k8s部署jumpserver跳板机系统
随着公司本地测试环境虚出来的服务器越来越多,所以近日用k8s部署了jumpserver跳板机系统来管理这些虚机,主要涉及到4个文件。1.因为涉及到回放录像需要保存的问题,所以采用nfs来创建pvc声明,挂载到容器中响应的目录中pvc声明配置如下:jumpserver-pvc.yamlapiVersion: v1kind: PersistentVolumeClaimmetadata:name: ju
·
随着公司本地测试环境虚出来的服务器越来越多,所以近日用k8s部署了jumpserver跳板机系统来管理这些虚机,主要涉及到4个文件。
1.因为涉及到回放录像需要保存的问题,所以采用nfs来创建pvc声明,挂载到容器中响应的目录中
pvc声明配置如下:
jumpserver-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jumpserver-datadir
namespace: omc
annotations:
volume.beta.kubernetes.io/storage-class: "nfs-storage"
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 50Gi
2.部署文件
jumpserver.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: jumpserver
namespace: omc
labels:
app.kubernetes.io/instance: jumpserver
app.kubernetes.io/name: jumpserver
spec:
replicas: 1
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/instance: jumpserver
app.kubernetes.io/name: jumpserver
template:
metadata:
labels:
app.kubernetes.io/instance: jumpserver
app.kubernetes.io/name: jumpserver
spec:
containers:
- env:
- name: SECRET_KEY
value: "veDMhBkZHdfjlsafdjaslfbfiewfbiabjfdakwiafndiawbfjwZ"
- name: BOOTSTRAP_TOKEN
value: "F9HUa5nfksd532ndsaR"
- name: DB_ENGINE
value: "mysql"
- name: DB_HOST
value: "172.16.1.54"
- name: DB_PORT
value: "3306"
- name: DB_USER
value: "jumpserver"
- name: "DB_PASSWORD"
value: "fdsajonfwfa"
- name: DB_NAME
value: "jumpserver"
- name: REDIS_HOST
value: "172.16.1.54"
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
value: "fdsa923nkfs32"
image: jumpserver/jms_all:1.5.9
imagePullPolicy: IfNotPresent
name: jumpserver
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 2222
name: ssh
protocol: TCP
volumeMounts:
- mountPath: /opt/jumpserver/data/media
name: datadir
volumes:
- name: datadir
persistentVolumeClaim:
claimName: jumpserver-datadir
这里需要注意
1.将相应的环境变量的值替换成自己的
2.SECRET_KEY和BOOTSTRAP_TOKEN的值可以通过jumpserver官网给的脚步生成
3.数据库和redis的密码不要使用特殊符号,使用特殊符号在初始化的时候配置文件回不正常,导致初始化失败
3 .jumpserver-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: jumpserver
namespace: omc
labels:
app.kubernetes.io/instance: jumpserver
app.kubernetes.io/name: jumpserver
spec:
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
- name: ssh
port: 2222
targetPort: 2222
protocol: TCP
selector:
app.kubernetes.io/instance: jumpserver
app.kubernetes.io/name: jumpserver
4 . 将jumpserver后台通过ingress暴露给集群外部用户
jumpserver-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: jumpserver-ingress
namespace: omc
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
tls:
- hosts:
- jmp-dev.niucache.com
secretName: ingress-niucache
rules:
- host: jmp-dev.niucache.com
http:
paths:
- path: /
backend:
serviceName: jumpserver
servicePort: 80
5 . 完成上述步骤后,要访问跳板机管理的服务器,好像只能通过后台才行,所以还有最后一步,我们得想办法将可以通过终端连接的2222端口暴露出来,可以使用ingress-nginx反向代理tcp的功能来实现这个需求,当然也可以在k8s系统中部署一个nginx,专门用来完成代理k8s系统中需要暴露给集群外部的端口。
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献16条内容
所有评论(0)