- 安装mysql
# 参考 https://github.com/bitnami/charts/tree/master/bitnami/mysql/#installing-the-chart
# kubectl create ns jumpserver
# helm install jumpserver-mysql57 bitnami/mysql -n jumpserver -f mysql.yaml
# helm upgrade jumpserver-mysql57 bitnami/mysql -n jumpserver -f mysql.yaml
global:
storageClass: rook-cephfs
image:
tag: 5.7.34
auth:
rootPassword: MyMysql@!2021
# 初始化的数据库名称/帐号/密码
database: jumpserver
username: jumpserver
password: jumP@2021
primary:
persistence:
size: 20Gi
- 安装redis
# https://github.com/bitnami/charts/tree/master/bitnami/redis
# helm install jumpserver-redis bitnami/redis -n jumpserver -f redis.yaml
global:
storageClass: rook-cephfs
redis:
password: Redis@@2021
master:
persistence:
accessModes:
- ReadWriteOnce
replica:
replicaCount: 0
参考配置文件 https://github.com/jumpserver/jumpserver/blob/master/config_example.yml
- jumpserver-all.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jumpserver-pvc
namespace: jumpserver
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Gi
storageClassName: rook-cephfs
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: jumpserver
namespace: jumpserver
labels:
app: jumpserver
spec:
replicas: 1
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
selector:
matchLabels:
app: jumpserver
template:
metadata:
labels:
app: jumpserver
spec:
containers:
# 环境参考 https://github.com/jumpserver/jumpserver/blob/master/config_example.yml
- env:
# cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo
- name: SECRET_KEY
value: "xxxxxxxxxxxxxxxxx"
# cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16;echo
- name: BOOTSTRAP_TOKEN
value: "xxxxxx"
- name: DB_ENGINE
value: "mysql"
- name: DB_HOST
value: "jumpserver-mysql57.jumpserver"
- name: DB_PORT
value: "3306"
- name: DB_USER
value: "jumpserver"
- name: "DB_PASSWORD"
value: "jumP@2021"
- name: DB_NAME
value: "jumpserver"
- name: REDIS_HOST
value: "jumpserver-redis-master.jumpserver"
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
value: "Redis@@2021"
image: jumpserver/jms_all:v2.9.2
imagePullPolicy: IfNotPresent
name: jumpserver
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 2222
name: ssh
protocol: TCP
volumeMounts:
- mountPath: /opt/jumpserver/data/media
name: datadir
volumes:
- name: datadir
persistentVolumeClaim:
claimName: jumpserver-pvc
---
kind: Service
apiVersion: v1
metadata:
name: jumpserver-svc
namespace: jumpserver
spec:
selector:
app: jumpserver
ports:
- name: http
protocol: TCP
port: 80
- name: ssh
protocol: TCP
port: 2222
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jumpserver-ingress
namespace: jumpserver
annotations:
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt-issuer
kubernetes.io/ingress.class: kong
spec:
tls:
- hosts:
- jumpserver.chinasahl.com
secretName: jumpserver.your_domain.com-tls
rules:
- host: jumpserver.your_domain.com
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: jumpserver-svc
port:
number: 80