k8s部署allinone方式部署jumpserver4.0.2
一、准备工作
版本信息介绍:
jumpserver:allinone 4.0.2
postgresql:12.20
1.1、官网文档
https://github.com/jumpserver/Dockerfile/tree/master/allinone
1.2、部署数据库
docker run --name jumpserver_postgresql --restart=always -d -p 5432:5432 -v /data/Postgresql:/var/lib/postgresql/data --shm-size=10g -e POSTGRES_PASSWORD=sdfEdsdf#20x9 postgres:12.20
创建数据库
create database jumpserver with encoding='UTF8';
1.3、部署redis
容器化或者主机部署事先准备好就行
二、准备yaml文件
通过绑定主机的方式做数据持久化
kubectl label node k8s-node-01 jumpserver=jumpserver
2.1、jumpserver.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: jumpserver
namespace: ops
labels:
app.kubernetes.io/instance: jumpserver
app.kubernetes.io/name: jumpserver
spec:
replicas: 1
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/instance: jumpserver
app.kubernetes.io/name: jumpserver
template:
metadata:
labels:
app.kubernetes.io/instance: jumpserver
app.kubernetes.io/name: jumpserver
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: jumpserver
operator: In
values:
- jumpserver
spec:
containers:
- env:
- name: SECRET_KEY
value: "veDMhBkZsdHdfjlsafdjaslfbfiewfbiabjfdakwiafndiawbfjwZ"
- name: BOOTSTRAP_TOKEN
value: "F9HUa5nfksdsd532ndsaR"
- name: DB_ENGINE
value: "postgresql"
- name: DB_HOST
value: "100.64.11.39"
- name: DB_PORT
value: "5432"
- name: DB_USER
value: "postgres"
- name: "DB_PASSWORD"
value: "bWqBGsdfx3#20x9"
- name: DB_NAME
value: "jumpserver"
- name: REDIS_HOST
value: "100.64.25.39"
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
value: "password"
#image: jumpserver/jms_all:v4.0.2
image: cmc-tcr.tencentcloudcr.com/abc/jms_all:v4.0.2
imagePullPolicy: IfNotPresent
name: jumpserver
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 2222
name: ssh
protocol: TCP
注意事项:
1.将相应的环境变量的值替换成自己的
2.SECRET_KEY和BOOTSTRAP_TOKEN的值可以通过jumpserver官网给的脚步生成
3.数据库和redis的密码不要使用特殊符号,使用特殊符号在初始化的时候配置文件回不正常,导致初始化失败
2.2、jumpserver-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: jumpserver
namespace: ops
labels:
app.kubernetes.io/instance: jumpserver
app.kubernetes.io/name: jumpserver
spec:
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
- name: ssh
port: 2222
targetPort: 2222
protocol: TCP
selector:
app.kubernetes.io/instance: jumpserver
app.kubernetes.io/name: jumpserver
2.3、jumpserver-higress.yaml
将jumpserver后台通过higress暴露给集群外部用户
#apiVersion: extensions/v1beta1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jumpserver-ingress
namespace: ops
spec:
ingressClassName: higress
rules:
- host: jumpserver.example.com
http:
paths:
- backend:
service:
name: jumpserver
port:
number: 80
path: /
pathType: Prefix
以上,可以通过域名访问验证了。