- 积分
- 16843
在线时间 小时
最后登录1970-1-1
|
楼主 |
发表于 2023-3-8 10:00:13
|
显示全部楼层
在线安装⚓︎# a3 [* U3 F0 r
1 环境要求⚓︎& F2 U: g+ {( j* f$ u
Kubernetes 1.20+( F) A2 k+ A& N( W! b
Helm 3.0' |% ]- k# z' m- y, U8 _
2 安装部署⚓︎
6 b0 i; W6 j# O; f$ k2.1 添加 JumpServer 的 Helm 源地址⚓︎
6 q$ H$ }# e) G/ S* u8 Z
% _1 M9 j. H/ J3 y+ J" k- t1 Phelm repo add jumpserver https://jumpserver.github.io/helm-charts
3 ~9 t! E0 `) H3 n, c- e' s9 M$ Ohelm repo list
$ n3 S# V& ~# c* ]' I6 U" V7 m2.2 编辑 JumpServer values.yaml 文件⚓︎) O' C* }+ I+ Z3 f
8 `9 ]6 n" c+ H
vi values.yaml( k" O6 W* a+ r5 H; L
! @5 l+ \3 g2 }: t8 P) N2 O6 E
# 模板 https://github.com/jumpserver/he ... pserver/values.yaml
" H; m# o* b/ `. }( v7 n# Default values for jumpserver.
# _7 e" @- A3 g8 t/ I0 V. t# This is a YAML-formatted file.7 g9 }8 [ O/ k0 ` R( y+ q& Q* Y- [
# Declare variables to be passed into your templates.
! ?* I5 w* ~$ B/ R$ P( ^" q2 A. @ a6 n9 r$ Z
nameOverride: ""
; f# h5 B( \7 |/ b' ifullnameOverride: ""
( L9 k3 A/ C6 g$ L# O/ d9 `
; F6 M5 S+ ?8 ]## @param global.imageRegistry Global Docker image registry) ?# f; w+ ]$ ^; Z
## @param global.imagePullSecrets Global Docker registry secret names as an array$ ]1 r" z( b- {/ ~
## @param global.storageClass Global StorageClass for Persistent Volume(s)
. a) h& K* l! ]- U. J## @param global.redis.password Global Redis™ password (overrides `auth.password`), H9 m, g0 Y# Z# D
##( g) P8 r" Z. K% u
global:+ T" H- z! S' H' T' l, ^ u
imageRegistry: "docker.io" # 国内可以使用华为云加速
; ` x' [$ O& @ {4 z4 K3 V& G9 C imageTag: v3.0.3 # 版本号
0 O1 Z$ T1 p: M1 @8 ?$ T8 ~( A ## E.g., d( [9 Q1 y( E0 @% _7 S/ Q7 H
# imagePullSecrets:
; x* N0 |1 {9 N( {$ Y # - name: harborsecret. e0 S6 ~8 G: W- q
#
A# l; K2 g0 M# ~/ I # storageClass: "jumpserver-data"
! y3 h4 V" S# g1 r/ T ##
. a% h5 Q$ R+ Z imagePullSecrets: []2 a2 ^0 B; s/ _( Y% G
# - name: yourSecretKey
, C* T9 t: i8 l7 v! H* e' d storageClass: "" # (*必填) NFS SC
& H) d9 L& j& n* O9 D# c3 L* U! n3 P! l& j7 H
## Please configure your MySQL server first3 F4 J5 J1 T8 R( t5 I6 |
## Jumpserver will not start the external MySQL server.! `; E0 x7 L7 g, g: h( t
##
$ i( N# G0 [) Q+ \& TexternalDatabase: # (*必填) 数据库相关设置6 I: `4 v7 E" @( W! B
engine: mysql
1 D8 Z# A) |3 ~3 L. K2 O host: localhost- ]( H U% m5 r4 R" { U) F
port: 3306" k' V- y1 ]+ y+ x% c% f
user: root( T4 a8 Q$ q4 @5 n
password: ""
) C2 K G# U* _- G3 r& m1 t) d I$ { database: jumpserver
6 ~9 T0 Y3 t+ W' S# v" o( K" @: x1 w
## Please configure your Redis server first# X6 j/ j& {+ [7 @7 W, E' @% m
## Jumpserver will not start the external Redis server.6 P. Z/ k; J) t$ y# r) S
##3 {6 X; J/ ^4 G; s
externalRedis: # (*必填) Redis 设置6 X& E) x8 r$ H5 \' ]( B, e
host: localhost
2 F+ F* @8 O0 n5 ~ port: 6379
. c* I- H8 {5 ?6 @5 X password: ""% a% J. ]' J* I, F( |- A9 b
1 C, ]+ V, ?. A- {* }, \, B2 o" q
serviceAccount:% T& g% L' H- d# u8 H0 l: \
# Specifies whether a service account should be created
2 L7 @, ]. }9 { ]+ a) t# v create: false/ m2 X) T0 y1 A8 J* n0 b0 Y
# The name of the service account to use.
. e- m* a9 P x # If not set and create is true, a name is generated using the fullname template( g3 n! \5 O) P" }3 W
name:/ h( }' P I% Q5 Z* K
) A! I- h# t1 B9 a
ingress:6 f/ x3 B5 K, @! c& J7 j6 ?. k
enabled: true # 不使用 ingress 可以关闭
6 o# n) I P3 C6 V annotations:7 G5 Y f# A, [- {; h' K; O! [' r
# kubernetes.io/tls-acme: "true"/ U% `/ m8 u/ {7 Q0 B
compute-full-forwarded-for: "true"; }4 `2 x0 M. o+ ^( _+ H
use-forwarded-headers: "true"+ v4 h0 }- V& y% C) s i _
kubernetes.io/ingress.class: nginx9 X. I0 r9 f6 F/ S) y
nginx.ingress.kubernetes.io/configuration-snippet: |
; I/ b& z/ M# A7 G. J proxy_set_header Upgrade "websocket";
4 X2 ?+ d9 v8 S5 X proxy_set_header Connection "Upgrade";8 t( x6 {- b0 j; H. j0 b$ q
hosts:8 X3 \7 C- P. G6 U' W% b+ m
- "test.jumpserver.org" # 对外域名
6 e1 }! H, U7 Q. K# [$ Z tls: []0 D- O# L- F' k/ v
# - secretName: chart-example-tls t3 M1 ]/ I# d- J& j
# hosts:! J) Y. e: N0 i9 P
# - chart-example.local$ g" p9 T3 k A: Y4 w
+ v9 l( v, H9 I% K& c- k
core:1 A T5 o' w( @/ C
enabled: true
. J$ D% h1 V( y6 L) a+ p+ q' Z7 n* b/ a3 K) G
labels:
7 e; E, D1 F j3 {) C; h* { app.jumpserver.org/name: jms-core
! t' Y* c' N6 C; e) e; d c i+ L4 t; m$ z( o/ z
config:: p, U( W3 \ D9 @7 t
# Generate a new random secret key by execute `cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`$ A, `7 @# {0 c3 P8 W
# secretKey: "B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy"+ \6 e0 r& }: x. w9 ]# i
secretKey: "" # (*必填) 加密敏感信息的 secret_key, 长度推荐大于 50 位% @( e- p' j4 G" Y+ O. P' g
# Generate a new random bootstrap token by execute `cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`, B, V8 }; |3 K1 T: N9 J8 o
# bootstrapToken: "7Q11Vz6R2J6BLAdO"" ~, j( `! ^; ^8 T; }
bootstrapToken: "" # (*必填) 组件认证使用的 token, 长度推荐大于 24 位
9 Y$ h8 U$ B* k f # Enabled it for debug
8 ?: O' C s8 |2 Y: D8 h debug: false
' [9 j# e- _4 t0 m2 Y log:
# F; L( ?5 j( G L7 d( O- v level: ERROR% y$ z. _( W f" f. [
# a8 L- K8 P: N9 S; r3 s replicaCount: 1
3 L9 j1 Z7 s! O `2 P( C6 U( X1 M1 \* W
image:
% E8 G B" Z, X3 B5 { registry: docker.io" j5 k3 ?, [4 h& b2 I7 V2 R/ G
repository: jumpserver/core
+ {& |: R) Q- l& l# K tag: v3.0.30 x6 b! {: n! x
pullPolicy: IfNotPresent
) H0 Q+ m% e/ `" T* a
h) D7 N1 c7 L ] command: []
# Q( z% c1 g# N
' K; J5 m: O% D% w+ x. u } env:+ [2 @' X3 x. o* A4 J
# See: https://docs.jumpserver.org/zh/master/admin-guide/env/#core
1 x! ?+ b' f4 u) @ SESSION_EXPIRE_AT_BROWSER_CLOSE: true1 W8 I8 G( B$ v
# SESSION_COOKIE_AGE: 86400
& s( N5 V, J6 \) m& u) | # SECURITY_VIEW_AUTH_NEED_MFA: true
# R- n; S% ~" L9 b
+ }: E `+ N+ Q# Z' s2 V livenessProbe:6 T+ W5 d7 x% f# F& K: _
failureThreshold: 30
' W4 G- D! j$ r8 I httpGet:
. I, P9 ^5 x! q* g path: /api/health/
0 B& d3 o" A. f$ j8 [& _ v5 ? port: web
" X0 p' s0 _$ {* J) [2 y/ t) j7 Y- s4 ]% C& M6 {( A
readinessProbe:# J, o0 ?$ D. F' y; Q+ I2 ], j- {$ @
failureThreshold: 30( x9 \. E" G" J2 ~
httpGet:
& E2 b* a2 J. i. T2 k) a path: /api/health/' c; O5 e+ R6 l' w3 T& d
port: web8 _5 I0 F( ?3 p q
% p! w7 z* n# _/ q# U* X6 N& V" r
podSecurityContext: {}+ Q4 a# {$ j4 E- F. j
# fsGroup: 2000
& _) u4 O5 ?& [, J3 c( d; ?; ?# v5 ?! v* r" z% f5 o1 H# Q$ _
securityContext: {}
% E& _! ?, N) y+ J' x8 t # capabilities:
% y% M4 E( v- b6 B% X # drop: f0 r' V& v# y0 l( l
# - ALL. V$ u; L( _; ^5 T, M
# readOnlyRootFilesystem: true$ x6 U4 _8 }7 m9 A7 j/ G
# runAsNonRoot: true* v5 h# `: `# L
# runAsUser: 10008 O' n, `& v0 w S4 }' l
" r+ h; z" T7 h service:
8 u6 `- `# h3 Q type: ClusterIP
5 f1 H4 u+ H6 m4 N8 m web:
( K0 w$ ?( A3 C& D port: 8080
' J9 h) T+ I; b0 W: _; ~5 h) ^% G& J2 B: B) r& s* T
resources: {}
' j( l3 a U# |) r # We usually recommend not to specify default resources and to leave this as a conscious
) p" Y1 N; \, I |# X- Z # choice for the user. This also increases chances charts run on environments with little, r% Z3 d0 e- x( Z5 o& G' I1 C
# resources, such as Minikube. If you do want to specify resources, uncomment the following: p/ C, B7 x0 v3 V
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# h4 ~+ R9 n. _: z* D # limits:
. W' s( }: b- P( J$ `. Z # cpu: 1000m
% p* u3 _/ @3 @% M, [ c% ~8 R # memory: 2048Mi, H, r; O0 v0 A
# requests:
1 b. Q$ z! ?) W2 m: D7 @! [ # cpu: 500m
) U9 _' ?4 t8 u0 l # memory: 1024Mi
1 m, f- h0 ]# A$ R5 W" s- }
* S+ a1 o* }1 Y# @& S persistence:" ]+ o% h' x o6 ]: T- M
storageClassName: jumpserver-data
- Y; W) Q2 D0 _' f accessModes:
! [" q9 O5 Y! X - ReadWriteMany
t# e7 Y8 z; H) ?9 q size: 100Gi
1 P; K; z1 E9 b( ?3 f8 T # annotations: {}
0 @" o; J7 V0 ?1 c5 o D finalizers:( w9 h( ]$ {6 K' }6 h
- kubernetes.io/pvc-protection! Z. ^* ?6 m7 i+ O2 g% a
# subPath: ""% V* q ~$ H& Q8 ^5 P+ b) H" e
# existingClaim:% R: }0 h X& p8 E5 T* y
8 _" g: G8 s$ Q! T* u ]' T volumeMounts: []( U# B$ r' j& m( H9 h8 g) f
1 |0 ], D/ g# X7 _8 ^) h7 V9 Q volumes: []. C( u5 d" I5 G& s. H6 }& W
- w" d) O" r% o6 j% E; J1 ^ nodeSelector: {}
7 m0 Z3 Y( S1 C. c; x* Z; ?0 [3 W* Z3 S
tolerations: []
+ M" `$ t9 d2 E h1 ~! r
: _* h7 ~: ]3 r: @' }" _2 d! \ affinity: {}# G. Z& y! i' o8 Q, Z/ @3 B
& l0 M8 J* P8 ^, I! R% {! P
koko:
: f* _; W P1 }' H# o enabled: true, O1 @& J1 X, W, R! g' h
+ Z7 F/ K+ }% x- S( D( w5 k
labels:
: b9 r9 ^% F6 {* f+ G; Q; O app.jumpserver.org/name: jms-koko; d$ M, B2 y; m) S3 c
) X0 @$ W0 H$ n- J* h7 S, a% r
config:6 ^8 p8 w/ {% M
log:8 Y* i8 H$ F- }6 w O7 L) E- A; D
level: ERROR# G, w3 H) H0 c$ g# n8 o
# }! j8 w$ }- B( H replicaCount: 1
7 v( s8 k2 c( E
: Z; A. n; `, a image:
; J8 G- s# u4 w( |! i3 e5 p4 q7 g+ E registry: docker.io$ n {# y7 V b. ~
repository: jumpserver/koko2 D$ j, k6 w! Q% q; e9 M
tag: v3.0.3% _; J7 {8 S0 [! N0 ]: u
pullPolicy: IfNotPresent( c+ M6 [5 D& t5 E# T
' c+ H$ d% K, o5 B. c6 R command: []
5 z1 F+ ^3 { c5 |4 ~( B; U3 o; v
; G. R/ x0 f1 k# J, C @7 v env: []/ `5 G: j% W; t+ E$ W
# See: https://docs.jumpserver.org/zh/master/admin-guide/env/#koko( \* L/ z/ h6 h0 ?
# LANGUAGE_CODE: zh& F; z, y, O4 o' N7 w
# REUSE_CONNECTION: true/ c: Z6 M* f/ _' J
# ENABLE_LOCAL_PORT_FORWARD: true
1 t. Q! J2 s9 a. j( A* t # ENABLE_VSCODE_SUPPORT: true
. l+ k; `" R& D# c/ J7 ]( Q( H4 F
% g+ n+ `- v6 e; \' t w livenessProbe:
) I3 j* s9 Q2 o7 U% r7 G6 E failureThreshold: 30 `' \! K% G$ }8 U8 A1 F
httpGet:
- n- k7 X# R( s f! d4 n$ X# G. { path: /koko/health/
3 k: Y& t- P! D9 s5 y( Z' U8 |. I port: web
! P7 c ]2 \4 S, p, M0 ?* G& t
5 B) O7 {* p9 |8 X3 L readinessProbe:
' G6 J0 Q& [% j$ X failureThreshold: 30
) V6 h9 a6 U( ]+ w5 S+ H httpGet:
6 _ R+ C7 l+ {' |) T" n0 { path: /koko/health/
% l& Z0 @4 } F+ ~+ y port: web
4 o" B" ]& c ~: y% @2 O4 {3 `8 T* i' M! F( v
podSecurityContext: {}+ U8 t/ S W- b# K9 q% P
# fsGroup: 2000+ C: O: ]! G- E" f0 S
1 ^) W, S6 i, O( w' j
securityContext:, W8 ^/ v) p: O3 b4 x/ Y
privileged: true% o- e$ e; ]5 U5 l6 b; n
# capabilities:
; G2 s( ]7 a6 [+ F # drop:
- I) u. M: D1 d' ?$ Y # - ALL
R/ _& v6 }2 R( K0 [ # readOnlyRootFilesystem: true
) n! T% U1 h% w2 m- Z # runAsNonRoot: true" n/ f) f& t" c6 k' x/ X
# runAsUser: 10001 T$ c# D. N. H1 W# n$ |
0 q0 O1 U$ x9 F2 l* `" q6 h" t service:
3 l4 S6 e% e8 c3 c% | type: ClusterIP+ ]1 b* H3 s0 D" _- ^: {# S
web:* M% ?+ l( [* M( K4 B9 H3 w
port: 5000
" h7 B, v6 D6 W- H5 P2 W9 W ssh:
' D3 s' F/ M% Y2 H+ `; W0 o2 ^ port: 2222
5 j, _: o! N. ~ o3 A# N# Z$ G+ c4 s5 m
# K) z6 u6 W3 |2 ` resources: {}* Y1 f% v5 z! T2 D+ s X
# We usually recommend not to specify default resources and to leave this as a conscious
o# T; `: F. R H # choice for the user. This also increases chances charts run on environments with little
( c, r% @" O$ l$ U; V# D # resources, such as Minikube. If you do want to specify resources, uncomment the following6 C1 [' X) \6 K% \9 V
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- x$ f" L M+ O' I0 X T3 N # limits:
5 P8 D/ d# ]& @& J6 t% O # cpu: 100m2 w! x; S) r. P8 {7 E
# memory: 128Mi
& j8 j8 o F+ V& @ # requests:
% \0 t& v& y0 ^ # cpu: 100m
( i/ d! V5 ~. ?: L7 {! C2 u0 x # memory: 128Mi
1 \; q+ B* `' F0 \9 ?' O
/ i0 @0 y& C" D# s: X; { persistence:
8 r, |2 |0 h( w, M storageClassName: jumpserver-data
4 u' S0 i2 |* A, n accessModes:3 r1 ?) Q, z/ j8 D
- ReadWriteMany7 [% H' v' f/ s$ C. c2 h) P6 {
size: 10Gi) O0 d2 L& [* f
# annotations: {}) b. ?3 I9 [: H5 r+ _
finalizers:" p1 A& T# X$ }4 j. e
- kubernetes.io/pvc-protection1 A1 ~* u9 c0 H8 ^( X9 m7 q$ e
' i6 }4 E" K2 s, ?3 n& ]- ^
volumeMounts: []
% q! @- N4 F% O9 o( K3 f+ L; h" N5 G! \- j% f0 Z! M! K, B. \
volumes: []/ v; u% T) D+ S: M3 x
+ ^2 I9 F. M8 p2 q8 j* x l4 }* D
nodeSelector: {}
' M- ^5 Q6 B. r K1 ^. h+ ]
2 P: T, `) P5 W+ @$ g tolerations: []3 |9 c. z: `# s+ U
0 s9 R1 h0 k1 z
affinity: {}
: n3 P" S# K% w, o$ Y& u. S: |3 f d% J4 k/ j; b
lion:
2 d- v+ `0 h" ~6 E; _ enabled: true
+ ^# a. {! W# u% Y0 [" f- u4 j0 g' q6 S. i9 \3 Y
labels:0 ?9 f6 V# n7 c) _
app.jumpserver.org/name: jms-lion
7 F4 Y! ]" L5 U0 N& D3 b4 j: i4 y5 `; E i
config:
9 T' L. V5 V1 p$ S `3 C4 B log:% w; y/ r! B# i6 h
level: ERROR0 M1 M9 ^ G( e9 W# p
" P* B3 b3 l' O replicaCount: 1
# @( H; y6 @: ?7 K: |$ i
' R; x. x) G( ^& m1 I image:
4 ?! V1 I5 z: Y& J registry: docker.io
; v9 S6 R6 \ e2 H* d repository: jumpserver/lion4 x5 w; [# F1 \1 b6 Q) T1 B
tag: v3.0.3
3 X5 s5 ^/ S$ r- ^' [5 ]% r pullPolicy: IfNotPresent: s! d0 r7 Z4 i; c
0 H1 a% l- h `% x4 k
command: [] y7 H# q& |. W M& Z$ h4 v9 d$ [+ {
) {' N, m6 d/ q. V& |
env:
9 ?- Q& l) Z- [4 R9 m* ] # See: https://docs.jumpserver.org/zh/master/admin-guide/env/#lion) [. @; z8 N2 \; {8 v+ q
JUMPSERVER_ENABLE_FONT_SMOOTHING: true' D( K2 y: h( a: t& i% b( b% W8 R
# JUMPSERVER_COLOR_DEPTH: 32; @+ \. m$ W: v+ [4 N* I9 ]" J2 m
# JUMPSERVER_ENABLE_WALLPAPER: true
5 r' g% _# {; @- ]) z. G# \( | # JUMPSERVER_ENABLE_THEMING: true' G% X! x8 k" D! o2 S; u' F
# JUMPSERVER_ENABLE_FULL_WINDOW_DRAG: true% h( _0 p, K" c4 G: z: q
# JUMPSERVER_ENABLE_DESKTOP_COMPOSITION: true# A4 V2 B* y8 T ]# K4 u# K6 ^0 C
# JUMPSERVER_ENABLE_MENU_ANIMATIONS: true+ r N/ l3 m6 w2 O( ]4 a
( n$ `% \6 H, S7 b/ L0 S livenessProbe:
& ]% T, j2 l7 S1 c failureThreshold: 30. n; d6 N+ y& _/ L2 W
httpGet:
6 @' W' p( Z% t path: /lion/health/. h: x$ L( R7 d0 P9 g4 }
port: web4 O* q0 l) K# x1 o% G$ O
4 R, [7 q; I' o! D1 T& B6 k
readinessProbe:: ~' E- Q9 Q! ~# w# b, ^- q
failureThreshold: 30
! m$ e) B" H* ` O5 e httpGet:! O6 }, {- r& B! x! Z
path: /lion/health/; ]4 N5 R- M/ T% H+ m; y
port: web/ N, r2 w' p: B0 T4 I$ k
, O! X3 r D) X* ?7 P9 q podSecurityContext: {}, d% g: Y$ o) v: m% g
# fsGroup: 2000
8 }* n: A+ R9 a K7 V% y: B: p/ v- v& z2 a! _- j
securityContext: {}
0 t, e4 U* b9 H, k! T # capabilities:
+ ?1 ]* i2 u' O! H" s4 z5 J # drop:8 S+ J6 Z" I" y; @3 @" }
# - ALL
' U, z0 W- b+ O Q, n- Y X% C0 P # readOnlyRootFilesystem: true; f8 @2 H0 v4 d* S& t8 Z D
# runAsNonRoot: true+ J3 n; O8 I# t# o8 @9 a9 u/ ]' A
# runAsUser: 10002 R( {( W% e7 l: V
- m( b; R8 p# l# b' } service:
/ f: [. e9 k4 a2 D5 V, C' @2 x. a8 a type: ClusterIP! c( {6 K+ v- I' o0 m3 ?/ e
web:
, Z* u' t9 I' i6 b7 \2 R7 K4 p port: 8081* i% K% @5 a; U% x; L- D
0 t7 V8 ]5 P2 ^0 A1 v
resources: {}
" B& p5 l9 p; f$ k1 [ # We usually recommend not to specify default resources and to leave this as a conscious
4 \" G; v8 d+ _ # choice for the user. This also increases chances charts run on environments with little
8 f' }+ ~3 j) I5 |9 i( x # resources, such as Minikube. If you do want to specify resources, uncomment the following
$ z0 }: y; g" Z3 S# { # lines, adjust them as necessary, and remove the curly braces after 'resources:'.: R1 R- Q' E& z# K/ g. y
# limits:0 q$ a- d$ C* J0 s
# cpu: 100m
, T4 Y4 j9 J+ Z1 v # memory: 512Mi$ ~. @3 v1 e# ?
# requests:$ D, }% N H, K
# cpu: 100m
' f* R3 c/ _5 A3 o; C # memory: 512Mi
. q2 o( P9 N. d) R) i; S& F& G9 x0 ?$ s
persistence:! ~5 K/ t) b" g* v
storageClassName: jumpserver-data
% G8 j, n' X9 C9 o accessModes:
2 {. [0 w* C3 O - ReadWriteMany
5 |/ _$ X: p4 A6 @& } e. o size: 50Gi
) m2 _ x# L/ Q6 D0 Z4 J; r # annotations: {}5 x. V# t8 ]+ W, P, l; j- `! V
finalizers:* f0 |- \5 t* }( }9 {
- kubernetes.io/pvc-protection
8 J: l8 |2 ^! Q( s9 r; r/ t, W( W( Y
% X. m9 e& t' N/ i- Y volumeMounts: []
5 @8 c0 Q4 r1 S0 U+ d! J- Q% Y3 m7 R$ m
volumes: []6 H S# m) ~5 U2 o1 N9 R
S3 K9 h" }; ]2 M7 {6 F nodeSelector: {}
$ L) j8 ~/ k3 ?$ e$ w
3 n8 ~$ B6 \/ E% g& Z tolerations: []0 U' b8 D5 \- R! ^0 t3 ^7 K6 z
v4 E1 s* L; d: L" p) R! K# E affinity: {}( F2 q2 J2 N. t5 b
$ n) s( s0 j. ~magnus:
; X1 E$ t' Y7 f& U& O8 O6 H0 x enabled: true ?4 _# a4 V3 Z( [2 m/ v; ^
! ?. H4 m- ~1 {% m" K& a" K
labels:
8 D: V3 d( h( O3 ^* o app.jumpserver.org/name: jms-magnus* Y% q8 T' q4 S# O% Q! s! ]
2 K5 {+ @' y" H3 m6 e5 f config:* m Z* z4 I& D/ A( z1 V
log:
$ t% [0 g- m+ ?8 o level: ERROR( ^6 x! d7 O$ d7 @' H; M- O
( T' U& G) C# [; Q- ^- W7 K4 c# t" D
replicaCount: 1 R; X9 D, y8 o: g0 S
! n7 \2 I1 i$ N- d& ^* G
image:8 z, k( Y6 p4 L' L# ~
registry: docker.io
/ B, d: s! o3 e" l. D repository: jumpserver/magnus
6 p6 Z0 g5 I- O+ W3 m tag: v3.0.34 g3 Q' g4 f; g' s4 [( x, X
pullPolicy: IfNotPresent+ |9 J# `3 l2 C
+ M0 ~9 V4 n. f' F9 K2 Y6 D. K
command: []' j3 R0 W( G# B: Q
' c: n! c- n; v2 R" ` env: []
! e! j) \/ L+ \& c
3 @. T# v% K+ Z livenessProbe:
/ [, N5 \0 a) V) V2 e failureThreshold: 30) V/ M* }. x! ~+ Y& n
tcpSocket:
4 C3 b2 z+ q( C* ` port: 9090
$ e3 g' F' ~& ~ D2 p: \! M7 G# ~) q( I/ e& X' O
readinessProbe:2 G/ y7 e$ G# s* s" z
failureThreshold: 30
2 |6 {5 k d' y3 Y) A6 z, B6 W tcpSocket:$ v3 t+ V4 O. @0 Z8 J: B( j( [
port: 9090
! u. i G% D: F: x* y4 V& b4 o* k: w1 p5 N9 f, R0 D( c
podSecurityContext: {}
7 j/ m: _, K. B. i- W1 b # fsGroup: 20004 m" ~- k6 V o8 p/ i. y2 ^( |
" b1 j; X: q; A: R. ]7 Y6 f
securityContext: {}
1 z+ l2 r. U! j5 S: b- X0 J # capabilities:: g4 v# d \/ x& j) v
# drop:
S5 n3 r8 ?, J! h # - ALL
! R4 B7 \- J9 F* [ # readOnlyRootFilesystem: true, _/ |4 t. w ?# V1 e
# runAsNonRoot: true
* b& _6 |- K. T+ o3 u/ ~8 E% k # runAsUser: 1000
3 K( N0 e1 I4 _1 h/ k# a# x2 } _# _: a$ B3 M; [, N# @0 D
service:8 a8 |% t- K& {( M; f
type: ClusterIP
7 q+ d, |9 f% l% v6 }3 T mysql:. F# B7 I. P) ]0 P/ g! H
port: 33061 D0 @3 I6 j. N
mariadb:
. B {' F; Y3 x: ^5 c port: 33062
% g; c0 ]+ n0 q4 \+ @ redis:
+ `- e! A( _& Z6 j- w; p* M! | port: 63790
2 Y |$ G- Q& Z/ D1 Y0 O* p0 I' B! @ postgresql:( W; k$ |# x: ~( H
port: 54320
& n; p( i& N' S2 t; @. ~# K3 w! `4 \ oracle:
, x0 z# a; i4 Z: n7 Y ports: 30000-30100! D9 [) o6 S d+ p' T6 Z+ z
! g9 ^% R% U3 n* q6 s5 u
resources: {}+ v4 l6 i/ C1 P& \; p- y" q9 ]) T
# We usually recommend not to specify default resources and to leave this as a conscious0 c$ q$ x6 L% l. ?: Q
# choice for the user. This also increases chances charts run on environments with little
9 T5 {2 a' i2 ^1 L- i; x/ e- R # resources, such as Minikube. If you do want to specify resources, uncomment the following, U- H( N# y# o7 r
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
) B) m" j( _4 k t4 [% P" b( }0 V # limits:. h; [4 W! d) S" ~! G
# cpu: 100m$ R3 h% b1 ]- Q* b- p
# memory: 512Mi
1 h* l7 g/ q# K& i* D3 L # requests:, E: c9 g% G7 g3 M+ |, f0 Y! m
# cpu: 100m* y+ ^* y9 m* s3 k1 s
# memory: 512Mi
9 w; S: h; S2 H+ k# A: j* V+ w* q% ^* N( L' `9 a; r0 V8 E" G
persistence:
$ k' G/ f! W7 K5 P storageClassName: jumpserver-data7 ]6 j5 T3 d8 [9 Q8 j [' C
accessModes:
$ }* m' f a& G, c h3 p: o7 L6 f - ReadWriteMany
2 c3 F! b$ u0 I. I1 `' O. ~ size: 10Gi- P0 M$ P* J! A& F) h% T
# annotations: {}
% x5 X0 @8 ]. M# c7 U1 L4 L1 P finalizers:
% Q2 ?' A. D% f. K9 Z1 ~+ R6 z: Y - kubernetes.io/pvc-protection
/ j* \+ \/ z' Z0 S4 \1 P
9 \% ]' A9 c& C6 p4 A3 k volumeMounts: []5 M: M' N* |. K* ]0 c% j; g1 Q8 r+ j
- ], I& @0 g; V- t5 f, a volumes: []# i& _8 j. v7 x- b- B
, U; {8 G* {2 _ S1 o
nodeSelector: {}4 O8 [( M1 V# G6 s1 V
w' |- D% Y' Q( }8 X
tolerations: []
' t6 v; x3 }( h6 e8 k; w1 _" Y% h$ r# F: y
affinity: {}
' |" [: b4 q5 ?) R6 C6 O- ?4 [2 y+ I, L: ?/ b' u
xpack:: x1 L t2 [9 ]. j# G
enabled: false # 企业版本打开此选项
" `3 A, x, j/ H# z# H" t- i2 u
7 T! n$ k$ u" }% v }- vomnidb:# }8 K X/ K- j {% ~0 y6 C
labels:! K1 d8 Z; b; h4 D, @
app.jumpserver.org/name: jms-omnidb/ @1 I- s! B: H8 V: Y
7 |% p9 T9 X, F5 V
config:
# Z# u+ X3 D+ {1 G+ ^7 c/ f log:& \4 Q2 c6 o) r( t* F
level: ERROR, q- |5 v3 |4 G
8 K( f8 o# Q* u replicaCount: 1( X, i1 X) P3 p. P
9 b j: J8 Y5 b5 v9 v: _2 k, v# O4 h image:( c6 F R$ b! L* `: @4 [- k, q
registry: registry.fit2cloud.com
% \2 a4 t6 `9 z" N4 B repository: jumpserver/omnidb% ~9 [3 p- M* v
tag: v3.0.3
) d' k# s, V+ V7 [ pullPolicy: IfNotPresent
* p/ @8 L2 R5 @% @
) S) y8 F7 p' E d command: []! v( n/ w/ a( B% E/ g( V
! Z5 [* j- `# Z4 X& v+ e) N
env: []
" D$ B5 a& I0 u! w
4 w3 z. F, t0 ^ J' I! U livenessProbe:
* ~$ m0 m; T) x failureThreshold: 309 h% y" W$ G! {( m, p8 l
tcpSocket:, D: B* ]* y3 w% \
port: web
/ D, ~. d q( S2 q7 O: f; M# _4 F7 s$ D& N3 D' O- |5 K5 h" [
readinessProbe:
" k! H8 i5 w6 K* |8 j) o" Q( E, s failureThreshold: 303 J, Y- [5 E* p8 ~" {( r x
tcpSocket:& o I3 l' q8 T- ~0 v' a4 |$ L
port: web
$ y* V& @: S( x5 |6 c, v0 X3 a% r
! T% j! j5 ` y( P; L podSecurityContext: {}
2 L7 g1 q7 E0 h& F0 ^ # fsGroup: 2000$ o3 Y: O9 H$ T( H3 f# @
; ~" l& T# ^: t t6 n& ~" y( h securityContext: {}( v* Q8 N0 \) N1 C. D4 m% X& k9 T
# capabilities:
- m& u6 F4 y# X: H: J # drop:- E) r# \3 ~* u; W! y6 A
# - ALL
# G4 P; E: H9 ~/ c6 A! ? # readOnlyRootFilesystem: true! L6 G# y/ P9 Z, v% J
# runAsNonRoot: true. x0 C/ e5 c* r2 i
# runAsUser: 1000
* J) u- l C P) S; H, b/ o! |/ j$ w; m i2 d5 r9 A7 M
service:# r5 _' Y/ ]0 K H
type: ClusterIP( l& j6 z1 U" I5 z% F
web:
1 t8 D( N( R4 B% ~' { port: 8082
+ m$ J" T5 k4 I9 f( q1 L
" x0 Q* E5 m; W! k& |& o resources: {}& x' K& G1 Q$ X& u
# We usually recommend not to specify default resources and to leave this as a conscious& `) l0 x- N% |
# choice for the user. This also increases chances charts run on environments with little
, l+ I- k4 ^5 `& d8 b # resources, such as Minikube. If you do want to specify resources, uncomment the following
0 i! z" |9 b! h. B* x2 ? # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
3 f; d) A% i) ], D3 u; a5 s3 N # limits:# ?9 I7 B- q, r$ t5 {1 Q! Q* c2 i$ H
# cpu: 100m7 l' g& l; w+ I- v4 ~- J: x
# memory: 128Mi
! m7 R i9 ?: l8 O ^3 [8 M # requests:- d, T, G! {9 C$ v& |
# cpu: 100m
0 U7 G7 Z$ [9 ^# E* _3 U # memory: 128Mi
0 Z1 f6 x5 v! f2 S! t' I$ C4 h" E# B+ D% ^- ^
persistence:' C1 Z- \# } m
storageClassName: jumpserver-data. [% W7 m6 |/ B0 K
accessModes:
' E1 t) z9 [. \* F - ReadWriteMany
) V! E0 i1 {( i9 q* [: g size: 10Gi
0 j) ~ R) S. f O* O # annotations: {}% P8 P! t% N0 T
finalizers:
O' a- N! @' v0 `; P, N% e - kubernetes.io/pvc-protection
& e8 y% g9 `! d/ }% Q! ]7 k3 u) r$ \
volumeMounts: []
o& ^" q& o7 m( X' Q& d, }6 u$ \' v
volumes: []" |' i1 W2 R% x% C" \
( C! [, |& H' [5 @% W4 e
nodeSelector: {}' y* ]8 O3 h$ w- q
$ U! T' A' r1 T, r6 x7 J$ _! R
tolerations: []
1 P, A, z. d- D1 N1 `. y7 v5 s7 s& E% v, a. T8 A
affinity: {}
* q$ b' ^5 t, A! M6 e/ B9 m3 \- D. X3 F8 \
razor: S) ~# M% k0 w4 t
labels:
' L, o# l, q) {6 @( o+ [$ k app.jumpserver.org/name: jms-razor+ z8 J! l- G, h
* u# j& Q8 O+ {8 P config:; c% d1 ~1 R. i s1 ~% g' L
log:" o* `8 f7 Q s) {
level: ERROR
9 L! N# f4 e* ]7 o2 b* L
5 X9 C! U. i1 P. b$ [! J replicaCount: 1% S5 g1 [5 c2 G# w' g
u9 y2 D3 ^: ^+ N3 V image:
) y5 B6 w6 n- t& |- ^# q' W registry: registry.fit2cloud.com
( t2 q1 x7 g; U8 b- b, X repository: jumpserver/razor# L1 ?9 ~# o {; d0 {: A
tag: v2.28.6* }/ [; ?! i9 h- z- `7 N, q
pullPolicy: IfNotPresent7 t) [; W' O/ v& o7 a* f0 W
2 T% e0 e$ {0 r0 m2 b
command: []
" x: k7 c2 Y& I8 m( w5 {( Y+ w8 ]
env: [] Q1 B* g6 I- G
; ~% D5 `+ M X+ L" {
livenessProbe:
( H: l: m1 d: d; |9 M) _$ O; w failureThreshold: 30* g- `' l5 D" ]+ T
tcpSocket:
' K+ a2 `) |# @( G" {0 u# ] port: rdp% \# `5 r; L" O
* V+ J6 K6 D- U9 Q1 s readinessProbe:
# a% a6 i T! J2 O failureThreshold: 30
( o, Y2 o* ^ k; z tcpSocket:
6 A. y* |' }0 |+ ?& C# S7 R+ P4 g port: rdp
4 C3 j0 p7 Z0 ~/ r: R" ^; t, j- H% F4 @& v9 v4 ~1 I. {: e
podSecurityContext: {}
! E% S" e' H# ?6 {3 b: R$ _ # fsGroup: 20003 u" p) J& `& ]
2 M( q x2 W2 R) g
securityContext: {}# ^+ ]7 Y8 A/ I$ J6 E
# capabilities:
9 S' j4 |' K. _: B6 {9 y0 D # drop:; k& {' B; H, @3 ~8 m* y8 A
# - ALL6 D' l9 A9 ]) Y- a
# readOnlyRootFilesystem: true! B5 G5 C! K }1 e! M& ]3 o
# runAsNonRoot: true
4 Y+ \, ]- N! O! ~% k8 o # runAsUser: 1000
b1 F% p4 f4 n0 |1 m4 P. X2 W0 h# D$ ?7 J8 H Y
service:# e( H' w+ d( a2 n% G
type: ClusterIP0 K9 `0 c# v$ f3 M4 K
rdp:
9 n+ W9 {: q! s% j% R port: 3389
8 v3 L7 Q9 R/ D& ?7 {, F$ B$ V# g+ w |
resources: {}
. W3 E0 n K& m # We usually recommend not to specify default resources and to leave this as a conscious
$ b) a) N* X5 @( r! c # choice for the user. This also increases chances charts run on environments with little" D( l% R# ]% z7 x
# resources, such as Minikube. If you do want to specify resources, uncomment the following# R2 [2 y5 X2 ~+ o
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
5 D2 I2 R8 |( F8 H* ] # limits:$ i) U$ F' L6 |7 i" V6 h4 l
# cpu: 100m/ O: p2 n) V" Y) Q, L8 B/ ~1 ^
# memory: 128Mi
) @9 G( [/ b5 `2 v3 ~6 n" i # requests:" \( z# c! y1 O+ I$ {
# cpu: 100m
8 n2 J1 c, [ T/ g' Z6 W. j0 G # memory: 128Mi
$ q. g) h" b, R E
" b$ L% e6 i' F- a5 a6 g persistence:3 O; @& \& ~1 V$ X
storageClassName: jumpserver-data+ e" o4 W7 J3 f9 ]# X+ ?
accessModes:/ \7 |2 F7 z& D+ I' F
- ReadWriteMany
9 z6 n N2 P/ H. V0 h: j% p/ Y size: 50Gi
& Q7 d% v2 {9 H # annotations: {}
7 x2 W4 I/ s% e/ Z/ v. G& w6 Z, Z& t finalizers:
$ a: c& K' M( a9 h+ x - kubernetes.io/pvc-protection
% ^3 Q, @5 g4 N' @! z$ b0 W8 C/ @: Q3 }6 d6 o( b8 X% ^: `) @1 z
volumeMounts: []3 {4 W* k! ~' H4 t* H2 X
4 y+ l) {8 U- N# W- L3 X/ x* g5 V" C: ? volumes: []: [( w4 w* P2 r, {
$ k$ x7 [' B5 ]9 {& q nodeSelector: {}
2 Q% a. \1 f1 R: E/ f; u% \) h/ f' f) j8 p
tolerations: []
: ?2 T+ J6 B% a0 L: b
% c% A: @5 x3 g% B) r% ^ affinity: {}3 n7 w7 e/ b; F1 |& U- N4 [
" D: h5 }9 n4 A7 `* j& G1 }% C
web:
3 U3 @0 a( Y4 Z" Q) n& _; h# f! ] enabled: true
: Y& }0 S5 T6 g* U$ K% T0 S/ [" H( R" z5 h3 K
labels:
! C- }. A0 u3 z+ K app.jumpserver.org/name: jms-web
3 u1 u- c( v: l" z/ K$ @
* i2 R- u- j1 y: |( L; N5 j replicaCount: 14 J- b- g2 ]1 f+ D
! J: X) d' \* ]( x
image:) m; t+ t& ?5 T! s! I
registry: docker.io5 d' W6 ^& y' n/ F
repository: jumpserver/web
( Q: H2 `0 q* @" n tag: v3.0.3+ ^9 X& e M O9 j% R" }6 c4 ?6 g
pullPolicy: IfNotPresent
) x. z& u( n9 t( Q
: L! t6 \6 g0 W1 m/ s command: []) M: K8 \0 ~/ i9 g% k" a
) ]( `/ s; ]5 \, U env: []
) f. m: [- _9 y/ f% { # nginx client_max_body_size, default 4G
- }; S% r9 x: C- i # CLIENT_MAX_BODY_SIZE: 4096m
& m9 U! j8 p3 y6 g0 B) t- a& |- r& ]! e
livenessProbe:
$ l& y# E) X0 d, z' s* P: z failureThreshold: 30
% i+ d. p; A$ Y: ~+ Z: Z httpGet:0 g: W' u+ Z2 E
path: /api/health/
" k( [$ |- R2 r6 D* l" b5 T5 d port: web
( O4 c( l9 Y/ t/ L/ M% t+ t& N0 D/ U
readinessProbe:
6 h9 g9 d: r: A* s6 j failureThreshold: 30
0 |+ C8 r6 b0 Z+ f7 ?9 t5 A httpGet:& ?, j' H: ?/ G/ ~! J7 V
path: /api/health/3 C- z4 l* d: n
port: web
1 ^ R k6 q7 m& |8 k. o3 m% ]/ u$ k7 B8 v. P& c0 e
podSecurityContext: {}! d B6 b# k- b! ^ I/ [
# fsGroup: 2000( ?- m& q4 U$ C [
2 E4 {$ u4 m& c- @& s t3 }! } securityContext: {}% v8 ~, J9 k5 w5 n! |. {
# capabilities:
1 N! _$ e0 h+ w$ N# q) d- \ # drop:
% W: T% ]4 T5 X8 q7 @$ T5 @1 V- q% O # - ALL( C3 p; s5 u) Q( E
# readOnlyRootFilesystem: true; c# M$ V( n# ?' ^
# runAsNonRoot: true; ~3 e n, Q$ |1 {! r
# runAsUser: 1000& u$ B; c+ |, Y% j& E
- k+ H& }' F( x q. o: K
service:3 H8 b7 {! g: {- O7 z
type: ClusterIP; W6 w6 ~# J# N" E% b {" E b
web:
$ p. R: |; m& R2 Z, ?/ K port: 80( L# b! }4 |7 o/ c) S" m
9 F! }+ K$ P# V( F' y: F( d6 y resources: {}' I b5 e# r, I% a" m
# We usually recommend not to specify default resources and to leave this as a conscious( q9 V1 {$ F4 Q x6 z, R
# choice for the user. This also increases chances charts run on environments with little& d. d% Z e2 c+ W% m o
# resources, such as Minikube. If you do want to specify resources, uncomment the following( N0 j. Y- `4 i7 S) T
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.3 x P$ Y1 K2 H. X& K/ z) [
# limits:5 A. U8 Y* s; _' _/ q. S% o: K7 L
# cpu: 100m$ t/ h4 d5 l0 Q" u' s2 l* M8 C: J/ |
# memory: 128Mi. D/ g: A% ~1 q
# requests:
5 _1 X/ j- B, @( J. O& \: J; j- h # cpu: 100m
+ {' a' t/ T X: r8 n9 X # memory: 128Mi( v' @6 z& ?! ?1 S' ?) M
4 V6 S2 F6 ^$ e6 v# i- @
persistence:
A6 y; G A7 L# ]) @0 |, l storageClassName: jumpserver-data
0 o7 I0 F) W( r7 _9 v$ D; `. J accessModes:
+ c' B; ~& j+ | - ReadWriteMany- G# L9 p" z( z, G& z6 \
size: 1Gi
! h9 K) p1 B2 |2 X # annotations: {}7 W8 E2 w4 F* a3 X( f' c8 d0 K
finalizers:
# q3 V0 ^( r6 ^# k9 _9 d - kubernetes.io/pvc-protection" N0 L3 k$ g- ?* ]% ]$ n
5 @: j2 M. W' n! q) f- v ]) G W; _
volumeMounts: []% t5 A% q0 y! F$ x6 c6 J# W# b
1 U( ]6 i* C) t volumes: []* }5 Y# D/ \8 c' W
8 [: x& s# v6 ?: J' m
nodeSelector: {}6 t# u9 m% x7 K+ e- _
3 h& e7 M2 c: v tolerations: []% N# w# O5 Y W8 P' j
" L- m( q( L5 H; F5 A affinity: {}
( f1 ]( E: ]) x+ Y% T2.3 安装 JumpServer⚓︎; k! j0 T6 l" Q7 I
( b" w0 P. Y8 z& r8 [' i2 s* |
helm install jms-k8s jumpserver/jumpserver -n default -f values.yaml6 L# _1 `7 P$ f- c# f P
2.4 卸载 JumpServer⚓︎
! Z' Q u& \9 R3 E- u7 O/ |: A
9 l* i" k# t) p- g* s8 m7 ?" khelm uninstall jms-k8s -n default |
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2023-3-8 10:00:01
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜