Check MK container/k8s deployment
In the company everybody seems to love Check MK. Me? Not so much, but a better alternative costs time and effort, both resources we don’t really have right now. Yet there’s a positive thing about it - because there’s an official docker container. Since I already coded a helm chart for stateful single container softwares (which I personally find super useful), I just wrote a Check MK YAML and installed it on my K8S cluster.
And then nothing worked. Turns out, Apache - which is used in that very strange “Open Monitoring Distribution” which Check MK seems to have been at one point - has a slightly sub-optimal configuration for running in a container behind a load balancer using cert-manager.
In short, you connect to the load balancer using “cmk.my.domain”, and it redirects you to the container port, which to itself is “https://cmk.my.domain:5000/" and just wrong. Which brings me to the question if anybody has ever tried to run the Check MK container in a k8s cluster or behind a load balancer, which brings me to the question that I’d rather use software which actively embraces that, which brings me to the question WHICH ONE?!? which brings us back to “no resources, no time”.
So, bad luck, Check MK it is. But what about the bug? Reporting it you get an email “DONT CALL US - WE CALL YOU (and we probably won’t)”, with a ticket ID but no link. So probably no help here. So I “forked” the container, fooled around with it, and found a solution. The “fixed” container is now available on docker hub (sources on GitHub) and running nicely in our internal cluster. Let’s see which hidden bugs I have introduced 😉 . The stasico-Helm-YAML file I used to deploy Check MK in K8S is also available.
TL;DR
- Found a bug in the Check MK docker container - you can’t run it behind a LB
- Created a fixed version (GitHub repo here)
- … and a YAML deployment script for my stasico helm chart