zabbix6版本开始支持kubernetes,自带了kubernetes的模板
由于dockerhub被墙,版本信息可以从https://www.zabbix.com/documentation/current/zh/manual/introduction中看
server镜像为zabbix/zabbix-server-mysql:6.4.4-centos web镜像为zabbix/zabbix-web-nginx-mysql:6.4.4-centos
proxy镜像为zabbix/zabbix-proxy-sqlite3:alpine-6.4.4 agent镜像为:zabbix/zabbix-agent2:alpine-6.4.4
一.zabbix6.4.4 server、web、mysql部署
1.1mysql部署,直接使用chart进行部署,创建zabbix数据库,账户为zabbix11,密码为zabbix11
注意要给zabbix11授权所有权限;不然后面创建user表中数据会失败
GRANT ALL PRIVILEGES ON *.* TO 'zabbix11'@'%'; flush privileges;
1.2server部署
配置好数据库信息
--- apiVersion: v1 kind: Service metadata: name: zabbix-server namespace: zabbix labels: app: zabbix-server spec: selector: app: zabbix-server ports: - name: zabbix-server port: 10051 nodePort: 30051 type: NodePort --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: zabbix-scripts namespace: zabbix spec: storageClassName: "managed-nfs-storage" accessModes: - ReadWriteMany resources: requests: storage: 1Gi --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: zabbix-server name: zabbix-server namespace: zabbix spec: replicas: 1 selector: matchLabels: app: zabbix-server template: metadata: labels: app: zabbix-server spec: nodeSelector: zabbix-server: "true" hostNetwork: true containers: - image: harbor.goldwind.com/library/zabbix/zabbix-server-mysql:6.4.4-centos #- image: harbor.goldwind.com/library/zabbix/zabbix-server-mysql:6.2.6-centos #- image: zabbix/zabbix-server-mysql:6.2.6-centos imagePullPolicy: IfNotPresent name: zabbix-server-mysql volumeMounts: - mountPath: /usr/lib/zabbix/alertscripts name: zabbix-scripts env: - name: DB_SERVER_HOST value: 192.168.199.182 - name: DB_SERVER_PORT value: "3306" - name: MYSQL_DATABASE value: zabbix - name: MYSQL_USER value: zabbix11 - name: MYSQL_PASSWORD value: zabbix11 - name: ZBX_CACHESIZE value: "512M" - name: ZBX_HISTORYCACHESIZE value: "128M" - name: ZBX_HISTORYINDEXCACHESIZE value: "128M" - name: ZBX_TRENDCACHESIZE value: "128M" - name: ZBX_VALUECACHESIZE value: "256M" - name: ZBX_TIMEOUT value: "30" resources: requests: cpu: 500m memory: 500Mi limits: cpu: 1000m memory: 1Gi volumes: - name: zabbix-scripts persistentVolumeClaim: claimName: zabbix-scripts
1.3web部署
配置好数据库信息及server信息,host都可以用svc名
apiVersion: apps/v1 kind: Deployment metadata: labels: app: zabbix-web name: zabbix-web namespace: zabbix spec: replicas: 1 selector: matchLabels: app: zabbix-web template: metadata: labels: app: zabbix-web spec: containers: - image: harbor.goldwind.com/library/zabbix/zabbix-web-nginx-mysql:6.4.4-centos #- image: harbor.goldwind.com/library/zabbix/zabbix-web-nginx-mysql:6.2.6-centos #- image: zabbix/zabbix-web-nginx-mysql:6.2.6-centos imagePullPolicy: IfNotPresent name: zabbix-web-nginx-mysql env: - name: DB_SERVER_HOST value: mysql-single-8-1693905480 #value: 192.168.199.182 - name: MYSQL_USER value: zabbix11 - name: MYSQL_PASSWORD value: zabbix11 - name: ZBX_SERVER_HOST value: zabbix-server - name: PHP_TZ value: Asia/shanghai resources: requests: cpu: 500m memory: 500Mi limits: cpu: 1000m memory: 1Gi --- apiVersion: v1 kind: Service metadata: labels: app: zabbix-web name: zabbix-web namespace: zabbix spec: ports: - name: web port: 8080 protocol: TCP targetPort: 8080 nodePort: 30052 selector: app: zabbix-web type: NodePort
其中使用的镜像 后端:zabbix/zabbix-server-mysql:6.4.4-centos 前端zabbix/zabbix-web-nginx-mysql:6.4.4-centos 都可以先下下来之后再存到harbor仓库
在pod部署完成后,可以登录ip:nodeport 进行访问,初始管理员账户密码为:Admin/zabbix
二.zabbix proxy agent2部署
源码地址:https://git.zabbix.com/projects/ZT/repos/kubernetes-helm/browse?at=refs%2Fheads%2Frelease%2F6.4,可以查看values的具体信息
2.1下载chart
#配置chart仓库 helm repo add zabbix-chart-6.4 https://cdn.zabbix.com/zabbix/integrations/kubernetes-helm/6.4 #更新 helm repo update #下载chart,可以用--version=1.3.3指定版本 helm pull zabbix-chart-6.0/zabbix-helm-chrt #解压tgz包 tar -zxvf zabbix-helm-chrt-1.3.3.tgz
2.2修改chart文件
2.2.1.修改value.yaml文件
参数 值 解释
kubeStateMetricsEnabled true 部署kube-state-metrics
zabbixProxy.env.ZBX_HOSTNAME zabbix-proxy ZabbixProxy hostname
zabbixProxy.env.ZBX_SERVER_HOST ZabbixServer地址 因为是hostnetwork网络模式,所以ip直接是服务器ip,注意后面需要带端口ip:端口
还可以先下载proxy镜像为zabbix/zabbix-proxy-sqlite3:alpine-6.4.4 agent镜像为:zabbix/zabbix-agent2:alpine-6.4.4存到harbor仓库中
## nameOverride -- Override name of app nameOverride: "" ## fullnameOverride -- Override the full qualified app name fullnameOverride: "zabbix" ## kube-state-metrics.enabled -- If true, deploys the kube-state-metrics deployment kube-state-metrics: enabled: true ## Service accoun for Kubernetes API rbac: ## rbac.create Specifies whether the RBAC resources should be created create: true additionalRulesForClusterRole: [] ## - apiGroups: [ "" ] ## resources: ## - nodes/proxy ## verbs: [ "get", "list", "watch" ] serviceAccount: ## serviceAccount.create Specifies whether a service account should be created create: true ## serviceAccount.name The name of the service account to use. If not set name is generated using the fullname template name: zabbix-service-account ## **Zabbix proxy** configurations zabbixProxy: ## Enables use of **Zabbix proxy** enabled: true containerSecurityContext: {} resources: {} image: ## Zabbix proxy Docker image name repository: harbor.goldwind.com/library/zabbix/zabbix-proxy-sqlite3 ## Tag of Docker image of Zabbix proxy tag: alpine-6.4.4 pullPolicy: IfNotPresent ## List of dockerconfig secrets names to use when pulling images. Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry pullSecrets: [] env: ## The variable allows to switch Zabbix proxy mode. By default, value is 0 - active proxy. Allowed values are 0 and 1. - name: ZBX_PROXYMODE value: 0 ## Zabbix proxy hostname - name: ZBX_HOSTNAME value: zabbix-proxy ## Zabbix server host ## If ProxyMode is set to active mode: ## IP address or DNS name of Zabbix server to get configuration data from and send data to. ## If ProxyMode is set to passive mode: ## List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix server. Incoming connections will be accepted only from the addresses listed here. If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally and '::/0' will allow any IPv4 or IPv6 address. '0.0.0.0/0' can be used to allow any IPv4 address. ## Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com ## Note that since version 6.0 the variable ZBX_SERVER_PORT is not supported anymore. Instead, add a colon (:) followed by the port number to the end of ZBX_SERVER_HOST value. - name: ZBX_SERVER_HOST value: 10.12.20.46:10051 # - name: ZBX_SERVER_PORT # value: 10051 #value: "127.0.0.1" ## The variable is used to specify debug level. By default, value is 3 - name: ZBX_DEBUGLEVEL value: 3 ## Cache size - name: ZBX_CACHESIZE value: 128M ## The variable enable communication with Zabbix Java Gateway to collect Java related checks - name: ZBX_JAVAGATEWAY_ENABLE value: false ## How often the proxy retrieves configuration data from Zabbix server in seconds. Active proxy parameter. Ignored for passive proxies. - name: ZBX_PROXYCONFIGFREQUENCY value: 10 ## List can be extended with other environment variables listed here: https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/proxy-sqlite3#other-variables ## For example: ## The variable is list of comma separated loadable Zabbix modules. ## - name: ZBX_LOADMODULE ## value : dummy1.so,dummy2.so service: annotations: {} labels: {} ## Type of service for Zabbix proxy type: ClusterIP ## Port to expose service port: 10051 ## Port of application pod targetPort: 10051 ## Zabbix proxy Ingress externalIPs with optional path ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips ## Must be provided if ProxyMode is set to passive mode externalIPs: [] ## Loadbalancer IP ## Only use if service.type is "LoadBalancer" ## loadBalancerIP: "" loadBalancerSourceRanges: [] ## Node selector for Zabbix proxy nodeSelector: {} ## Tolerations configurations for Zabbix proxy tolerations: {} ## Affinity configurations for Zabbix proxy affinity: {} persistentVolume: ## If true, Zabbix proxy will create/use a Persistent Volume Claim ## enabled: false ## Zabbix proxy data Persistent Volume access modes ## Must match those of existing PV or dynamic provisioner ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ ## accessModes: - ReadWriteOnce ## Zabbix proxy data Persistent Volume Claim annotations ## annotations: {} ## Zabbix proxy data Persistent Volume existing claim name ## Requires zabbixProxy.persistentVolume.enabled: true ## If defined, PVC must be created manually before volume will be bound existingClaim: "" ## Zabbix proxy data Persistent Volume mount root path ## mountPath: /data ## Zabbix proxy data Persistent Volume size ## size: 2Gi ## Zabbix proxy data Persistent Volume Storage Class ## If defined, storageClassName: <storageClass> ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## storageClass: "-" ## Zabbix proxy data Persistent Volume Binding Mode ## If defined, volumeBindingMode: <volumeBindingMode> ## If undefined (the default) or set to null, no volumeBindingMode spec is ## set, choosing the default mode. ## volumeBindingMode: "" ## Subdirectory of Zabbix proxy data Persistent Volume to mount ## Useful if the volume's root directory is not empty ## subPath: "" ## **Zabbix agent** configurations zabbixAgent: ## Enables use of Zabbix agent enabled: true resources: {} ## requests: ## cpu: 100m ## memory: 54Mi ## limits: ## cpu: 100m ## memory: 54Mi securityContext: {} # fsGroup: 65534 # runAsGroup: 65534 # runAsNonRoot: true # runAsUser: 65534 containerSecurityContext: {} ## capabilities: ## add: ## - SYS_TIME ## Expose the service to the host network hostNetwork: true # Specify dns configuration options for agent containers e.g ndots ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config dnsConfig: {} # options: # - name: ndots # value: "1" ## Share the host process ID namespace hostPID: true ## If true, agent pods mounts host / at /host/root ## hostRootFsMount: true extraHostVolumeMounts: [] ## - name: <mountName> ## hostPath: <hostPath> ## mountPath: <mountPath> ## readOnly: true|false ## mountPropagation: None|HostToContainer|Bidirectional image: ## Zabbix agent Docker image name repository: harbor.goldwind.com/library/zabbix/zabbix-agent2 ## Tag of Docker image of Zabbix agent tag: alpine-6.4.4 pullPolicy: IfNotPresent ## List of dockerconfig secrets names to use when pulling images. Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry pullSecrets: [] env: ## Zabbix server host - name: ZBX_SERVER_HOST value: 0.0.0.0/0 ## Zabbix server port - name: ZBX_SERVER_PORT value: 10051 ## This variable is boolean (true or false) and enables or disables feature of passive checks. By default, value is true - name: ZBX_PASSIVE_ALLOW value: true ## This variable is boolean (true or false) and enables or disables feature of active checks - name: ZBX_ACTIVE_ALLOW value: false ## The variable is used to specify debug level, from 0 to 5 - name: ZBX_DEBUGLEVEL value: 3 ## The variable is used to specify timeout for processing checks. By default, value is 4. - name: ZBX_TIMEOUT value: 4 ## List can be extended with other environment variables listed here: https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/agent2/alpine#other-variables ## For example: ## The variable is comma separated list of allowed Zabbix server or proxy hosts for connections to Zabbix agent 2 container. You may specify port of Zabbix server or Zabbix proxy in such syntax: zabbix-server:10061,zabbix-proxy:10072 ## - name: ZBX_ACTIVESERVERS ## value: '' ## The variable is comma separated list of allowed Zabbix server or proxy hosts for connections to Zabbix agent 2 container. ## - name: ZBX_PASSIVESERVERS ## value: 0.0.0.0/0 ## The variable is list of comma separated loadable Zabbix modules. It works with volume /var/lib/zabbix/modules. ## - name: ZBX_LOADMODULE ## value: '' ## Node selector for Agent. Only supports Linux. nodeSelector: kubernetes.io/os: linux ## Tolerations configurations tolerations: - effect: NoSchedule key: node-role.kubernetes.io/control-plane ## Affinity configurations affinity: {} serviceAccount: ## Specifies whether a ServiceAccount should be created create: true ## The name of the ServiceAccount to use. ## If not set and create is true, a name is generated using the fullname template name: zabbix-agent-service-account annotations: {} imagePullSecrets: [] automountServiceAccountToken: false service: type: ClusterIP port: 10050 targetPort: 10050 nodePort: 10050 portName: zabbix-agent listenOnAllInterfaces: true annotations: agent.zabbix/monitor: "true" rbac: ## If true, create & use RBAC resources ## create: true ## If true, create & use Pod Security Policy resources ## https://kubernetes.io/docs/concepts/policy/pod-security-policy/ ## PodSecurityPolicies disabled by default because they are deprecated in Kubernetes 1.21 and will be removed in Kubernetes 1.25. ## If you are using PodSecurityPolicies you can enable the previous behaviour by setting `rbac.pspEnabled: true` pspEnabled: false pspAnnotations: {}
2.2.2
修改kube-state-metrics的values.yaml中的镜像
docker pull bitnami/kube-state-metrics:2.10
docker tag bitnami/kube-state-metrics:2.10 harbor.goldwind.com/library/kube-state-metrics:v2.10
vim charts/kube-state-metrics/values.yaml
镜像部分改成
registry: harbor.goldwind.com
repository: library/kube-state-metrics
tag: "v2.10"
# Default values for kube-state-metrics. prometheusScrape: true image: # registry: registry.k8s.io registry: harbor.goldwind.com repository: library/kube-state-metrics # If unset use v + .Charts.appVersion tag: "v2.10" sha: "" pullPolicy: IfNotPresent imagePullSecrets: [] # - name: "image-pull-secret" global: # To help compatibility with other charts which use global.imagePullSecrets. # Allow either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style). # global: # imagePullSecrets: # - name: pullSecret1 # - name: pullSecret2 # or # global: # imagePullSecrets: # - pullSecret1 # - pullSecret2 imagePullSecrets: [] # # Allow parent charts to override registry hostname imageRegistry: "" # If set to true, this will deploy kube-state-metrics as a StatefulSet and the data # will be automatically sharded across <.Values.replicas> pods using the built-in # autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding # This is an experimental feature and there are no stability guarantees. autosharding: enabled: false replicas: 1 # List of additional cli arguments to configure kube-state-metrics # for example: --enable-gzip-encoding, --log-file, etc. # all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cli-arguments.md extraArgs: [] service: port: 8080 # Default to clusterIP for backward compatibility type: ClusterIP nodePort: 0 loadBalancerIP: "" # Only allow access to the loadBalancerIP from these IPs loadBalancerSourceRanges: [] clusterIP: "" annotations: {} ## Additional labels to add to all resources customLabels: {} # app: kube-state-metrics ## Override selector labels selectorOverride: {} ## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box releaseLabel: false hostNetwork: false rbac: # If true, create & use RBAC resources create: true # Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here. # useExistingRole: your-existing-role # If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to) useClusterRole: true # Add permissions for CustomResources' apiGroups in Role/ClusterRole. Should be used in conjunction with Custom Resource State Metrics configuration # Example: # - apiGroups: ["monitoring.coreos.com"] # resources: ["prometheuses"] # verbs: ["list", "watch"] extraRules: [] # Configure kube-rbac-proxy. When enabled, creates one kube-rbac-proxy container per exposed HTTP endpoint (metrics and telemetry if enabled). # The requests are served through the same service but requests are then HTTPS. kubeRBACProxy: enabled: false image: #registry: quay.io registry: harbor.goldwind.com #repository: brancz/kube-rbac-proxy repository: library/kube-rbac-proxy tag: v0.14.0 sha: "" pullPolicy: IfNotPresent # List of additional cli arguments to configure kube-rbac-prxy # for example: --tls-cipher-suites, --log-file, etc. # all the possible args can be found here: https://github.com/brancz/kube-rbac-proxy#usage extraArgs: [] ## Specify security settings for a Container ## Allows overrides and additional options compared to (Pod) securityContext ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container containerSecurityContext: {} resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 64Mi # requests: # cpu: 10m # memory: 32Mi ## volumeMounts enables mounting custom volumes in rbac-proxy containers ## Useful for TLS certificates and keys volumeMounts: [] # - mountPath: /etc/tls # name: kube-rbac-proxy-tls # readOnly: true serviceAccount: # Specifies whether a ServiceAccount should be created, require rbac true create: true # The name of the ServiceAccount to use. # If not set and create is true, a name is generated using the fullname template name: # Reference to one or more secrets to be used when pulling images # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ imagePullSecrets: [] # ServiceAccount annotations. # Use case: AWS EKS IAM roles for service accounts # ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html annotations: {} prometheus: monitor: enabled: false annotations: {} additionalLabels: {} namespace: "" jobLabel: "" targetLabels: [] podTargetLabels: [] interval: "" ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. ## sampleLimit: 0 ## TargetLimit defines a limit on the number of scraped targets that will be accepted. ## targetLimit: 0 ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. ## labelLimit: 0 ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. ## labelNameLengthLimit: 0 ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. ## labelValueLengthLimit: 0 scrapeTimeout: "" proxyUrl: "" selectorOverride: {} honorLabels: false metricRelabelings: [] relabelings: [] scheme: "" ## File to read bearer token for scraping targets bearerTokenFile: "" ## Secret to mount to read bearer token for scraping targets. The secret needs ## to be in the same namespace as the service monitor and accessible by the ## Prometheus Operator bearerTokenSecret: {} # name: secret-name # key: key-name tlsConfig: {} ## Specify if a Pod Security Policy for kube-state-metrics must be created ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ ## podSecurityPolicy: enabled: false annotations: {} ## Specify pod annotations ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl ## # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' additionalVolumes: [] ## Configure network policy for kube-state-metrics networkPolicy: enabled: false # networkPolicy.flavor -- Flavor of the network policy to use. # Can be: # * kubernetes for networking.k8s.io/v1/NetworkPolicy # * cilium for cilium.io/v2/CiliumNetworkPolicy flavor: kubernetes ## Configure the cilium network policy kube-apiserver selector # cilium: # kubeApiServerSelector: # - toEntities: # - kube-apiserver # egress: # - {} # ingress: # - {} # podSelector: # matchLabels: # app.kubernetes.io/name: kube-state-metrics securityContext: enabled: true runAsGroup: 65534 runAsUser: 65534 fsGroup: 65534 runAsNonRoot: true seccompProfile: type: RuntimeDefault ## Specify security settings for a Container ## Allows overrides and additional options compared to (Pod) securityContext ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL ## Node labels for pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ nodeSelector: {} ## Affinity settings for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ affinity: {} ## Tolerations for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] ## Topology spread constraints for pod assignment ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ topologySpreadConstraints: [] # Annotations to be added to the deployment/statefulset annotations: {} # Annotations to be added to the pod podAnnotations: {} ## Assign a PriorityClassName to pods if set # priorityClassName: "" # Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ podDisruptionBudget: {} # Comma-separated list of metrics to be exposed. # This list comprises of exact metric names and/or regex patterns. # The allowlist and denylist are mutually exclusive. metricAllowlist: [] # Comma-separated list of metrics not to be enabled. # This list comprises of exact metric names and/or regex patterns. # The allowlist and denylist are mutually exclusive. metricDenylist: [] # Comma-separated list of additional Kubernetes label keys that will be used in the resource's # labels metric. By default the metric contains only name and namespace labels. # To include additional labels, provide a list of resource names in their plural form and Kubernetes # label keys you would like to allow for them (Example: '=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)'. # A single '*' can be provided per resource instead to allow any labels, but that has # severe performance implications (Example: '=pods=[*]'). metricLabelsAllowlist: [] # - namespaces=[k8s-label-1,k8s-label-n] # Comma-separated list of Kubernetes annotations keys that will be used in the resource' # labels metric. By default the metric contains only name and namespace labels. # To include additional annotations provide a list of resource names in their plural form and Kubernetes # annotation keys you would like to allow for them (Example: '=namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...)'. # A single '*' can be provided per resource instead to allow any annotations, but that has # severe performance implications (Example: '=pods=[*]'). metricAnnotationsAllowList: [] # - pods=[k8s-annotation-1,k8s-annotation-n] # Available collectors for kube-state-metrics. # By default, all available resources are enabled, comment out to disable. collectors: - certificatesigningrequests - configmaps - cronjobs - daemonsets - deployments - endpoints - horizontalpodautoscalers - ingresses - jobs - leases - limitranges - mutatingwebhookconfigurations - namespaces - networkpolicies - nodes - persistentvolumeclaims - persistentvolumes - poddisruptionbudgets - pods - replicasets - replicationcontrollers - resourcequotas - secrets - services - statefulsets - storageclasses - validatingwebhookconfigurations - volumeattachments # Enabling kubeconfig will pass the --kubeconfig argument to the container kubeconfig: enabled: false # base64 encoded kube-config file secret: # Enable only the release namespace for collecting resources. By default all namespaces are collected. # If releaseNamespace and namespaces are both set a merged list will be collected. releaseNamespace: false # Comma-separated list(string) or yaml list of namespaces to be enabled for collecting resources. By default all namespaces are collected. namespaces: "" # Comma-separated list of namespaces not to be enabled. If namespaces and namespaces-denylist are both set, # only namespaces that are excluded in namespaces-denylist will be used. namespacesDenylist: "" ## Override the deployment namespace ## namespaceOverride: "" resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 64Mi # requests: # cpu: 10m # memory: 32Mi ## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role. ## For example: kubeTargetVersionOverride: 1.14.9 ## kubeTargetVersionOverride: "" # Enable self metrics configuration for service and Service Monitor # Default values for telemetry configuration can be overridden # If you set telemetryNodePort, you must also set service.type to NodePort selfMonitor: enabled: false # telemetryHost: 0.0.0.0 # telemetryPort: 8081 # telemetryNodePort: 0 # Enable vertical pod autoscaler support for kube-state-metrics verticalPodAutoscaler: enabled: false # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory controlledResources: [] # Define the max allowed resources for the pod maxAllowed: {} # cpu: 200m # memory: 100Mi # Define the min allowed resources for the pod minAllowed: {} # cpu: 200m # memory: 100Mi # updatePolicy: # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto". # updateMode: Auto # volumeMounts are used to add custom volume mounts to deployment. # See example below volumeMounts: [] # - mountPath: /etc/config # name: config-volume # volumes are used to add custom volumes to deployment # See example below volumes: [] # - configMap: # name: cm-for-volume # name: config-volume
三.zabbix web界面配置
3.1添加zabbix-proxy
在Administration-Proxies点击创建proxy
填写信息,其中Proxy name zabbix-proxy是value.yaml中设置的ZBX_HOSTNAME
3.2创建主机群组及主机
3.2.1创建主机群组,群组命名为K8S Server
3.2.2创建k8s-node主机,用于自动发现K8S节点主机
配置信息:
主机名:k8s-nodes
模板:Templates下的Kubernetes nodes by HTTP
主机组:K8S Server
驱动代理:zabbix-proxy
Enabled: true
配置信息宏变量:
具体写法可以参照官方文档:https://git.zabbix.com/projects/ZBX/repos/zabbix/browse/templates/app/kubernetes_http/kubernetes_nodes_http?at=release%2F6.4
{$KUBE.API.ENDPOINT.URL} : https://xxx:6443/api #ip为master的ip
{$KUBE.API.TOKEN}: XXXXXXXX # 通过kubectl get secret zabbix-service-account -n monitoring -o jsonpath={.data.token} | base64 -d获取到的token,base64 -d解码secret
{$KUBE.NODES.ENDPOINT.NAME}: zabbix-agent 【通过kubectl get ep -n zabbix 获取到】
添加成功后,获得k8s集群主机列表相关数据
3.2.3创建k8s-cluster主机,用于自动发现服务组件
创建了k8s-cluster之后就不用再创建以下四个主机,会自动发现到这些主机
配置信息:
主机名:k8s-cluster
模板:Templates下的Kubernetes cluster state by HTTP
主机组:K8S Server
驱动代理:zabbix-proxy
Enabled: true
配置信息宏变量:
具体写法可以参照官方文档:https://git.zabbix.com/projects/ZBX/repos/zabbix/browse/templates/app/kubernetes_http/kubernetes_state_http?at=refs%2Fheads%2Frelease%2F6.4
其中对{$KUBE.API.URL}进行修改,其他宏使用官方文档的就可以
添加成功后,自动发现各服务组件的数据
参考:
1.https://blog.csdn.net/weixin_38299857/article/details/128422737?utm_medium=distribute.pc_relevant.none-task-blog-2~default~baidujs_baidulandingword~default-0-128422737-blog-128885621.235^v38^pc_relevant_anti_t3_base&spm=1001.2101.3001.4242.1&utm_relevant_index=3
2.https://git.zabbix.com/projects/ZBX/repos/zabbix/browse/templates/app/kubernetes_http?at=refs%2Fheads%2Frelease%2F6.4
3.https://git.zabbix.com/projects/ZT/repos/kubernetes-helm/browse?at=refs%2Fheads%2Frelease%2F6.4