search

cetic / helm-zabbix

Helm Chart For Zabbix
https://artifacthub.io/packages/helm/cetic/zabbix
Apache License 2.0
56 stars 57 forks source link

How to use with AWS ALB / NLB Ingress for TCP traffic? #61

Closed ypicard closed 2 years ago

ypicard commented 2 years ago

I am trying to setup this chart on AWS EKS and make the zabbix web interface accessible from the public internet.

The examples given here use the Nginx ingress class. Have you tried setting it up using the AWS Load Balancer Controller?

I have the following at the moment:

zabbixweb:
  service:
    type: NodePort
    nodePort: 31080
ingress:
  enabled: true
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: instance
  hosts:
    - host: myendpoint.com
      paths:
        - pathType: Prefix
          path: /
ypicard commented 2 years ago

I have managed to setup AWS ALB by defining a separate ingress resource than the one defined by the chart. I do not know why the one included does not work, but here is my configuration:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: monitoring
  namespace: monitoring
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: instance
    alb.ingress.kubernetes.io/healthcheck-path: /check
spec:
  rules:
    - host: myendpoint.com
    - http:
        paths:
          - pathType: Prefix
            path: /
            backend:
              service:
                name: zabbix-zabbix-web
                port:
                  number: 80

AWS ALBs only work with pathType: Prefix types. I have not seen any configuration in the values.yaml which allows to change the root url of the web interface, which prevents setting something different than path: /. It would be nice to be able to customize this.

aeciopires commented 2 years ago

Hi @ypicard!

I tested now ALB config:

zabbixweb:
   service:
    type: NodePort
     clusterIP:
     port: 80
    nodePort: 31080

 ingress:
  enabled: true
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:XXXXXXXXXXXX:certificate/000000000000000000000
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/healthcheck-path: /
    alb.ingress.kubernetes.io/tags: Scost=zabbix, Environment=testing
   hosts:
    - host: zabbix.domain.com
       paths:
         - path: /
          pathType: Prefix

It's works for me. 2022-06-28_11-14

ypicard commented 2 years ago

Hi,

Yes this was not for the Zabbix Frontend, but for the proxies and server which need TCP ingress. An AWS ALB only provides HTTP ingress, so I had to add an AWS NLB instead. This is my final configuration, which works perfectly:

ingress.yaml:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: monitoring
  namespace: monitoring
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: instance
    alb.ingress.kubernetes.io/healthcheck-path: /
spec:
  rules:
    - host: web.zabbix.company.com
      http:
        paths:
          - pathType: Prefix
            path: /
            backend:
              service:
                name: zabbix-zabbix-web
                port:
                  number: 80

helmfile.d/monitoring.yaml:

- name: zabbix
  namespace: monitoring
  chart: cetic/zabbix
  version: 3.0.0
  values:
    - postgresql:
        enabled: false
      zabbixproxy:
        enabled: true
        extraEnv:
          - name: ZBX_CONFIGFREQUENCY
            value: 600 # 10 minutes
        service:
          type: NodePort
          annotations:
            service.beta.kubernetes.io/aws-load-balancer-type: external
            service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
            service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
      zabbixagent:
        enabled: false
      zabbixserver:
        enabled: true
      zabbixweb:
        service:
          type: NodePort

Thank you, this is now solved :)