodb.readinessProbe.initialDelaySeconds | default 5 }}
+          periodSeconds: {{ .Values.mongodb.readinessProbe.periodSeconds | default 10 }}
+          timeoutSeconds: {{ .Values.mongodb.readinessProbe.timeoutSeconds | default 5 }}
+          failureThreshold: {{ .Values.mongodb.readinessProbe.failureThreshold | default 3 }}
+        {{- end }}
+
+      volumes:
+      {{- if .Values.mongodb.auth.enabled }}
+      - name: keyfile-tmp
+        secret:
+          secretName: {{ .Release.Name }}-mongodb-replicakey
+          items:
+          - key: replica-key
+            path: replica-key
+      - name: keyfile
+        emptyDir: {}
+      {{- end }}
+
+  {{- if .Values.mongodb.persistence.enabled }}
+  volumeClaimTemplates:
+  - metadata:
+      name: data
+    spec:
+      accessModes:
+      - {{ .Values.mongodb.persistence.accessMode | default "ReadWriteOnce" }}
+      {{- if .Values.mongodb.persistence.storageClassName }}
+      storageClassName: {{ .Values.mongodb.persistence.storageClassName }}
+      {{- end }}
+      resources:
+        requests:
+          storage: {{ .Values.mongodb.persistence.size | default "10Gi" }}
+  {{- end }}
+{{- end }}