Zabbix helps you to do a real-time monitoring of millions of metrics collected from tens of thousands of servers, virtual machines and network devices. The Zabbix Operator allows users to easily deploy, manage, and maintain Zabbix deployments on OpenShift. By installing this integration you will be able to deploy Zabbix server/proxies and other components with a single command.
Zabbix Operator comes with a few possible installation options:
Currently Zabbix Operator is based on the Zabbix 5.0 LTS version and supports OpenShift 4.0, 4.1, 4.2, 4.3, 4.4 and 4.5.
The installation of Zabbix Operator using Red Hat Marketplace requires the OpenShift cluster to be registered in the Marketplace Portal, including the roll out of the PullSecret in your cluster. Failure to do so will result in an image pull authentication failure with the Red Hat registry.
1. Select the OperatorHub from the Operators submenu and search for Zabbix.
Choose the RedHat Marketplace option.
2. Select "Zabbix Operator" and click on Purchase.
Openshift needs to be registered with the Red Hat Marketplace portal.
3. Select the most suitable install option.
4. Specify the product configuration to fit your needs.
5. Navigate to your software within Red Hat Marketplace and install the Zabbix Operator software as specified in the image.
6. Install the Operator. Set the update approval strategy to Automatic to ensure that you always have the latest version of Zabbix components installed.
7. The Zabbix Operator is now installed into your specified cluster.
8. Go to Operators → Installed Operators.
9. Open the "Zabbix Operator" configuration page.
If you have installed OpenShift in AWS ensure that the requisite ports are opened for the worker nodes’ security group.
1. Select OperatorHub from the Operators submenu and search for Zabbix.
2. Select Zabbix Operator and click on Install.
3. Select the installation options.
4. Go to Operators → Installed Operators.
5. Open the "Zabbix Operator" configuration page.
Some of the operands (installation options) require additional resources to be created before. The following section describes these prerequisites. All possible configuration options are available during operand deployment. For example, Zabbix proxy (MySQL):
The YAML section provides all available options with default values:
This operand has a few prerequisites:
1. An existing MySQL database entry point - a MySQL database/cluster must be created before running the "Zabbix Server" operand. For example, a standalone MySQL server with persistent volume:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-pv-claim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
spec:
selector:
matchLabels:
app: mysql
strategy:
type: Recreate
template:
metadata:
labels:
app: mysql
spec:
containers:
- image: mysql:8.0
name: mysql
args:
- mysqld
- '--character-set-server=utf8'
- '--collation-server=utf8_bin'
- '--default-authentication-plugin=mysql_native_password'
env:
# Use secret in real usage
- name: MYSQL_ROOT_PASSWORD
value: Welcome1!
ports:
- containerPort: 3306
name: mysql
volumeMounts:
- name: mysql-persistent-storage
mountPath: /var/lib/mysql
volumes:
- name: mysql-persistent-storage
persistentVolumeClaim:
claimName: mysql-pv-claim
---
apiVersion: v1
kind: Service
metadata:
name: mysql
spec:
ports:
- port: 3306
selector:
app: mysql
clusterIP: None
Please, note that Zabbix does not support a utf8_mb4 charset and default caching_sha2_password authentication plugin.
2. MySQL credentials using secret - must be secret with mysql_root_password, mysql_zabbix_username and mysql_zabbix_password data. For example:
kind: Secret
apiVersion: v1
metadata:
name: zabbix-server-secrets
data:
mysql_root_password: V2VsY29tZTEh
mysql_zabbix_password: emFiYml4X3N1cGVyIQ==
mysql_zabbix_username: emFiYml4
type: Opaque
where all fields are encoded using base64. For example:
An example of "Zabbix Server" operand configuration:
All configuration options are available using the form view, but it is possible to use the YAML view as well. For example:
Finally, the operand will create multiple pods. It is possible to examine them in the Workloads → Pods section:
The route for Zabbix web interface is located under Networking → Routes. The URL provides access to the Zabbix web interface. In the following example it is http://zabbix-server-zabbix.apps-crc.testing/
:
This operand has a few prerequisites:
1. MySQL volume claim - must be persistent volume claim. For example:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: zabbix-database
namespace: zabbix
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 50Gi
2. MySQL credentials using secret - must be secret with mysql_root_password, mysql_zabbix_username and mysql_zabbix_password data. For example:
kind: Secret
apiVersion: v1
metadata:
name: zabbix-full-secrets
data:
mysql_root_password: V2VsY29tZTEh
mysql_zabbix_password: emFiYml4X3N1cGVyIQ==
mysql_zabbix_username: emFiYml4
type: Opaque
where all fields are encoded using base64. For example:
An example of "Zabbix Full" operand configuration:
All configuration options are available using the form view, but it is possible to use the YAML view as well. For example:
Finally, the operand will create multiple pods. It is possible to examine them in the Workloads → Pods section:
The route for Zabbix web interface is located under Networking → Routes. The URL provides access to the Zabbix web interface. In the following example it is http://zabbix-full-zabbix.apps-crc.testing/
:
An example of "Zabbix proxy (SQLite3)" operand configuration:
Finally, the operand will create multiple pods. It is possible to examine them in the Workloads → Pods section:
The following procedure describes how to create a new secret using Openshift Console.
1. Open the Workloads → Secrets section and switch project to the Zabbix Operator project (by default, "zabbix").
2. Create a new secret using the From YAML option.
It is possible to enable HTTPS directly in the Zabbix web interface pods. In this case create the following secret using the YAML option:
kind: Secret
apiVersion: v1
metadata:
name: zabbix-web-sslsecret
data:
ssl.crt: >-
< ssl.crt data>
ssl.key: >-
< ssl.key data >
dhparam.pem: >-
< dhparam.pem data >
The names of certificates and DH Parameters file are static. Please use the listed in the above example only!
MySQL database side:
apiVersion: v1
data:
root-ca.pem: >-
< root-ca.pem data>
server-cert.pem: >-
< server-cert.pem data>
server-key.pem: >-
< server-key.pem data>
kind: Secret
metadata:
name: zabbix-db-server-tls-secret
type: Opaque
Zabbix components side:
apiVersion: v1
data:
client-cert.pem: >-
< client-cert.pem data>
client-key.pem: >-
< client-key.pem data>
root-ca.pem: >-
< root-ca.pem data>
kind: Secret
metadata:
name: zabbix-db-client-tls-secret
type: Opaque
Certificates must include "-----BEGIN RSA PRIVATE KEY-----"
and "-----END RSA PRIVATE KEY-----"
. For example:
Then, during deployment, in the Zabbix component section and MySQL server (if using built-in server) choose the proper "TLS connection to database" option value and the "MySQL database certificates (client)" secret value.