diff --git a/CHANGELOG.md b/CHANGELOG.md index 545ffa435..336c1406d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,11 @@ ## Unreleased +### Changed + +### Fixes +- fix problem with service rendering when `traps.service.usemetallb` is set to false + ## [1.14.1] - update mongodb volumePermission image repository to `bitnamileagcy` diff --git a/charts/splunk-connect-for-snmp/templates/_helpers.tpl b/charts/splunk-connect-for-snmp/templates/_helpers.tpl index 37c057a27..834c1ec09 100644 --- a/charts/splunk-connect-for-snmp/templates/_helpers.tpl +++ b/charts/splunk-connect-for-snmp/templates/_helpers.tpl @@ -94,7 +94,7 @@ Create the name of the service account to use Whether enable traps */}} {{- define "splunk-connect-for-snmp.traps.enable" -}} -{{- if or (and (eq .Values.traps.service.type "LoadBalancer") .Values.traps.loadBalancerIP ) (and (eq .Values.traps.service.type "NodePort") .Values.traps.service.nodePort) }} +{{- if or (and (eq .Values.traps.service.type "LoadBalancer") .Values.traps.loadBalancerIP ) (and (eq .Values.traps.service.type "NodePort") .Values.traps.service.nodePort ) ( not .Values.traps.service.usemetallb) }} {{- printf "true" }} {{- else }} {{- printf "false" }} diff --git a/docs/microk8s/configuration/trap-configuration.md b/docs/microk8s/configuration/trap-configuration.md index 5eee8e7d3..2b36748ca 100644 --- a/docs/microk8s/configuration/trap-configuration.md +++ b/docs/microk8s/configuration/trap-configuration.md @@ -104,15 +104,17 @@ microk8s kubectl rollout restart deployment snmp-splunk-connect-for-snmp-trap -n ### Define external gateway for traps -If you use SC4SNMP on a single machine, configure `loadBalancerIP`. -`loadBalancerIP` is the IP address in the metallb pool. +#### Using MetalLB LoadBalancer + +If you use SC4SNMP on a multinode setup, configure `loadBalancerIP`. +`loadBalancerIP` should be an IP assigned from your MetalLB address pool in the same subnet as your cluster nodes can reach. See the following example: ```yaml traps: loadBalancerIP: 10.202.4.202 ``` -If you have enabled the Ipv6 you need to pass IP addresses for both IPv4 and IPv6. +If you have enabled IPv6 dual‑stack, provide both IPv4 and IPv6 addresses as a comma‑separated list: See the following example: ```yaml @@ -120,7 +122,9 @@ traps: loadBalancerIP: 10.202.4.202,2001:0DB8:AC10:FE01:0000:0000:0000:0001 ``` -If you want to use the SC4SNMP trap receiver in K8S cluster, configure `NodePort` instead. Use the following configuration: +#### Using NodePort + +For single‑node clusters or simple setups without a load balancer, you can expose the traps receiver on a fixed port across all node IPs with `NodePort`: ```yaml traps: @@ -130,15 +134,28 @@ traps: nodePort: 30000 ``` -Using this method, the SNMP trap will always be forwarded to one of the trap receiver pods listening on port 30000 (like in the -example above, you can configure to any other port). So, it does not matter that IP address of which node you use. -Adding nodePort will make it end up in the correct place everytime. +This way the trap receiver will be available on all node IPs on port 30000. + +#### Using Cloud Load Balancer + +You can also deploy the traps receiver without MetalLB or NodePort, using Kubernetes Service annotations supported by your cloud platform. +For example, on AWS EKS you can enable an AWS Network Load Balancer with annotations: + +```yaml +traps: + service: + usemetallb: false + annotations: + service.beta.kubernetes.io/aws-load-balancer-type: external + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internal +``` -A good practice is to create an IP floating address/Anycast pointing to the healthy nodes, so the traffic is forwarded in case of the -failover. To do this, create an external LoadBalancer that balances the traffic between nodes. ### Define number of traps server replica + `replicaCount` defines that the number of replicas per trap container should be 2 times the number of nodes. + ```yaml traps: #For production deployments the value should be at least 2x the number of nodes diff --git a/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/common/scheduler-config.yaml b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/common/scheduler-config.yaml new file mode 100644 index 000000000..2ace18f92 --- /dev/null +++ b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/common/scheduler-config.yaml @@ -0,0 +1,21 @@ +--- +# Source: splunk-connect-for-snmp/templates/common/scheduler-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: splunk-connect-for-snmp-config + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-scheduler + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +data: + config.yaml: |- + communities: + public: + communityIndex: + contextEngineId: + contextName: + tag: + securityName: diff --git a/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/common/splunk-secret.yaml b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/common/splunk-secret.yaml new file mode 100644 index 000000000..21e689f0a --- /dev/null +++ b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/common/splunk-secret.yaml @@ -0,0 +1,9 @@ +--- +# Source: splunk-connect-for-snmp/templates/common/splunk-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: splunk-connect-for-snmp-splunk +type: Opaque +data: + hec_token: "MDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAw" diff --git a/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/common/traps-config.yaml b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/common/traps-config.yaml new file mode 100644 index 000000000..2f4b3f37d --- /dev/null +++ b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/common/traps-config.yaml @@ -0,0 +1,18 @@ +--- +# Source: splunk-connect-for-snmp/templates/common/traps-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: splunk-connect-for-snmp-traps + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-scheduler + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +data: + config.yaml: |- + communities: + 2c: + - public + - homelab diff --git a/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/serviceaccount.yaml b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/serviceaccount.yaml new file mode 100644 index 000000000..59ae809f1 --- /dev/null +++ b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +--- +# Source: splunk-connect-for-snmp/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: release-name-splunk-connect-for-snmp-user + labels: + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm diff --git a/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/sim/pdb.yaml b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/sim/pdb.yaml new file mode 100644 index 000000000..0f1827e83 --- /dev/null +++ b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/sim/pdb.yaml @@ -0,0 +1,18 @@ +--- +# Source: splunk-connect-for-snmp/templates/sim/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: release-name-splunk-connect-for-snmp-sim + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-sim + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +spec: + minAvailable: 80% + selector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-sim + app.kubernetes.io/instance: release-name diff --git a/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/tests/test-connection.yaml b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/tests/test-connection.yaml new file mode 100644 index 000000000..6851a86ec --- /dev/null +++ b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/tests/test-connection.yaml @@ -0,0 +1,35 @@ +--- +# Source: splunk-connect-for-snmp/templates/tests/test-connection.yaml +apiVersion: v1 +kind: Pod +metadata: + name: "release-name-splunk-connect-for-snmp-trap-test-connection" + labels: + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm + annotations: + "helm.sh/hook": test + "kube-score/ignore": "pod-probes,pod-networkpolicy" +spec: + containers: + - name: wget + image: busybox:1.34.1 + imagePullPolicy: Always + command: ['wget'] + args: ['release-name-splunk-connect-for-snmp-trap:162'] + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 10001 + runAsGroup: 10001 + resources: + limits: + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + restartPolicy: Never diff --git a/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/traps/deployment.yaml b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/traps/deployment.yaml new file mode 100644 index 000000000..65c9b834f --- /dev/null +++ b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/traps/deployment.yaml @@ -0,0 +1,122 @@ +--- +# Source: splunk-connect-for-snmp/templates/traps/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-splunk-connect-for-snmp-trap + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-trap + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-trap + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-trap + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: release-name-splunk-connect-for-snmp-user + securityContext: + fsGroup: 10001 + containers: + - name: splunk-connect-for-snmp-traps + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 10001 + runAsGroup: 10001 + image: "ghcr.io/splunk/splunk-connect-for-snmp/container:CURRENT-VERSION" + imagePullPolicy: Always + args: + [ + "trap" + ] + env: + - name: CONFIG_PATH + value: /app/config/config.yaml + - name: CELERY_BROKER_URL + value: redis://release-name-redis-master:6379/0 + - name: MONGO_URI + value: mongodb://release-name-mongodb:27017 + - name: MIB_SOURCES + value: "http://release-name-mibserver/asn1/@mib@" + - name: MIB_INDEX + value: "http://release-name-mibserver/index.csv" + - name: MIB_STANDARD + value: "http://release-name-mibserver/standard.txt" + - name: LOG_LEVEL + value: INFO + - name: DISABLE_MONGO_DEBUG_LOGGING + value: "true" + - name: PYSNMP_DEBUG + value: "" + - name: SPLUNK_HEC_SCHEME + value: "https" + - name: SPLUNK_HEC_HOST + value: "10.202.18.152" + - name: SPLUNK_HEC_PORT + value: "8088" + - name: SPLUNK_HEC_INSECURESSL + value: "true" + - name: INCLUDE_SECURITY_CONTEXT_ID + value: "false" + - name: SNMP_V3_SECURITY_ENGINE_ID + value: 80003a8c04 + - name: SPLUNK_HEC_TOKEN + valueFrom: + secretKeyRef: + name: splunk-connect-for-snmp-splunk + key: hec_token + - name: IPv6_ENABLED + value: "false" + ports: + - name: snmp-udp + containerPort: 2162 + protocol: UDP + volumeMounts: + - name: config + mountPath: "/app/config" + readOnly: true + - name: pysnmp-cache-volume + mountPath: "/.pysnmp/" + readOnly: false + - name: tmp + mountPath: "/tmp/" + readOnly: false + + resources: + {} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-trap + app.kubernetes.io/instance: release-name + volumes: + # You set volumes at the Pod level, then mount them into containers inside that Pod + - name: config + configMap: + # Provide the name of the ConfigMap you want to mount. + name: splunk-connect-for-snmp-traps + # An array of keys from the ConfigMap to create as files + items: + - key: "config.yaml" + path: "config.yaml" + - name: pysnmp-cache-volume + emptyDir: {} + - name: tmp + emptyDir: {} diff --git a/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/traps/pdb.yaml b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/traps/pdb.yaml new file mode 100644 index 000000000..34bb78a7f --- /dev/null +++ b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/traps/pdb.yaml @@ -0,0 +1,18 @@ +--- +# Source: splunk-connect-for-snmp/templates/traps/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: release-name-splunk-connect-for-snmp-trap + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-trap + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +spec: + minAvailable: 80% + selector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-trap + app.kubernetes.io/instance: release-name diff --git a/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/traps/service.yaml b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/traps/service.yaml new file mode 100644 index 000000000..c70ce00be --- /dev/null +++ b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/traps/service.yaml @@ -0,0 +1,28 @@ +--- +# Source: splunk-connect-for-snmp/templates/traps/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-splunk-connect-for-snmp-trap + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-trap + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internal + service.beta.kubernetes.io/aws-load-balancer-type: external + +spec: + type: LoadBalancer + externalTrafficPolicy: Local + ports: + - port: 162 + targetPort: 2162 + protocol: UDP + name: snmp-udp + selector: + app.kubernetes.io/name: splunk-connect-for-snmp-trap + app.kubernetes.io/instance: release-name diff --git a/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/worker/pdb.yaml b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/worker/pdb.yaml new file mode 100644 index 000000000..4b3ea594c --- /dev/null +++ b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/worker/pdb.yaml @@ -0,0 +1,18 @@ +--- +# Source: splunk-connect-for-snmp/templates/worker/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: release-name-splunk-connect-for-snmp-worker + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +spec: + minAvailable: 80% + selector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker + app.kubernetes.io/instance: release-name diff --git a/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml new file mode 100644 index 000000000..fe08ce4ed --- /dev/null +++ b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml @@ -0,0 +1,154 @@ +--- +# Source: splunk-connect-for-snmp/templates/worker/sender/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-splunk-connect-for-snmp-worker-sender + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-sender + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-sender + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-sender + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: release-name-splunk-connect-for-snmp-user + securityContext: + fsGroup: 10001 + containers: + - name: splunk-connect-for-snmp-worker-sender + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 10001 + runAsGroup: 10001 + image: "ghcr.io/splunk/splunk-connect-for-snmp/container:CURRENT-VERSION" + imagePullPolicy: Always + args: + [ + "celery", "worker-sender", + ] + env: + - name: CONFIG_PATH + value: /app/config/config.yaml + - name: REDIS_URL + value: redis://release-name-redis-master:6379/1 + - name: SC4SNMP_VERSION + value: CURRENT-VERSION + - name: CELERY_BROKER_URL + value: redis://release-name-redis-master:6379/0 + - name: MONGO_URI + value: mongodb://release-name-mongodb:27017 + - name: WALK_RETRY_MAX_INTERVAL + value: "180" + - name: WALK_MAX_RETRIES + value: "5" + - name: METRICS_INDEXING_ENABLED + value: "false" + - name: POLL_BASE_PROFILES + value: "true" + - name: LOG_LEVEL + value: INFO + - name: DISABLE_MONGO_DEBUG_LOGGING + value: "true" + - name: UDP_CONNECTION_TIMEOUT + value: "3" + - name: MAX_OID_TO_PROCESS + value: "70" + - name: MAX_REPETITIONS + value: "10" + - name: PYSNMP_DEBUG + value: "" + - name: PROFILES_RELOAD_DELAY + value: "60" + - name: MIB_SOURCES + value: "http://release-name-mibserver/asn1/@mib@" + - name: MIB_INDEX + value: "http://release-name-mibserver/index.csv" + - name: MIB_STANDARD + value: "http://release-name-mibserver/standard.txt" + - name: SPLUNK_HEC_SCHEME + value: "https" + - name: SPLUNK_HEC_HOST + value: "10.202.18.152" + - name: IGNORE_EMPTY_VARBINDS + value: "false" + - name: SPLUNK_HEC_PORT + value: "8088" + - name: SPLUNK_HEC_INSECURESSL + value: "true" + - name: SPLUNK_AGGREGATE_TRAPS_EVENTS + value: "false" + - name: SPLUNK_METRIC_NAME_HYPHEN_TO_UNDERSCORE + value: "false" + - name: SPLUNK_HEC_TOKEN + valueFrom: + secretKeyRef: + name: splunk-connect-for-snmp-splunk + key: hec_token + - name: SPLUNK_HEC_INDEX_EVENTS + value: netops + - name: SPLUNK_HEC_INDEX_METRICS + value: netmetrics + - name: SPLUNK_SOURCETYPE_TRAPS + value: "sc4snmp:traps" + - name: SPLUNK_SOURCETYPE_POLLING_EVENTS + value: "sc4snmp:event" + - name: SPLUNK_SOURCETYPE_POLLING_METRICS + value: "sc4snmp:metric" + - name: WORKER_CONCURRENCY + value: "4" + - name: PREFETCH_COUNT + value: "30" + volumeMounts: + - name: config + mountPath: "/app/config" + readOnly: true + - name: pysnmp-cache-volume + mountPath: "/.pysnmp/" + readOnly: false + - name: tmp + mountPath: "/tmp/" + readOnly: false + resources: + limits: + cpu: 500m + requests: + cpu: 250m + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-sender + app.kubernetes.io/instance: release-name + volumes: + # You set volumes at the Pod level, then mount them into containers inside that Pod + - name: config + configMap: + # Provide the name of the ConfigMap you want to mount. + name: splunk-connect-for-snmp-config + # An array of keys from the ConfigMap to create as files + items: + - key: "config.yaml" + path: "config.yaml" + - name: pysnmp-cache-volume + emptyDir: {} + - name: tmp + emptyDir: {} diff --git a/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml new file mode 100644 index 000000000..82675bad1 --- /dev/null +++ b/rendered/manifests/tests_metallb_false/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml @@ -0,0 +1,162 @@ +--- +# Source: splunk-connect-for-snmp/templates/worker/trap/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-splunk-connect-for-snmp-worker-trap + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-trap + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-trap + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-trap + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: release-name-splunk-connect-for-snmp-user + securityContext: + fsGroup: 10001 + containers: + - name: splunk-connect-for-snmp-worker-trap + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 10001 + runAsGroup: 10001 + image: "ghcr.io/splunk/splunk-connect-for-snmp/container:CURRENT-VERSION" + imagePullPolicy: Always + args: + [ + "celery", "worker-trap", + ] + env: + - name: CONFIG_PATH + value: /app/config/config.yaml + - name: REDIS_URL + value: redis://release-name-redis-master:6379/1 + - name: SC4SNMP_VERSION + value: CURRENT-VERSION + - name: CELERY_BROKER_URL + value: redis://release-name-redis-master:6379/0 + - name: MONGO_URI + value: mongodb://release-name-mongodb:27017 + - name: WALK_RETRY_MAX_INTERVAL + value: "180" + - name: WALK_MAX_RETRIES + value: "5" + - name: METRICS_INDEXING_ENABLED + value: "false" + - name: POLL_BASE_PROFILES + value: "true" + - name: LOG_LEVEL + value: INFO + - name: DISABLE_MONGO_DEBUG_LOGGING + value: "true" + - name: UDP_CONNECTION_TIMEOUT + value: "3" + - name: MAX_OID_TO_PROCESS + value: "70" + - name: MAX_REPETITIONS + value: "10" + - name: PYSNMP_DEBUG + value: "" + - name: PROFILES_RELOAD_DELAY + value: "60" + - name: MIB_SOURCES + value: "http://release-name-mibserver/asn1/@mib@" + - name: MIB_INDEX + value: "http://release-name-mibserver/index.csv" + - name: MIB_STANDARD + value: "http://release-name-mibserver/standard.txt" + - name: SPLUNK_HEC_SCHEME + value: "https" + - name: SPLUNK_HEC_HOST + value: "10.202.18.152" + - name: IGNORE_EMPTY_VARBINDS + value: "false" + - name: SPLUNK_HEC_PORT + value: "8088" + - name: SPLUNK_HEC_INSECURESSL + value: "true" + - name: SPLUNK_AGGREGATE_TRAPS_EVENTS + value: "false" + - name: SPLUNK_METRIC_NAME_HYPHEN_TO_UNDERSCORE + value: "false" + - name: SPLUNK_HEC_TOKEN + valueFrom: + secretKeyRef: + name: splunk-connect-for-snmp-splunk + key: hec_token + - name: SPLUNK_HEC_INDEX_EVENTS + value: netops + - name: SPLUNK_HEC_INDEX_METRICS + value: netmetrics + - name: SPLUNK_SOURCETYPE_TRAPS + value: "sc4snmp:traps" + - name: SPLUNK_SOURCETYPE_POLLING_EVENTS + value: "sc4snmp:event" + - name: SPLUNK_SOURCETYPE_POLLING_METRICS + value: "sc4snmp:metric" + - name: WORKER_CONCURRENCY + value: "4" + - name: PREFETCH_COUNT + value: "30" + - name: RESOLVE_TRAP_ADDRESS + value: "false" + - name: MAX_DNS_CACHE_SIZE_TRAPS + value: "500" + - name: TTL_DNS_CACHE_TRAPS + value: "1800" + - name: IPv6_ENABLED + value: "false" + volumeMounts: + - name: config + mountPath: "/app/config" + readOnly: true + - name: pysnmp-cache-volume + mountPath: "/.pysnmp/" + readOnly: false + - name: tmp + mountPath: "/tmp/" + readOnly: false + resources: + limits: + cpu: 500m + requests: + cpu: 250m + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-trap + app.kubernetes.io/instance: release-name + volumes: + # You set volumes at the Pod level, then mount them into containers inside that Pod + - name: config + configMap: + # Provide the name of the ConfigMap you want to mount. + name: splunk-connect-for-snmp-config + # An array of keys from the ConfigMap to create as files + items: + - key: "config.yaml" + path: "config.yaml" + - name: pysnmp-cache-volume + emptyDir: {} + - name: tmp + emptyDir: {} diff --git a/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/common/scheduler-config.yaml b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/common/scheduler-config.yaml new file mode 100644 index 000000000..2ace18f92 --- /dev/null +++ b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/common/scheduler-config.yaml @@ -0,0 +1,21 @@ +--- +# Source: splunk-connect-for-snmp/templates/common/scheduler-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: splunk-connect-for-snmp-config + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-scheduler + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +data: + config.yaml: |- + communities: + public: + communityIndex: + contextEngineId: + contextName: + tag: + securityName: diff --git a/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/common/splunk-secret.yaml b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/common/splunk-secret.yaml new file mode 100644 index 000000000..21e689f0a --- /dev/null +++ b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/common/splunk-secret.yaml @@ -0,0 +1,9 @@ +--- +# Source: splunk-connect-for-snmp/templates/common/splunk-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: splunk-connect-for-snmp-splunk +type: Opaque +data: + hec_token: "MDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAw" diff --git a/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/common/traps-config.yaml b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/common/traps-config.yaml new file mode 100644 index 000000000..2f4b3f37d --- /dev/null +++ b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/common/traps-config.yaml @@ -0,0 +1,18 @@ +--- +# Source: splunk-connect-for-snmp/templates/common/traps-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: splunk-connect-for-snmp-traps + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-scheduler + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +data: + config.yaml: |- + communities: + 2c: + - public + - homelab diff --git a/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/serviceaccount.yaml b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/serviceaccount.yaml new file mode 100644 index 000000000..59ae809f1 --- /dev/null +++ b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +--- +# Source: splunk-connect-for-snmp/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: release-name-splunk-connect-for-snmp-user + labels: + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm diff --git a/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/sim/pdb.yaml b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/sim/pdb.yaml new file mode 100644 index 000000000..0f1827e83 --- /dev/null +++ b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/sim/pdb.yaml @@ -0,0 +1,18 @@ +--- +# Source: splunk-connect-for-snmp/templates/sim/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: release-name-splunk-connect-for-snmp-sim + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-sim + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +spec: + minAvailable: 80% + selector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-sim + app.kubernetes.io/instance: release-name diff --git a/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/tests/test-connection.yaml b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/tests/test-connection.yaml new file mode 100644 index 000000000..6851a86ec --- /dev/null +++ b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/tests/test-connection.yaml @@ -0,0 +1,35 @@ +--- +# Source: splunk-connect-for-snmp/templates/tests/test-connection.yaml +apiVersion: v1 +kind: Pod +metadata: + name: "release-name-splunk-connect-for-snmp-trap-test-connection" + labels: + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm + annotations: + "helm.sh/hook": test + "kube-score/ignore": "pod-probes,pod-networkpolicy" +spec: + containers: + - name: wget + image: busybox:1.34.1 + imagePullPolicy: Always + command: ['wget'] + args: ['release-name-splunk-connect-for-snmp-trap:162'] + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 10001 + runAsGroup: 10001 + resources: + limits: + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + restartPolicy: Never diff --git a/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/traps/deployment.yaml b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/traps/deployment.yaml new file mode 100644 index 000000000..65c9b834f --- /dev/null +++ b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/traps/deployment.yaml @@ -0,0 +1,122 @@ +--- +# Source: splunk-connect-for-snmp/templates/traps/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-splunk-connect-for-snmp-trap + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-trap + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-trap + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-trap + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: release-name-splunk-connect-for-snmp-user + securityContext: + fsGroup: 10001 + containers: + - name: splunk-connect-for-snmp-traps + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 10001 + runAsGroup: 10001 + image: "ghcr.io/splunk/splunk-connect-for-snmp/container:CURRENT-VERSION" + imagePullPolicy: Always + args: + [ + "trap" + ] + env: + - name: CONFIG_PATH + value: /app/config/config.yaml + - name: CELERY_BROKER_URL + value: redis://release-name-redis-master:6379/0 + - name: MONGO_URI + value: mongodb://release-name-mongodb:27017 + - name: MIB_SOURCES + value: "http://release-name-mibserver/asn1/@mib@" + - name: MIB_INDEX + value: "http://release-name-mibserver/index.csv" + - name: MIB_STANDARD + value: "http://release-name-mibserver/standard.txt" + - name: LOG_LEVEL + value: INFO + - name: DISABLE_MONGO_DEBUG_LOGGING + value: "true" + - name: PYSNMP_DEBUG + value: "" + - name: SPLUNK_HEC_SCHEME + value: "https" + - name: SPLUNK_HEC_HOST + value: "10.202.18.152" + - name: SPLUNK_HEC_PORT + value: "8088" + - name: SPLUNK_HEC_INSECURESSL + value: "true" + - name: INCLUDE_SECURITY_CONTEXT_ID + value: "false" + - name: SNMP_V3_SECURITY_ENGINE_ID + value: 80003a8c04 + - name: SPLUNK_HEC_TOKEN + valueFrom: + secretKeyRef: + name: splunk-connect-for-snmp-splunk + key: hec_token + - name: IPv6_ENABLED + value: "false" + ports: + - name: snmp-udp + containerPort: 2162 + protocol: UDP + volumeMounts: + - name: config + mountPath: "/app/config" + readOnly: true + - name: pysnmp-cache-volume + mountPath: "/.pysnmp/" + readOnly: false + - name: tmp + mountPath: "/tmp/" + readOnly: false + + resources: + {} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-trap + app.kubernetes.io/instance: release-name + volumes: + # You set volumes at the Pod level, then mount them into containers inside that Pod + - name: config + configMap: + # Provide the name of the ConfigMap you want to mount. + name: splunk-connect-for-snmp-traps + # An array of keys from the ConfigMap to create as files + items: + - key: "config.yaml" + path: "config.yaml" + - name: pysnmp-cache-volume + emptyDir: {} + - name: tmp + emptyDir: {} diff --git a/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/traps/pdb.yaml b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/traps/pdb.yaml new file mode 100644 index 000000000..34bb78a7f --- /dev/null +++ b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/traps/pdb.yaml @@ -0,0 +1,18 @@ +--- +# Source: splunk-connect-for-snmp/templates/traps/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: release-name-splunk-connect-for-snmp-trap + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-trap + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +spec: + minAvailable: 80% + selector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-trap + app.kubernetes.io/instance: release-name diff --git a/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/traps/service.yaml b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/traps/service.yaml new file mode 100644 index 000000000..d77d0fe9b --- /dev/null +++ b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/traps/service.yaml @@ -0,0 +1,28 @@ +--- +# Source: splunk-connect-for-snmp/templates/traps/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-splunk-connect-for-snmp-trap + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-trap + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm + annotations: + metallb.universe.tf/allow-shared-ip: "splunk-connect" + metallb.universe.tf/loadBalancerIPs: + +spec: + type: NodePort + externalTrafficPolicy: Cluster + ports: + - port: 162 + nodePort: 30000 + targetPort: 2162 + protocol: UDP + name: snmp-udp + selector: + app.kubernetes.io/name: splunk-connect-for-snmp-trap + app.kubernetes.io/instance: release-name diff --git a/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/worker/pdb.yaml b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/worker/pdb.yaml new file mode 100644 index 000000000..4b3ea594c --- /dev/null +++ b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/worker/pdb.yaml @@ -0,0 +1,18 @@ +--- +# Source: splunk-connect-for-snmp/templates/worker/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: release-name-splunk-connect-for-snmp-worker + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +spec: + minAvailable: 80% + selector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker + app.kubernetes.io/instance: release-name diff --git a/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml new file mode 100644 index 000000000..fe08ce4ed --- /dev/null +++ b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/worker/sender/deployment.yaml @@ -0,0 +1,154 @@ +--- +# Source: splunk-connect-for-snmp/templates/worker/sender/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-splunk-connect-for-snmp-worker-sender + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-sender + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-sender + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-sender + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: release-name-splunk-connect-for-snmp-user + securityContext: + fsGroup: 10001 + containers: + - name: splunk-connect-for-snmp-worker-sender + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 10001 + runAsGroup: 10001 + image: "ghcr.io/splunk/splunk-connect-for-snmp/container:CURRENT-VERSION" + imagePullPolicy: Always + args: + [ + "celery", "worker-sender", + ] + env: + - name: CONFIG_PATH + value: /app/config/config.yaml + - name: REDIS_URL + value: redis://release-name-redis-master:6379/1 + - name: SC4SNMP_VERSION + value: CURRENT-VERSION + - name: CELERY_BROKER_URL + value: redis://release-name-redis-master:6379/0 + - name: MONGO_URI + value: mongodb://release-name-mongodb:27017 + - name: WALK_RETRY_MAX_INTERVAL + value: "180" + - name: WALK_MAX_RETRIES + value: "5" + - name: METRICS_INDEXING_ENABLED + value: "false" + - name: POLL_BASE_PROFILES + value: "true" + - name: LOG_LEVEL + value: INFO + - name: DISABLE_MONGO_DEBUG_LOGGING + value: "true" + - name: UDP_CONNECTION_TIMEOUT + value: "3" + - name: MAX_OID_TO_PROCESS + value: "70" + - name: MAX_REPETITIONS + value: "10" + - name: PYSNMP_DEBUG + value: "" + - name: PROFILES_RELOAD_DELAY + value: "60" + - name: MIB_SOURCES + value: "http://release-name-mibserver/asn1/@mib@" + - name: MIB_INDEX + value: "http://release-name-mibserver/index.csv" + - name: MIB_STANDARD + value: "http://release-name-mibserver/standard.txt" + - name: SPLUNK_HEC_SCHEME + value: "https" + - name: SPLUNK_HEC_HOST + value: "10.202.18.152" + - name: IGNORE_EMPTY_VARBINDS + value: "false" + - name: SPLUNK_HEC_PORT + value: "8088" + - name: SPLUNK_HEC_INSECURESSL + value: "true" + - name: SPLUNK_AGGREGATE_TRAPS_EVENTS + value: "false" + - name: SPLUNK_METRIC_NAME_HYPHEN_TO_UNDERSCORE + value: "false" + - name: SPLUNK_HEC_TOKEN + valueFrom: + secretKeyRef: + name: splunk-connect-for-snmp-splunk + key: hec_token + - name: SPLUNK_HEC_INDEX_EVENTS + value: netops + - name: SPLUNK_HEC_INDEX_METRICS + value: netmetrics + - name: SPLUNK_SOURCETYPE_TRAPS + value: "sc4snmp:traps" + - name: SPLUNK_SOURCETYPE_POLLING_EVENTS + value: "sc4snmp:event" + - name: SPLUNK_SOURCETYPE_POLLING_METRICS + value: "sc4snmp:metric" + - name: WORKER_CONCURRENCY + value: "4" + - name: PREFETCH_COUNT + value: "30" + volumeMounts: + - name: config + mountPath: "/app/config" + readOnly: true + - name: pysnmp-cache-volume + mountPath: "/.pysnmp/" + readOnly: false + - name: tmp + mountPath: "/tmp/" + readOnly: false + resources: + limits: + cpu: 500m + requests: + cpu: 250m + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-sender + app.kubernetes.io/instance: release-name + volumes: + # You set volumes at the Pod level, then mount them into containers inside that Pod + - name: config + configMap: + # Provide the name of the ConfigMap you want to mount. + name: splunk-connect-for-snmp-config + # An array of keys from the ConfigMap to create as files + items: + - key: "config.yaml" + path: "config.yaml" + - name: pysnmp-cache-volume + emptyDir: {} + - name: tmp + emptyDir: {} diff --git a/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml new file mode 100644 index 000000000..82675bad1 --- /dev/null +++ b/rendered/manifests/tests_traps_nodeport/splunk-connect-for-snmp/templates/worker/trap/deployment.yaml @@ -0,0 +1,162 @@ +--- +# Source: splunk-connect-for-snmp/templates/worker/trap/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-splunk-connect-for-snmp-worker-trap + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-trap + app.kubernetes.io/instance: release-name + helm.sh/chart: splunk-connect-for-snmp-CURRENT-VERSION + app.kubernetes.io/version: "CURRENT-VERSION" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-trap + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-trap + app.kubernetes.io/instance: release-name + spec: + serviceAccountName: release-name-splunk-connect-for-snmp-user + securityContext: + fsGroup: 10001 + containers: + - name: splunk-connect-for-snmp-worker-trap + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 10001 + runAsGroup: 10001 + image: "ghcr.io/splunk/splunk-connect-for-snmp/container:CURRENT-VERSION" + imagePullPolicy: Always + args: + [ + "celery", "worker-trap", + ] + env: + - name: CONFIG_PATH + value: /app/config/config.yaml + - name: REDIS_URL + value: redis://release-name-redis-master:6379/1 + - name: SC4SNMP_VERSION + value: CURRENT-VERSION + - name: CELERY_BROKER_URL + value: redis://release-name-redis-master:6379/0 + - name: MONGO_URI + value: mongodb://release-name-mongodb:27017 + - name: WALK_RETRY_MAX_INTERVAL + value: "180" + - name: WALK_MAX_RETRIES + value: "5" + - name: METRICS_INDEXING_ENABLED + value: "false" + - name: POLL_BASE_PROFILES + value: "true" + - name: LOG_LEVEL + value: INFO + - name: DISABLE_MONGO_DEBUG_LOGGING + value: "true" + - name: UDP_CONNECTION_TIMEOUT + value: "3" + - name: MAX_OID_TO_PROCESS + value: "70" + - name: MAX_REPETITIONS + value: "10" + - name: PYSNMP_DEBUG + value: "" + - name: PROFILES_RELOAD_DELAY + value: "60" + - name: MIB_SOURCES + value: "http://release-name-mibserver/asn1/@mib@" + - name: MIB_INDEX + value: "http://release-name-mibserver/index.csv" + - name: MIB_STANDARD + value: "http://release-name-mibserver/standard.txt" + - name: SPLUNK_HEC_SCHEME + value: "https" + - name: SPLUNK_HEC_HOST + value: "10.202.18.152" + - name: IGNORE_EMPTY_VARBINDS + value: "false" + - name: SPLUNK_HEC_PORT + value: "8088" + - name: SPLUNK_HEC_INSECURESSL + value: "true" + - name: SPLUNK_AGGREGATE_TRAPS_EVENTS + value: "false" + - name: SPLUNK_METRIC_NAME_HYPHEN_TO_UNDERSCORE + value: "false" + - name: SPLUNK_HEC_TOKEN + valueFrom: + secretKeyRef: + name: splunk-connect-for-snmp-splunk + key: hec_token + - name: SPLUNK_HEC_INDEX_EVENTS + value: netops + - name: SPLUNK_HEC_INDEX_METRICS + value: netmetrics + - name: SPLUNK_SOURCETYPE_TRAPS + value: "sc4snmp:traps" + - name: SPLUNK_SOURCETYPE_POLLING_EVENTS + value: "sc4snmp:event" + - name: SPLUNK_SOURCETYPE_POLLING_METRICS + value: "sc4snmp:metric" + - name: WORKER_CONCURRENCY + value: "4" + - name: PREFETCH_COUNT + value: "30" + - name: RESOLVE_TRAP_ADDRESS + value: "false" + - name: MAX_DNS_CACHE_SIZE_TRAPS + value: "500" + - name: TTL_DNS_CACHE_TRAPS + value: "1800" + - name: IPv6_ENABLED + value: "false" + volumeMounts: + - name: config + mountPath: "/app/config" + readOnly: true + - name: pysnmp-cache-volume + mountPath: "/.pysnmp/" + readOnly: false + - name: tmp + mountPath: "/tmp/" + readOnly: false + resources: + limits: + cpu: 500m + requests: + cpu: 250m + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app.kubernetes.io/name: splunk-connect-for-snmp-worker-trap + app.kubernetes.io/instance: release-name + volumes: + # You set volumes at the Pod level, then mount them into containers inside that Pod + - name: config + configMap: + # Provide the name of the ConfigMap you want to mount. + name: splunk-connect-for-snmp-config + # An array of keys from the ConfigMap to create as files + items: + - key: "config.yaml" + path: "config.yaml" + - name: pysnmp-cache-volume + emptyDir: {} + - name: tmp + emptyDir: {} diff --git a/rendered/values_metallb_false.yaml b/rendered/values_metallb_false.yaml new file mode 100644 index 000000000..3b5ae1852 --- /dev/null +++ b/rendered/values_metallb_false.yaml @@ -0,0 +1,18 @@ +splunk: + enabled: true + protocol: https + host: 10.202.18.152 + token: 00000000-0000-0000-0000-000000000000 + insecureSSL: "true" + port: "8088" +traps: + communities: + 2c: + - public + - homelab + service: + usemetallb: false + annotations: + service.beta.kubernetes.io/aws-load-balancer-type: external + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internal diff --git a/rendered/values_traps_nodeport.yaml b/rendered/values_traps_nodeport.yaml new file mode 100644 index 000000000..9e35d20a7 --- /dev/null +++ b/rendered/values_traps_nodeport.yaml @@ -0,0 +1,17 @@ +splunk: + enabled: true + protocol: https + host: 10.202.18.152 + token: 00000000-0000-0000-0000-000000000000 + insecureSSL: "true" + port: "8088" +traps: + communities: + 2c: + - public + - homelab + #loadBalancerIP: The IP address in the metallb pool + service: + type: NodePort + externalTrafficPolicy: Cluster + nodePort: 30000