k8s部署jumpserver4.0.2

k8s部署allinone方式部署jumpserver4.0.2

一、准备工作

版本信息介绍：
jumpserver：allinone 4.0.2
postgresql：12.20

1.1、官网文档

https://github.com/jumpserver/Dockerfile/tree/master/allinone

1.2、部署数据库

docker run --name jumpserver_postgresql --restart=always -d -p 5432:5432 -v /data/Postgresql:/var/lib/postgresql/data --shm-size=10g -e POSTGRES_PASSWORD=sdfEdsdf#20x9 postgres:12.20

创建数据库

create database jumpserver with encoding='UTF8';

1.3、部署redis

容器化或者主机部署事先准备好就行

二、准备yaml文件

通过绑定主机的方式做数据持久化

kubectl label node k8s-node-01 jumpserver=jumpserver

2.1、jumpserver.yaml

apiVersion: apps/v1
kind: Deployment
metadata:name: jumpservernamespace: opslabels:app.kubernetes.io/instance: jumpserverapp.kubernetes.io/name: jumpserver
spec:replicas: 1strategy:rollingUpdate:maxSurge: 1maxUnavailable: 0type: RollingUpdateselector:matchLabels:app.kubernetes.io/instance: jumpserverapp.kubernetes.io/name: jumpservertemplate:metadata:labels:app.kubernetes.io/instance: jumpserverapp.kubernetes.io/name: jumpserverspec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:- matchExpressions:- key: jumpserveroperator: Invalues:- jumpserverspec:containers:- env:- name: SECRET_KEYvalue: "veDMhBkZsdHdfjlsafdjaslfbfiewfbiabjfdakwiafndiawbfjwZ"- name: BOOTSTRAP_TOKENvalue: "F9HUa5nfksdsd532ndsaR"- name: DB_ENGINEvalue: "postgresql"- name: DB_HOSTvalue: "100.64.11.39"- name: DB_PORTvalue: "5432"- name: DB_USERvalue: "postgres"- name: "DB_PASSWORD"value: "bWqBGsdfx3#20x9"- name: DB_NAMEvalue: "jumpserver"- name: REDIS_HOSTvalue: "100.64.25.39"- name: REDIS_PORTvalue: "6379"- name: REDIS_PASSWORDvalue: "password"#image: jumpserver/jms_all:v4.0.2image: cmc-tcr.tencentcloudcr.com/abc/jms_all:v4.0.2imagePullPolicy: IfNotPresentname: jumpserverports:- containerPort: 80name: httpprotocol: TCP- containerPort: 2222name: sshprotocol: TCP

注意事项：

1.将相应的环境变量的值替换成自己的
2.SECRET_KEY和BOOTSTRAP_TOKEN的值可以通过jumpserver官网给的脚步生成
3.数据库和redis的密码不要使用特殊符号，使用特殊符号在初始化的时候配置文件回不正常，导致初始化失败

2.2、jumpserver-svc.yaml

apiVersion: v1
kind: Service
metadata:name: jumpservernamespace: opslabels:app.kubernetes.io/instance: jumpserverapp.kubernetes.io/name: jumpserver
spec:ports:- name: httpport: 80targetPort: 80protocol: TCP- name: sshport: 2222targetPort: 2222protocol: TCPselector:app.kubernetes.io/instance: jumpserverapp.kubernetes.io/name: jumpserver

2.3、jumpserver-higress.yaml

将jumpserver后台通过higress暴露给集群外部用户

#apiVersion: extensions/v1beta1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: jumpserver-ingressnamespace: ops
spec:ingressClassName: higressrules:- host: jumpserver.example.comhttp:paths:- backend:service:name: jumpserverport:number: 80path: /pathType: Prefix

以上，可以通过域名访问验证了。