k8s部署jumpserver4.0.2

k8s部署allinone方式部署jumpserver4.0.2

一、准备工作

版本信息介绍：
jumpserver：allinone 4.0.2
postgresql：12.20

1.1、官网文档

https://github.com/jumpserver/Dockerfile/tree/master/allinone

1.2、部署数据库

docker run --name jumpserver_postgresql --restart=always -d -p 5432:5432 -v /data/Postgresql:/var/lib/postgresql/data --shm-size=10g -e POSTGRES_PASSWORD=sdfEd#20x9 postgres:12.20

创建数据库

create database jumpserver with encoding='UTF8';

1.3、部署redis

容器化或者主机部署事先准备好就行

二、准备yaml文件

通过绑定主机的方式做数据持久化

kubectl label node k8s-node-01 jumpserver=jumpserver

2.1、jumpserver.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: jumpserver
  namespace: ops
  labels:
    app.kubernetes.io/instance: jumpserver
    app.kubernetes.io/name: jumpserver
spec:
    replicas: 1
    strategy:
      rollingUpdate:
        maxSurge: 1
        maxUnavailable: 0
      type: RollingUpdate
    selector:
      matchLabels:
        app.kubernetes.io/instance: jumpserver
        app.kubernetes.io/name: jumpserver
    template:
      metadata:
        labels:
          app.kubernetes.io/instance: jumpserver
          app.kubernetes.io/name: jumpserver
      spec:
        affinity:
          nodeAffinity:
            requiredDuringSchedulingIgnoredDuringExecution:
              nodeSelectorTerms:
              - matchExpressions:
                - key: jumpserver
                  operator: In
                  values:
                  - jumpserver
      spec:
        containers:
        - env:
          - name: SECRET_KEY
            value: "veDMhBkZHdfjlsafdjaslfbfiewfbiabjfdakwiafndiawbfjwZ"
          - name: BOOTSTRAP_TOKEN
            value: "F9HUa5nfksd532ndsaR"
          - name: DB_ENGINE
            value: "postgresql"
          - name: DB_HOST
            value: "100.64.11.39"
          - name: DB_PORT
            value: "5432"
          - name: DB_USER
            value: "postgres"
          - name: "DB_PASSWORD"
            value: "bWqBGx3#20x9"
          - name: DB_NAME
            value: "jumpserver"
          - name: REDIS_HOST
            value: "100.64.25.39"
          - name: REDIS_PORT
            value: "6379"
          - name: REDIS_PASSWORD
            value: "Mcloud@2024"
            #image: jumpserver/jms_all:v4.0.2
          image: cmc-tcr.tencentcloudcr.com/ops/jms_all:v4.0.2
          imagePullPolicy: IfNotPresent
          name: jumpserver
          ports:
          - containerPort: 80
            name: http
            protocol: TCP
          - containerPort: 2222
            name: ssh
            protocol: TCP

注意事项：

1.将相应的环境变量的值替换成自己的
2.SECRET_KEY和BOOTSTRAP_TOKEN的值可以通过jumpserver官网给的脚步生成
3.数据库和redis的密码不要使用特殊符号，使用特殊符号在初始化的时候配置文件回不正常，导致初始化失败

2.2、jumpserver-svc.yaml

apiVersion: v1
kind: Service
metadata:
  name: jumpserver
  namespace: ops
  labels:
    app.kubernetes.io/instance: jumpserver
    app.kubernetes.io/name: jumpserver
spec:
  ports:
  - name: http
    port: 80
    targetPort: 80
    protocol: TCP
  - name: ssh
    port: 2222
    targetPort: 2222
    protocol: TCP
  selector:
    app.kubernetes.io/instance: jumpserver
    app.kubernetes.io/name: jumpserver

2.3、jumpserver-higress.yaml

将jumpserver后台通过higress暴露给集群外部用户

#apiVersion: extensions/v1beta1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: jumpserver-ingress
  namespace: ops
spec:
  ingressClassName: higress
  rules:
  - host: esjms.chinamcloud.com
    http:
      paths:
      - backend:
          service:
            name: jumpserver
            port:
              number: 80
        path: /
        pathType: Prefix

以上，可以通过域名访问验证了。