下载自:github.com/zabbix/zabbix-docker/blob/5.2/kubernetes.yaml
apiVersion: v1
#版本号,版本号可以用 kubectl api-versions 查询到
kind: Namespace
#表明资源对象,例如Pod、RC、Service、Namespace、Endpoints(把外部的链接到k8s系统中)及Node等
metadata:
#meta信息,比如名称、namespace、标签等信息
name: zabbix
labels:
name: zabbix
---
apiVersion: v1
kind: Service
metadata:
name: zabbix-web #service名称
labels:
app: zabbix
namespace: zabbix
spec: #资源对象的详细定义,持久化到etcd中保存
type: NodePort
#Service类型,ClusterIP供kubernates集群内部pod访问
ports: #暴露的端口列表
- port: 80
#Service监听的端口,对应ClusterIP,即ClusterIP+ServicePort供集群内部pod访问的
targetPort: 8080 #对应pod中容器的端口
#nodePort: 8080 #port和nodePort都是service的端口,前者暴露给k8s集群内部服务访问,后者暴露给
#k8s集群外部流量访问。从上两个端口过来的数据都需要经过反向代理kube-proxy,流
#入后端pod的targetPort上,最后到达pod内的容器。
#补充:NodePort类型的service可供外部集群访问是因为service监听了宿主机上的端口,即监听了(所有节点)nodePort,该端口的请求会发送给service,service再经由负载均衡转发给Endpoints的节点。
name: web-http #端口名称
- port: 443
targetPort: 8443
name: web-https
selector: #label选择器,管理label对应的pod
name: zabbix-web #pod的label
# externalIPs:
#对于指定了externalIPs的 Service,ipvs 会安装匹配KUBE-EXTERNAL-IP ipset 集的 iptables 规则
# -
---
apiVersion: v1
kind: Service
metadata:
name: mysql-server
labels:
app: zabbix
tier: db
namespace: zabbix
spec:
ports:
- port: 3306
targetPort: 3306
name: mysql-server
selector:
name: mysql-server
---
apiVersion: v1
kind: Service
metadata:
name: zabbix-server
labels:
app: zabbix
namespace: zabbix
spec:
ports:
- port: 10051
targetPort: 10051
name: zabbix-trapper
- port: 162
targetPort: 1162
protocol: UDP
name: snmp-trap
selector:
name: zabbix-server
# externalIPs:
# -
---
apiVersion: v1
kind: Service
metadata:
name: zabbix-proxy-sqlite3
labels:
app: zabbix
namespace: zabbix
spec:
ports:
- port: 10051
targetPort: 10051
name: zabbix-trapper
- port: 162
targetPort: 1162
protocol: UDP
name: snmp-trap
selector:
name: zabbix-proxy-sqlite3
---
apiVersion: v1
kind: Service
metadata:
name: zabbix-proxy-mysql
labels:
app: zabbix
namespace: zabbix
spec:
ports:
- port: 10051
targetPort: 10051
name: zabbix-trapper
- port: 162
targetPort: 1162
protocol: UDP
name: snmp-trap
selector:
name: zabbix-proxy-mysql
---
apiVersion: v1
kind: Service
metadata:
name: zabbix-java-gateway
labels:
app: zabbix
namespace: zabbix
spec:
ports:
- port: 10052
targetPort: 10052
name: zabbix-jmx
selector:
name: zabbix-java-gateway
---
apiVersion: v1
kind: Service
metadata:
name: zabbix-agent
labels:
app: zabbix
namespace: zabbix
spec:
ports:
- port: 10050
targetPort: 10050
name: zabbix-agent
selector:
name: zabbix-agent
---
apiVersion: v1
kind: ReplicationController
#根据标签选择器管理符合其标签的所有pod,并维持在replicas设置的数量上
metadata:
name: zabbix-web
labels:
app: zabbix
tier: zabbix-web
namespace: zabbix
spec:
replicas: 2
template:
metadata:
labels:
name: zabbix-web
app: zabbix
spec:
containers:
- name: zabbix-web
image: zabbix/zabbix-web-nginx-mysql:alpine-5.2-latest
imagePullPolicy: Always
ports:
- containerPort: 8080
name: web-http
- containerPort: 8443
name: web-https
resources:
limits:
cpu: 200m
memory: 400Mi
requests:
cpu: 200m
memory: 400Mi
livenessProbe:
httpGet:
path: /
port: web-http
scheme: HTTP
initialDelaySeconds: 15
timeoutSeconds: 2
periodSeconds: 10
successThreshold: 1
failureThreshold: 5
readinessProbe:
httpGet:
path: /
port: web-http
scheme: HTTP
initialDelaySeconds: 15
timeoutSeconds: 2
periodSeconds: 10
successThreshold: 1
failureThreshold: 5
env:
- name: ZBX_SERVER_NAME
value: "Zabbix kubernetes"
- name: PHP_TZ
value: "Europe/Riga"
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: db-secret
key: db-zbx-user
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: db-secret
key: db-zbx-pass
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: db-secret
key: db-root-pass
- name: MYSQL_DATABASE
value: "zabbix"
# volumeMounts:
# - name: zabbix-web-ssl
# mountPath: /etc/ssl/nginx
# readOnly: true
# volumes:
# - hostPath:
# path: /home/dotneft/zbx/zbx_env/etc/ssl/nginx/
# name: zabbix-web-ssl
---
apiVersion: v1
kind: ReplicationController
metadata:
name: mysql-server
labels:
app: zabbix
tier: mysql-server
namespace: zabbix
spec:
replicas: 1
template:
metadata:
labels:
name: mysql-server
app: zabbix
tier: mysql-server
spec:
# volumes:
# - name: zabbix-mysql-data
# persistentVolumeClaim:
# claimName: zabbix-mysql-data-claim
containers:
- name: zabbix-db
image: mysql:5.7
ports:
- containerPort: 3306
name: mysql
env:
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: db-secret
key: db-zbx-user
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: db-secret
key: db-zbx-pass
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: db-secret
key: db-root-pass
- name: MYSQL_DATABASE
value: "zabbix"
# volumeMounts:
# - mountPath: "/var/lib/mysql/" #容器中目录
# name: zabbix-mysql-data #定义的名称zabbix-mysql-data与下面配置中的volumes对应。
# readOnly: false
---
apiVersion: v1
kind: ReplicationController
metadata:
name: zabbix-server
labels:
app: zabbix
tier: server
environment: dev
namespace: zabbix
spec:
replicas: 1
template:
metadata:
labels:
name: zabbix-server
app: zabbix
spec:
containers:
- name: zabbix-server
image: zabbix/zabbix-server-mysql:alpine-5.2-latest
imagePullPolicy: Always
ports:
- containerPort: 10051
protocol: TCP
name: zabbix-trapper
readinessProbe:
tcpSocket:
port: zabbix-trapper
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
tcpSocket:
port: zabbix-trapper
initialDelaySeconds: 15
periodSeconds: 20
env:
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: db-secret
key: db-zbx-user
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: db-secret
key: db-zbx-pass
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: db-secret
key: db-root-pass
- name: MYSQL_DATABASE
value: "zabbix"
- name: ZBX_JAVAGATEWAY_ENABLE
value: "true"
- name: ZBX_STARTJAVAPOLLERS
value: "5"
- name: ZBX_ENABLE_SNMP_TRAPS
value: "true"
- name: ZBX_STARTPROXYPOLLERS
value: "5"
- name: ZBX_PROXYCONFIGFREQUENCY
value: "60"
volumeMounts:
- name: zabbix-db-storage
mountPath: /var/lib/zabbix/snmptraps/
readOnly: true
- name: zabbix-snmptraps
image: zabbix/zabbix-snmptraps:alpine-5.2-latest
imagePullPolicy: Always
ports:
- containerPort: 1162
protocol: UDP
name: snmp-trap
volumeMounts:
- name: zabbix-db-storage
mountPath: /var/lib/zabbix/snmptraps/
readOnly: false
volumes:
- hostPath:
path: /zabbix/
name: zabbix-db-storage
---
apiVersion: v1
kind: ReplicationController
metadata:
name: zabbix-proxy-sqlite3
labels:
app: zabbix
tier: proxy
namespace: zabbix
spec:
replicas: 1
template:
metadata:
labels:
name: zabbix-proxy-sqlite3
app: zabbix
spec:
containers:
- name: zabbix-proxy-sqlite3
image: zabbix/zabbix-proxy-sqlite3:alpine-5.2-latest
imagePullPolicy: Always
ports:
- containerPort: 10051
protocol: TCP
name: zabbix-trapper
env:
- name: ZBX_HOSTNAME
value: "zabbix-proxy-passive"
- name: ZBX_CONFIGFREQUENCY
value: "60"
- name: ZBX_PROXYMODE
value: "1"
---
apiVersion: v1
kind: ReplicationController
metadata:
name: zabbix-proxy-mysql
labels:
app: zabbix
tier: proxy
namespace: zabbix
spec:
replicas: 1
template:
metadata:
labels:
name: zabbix-proxy-mysql
app: zabbix
spec:
containers:
- name: zabbix-proxy-mysql
image: zabbix/zabbix-proxy-mysql:alpine-5.2-latest
imagePullPolicy: Always
ports:
- containerPort: 10051
protocol: TCP
name: zabbix-trapper
env:
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: db-secret
key: db-zbx-user
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: db-secret
key: db-zbx-pass
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: db-secret
key: db-root-pass
- name: MYSQL_DATABASE
value: "zabbix_proxy"
---
apiVersion: v1
kind: ReplicationController
metadata:
name: zabbix-java-gateway
labels:
app: zabbix
tier: java
namespace: zabbix
spec:
replicas: 1
template:
metadata:
labels:
name: zabbix-java-gateway
app: zabbix
spec:
containers:
- name: zabbix-java-gateway
image: zabbix/zabbix-java-gateway:alpine-5.2-latest
imagePullPolicy: Always
ports:
- containerPort: 10052
protocol: TCP
name: zabbix-jmx
env:
- name: ZBX_TIMEOUT
value: "5"
---
apiVersion: apps/v1
kind: DaemonSet
#DaemonSet好比Kubernetes集群Node的守护进程,可以保证在每个Node上(或者一部分Node上)都运行同一个Pod且只运行一个。适用的场景主要是一些agent,如日志收集的agent、监控的agent等
metadata:
name: zabbix-agent
labels:
app: zabbix
tier: agent
namespace: zabbix
spec:
selector:
matchLabels:
name: zabbix-agent
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
template:
metadata:
labels:
name: zabbix-agent
app: zabbix
spec:
containers:
- name: zabbix-agent
image: zabbix/zabbix-agent:alpine-5.2-latest
imagePullPolicy: Always
resources:
limits:
cpu: 100m
memory: 54Mi
requests:
cpu: 100m
memory: 54Mi
ports:
- containerPort: 10050
name: zabbix-agent
env:
- name: ZBX_SERVER_HOST
value: "zabbix-server"
- name: ZBX_PASSIVE_ALLOW
value: "true"
- name: ZBX_STARTAGENTS
value: "3"
- name: ZBX_TIMEOUT
value: "10"
securityContext:
privileged: true
---
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
#使Pod水平自动缩放,提高集群的整体资源利用率,让service中的Pod个数自动调整
metadata:
name: zabbix-web
namespace: zabbix
spec:
scaleTargetRef:
apiVersion: v1
kind: ReplicationController
name: zabbix-web
minReplicas: 1
maxReplicas: 5
metrics:
- type: Resource
resource:
name: cpu
targetAverageUtilization: 70
---
kind: PersistentVolume
#用于pod和volume之间解耦
apiVersion: v1
metadata:
name: zabbix-mysql-data
labels:
type: local
namespace: zabbix
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce #可以被一个node读写,缩写为RWO
hostPath:
path: "/data"
---
kind: PersistentVolumeClaim
#PVC是使用PV资源的声明
apiVersion: v1
metadata:
name: zabbix-mysql-data-claim
namespace: zabbix
spec:
accessModes:
- ReadWriteOnce
resources: #约定声明PV的大小等参数
requests:
storage: 1Gi
volumeName: zabbix-mysql-data
---
apiVersion: v1
kind: List
metadata:
namespace: zabbix
items:
- apiVersion: v1
kind: Secret
# Secret解决了密码、token、秘钥等敏感数据的配置问题
type: Opaque #base64编码格式的Secret,用来存储密码、秘钥等
metadata:
name: db-secret
namespace: zabbix
data:
db-root-pass: "c29tZV90ZXN0X3Bhc3M="
db-zbx-user: "emFiYml4" # echo -n 'zabbix' | base64
db-zbx-pass: "emFiYml4" # mysql -uzabbix -pzabbix