github/jumpserver-charts
1
0
Fork 0
mirror of https://github.com/jumpserver/helm-charts.git synced 2025-08-28 19:43:56 +00:00
Code Issues Projects Releases Wiki Activity

feat: 更新 v2.10.3 版本

Browse Source
This commit is contained in:
吴小白 2021-06-04 16:48:15 +08:00
commit 7db820ba96
31 changed files with 1757 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
**/values-debug.yaml
deploy.sh

22
.helmignore Normal file
View File

@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

5
Chart.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: v1
appVersion: "v2.10.3"
description: A Helm chart for Deploying Jumpserver on Kubernetes
name: jumpserver
version: 0.1.0

120
README.md Normal file
View File

@ -0,0 +1,120 @@
# Jumpserver
[Jumpserver](http://www.jumpserver.org/) 是全球首款完全开源的堡垒机, 使用 GNU GPL v2.0 开源协议, 是符合 4A 的专业运维审计系统。
## 使用方法
```bash
# Testing configuration
$ helm install my-release ./jumpserver
```
## 介绍
当前Chart包含了Jumpserver所需的基本组件
## 依赖
- Kubernetes 1.12+
- Helm 2.11+ 或 Helm 3.0-beta3+
- PV provisioner 支持
- [wojiushixiaobai](https://github.com/wojiushixiaobai/Dockerfile) 的镜像支持
## 安装
发布名为 `my-release` 的release:
```bash
$ helm install my-release ./jumpserver
```
上条命令把默认配置的Jumpserver部署到了kubernetes集群中[参数](#parameters)一节中列出了配置参数
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
删除 `my-release` release:
```bash
$ helm delete my-release
```
上条命令删除了所有包含在release中的组件
## 参数
下面的表格中列出了一些必要的参数,发布前请先阅读并设置
### 总览
| 参数 | 描述 | 默认值 |
| ---------------------- | ------------------ | ------- |
| `nameOveride` | name override | `nil` |
| `fullNameOveride` | full name override | `nil` |
| `ingress.enabled` | 开启 ingress | `true` |
| `core.enabled` | 开启 core | `true` |
| `koko.enabled` | 开启 koko | `true` |
| `lion.enabled` | 开启 lion | `true` |
| `nginx.enabled` | 开启 nginx | `true` |
### core.config
| 参数 | 描述 | 默认值 |
| ---------------- | ----------------------------------------------------------------------- | --------------------- |
| `secretKey` | 加密秘钥 生产环境中请修改为随机字符串,请勿外泄, 可使用命令生成 | `nil` |
| `bootstrapToken` | 预共享Token coco和guacamole用来注册服务账号不在使用原来的注册接受机制 | `nil` |
| `debug` | 开启 debug 模式 | `false` |
| `log.level` | 日志等级 | `ERROR` |
| `db.engine` | 数据库引擎 | `mysql` |
| `db.host` | 数据库IP地址 | `nil` |
| `db.port` | 数据库端口 | `3306` |
| `db.username` | 数据库用户名 | `jumpserver` |
| `db.password` | 数据库密码 | `nil` |
| `db.name` | 数据库名称 | `nil` |
| `redis.host` | redisIP地址 | `nil` |
| `redis.port` | redis端口 | `6379` |
| `redis.password` | redis密码 | `nil` |
### koko.config
| 参数 | 描述 | 默认值 |
| --------------------- | --------------------------------------------------------- | ------- |
| `log.level` | 日志等级 | `INFO` |
| `share_room_type` | 会话共享 | `redis` |
| `redis.host` | redis 地址 | `nil` |
| `redis.port` | redis 端口 | `6379` |
| `redis.password` | redis 密码 | `nil` |
### lion.config
| 参数 | 描述 | 默认值 |
| --------------------- | --------------------------------------------------------- | ------- |
| `log.level` | 日志等级 | `INFO` |
| `share_room_type` | 会话共享 | `redis` |
| `redis.host` | redis 地址 | `nil` |
| `redis.port` | redis 端口 | `6379` |
| `redis.password` | redis 密码 | `nil` |
在`helm install`时通过 `--set key=value[,key=value]` 指定参数. 举例,
```bash
$ helm install my-release \
--set ingress.enabled=true \
./jumpserver
```
上条命令开启了ingress.
也可以通过 `-f file` 的形式指定一个或多个values.yaml文件. 举例,
```bash
$ helm install my-release -f values.yaml ./jumpserver
```
> **注**: 默认使用 [values.yaml](values.yaml)
## 相关项目
- https://github.com/jumpserver/jumpserver
- https://github.com/wojiushixiaobai/Dockerfile

110
configs/jms-core/config.yml Normal file
View File

@ -0,0 +1,110 @@
# SECURITY WARNING: keep the secret key used in production secret!
# 加密秘钥 生产环境中请修改为随机字符串,请勿外泄, 可使用命令生成
# $ cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo
SECRET_KEY: {{ $.Values.core.config.secretKey }}
# SECURITY WARNING: keep the bootstrap token used in production secret!
# 预共享Token coco和guacamole用来注册服务账号不在使用原来的注册接受机制
BOOTSTRAP_TOKEN: {{ $.Values.core.config.bootstrapToken }}
# Development env open this, when error occur display the full process track, Production disable it
# DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
DEBUG: {{ $.Values.core.config.debug }}
# DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
# 日志级别
LOG_LEVEL: {{ $.Values.core.config.log.level }}
# LOG_DIR:
# Session expiration setting, Default 24 hour, Also set expired on on browser close
# 浏览器Session过期时间默认24小时, 也可以设置浏览器关闭则过期
# SESSION_COOKIE_AGE: 86400
# SESSION_EXPIRE_AT_BROWSER_CLOSE: false
# Database setting, Support sqlite3, mysql, postgres ....
# 数据库设置
# See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
# SQLite setting:
# 使用单文件sqlite数据库
# DB_ENGINE: sqlite3
# DB_NAME:
# MySQL or postgres setting like:
# 使用Mysql作为数据库
DB_ENGINE: {{ $.Values.core.config.db.engine }}
DB_HOST: {{ $.Values.core.config.db.host }}
DB_PORT: {{ $.Values.core.config.db.port }}
DB_USER: {{ $.Values.core.config.db.user }}
DB_PASSWORD: {{ $.Values.core.config.db.password }}
DB_NAME: {{ $.Values.core.config.db.name }}
# When Django start it will bind this host and port
# ./manage.py runserver 127.0.0.1:8080
# 运行时绑定端口
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: {{ $.Values.core.service.web.port }}
WS_LISTEN_PORT: {{ $.Values.core.service.ws.port }}
# Use Redis as broker for celery and web socket
# Redis配置
REDIS_HOST: {{ $.Values.core.config.redis.host }}
REDIS_PORT: {{ $.Values.core.config.redis.port }}
REDIS_PASSWORD: {{ $.Values.core.config.redis.password }}
# REDIS_DB_CELERY: 3
# REDIS_DB_CACHE: 4
# Use OpenID authorization
# 使用OpenID 来进行认证设置
# BASE_SITE_URL: http://localhost:8080
# AUTH_OPENID: false # True or False
# AUTH_OPENID_SERVER_URL: https://openid-auth-server.com/
# AUTH_OPENID_REALM_NAME: realm-name
# AUTH_OPENID_CLIENT_ID: client-id
# AUTH_OPENID_CLIENT_SECRET: client-secret
# AUTH_OPENID_IGNORE_SSL_VERIFICATION: True
# AUTH_OPENID_SHARE_SESSION: True
#
# Use Radius authorization
# 使用Radius来认证
# AUTH_RADIUS: false
# RADIUS_SERVER: localhost
# RADIUS_PORT: 1812
# RADIUS_SECRET:
# LDAP/AD settings
# LDAP 搜索分页数量
# AUTH_LDAP_SEARCH_PAGED_SIZE: 1000
#
# 定时同步用户
# 启用 / 禁用
# AUTH_LDAP_SYNC_IS_PERIODIC: True
# 同步间隔 (单位: 时) (优先)
# AUTH_LDAP_SYNC_INTERVAL: 12
# Crontab 表达式
# AUTH_LDAP_SYNC_CRONTAB: * 6 * * *
#
# LDAP 用户登录时仅允许在用户列表中的用户执行 LDAP Server 认证
# AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS: False
#
# LDAP 认证时如果日志中出现以下信息将参数设置为 0 (详情参见https://www.python-ldap.org/en/latest/faq.html)
# In order to perform this operation a successful bind must be completed on the connection
# AUTH_LDAP_OPTIONS_OPT_REFERRALS: -1
# OTP settings
# OTP/MFA 配置
# OTP_VALID_WINDOW: 0
# OTP_ISSUER_NAME: Jumpserver
# Perm show single asset to ungrouped node
# 是否把未授权节点资产放入到 未分组 节点中
# PERM_SINGLE_ASSET_TO_UNGROUP_NODE: false
#
# 启用定时任务
# PERIOD_TASK_ENABLE: True
#
# 启用二次复合认证配置
# LOGIN_CONFIRM_ENABLE: False
#
# Windows 登录跳过手动输入密码
# WINDOWS_SKIP_ALL_MANUAL_PASSWORD: False

68
configs/jms-koko/config.yml Normal file
View File

@ -0,0 +1,68 @@
# 项目名称, 会用来向Jumpserver注册, 识别而已, 不能重复
NAME: {{ printf "%s-%s" "jms-koko" (randAlphaNum 32 | b64enc) | trunc 31 | trimSuffix "-" }}
# Jumpserver项目的url, api请求注册会使用
CORE_HOST: http://{{include "jumpserver.fullname" $}}-jms-core:{{$.Values.core.service.web.port}}
# Bootstrap Token, 预共享秘钥, 用来注册coco使用的service account和terminal
# 请和jumpserver 配置文件中保持一致,注册完成后可以删除
BOOTSTRAP_TOKEN: {{ $.Values.core.config.bootstrapToken }}
# 启动时绑定的ip, 默认 0.0.0.0
BIND_HOST: 0.0.0.0
# 监听的SSH端口号, 默认2222
SSHD_PORT: {{ $.Values.koko.service.ssh.port }}
# 监听的HTTP/WS端口号默认5000
HTTPD_PORT: {{ $.Values.koko.service.web.port }}
# 项目使用的ACCESS KEY, 默认会注册,并保存到 ACCESS_KEY_STORE中,
# 如果有需求, 可以写到配置文件中, 格式 access_key_id:access_key_secret
# ACCESS_KEY: null
# ACCESS KEY 保存的地址, 默认注册后会保存到该文件中
# ACCESS_KEY_FILE: data/keys/.access_key
# 设置日志级别 [DEBUG, INFO, WARN, ERROR, FATAL, CRITICAL]
LOG_LEVEL: {{ $.Values.koko.config.log.level }}
# SSH连接超时时间 (default 15 seconds)
# SSH_TIMEOUT: 15
# 语言 [en,zh]
# LANGUAGE_CODE: zh
# SFTP的根目录, 可选 /tmp, Home其他自定义目录
# SFTP_ROOT: /tmp
# SFTP是否显示隐藏文件
# SFTP_SHOW_HIDDEN_FILE: false
# 是否复用和用户后端资产已建立的连接(用户不会复用其他用户的连接)
# REUSE_CONNECTION: true
# 资产加载策略, 可根据资产规模自行调整. 默认异步加载资产, 异步搜索分页; 如果为all, 则资产全部加载, 本地搜索分页.
# ASSET_LOAD_POLICY:
# zip压缩的最大额度 (单位: M)
# ZIP_MAX_SIZE: 1024M
# zip压缩存放的临时目录 /tmp
# ZIP_TMP_PATH: /tmp
# 向 SSH Client 连接发送心跳的时间间隔 (单位: 秒)默认为30, 0则表示不发送
# CLIENT_ALIVE_INTERVAL: 30
# 向资产发送心跳包的重试次数默认为3
# RETRY_ALIVE_COUNT_MAX: 3
# 会话共享使用的类型 [local, redis], 默认local
SHARE_ROOM_TYPE: {{ $.Values.lion.config.share_room_type }}
# Redis配置
REDIS_HOST: {{ $.Values.core.config.redis.host }}
REDIS_PORT: {{ $.Values.core.config.redis.port }}
REDIS_PASSWORD: {{ $.Values.core.config.redis.password }}
# REDIS_CLUSTERS:
# REDIS_DB_ROOM:

33
configs/jms-lion/config.yml Normal file
View File

@ -0,0 +1,33 @@
# 项目名称, 会用来向Jumpserver注册, 识别而已, 不能重复
NAME: {{ printf "%s-%s" "jms-lion" (randAlphaNum 32 | b64enc) | trunc 31 | trimSuffix "-" }}
# Jumpserver项目的url, api请求注册会使用
CORE_HOST: http://{{include "jumpserver.fullname" $}}-jms-core:{{$.Values.core.service.web.port}}
# Bootstrap Token, 预共享秘钥, 用来注册使用的service account和terminal
# 请和jumpserver 配置文件中保持一致,注册完成后可以删除
BOOTSTRAP_TOKEN: {{ $.Values.core.config.bootstrapToken }}
# 启动时绑定的ip, 默认 0.0.0.0
BIND_HOST: 0.0.0.0
# 监听的HTTP/WS端口号默认8081
HTTPD_PORT: {{ $.Values.lion.service.web.port }}
# 设置日志级别 [DEBUG, INFO, WARN, ERROR, FATAL, CRITICAL]
LOG_LEVEL: {{ $.Values.lion.config.log.level }}
# Guacamole Server ip 默认127.0.0.1
# GUA_HOST: 127.0.0.1
# Guacamole Server 端口号默认4822
# GUA_PORT: 4822
# 会话共享使用的类型 [local, redis], 默认local
SHARE_ROOM_TYPE: {{ $.Values.lion.config.share_room_type }}
# Redis配置
REDIS_HOST: {{ $.Values.core.config.redis.host }}
REDIS_PORT: {{ $.Values.core.config.redis.port }}
REDIS_PASSWORD: {{ $.Values.core.config.redis.password }}
# REDIS_DB_ROOM:

101
configs/jms-nginx/nginx.conf Normal file
View File

@ -0,0 +1,101 @@
{{- $koko := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-koko" ($.Values.koko.service.web.port | toString) }}
{{- $lion := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-lion" ($.Values.lion.service.web.port | toString) }}
{{- $core := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-core" ($.Values.core.service.web.port | toString) }}
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" "$upstream_addr"';
access_log /var/log/nginx/access.log main;
# access_log off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# include /etc/nginx/conf.d/*.conf;
server {
listen {{ $.Values.nginx.service.web.port }};
server_name _;
client_max_body_size 4096m; # 录像及文件上传大小限制
location /ui/ {
try_files $uri / /index.html;
alias /opt/lina/;
}
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/;
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/;
}
location /static/ {
root /opt/jumpserver/data/;
}
location /koko/ {
proxy_pass {{$koko}};
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /lion/ {
proxy_pass {{$lion}};
proxy_buffering off;
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /ws/ {
proxy_pass {{$core}};
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /api/ {
proxy_pass {{$core}};
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /core/ {
proxy_pass {{$core}};
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}
}

11
templates/NOTES.txt Normal file
View File

@ -0,0 +1,11 @@
1. Get the Jumpserver URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}
{{- end }}
{{- end }}
2. Access the Jumpserver SSH server by running these commands:
{{- if eq .Values.koko.service.type "LoadBalancer" }}
ssh -p{{ .Values.koko.service.ssh.port }} admin@{{ .Values.koko.service.loadBalancerIP }}
{{- end }}

56
templates/_helpers.tpl Normal file
View File

@ -0,0 +1,56 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "jumpserver.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "jumpserver.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "jumpserver.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "jumpserver.labels" -}}
app.kubernetes.io/name: {{ include "jumpserver.name" . }}
helm.sh/chart: {{ include "jumpserver.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "jumpserver.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "jumpserver.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}

15
templates/configmap-core.yaml Normal file
View File

@ -0,0 +1,15 @@
{{- if .Values.core.enabled }}
{{- with .Values.core }}
{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-core" }}
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ $fullName }}
labels:
{{- include "jumpserver.labels" $ | nindent 4 }}
{{- toYaml .labels | nindent 4 }}
data:
{{- $path := printf "%s/%s/%s" "configs" "jms-core" "config.yml" -}}
{{- tpl (($.Files.Glob $path ).AsConfig) $ | nindent 2 }}
{{- end }}
{{- end }}

15
templates/configmap-koko.yaml Normal file
View File

@ -0,0 +1,15 @@
{{- if .Values.koko.enabled }}
{{- with .Values.koko }}
{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-koko" }}
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ $fullName }}
labels:
{{- include "jumpserver.labels" $ | nindent 4 }}
{{- toYaml .labels | nindent 4 }}
data:
{{- $path := printf "%s/%s/%s" "configs" "jms-koko" "config.yml" -}}
{{- tpl (($.Files.Glob $path ).AsConfig) $ | nindent 2 }}
{{- end }}
{{- end }}

15
templates/configmap-lion.yaml Normal file
View File

@ -0,0 +1,15 @@
{{- if .Values.lion.enabled }}
{{- with .Values.lion }}
{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-lion" }}
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ $fullName }}
labels:
{{- include "jumpserver.labels" $ | nindent 4 }}
{{- toYaml .labels | nindent 4 }}
data:
{{- $path := printf "%s/%s/%s" "configs" "jms-lion" "config.yml" -}}
{{- tpl (($.Files.Glob $path ).AsConfig) $ | nindent 2 }}
{{- end }}
{{- end }}

15
templates/configmap-nginx.yaml Normal file
View File

@ -0,0 +1,15 @@
{{- if .Values.nginx.enabled }}
{{- with .Values.nginx }}
{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-nginx" }}
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ $fullName }}
labels:
{{- include "jumpserver.labels" $ | nindent 4 }}
{{- toYaml .labels | nindent 4 }}
data:
{{- $path := printf "%s/%s/%s" "configs" "jms-nginx" "nginx.conf" -}}
{{- tpl (($.Files.Glob $path ).AsConfig) $ | nindent 2 }}
{{- end }}
{{- end }}

96
templates/deployment-celery.yaml Normal file
View File

@ -0,0 +1,96 @@
{{- if .Values.core.enabled }}
{{- with .Values.core }}
{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-celery" }}
{{- $containerName := "jms-celery" }}
{{- $image := printf "%s:%s" .image.repository .image.tag }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ $fullName }}
labels:
app.jumpserver.org/name: {{ $containerName }}
spec:
replicas: {{ .replicaCount }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "jumpserver.name" $ }}
app.kubernetes.io/instance: {{ $.Release.Name }}
{{- toYaml .labels | nindent 6 }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "jumpserver.name" $ }}
app.kubernetes.io/instance: {{ $.Release.Name }}
{{- toYaml .labels | nindent 8 }}
spec:
serviceAccountName: {{ template "jumpserver.serviceAccountName" $ }}
securityContext:
{{- toYaml .podSecurityContext | nindent 8 }}
containers:
- name: {{ $containerName }}
securityContext:
{{- toYaml .securityContext | nindent 12 }}
image: "{{$image}}"
imagePullPolicy: {{ .image.pullPolicy }}
{{- with .command }}
command:
{{- tpl (toYaml .) $ | nindent 12 }}
{{- end }}
args: ["start", "task"]
env:
- name: "DB_HOST"
value: "{{.config.db.host}}"
- name: "DB_PORT"
value: "{{.config.db.port}}"
- name: "REDIS_HOST"
value: "{{.config.redis.host}}"
- name: "REDIS_PORT"
value: "{{.config.redis.port}}"
{{- with .env }}
{{- tpl (toYaml .) $ | nindent 12 }}
{{- end }}
livenessProbe:
exec:
command:
- /opt/py3/bin/python /opt/jumpserver/apps/manage.py check_celery
resources:
{{- toYaml .resources | nindent 12 }}
volumeMounts:
- mountPath: "/opt/jumpserver/config.yml"
name: "jms-core-config"
subPath: "config.yml"
- mountPath: "/opt/jumpserver/data"
name: "jms-core-data"
- mountPath: "/opt/jumpserver/logs"
name: "jms-core-logs"
{{- with .volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
restartPolicy: Always
volumes:
- configMap:
name: '{{include "jumpserver.fullname" $}}-jms-core'
name: "jms-core-config"
- persistentVolumeClaim:
claimName: '{{include "jumpserver.fullname" $}}-jms-core-data'
name: "jms-core-data"
- persistentVolumeClaim:
claimName: '{{include "jumpserver.fullname" $}}-jms-core-logs'
name: "jms-core-logs"
{{- with .volumes }}
{{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- with .nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

104
templates/deployment-core.yaml Normal file
View File

@ -0,0 +1,104 @@
{{- if .Values.core.enabled }}
{{- with .Values.core }}
{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-core" }}
{{- $containerName := "jms-core" }}
{{- $image := printf "%s:%s" .image.repository .image.tag }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ $fullName }}
labels:
{{- include "jumpserver.labels" $ | nindent 4 }}
{{- toYaml .labels | nindent 4 }}
spec:
replicas: {{ .replicaCount }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "jumpserver.name" $ }}
app.kubernetes.io/instance: {{ $.Release.Name }}
{{- toYaml .labels | nindent 6 }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "jumpserver.name" $ }}
app.kubernetes.io/instance: {{ $.Release.Name }}
{{- toYaml .labels | nindent 8 }}
spec:
serviceAccountName: {{ template "jumpserver.serviceAccountName" $ }}
securityContext:
{{- toYaml .podSecurityContext | nindent 8 }}
containers:
- name: {{ $containerName }}
securityContext:
{{- toYaml .securityContext | nindent 12 }}
image: "{{$image}}"
imagePullPolicy: {{ .image.pullPolicy }}
{{- with .command }}
command:
{{- tpl (toYaml .) $ | nindent 12 }}
{{- end }}
args: ["start", "web"]
env:
- name: "DB_HOST"
value: "{{.config.db.host}}"
- name: "DB_PORT"
value: "{{.config.db.port}}"
- name: "REDIS_HOST"
value: "{{.config.redis.host}}"
- name: "REDIS_PORT"
value: "{{.config.redis.port}}"
{{- with .env }}
{{- tpl (toYaml .) $ | nindent 12 }}
{{- end }}
ports:
- name: web
containerPort: {{ .service.web.port }}
protocol: TCP
- name: ws
containerPort: {{ .service.ws.port }}
protocol: TCP
livenessProbe:
{{- toYaml .livenessProbe | nindent 12}}
readinessProbe:
{{- toYaml .readinessProbe | nindent 12}}
resources:
{{- toYaml .resources | nindent 12 }}
volumeMounts:
- mountPath: "/opt/jumpserver/config.yml"
name: "jms-core-config"
subPath: "config.yml"
- mountPath: "/opt/jumpserver/data"
name: "jms-core-data"
- mountPath: "/opt/jumpserver/logs"
name: "jms-core-logs"
{{- with .volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
restartPolicy: Always
volumes:
- configMap:
name: '{{include "jumpserver.fullname" $}}-jms-core'
name: "jms-core-config"
- persistentVolumeClaim:
claimName: '{{include "jumpserver.fullname" $}}-jms-core-data'
name: "jms-core-data"
- persistentVolumeClaim:
claimName: '{{include "jumpserver.fullname" $}}-jms-core-logs'
name: "jms-core-logs"
{{- with .volumes }}
{{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- with .nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

96
templates/deployment-koko.yaml Normal file
View File

@ -0,0 +1,96 @@
{{- if .Values.koko.enabled }}
{{- with .Values.koko }}
{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-koko" }}
{{- $containerName := "jms-koko" }}
{{- $image := printf "%s:%s" .image.repository .image.tag }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ $fullName }}
labels:
{{- include "jumpserver.labels" $ | nindent 4 }}
{{- toYaml .labels | nindent 4 }}
spec:
replicas: {{ .replicaCount }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "jumpserver.name" $ }}
app.kubernetes.io/instance: {{ $.Release.Name }}
{{- toYaml .labels | nindent 6 }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "jumpserver.name" $ }}
app.kubernetes.io/instance: {{ $.Release.Name }}
{{- toYaml .labels | nindent 8 }}
spec:
serviceAccountName: {{ template "jumpserver.serviceAccountName" $ }}
securityContext:
{{- toYaml .podSecurityContext | nindent 8 }}
containers:
- name: {{ $containerName }}
securityContext:
{{- toYaml .securityContext | nindent 12 }}
image: "{{$image}}"
imagePullPolicy: {{ .image.pullPolicy }}
{{- with .command }}
command:
{{- tpl (toYaml .) $ | nindent 12 }}
{{- end }}
env:
- name: CORE_HOST
value: http://{{include "jumpserver.fullname" $}}-jms-core:{{$.Values.core.service.web.port}}
- name: "REDIS_HOST"
value: "{{.config.redis.host}}"
- name: "REDIS_PORT"
value: "{{.config.redis.port}}"
{{- with .env }}
{{- tpl (toYaml .) $ | nindent 12 }}
{{- end }}
ports:
- name: web
containerPort: {{ .service.web.port }}
protocol: TCP
- name: ssh
containerPort: {{ .service.ssh.port }}
protocol: TCP
livenessProbe:
{{- toYaml .livenessProbe | nindent 12}}
readinessProbe:
{{- toYaml .readinessProbe | nindent 12}}
resources:
{{- toYaml .resources | nindent 12 }}
volumeMounts:
- mountPath: "/opt/koko/config.yml"
name: "jms-koko-config"
subPath: "config.yml"
- mountPath: "/opt/koko/data"
name: "jms-koko-data"
{{- with .volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
restartPolicy: Always
volumes:
- configMap:
name: '{{include "jumpserver.fullname" $}}-jms-koko'
name: "jms-koko-config"
- persistentVolumeClaim:
claimName: '{{include "jumpserver.fullname" $}}-jms-koko-data'
name: "jms-koko-data"
{{- with .volumes }}
{{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- with .nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

93
templates/deployment-lion.yaml Normal file
View File

@ -0,0 +1,93 @@
{{- if .Values.lion.enabled }}
{{- with .Values.lion }}
{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-lion" }}
{{- $containerName := "jms-lion" }}
{{- $image := printf "%s:%s" .image.repository .image.tag }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ $fullName }}
labels:
{{- include "jumpserver.labels" $ | nindent 4 }}
{{- toYaml .labels | nindent 4 }}
spec:
replicas: {{ .replicaCount }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "jumpserver.name" $ }}
app.kubernetes.io/instance: {{ $.Release.Name }}
{{- toYaml .labels | nindent 6 }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "jumpserver.name" $ }}
app.kubernetes.io/instance: {{ $.Release.Name }}
{{- toYaml .labels | nindent 8 }}
spec:
serviceAccountName: {{ template "jumpserver.serviceAccountName" $ }}
securityContext:
{{- toYaml .podSecurityContext | nindent 8 }}
containers:
- name: {{ $containerName }}
securityContext:
{{- toYaml .securityContext | nindent 12 }}
image: "{{$image}}"
imagePullPolicy: {{ .image.pullPolicy }}
{{- with .command }}
command:
{{- tpl (toYaml .) $ | nindent 12 }}
{{- end }}
env:
- name: CORE_HOST
value: http://{{include "jumpserver.fullname" $}}-jms-core:{{$.Values.core.service.web.port}}
- name: "REDIS_HOST"
value: "{{.config.redis.host}}"
- name: "REDIS_PORT"
value: "{{.config.redis.port}}"
{{- with .env }}
{{- tpl (toYaml .) $ | nindent 12 }}
{{- end }}
ports:
- name: web
containerPort: {{ .service.web.port }}
protocol: TCP
livenessProbe:
{{- toYaml .livenessProbe | nindent 12}}
readinessProbe:
{{- toYaml .readinessProbe | nindent 12}}
resources:
{{- toYaml .resources | nindent 12 }}
volumeMounts:
- mountPath: "/opt/lion/config.yml"
name: "jms-lion-config"
subPath: "config.yml"
- mountPath: "/opt/lion/data"
name: "jms-lion-data"
{{- with .volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
restartPolicy: Always
volumes:
- configMap:
name: '{{include "jumpserver.fullname" $}}-jms-lion'
name: "jms-lion-config"
- persistentVolumeClaim:
claimName: '{{include "jumpserver.fullname" $}}-jms-lion-data'
name: "jms-lion-data"
{{- with .volumes }}
{{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- with .nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

92
templates/deployment-nginx.yaml Normal file
View File

@ -0,0 +1,92 @@
{{- if .Values.nginx.enabled }}
{{- with .Values.nginx }}
{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-nginx" }}
{{- $containerName := "jms-nginx" }}
{{- $image := printf "%s:%s" .image.repository .image.tag }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ $fullName }}
labels:
{{- include "jumpserver.labels" $ | nindent 4 }}
{{- toYaml .labels | nindent 4 }}
spec:
replicas: {{ .replicaCount }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "jumpserver.name" $ }}
app.kubernetes.io/instance: {{ $.Release.Name }}
{{- toYaml .labels | nindent 6 }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "jumpserver.name" $ }}
app.kubernetes.io/instance: {{ $.Release.Name }}
{{- toYaml .labels | nindent 8 }}
spec:
serviceAccountName: {{ template "jumpserver.serviceAccountName" $ }}
securityContext:
{{- toYaml .podSecurityContext | nindent 8 }}
containers:
- name: {{ $containerName }}
securityContext:
{{- toYaml .securityContext | nindent 12 }}
image: "{{$image}}"
imagePullPolicy: {{ .image.pullPolicy }}
{{- with .command }}
command:
{{- tpl (toYaml .) $ | nindent 12 }}
{{- end }}
{{- with .env }}
env:
{{- tpl (toYaml .) $ | nindent 12 }}
{{- end }}
ports:
- name: web
containerPort: {{ .service.web.port }}
protocol: TCP
livenessProbe:
{{- toYaml .livenessProbe | nindent 12}}
readinessProbe:
{{- toYaml .readinessProbe | nindent 12}}
resources:
{{- toYaml .resources | nindent 12 }}
volumeMounts:
- mountPath: "/etc/nginx/nginx.conf"
name: "jms-nginx-config"
subPath: "nginx.conf"
- mountPath: "/opt/jumpserver/data"
name: "jms-core-data"
- mountPath: "/var/log/nginx"
name: "jms-nginx-logs"
{{- with .volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
restartPolicy: Always
volumes:
- configMap:
name: '{{include "jumpserver.fullname" $}}-jms-nginx'
name: "jms-nginx-config"
- persistentVolumeClaim:
claimName: '{{include "jumpserver.fullname" $}}-jms-core-data'
name: "jms-core-data"
- persistentVolumeClaim:
claimName: '{{include "jumpserver.fullname" $}}-jms-nginx-logs'
name: "jms-nginx-logs"
{{- with .volumes }}
{{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- with .nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

37
templates/ingress.yaml Normal file
View File

@ -0,0 +1,37 @@
{{- if .Values.ingress.enabled }}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ include "jumpserver.fullname" . }}
labels:
{{- include "jumpserver.labels" $ | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ . }}
http:
paths:
- path: /
backend:
serviceName: '{{printf "%s-%s" (include "jumpserver.fullname" $) "jms-nginx"}}'
servicePort: web
{{- end }}
{{- end }}

29
templates/pvc-core-data.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- if .Values.core.enabled }}
{{- with .Values.core }}
{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-core-data" }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ $fullName }}
labels:
{{- include "jumpserver.labels" $ | nindent 4 }}
{{- toYaml .labels | nindent 4 }}
{{- with .persistence.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .persistence.finalizers }}
finalizers:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
accessModes:
{{- range .persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .persistence.size | quote }}
storageClassName: {{ .persistence.storageClassName }}
{{- end }}
{{- end }}

29
templates/pvc-core-logs.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- if .Values.core.enabled }}
{{- with .Values.core }}
{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-core-logs" }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ $fullName }}
labels:
{{- include "jumpserver.labels" $ | nindent 4 }}
{{- toYaml .labels | nindent 4 }}
{{- with .persistence.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .persistence.finalizers }}
finalizers:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
accessModes:
{{- range .persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .persistence.size | quote }}
storageClassName: {{ .persistence.storageClassName }}
{{- end }}
{{- end }}

29
templates/pvc-koko-data.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- if .Values.koko.enabled }}
{{- with .Values.koko }}
{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-koko-data" }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ $fullName }}
labels:
{{- include "jumpserver.labels" $ | nindent 4 }}
{{- toYaml .labels | nindent 4 }}
{{- with .persistence.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .persistence.finalizers }}
finalizers:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
accessModes:
{{- range .persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .persistence.size | quote }}
storageClassName: {{ .persistence.storageClassName }}
{{- end }}
{{- end }}

29
templates/pvc-lion-data.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- if .Values.lion.enabled }}
{{- with .Values.lion }}
{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-lion-data" }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ $fullName }}
labels:
{{- include "jumpserver.labels" $ | nindent 4 }}
{{- toYaml .labels | nindent 4 }}
{{- with .persistence.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .persistence.finalizers }}
finalizers:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
accessModes:
{{- range .persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .persistence.size | quote }}
storageClassName: {{ .persistence.storageClassName }}
{{- end }}
{{- end }}

29
templates/pvc-nginx-logs.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- if .Values.nginx.enabled }}
{{- with .Values.nginx }}
{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-nginx-logs" }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ $fullName }}
labels:
{{- include "jumpserver.labels" $ | nindent 4 }}
{{- toYaml .labels | nindent 4 }}
{{- with .persistence.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .persistence.finalizers }}
finalizers:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
accessModes:
{{- range .persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .persistence.size | quote }}
storageClassName: {{ .persistence.storageClassName }}
{{- end }}
{{- end }}

27
templates/service-core.yaml Normal file
View File

@ -0,0 +1,27 @@
{{- if .Values.core.enabled }}
{{- with .Values.core }}
{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-core" }}
apiVersion: v1
kind: Service
metadata:
name: {{ $fullName }}
labels:
{{- include "jumpserver.labels" $ | nindent 4 }}
{{- toYaml .labels | nindent 4 }}
spec:
type: {{ .service.type }}
ports:
- port: {{ .service.web.port }}
targetPort: web
protocol: TCP
name: web
- port: {{ .service.ws.port }}
targetPort: ws
protocol: TCP
name: ws
selector:
app.kubernetes.io/name: {{ include "jumpserver.name" $ }}
app.kubernetes.io/instance: {{ $.Release.Name }}
{{- toYaml .labels | nindent 4 }}
{{- end }}
{{- end }}

29
templates/service-koko.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- if .Values.koko.enabled }}
{{- with .Values.koko }}
{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-koko" }}
apiVersion: v1
kind: Service
metadata:
name: {{ $fullName }}
labels:
{{- include "jumpserver.labels" $ | nindent 4 }}
{{- toYaml .labels | nindent 4 }}
annotations:
{{- toYaml .service.annotations | nindent 4 }}
spec:
type: {{ .service.type }}
ports:
- port: {{ .service.web.port }}
targetPort: web
protocol: TCP
name: web
- port: {{ .service.ssh.port }}
targetPort: ssh
protocol: TCP
name: ssh
selector:
app.kubernetes.io/name: {{ include "jumpserver.name" $ }}
app.kubernetes.io/instance: {{ $.Release.Name }}
{{- toYaml .labels | nindent 4 }}
{{- end }}
{{- end }}

23
templates/service-lion.yaml Normal file
View File

@ -0,0 +1,23 @@
{{- if .Values.lion.enabled }}
{{- with .Values.lion }}
{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-lion" }}
apiVersion: v1
kind: Service
metadata:
name: {{ $fullName }}
labels:
{{- include "jumpserver.labels" $ | nindent 4 }}
{{- toYaml .labels | nindent 4 }}
spec:
type: {{ .service.type }}
ports:
- port: {{ .service.web.port }}
targetPort: web
protocol: TCP
name: web
selector:
app.kubernetes.io/name: {{ include "jumpserver.name" $ }}
app.kubernetes.io/instance: {{ $.Release.Name }}
{{- toYaml .labels | nindent 4 }}
{{- end }}
{{- end }}

23
templates/service-nginx.yaml Normal file
View File

@ -0,0 +1,23 @@
{{- if .Values.nginx.enabled }}
{{- with .Values.nginx }}
{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-nginx" }}
apiVersion: v1
kind: Service
metadata:
name: {{ $fullName }}
labels:
{{- include "jumpserver.labels" $ | nindent 4 }}
{{- toYaml .labels | nindent 4 }}
spec:
type: {{ .service.type }}
ports:
- port: {{ .service.web.port }}
targetPort: web
protocol: TCP
name: web
selector:
app.kubernetes.io/name: {{ include "jumpserver.name" $ }}
app.kubernetes.io/instance: {{ $.Release.Name }}
{{- toYaml .labels | nindent 4 }}
{{- end }}
{{- end }}

10
templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "jumpserver.serviceAccountName" . }}
labels:
{{- include "jumpserver.labels" . | nindent 4 }}
imagePullSecrets:
{{- toYaml .Values.serviceAccount.imagePullSecrets | nindent 2 }}
{{- end -}}

394
values.yaml Normal file
View File

@ -0,0 +1,394 @@
# Default values for jumpserver.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: false
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
imagePullSecrets: []
# - name: yourImagePullSecret
ingress:
enabled: true
annotations:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
compute-full-forwarded-for: "true"
use-forwarded-headers: "true"
hosts:
- "test.jumpserver.org"
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
core:
enabled: true
labels:
app.jumpserver.org/name: jms-core
config:
# Generate a new random secret key by execute `cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
secretKey: ""
# Generate a new random bootstrap token by execute `cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
bootstrapToken: ""
# Enabled it for debug
debug: false
log:
level: ERROR
# Fill it with your mysql config
db:
engine: mysql
host: ""
port: 3306
user: jumpserver
password: ""
name: jumpserver
# Fill it with your redis config
redis:
host: ""
port: 6379
password: ""
replicaCount: 1
image:
repository: docker.io/jumpserver/jms_core
tag: v2.10.3
pullPolicy: IfNotPresent
command: []
env: []
livenessProbe:
failureThreshold: 30
httpGet:
path: /api/health/
port: web
readinessProbe:
failureThreshold: 30
httpGet:
path: /api/health/
port: web
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
web:
port: 8080
ws:
port: 8070
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 1000m
# memory: 2048Mi
# requests:
# cpu: 500m
# memory: 1024Mi
persistence:
type: pvc
storageClass: nfs
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany
size: 10Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
# subPath: ""
# existingClaim:
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
koko:
enabled: true
labels:
app.jumpserver.org/name: jms-koko
config:
log:
level: ERROR
share_room_type: redis
redis:
host: ""
port: 6379
password: ""
replicaCount: 1
image:
repository: docker.io/jumpserver/jms_koko
tag: v2.10.3
pullPolicy: IfNotPresent
command: []
env: []
livenessProbe:
failureThreshold: 30
tcpSocket:
port: web
readinessProbe:
failureThreshold: 30
tcpSocket:
port: web
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
web:
port: 5000
ssh:
port: 2222
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
persistence:
type: pvc
storageClass: nfs
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany
size: 10Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
lion:
enabled: true
labels:
app.jumpserver.org/name: jms-lion
config:
log:
level: ERROR
share_room_type: redis
redis:
host: ""
port: 6379
password: ""
replicaCount: 1
image:
repository: docker.io/jumpserver/jms_lion
tag: v2.10.3
pullPolicy: IfNotPresent
command: []
env: []
livenessProbe:
failureThreshold: 30
httpGet:
path: /lion/health/
port: web
readinessProbe:
failureThreshold: 30
httpGet:
path: /lion/health/
port: web
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
web:
port: 8081
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 512Mi
# requests:
# cpu: 100m
# memory: 512Mi
persistence:
type: pvc
storageClass: nfs
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany
size: 10Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
nginx:
enabled: true
labels:
app.jumpserver.org/name: jms-nginx
replicaCount: 1
image:
repository: docker.io/jumpserver/jms_nginx
tag: v2.10.3
pullPolicy: IfNotPresent
command: []
env: []
livenessProbe:
failureThreshold: 30
httpGet:
path: /api/health/
port: web
readinessProbe:
failureThreshold: 30
httpGet:
path: /api/health/
port: web
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
web:
port: 80
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
persistence:
type: pvc
storageClass: nfs
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany
size: 1Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
## PodSecurityPolicy configuration
## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
##
podSecurityPolicy:
## Specifies whether a PodSecurityPolicy should be created
##
create: false