From a386b10a390c2721d63bc14f9676d16d7d06aced Mon Sep 17 00:00:00 2001 From: wojiushixiaobai <296015668@qq.com> Date: Sat, 21 Aug 2021 22:51:05 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E6=9B=B4=E6=96=B0=20v2.13.1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 34 +-- configs/jms-core/config.yml | 110 ---------- configs/jms-koko/config.yml | 68 ------ configs/jms-lion/config.yml | 33 --- .../nginx.conf => jms-web/default.conf} | 42 +++- templates/configmap-koko.yaml | 15 -- templates/configmap-lion.yaml | 15 -- ...onfigmap-nginx.yaml => configmap-web.yaml} | 8 +- templates/deployment-celery.yaml | 42 +++- templates/deployment-core.yaml | 40 +++- templates/deployment-koko.yaml | 26 ++- templates/deployment-lion.yaml | 26 ++- templates/deployment-nginx.yaml | 24 +-- templates/deployment-omnidb.yaml | 94 ++++++++ templates/deployment-xrdp.yaml | 87 ++++++++ templates/ingress.yaml | 2 +- templates/pre-install-initdb.yaml | 47 ++-- templates/pvc-nginx-logs.yaml | 6 +- templates/pvc-omnidb-data.yaml | 29 +++ templates/pvc-xrdp-data.yaml | 29 +++ templates/service-core.yaml | 2 + templates/service-lion.yaml | 2 + templates/service-omnidb.yaml | 33 +++ .../{service-nginx.yaml => service-web.yaml} | 8 +- templates/service-xrdp.yaml | 29 +++ templates/serviceaccount.yaml | 2 +- values.yaml | 202 +++++++++++++++--- 27 files changed, 668 insertions(+), 387 deletions(-) delete mode 100644 configs/jms-koko/config.yml delete mode 100644 configs/jms-lion/config.yml rename configs/{jms-nginx/nginx.conf => jms-web/default.conf} (52%) delete mode 100644 templates/configmap-koko.yaml delete mode 100644 templates/configmap-lion.yaml rename templates/{configmap-nginx.yaml => configmap-web.yaml} (69%) create mode 100644 templates/deployment-omnidb.yaml create mode 100644 templates/deployment-xrdp.yaml create mode 100644 templates/pvc-omnidb-data.yaml create mode 100644 templates/pvc-xrdp-data.yaml create mode 100644 templates/service-omnidb.yaml rename templates/{service-nginx.yaml => service-web.yaml} (82%) create mode 100644 templates/service-xrdp.yaml diff --git a/README.md b/README.md index 59beb17..de04bd3 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,7 @@ $ helm delete my-release ### 总览 -| 参数 | 描述 | 默认值 | +| 参数 | 描述 | 默认值 | | ---------------------- | ------------------ | ------- | | `nameOveride` | name override | `nil` | | `fullNameOveride` | full name override | `nil` | @@ -62,13 +62,14 @@ $ helm delete my-release | `core.enabled` | 开启 core | `true` | | `koko.enabled` | 开启 koko | `true` | | `lion.enabled` | 开启 lion | `true` | -| `nginx.enabled` | 开启 nginx | `true` | +| `web.enabled` | 开启 web | `true` | +| `xpack.enable` | 开启 xpack | `false` | -### core.config +### core | 参数 | 描述 | 默认值 | -| ---------------- | ----------------------------------------------------------------------- | --------------------- | -| `secretKey` | 加密秘钥 生产环境中请修改为随机字符串,请勿外泄, 可使用命令生成 | `nil` | +| ---------------- | ---------------------------------------------------------------------- | ---------------------- | +| `secretKey` | 加密秘钥 生产环境中请修改为随机字符串,请勿外泄, 可使用命令生成 | `nil` | | `bootstrapToken` | 预共享Token coco和guacamole用来注册服务账号,不在使用原来的注册接受机制 | `nil` | | `debug` | 开启 debug 模式 | `false` | | `log.level` | 日志等级 | `ERROR` | @@ -81,32 +82,15 @@ $ helm delete my-release | `redis.host` | redisIP地址 | `nil` | | `redis.port` | redis端口 | `6379` | | `redis.password` | redis密码 | `nil` | -| `replicaCount` | 副本数量 | `1` | +| `replicaCount` | 副本数量 | `1` | | `tag` | 版本号 | `nil` | | `persistence` | 持久化存储相关设置 | `nil` | -### koko.config +### 其他组件 | 参数 | 描述 | 默认值 | | --------------------- | --------------------------------------------------------- | ------- | | `log.level` | 日志等级 | `INFO` | -| `share_room_type` | 会话共享 | `redis` | -| `redis.host` | redis 地址 | `nil` | -| `redis.port` | redis 端口 | `6379` | -| `redis.password` | redis 密码 | `nil` | -| `replicaCount` | 副本数量 | `1` | -| `tag` | 版本号 | `nil` | -| `persistence` | 持久化存储相关设置 | `nil` | - -### lion.config - -| 参数 | 描述 | 默认值 | -| --------------------- | --------------------------------------------------------- | ------- | -| `log.level` | 日志等级 | `INFO` | -| `share_room_type` | 会话共享 | `redis` | -| `redis.host` | redis 地址 | `nil` | -| `redis.port` | redis 端口 | `6379` | -| `redis.password` | redis 密码 | `nil` | | `replicaCount` | 副本数量 | `1` | | `tag` | 版本号 | `nil` | | `persistence` | 持久化存储相关设置 | `nil` | @@ -127,7 +111,7 @@ $ helm install my-release \ $ helm install my-release -f values.yaml ./jumpserver ``` -> **注**: 默认使用 [values.yaml](values.yaml) +**注**: 默认使用 [values.yaml](values.yaml) ## 鸣谢说明 diff --git a/configs/jms-core/config.yml b/configs/jms-core/config.yml index f73f532..e69de29 100644 --- a/configs/jms-core/config.yml +++ b/configs/jms-core/config.yml @@ -1,110 +0,0 @@ -# SECURITY WARNING: keep the secret key used in production secret! -# 加密秘钥 生产环境中请修改为随机字符串,请勿外泄, 可使用命令生成 -# $ cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo -SECRET_KEY: {{ $.Values.core.config.secretKey }} - -# SECURITY WARNING: keep the bootstrap token used in production secret! -# 预共享Token coco和guacamole用来注册服务账号,不在使用原来的注册接受机制 -BOOTSTRAP_TOKEN: {{ $.Values.core.config.bootstrapToken }} - -# Development env open this, when error occur display the full process track, Production disable it -# DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志 -DEBUG: {{ $.Values.core.config.debug }} - -# DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/ -# 日志级别 -LOG_LEVEL: {{ $.Values.core.config.log.level }} -# LOG_DIR: - -# Session expiration setting, Default 24 hour, Also set expired on on browser close -# 浏览器Session过期时间,默认24小时, 也可以设置浏览器关闭则过期 -# SESSION_COOKIE_AGE: 86400 -SESSION_EXPIRE_AT_BROWSER_CLOSE: true - -# Database setting, Support sqlite3, mysql, postgres .... -# 数据库设置 -# See https://docs.djangoproject.com/en/1.10/ref/settings/#databases - -# SQLite setting: -# 使用单文件sqlite数据库 -# DB_ENGINE: sqlite3 -# DB_NAME: - -# MySQL or postgres setting like: -# 使用Mysql作为数据库 -DB_ENGINE: {{ $.Values.core.config.db.engine }} -DB_HOST: {{ $.Values.core.config.db.host }} -DB_PORT: {{ $.Values.core.config.db.port }} -DB_USER: {{ $.Values.core.config.db.user }} -DB_PASSWORD: {{ $.Values.core.config.db.password }} -DB_NAME: {{ $.Values.core.config.db.name }} - -# When Django start it will bind this host and port -# ./manage.py runserver 127.0.0.1:8080 -# 运行时绑定端口 -HTTP_BIND_HOST: 0.0.0.0 -HTTP_LISTEN_PORT: {{ $.Values.core.service.web.port }} -WS_LISTEN_PORT: {{ $.Values.core.service.ws.port }} - -# Use Redis as broker for celery and web socket -# Redis配置 -REDIS_HOST: {{ $.Values.core.config.redis.host }} -REDIS_PORT: {{ $.Values.core.config.redis.port }} -REDIS_PASSWORD: {{ $.Values.core.config.redis.password }} -# REDIS_DB_CELERY: 3 -# REDIS_DB_CACHE: 4 - -# Use OpenID authorization -# 使用OpenID 来进行认证设置 -# BASE_SITE_URL: http://localhost:8080 -# AUTH_OPENID: false # True or False -# AUTH_OPENID_SERVER_URL: https://openid-auth-server.com/ -# AUTH_OPENID_REALM_NAME: realm-name -# AUTH_OPENID_CLIENT_ID: client-id -# AUTH_OPENID_CLIENT_SECRET: client-secret -# AUTH_OPENID_IGNORE_SSL_VERIFICATION: True -# AUTH_OPENID_SHARE_SESSION: True -# -# Use Radius authorization -# 使用Radius来认证 -# AUTH_RADIUS: false -# RADIUS_SERVER: localhost -# RADIUS_PORT: 1812 -# RADIUS_SECRET: - -# LDAP/AD settings -# LDAP 搜索分页数量 -# AUTH_LDAP_SEARCH_PAGED_SIZE: 1000 -# -# 定时同步用户 -# 启用 / 禁用 -# AUTH_LDAP_SYNC_IS_PERIODIC: True -# 同步间隔 (单位: 时) (优先) -# AUTH_LDAP_SYNC_INTERVAL: 12 -# Crontab 表达式 -# AUTH_LDAP_SYNC_CRONTAB: * 6 * * * -# -# LDAP 用户登录时仅允许在用户列表中的用户执行 LDAP Server 认证 -# AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS: False -# -# LDAP 认证时如果日志中出现以下信息将参数设置为 0 (详情参见:https://www.python-ldap.org/en/latest/faq.html) -# In order to perform this operation a successful bind must be completed on the connection -# AUTH_LDAP_OPTIONS_OPT_REFERRALS: -1 - -# OTP settings -# OTP/MFA 配置 -# OTP_VALID_WINDOW: 0 -# OTP_ISSUER_NAME: Jumpserver - -# Perm show single asset to ungrouped node -# 是否把未授权节点资产放入到 未分组 节点中 -# PERM_SINGLE_ASSET_TO_UNGROUP_NODE: false -# -# 启用定时任务 -# PERIOD_TASK_ENABLE: True -# -# 启用二次复合认证配置 -# LOGIN_CONFIRM_ENABLE: False -# -# Windows 登录跳过手动输入密码 -# WINDOWS_SKIP_ALL_MANUAL_PASSWORD: False diff --git a/configs/jms-koko/config.yml b/configs/jms-koko/config.yml deleted file mode 100644 index 4e504e7..0000000 --- a/configs/jms-koko/config.yml +++ /dev/null @@ -1,68 +0,0 @@ -# 项目名称, 会用来向Jumpserver注册, 识别而已, 不能重复 -NAME: {{ printf "%s-%s" "jms-koko" (randAlphaNum 32 | b64enc) | trunc 31 | trimSuffix "-" }} - -# Jumpserver项目的url, api请求注册会使用 -CORE_HOST: http://{{include "jumpserver.fullname" $}}-jms-core:{{$.Values.core.service.web.port}} - -# Bootstrap Token, 预共享秘钥, 用来注册coco使用的service account和terminal -# 请和jumpserver 配置文件中保持一致,注册完成后可以删除 -BOOTSTRAP_TOKEN: {{ $.Values.core.config.bootstrapToken }} - -# 启动时绑定的ip, 默认 0.0.0.0 -BIND_HOST: 0.0.0.0 - -# 监听的SSH端口号, 默认2222 -SSHD_PORT: {{ $.Values.koko.service.ssh.port }} - -# 监听的HTTP/WS端口号,默认5000 -HTTPD_PORT: {{ $.Values.koko.service.web.port }} - -# 项目使用的ACCESS KEY, 默认会注册,并保存到 ACCESS_KEY_STORE中, -# 如果有需求, 可以写到配置文件中, 格式 access_key_id:access_key_secret -# ACCESS_KEY: null - -# ACCESS KEY 保存的地址, 默认注册后会保存到该文件中 -# ACCESS_KEY_FILE: data/keys/.access_key - -# 设置日志级别 [DEBUG, INFO, WARN, ERROR, FATAL, CRITICAL] -LOG_LEVEL: {{ $.Values.koko.config.log.level }} - -# SSH连接超时时间 (default 15 seconds) -# SSH_TIMEOUT: 15 - -# 语言 [en,zh] -# LANGUAGE_CODE: zh - -# SFTP的根目录, 可选 /tmp, Home其他自定义目录 -# SFTP_ROOT: /tmp - -# SFTP是否显示隐藏文件 -# SFTP_SHOW_HIDDEN_FILE: false - -# 是否复用和用户后端资产已建立的连接(用户不会复用其他用户的连接) -# REUSE_CONNECTION: true - -# 资产加载策略, 可根据资产规模自行调整. 默认异步加载资产, 异步搜索分页; 如果为all, 则资产全部加载, 本地搜索分页. -# ASSET_LOAD_POLICY: - -# zip压缩的最大额度 (单位: M) -# ZIP_MAX_SIZE: 1024M - -# zip压缩存放的临时目录 /tmp -# ZIP_TMP_PATH: /tmp - -# 向 SSH Client 连接发送心跳的时间间隔 (单位: 秒),默认为30, 0则表示不发送 -# CLIENT_ALIVE_INTERVAL: 30 - -# 向资产发送心跳包的重试次数,默认为3 -# RETRY_ALIVE_COUNT_MAX: 3 - -# 会话共享使用的类型 [local, redis], 默认local -SHARE_ROOM_TYPE: {{ $.Values.lion.config.share_room_type }} - -# Redis配置 -REDIS_HOST: {{ $.Values.core.config.redis.host }} -REDIS_PORT: {{ $.Values.core.config.redis.port }} -REDIS_PASSWORD: {{ $.Values.core.config.redis.password }} -# REDIS_CLUSTERS: -# REDIS_DB_ROOM: diff --git a/configs/jms-lion/config.yml b/configs/jms-lion/config.yml deleted file mode 100644 index 02f2038..0000000 --- a/configs/jms-lion/config.yml +++ /dev/null @@ -1,33 +0,0 @@ -# 项目名称, 会用来向Jumpserver注册, 识别而已, 不能重复 -NAME: {{ printf "%s-%s" "jms-lion" (randAlphaNum 32 | b64enc) | trunc 31 | trimSuffix "-" }} - -# Jumpserver项目的url, api请求注册会使用 -CORE_HOST: http://{{include "jumpserver.fullname" $}}-jms-core:{{$.Values.core.service.web.port}} - -# Bootstrap Token, 预共享秘钥, 用来注册使用的service account和terminal -# 请和jumpserver 配置文件中保持一致,注册完成后可以删除 -BOOTSTRAP_TOKEN: {{ $.Values.core.config.bootstrapToken }} - -# 启动时绑定的ip, 默认 0.0.0.0 -BIND_HOST: 0.0.0.0 - -# 监听的HTTP/WS端口号,默认8081 -HTTPD_PORT: {{ $.Values.lion.service.web.port }} - -# 设置日志级别 [DEBUG, INFO, WARN, ERROR, FATAL, CRITICAL] -LOG_LEVEL: {{ $.Values.lion.config.log.level }} - -# Guacamole Server ip, 默认127.0.0.1 -# GUA_HOST: 127.0.0.1 - -# Guacamole Server 端口号,默认4822 -# GUA_PORT: 4822 - -# 会话共享使用的类型 [local, redis], 默认local -SHARE_ROOM_TYPE: {{ $.Values.lion.config.share_room_type }} - -# Redis配置 -REDIS_HOST: {{ $.Values.core.config.redis.host }} -REDIS_PORT: {{ $.Values.core.config.redis.port }} -REDIS_PASSWORD: {{ $.Values.core.config.redis.password }} -# REDIS_DB_ROOM: diff --git a/configs/jms-nginx/nginx.conf b/configs/jms-web/default.conf similarity index 52% rename from configs/jms-nginx/nginx.conf rename to configs/jms-web/default.conf index 2eb9528..56f2f58 100644 --- a/configs/jms-nginx/nginx.conf +++ b/configs/jms-web/default.conf @@ -1,9 +1,11 @@ -{{- $koko := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-koko" ($.Values.koko.service.web.port | toString) }} -{{- $lion := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-lion" ($.Values.lion.service.web.port | toString) }} -{{- $web := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-core" ($.Values.core.service.web.port | toString) }} -{{- $ws := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-core" ($.Values.core.service.ws.port | toString) }} +{{ $koko := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-koko" ($.Values.koko.service.web.port | toString) }} +{{ $lion := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-lion" ($.Values.lion.service.web.port | toString) }} +{{ $coreweb := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-core" ($.Values.core.service.web.port | toString) }} +{{ $corews := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-core" ($.Values.core.service.ws.port | toString) }} +{{ $omnidbweb := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-omnidb" ($.Values.omnidb.service.web.port | toString) }} +{{ $omnidbws := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-omnidb" ($.Values.omnidb.service.ws.port | toString) }} server { - listen {{ $.Values.nginx.service.web.port }}; + listen {{ $.Values.web.service.web.port }}; server_name _; server_tokens off; @@ -45,8 +47,32 @@ server { proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } + location /omnidb/ws { + resolver 127.0.0.11 valid=30s; + set $upstream {{$omnidbws}}; + proxy_pass $upstream$request_uri; + proxy_http_version 1.1; + proxy_buffering off; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location /omnidb/ { + resolver 127.0.0.11 valid=30s; + set $upstream {{$omnidbweb}}; + proxy_pass $upstream$request_uri; + proxy_buffering off; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } location /ws/ { - proxy_pass {{$ws}}; + proxy_pass {{$corews}}; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; @@ -56,14 +82,14 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /api/ { - proxy_pass {{$web}}; + proxy_pass {{$coreweb}}; proxy_buffering off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /core/ { - proxy_pass {{$web}}; + proxy_pass {{$coreweb}}; proxy_buffering off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; diff --git a/templates/configmap-koko.yaml b/templates/configmap-koko.yaml deleted file mode 100644 index d14d248..0000000 --- a/templates/configmap-koko.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.koko.enabled }} -{{- with .Values.koko }} -{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-koko" }} -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ $fullName }} - labels: - {{- include "jumpserver.labels" $ | nindent 4 }} - {{- toYaml .labels | nindent 4 }} -data: -{{- $path := printf "%s/%s/%s" "configs" "jms-koko" "config.yml" -}} -{{- tpl (($.Files.Glob $path ).AsConfig) $ | nindent 2 }} -{{- end }} -{{- end }} diff --git a/templates/configmap-lion.yaml b/templates/configmap-lion.yaml deleted file mode 100644 index 2f71a3d..0000000 --- a/templates/configmap-lion.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.lion.enabled }} -{{- with .Values.lion }} -{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-lion" }} -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ $fullName }} - labels: - {{- include "jumpserver.labels" $ | nindent 4 }} - {{- toYaml .labels | nindent 4 }} -data: -{{- $path := printf "%s/%s/%s" "configs" "jms-lion" "config.yml" -}} -{{- tpl (($.Files.Glob $path ).AsConfig) $ | nindent 2 }} -{{- end }} -{{- end }} diff --git a/templates/configmap-nginx.yaml b/templates/configmap-web.yaml similarity index 69% rename from templates/configmap-nginx.yaml rename to templates/configmap-web.yaml index 06ba8e9..495ceb8 100644 --- a/templates/configmap-nginx.yaml +++ b/templates/configmap-web.yaml @@ -1,6 +1,6 @@ -{{- if .Values.nginx.enabled }} -{{- with .Values.nginx }} -{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-nginx" }} +{{- if .Values.web.enabled }} +{{- with .Values.web }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-web" }} kind: ConfigMap apiVersion: v1 metadata: @@ -9,7 +9,7 @@ metadata: {{- include "jumpserver.labels" $ | nindent 4 }} {{- toYaml .labels | nindent 4 }} data: -{{- $path := printf "%s/%s/%s" "configs" "jms-nginx" "nginx.conf" -}} +{{- $path := printf "%s/%s/%s" "configs" "jms-web" "default.conf" -}} {{- tpl (($.Files.Glob $path ).AsConfig) $ | nindent 2 }} {{- end }} {{- end }} diff --git a/templates/deployment-celery.yaml b/templates/deployment-celery.yaml index 939aded..7f8a0cd 100644 --- a/templates/deployment-celery.yaml +++ b/templates/deployment-celery.yaml @@ -38,21 +38,45 @@ spec: {{- end }} args: ["start", "task"] env: - - name: "DB_HOST" - value: "{{.config.db.host}}" - - name: "DB_PORT" - value: "{{.config.db.port}}" - - name: "REDIS_HOST" - value: "{{.config.redis.host}}" - - name: "REDIS_PORT" - value: "{{.config.redis.port}}" + - name: SECRET_KEY + value: "{{ .config.secretKey }}" + - name: BOOTSTRAP_TOKEN + value: "{{ .config.bootstrapToken }}" + - name: DEBUG + value: "{{ .config.debug }}" + - name: LOG_LEVEL + value: "{{ .config.log.level }}" + - name: SESSION_EXPIRE_AT_BROWSER_CLOSE + value: "true" + - name: HTTP_LISTEN_PORT + value: "{{ .service.web.port }}" + - name: WS_LISTEN_PORT + value: "{{ .service.ws.port }}" + - name: DB_ENGINE + value: "{{ .config.db.engine }}" + - name: DB_HOST + value: "{{ .config.db.host }}" + - name: DB_PORT + value: "{{ .config.db.port }}" + - name: DB_USER + value: "{{ .config.db.user }}" + - name: DB_PASSWORD + value: "{{ .config.db.password }}" + - name: DB_NAME + value: "{{ .config.db.name }}" + - name: REDIS_HOST + value: "{{ .config.redis.host }}" + - name: REDIS_PORT + value: "{{ .config.redis.port }}" + - name: REDIS_PASSWORD + value: "{{ .config.redis.password }}" {{- with .env }} {{- tpl (toYaml .) $ | nindent 12 }} {{- end }} livenessProbe: exec: command: - - ./jms status task | grep stopped && exit 1 || exit 0 + - bash /opt/jumpserver/utils/check_celery.sh resources: {{- toYaml .resources | nindent 12 }} volumeMounts: diff --git a/templates/deployment-core.yaml b/templates/deployment-core.yaml index 0c8980f..575e22a 100644 --- a/templates/deployment-core.yaml +++ b/templates/deployment-core.yaml @@ -39,14 +39,38 @@ spec: {{- end }} args: ["start", "web"] env: - - name: "DB_HOST" - value: "{{.config.db.host}}" - - name: "DB_PORT" - value: "{{.config.db.port}}" - - name: "REDIS_HOST" - value: "{{.config.redis.host}}" - - name: "REDIS_PORT" - value: "{{.config.redis.port}}" + - name: SECRET_KEY + value: "{{ .config.secretKey }}" + - name: BOOTSTRAP_TOKEN + value: "{{ .config.bootstrapToken }}" + - name: DEBUG + value: "{{ .config.debug }}" + - name: LOG_LEVEL + value: "{{ .config.log.level }}" + - name: SESSION_EXPIRE_AT_BROWSER_CLOSE + value: "true" + - name: HTTP_LISTEN_PORT + value: "{{ .service.web.port }}" + - name: WS_LISTEN_PORT + value: "{{ .service.ws.port }}" + - name: DB_ENGINE + value: "{{ .config.db.engine }}" + - name: DB_HOST + value: "{{ .config.db.host }}" + - name: DB_PORT + value: "{{ .config.db.port }}" + - name: DB_USER + value: "{{ .config.db.user }}" + - name: DB_PASSWORD + value: "{{ .config.db.password }}" + - name: DB_NAME + value: "{{ .config.db.name }}" + - name: REDIS_HOST + value: "{{ .config.redis.host }}" + - name: REDIS_PORT + value: "{{ .config.redis.port }}" + - name: REDIS_PASSWORD + value: "{{ .config.redis.password }}" {{- with .env }} {{- tpl (toYaml .) $ | nindent 12 }} {{- end }} diff --git a/templates/deployment-koko.yaml b/templates/deployment-koko.yaml index be27326..aac2e51 100644 --- a/templates/deployment-koko.yaml +++ b/templates/deployment-koko.yaml @@ -40,10 +40,22 @@ spec: env: - name: CORE_HOST value: http://{{include "jumpserver.fullname" $}}-jms-core:{{$.Values.core.service.web.port}} - - name: "REDIS_HOST" - value: "{{.config.redis.host}}" - - name: "REDIS_PORT" - value: "{{.config.redis.port}}" + - name: BOOTSTRAP_TOKEN + value: "{{ $.Values.core.config.bootstrapToken }}" + - name: LOG_LEVEL + value: "{{ .config.log.level }}" + - name: SSHD_PORT + value: "{{ .service.ssh.port }}" + - name: HTTPD_PORT + value: "{{ .service.web.port }}" + - name: SHARE_ROOM_TYPE + value: redis + - name: REDIS_HOST + value: "{{ $.Values.core.config.redis.host }}" + - name: REDIS_PORT + value: "{{ $.Values.core.config.redis.port }}" + - name: REDIS_PASSWORD + value: "{{ $.Values.core.config.redis.password }}" {{- with .env }} {{- tpl (toYaml .) $ | nindent 12 }} {{- end }} @@ -61,9 +73,6 @@ spec: resources: {{- toYaml .resources | nindent 12 }} volumeMounts: - - mountPath: "/opt/koko/config.yml" - name: "jms-koko-config" - subPath: "config.yml" - mountPath: "/opt/koko/data" name: "jms-koko-data" {{- with .volumeMounts }} @@ -71,9 +80,6 @@ spec: {{- end }} restartPolicy: Always volumes: - - configMap: - name: '{{include "jumpserver.fullname" $}}-jms-koko' - name: "jms-koko-config" - persistentVolumeClaim: claimName: '{{include "jumpserver.fullname" $}}-jms-koko-data' name: "jms-koko-data" diff --git a/templates/deployment-lion.yaml b/templates/deployment-lion.yaml index 759ae6c..663bc85 100644 --- a/templates/deployment-lion.yaml +++ b/templates/deployment-lion.yaml @@ -39,11 +39,21 @@ spec: {{- end }} env: - name: CORE_HOST - value: http://{{include "jumpserver.fullname" $}}-jms-core:{{$.Values.core.service.web.port}} - - name: "REDIS_HOST" - value: "{{.config.redis.host}}" - - name: "REDIS_PORT" - value: "{{.config.redis.port}}" + value: http://{{ include "jumpserver.fullname" $}}-jms-core:{{$.Values.core.service.web.port}} + - name: BOOTSTRAP_TOKEN + value: "{{ $.Values.core.config.bootstrapToken }}" + - name: LOG_LEVEL + value: "{{ .config.log.level }}" + - name: HTTPD_PORT + value: "{{ .service.web.port }}" + - name: SHARE_ROOM_TYPE + value: redis + - name: REDIS_HOST + value: "{{ $.Values.core.config.redis.host }}" + - name: REDIS_PORT + value: "{{ $.Values.core.config.redis.port }}" + - name: REDIS_PASSWORD + value: "{{ $.Values.core.config.redis.password }}" {{- with .env }} {{- tpl (toYaml .) $ | nindent 12 }} {{- end }} @@ -58,9 +68,6 @@ spec: resources: {{- toYaml .resources | nindent 12 }} volumeMounts: - - mountPath: "/opt/lion/config.yml" - name: "jms-lion-config" - subPath: "config.yml" - mountPath: "/opt/lion/data" name: "jms-lion-data" {{- with .volumeMounts }} @@ -68,9 +75,6 @@ spec: {{- end }} restartPolicy: Always volumes: - - configMap: - name: '{{include "jumpserver.fullname" $}}-jms-lion' - name: "jms-lion-config" - persistentVolumeClaim: claimName: '{{include "jumpserver.fullname" $}}-jms-lion-data' name: "jms-lion-data" diff --git a/templates/deployment-nginx.yaml b/templates/deployment-nginx.yaml index 5473b5e..548487d 100644 --- a/templates/deployment-nginx.yaml +++ b/templates/deployment-nginx.yaml @@ -1,7 +1,7 @@ -{{- if .Values.nginx.enabled }} -{{- with .Values.nginx }} -{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-nginx" }} -{{- $containerName := "jms-nginx" }} +{{- if .Values.web.enabled }} +{{- with .Values.web }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-web" }} +{{- $containerName := "jms-web" }} {{- $image := printf "%s:%s" .image.repository .image.tag }} apiVersion: apps/v1 kind: Deployment @@ -53,26 +53,26 @@ spec: {{- toYaml .resources | nindent 12 }} volumeMounts: - mountPath: "/etc/nginx/conf.d/default.conf" - name: "jms-nginx-config" - subPath: "nginx.conf" + name: "jms-web-config" + subPath: "default.conf" - mountPath: "/opt/jumpserver/data" name: "jms-core-data" - - mountPath: "/var/log/nginx" - name: "jms-nginx-logs" + - mountPath: "/var/log/web" + name: "jms-web-logs" {{- with .volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} restartPolicy: Always volumes: - configMap: - name: '{{include "jumpserver.fullname" $}}-jms-nginx' - name: "jms-nginx-config" + name: '{{include "jumpserver.fullname" $}}-jms-web' + name: "jms-web-config" - persistentVolumeClaim: claimName: '{{include "jumpserver.fullname" $}}-jms-core-data' name: "jms-core-data" - persistentVolumeClaim: - claimName: '{{include "jumpserver.fullname" $}}-jms-nginx-logs' - name: "jms-nginx-logs" + claimName: '{{include "jumpserver.fullname" $}}-jms-web-logs' + name: "jms-web-logs" {{- with .volumes }} {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} diff --git a/templates/deployment-omnidb.yaml b/templates/deployment-omnidb.yaml new file mode 100644 index 0000000..2bb4141 --- /dev/null +++ b/templates/deployment-omnidb.yaml @@ -0,0 +1,94 @@ +{{- if .Values.xpack.enabled }} +{{- with .Values.omnidb }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-omnidb" }} +{{- $containerName := "jms-omnidb" }} +{{- $image := printf "%s:%s" .image.repository .image.tag }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $fullName }} + labels: + {{- include "jumpserver.labels" $ | nindent 4 }} + {{- toYaml .labels | nindent 4 }} +spec: + replicas: {{ .replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "jumpserver.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + {{- toYaml .labels | nindent 6 }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "jumpserver.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + {{- toYaml .labels | nindent 8 }} + spec: + serviceAccountName: {{ template "jumpserver.serviceAccountName" $ }} + securityContext: + {{- toYaml .podSecurityContext | nindent 8 }} + containers: + - name: {{ $containerName }} + securityContext: + {{- toYaml .securityContext | nindent 12 }} + image: "{{$image}}" + imagePullPolicy: {{ .image.pullPolicy }} + {{- with .command }} + command: + {{- tpl (toYaml .) $ | nindent 12 }} + {{- end }} + env: + - name: CORE_HOST + value: http://{{include "jumpserver.fullname" $}}-jms-core:{{$.Values.core.service.web.port}} + - name: BOOTSTRAP_TOKEN + value: "{{ $.Values.core.config.bootstrapToken }}" + - name: LOG_LEVEL + value: "{{ .config.log.level }}" + - name: websocket_port + value: "{{ .service.ws.port }}" + - name: listening_port + value: "{{ .service.web.port }}" + {{- with .env }} + {{- tpl (toYaml .) $ | nindent 12 }} + {{- end }} + ports: + - name: web + containerPort: {{ .service.web.port }} + protocol: TCP + - name: ws + containerPort: {{ .service.ws.port }} + protocol: TCP + livenessProbe: + {{- toYaml .livenessProbe | nindent 12}} + readinessProbe: + {{- toYaml .readinessProbe | nindent 12}} + resources: + {{- toYaml .resources | nindent 12 }} + volumeMounts: + - mountPath: "/opt/omnidb/data" + name: "jms-omnidb-data" + {{- with .volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + restartPolicy: Always + volumes: + - persistentVolumeClaim: + claimName: '{{include "jumpserver.fullname" $}}-jms-omnidb-data' + name: "jms-omnidb-data" + {{- with .volumes }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/templates/deployment-xrdp.yaml b/templates/deployment-xrdp.yaml new file mode 100644 index 0000000..0c60f36 --- /dev/null +++ b/templates/deployment-xrdp.yaml @@ -0,0 +1,87 @@ +{{- if .Values.xpack.enabled }} +{{- with .Values.xrdp }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-xrdp" }} +{{- $containerName := "jms-xrdp" }} +{{- $image := printf "%s:%s" .image.repository .image.tag }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $fullName }} + labels: + {{- include "jumpserver.labels" $ | nindent 4 }} + {{- toYaml .labels | nindent 4 }} +spec: + replicas: {{ .replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "jumpserver.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + {{- toYaml .labels | nindent 6 }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "jumpserver.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + {{- toYaml .labels | nindent 8 }} + spec: + serviceAccountName: {{ template "jumpserver.serviceAccountName" $ }} + securityContext: + {{- toYaml .podSecurityContext | nindent 8 }} + containers: + - name: {{ $containerName }} + securityContext: + {{- toYaml .securityContext | nindent 12 }} + image: "{{$image}}" + imagePullPolicy: {{ .image.pullPolicy }} + {{- with .command }} + command: + {{- tpl (toYaml .) $ | nindent 12 }} + {{- end }} + env: + - name: CORE_HOST + value: http://{{include "jumpserver.fullname" $}}-jms-core:{{$.Values.core.service.web.port}} + - name: BOOTSTRAP_TOKEN + value: "{{ $.Values.core.config.bootstrapToken }}" + - name: LOG_LEVEL + value: "{{ .config.log.level }}" + {{- with .env }} + {{- tpl (toYaml .) $ | nindent 12 }} + {{- end }} + ports: + - name: rdp + containerPort: {{ .service.rdp.port }} + protocol: TCP + livenessProbe: + {{- toYaml .livenessProbe | nindent 12}} + readinessProbe: + {{- toYaml .readinessProbe | nindent 12}} + resources: + {{- toYaml .resources | nindent 12 }} + volumeMounts: + - mountPath: "/opt/xrdp/data" + name: "jms-xrdp-data" + {{- with .volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + restartPolicy: Always + volumes: + - persistentVolumeClaim: + claimName: '{{include "jumpserver.fullname" $}}-jms-xrdp-data' + name: "jms-xrdp-data" + {{- with .volumes }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/templates/ingress.yaml b/templates/ingress.yaml index de03a49..be358ce 100644 --- a/templates/ingress.yaml +++ b/templates/ingress.yaml @@ -29,7 +29,7 @@ spec: path: / backend: service: - name: '{{printf "%s-%s" (include "jumpserver.fullname" $) "jms-nginx"}}' + name: '{{printf "%s-%s" (include "jumpserver.fullname" $) "jms-web"}}' port: number: 80 {{- end }} diff --git a/templates/pre-install-initdb.yaml b/templates/pre-install-initdb.yaml index 65ba83a..f37a258 100644 --- a/templates/pre-install-initdb.yaml +++ b/templates/pre-install-initdb.yaml @@ -21,7 +21,10 @@ spec: app.kubernetes.io/instance: {{ $.Release.Name }} {{- toYaml .labels | nindent 8 }} spec: - serviceAccountName: {{ template "jumpserver.serviceAccountName" $ }} + {{- if $.Values.imagePullSecrets }} + imagePullSecrets: + {{ toYaml $.Values.imagePullSecrets | indent 8 }} + {{- end }} securityContext: {{- toYaml .podSecurityContext | nindent 8 }} containers: @@ -35,26 +38,28 @@ spec: - "-c" - cd /opt/jumpserver && ./jms upgrade_db env: - - name: "SECRET_KEY" - value: "{{.config.secretKey}}" - - name: "BOOTSTRAP_TOKEN" - value: "{{.config.bootstrapToken}}" - - name: "DB_HOST" - value: "{{.config.db.host}}" - - name: "DB_PORT" - value: "{{.config.db.port}}" - - name: "DB_USER" - value: "{{.config.db.user}}" - - name: "DB_PASSWORD" - value: "{{.config.db.password}}" - - name: "DB_NAME" - value: "{{.config.db.name}}" - - name: "REDIS_HOST" - value: "{{.config.redis.host}}" - - name: "REDIS_PORT" - value: "{{.config.redis.port}}" - - name: "REDIS_PASSWORD" - value: "{{.config.redis.password}}" + - name: SECRET_KEY + value: "{{ .config.secretKey }}" + - name: BOOTSTRAP_TOKEN + value: "{{ .config.bootstrapToken }}" + - name: DB_ENGINE + value: "{{ .config.db.engine }}" + - name: DB_HOST + value: "{{ .config.db.host }}" + - name: DB_PORT + value: "{{ .config.db.port }}" + - name: DB_USER + value: "{{ .config.db.user }}" + - name: DB_PASSWORD + value: "{{ .config.db.password }}" + - name: DB_NAME + value: "{{ .config.db.name }}" + - name: REDIS_HOST + value: "{{ .config.redis.host }}" + - name: REDIS_PORT + value: "{{ .config.redis.port }}" + - name: REDIS_PASSWORD + value: "{{ .config.redis.password }}" {{- with .env }} {{- tpl (toYaml .) $ | nindent 12 }} {{- end }} diff --git a/templates/pvc-nginx-logs.yaml b/templates/pvc-nginx-logs.yaml index dba700b..31a2e96 100644 --- a/templates/pvc-nginx-logs.yaml +++ b/templates/pvc-nginx-logs.yaml @@ -1,6 +1,6 @@ -{{- if .Values.nginx.enabled }} -{{- with .Values.nginx }} -{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-nginx-logs" }} +{{- if .Values.web.enabled }} +{{- with .Values.web }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-web-logs" }} apiVersion: v1 kind: PersistentVolumeClaim metadata: diff --git a/templates/pvc-omnidb-data.yaml b/templates/pvc-omnidb-data.yaml new file mode 100644 index 0000000..115d796 --- /dev/null +++ b/templates/pvc-omnidb-data.yaml @@ -0,0 +1,29 @@ +{{- if .Values.xpack.enabled }} +{{- with .Values.omnidb }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-omnidb-data" }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ $fullName }} + labels: + {{- include "jumpserver.labels" $ | nindent 4 }} + {{- toYaml .labels | nindent 4 }} + {{- with .persistence.annotations }} + annotations: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .persistence.finalizers }} + finalizers: +{{ toYaml . | indent 4 }} + {{- end }} +spec: + accessModes: + {{- range .persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .persistence.size | quote }} + storageClassName: {{ .persistence.storageClassName }} +{{- end }} +{{- end }} diff --git a/templates/pvc-xrdp-data.yaml b/templates/pvc-xrdp-data.yaml new file mode 100644 index 0000000..27aee14 --- /dev/null +++ b/templates/pvc-xrdp-data.yaml @@ -0,0 +1,29 @@ +{{- if .Values.xpack.enabled }} +{{- with .Values.xrdp }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-xrdp-data" }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ $fullName }} + labels: + {{- include "jumpserver.labels" $ | nindent 4 }} + {{- toYaml .labels | nindent 4 }} + {{- with .persistence.annotations }} + annotations: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .persistence.finalizers }} + finalizers: +{{ toYaml . | indent 4 }} + {{- end }} +spec: + accessModes: + {{- range .persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .persistence.size | quote }} + storageClassName: {{ .persistence.storageClassName }} +{{- end }} +{{- end }} diff --git a/templates/service-core.yaml b/templates/service-core.yaml index 32c4af0..658be39 100644 --- a/templates/service-core.yaml +++ b/templates/service-core.yaml @@ -8,6 +8,8 @@ metadata: labels: {{- include "jumpserver.labels" $ | nindent 4 }} {{- toYaml .labels | nindent 4 }} + annotations: + {{- toYaml .service.annotations | nindent 4 }} spec: type: {{ .service.type }} ports: diff --git a/templates/service-lion.yaml b/templates/service-lion.yaml index d3e51d6..eabaca0 100644 --- a/templates/service-lion.yaml +++ b/templates/service-lion.yaml @@ -8,6 +8,8 @@ metadata: labels: {{- include "jumpserver.labels" $ | nindent 4 }} {{- toYaml .labels | nindent 4 }} + annotations: + {{- toYaml .service.annotations | nindent 4 }} spec: type: {{ .service.type }} ports: diff --git a/templates/service-omnidb.yaml b/templates/service-omnidb.yaml new file mode 100644 index 0000000..a05056e --- /dev/null +++ b/templates/service-omnidb.yaml @@ -0,0 +1,33 @@ +{{- if .Values.xpack.enabled }} +{{- with .Values.omnidb }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-omnidb" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ $fullName }} + labels: + {{- include "jumpserver.labels" $ | nindent 4 }} + {{- toYaml .labels | nindent 4 }} + annotations: + {{- toYaml .service.annotations | nindent 4 }} +spec: + type: {{ .service.type }} + ports: + - port: {{ .service.web.port }} + targetPort: web + protocol: TCP + name: web + - port: {{ .service.ws.port }} + targetPort: ws + protocol: TCP + name: ws + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 + selector: + app.kubernetes.io/name: {{ include "jumpserver.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + {{- toYaml .labels | nindent 4 }} +{{- end }} +{{- end }} diff --git a/templates/service-nginx.yaml b/templates/service-web.yaml similarity index 82% rename from templates/service-nginx.yaml rename to templates/service-web.yaml index 61d2503..f75e8c2 100644 --- a/templates/service-nginx.yaml +++ b/templates/service-web.yaml @@ -1,6 +1,6 @@ -{{- if .Values.nginx.enabled }} -{{- with .Values.nginx }} -{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-nginx" }} +{{- if .Values.web.enabled }} +{{- with .Values.web }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-web" }} apiVersion: v1 kind: Service metadata: @@ -8,6 +8,8 @@ metadata: labels: {{- include "jumpserver.labels" $ | nindent 4 }} {{- toYaml .labels | nindent 4 }} + annotations: + {{- toYaml .service.annotations | nindent 4 }} spec: type: {{ .service.type }} ports: diff --git a/templates/service-xrdp.yaml b/templates/service-xrdp.yaml new file mode 100644 index 0000000..41867f5 --- /dev/null +++ b/templates/service-xrdp.yaml @@ -0,0 +1,29 @@ +{{- if .Values.xpack.enabled }} +{{- with .Values.xrdp }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-xrdp" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ $fullName }} + labels: + {{- include "jumpserver.labels" $ | nindent 4 }} + {{- toYaml .labels | nindent 4 }} + annotations: + {{- toYaml .service.annotations | nindent 4 }} +spec: + type: {{ .service.type }} + ports: + - port: {{ .service.rdp.port }} + targetPort: rdp + protocol: TCP + name: rdp + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 + selector: + app.kubernetes.io/name: {{ include "jumpserver.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + {{- toYaml .labels | nindent 4 }} +{{- end }} +{{- end }} diff --git a/templates/serviceaccount.yaml b/templates/serviceaccount.yaml index 6d590bd..d40a5dc 100644 --- a/templates/serviceaccount.yaml +++ b/templates/serviceaccount.yaml @@ -6,5 +6,5 @@ metadata: labels: {{- include "jumpserver.labels" . | nindent 4 }} imagePullSecrets: - {{- toYaml .Values.serviceAccount.imagePullSecrets | nindent 2 }} + {{- toYaml .Values.imagePullSecrets | nindent 2 }} {{- end -}} diff --git a/values.yaml b/values.yaml index c09b16e..a31423b 100644 --- a/values.yaml +++ b/values.yaml @@ -11,13 +11,13 @@ serviceAccount: # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: - imagePullSecrets: [] - # - name: yourImagePullSecret + +imagePullSecrets: [] +# - name: yourImagePullSecret ingress: enabled: true annotations: - # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" compute-full-forwarded-for: "true" use-forwarded-headers: "true" @@ -66,7 +66,7 @@ core: image: repository: docker.io/jumpserver/core - tag: v2.12.2 + tag: v2.13.1 pullPolicy: IfNotPresent command: [] @@ -146,17 +146,12 @@ koko: config: log: level: ERROR - share_room_type: redis - redis: - host: "" - port: 6379 - password: "" replicaCount: 1 image: repository: docker.io/jumpserver/koko - tag: v2.12.2 + tag: v2.13.1 pullPolicy: IfNotPresent command: [] @@ -178,7 +173,8 @@ koko: podSecurityContext: {} # fsGroup: 2000 - securityContext: {} + securityContext: + privileged: true # capabilities: # drop: # - ALL @@ -234,17 +230,12 @@ lion: config: log: level: ERROR - share_room_type: redis - redis: - host: "" - port: 6379 - password: "" replicaCount: 1 image: repository: docker.io/jumpserver/lion - tag: v2.12.2 + tag: v2.13.1 pullPolicy: IfNotPresent command: [] @@ -311,17 +302,176 @@ lion: affinity: {} -nginx: - enabled: true +xpack: + enabled: false +omnidb: labels: - app.jumpserver.org/name: jms-nginx + app.jumpserver.org/name: jms-omnidb + + config: + log: + level: ERROR replicaCount: 1 image: - repository: docker.io/jumpserver/nginx - tag: v2.12.2 + repository: registry.fit2cloud.com/jumpserver/omnidb + tag: v2.13.1 + pullPolicy: IfNotPresent + + command: [] + + env: [] + + livenessProbe: + failureThreshold: 30 + tcpSocket: + port: web + + readinessProbe: + failureThreshold: 30 + tcpSocket: + port: web + + podSecurityContext: {} + # fsGroup: 2000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + service: + type: ClusterIP + web: + port: 8082 + ws: + port: 8071 + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + persistence: + type: pvc + storageClassName: jumpserver-data + accessModes: + - ReadWriteMany + size: 10Gi + # annotations: {} + finalizers: + - kubernetes.io/pvc-protection + + volumeMounts: [] + + volumes: [] + + nodeSelector: {} + + tolerations: [] + + affinity: {} + +xrdp: + labels: + app.jumpserver.org/name: jms-xrdp + + config: + log: + level: ERROR + + replicaCount: 1 + + image: + repository: registry.fit2cloud.com/jumpserver/xrdp + tag: v2.13.1 + pullPolicy: IfNotPresent + + command: [] + + env: [] + + livenessProbe: + failureThreshold: 30 + tcpSocket: + port: rdp + + readinessProbe: + failureThreshold: 30 + tcpSocket: + port: rdp + + podSecurityContext: {} + # fsGroup: 2000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + service: + type: ClusterIP + rdp: + port: 3389 + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + persistence: + type: pvc + storageClassName: jumpserver-data + accessModes: + - ReadWriteMany + size: 10Gi + # annotations: {} + finalizers: + - kubernetes.io/pvc-protection + + volumeMounts: [] + + volumes: [] + + nodeSelector: {} + + tolerations: [] + + affinity: {} + +web: + enabled: true + + labels: + app.jumpserver.org/name: jms-web + + replicaCount: 1 + + image: + repository: docker.io/jumpserver/web + tag: v2.13.1 pullPolicy: IfNotPresent command: [] @@ -387,11 +537,3 @@ nginx: tolerations: [] affinity: {} - - ## PodSecurityPolicy configuration - ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - ## - podSecurityPolicy: - ## Specifies whether a PodSecurityPolicy should be created - ## - create: false