堡垒机介绍可以看官方网站:https://kuboard.cn/
此文档只是部署
前提条件:此文档两个部署在192.168.17.80,可以通过查找更改成自己的。
1、mysql 5.7 mariadb 10.2
docker pull jumpserver/core:v3.1.2
docker pull jumpserver/koko:v3.1.2
docker pull jumpserver/lion:v3.1.2
docker pull jumpserver/magnus:v3.1.2
docker pull jumpserver/web:v3.1.2
1、创建Namespace
apiVersion: v1
kind: Namespace
metadata:
labels:
kubernetes.io/metadata.name: jumpserver
name: jumpserver
2、创建ConfigMap
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.jumpserver.org/name: jms-web
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
app.kubernetes.io/version: v3.1.2
name: jms-k8s-jumpserver-jms-web
namespace: jumpserver
data:
default.conf: |
server {
listen 80;
server_name _;
server_tokens off;
client_max_body_size 4096m; # 录像及文件上传大小限制
location /ui/ {
try_files $uri / /index.html;
alias /opt/lina/;
}
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/;
}
location /download/ {
alias /opt/download/;
}
location /media/replay/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/;
}
location /static/ {
root /opt/jumpserver/data/;
}
location /koko/ {
proxy_pass http://jms-k8s-jumpserver-jms-koko:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_ignore_client_abort on;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 6000;
}
location /lion/ {
proxy_pass http://jms-k8s-jumpserver-jms-lion:8081;
proxy_buffering off;
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_ignore_client_abort on;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 6000;
}
location /ws/ {
proxy_pass http://jms-k8s-jumpserver-jms-core:8080;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ ^/(core|api|media)/ {
proxy_pass http://jms-k8s-jumpserver-jms-core:8080;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.jumpserver.org/name: jms-core
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
app.kubernetes.io/version: v3.1.2
name: jms-k8s-jumpserver-jms-core
namespace: jumpserver
data:
config.yml: ''
3、创建PVC
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
k8s.kuboard.cn/pvcType: Dynamic
name: jms-k8s-jumpserver-jms-core-data
namespace: jumpserver
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
storageClassName: ceph
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
k8s.kuboard.cn/pvcType: Dynamic
name: jms-k8s-jumpserver-jms-core-logs
namespace: jumpserver
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
storageClassName: ceph
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
k8s.kuboard.cn/pvcType: Dynamic
name: jms-k8s-jumpserver-jms-koko-data
namespace: jumpserver
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
storageClassName: ceph
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
k8s.kuboard.cn/pvcType: Dynamic
name: jms-k8s-jumpserver-jms-lion-data
namespace: jumpserver
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
storageClassName: ceph
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
k8s.kuboard.cn/pvcType: Dynamic
name: jms-k8s-jumpserver-jms-magnus-data
namespace: jumpserver
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
storageClassName: ceph
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
k8s.kuboard.cn/pvcType: Dynamic
name: jms-k8s-jumpserver-jms-web-logs
namespace: jumpserver
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
storageClassName: ceph
4、创建celery Deployment
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.jumpserver.org/name: jms-celery
name: jms-k8s-jumpserver-jms-celery
namespace: jumpserver
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.jumpserver.org/name: jms-core
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app.jumpserver.org/name: jms-core
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
spec:
containers:
- args:
- start
- task
env:
- name: SECRET_KEY
value: B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy
- name: BOOTSTRAP_TOKEN
value: 7Q11Vz6R2J6BLAdO
- name: DEBUG
value: 'false'
- name: LOG_LEVEL
value: ERROR
- name: HTTP_LISTEN_PORT
value: '8080'
- name: DB_ENGINE
value: mysql
- name: DB_HOST
value: 192.168.17.80
- name: DB_PORT
value: '3306'
- name: DB_USER
value: jumpserver
- name: DB_PASSWORD
value: '123456'
- name: DB_NAME
value: jumpserver
- name: REDIS_HOST
value: 192.168.17.80
- name: REDIS_PORT
value: '6379'
- name: REDIS_PASSWORD
value: '123456'
- name: MAGNUS_MYSQL_PORT
value: '33061'
- name: MAGNUS_MARIADB_PORT
value: '33062'
- name: MAGNUS_REDIS_PORT
value: '63790'
- name: MAGNUS_POSTGRESQL_PORT
value: '54320'
- name: MAGNUS_ORACLE_PORTS
value: 30000-30100
- name: SESSION_EXPIRE_AT_BROWSER_CLOSE
value: 'true'
image: '192.168.17.40/jumpserver/core:v3.1.2'
imagePullPolicy: IfNotPresent
livenessProbe:
exec:
command:
- /bin/bash
- /opt/jumpserver/utils/check_celery.sh
failureThreshold: 3
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: jms-celery
resources: {}
securityContext: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /opt/jumpserver/config.yml
name: jms-core-config
subPath: config.yml
- mountPath: /opt/jumpserver/data
name: jms-core-data
- mountPath: /opt/jumpserver/logs
name: jms-core-logs
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 420
name: jms-k8s-jumpserver-jms-core
name: jms-core-config
- name: jms-core-data
persistentVolumeClaim:
claimName: jms-k8s-jumpserver-jms-core-data
- name: jms-core-logs
persistentVolumeClaim:
claimName: jms-k8s-jumpserver-jms-core-logs
5、创建core
5.1 Deployment
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.jumpserver.org/name: jms-core
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
app.kubernetes.io/version: v3.1.2
k8s.kuboard.cn/name: jms-k8s-jumpserver-jms-core
name: jms-k8s-jumpserver-jms-core
namespace: jumpserver
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.jumpserver.org/name: jms-core
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app.jumpserver.org/name: jms-core
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
spec:
containers:
- args:
- start
- web
env:
- name: SECRET_KEY
value: B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy
- name: BOOTSTRAP_TOKEN
value: 7Q11Vz6R2J6BLAdO
- name: DEBUG
value: 'false'
- name: LOG_LEVEL
value: ERROR
- name: HTTP_LISTEN_PORT
value: '8080'
- name: DB_ENGINE
value: mysql
- name: DB_HOST
value: 192.168.17.80
- name: DB_PORT
value: '3306'
- name: DB_USER
value: jumpserver
- name: DB_PASSWORD
value: '123456'
- name: DB_NAME
value: jumpserver
- name: REDIS_HOST
value: 192.168.17.80
- name: REDIS_PORT
value: '6379'
- name: REDIS_PASSWORD
value: '123456'
- name: MAGNUS_MYSQL_PORT
value: '33061'
- name: MAGNUS_MARIADB_PORT
value: '33062'
- name: MAGNUS_REDIS_PORT
value: '63790'
- name: MAGNUS_POSTGRESQL_PORT
value: '54320'
- name: MAGNUS_ORACLE_PORTS
value: 30000-30100
- name: SESSION_EXPIRE_AT_BROWSER_CLOSE
value: 'true'
image: '192.168.17.40/jumpserver/core:v3.1.2'
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 30
httpGet:
path: /api/health/
port: web
scheme: HTTP
initialDelaySeconds: 20
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: jms-core
ports:
- containerPort: 8080
name: web
protocol: TCP
readinessProbe:
failureThreshold: 30
httpGet:
path: /api/health/
port: web
scheme: HTTP
initialDelaySeconds: 20
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /opt/jumpserver/config.yml
name: jms-core-config
subPath: config.yml
- mountPath: /opt/jumpserver/data
name: jms-core-data
- mountPath: /opt/jumpserver/logs
name: jms-core-logs
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 420
name: jms-k8s-jumpserver-jms-core
name: jms-core-config
- name: jms-core-data
persistentVolumeClaim:
claimName: jms-k8s-jumpserver-jms-core-data
- name: jms-core-logs
persistentVolumeClaim:
claimName: jms-k8s-jumpserver-jms-core-logs
5.2 Service
---
apiVersion: v1
kind: Service
metadata:
labels:
app.jumpserver.org/name: jms-core
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
app.kubernetes.io/version: v3.1.2
name: jms-k8s-jumpserver-jms-core
namespace: jumpserver
spec:
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: web
port: 8080
protocol: TCP
targetPort: web
selector:
app.jumpserver.org/name: jms-core
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
sessionAffinity: ClientIP
sessionAffinityConfig:
clientIP:
timeoutSeconds: 10800
type: ClusterIP
6、创建koko
6.1 Deployment
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.jumpserver.org/name: jms-koko
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
app.kubernetes.io/version: v3.1.2
name: jms-k8s-jumpserver-jms-koko
namespace: jumpserver
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.jumpserver.org/name: jms-koko
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app.jumpserver.org/name: jms-koko
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
spec:
containers:
- env:
- name: CORE_HOST
value: 'http://jms-k8s-jumpserver-jms-core:8080'
- name: BOOTSTRAP_TOKEN
value: 7Q11Vz6R2J6BLAdO
- name: LOG_LEVEL
value: ERROR
- name: SSHD_PORT
value: '2222'
- name: HTTPD_PORT
value: '5000'
- name: REUSE_CONNECTION
value: 'false'
- name: SHARE_ROOM_TYPE
value: redis
- name: REDIS_HOST
value: 192.168.17.80
- name: REDIS_PORT
value: '6379'
- name: REDIS_PASSWORD
value: '123456'
image: '192.168.17.40/jumpserver/koko:v3.1.2'
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 30
httpGet:
path: /koko/health/
port: web
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: jms-koko
ports:
- containerPort: 5000
name: web
protocol: TCP
- containerPort: 2222
name: ssh
protocol: TCP
readinessProbe:
failureThreshold: 30
httpGet:
path: /koko/health/
port: web
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext:
privileged: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /opt/koko/data
name: jms-koko-data
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
volumes:
- name: jms-koko-data
persistentVolumeClaim:
claimName: jms-k8s-jumpserver-jms-koko-data
6.2 Service
---
apiVersion: v1
kind: Service
metadata:
labels:
app.jumpserver.org/name: jms-koko
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
app.kubernetes.io/version: v3.1.2
name: jms-k8s-jumpserver-jms-koko
namespace: jumpserver
spec:
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: web
port: 5000
protocol: TCP
targetPort: web
- name: ssh
port: 2222
protocol: TCP
targetPort: ssh
selector:
app.jumpserver.org/name: jms-koko
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
sessionAffinity: ClientIP
sessionAffinityConfig:
clientIP:
timeoutSeconds: 10800
type: ClusterIP
7、创建lion
7.1 Deployment
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.jumpserver.org/name: jms-lion
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
app.kubernetes.io/version: v3.1.2
name: jms-k8s-jumpserver-jms-lion
namespace: jumpserver
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.jumpserver.org/name: jms-lion
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app.jumpserver.org/name: jms-lion
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
spec:
containers:
- env:
- name: CORE_HOST
value: 'http://jms-k8s-jumpserver-jms-core:8080'
- name: BOOTSTRAP_TOKEN
value: 7Q11Vz6R2J6BLAdO
- name: LOG_LEVEL
value: ERROR
- name: HTTPD_PORT
value: '8081'
- name: SHARE_ROOM_TYPE
value: redis
- name: REDIS_HOST
value: 192.168.17.80
- name: REDIS_PORT
value: '6379'
- name: REDIS_PASSWORD
value: '123456'
- name: JUMPSERVER_ENABLE_FONT_SMOOTHING
value: 'true'
image: '192.168.17.40/jumpserver/lion:v3.1.2'
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 30
httpGet:
path: /lion/health/
port: web
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: jms-lion
ports:
- containerPort: 8081
name: web
protocol: TCP
readinessProbe:
failureThreshold: 30
httpGet:
path: /lion/health/
port: web
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /opt/lion/data
name: jms-lion-data
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
volumes:
- name: jms-lion-data
persistentVolumeClaim:
claimName: jms-k8s-jumpserver-jms-lion-data
7.2 Service
---
apiVersion: v1
kind: Service
metadata:
labels:
app.jumpserver.org/name: jms-lion
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
app.kubernetes.io/version: v3.1.2
name: jms-k8s-jumpserver-jms-lion
namespace: jumpserver
spec:
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: web
port: 8081
protocol: TCP
targetPort: web
selector:
app.jumpserver.org/name: jms-lion
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
sessionAffinity: ClientIP
sessionAffinityConfig:
clientIP:
timeoutSeconds: 10800
type: ClusterIP
8、创建magnus
8.1 Deployment
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.jumpserver.org/name: jms-magnus
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
app.kubernetes.io/version: v3.1.2
name: jms-k8s-jumpserver-jms-magnus
namespace: jumpserver
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.jumpserver.org/name: jms-magnus
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app.jumpserver.org/name: jms-magnus
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
spec:
containers:
- env:
- name: CORE_HOST
value: 'http://jms-k8s-jumpserver-jms-core:8080'
- name: BOOTSTRAP_TOKEN
value: 7Q11Vz6R2J6BLAdO
- name: LOG_LEVEL
value: ERROR
- name: MAGNUS_MYSQL_PORT
value: '33061'
- name: MAGNUS_MARIADB_PORT
value: '33062'
- name: MAGNUS_REDIS_PORT
value: '63790'
- name: MAGNUS_POSTGRESQL_PORT
value: '54320'
- name: MAGNUS_ORACLE_PORTS
value: 30000-30100
image: '192.168.17.40/jumpserver/magnus:v3.1.2'
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 30
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 9090
timeoutSeconds: 1
name: jms-magnus
ports:
- containerPort: 33061
name: mysql
protocol: TCP
- containerPort: 33062
name: mariadb
protocol: TCP
- containerPort: 63790
name: redis
protocol: TCP
- containerPort: 54320
name: postgresql
protocol: TCP
- containerPort: 30000
name: oracle-30000
protocol: TCP
- containerPort: 30001
name: oracle-30001
protocol: TCP
- containerPort: 30002
name: oracle-30002
protocol: TCP
- containerPort: 30003
name: oracle-30003
protocol: TCP
- containerPort: 30004
name: oracle-30004
protocol: TCP
- containerPort: 30005
name: oracle-30005
protocol: TCP
- containerPort: 30006
name: oracle-30006
protocol: TCP
- containerPort: 30007
name: oracle-30007
protocol: TCP
- containerPort: 30008
name: oracle-30008
protocol: TCP
- containerPort: 30009
name: oracle-30009
protocol: TCP
- containerPort: 30010
name: oracle-30010
protocol: TCP
- containerPort: 30011
name: oracle-30011
protocol: TCP
- containerPort: 30012
name: oracle-30012
protocol: TCP
- containerPort: 30013
name: oracle-30013
protocol: TCP
- containerPort: 30014
name: oracle-30014
protocol: TCP
- containerPort: 30015
name: oracle-30015
protocol: TCP
- containerPort: 30016
name: oracle-30016
protocol: TCP
- containerPort: 30017
name: oracle-30017
protocol: TCP
- containerPort: 30018
name: oracle-30018
protocol: TCP
- containerPort: 30019
name: oracle-30019
protocol: TCP
- containerPort: 30020
name: oracle-30020
protocol: TCP
- containerPort: 30021
name: oracle-30021
protocol: TCP
- containerPort: 30022
name: oracle-30022
protocol: TCP
- containerPort: 30023
name: oracle-30023
protocol: TCP
- containerPort: 30024
name: oracle-30024
protocol: TCP
- containerPort: 30025
name: oracle-30025
protocol: TCP
- containerPort: 30026
name: oracle-30026
protocol: TCP
- containerPort: 30027
name: oracle-30027
protocol: TCP
- containerPort: 30028
name: oracle-30028
protocol: TCP
- containerPort: 30029
name: oracle-30029
protocol: TCP
- containerPort: 30030
name: oracle-30030
protocol: TCP
- containerPort: 30031
name: oracle-30031
protocol: TCP
- containerPort: 30032
name: oracle-30032
protocol: TCP
- containerPort: 30033
name: oracle-30033
protocol: TCP
- containerPort: 30034
name: oracle-30034
protocol: TCP
- containerPort: 30035
name: oracle-30035
protocol: TCP
- containerPort: 30036
name: oracle-30036
protocol: TCP
- containerPort: 30037
name: oracle-30037
protocol: TCP
- containerPort: 30038
name: oracle-30038
protocol: TCP
- containerPort: 30039
name: oracle-30039
protocol: TCP
- containerPort: 30040
name: oracle-30040
protocol: TCP
- containerPort: 30041
name: oracle-30041
protocol: TCP
- containerPort: 30042
name: oracle-30042
protocol: TCP
- containerPort: 30043
name: oracle-30043
protocol: TCP
- containerPort: 30044
name: oracle-30044
protocol: TCP
- containerPort: 30045
name: oracle-30045
protocol: TCP
- containerPort: 30046
name: oracle-30046
protocol: TCP
- containerPort: 30047
name: oracle-30047
protocol: TCP
- containerPort: 30048
name: oracle-30048
protocol: TCP
- containerPort: 30049
name: oracle-30049
protocol: TCP
- containerPort: 30050
name: oracle-30050
protocol: TCP
- containerPort: 30051
name: oracle-30051
protocol: TCP
- containerPort: 30052
name: oracle-30052
protocol: TCP
- containerPort: 30053
name: oracle-30053
protocol: TCP
- containerPort: 30054
name: oracle-30054
protocol: TCP
- containerPort: 30055
name: oracle-30055
protocol: TCP
- containerPort: 30056
name: oracle-30056
protocol: TCP
- containerPort: 30057
name: oracle-30057
protocol: TCP
- containerPort: 30058
name: oracle-30058
protocol: TCP
- containerPort: 30059
name: oracle-30059
protocol: TCP
- containerPort: 30060
name: oracle-30060
protocol: TCP
- containerPort: 30061
name: oracle-30061
protocol: TCP
- containerPort: 30062
name: oracle-30062
protocol: TCP
- containerPort: 30063
name: oracle-30063
protocol: TCP
- containerPort: 30064
name: oracle-30064
protocol: TCP
- containerPort: 30065
name: oracle-30065
protocol: TCP
- containerPort: 30066
name: oracle-30066
protocol: TCP
- containerPort: 30067
name: oracle-30067
protocol: TCP
- containerPort: 30068
name: oracle-30068
protocol: TCP
- containerPort: 30069
name: oracle-30069
protocol: TCP
- containerPort: 30070
name: oracle-30070
protocol: TCP
- containerPort: 30071
name: oracle-30071
protocol: TCP
- containerPort: 30072
name: oracle-30072
protocol: TCP
- containerPort: 30073
name: oracle-30073
protocol: TCP
- containerPort: 30074
name: oracle-30074
protocol: TCP
- containerPort: 30075
name: oracle-30075
protocol: TCP
- containerPort: 30076
name: oracle-30076
protocol: TCP
- containerPort: 30077
name: oracle-30077
protocol: TCP
- containerPort: 30078
name: oracle-30078
protocol: TCP
- containerPort: 30079
name: oracle-30079
protocol: TCP
- containerPort: 30080
name: oracle-30080
protocol: TCP
- containerPort: 30081
name: oracle-30081
protocol: TCP
- containerPort: 30082
name: oracle-30082
protocol: TCP
- containerPort: 30083
name: oracle-30083
protocol: TCP
- containerPort: 30084
name: oracle-30084
protocol: TCP
- containerPort: 30085
name: oracle-30085
protocol: TCP
- containerPort: 30086
name: oracle-30086
protocol: TCP
- containerPort: 30087
name: oracle-30087
protocol: TCP
- containerPort: 30088
name: oracle-30088
protocol: TCP
- containerPort: 30089
name: oracle-30089
protocol: TCP
- containerPort: 30090
name: oracle-30090
protocol: TCP
- containerPort: 30091
name: oracle-30091
protocol: TCP
- containerPort: 30092
name: oracle-30092
protocol: TCP
- containerPort: 30093
name: oracle-30093
protocol: TCP
- containerPort: 30094
name: oracle-30094
protocol: TCP
- containerPort: 30095
name: oracle-30095
protocol: TCP
- containerPort: 30096
name: oracle-30096
protocol: TCP
- containerPort: 30097
name: oracle-30097
protocol: TCP
- containerPort: 30098
name: oracle-30098
protocol: TCP
- containerPort: 30099
name: oracle-30099
protocol: TCP
- containerPort: 30100
name: oracle-30100
protocol: TCP
readinessProbe:
failureThreshold: 30
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 9090
timeoutSeconds: 1
resources: {}
securityContext: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /opt/magnus/data
name: jms-magnus-data
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
volumes:
- name: jms-magnus-data
persistentVolumeClaim:
claimName: jms-k8s-jumpserver-jms-magnus-data
8.2 Service
---
apiVersion: v1
kind: Service
metadata:
labels:
app.jumpserver.org/name: jms-magnus
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
app.kubernetes.io/version: v3.1.2
name: jms-k8s-jumpserver-jms-magnus
namespace: jumpserver
spec:
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: mysql
port: 33061
protocol: TCP
targetPort: mysql
- name: mariadb
port: 33062
protocol: TCP
targetPort: mariadb
- name: redis
port: 63790
protocol: TCP
targetPort: redis
selector:
app.jumpserver.org/name: jms-magnus
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
sessionAffinity: ClientIP
sessionAffinityConfig:
clientIP:
timeoutSeconds: 10800
type: ClusterIP
9、创建web
9.1 Deployment
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.jumpserver.org/name: jms-web
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
app.kubernetes.io/version: v3.1.2
name: jms-k8s-jumpserver-jms-web
namespace: jumpserver
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.jumpserver.org/name: jms-web
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app.jumpserver.org/name: jms-web
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
spec:
containers:
- image: '192.168.17.40/jumpserver/web:v3.1.2'
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 30
httpGet:
path: /api/health/
port: web
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: jms-web
ports:
- containerPort: 80
name: web
protocol: TCP
readinessProbe:
failureThreshold: 30
httpGet:
path: /api/health/
port: web
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/nginx/sites-enabled/jms.conf
name: jms-web-config
subPath: default.conf
- mountPath: /opt/jumpserver/data
name: jms-core-data
- mountPath: /var/log/nginx
name: jms-web-logs
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 420
name: jms-k8s-jumpserver-jms-web
name: jms-web-config
- name: jms-core-data
persistentVolumeClaim:
claimName: jms-k8s-jumpserver-jms-core-data
- name: jms-web-logs
persistentVolumeClaim:
claimName: jms-k8s-jumpserver-jms-web-logs
9.2 Service
---
apiVersion: v1
kind: ---
apiVersion: v1
kind: Service
metadata:
labels:
app.jumpserver.org/name: jms-web
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
app.kubernetes.io/version: v3.1.2
name: jms-k8s-jumpserver-jms-web
namespace: jumpserver
spec:
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: web
port: 80
protocol: TCP
targetPort: web
selector:
app.jumpserver.org/name: jms-web
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
sessionAffinity: ClientIP
sessionAffinityConfig:
clientIP:
timeoutSeconds: 10800
type: ClusterIP
metadata:
labels:
app.jumpserver.org/name: jms-web
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
app.kubernetes.io/version: v3.1.2
name: jms-k8s-jumpserver-jms-web
namespace: jumpserver
spec:
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: web
port: 80
protocol: TCP
targetPort: web
selector:
app.jumpserver.org/name: jms-web
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
sessionAffinity: ClientIP
sessionAffinityConfig:
clientIP:
timeoutSeconds: 10800
type: ClusterIP
10、ingress
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Upgrade "websocket";
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
nginx.ingress.kubernetes.io/force-ssl-redirect: 'true'
nginx.ingress.kubernetes.io/proxy-body-size: 4096m
labels:
app.kubernetes.io/instance: jms-k8s
app.kubernetes.io/name: jumpserver
app.kubernetes.io/version: v3.1.2
helm.sh/chart: jumpserver-3.1.2
name: jms-k8s-jumpserver-ingress
namespace: jumpserver
spec:
ingressClassName: nginx
rules:
- host: k8s.jms
http:
paths:
- backend:
service:
name: jms-k8s-jumpserver-jms-web
port:
number: 80
path: /
pathType: Prefix
1559
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
