k8s部署jumpserver小记
背景这里使用官方提供的jumpserver/jms_all:v2.7.1镜像进行快速部署创建pv提前准备好文件存储,这里使用腾讯云提供的文件存储apiVersion: v1kind: PersistentVolumemetadata:name: jumpserver-mediaspec:accessModes:- ReadWriteManycapacity:storage: 10GiclaimRe
·
k8s部署jumpserver小记
背景
这里使用官方提供的jumpserver/jms_all:v2.7.1镜像进行快速部署
执行批量命令等待没有日志输出问题
自带的redis版本太低,使用外部redis:6.0.10可以解决
ccr.ccs.tencentyun.com/publib/redis:6.0.10
创建jumpserver数据库
create database jumpserver default charset 'utf8' collate 'utf8_bin';
grant all on jumpserver.* to 'jumpserver'@'%' identified by 'jumpserver';
flush privileges;
创建pv
提前准备好文件存储,这里使用腾讯云提供的文件存储
apiVersion: v1
kind: PersistentVolume
metadata:
name: jumpserver-media
spec:
accessModes:
- ReadWriteMany
capacity:
storage: 10Gi
claimRef:
apiVersion: v1
kind: PersistentVolumeClaim
name: jumpserver-media
namespace: default
csi:
driver: com.tencent.cloud.csi.cfs
volumeAttributes:
host: ip地址
path: /jumpserver-media
volumeHandle: cfs-59uv7xqx
persistentVolumeReclaimPolicy: Retain
volumeMode: Filesystem
创建pvc
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jumpserver-media
namespace: default
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
storageClassName: ""
volumeMode: Filesystem
volumeName: jumpserver-media
创建deployment
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: jumpserver
app.kubernetes.io/name: jumpserver
name: jumpserver
namespace: default
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/instance: jumpserver
app.kubernetes.io/name: jumpserver
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/instance: jumpserver
app.kubernetes.io/name: jumpserver
spec:
containers:
- env:
- name: SECRET_KEY
value: veDMhBkZHdfjlsafdjaslfbfiewfbiabjfdakwiafndiawbfjwZ # 请修改
- name: BOOTSTRAP_TOKEN
value: F9HUa5nfksd532ndsaR
- name: DB_ENGINE
value: mysql
- name: DB_HOST
value: 127.0.0.1 # mysql配置使用rds及相关密码配置
- name: DB_PORT
value: "3306"
- name: DB_USER
value: jumpserver
- name: DB_PASSWORD
value: jumpserver
- name: DB_NAME
value: jumpserver
- name: REDIS_HOST # redis配置使用自建的6.0.10
value: redis
- name: REDIS_PORT
value: "6379"
- name: REDIS_PASSWORD
image: jumpserver/jms_all:v2.7.1
imagePullPolicy: Always
name: jumpserver
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 2222
name: ssh
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /opt/jumpserver/data/media
name: datadir
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: 属于你的imagePullSecrets
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: datadir
persistentVolumeClaim:
claimName: jumpserver-media
创建腾讯云ingress配置外部访问(可在UI上配置)
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
ingress.cloud.tencent.com/direct-access: "false"
kubernetes.io/ingress.class: qcloud
kubernetes.io/ingress.extensiveParameters: '{"AddressIPVersion":"IPV4"}'
kubernetes.io/ingress.http-rules: '[{"path":"/","backend":{"serviceName":"jumpserver","servicePort":"80"}}]'
kubernetes.io/ingress.https-rules: "null"
kubernetes.io/ingress.qcloud-loadbalance-id: lb-a89uzayp
kubernetes.io/ingress.rule-mix: "false"
name: admin-ingress
namespace: default
spec:
rules:
- http:
paths:
- backend:
serviceName: jumpserver
servicePort: 80
path: /
status:
loadBalancer:
ingress:
- ip: 公网ip
管理用户(root权限)
执行sudo su -
切换root
可以额外赋权ALL,这样所有命令都可以使用sudo执行了
普通管理用户根据文档设置即可,默认权限比较少
参考官网开启jumpserver管理之旅
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献14条内容
所有评论(0)