首先安装了动态存储、动态存储怎么安装,这里不介绍
1:mysql安装
root@k8s-master1:/usr/local/helm-charts-jumpserver-3.9.2/charts/jumpserver/111# cat mysql-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-data
namespace: jumpserver
annotations:
volume.beta.kubernetes.io/storage-class: "managed-nfs-storage" #这里改成自己的动态存储名
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 50Gi
root@k8s-master1:/usr/local/helm-charts-jumpserver-3.9.2/charts/jumpserver/111# cat mysql.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
namespace: jumpserver
spec:
selector:
matchLabels:
app: mysql
replicas: 1
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
args:
- --character-set-server=utf8
image: jumpserver/mysql:5
imagePullPolicy: IfNotPresent
env:
- name: DB_PORT
value: "3306"
- name: MYSQL_DATABASE
value: jumpserver #容器起来时创建的库,给jumpserver服务用
- name: MYSQL_ROOT_PASSWORD
value: "Password123@mysql" #设置的root密码
ports:
- containerPort: 3306 #端口
protocol: TCP
volumeMounts:
- name: mysql-data #数据目录
mountPath: /var/lib/mysql
volumes:
- name: mysql-data #这里用前面创建的动态名称
persistentVolumeClaim:
claimName: mysql-data
---
apiVersion: v1
kind: Service
metadata:
name: mysql
namespace: jumpserver
spec:
ports:
- name: mysql
protocol: TCP
port: 3306
targetPort: 3306
nodePort: 30306
type: NodePort
selector:
app: mysql
2:redis安装
root@k8s-master1:/usr/local/helm-charts-jumpserver-3.9.2/charts/jumpserver/111# cat redis-config.yaml
apiVersion: v1
data:
redis.conf: |-
bind 0.0.0.0
port 6379
requirepass fdsa923nkfs32
pidfile /var/run/redis_6379.pid
save 900 1
save 300 10
save 60 10000
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
appendonly yes
appendfilename "appendonly.aof"
appendfsync everysec
dir /data
logfile "/data/redis-6379.log"
kind: ConfigMap
metadata:
name: redis-config
namespace: jumpserver
root@k8s-master1:/usr/local/helm-charts-jumpserver-3.9.2/charts/jumpserver/111# cat redis-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: redis-data
namespace: jumpserver
annotations:
volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 20Gi
root@k8s-master1:/usr/local/helm-charts-jumpserver-3.9.2/charts/jumpserver/111# cat redis.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: jumpserver-redis
namespace: jumpserver
spec:
replicas: 1
selector:
matchLabels:
app: jumpserver-redis
template:
metadata:
labels:
app: jumpserver-redis
spec:
containers:
- image: redis:6.0.9
command: ["redis-server","/etc/redis/redis.conf"]
name: redis
ports:
- containerPort: 6379
volumeMounts:
- name: redis-config
mountPath: /etc/redis/redis.conf
subPath: redis.conf
- name: redis-data
mountPath: /data
volumes:
- name: redis-config
configMap:
name: redis-config
- name: redis-data
persistentVolumeClaim:
claimName: redis-data
---
apiVersion: v1
kind: Service
metadata:
labels:
app: jumpserver-redis-svc
name: jumpserver-redis-svc
namespace: jumpserver
spec:
ports:
- name: tcp-redis-6379
port: 6379
protocol: TCP
targetPort: 6379
selector:
app: jumpserver-redis
3:部署jumpserver
helm repo add jumpserver https://jumpserver.github.io/helm-charts
helm repo list
由于国内环境原因,添加repo一直失败,所以放弃了上面这个方法
先创建一个模板文件
root@k8s-master1:/usr/local/helm-charts-jumpserver-3.9.2/charts/jumpserver/111# cat values.yaml
# 模板 https://github.com/jumpserver/helm-charts/blob/main/charts/jumpserver/values.yaml
# Default values for jumpserver.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
nameOverride: ""
fullnameOverride: ""
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.storageClass Global StorageClass for Persistent Volume(s)
## @param global.redis.password Global Redis™ password (overrides `auth.password`)
##
global:
imageRegistry: "docker.io" # 千万别听他的用国内的,那真是一点都下载不下来
imageTag: v3.3.1 # 版本号
## E.g.
# imagePullSecrets:
# - name: harborsecret
#
# storageClass: "jumpserver-data"
##
imagePullSecrets: []
# - name: yourSecretKey
storageClass: "managed-nfs-storage" # (*必填) NFS SC(刚创建好的sc,你别说你忘了)
## Please configure your MySQL server first
## Jumpserver will not start the external MySQL server.
##
externalDatabase: # (*必填) 数据库相关设置(写本地mysql也行,写pod mysql也行,我这里写的pod)
engine: mysql
host: 192.168.50.30 #k8s自带的dns,格式mysqlscv名字,名称空间名字.svc.cluster.local
port: 30306 #端口
user: root #用户
password: "Password123@mysql" #密码
database: jumpserver #库名
## Please configure your Redis server first
## Jumpserver will not start the external Redis server.
##
externalRedis: # (*必填) Redis 设置
host: 192.168.50.30
port: 31214
password: "fdsa923nkfs32"
serviceAccount:
# Specifies whether a service account should be created
create: false
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
ingress:
enabled: false # 不使用 ingress 可以关闭(我这里给他关闭了,一会咱手动创建)
annotations:
# kubernetes.io/tls-acme: "true"
compute-full-forwarded-for: "true"
use-forwarded-headers: "true"
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Upgrade "websocket";
proxy_set_header Connection "Upgrade";
hosts:
- "test.jumpserver.org" # 对外域名
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
core:
enabled: true
labels:
app.jumpserver.org/name: jms-core
config:
# Generate a new random secret key by execute `cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
secretKey: "" # (*必填) 加密敏感信息的 secret_key, 长度推荐大于 50 位 (这玩意自己随便填就行,记好了就行,)
# Generate a new random bootstrap token by execute `cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
bootstrapToken: "" # (*必填) 组件认证使用的 token, 长度推荐大于 24 位 (这也是随便填,记好了就行)
# Enabled it for debug
debug: false
log:
level: ERROR
replicaCount: 1
image:
registry: docker.io
repository: jumpserver/core
tag: v3.3.1
pullPolicy: IfNotPresent
command: []
env:
# See: https://docs.jumpserver.org/zh/master/admin-guide/env/#core
SESSION_EXPIRE_AT_BROWSER_CLOSE: true
# SESSION_COOKIE_AGE: 86400
# SECURITY_VIEW_AUTH_NEED_MFA: true
livenessProbe:
failureThreshold: 30
httpGet:
path: /api/health/
port: web
readinessProbe:
failureThreshold: 30
httpGet:
path: /api/health/
port: web
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
web:
port: 8080
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 1000m
# memory: 2048Mi
# requests:
# cpu: 500m
# memory: 1024Mi
persistence:
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany #注意,这里用ceph做动态存储的把这个参数改成ReadWriteOnce (单机访问,不然创建出来会报错,pvc),不止这里,下面还有
size: 100Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
# subPath: ""
# existingClaim:
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
koko:
enabled: true
labels:
app.jumpserver.org/name: jms-koko
config:
log:
level: ERROR
replicaCount: 1
image:
registry: 192.168.50.14
repository: images/koko
tag: v3.3.1
pullPolicy: IfNotPresent
command: []
env: []
# See: https://docs.jumpserver.org/zh/master/admin-guide/env/#koko
# LANGUAGE_CODE: zh
# REUSE_CONNECTION: true
# ENABLE_LOCAL_PORT_FORWARD: true
# ENABLE_VSCODE_SUPPORT: true
livenessProbe:
failureThreshold: 30
httpGet:
path: /koko/health/
port: web
readinessProbe:
failureThreshold: 30
httpGet:
path: /koko/health/
port: web
podSecurityContext: {}
# fsGroup: 2000
securityContext:
privileged: true
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
web:
port: 5000
ssh:
port: 2222
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
persistence:
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany #这里用ceph做动态存储的把这个参数改成ReadWriteOnce
size: 10Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
lion:
enabled: true
labels:
app.jumpserver.org/name: jms-lion
config:
log:
level: ERROR
replicaCount: 1
image:
registry: 192.168.50.14 ##我这里使用的私仓环境
repository: images/lion
tag: v3.3.1
pullPolicy: IfNotPresent
command: []
env:
# See: https://docs.jumpserver.org/zh/master/admin-guide/env/#lion
JUMPSERVER_ENABLE_FONT_SMOOTHING: true
# JUMPSERVER_COLOR_DEPTH: 32
# JUMPSERVER_ENABLE_WALLPAPER: true
# JUMPSERVER_ENABLE_THEMING: true
# JUMPSERVER_ENABLE_FULL_WINDOW_DRAG: true
# JUMPSERVER_ENABLE_DESKTOP_COMPOSITION: true
# JUMPSERVER_ENABLE_MENU_ANIMATIONS: true
livenessProbe:
failureThreshold: 30
httpGet:
path: /lion/health/
port: web
readinessProbe:
failureThreshold: 30
httpGet:
path: /lion/health/
port: web
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
web:
port: 8081
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 512Mi
# requests:
# cpu: 100m
# memory: 512Mi
persistence:
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany
size: 50Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
magnus:
enabled: true
labels:
app.jumpserver.org/name: jms-magnus
config:
log:
level: ERROR
replicaCount: 1
image:
registry: 192.168.50.14
repository: images/magnus
tag: v3.3.1
pullPolicy: IfNotPresent
command: []
env: []
livenessProbe:
failureThreshold: 30
tcpSocket:
port: 9090
readinessProbe:
failureThreshold: 30
tcpSocket:
port: 9090
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
mysql:
port: 33061
mariadb:
port: 33062
redis:
port: 63790
postgresql:
port: 54320
oracle:
ports: 30000-30100
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 512Mi
# requests:
# cpu: 100m
# memory: 512Mi
persistence:
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany #这里用ceph做动态存储的把这个参数改成ReadWriteOnce
size: 10Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
xpack:
enabled: false # 企业版本打开此选项
omnidb:
labels:
app.jumpserver.org/name: jms-omnidb
config:
log:
level: ERROR
replicaCount: 1
image:
registry: registry.fit2cloud.com
repository: jumpserver/omnidb
tag: v3.3.1
pullPolicy: IfNotPresent
command: []
env: []
livenessProbe:
failureThreshold: 30
tcpSocket:
port: web
readinessProbe:
failureThreshold: 30
tcpSocket:
port: web
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
web:
port: 8082
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
persistence:
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany
size: 10Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
razor:
labels:
app.jumpserver.org/name: jms-razor
config:
log:
level: ERROR
replicaCount: 1
image:
registry: registry.fit2cloud.com
repository: jumpserver/razor
tag: v2.28.6
pullPolicy: IfNotPresent
command: []
env: []
livenessProbe:
failureThreshold: 30
tcpSocket:
port: rdp
readinessProbe:
failureThreshold: 30
tcpSocket:
port: rdp
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
rdp:
port: 3389
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
persistence:
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany #这里用ceph做动态存储的把这个参数改成ReadWriteOnce
size: 50Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
web:
enabled: true
labels:
app.jumpserver.org/name: jms-web
replicaCount: 1
image:
registry: 192.168.50.14
repository: images/web
tag: v3.3.1
pullPolicy: IfNotPresent
command: []
env: []
# nginx client_max_body_size, default 4G
# CLIENT_MAX_BODY_SIZE: 4096m
livenessProbe:
failureThreshold: 30
httpGet:
path: /api/health/
port: web
readinessProbe:
failureThreshold: 30
httpGet:
path: /api/health/
port: web
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
web:
port: 80
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
persistence:
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany
size: 1Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
下载helm包
https://github.com/jumpserver/helm-charts/releases?page=3
把源换成刚下载下来的包执行命令
helm install jms-k8s jumpserver-3.3.1.tgz -n jumpserver -f values.yaml
执行完之后首先他会起一个他内置数据库的pod,会running状态,如果是别的状态建议看看是不是镜像没下载下来
一个小问题,可以看到这个celery pod一直在重启,删除红框里面的这一段
这里使用的IP+port的方式访问
初始用户名密码:admin、admin