jumpserver在kubernetes中的安装

• 安装mysql

# 参考 https://github.com/bitnami/charts/tree/master/bitnami/mysql/#installing-the-chart
# kubectl create ns jumpserver
# helm install jumpserver-mysql57 bitnami/mysql -n jumpserver -f mysql.yaml
# helm upgrade jumpserver-mysql57 bitnami/mysql -n jumpserver -f mysql.yaml
global:
  storageClass: rook-cephfs
image:
  tag: 5.7.34
auth:
  rootPassword: MyMysql@!2021
  # 初始化的数据库名称/帐号/密码
  database: jumpserver
  username: jumpserver
  password: jumP@2021

primary:
  persistence:
    size: 20Gi

• 安装redis

# https://github.com/bitnami/charts/tree/master/bitnami/redis
# helm install jumpserver-redis bitnami/redis -n jumpserver -f redis.yaml
global:
  storageClass: rook-cephfs
  redis:
    password: Redis@@2021

master:
  persistence:
    accessModes:
    - ReadWriteOnce
replica:
  replicaCount: 0

参考配置文件 https://github.com/jumpserver/jumpserver/blob/master/config_example.yml

• jumpserver-all.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: jumpserver-pvc
  namespace: jumpserver
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 100Gi
  storageClassName: rook-cephfs

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: jumpserver
  namespace: jumpserver
  labels:
    app: jumpserver
spec:
    replicas: 1
    strategy:
      rollingUpdate:
        maxSurge: 1
        maxUnavailable: 0
      type: RollingUpdate
    selector:
      matchLabels:
        app: jumpserver
    template:
      metadata:
        labels:
          app: jumpserver
      spec:
        containers:
        # 环境参考 https://github.com/jumpserver/jumpserver/blob/master/config_example.yml
        - env:
          # cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo
          - name: SECRET_KEY
            value: "xxxxxxxxxxxxxxxxx"
          # cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16;echo
          - name: BOOTSTRAP_TOKEN
            value: "xxxxxx"
          - name: DB_ENGINE
            value: "mysql"
          - name: DB_HOST
            value: "jumpserver-mysql57.jumpserver"
          - name: DB_PORT
            value: "3306"
          - name: DB_USER
            value: "jumpserver"
          - name: "DB_PASSWORD"
            value: "jumP@2021"
          - name: DB_NAME
            value: "jumpserver"
          - name: REDIS_HOST
            value: "jumpserver-redis-master.jumpserver"
          - name: REDIS_PORT
            value: "6379"
          - name: REDIS_PASSWORD
            value: "Redis@@2021"
          image: jumpserver/jms_all:v2.9.2
          imagePullPolicy: IfNotPresent
          name: jumpserver
          ports:
          - containerPort: 80
            name: http
            protocol: TCP
          - containerPort: 2222
            name: ssh
            protocol: TCP
          volumeMounts:
          - mountPath: /opt/jumpserver/data/media
            name: datadir
        volumes:
        - name: datadir
          persistentVolumeClaim:
            claimName: jumpserver-pvc

---
kind: Service
apiVersion: v1
metadata:
  name: jumpserver-svc
  namespace: jumpserver
spec:
  selector:
    app: jumpserver
  ports:
  - name: http
    protocol: TCP
    port: 80
  - name: ssh
    protocol: TCP
    port: 2222

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: jumpserver-ingress
  namespace: jumpserver
  annotations:
    kubernetes.io/tls-acme: "true"
    cert-manager.io/cluster-issuer: letsencrypt-issuer
    kubernetes.io/ingress.class: kong
spec:
  tls:
  - hosts:
      - jumpserver.chinasahl.com
    secretName: jumpserver.your_domain.com-tls
  rules:
  - host: jumpserver.your_domain.com
    http:
      paths:
      - path: /
        pathType: ImplementationSpecific
        backend:
          service:
            name: jumpserver-svc
            port:
              number: 80