# Zabbix 7.2 Monitoring Stack # PostgreSQL 16 + Zabbix Server + Zabbix Web (nginx) # ArgoCD managed - BlueJay Lab # Credentials sourced from 1Password via OnePasswordItem CRD (zabbix-credentials) --- apiVersion: v1 kind: Namespace metadata: name: zabbix labels: app.kubernetes.io/part-of: bluejay-infra --- # PostgreSQL 16 StatefulSet apiVersion: apps/v1 kind: StatefulSet metadata: name: zabbix-postgres namespace: zabbix labels: app: zabbix-postgres spec: serviceName: zabbix-postgres replicas: 1 selector: matchLabels: app: zabbix-postgres template: metadata: labels: app: zabbix-postgres spec: containers: - name: postgres image: postgres:16-alpine args: - "-c" - "shared_buffers=256MB" - "-c" - "effective_cache_size=512MB" - "-c" - "work_mem=16MB" - "-c" - "maintenance_work_mem=128MB" - "-c" - "random_page_cost=1.1" - "-c" - "effective_io_concurrency=200" - "-c" - "max_connections=50" - "-c" - "checkpoint_completion_target=0.9" - "-c" - "wal_buffers=8MB" ports: - containerPort: 5432 name: postgres env: - name: POSTGRES_USER valueFrom: secretKeyRef: name: zabbix-credentials key: DB-User - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: zabbix-credentials key: DB-Password - name: POSTGRES_DB value: zabbix volumeMounts: - name: zabbix-postgres-data mountPath: /var/lib/postgresql/data subPath: pgdata resources: requests: memory: 512Mi cpu: 200m limits: memory: 1Gi cpu: "1" livenessProbe: exec: command: - pg_isready - -U - zabbix initialDelaySeconds: 30 periodSeconds: 10 readinessProbe: exec: command: - pg_isready - -U - zabbix initialDelaySeconds: 5 periodSeconds: 5 volumeClaimTemplates: - metadata: name: zabbix-postgres-data spec: accessModes: [ReadWriteOnce] resources: requests: storage: 10Gi --- apiVersion: v1 kind: Service metadata: name: zabbix-postgres namespace: zabbix spec: selector: app: zabbix-postgres ports: - port: 5432 targetPort: 5432 name: postgres clusterIP: None --- # Zabbix Server apiVersion: apps/v1 kind: Deployment metadata: name: zabbix-server namespace: zabbix labels: app: zabbix-server spec: replicas: 1 selector: matchLabels: app: zabbix-server template: metadata: labels: app: zabbix-server spec: containers: - name: zabbix-server image: zabbix/zabbix-server-pgsql:7.2-alpine-latest ports: - containerPort: 10051 name: trapper env: - name: DB_SERVER_HOST value: zabbix-postgres - name: DB_SERVER_PORT value: "5432" - name: POSTGRES_USER valueFrom: secretKeyRef: name: zabbix-credentials key: DB-User - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: zabbix-credentials key: DB-Password - name: POSTGRES_DB value: zabbix - name: ZBX_CACHESIZE value: "64M" - name: ZBX_VALUECACHESIZE value: "64M" - name: ZBX_HISTORYCACHESIZE value: "32M" - name: ZBX_TRENDCACHESIZE value: "8M" - name: ZBX_STARTPOLLERS value: "10" - name: ZBX_STARTPOLLERSUNREACHABLE value: "3" resources: requests: memory: 256Mi cpu: 100m limits: memory: 1Gi cpu: "1" livenessProbe: tcpSocket: port: 10051 initialDelaySeconds: 60 periodSeconds: 10 readinessProbe: tcpSocket: port: 10051 initialDelaySeconds: 30 periodSeconds: 5 --- apiVersion: v1 kind: Service metadata: name: zabbix-server namespace: zabbix spec: selector: app: zabbix-server ports: - port: 10051 targetPort: 10051 name: trapper --- apiVersion: v1 kind: Service metadata: name: zabbix-trapper namespace: zabbix annotations: metallb.universe.tf/loadBalancerIPs: 10.0.56.203 spec: type: LoadBalancer selector: app: zabbix-server ports: - port: 10051 targetPort: 10051 name: trapper protocol: TCP --- # Zabbix Web (nginx + PostgreSQL) apiVersion: apps/v1 kind: Deployment metadata: name: zabbix-web namespace: zabbix labels: app: zabbix-web spec: replicas: 1 selector: matchLabels: app: zabbix-web template: metadata: labels: app: zabbix-web spec: containers: - name: zabbix-web image: zabbix/zabbix-web-nginx-pgsql:7.2-alpine-latest ports: - containerPort: 8080 name: http env: - name: ZBX_SERVER_HOST value: zabbix-server - name: ZBX_SERVER_NAME value: "BlueJay NOC" - name: PHP_TZ value: America/Chicago - name: DB_SERVER_HOST value: zabbix-postgres - name: DB_SERVER_PORT value: "5432" - name: POSTGRES_USER valueFrom: secretKeyRef: name: zabbix-credentials key: DB-User - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: zabbix-credentials key: DB-Password - name: POSTGRES_DB value: zabbix - name: ZBX_ADMIN_PASSWORD valueFrom: secretKeyRef: name: zabbix-credentials key: password - name: ZBX_MEMORYLIMIT value: "256M" - name: PHP_FPM_PM_MAX_CHILDREN value: "10" - name: PHP_FPM_PM_START_SERVERS value: "3" - name: PHP_FPM_PM_MIN_SPARE_SERVERS value: "2" - name: PHP_FPM_PM_MAX_SPARE_SERVERS value: "5" - name: PHP_FPM_PM_MAX_REQUESTS value: "500" resources: requests: memory: 256Mi cpu: 100m limits: memory: 768Mi cpu: 500m livenessProbe: httpGet: path: / port: 8080 initialDelaySeconds: 60 periodSeconds: 10 readinessProbe: httpGet: path: / port: 8080 initialDelaySeconds: 30 periodSeconds: 5 --- apiVersion: v1 kind: Service metadata: name: zabbix-web namespace: zabbix spec: selector: app: zabbix-web ports: - port: 8080 targetPort: 8080 name: http --- # TLS Certificate via cert-manager apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: zabbix-tls namespace: zabbix spec: secretName: zabbix-tls issuerRef: name: step-ca-acme kind: ClusterIssuer dnsNames: - zabbix.iamworkin.lan --- # Traefik IngressRoute apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: zabbix-web namespace: zabbix spec: entryPoints: - websecure routes: - match: Host(`zabbix.iamworkin.lan`) kind: Rule services: - name: zabbix-web port: 8080 tls: secretName: zabbix-tls --- # 1Password secret sync — creates zabbix-credentials K8s Secret # Fields: DB-User, DB-Password, username, password, URL apiVersion: onepassword.com/v1 kind: OnePasswordItem metadata: name: zabbix-credentials namespace: zabbix spec: itemPath: vaults/IAmWorkin/items/Zabbix Admin