diff --git a/charts/jumpserver/Chart.yaml b/charts/jumpserver/Chart.yaml index 480f9c8..e5f31a7 100644 --- a/charts/jumpserver/Chart.yaml +++ b/charts/jumpserver/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: "v3.2.2" +appVersion: "v3.3.0" description: A Helm chart for Deploying Jumpserver on Kubernetes engine: gotpl home: https://jumpserver.org @@ -10,4 +10,4 @@ maintainers: sources: - https://github.com/jumpserver/ name: jumpserver -version: 3.2.2 +version: 3.3.0 diff --git a/charts/jumpserver/README.md b/charts/jumpserver/README.md index b5a2475..42b2f20 100644 --- a/charts/jumpserver/README.md +++ b/charts/jumpserver/README.md @@ -30,7 +30,7 @@ helm repo add jumpserver https://jumpserver.github.io/helm-charts | `nameOveride` | name override | `nil` | | `fullNameOveride` | full name override | `nil` | | `global.imageRegistry` | 仓库地址 | `docker.io` | -| `global.imageTag` | 版本号 | `v3.2.2 ` | +| `global.imageTag` | 版本号 | `v3.3.0 ` | | `global.imagePullSecrets` | 私有仓库认证凭据 | `nil` | | `global.storageClass` | 存储 sc | `nil` | | `ingress.enabled` | 开启 ingress | `true` | diff --git a/charts/jumpserver/templates/_helpers.tpl b/charts/jumpserver/templates/_helpers.tpl index 03c8c8f..753eaad 100644 --- a/charts/jumpserver/templates/_helpers.tpl +++ b/charts/jumpserver/templates/_helpers.tpl @@ -161,6 +161,14 @@ Define JumpServer StorageClass. {{- end -}} {{- end -}} +{{- define "jumpserver.video.storageClass" -}} +{{- if .Values.global.storageClass }} +{{- .Values.global.storageClass }} +{{- else -}} +{{- .Values.video.persistence.storageClassName -}} +{{- end -}} +{{- end -}} + {{- define "jumpserver.web.storageClass" -}} {{- if .Values.global.storageClass }} {{- .Values.global.storageClass }} diff --git a/charts/jumpserver/templates/_images.tpl b/charts/jumpserver/templates/_images.tpl index 500e6e6..ff21de5 100644 --- a/charts/jumpserver/templates/_images.tpl +++ b/charts/jumpserver/templates/_images.tpl @@ -71,6 +71,13 @@ Return the proper JumpServer omnidb image name {{- include "common.images.image" ( dict "imageRoot" .Values.omnidb.image "global" .Values.global ) -}} {{- end -}} +{{/* +Return the proper JumpServer video image name +*/}} +{{- define "jumpserver.videoImage" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.video.image "global" .Values.global ) -}} +{{- end -}} + {{/* Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) {{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} diff --git a/charts/jumpserver/templates/omnidb/pvc-omnidb-data.yaml b/charts/jumpserver/templates/omnidb/pvc-omnidb-data.yaml index e305178..d0221c2 100644 --- a/charts/jumpserver/templates/omnidb/pvc-omnidb-data.yaml +++ b/charts/jumpserver/templates/omnidb/pvc-omnidb-data.yaml @@ -25,5 +25,5 @@ spec: requests: storage: {{ .persistence.size | quote }} {{- end }} - storageClassName: {{ include "jumpserver.lion.storageClass" . }} + storageClassName: {{ include "jumpserver.omnidb.storageClass" . }} {{- end }} diff --git a/charts/jumpserver/templates/video/deployment-video.yaml b/charts/jumpserver/templates/video/deployment-video.yaml new file mode 100644 index 0000000..e9b199a --- /dev/null +++ b/charts/jumpserver/templates/video/deployment-video.yaml @@ -0,0 +1,101 @@ +{{- if .Values.xpack.enabled }} +{{- with .Values.video }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-video" }} +{{- $containerName := "jms-video" }} +{{- $image := printf "%s" (include "jumpserver.videoImage" $) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $fullName }} + labels: + {{- include "jumpserver.labels" $ | nindent 4 }} + {{- toYaml .labels | nindent 4 }} +spec: + replicas: {{ .replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "jumpserver.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + {{- toYaml .labels | nindent 6 }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "jumpserver.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + {{- toYaml .labels | nindent 8 }} + spec: + {{- if $.Values.global.imagePullSecrets }} + imagePullSecrets: + {{ toYaml $.Values.global.imagePullSecrets }} + {{- end }} + serviceAccountName: {{ template "jumpserver.serviceAccountName" $ }} + securityContext: + {{- toYaml .podSecurityContext | nindent 8 }} + containers: + - name: {{ $containerName }} + securityContext: + {{- toYaml .securityContext | nindent 12 }} + image: {{ $image }} + imagePullPolicy: {{ .image.pullPolicy }} + {{- with .command }} + command: + {{- tpl (toYaml .) $ | nindent 12 }} + {{- end }} + env: + - name: CORE_HOST + value: "http://{{ include "jumpserver.fullname" $ }}-jms-core:{{ $.Values.core.service.web.port }}" + - name: BOOTSTRAP_TOKEN + value: {{ $.Values.core.config.bootstrapToken | quote }} + - name: LOG_LEVEL + value: {{ .config.log.level | quote }} + - name: HTTPD_PORT + value: {{ .service.web.port | quote }} + {{- range $key, $val := .env }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} + ports: + - name: web + containerPort: {{ .service.web.port }} + protocol: TCP + livenessProbe: + {{- toYaml .livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .readinessProbe | nindent 12 }} + resources: + {{- toYaml .resources | nindent 12 }} + volumeMounts: + - mountPath: "/opt/video-worker/data" + name: "jms-video-data" + {{- if .persistence.subPath }} + subPath: {{ .persistence.subPath | quote }} + {{- end }} + {{- with .volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + restartPolicy: Always + volumes: + - persistentVolumeClaim: + {{- if .persistence.existingClaim }} + claimName: {{ .persistence.existingClaim | quote }} + {{- else }} + claimName: '{{ include "jumpserver.fullname" $ }}-jms-video-data' + {{- end }} + name: "jms-video-data" + {{- with .volumes }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/jumpserver/templates/video/pvc-video-data.yaml b/charts/jumpserver/templates/video/pvc-video-data.yaml new file mode 100644 index 0000000..6aae3fd --- /dev/null +++ b/charts/jumpserver/templates/video/pvc-video-data.yaml @@ -0,0 +1,29 @@ +{{- if and .Values.xpack.enabled (not .Values.video.persistence.existingClaim)}} +{{- with .Values.video }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-video-data" }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ $fullName }} + labels: + {{- include "jumpserver.labels" $ | nindent 4 }} + {{- toYaml .labels | nindent 4 }} + {{- with .persistence.annotations }} + annotations: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .persistence.finalizers }} + finalizers: +{{ toYaml . | indent 4 }} + {{- end }} +spec: + accessModes: + {{- range .persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .persistence.size | quote }} + {{- end }} + storageClassName: {{ include "jumpserver.lion.storageClass" . }} +{{- end }} diff --git a/charts/jumpserver/templates/video/service-video.yaml b/charts/jumpserver/templates/video/service-video.yaml new file mode 100644 index 0000000..b21df5e --- /dev/null +++ b/charts/jumpserver/templates/video/service-video.yaml @@ -0,0 +1,29 @@ +{{- if .Values.xpack.enabled }} +{{- with .Values.video }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-video" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ $fullName }} + labels: + {{- include "jumpserver.labels" $ | nindent 4 }} + {{- toYaml .labels | nindent 4 }} + annotations: + {{- toYaml .service.annotations | nindent 4 }} +spec: + type: {{ .service.type }} + ports: + - port: {{ .service.web.port }} + targetPort: web + protocol: TCP + name: web + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 + selector: + app.kubernetes.io/name: {{ include "jumpserver.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + {{- toYaml .labels | nindent 4 }} +{{- end }} +{{- end }} diff --git a/charts/jumpserver/values.yaml b/charts/jumpserver/values.yaml index fdac5c7..d6a4455 100644 --- a/charts/jumpserver/values.yaml +++ b/charts/jumpserver/values.yaml @@ -12,7 +12,7 @@ fullnameOverride: "" ## global: imageRegistry: "ghcr.io" - imageTag: v3.2.2 + imageTag: v3.3.0 ## E.g. # imagePullSecrets: # - myRegistryKeySecretName @@ -85,7 +85,7 @@ core: image: registry: docker.io repository: jumpserver/core - tag: v3.2.2 + tag: v3.3.0 pullPolicy: IfNotPresent command: [] @@ -173,7 +173,7 @@ koko: image: registry: docker.io repository: jumpserver/koko - tag: v3.2.2 + tag: v3.3.0 pullPolicy: IfNotPresent command: [] @@ -265,7 +265,7 @@ lion: image: registry: docker.io repository: jumpserver/lion - tag: v3.2.2 + tag: v3.3.0 pullPolicy: IfNotPresent command: [] @@ -357,7 +357,7 @@ magnus: image: registry: docker.io repository: jumpserver/magnus - tag: v3.2.2 + tag: v3.3.0 pullPolicy: IfNotPresent command: [] @@ -448,7 +448,7 @@ omnidb: image: registry: registry.fit2cloud.com repository: jumpserver/omnidb - tag: v3.2.2 + tag: v3.3.0 pullPolicy: IfNotPresent command: [] @@ -528,7 +528,7 @@ razor: image: registry: registry.fit2cloud.com repository: jumpserver/razor - tag: v3.2.2 + tag: v3.3.0 pullPolicy: IfNotPresent command: [] @@ -595,6 +595,89 @@ razor: affinity: {} +video: + labels: + app.jumpserver.org/name: jms-video + + config: + log: + level: ERROR + + replicaCount: 1 + + image: + registry: registry.fit2cloud.com + repository: jumpserver/video-worker + tag: v3.3.0 + pullPolicy: IfNotPresent + + command: [] + + env: [] + + livenessProbe: + failureThreshold: 30 + httpGet: + path: /video-worker/health/ + port: web + + readinessProbe: + failureThreshold: 30 + httpGet: + path: /video-worker/health/ + port: web + + podSecurityContext: {} + # fsGroup: 2000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + service: + service: + type: ClusterIP + web: + port: 9000 + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + persistence: + storageClassName: jumpserver-data + accessModes: + - ReadWriteMany + size: 50Gi + annotations: + "helm.sh/resource-policy": keep + finalizers: + - kubernetes.io/pvc-protection + # subPath: "" + # existingClaim: "" + + volumeMounts: [] + + volumes: [] + + nodeSelector: {} + + tolerations: [] + + affinity: {} + web: enabled: true @@ -606,7 +689,7 @@ web: image: registry: docker.io repository: jumpserver/web - tag: v3.2.2 + tag: v3.3.0 pullPolicy: IfNotPresent command: []