Ad Widget

Collapse

How configure Helm Deployment Agent on Kubernetes Cluster with PSK Encryption

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • raph_07
    Junior Member
    • Apr 2022
    • 1
    #1

    How configure Helm Deployment Agent on Kubernetes Cluster with PSK Encryption

    Hello everyone,

    I recently installed a Zabbix server and connected my different Kubernetes clusters with an agent deployed by Helm. Everything works fine but I can't configure the PSK part.

    I find a piece of code but I don't know how use it :

    extraEnv:
    - name: "ZBX_TLSCONNECT"
    value: "psk"
    - name: "ZBX_TLSACCEPT"
    value: "psk"
    - name: "ZBX_TLSPSKIDENTITY"
    value: "psk"
    - name: "ZBX_TLSPSKFILE"
    value: "/var/lib/zabbix/enc/key.psk"
    Could you help me please ?
    Tags: None
    • semen.a
      Junior Member
      • Jul 2022
      • 5
      #2
      You have to do it by yourself.
      All variables except ZBX_TLSPSKFILE can be passed to the container with environment variables but the key file has to be mounted from configmap, which has to be created manually.

      Here is an example of how I did it:
      Code:
      {{- if and .Values.zabbixAgent.tlsPskConnection.enable .Values.zabbixAgent.tlsPskConnection.tlspskkey }}
kind: ConfigMap
apiVersion: v1
metadata:
name: zabbix-agent-psk-key
namespace: {{ .Release.Namespace }}
labels:
{{ include "zabbix.labels" . | indent 4 }}
data:
zabbix-agent-psk-key: {{ .Values.zabbixAgent.tlsPskConnection.tlspskkey }}
{{- end }}
      I have changed the chart to have one agent working for the whole cluster, so I mount the key file in the POD with the Agent, but you can do the same with Proxy.

        Comment

        • nioh
          Junior Member
          • Dec 2020
          • 15
          #3
          Originally posted by semen.a
          You have to do it by yourself.
          All variables except ZBX_TLSPSKFILE can be passed to the container with environment variables but the key file has to be mounted from configmap, which has to be created manually.

          Here is an example of how I did it:
          Code:
          {{- if and .Values.zabbixAgent.tlsPskConnection.enable .Values.zabbixAgent.tlsPskConnection.tlspskkey }}
kind: ConfigMap
apiVersion: v1
metadata:
name: zabbix-agent-psk-key
namespace: {{ .Release.Namespace }}
labels:
{{ include "zabbix.labels" . | indent 4 }}
data:
zabbix-agent-psk-key: {{ .Values.zabbixAgent.tlsPskConnection.tlspskkey }}
{{- end }}
          I have changed the chart to have one agent working for the whole cluster, so I mount the key file in the POD with the Agent, but you can do the same with Proxy.
          Hi! Im trying to do this for the proxy. Could you send how your zabbix_values.yaml defines .Values.zabbixAgent.tlsPskConnection.tlspskkey? Thanks

            Comment

            • semen.a
              Junior Member
              • Jul 2022
              • 5
              #4
              Originally posted by nioh

              Hi! Im trying to do this for the proxy. Could you send how your zabbix_values.yaml defines .Values.zabbixAgent.tlsPskConnection.tlspskkey? Thanks
              For me, everything ended up simple - I wrote my own helm-chart for zabbix-agent. And completely abandoned the chart and templates developed by Zabbix team for k8s. It didn't work for me as it should do.
              It might make sense to do the same with proxy as well.

                Comment

                • nioh
                  Junior Member
                  • Dec 2020
                  • 15
                  #5
                  I also got this to work for the proxy where the tls psk is saved as a k8s secret. I will add my solution here later

                    Comment

                    Previous template Next
                    Working...