kubernetes v1.15.0部署jumpserver
创建pv/pvc
这里是通过nfs的StorageClass创建的pvc,它会自动创建pv,考虑到可能需要多个pod进行负载均衡,所以pv/pvc的访问类型是RWX
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jumpserver-media
namespace: jumpserver
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 50Gi
storageClassName: sas-nfs-storage
创建deployment
deployment.yaml配置文件如下
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: jumpserver
name: jumpserver
namespace: jumpserver
spec:
replicas: 1
selector:
matchLabels:
app: jumpserver
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: jumpserver
spec:
containers:
- env:
- name: SECRET_KEY #生成方式: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50
value: xdl5RafDHgc7xxxxxxxxxxxxxxDfBmdWCQhSh8mwKzjkX
- name: BOOTSTRAP_TOKEN #生成方式: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16
value: njNxxxxKxxx
- name: DB_HOST #MySQL地址
value: 192.168.10.20
- name: DB_PORT #mysql端口
value: "3306"
- name: DB_USER #MySQL用户
value: jumpserver
- name: DB_PASSWORD #MySQL密码
value: abc3306
- name: DB_NAME #mysql数据库 数据库编码要求 uft8 创建语句: create database jumpserver default charset 'utf8';
value: jumpserver
- name: REDIS_HOST #redis 地址
value: 192.168.10.20
- name: REDIS_PORT # redis 端口
value: "6379"
- name: REDIS_PASSWORD # redis密码。如果没有,可以不写
value: "abc6379"
image: jumpserver/jms_all:1.4.9 #镜像地址
imagePullPolicy: IfNotPresent
name: jumpserver
ports:
- containerPort: 2222 #用于ssh client端访问
protocol: TCP
- containerPort: 80 #用于web端访问
protocol: TCP
# resources: {}
resources:
requests:
memory: "4096Mi"
cpu: "2000m"
limits:
memory: "4096Mi"
cpu: "2000m"
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts: #保存录像
- mountPath: /opt/jumpserver/data/media
name: jumpserver-media
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
volumes:
- name: jumpserver-media
persistentVolumeClaim:
claimName: jumpserver-media
jumpserver-web-svc.yaml配置文件如下提供web端对外访问服务
apiVersion: v1
kind: Service
metadata:
labels:
app: jumpserver
name: jumpserver
namespace: jumpserver
spec:
ports:
- name: http
nodePort: 30888
port: 80
protocol: TCP
targetPort: 80
selector:
app: jumpserver
sessionAffinity: ClientIP
type: NodePort
jumpserver-ssh-svc.yaml.yaml提供终端ssh对外访问服务
apiVersion: v1
kind: Service
metadata:
labels:
app: jumpserver
name: jumpserver-ssh
namespace: jumpserver
spec:
externalTrafficPolicy: Cluster
ports:
- name: ssh
nodePort: 32000
port: 2222
protocol: TCP
targetPort: 2222
selector:
app: jumpserver
sessionAffinity: None
type: NodePort
创建ingress
为了方便记忆访问端地址,减少主机port的占用,使用ingress的方式访问网页端:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: jumpserver
namespace: jumpserver
spec:
backend:
serviceName: jumpserver
servicePort: 80
rules:
- host: jumpserver.example.com
http:
paths:
- backend:
serviceName: jumpserver
servicePort: 80
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 如何编写易于单元测试的代码
· 10年+ .NET Coder 心语,封装的思维:从隐藏、稳定开始理解其本质意义
· .NET Core 中如何实现缓存的预热?
· 从 HTTP 原因短语缺失研究 HTTP/2 和 HTTP/3 的设计差异
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 地球OL攻略 —— 某应届生求职总结
· 周边上新:园子的第一款马克杯温暖上架
· Open-Sora 2.0 重磅开源!
· 提示词工程——AI应用必不可少的技术
· .NET周刊【3月第1期 2025-03-02】