In a test installation, I had this working so I'm not sure now why I'm hitting this issue with Kubernetes monitoring.
Zabbix: 6.4.12
Chart: helm install -f zabbix_values.yaml zabbix zabbix-chart-6.4/zabbix-helm-chrt -n monitoring (installed 6.4.12 versions)
Modified the values chart only with which points to the Zabbix server which has an active proxy. The ZBX_PROXYMODE is set to 0.
- name: ZBX_SERVER_HOST
value: "10.xx.xx.xx"
I grabbed the secret for the service account via:
kubectl get secret zabbix-service-account -n monitoring -o jsonpath={.data.token} | base64 -d
and in the host entry which is checking nodes via HTTP, I modified:
{$KUBE.API.TOKEN}
{$KUBE.API.URL}
However, it's not working due to this error. I don't recall at least in the past having to create permissions manually.
176:20240301:044928.863 [ Kubernetes ] ERROR: Request failed with status code 403: {"kind":"Status","apiVersion":"v1","metadata":{ }," status":"Failure","message":"v1 "nodes" is forbidden: User "system:serviceaccount:monitoring:zabbix-service-account" cannot get resource "v1" in API group "" at the cluster scope","reason":"Forbidden","details":{"name":"nod es","kind":"v1"},"code":403}
Service account details
Name: zabbix-service-account
Namespace: monitoring
Labels: app.kubernetes.io/instance=zabbix
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=zabbix-helm-chrt
app.kubernetes.io/version=6.4.6
helm.sh/chart=zabbix-helm-chrt-1.3.4
Annotations: meta.helm.sh/release-name: zabbix
meta.helm.sh/release-namespace: monitoring
Image pull secrets: <none>
Mountable secrets: <none>
Tokens: zabbix-service-account
Events: <none>
Zabbix: 6.4.12
Chart: helm install -f zabbix_values.yaml zabbix zabbix-chart-6.4/zabbix-helm-chrt -n monitoring (installed 6.4.12 versions)
Modified the values chart only with which points to the Zabbix server which has an active proxy. The ZBX_PROXYMODE is set to 0.
- name: ZBX_SERVER_HOST
value: "10.xx.xx.xx"
I grabbed the secret for the service account via:
kubectl get secret zabbix-service-account -n monitoring -o jsonpath={.data.token} | base64 -d
and in the host entry which is checking nodes via HTTP, I modified:
{$KUBE.API.TOKEN}
{$KUBE.API.URL}
However, it's not working due to this error. I don't recall at least in the past having to create permissions manually.
176:20240301:044928.863 [ Kubernetes ] ERROR: Request failed with status code 403: {"kind":"Status","apiVersion":"v1","metadata":{ }," status":"Failure","message":"v1 "nodes" is forbidden: User "system:serviceaccount:monitoring:zabbix-service-account" cannot get resource "v1" in API group "" at the cluster scope","reason":"Forbidden","details":{"name":"nod es","kind":"v1"},"code":403}
Service account details
Name: zabbix-service-account
Namespace: monitoring
Labels: app.kubernetes.io/instance=zabbix
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=zabbix-helm-chrt
app.kubernetes.io/version=6.4.6
helm.sh/chart=zabbix-helm-chrt-1.3.4
Annotations: meta.helm.sh/release-name: zabbix
meta.helm.sh/release-namespace: monitoring
Image pull secrets: <none>
Mountable secrets: <none>
Tokens: zabbix-service-account
Events: <none>
Comment