diff --git a/charts/jumpserver/Chart.yaml b/charts/jumpserver/Chart.yaml index 5b0241e..7575ab4 100644 --- a/charts/jumpserver/Chart.yaml +++ b/charts/jumpserver/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: "v3.4.3" +appVersion: "v3.5.0" description: A Helm chart for Deploying Jumpserver on Kubernetes engine: gotpl home: https://jumpserver.org @@ -10,4 +10,4 @@ maintainers: sources: - https://github.com/jumpserver/ name: jumpserver -version: 3.4.3 +version: 3.5.0 diff --git a/charts/jumpserver/README.md b/charts/jumpserver/README.md index c6953f3..6ae1084 100644 --- a/charts/jumpserver/README.md +++ b/charts/jumpserver/README.md @@ -30,7 +30,7 @@ helm repo add jumpserver https://jumpserver.github.io/helm-charts | `nameOveride` | name override | `nil` | | `fullNameOveride` | full name override | `nil` | | `global.imageRegistry` | 仓库地址 | `docker.io` | -| `global.imageTag` | 版本号 | `v3.4.3 ` | +| `global.imageTag` | 版本号 | `v3.5.0 ` | | `global.imagePullSecrets` | 私有仓库认证凭据 | `nil` | | `global.storageClass` | 存储 sc | `nil` | | `ingress.enabled` | 开启 ingress | `true` | @@ -38,6 +38,8 @@ helm repo add jumpserver https://jumpserver.github.io/helm-charts | `koko.enabled` | 开启 koko | `true` | | `lion.enabled` | 开启 lion | `true` | | `magnus.enabled` | 开启 magnus | `true` | +| `chen.enabled` | 开启 chen | `true` | +| `kael.enabled` | 开启 kael | `true` | | `web.enabled` | 开启 web | `true` | | `xpack.enable` | 开启 xpack | `false` | diff --git a/charts/jumpserver/configs/jms-web/default.conf b/charts/jumpserver/configs/jms-web/default.conf index 1228ba3..f206928 100644 --- a/charts/jumpserver/configs/jms-web/default.conf +++ b/charts/jumpserver/configs/jms-web/default.conf @@ -1,7 +1,8 @@ {{ $koko := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-koko" ($.Values.koko.service.web.port | toString) }} {{ $lion := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-lion" ($.Values.lion.service.web.port | toString) }} {{ $core := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-core" ($.Values.core.service.web.port | toString) }} -{{ $omnidb := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-omnidb" ($.Values.omnidb.service.web.port | toString) }} +{{ $chen := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-chen" ($.Values.chen.service.web.port | toString) }} +{{ $kael := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-kael" ($.Values.kael.service.web.port | toString) }} server { listen {{ $.Values.web.service.web.port }}; server_name _; @@ -59,9 +60,8 @@ server { proxy_read_timeout 600; send_timeout 6000; } - {{- if .Values.xpack.enabled }} - location /omnidb/ { - proxy_pass {{ $omnidb }}; + location /chen/ { + proxy_pass {{ $chen }}; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; @@ -69,8 +69,27 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_ignore_client_abort on; + proxy_connect_timeout 600; + proxy_send_timeout 600; + proxy_read_timeout 600; + send_timeout 6000; + } + location /kael/ { + proxy_pass {{ $kael }}; + proxy_buffering off; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_ignore_client_abort on; + proxy_connect_timeout 600; + proxy_send_timeout 600; + proxy_read_timeout 600; + send_timeout 6000; } - {{- end }} location /ws/ { proxy_pass {{ $core }}; proxy_buffering off; diff --git a/charts/jumpserver/templates/_helpers.tpl b/charts/jumpserver/templates/_helpers.tpl index 753eaad..248e0d8 100644 --- a/charts/jumpserver/templates/_helpers.tpl +++ b/charts/jumpserver/templates/_helpers.tpl @@ -145,11 +145,19 @@ Define JumpServer StorageClass. {{- end -}} {{- end -}} -{{- define "jumpserver.omnidb.storageClass" -}} +{{- define "jumpserver.chen.storageClass" -}} {{- if .Values.global.storageClass }} {{- .Values.global.storageClass }} {{- else -}} -{{- .Values.omnidb.persistence.storageClassName -}} +{{- .Values.chen.persistence.storageClassName -}} +{{- end -}} +{{- end -}} + +{{- define "jumpserver.kael.storageClass" -}} +{{- if .Values.global.storageClass }} +{{- .Values.global.storageClass }} +{{- else -}} +{{- .Values.kael.persistence.storageClassName -}} {{- end -}} {{- end -}} @@ -161,6 +169,14 @@ Define JumpServer StorageClass. {{- end -}} {{- end -}} +{{- define "jumpserver.xrdp.storageClass" -}} +{{- if .Values.global.storageClass }} +{{- .Values.global.storageClass }} +{{- else -}} +{{- .Values.xrdp.persistence.storageClassName -}} +{{- end -}} +{{- end -}} + {{- define "jumpserver.video.storageClass" -}} {{- if .Values.global.storageClass }} {{- .Values.global.storageClass }} diff --git a/charts/jumpserver/templates/_images.tpl b/charts/jumpserver/templates/_images.tpl index ff21de5..8194a60 100644 --- a/charts/jumpserver/templates/_images.tpl +++ b/charts/jumpserver/templates/_images.tpl @@ -57,6 +57,20 @@ Return the proper JumpServer magnus image name {{- include "common.images.image" ( dict "imageRoot" .Values.magnus.image "global" .Values.global ) -}} {{- end -}} +{{/* +Return the proper JumpServer chen image name +*/}} +{{- define "jumpserver.chenImage" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.chen.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper JumpServer kael image name +*/}} +{{- define "jumpserver.kaelImage" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.kael.image "global" .Values.global ) -}} +{{- end -}} + {{/* Return the proper JumpServer razor image name */}} @@ -65,10 +79,10 @@ Return the proper JumpServer razor image name {{- end -}} {{/* -Return the proper JumpServer omnidb image name +Return the proper JumpServer xrdp image name */}} -{{- define "jumpserver.omnidbImage" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.omnidb.image "global" .Values.global ) -}} +{{- define "jumpserver.xrdpImage" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.xrdp.image "global" .Values.global ) -}} {{- end -}} {{/* diff --git a/charts/jumpserver/templates/celery/deployment-celery.yaml b/charts/jumpserver/templates/celery/deployment-celery.yaml index 1500038..b29b63e 100644 --- a/charts/jumpserver/templates/celery/deployment-celery.yaml +++ b/charts/jumpserver/templates/celery/deployment-celery.yaml @@ -105,11 +105,6 @@ spec: {{- if .persistence.subPath }} subPath: {{ .persistence.subPath | quote }} {{- end }} - - mountPath: "/opt/jumpserver/logs" - name: "jms-core-logs" - {{- if .persistence.subPath }} - subPath: {{ .persistence.subPath | quote }} - {{- end }} {{- with .volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} @@ -125,9 +120,6 @@ spec: claimName: '{{ include "jumpserver.fullname" $ }}-jms-core-data' {{- end }} name: "jms-core-data" - - persistentVolumeClaim: - claimName: '{{ include "jumpserver.fullname" $ }}-jms-core-logs' - name: "jms-core-logs" {{- with .volumes }} {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} diff --git a/charts/jumpserver/templates/omnidb/deployment-omnidb.yaml b/charts/jumpserver/templates/chen/deployment-chen.yaml similarity index 91% rename from charts/jumpserver/templates/omnidb/deployment-omnidb.yaml rename to charts/jumpserver/templates/chen/deployment-chen.yaml index 9db8c3d..a8cf514 100644 --- a/charts/jumpserver/templates/omnidb/deployment-omnidb.yaml +++ b/charts/jumpserver/templates/chen/deployment-chen.yaml @@ -1,8 +1,8 @@ -{{- if .Values.xpack.enabled }} -{{- with .Values.omnidb }} -{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-omnidb" }} -{{- $containerName := "jms-omnidb" }} -{{- $image := printf "%s" (include "jumpserver.omnidbImage" $) }} +{{- if .Values.chen.enabled }} +{{- with .Values.chen }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-chen" }} +{{- $containerName := "jms-chen" }} +{{- $image := printf "%s" (include "jumpserver.chenImage" $) }} apiVersion: apps/v1 kind: Deployment metadata: @@ -65,8 +65,8 @@ spec: resources: {{- toYaml .resources | nindent 12 }} volumeMounts: - - mountPath: "/opt/omnidb/data" - name: "jms-omnidb-data" + - mountPath: "/opt/chen/data" + name: "jms-chen-data" {{- if .persistence.subPath }} subPath: {{ .persistence.subPath | quote }} {{- end }} @@ -79,9 +79,9 @@ spec: {{- if .persistence.existingClaim }} claimName: {{ .persistence.existingClaim | quote }} {{- else }} - claimName: '{{ include "jumpserver.fullname" $ }}-jms-omnidb-data' + claimName: '{{ include "jumpserver.fullname" $ }}-jms-chen-data' {{- end }} - name: "jms-omnidb-data" + name: "jms-chen-data" {{- with .volumes }} {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} diff --git a/charts/jumpserver/templates/omnidb/pvc-omnidb-data.yaml b/charts/jumpserver/templates/chen/pvc-chen-data.yaml similarity index 75% rename from charts/jumpserver/templates/omnidb/pvc-omnidb-data.yaml rename to charts/jumpserver/templates/chen/pvc-chen-data.yaml index d0221c2..7f3c80d 100644 --- a/charts/jumpserver/templates/omnidb/pvc-omnidb-data.yaml +++ b/charts/jumpserver/templates/chen/pvc-chen-data.yaml @@ -1,6 +1,6 @@ -{{- if and .Values.xpack.enabled (not .Values.omnidb.persistence.existingClaim)}} -{{- with .Values.omnidb }} -{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-omnidb-data" }} +{{- if and .Values.xpack.enabled (not .Values.chen.persistence.existingClaim)}} +{{- with .Values.chen }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-chen-data" }} apiVersion: v1 kind: PersistentVolumeClaim metadata: @@ -25,5 +25,5 @@ spec: requests: storage: {{ .persistence.size | quote }} {{- end }} - storageClassName: {{ include "jumpserver.omnidb.storageClass" . }} + storageClassName: {{ include "jumpserver.chen.storageClass" . }} {{- end }} diff --git a/charts/jumpserver/templates/omnidb/service-omnidb.yaml b/charts/jumpserver/templates/chen/service-chen.yaml similarity index 94% rename from charts/jumpserver/templates/omnidb/service-omnidb.yaml rename to charts/jumpserver/templates/chen/service-chen.yaml index 821927c..fef4276 100644 --- a/charts/jumpserver/templates/omnidb/service-omnidb.yaml +++ b/charts/jumpserver/templates/chen/service-chen.yaml @@ -1,6 +1,6 @@ {{- if .Values.xpack.enabled }} -{{- with .Values.omnidb }} -{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-omnidb" }} +{{- with .Values.chen }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-chen" }} apiVersion: v1 kind: Service metadata: diff --git a/charts/jumpserver/templates/core/deployment-core.yaml b/charts/jumpserver/templates/core/deployment-core.yaml index 6b2a17d..8003bd9 100644 --- a/charts/jumpserver/templates/core/deployment-core.yaml +++ b/charts/jumpserver/templates/core/deployment-core.yaml @@ -109,11 +109,6 @@ spec: {{- if .persistence.subPath }} subPath: {{ .persistence.subPath | quote }} {{- end }} - - mountPath: "/opt/jumpserver/logs" - name: "jms-core-logs" - {{- if .persistence.subPath }} - subPath: {{ .persistence.subPath | quote }} - {{- end }} {{- with .volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} @@ -129,9 +124,6 @@ spec: claimName: '{{ include "jumpserver.fullname" $ }}-jms-core-data' {{- end }} name: "jms-core-data" - - persistentVolumeClaim: - claimName: '{{ include "jumpserver.fullname" $ }}-jms-core-logs' - name: "jms-core-logs" {{- with .volumes }} {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} diff --git a/charts/jumpserver/templates/kael/deployment-kael.yaml b/charts/jumpserver/templates/kael/deployment-kael.yaml new file mode 100644 index 0000000..d45e8bc --- /dev/null +++ b/charts/jumpserver/templates/kael/deployment-kael.yaml @@ -0,0 +1,109 @@ +{{- if .Values.kael.enabled }} +{{- with .Values.kael }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-kael" }} +{{- $containerName := "jms-kael" }} +{{- $image := printf "%s" (include "jumpserver.kaelImage" $) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $fullName }} + labels: + {{- include "jumpserver.labels" $ | nindent 4 }} + {{- toYaml .labels | nindent 4 }} +spec: + replicas: {{ .replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "jumpserver.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + {{- toYaml .labels | nindent 6 }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "jumpserver.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + {{- toYaml .labels | nindent 8 }} + spec: + {{- if $.Values.global.imagePullSecrets }} + imagePullSecrets: + {{ toYaml $.Values.global.imagePullSecrets }} + {{- end }} + serviceAccountName: {{ template "jumpserver.serviceAccountName" $ }} + securityContext: + {{- toYaml .podSecurityContext | nindent 8 }} + containers: + - name: {{ $containerName }} + securityContext: + {{- toYaml .securityContext | nindent 12 }} + image: {{ $image }} + imagePullPolicy: {{ .image.pullPolicy }} + {{- with .command }} + command: + {{- tpl (toYaml .) $ | nindent 12 }} + {{- end }} + ports: + - name: web + containerPort: {{ .service.web.port }} + protocol: TCP + env: + - name: CORE_HOST + value: "http://{{ include "jumpserver.fullname" $ }}-jms-core:{{ $.Values.core.service.web.port }}" + - name: BOOTSTRAP_TOKEN + value: {{ $.Values.core.config.bootstrapToken | quote }} + - name: LOG_LEVEL + value: {{ .config.log.level | quote }} + - name: HTTPD_PORT + value: {{ .service.web.port | quote }} + - name: SHARE_ROOM_TYPE + value: "redis" + - name: REDIS_HOST + value: {{ include "jumpserver.redis.host" $ | quote }} + - name: REDIS_PORT + value: {{ include "jumpserver.redis.port" $ | quote }} + - name: REDIS_PASSWORD + value: {{ include "jumpserver.redis.password" $ | quote }} + {{- range $key, $val := .env }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} + livenessProbe: + {{- toYaml .livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .readinessProbe | nindent 12 }} + resources: + {{- toYaml .resources | nindent 12 }} + volumeMounts: + - mountPath: "/opt/kael/data" + name: "jms-kael-data" + {{- if .persistence.subPath }} + subPath: {{ .persistence.subPath | quote }} + {{- end }} + {{- with .volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + restartPolicy: Always + volumes: + - persistentVolumeClaim: + {{- if .persistence.existingClaim }} + claimName: {{ .persistence.existingClaim | quote }} + {{- else }} + claimName: '{{ include "jumpserver.fullname" $ }}-jms-kael-data' + {{- end }} + name: "jms-kael-data" + {{- with .volumes }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/jumpserver/templates/core/pvc-core-logs.yaml b/charts/jumpserver/templates/kael/pvc-kael-data.yaml similarity index 76% rename from charts/jumpserver/templates/core/pvc-core-logs.yaml rename to charts/jumpserver/templates/kael/pvc-kael-data.yaml index 5741b98..fc5b750 100644 --- a/charts/jumpserver/templates/core/pvc-core-logs.yaml +++ b/charts/jumpserver/templates/kael/pvc-kael-data.yaml @@ -1,6 +1,6 @@ -{{- if .Values.core.enabled }} -{{- with .Values.core }} -{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-core-logs" }} +{{- if and .Values.kael.enabled (not .Values.kael.persistence.existingClaim)}} +{{- with .Values.kael }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-kael-data" }} apiVersion: v1 kind: PersistentVolumeClaim metadata: @@ -25,5 +25,5 @@ spec: requests: storage: {{ .persistence.size | quote }} {{- end }} - storageClassName: {{ include "jumpserver.core.storageClass" . }} + storageClassName: {{ include "jumpserver.kael.storageClass" . }} {{- end }} diff --git a/charts/jumpserver/templates/kael/service-kael.yaml b/charts/jumpserver/templates/kael/service-kael.yaml new file mode 100644 index 0000000..8a13ff6 --- /dev/null +++ b/charts/jumpserver/templates/kael/service-kael.yaml @@ -0,0 +1,29 @@ +{{- if .Values.kael.enabled }} +{{- with .Values.kael }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-kael" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ $fullName }} + labels: + {{- include "jumpserver.labels" $ | nindent 4 }} + {{- toYaml .labels | nindent 4 }} + annotations: + {{- toYaml .service.annotations | nindent 4 }} +spec: + type: {{ .service.type }} + ports: + - port: {{ .service.web.port }} + targetPort: web + protocol: TCP + name: web + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 + selector: + app.kubernetes.io/name: {{ include "jumpserver.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + {{- toYaml .labels | nindent 4 }} +{{- end }} +{{- end }} diff --git a/charts/jumpserver/templates/razor/deployment-xrdp.yaml b/charts/jumpserver/templates/razor/deployment-razor.yaml similarity index 100% rename from charts/jumpserver/templates/razor/deployment-xrdp.yaml rename to charts/jumpserver/templates/razor/deployment-razor.yaml diff --git a/charts/jumpserver/templates/xrdp/deployment-xrdp.yaml b/charts/jumpserver/templates/xrdp/deployment-xrdp.yaml new file mode 100644 index 0000000..0dba2eb --- /dev/null +++ b/charts/jumpserver/templates/xrdp/deployment-xrdp.yaml @@ -0,0 +1,99 @@ +{{- if .Values.xpack.enabled }} +{{- with .Values.xrdp }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-xrdp" }} +{{- $containerName := "jms-xrdp" }} +{{- $image := printf "%s" (include "jumpserver.xrdpImage" $) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $fullName }} + labels: + {{- include "jumpserver.labels" $ | nindent 4 }} + {{- toYaml .labels | nindent 4 }} +spec: + replicas: {{ .replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "jumpserver.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + {{- toYaml .labels | nindent 6 }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "jumpserver.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + {{- toYaml .labels | nindent 8 }} + spec: + {{- if $.Values.global.imagePullSecrets }} + imagePullSecrets: + {{ toYaml $.Values.global.imagePullSecrets }} + {{- end }} + serviceAccountName: {{ template "jumpserver.serviceAccountName" $ }} + securityContext: + {{- toYaml .podSecurityContext | nindent 8 }} + containers: + - name: {{ $containerName }} + securityContext: + {{- toYaml .securityContext | nindent 12 }} + image: {{ $image }} + imagePullPolicy: {{ .image.pullPolicy }} + {{- with .command }} + command: + {{- tpl (toYaml .) $ | nindent 12 }} + {{- end }} + env: + - name: CORE_HOST + value: "http://{{ include "jumpserver.fullname" $ }}-jms-core:{{ $.Values.core.service.web.port }}" + - name: BOOTSTRAP_TOKEN + value: {{ $.Values.core.config.bootstrapToken | quote }} + - name: LOG_LEVEL + value: {{ .config.log.level | quote }} + {{- range $key, $val := .env }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} + ports: + - name: rdp + containerPort: {{ .service.rdp.port }} + protocol: TCP + livenessProbe: + {{- toYaml .livenessProbe | nindent 12}} + readinessProbe: + {{- toYaml .readinessProbe | nindent 12}} + resources: + {{- toYaml .resources | nindent 12 }} + volumeMounts: + - mountPath: "/opt/xrdp/data" + name: "jms-xrdp-data" + {{- if .persistence.subPath }} + subPath: {{ .persistence.subPath | quote }} + {{- end }} + {{- with .volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + restartPolicy: Always + volumes: + - persistentVolumeClaim: + {{- if .persistence.existingClaim }} + claimName: {{ .persistence.existingClaim | quote }} + {{- else }} + claimName: '{{ include "jumpserver.fullname" $ }}-jms-xrdp-data' + {{- end }} + name: "jms-xrdp-data" + {{- with .volumes }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/jumpserver/templates/xrdp/pvc-xrdp-data.yaml b/charts/jumpserver/templates/xrdp/pvc-xrdp-data.yaml new file mode 100644 index 0000000..a30328a --- /dev/null +++ b/charts/jumpserver/templates/xrdp/pvc-xrdp-data.yaml @@ -0,0 +1,29 @@ +{{- if and .Values.xpack.enabled (not .Values.xrdp.persistence.existingClaim)}} +{{- with .Values.xrdp }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-xrdp-data" }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ $fullName }} + labels: + {{- include "jumpserver.labels" $ | nindent 4 }} + {{- toYaml .labels | nindent 4 }} + {{- with .persistence.annotations }} + annotations: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .persistence.finalizers }} + finalizers: +{{ toYaml . | indent 4 }} + {{- end }} +spec: + accessModes: + {{- range .persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .persistence.size | quote }} + {{- end }} + storageClassName: {{ include "jumpserver.xrdp.storageClass" . }} +{{- end }} diff --git a/charts/jumpserver/templates/xrdp/service-xrdp.yaml b/charts/jumpserver/templates/xrdp/service-xrdp.yaml new file mode 100644 index 0000000..de93767 --- /dev/null +++ b/charts/jumpserver/templates/xrdp/service-xrdp.yaml @@ -0,0 +1,32 @@ +{{- if .Values.xpack.enabled }} +{{- with .Values.xrdp }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-xrdp" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ $fullName }} + labels: + {{- include "jumpserver.labels" $ | nindent 4 }} + {{- toYaml .labels | nindent 4 }} + annotations: + {{- toYaml .service.annotations | nindent 4 }} +spec: + type: {{ .service.type }} + ports: + - port: {{ .service.rdp.port }} + targetPort: rdp + {{- if eq .service.type "NodePort" }} + nodePort: {{ .service.rdp.port }} + {{- end }} + protocol: TCP + name: rdp + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 + selector: + app.kubernetes.io/name: {{ include "jumpserver.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + {{- toYaml .labels | nindent 4 }} +{{- end }} +{{- end }} diff --git a/charts/jumpserver/values.yaml b/charts/jumpserver/values.yaml index b358d1a..0cb1fe2 100644 --- a/charts/jumpserver/values.yaml +++ b/charts/jumpserver/values.yaml @@ -12,7 +12,7 @@ fullnameOverride: "" ## global: imageRegistry: "ghcr.io" - imageTag: v3.4.3 + imageTag: v3.5.0 ## E.g. # imagePullSecrets: # - myRegistryKeySecretName @@ -85,7 +85,7 @@ core: image: registry: docker.io repository: jumpserver/core - tag: v3.4.3 + tag: v3.5.0 pullPolicy: IfNotPresent command: [] @@ -173,7 +173,7 @@ koko: image: registry: docker.io repository: jumpserver/koko - tag: v3.4.3 + tag: v3.5.0 pullPolicy: IfNotPresent command: [] @@ -265,7 +265,7 @@ lion: image: registry: docker.io repository: jumpserver/lion - tag: v3.4.3 + tag: v3.5.0 pullPolicy: IfNotPresent command: [] @@ -357,7 +357,7 @@ magnus: image: registry: docker.io repository: jumpserver/magnus - tag: v3.4.3 + tag: v3.5.0 pullPolicy: IfNotPresent command: [] @@ -432,12 +432,11 @@ magnus: affinity: {} -xpack: - enabled: false +chen: + enabled: true -omnidb: labels: - app.jumpserver.org/name: jms-omnidb + app.jumpserver.org/name: jms-chen config: log: @@ -446,9 +445,9 @@ omnidb: replicaCount: 1 image: - registry: registry.fit2cloud.com - repository: jumpserver/omnidb - tag: v3.4.3 + registry: docker.io + repository: jumpserver/chen + tag: v3.5.0 pullPolicy: IfNotPresent command: [] @@ -515,6 +514,171 @@ omnidb: affinity: {} +kael: + enabled: true + + labels: + app.jumpserver.org/name: jms-kael + + config: + log: + level: ERROR + + replicaCount: 1 + + image: + registry: docker.io + repository: jumpserver/kael + tag: v3.5.0 + pullPolicy: IfNotPresent + + command: [] + + env: [] + + livenessProbe: + failureThreshold: 30 + tcpSocket: + port: web + + readinessProbe: + failureThreshold: 30 + tcpSocket: + port: web + + podSecurityContext: {} + # fsGroup: 2000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + service: + type: ClusterIP + web: + port: 8083 + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + persistence: + storageClassName: jumpserver-data + accessModes: + - ReadWriteMany + size: 10Gi + annotations: + "helm.sh/resource-policy": keep + finalizers: + - kubernetes.io/pvc-protection + # subPath: "" + # existingClaim: "" + + volumeMounts: [] + + volumes: [] + + nodeSelector: {} + + tolerations: [] + + affinity: {} + +xpack: + enabled: false + +xrdp: + labels: + app.jumpserver.org/name: jms-xrdp + + config: + log: + level: ERROR + + replicaCount: 1 + + image: + registry: registry.fit2cloud.com + repository: jumpserver/xrdp + tag: v3.5.0 + pullPolicy: IfNotPresent + + command: [] + + env: [] + + livenessProbe: + failureThreshold: 30 + tcpSocket: + port: rdp + + readinessProbe: + failureThreshold: 30 + tcpSocket: + port: rdp + + podSecurityContext: {} + # fsGroup: 2000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + service: + type: ClusterIP + rdp: + port: 3390 + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + persistence: + storageClassName: jumpserver-data + accessModes: + - ReadWriteMany + size: 50Gi + annotations: + "helm.sh/resource-policy": keep + finalizers: + - kubernetes.io/pvc-protection + # subPath: "" + # existingClaim: "" + + volumeMounts: [] + + volumes: [] + + nodeSelector: {} + + tolerations: [] + + affinity: {} + razor: labels: app.jumpserver.org/name: jms-razor @@ -528,7 +692,7 @@ razor: image: registry: registry.fit2cloud.com repository: jumpserver/razor - tag: v3.4.3 + tag: v3.5.0 pullPolicy: IfNotPresent command: [] @@ -608,7 +772,7 @@ video: image: registry: registry.fit2cloud.com repository: jumpserver/video-worker - tag: v3.4.3 + tag: v3.5.0 pullPolicy: IfNotPresent command: [] @@ -689,7 +853,7 @@ web: image: registry: docker.io repository: jumpserver/web - tag: v3.4.3 + tag: v3.5.0 pullPolicy: IfNotPresent command: []