文章目录
背景概述
方案说明
架构说明
-
存储层(Data Storage):MySQL
部署方式: StatefulSet(有状态副本集)。
功能: 核心数据库,存储Zabbix的所有配置信息(主机、模板)和监控历史数据。
特性: 挂载了持久化存储(PVC),配置了ConfigMap优化MySQL参数,通过Secret管理敏感密码。
-
核心服务层(Core Server):Zabbix Server
部署方式: Deployment。
功能: 整个监控系统的大脑。负责接收Agent上报的数据(Trapper/Active),主动拉取数据(Poller/Passive),处理触发器逻辑,并写入数据库。
特性: 包含了一个Sidecar(边车)容器 zabbix-agent 用于监控Server自身健康状态。通过环境变量连接MySQL。
-
前端展示层(Frontend):Zabbix Web (Nginx)
部署方式: Deployment + Ingress。
功能: 用户交互界面。
特性: 通过Nginx提供Web服务,配置了Ingress(域名 zabbix.k8sy.com)对外暴露HTTPS访问,底层连接Server和MySQL。
-
报表服务层(Reporting):Zabbix Web Service
部署方式: Deployment。
功能: 专门用于生成定时PDF报表的微服务。
特性: Zabbix Server通过内部Service地址调用它来生成报表。
-
采集层(Collection):Zabbix Agent 2
部署方式: DaemonSet。
功能: 部署在Kubernetes集群的每一个Node节点上,直接采集物理机/虚拟机的底层指标(CPU、内存、网络等)。
特性: 开启了 hostNetwork: true,意味着它直接占用宿主机网络,便于采集和被访问。
-
组件说明
各个关键组件极其功能梳理如下:
组件名 部署类型 镜像 核心功能/作用 主要依赖/需要连谁 谁会访问它/它服务谁 关键端口(常见) zabbix-mysql-statefulset StatefulSet/Service mysql:9.5.0 Zabbix 数据库:存配置、历史/趋势、事件、审计等 存储(PV)、自身网络/DNS zabbix-server、zabbix-web-nginx 3306 zabbix-server-deployment Deployment/Service zabbix-server-mysql:alpine-7.4.5 Zabbix 核心服务端:采集、计算触发器、生成事件、告警、写库、提供 API MySQL(必须);zabbix-web-service(仅报表功能需要) zabbix-web-nginx(通过 API)、zabbix-agent2、各类监控源 10051(Server/Proxy 常用)、10052(JMX 等视配置) zabbix-web-nginx--deployment Deployment/Service zabbix-web-nginx-mysql:alpine-7.4.5 Zabbix Web 前端(UI):浏览器访问的页面,用于配置与展示 zabbix-server(API)、MySQL 你的浏览器/Ingress/LB;zabbix-web-service(渲染报表时会访问 UI) 8080(容器内)、80/443(经 Service/Ingress) zabbix-web-service Deployment/Service zabbix-web-service:alpine-7.4.5 报表/PDF 渲染组件(Reporting):把仪表盘/页面渲染成 PDF 报告 需要能访问 zabbix-web-nginx 的 URL;被 server 调用 zabbix-server(Report writers 调用) 10053(常见) zabbix-agent2-daemonset DaemonSet zabbix-agent2:alpine-7.4.5 采集端:采集节点 OS/进程/日志等指标并上报 需要能连到 zabbix-server;主机权限/挂载视采集项 zabbix-server 10050(常见)
更多Zabbix介绍参考:Zabbix系列知识
预备条件
-
Kubernetes集群
需要一个完备的Kubernetes集群,Kubernetes集群部署可参考:Kubernetes_v1.34.3生产环境高可用部署 。
-
持久化存储
建议使用持久化存储将相关重要数据持久化保存,如longhorn。
正式部署
准备资源
为了后续部署相关安全性和符合最佳实践,将相关MySQL密码,配置文件等采用secret和configmap形式提前创建。
- 创建证书
使用TLS对Zabbix服务暴露,使用域名 zabbix.k8sy.com ,将证书上传至对应目录。
shell
[root@master01 ~]# mkdir -p zabbix/certs
[root@master01 ~]# cd zabbix
[root@master01 zabbix]# kubectl create namespace zabbix
[root@master01 zabbix]# ll certs/
total 20K
drwxr-xr-x 2 root root 4.0K Dec 18 17:49 ./
drwxr-xr-x 3 root root 4.0K Dec 18 17:45 ../
-rw-r--r-- 1 root root 4.4K Dec 18 17:48 zabbix.k8sy.com.crt
-rw-r--r-- 1 root root 1.7K Dec 18 17:48 zabbix.k8sy.com.key
[root@master01 zabbix]# kubectl -n zabbix create secret tls zabbix-k8sy-cn-cert \
--key certs/zabbix.k8sy.com.key \
--cert certs/zabbix.k8sy.com.crt- 创建secret
此secret用于存储MySQL账号。
shell
[root@master01 zabbix]# cat >zabbix-mysql-secret.yaml<<'EOF'
---
apiVersion: v1
kind: Secret
metadata:
name: zabbix-mysql-secret
namespace: zabbix
type: Opaque
stringData:
MYSQL_ROOT_PASSWORD: "Xxa1b2c3%y"
MYSQL_DATABASE: "zabbix"
MYSQL_USER: "zabbix"
MYSQL_PASSWORD: "Xxa1b2c3%y"
EOF- 创建ConfigMap
创建用于配置MySQL的配置文件。
shell
[root@master01 zabbix]# cat >zabbix-mysql-conf.yaml<<'EOF'
---
apiVersion: v1
kind: ConfigMap
metadata:
name: zabbix-mysql-conf
namespace: zabbix
data:
zabbix.cnf: |
[mysqld]
character-set-server=utf8mb4
collation-server=utf8mb4_bin
transaction-isolation=READ-COMMITTED
innodb-buffer-pool-size=1G
max-connections=300
log-bin-trust-function-creators=1
EOF部署MySQL
- 创建MySQL部署
MySQL 为有状态服务,使用 StatefulSet 进行部署。
shell
[root@master01 zabbix]# cat >zabbix-mysql-statefulset.yaml<<'EOF'
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: zabbix-mysql-statefulset
namespace: zabbix
labels:
app: zabbix-mysql
spec:
serviceName: zabbix-mysql-service
replicas: 1
selector:
matchLabels:
app: zabbix-mysql
volumeClaimTemplates:
- kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: zabbix-mysql-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
storageClassName: longhorn
template:
metadata:
labels:
app: zabbix-mysql
spec:
containers:
- name: mysql
image: 'docker.1ms.run/library/mysql:9.0.1'
ports:
- name: mysql-port
containerPort: 3306
protocol: TCP
env:
- name: TZ
value: "Asia/Shanghai"
- name: MYSQL_INITDB_SKIP_TZINFO
value: "1"
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: zabbix-mysql-secret
key: MYSQL_ROOT_PASSWORD
- name: MYSQL_DATABASE
valueFrom:
secretKeyRef:
name: zabbix-mysql-secret
key: MYSQL_DATABASE
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: zabbix-mysql-secret
key: MYSQL_USER
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: zabbix-mysql-secret
key: MYSQL_PASSWORD
volumeMounts:
- name: zabbix-mysql-data
mountPath: /var/lib/mysql
- name: zabbix-mysql-conf
mountPath: /etc/mysql/conf.d/zabbix.cnf
subPath: zabbix.cnf
startupProbe:
exec:
command:
- /bin/sh
- -c
- "mysql -uroot -p${MYSQL_ROOT_PASSWORD} -e 'SELECT 1'"
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 60
livenessProbe:
exec:
command:
- /bin/sh
- -c
- "mysql -uroot -p${MYSQL_ROOT_PASSWORD} -e 'SELECT 1'"
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
readinessProbe:
exec:
command:
- /bin/sh
- -c
- "mysql -uroot -p${MYSQL_ROOT_PASSWORD} -e 'SELECT 1'"
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
securityContext:
runAsNonRoot: false
volumes:
- name: zabbix-mysql-conf
configMap:
name: zabbix-mysql-conf
EOF- 创建MySQL服务
创建对应的MySQL service 。
shell
[root@master01 zabbix]# cat >zabbix-mysql-service.yaml<<'EOF'
---
apiVersion: v1
kind: Service
metadata:
name: zabbix-mysql-service
namespace: zabbix
spec:
selector:
app: zabbix-mysql
ports:
- name: mysql-port
port: 3306
targetPort: 3306
clusterIP: None
EOF部署Zabbix Web Service
基于后期报表功能需要,建议提前部署Zabbix Web。
提示:此组件不是Zabbix的前端Web UI的组件,具体区别见文章开始部分的组件说明。
- 创建Zabbix Web Service部署
shell
[root@master01 zabbix]# cat >zabbix-web-service-deployment.yaml<<'EOF'
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: zabbix-web-service-deployment
namespace: zabbix
spec:
replicas: 1
selector:
matchLabels:
app: zabbix-web-service
template:
metadata:
labels:
app: zabbix-web-service
spec:
containers:
- name: web-service
image: docker.1ms.run/zabbix/zabbix-web-service:alpine-7.4.5
imagePullPolicy: IfNotPresent
ports:
- name: websvc
containerPort: 10053
# 常用可选项:资源限制(渲染PDF会吃CPU/内存)
resources:
requests:
cpu: "200m"
memory: "256Mi"
limits:
cpu: "1000m"
memory: "1Gi"
EOF- 创建Zabbix Service服务部署
shell
[root@master01 zabbix]# cat >zabbix-web-service-service.yaml<<'EOF'
---
apiVersion: v1
kind: Service
metadata:
name: zabbix-web-service-service
namespace: zabbix
spec:
selector:
app: zabbix-web-service
ports:
- name: websvc
port: 10053
targetPort: 10053
EOF部署Zabbix Server
- 创建Zabbix Server部署
shell
[root@master01 zabbix]# cat >zabbix-server-deployment.yaml<<'EOF'
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: zabbix-server-deployment
namespace: zabbix
spec:
replicas: 1
selector:
matchLabels:
app: zabbix-server
template:
metadata:
labels:
app: zabbix-server
spec:
containers:
- name: zabbix-server
image: docker.1ms.run/zabbix/zabbix-server-mysql:alpine-7.4.5
ports:
- name: zbx-server-port
containerPort: 10051
env:
- name: DB_SERVER_HOST
value: "zabbix-mysql-service"
- name: DB_SERVER_PORT
value: "3306"
- name: MYSQL_DATABASE
valueFrom:
secretKeyRef:
name: zabbix-mysql-secret
key: MYSQL_DATABASE
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: zabbix-mysql-secret
key: MYSQL_USER
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: zabbix-mysql-secret
key: MYSQL_PASSWORD
- name: TZ
value: "Asia/Shanghai"
# === 核心进程:小规模场景 ===
- name: ZBX_STARTPOLLERS
value: "5"
- name: ZBX_STARTTRAPPERS
value: "2"
- name: ZBX_STARTPREPROCESSORS
value: "2"
- name: ZBX_STARTDBSYNCERS
value: "2"
- name: ZBX_CACHESIZE
value: "128M"
- name: ZBX_HISTORYCACHESIZE
value: "128M"
- name: ZBX_TRENDCACHESIZE
value: "64M"
- name: ZBX_HISTORYINDEXCACHESIZE
value: "64M"
# === 报表:保留功能===
- name: ZBX_WEBSERVICEURL
value: "http://zabbix-web-service-service.zabbix.svc.cluster.local:10053/report"
- name: ZBX_STARTREPORTMANAGERS
value: "1"
- name: ZBX_STARTREPORTWRITERS
value: "1"
# === 外部集成:关闭===
- name: ZBX_STARTCONNECTORMANAGERS
value: "0"
- name: ZBX_STARTCONNECTORWORKERS
value: "0"
startupProbe:
tcpSocket:
port: 10051
periodSeconds: 10
failureThreshold: 30
timeoutSeconds: 1
readinessProbe:
tcpSocket:
port: 10051
periodSeconds: 10
failureThreshold: 3
timeoutSeconds: 1
livenessProbe:
tcpSocket:
port: 10051
periodSeconds: 20
failureThreshold: 6
timeoutSeconds: 1
- name: zabbix-server-agent
image: docker.1ms.run/zabbix/zabbix-agent2:alpine-7.4.5
ports:
- name: zbx-agent-port
containerPort: 10050
env:
- name: TZ
value: "Asia/Shanghai"
- name: ZBX_HOSTNAME
value: "Zabbix server"
- name: ZBX_SERVER_HOST
value: "127.0.0.1"
- name: ZBX_PASSIVE_ALLOW
value: "true"
- name: ZBX_TIMEOUT
value: "10"
securityContext:
privileged: true
EOF提示:该 Zabbix Server 本身也要监控,因此采用 sidecar 方式添加一个 Zabbix agent,这个Zabbix agent用来监控Zabbix server本身,而不是监控宿主机的,宿主机会使用 DaemonSet 部署 agent,需要区分这两个agent的差异。
- 创建Zabbix Service部署
shell
[root@master01 zabbix]# cat >zabbix-server-service.yaml<<'EOF'
---
apiVersion: v1
kind: Service
metadata:
name: zabbix-server-service
namespace: zabbix
spec:
selector:
app: zabbix-server
ports:
- name: zbx-server-port
port: 10051
targetPort: 10051
EOF部署Zabbix Web Nginx
此Zabbix Web Nginx为Zabbix Server的前端访问UI。
- 创建Zabbix Web Nginx部署
shell
[root@master01 zabbix]# cat >zabbix-web-nginx-deployment.yaml<<'EOF'
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: zabbix-web-nginx-deployment
namespace: zabbix
spec:
replicas: 1
selector:
matchLabels:
app: zabbix-web-nginx
template:
metadata:
labels:
app: zabbix-web-nginx
spec:
containers:
- name: zabbix-web
image: docker.1ms.run/zabbix/zabbix-web-nginx-mysql:alpine-7.4.5
ports:
- name: http
containerPort: 8080
env:
- name: ZBX_SERVER_HOST
value: "zabbix-server-service"
- name: DB_SERVER_HOST
value: "zabbix-mysql-service"
- name: MYSQL_DATABASE
valueFrom:
secretKeyRef:
name: zabbix-mysql-secret
key: MYSQL_DATABASE
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: zabbix-mysql-secret
key: MYSQL_USER
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: zabbix-mysql-secret
key: MYSQL_PASSWORD
- name: PHP_TZ
value: "Asia/Shanghai"
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 10
periodSeconds: 10
livenessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 30
periodSeconds: 20
EOF- 创建Zabbix Web服务
shell
[root@master01 zabbix]# cat >zabbix-web-nginx-service.yaml<<'EOF'
---
apiVersion: v1
kind: Service
metadata:
name: zabbix-web-nginx-service
namespace: zabbix
spec:
selector:
app: zabbix-web-nginx
ports:
- name: http
port: 80
targetPort: 8080
EOF创建服务暴露
使用ingress创建服务暴露。
shell
[root@master01 zabbix]# cat >zabbix-web-nginx-ingress.yaml<<'EOF'
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: zabbix-web-nginx-ingress
namespace: zabbix
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- zabbix.k8sy.com
secretName: zabbix-k8sy-cn-cert
rules:
- host: zabbix.k8sy.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: zabbix-web-nginx-service
port:
number: 80
EOF部署Zabbix Agent
所有节点都需要安装Zabbix Agent,从而监控所有节点,因此使用DaemonSet方式更合适。
shell
[root@master01 zabbix]# cat >zabbix-agent2-deployment.yaml<<'EOF'
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: zabbix-agent2-daemonset
namespace: zabbix
labels:
app: zabbix-agent2
spec:
selector:
matchLabels:
app: zabbix-agent2
template:
metadata:
labels:
app: zabbix-agent2
spec:
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: agent2
image: docker.1ms.run/zabbix/zabbix-agent2:alpine-7.4.5
imagePullPolicy: IfNotPresent
ports:
- name: agent
containerPort: 10050
protocol: TCP
env:
- name: ZBX_PASSIVESERVERS
value: "zabbix-server-service.zabbix.svc.cluster.local,10.10.0.0/16,172.24.8.0/24"
- name: ZBX_ACTIVESERVERS
value: "zabbix-server-service.zabbix.svc.cluster.local:10051"
- name: ZBX_HOSTNAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: ZBX_TIMEOUT
value: "30"
securityContext:
privileged: true
volumeMounts:
- name: dev
mountPath: /host/dev
- name: proc
mountPath: /host/proc
readOnly: true
- name: sys
mountPath: /host/sys
readOnly: true
- name: run
mountPath: /host/run
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
volumes:
- name: dev
hostPath:
path: /dev
- name: proc
hostPath:
path: /proc
- name: sys
hostPath:
path: /sys
- name: run
hostPath:
path: /run
EOF部署参考:Kubernetes部署Zabbix
有关Zabbix Agent的环境变量配置参考:Zabbix-agent2 。
部署资源
shell
[root@master01 zabbix]# kubectl apply -f .配置验证
确认验证
查看相关资源部署情况。
shell
[root@master01 zabbix]# kubectl -n zabbix get pods,svc -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/zabbix-agent2-daemonset-5npm7 1/1 Running 0 73s 192.168.10.203 phy-d2000-03 <none> <none>
pod/zabbix-agent2-daemonset-8j2lx 1/1 Running 0 74s 192.168.10.201 phy-d2000-01 <none> <none>
pod/zabbix-agent2-daemonset-g28n8 1/1 Running 0 74s 192.168.10.202 phy-d2000-02 <none> <none>
pod/zabbix-agent2-daemonset-glldm 1/1 Running 0 73s 192.168.10.205 phy-d2000-05 <none> <none>
pod/zabbix-agent2-daemonset-j9vzq 1/1 Running 0 74s 192.168.10.204 phy-d2000-04 <none> <none>
pod/zabbix-agent2-daemonset-vrnmk 1/1 Running 0 73s 192.168.10.206 phy-d2000-06 <none> <none>
pod/zabbix-mysql-statefulset-0 1/1 Running 0 73s 10.62.6.181 phy-d2000-02 <none> <none>
pod/zabbix-server-deployment-74686b4c64-pfbcm 2/2 Running 0 73s 10.62.6.180 phy-d2000-02 <none> <none>
pod/zabbix-web-nginx-deployment-5f5c6f57c4-9sl67 1/1 Running 0 73s 10.62.6.182 phy-d2000-02 <none> <none>
pod/zabbix-web-service-deployment-54d9674fdb-tf6tm 1/1 Running 0 73s 10.62.6.183 phy-d2000-02 <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/zabbix-mysql-service ClusterIP 10.63.26.141 <none> 3306/TCP 74s app=zabbix-mysql
service/zabbix-server-service ClusterIP 10.63.73.105 <none> 10051/TCP 73s app=zabbix-server
service/zabbix-web-nginx-service ClusterIP 10.63.148.131 <none> 80/TCP 73s app=zabbix-web-nginx
service/zabbix-web-service-service ClusterIP 10.63.36.93 <none> 10053/TCP 73s app=zabbix-web-service访问验证
浏览器访问: https://zabbix.k8sy.com/ ,使用默认用户 Admin/zabbix 。
修改配置
可修改界面语言和时钟,修改默认密码等,更多Zabbix使用参考:
添加主机
- 创建主机组
根据管理需要,可创建主机组。
- 添加主机
添加主机,小规模场景下,建议使用Active模式。
参考:
Zabbix系列
确认验证
查看所有监控的节点情况:
提示 :针对Zabbix helm部署可参考:Kubernetes部署Zabbix监控系统