github/jumpserver-charts
1
0
Fork 0
mirror of https://github.com/jumpserver/helm-charts.git synced 2025-08-19 07:27:29 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #155 from jumpserver/dev

Browse Source 
feat: 更新 v4
This commit is contained in:
吴小白 2024-07-03 19:26:27 +08:00 committed by GitHub
commit cc4e7acac0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
12 changed files with 122 additions and 384 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
charts/jumpserver/README.md
View File

@ -39,9 +39,7 @@ helm repo add jumpserver https://jumpserver.github.io/helm-charts
| `core.enabled` | 开启 core | `true` |
| `koko.enabled` | 开启 koko | `true` |
| `lion.enabled` | 开启 lion | `true` |
| `magnus.enabled` | 开启 magnus | `true` |
| `chen.enabled` | 开启 chen | `true` |
| `kael.enabled` | 开启 kael | `true` |
| `web.enabled` | 开启 web | `true` |
| `xpack.enable` | 开启 xpack | `false` |

48
charts/jumpserver/configs/jms-web/default.conf
View File

@ -1,15 +1,25 @@
{{ $core := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-core" ($.Values.core.service.web.port | toString) }}
{{ $koko := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-koko" ($.Values.koko.service.web.port | toString) }}
{{ $lion := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-lion" ($.Values.lion.service.web.port | toString) }}
{{ $core := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-core" ($.Values.core.service.web.port | toString) }}
{{ $chen := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-chen" ($.Values.chen.service.web.port | toString) }}
{{ $kael := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-kael" ($.Values.kael.service.web.port | toString) }}
{{ $razor := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-razor" ($.Values.razor.service.web.port | toString) }}
server {
listen {{ $.Values.web.service.web.port }};
server_name _;
server_tokens off;
client_max_body_size 4096m; # 录像及文件上传大小限制
client_max_body_size 4096m;
location = /robots.txt {
default_type text/html;
add_header Content-Type "text/plain; charset=UTF-8";
return 200 "User-agent: *\nDisallow: /\n";
}
location /web/health/ {
access_log off;
add_header Content-Type 'application/json';
return 200 '{"status": "ok"}';
}
location /ui/ {
try_files $uri / /index.html;
alias /opt/lina/;
@ -21,13 +31,25 @@ server {
location /download/ {
alias /opt/download/;
}
location /media/replay/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/;
}
location /static/ {
root /opt/jumpserver/data/;
}
location /private-media/ {
internal;
alias /opt/jumpserver/data/media/;
}
{{- if .Values.xpack.enabled }}
location /razor/ {
proxy_pass {{ $razor }};
proxy_buffering off;
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_ignore_client_abort on;
{{- end }}
{{- if .Values.koko.enabled }}
location /koko/ {
proxy_pass {{ $koko }};
@ -66,18 +88,6 @@ server {
proxy_ignore_client_abort on;
}
{{- end }}
{{- if .Values.kael.enabled }}
location /kael/ {
proxy_pass {{ $kael }};
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_ignore_client_abort on;
}
{{- end }}
{{ if .Values.core.enabled }}
location /ws/ {
proxy_pass {{ $core }};

8
charts/jumpserver/templates/_helpers.tpl
View File

@ -181,14 +181,6 @@ Define JumpServer StorageClass.
{{- end -}}
{{- end -}}
{{- define "jumpserver.kael.storageClass" -}}
{{- if .Values.global.storageClass }}
{{- .Values.global.storageClass }}
{{- else -}}
{{- .Values.kael.persistence.storageClassName -}}
{{- end -}}
{{- end -}}
{{- define "jumpserver.razor.storageClass" -}}
{{- if .Values.global.storageClass }}
{{- .Values.global.storageClass }}

131
charts/jumpserver/templates/kael/deployment-kael.yaml
View File

@ -1,131 +0,0 @@
{{- if .Values.kael.enabled }}
{{- with .Values.kael }}
{{- $fullName := include "jumpserver.fullname" $ }}
{{- $containerName := "jms-kael" }}
{{- $registryName := $.Values.global.imageRegistry | default .image.registry }}
{{- $imageOwner := $.Values.global.imageOwner | default "jumpserver" }}
{{- $imageName := "kael" }}
{{- $imageTag := $.Chart.AppVersion }}
{{- $imageWithTag := printf "%s/%s/%s:%s" $registryName $imageOwner $imageName $imageTag | quote }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ $fullName }}-{{ $containerName }}"
labels:
{{- include "jumpserver.labels" $ | nindent 4 }}
{{- toYaml .labels | nindent 4 }}
spec:
replicas: {{ .replicaCount }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "jumpserver.name" $ }}
app.kubernetes.io/instance: {{ $.Release.Name }}
{{- toYaml .labels | nindent 6 }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "jumpserver.name" $ }}
app.kubernetes.io/instance: {{ $.Release.Name }}
{{- toYaml .labels | nindent 8 }}
spec:
{{- if $.Values.global.imagePullSecrets }}
imagePullSecrets:
{{ toYaml $.Values.global.imagePullSecrets }}
{{- end }}
serviceAccountName: {{ template "jumpserver.serviceAccountName" $ }}
securityContext:
{{- toYaml .podSecurityContext | nindent 8 }}
containers:
- name: {{ $containerName }}
securityContext:
{{- toYaml .securityContext | nindent 12 }}
image: {{ $imageWithTag }}
imagePullPolicy: {{ .image.pullPolicy | quote }}
{{- with .command }}
command: {{ toYaml . | nindent 12 }}
{{- end }}
ports:
- name: web
containerPort: {{ .service.web.port }}
protocol: TCP
env:
- name: CORE_HOST
value: "http://{{ $fullName }}-jms-core:{{ $.Values.core.service.web.port }}"
- name: BOOTSTRAP_TOKEN
value: {{ $.Values.core.config.bootstrapToken | quote }}
- name: LOG_LEVEL
value: {{ .config.log.level | quote }}
- name: HTTPD_PORT
value: {{ .service.web.port | quote }}
- name: SHARE_ROOM_TYPE
value: "redis"
{{- if include "jumpserver.sentinel.hosts" $ }}
- name: REDIS_SENTINEL_HOSTS
value: {{ include "jumpserver.sentinel.hosts" $ | quote }}
{{- end }}
{{- if include "jumpserver.sentinel.password" $ }}
- name: REDIS_SENTINEL_PASSWORD
value: {{ include "jumpserver.sentinel.password" $ | quote }}
{{- end }}
{{- if include "jumpserver.sentinel.socketTimeout" $ }}
- name: REDIS_SENTINEL_SOCKET_TIMEOUT
value: {{ include "jumpserver.sentinel.socketTimeout" $ | quote }}
{{- end }}
{{- if include "jumpserver.redis.host" $ }}
- name: REDIS_HOST
value: {{ include "jumpserver.redis.host" $ | quote }}
{{- end }}
{{- if include "jumpserver.redis.port" $ }}
- name: REDIS_PORT
value: {{ include "jumpserver.redis.port" $ | quote }}
{{- end }}
{{- if include "jumpserver.redis.password" $ }}
- name: REDIS_PASSWORD
value: {{ include "jumpserver.redis.password" $ | quote }}
{{- end }}
{{- range $key, $val := .env }}
- name: {{ $key }}
value: {{ $val | quote }}
{{- end }}
livenessProbe:
{{- toYaml .livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .readinessProbe | nindent 12 }}
resources:
{{- toYaml .resources | nindent 12 }}
volumeMounts:
- mountPath: "/opt/kael/data"
name: "jms-kael-data"
{{- if .persistence.subPath }}
subPath: {{ .persistence.subPath | quote }}
{{- end }}
{{- with .volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
restartPolicy: Always
volumes:
- persistentVolumeClaim:
{{- if .persistence.existingClaim }}
claimName: {{ .persistence.existingClaim | quote }}
{{- else }}
claimName: '{{ $fullName }}-jms-kael-data'
{{- end }}
name: "jms-kael-data"
{{- with .volumes }}
{{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- with .nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

30
charts/jumpserver/templates/kael/pvc-kael-data.yaml
View File

@ -1,30 +0,0 @@
{{- if and .Values.kael.enabled (not .Values.kael.persistence.existingClaim)}}
{{- with .Values.kael }}
{{- $fullName := include "jumpserver.fullname" $ }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: "{{ $fullName }}-jms-kael-data"
labels:
{{- include "jumpserver.labels" $ | nindent 4 }}
{{- toYaml .labels | nindent 4 }}
{{- with .persistence.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .persistence.finalizers }}
finalizers:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
accessModes:
{{- range .persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .persistence.size | quote }}
{{- end }}
storageClassName: {{ include "jumpserver.kael.storageClass" . }}
{{- end }}

30
charts/jumpserver/templates/kael/service-kael.yaml
View File

@ -1,30 +0,0 @@
{{- if .Values.kael.enabled }}
{{- with .Values.kael }}
{{- $fullName := include "jumpserver.fullname" $ }}
apiVersion: v1
kind: Service
metadata:
name: "{{ $fullName }}-jms-kael"
labels:
{{- include "jumpserver.labels" $ | nindent 4 }}
{{- toYaml .labels | nindent 4 }}
annotations:
{{- toYaml .service.annotations | nindent 4 }}
spec:
type: {{ .service.type }}
ports:
- port: {{ .service.web.port }}
targetPort: web
protocol: TCP
name: web
sessionAffinity: ClientIP
sessionAffinityConfig:
clientIP:
timeoutSeconds: 10800
selector:
app.kubernetes.io/name: {{ include "jumpserver.name" $ }}
app.kubernetes.io/instance: {{ $.Release.Name }}
{{- toYaml .labels | nindent 4 }}
{{- end }}
{{- end }}

4
charts/jumpserver/templates/magnus/deployment-magnus.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.magnus.enabled }}
{{- if .Values.xpack.enabled }}
{{- with .Values.magnus }}
{{- $fullName := include "jumpserver.fullname" $ }}
{{- $containerName := "jms-magnus" }}
@ -109,13 +109,11 @@ spec:
- name: postgresql
containerPort: {{ $postgresqlPort }}
protocol: TCP
{{- if $.Values.xpack.enabled }}
{{- range $port := untilStep $oraclePortStart $oraclePortEnd 1 }}
- name: oracle-{{ $port }}
containerPort: {{ $port }}
protocol: TCP
{{- end }}
{{- end }}
livenessProbe:
{{- toYaml .livenessProbe | nindent 12 }}
readinessProbe:

2
charts/jumpserver/templates/magnus/pvc-magnus-data.yaml
View File

@ -1,4 +1,4 @@
{{- if and .Values.magnus.enabled (not .Values.magnus.persistence.existingClaim)}}
{{- if and .Values.xpack.enabled (not .Values.magnus.persistence.existingClaim)}}
{{- with .Values.magnus }}
{{- $fullName := include "jumpserver.fullname" $ }}

6
charts/jumpserver/templates/magnus/service-magnus.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.magnus.enabled }}
{{- if .Values.xpack.enabled }}
{{- with .Values.magnus }}
{{- $fullName := include "jumpserver.fullname" $ }}
{{- $mysqlPort := printf "%s" (include "jumpserver.magnus.mysql.port" $) }}
@ -32,12 +32,10 @@ spec:
targetPort: redis
protocol: TCP
name: redis
{{- if $.Values.xpack.enabled }}
- port: {{ .service.postgresql.port }}
targetPort: postgresql
protocol: TCP
name: postgresql
{{- if $.Values.xpack.enabled }}
{{- range $port := untilStep $oraclePortStart $oraclePortEnd 1 }}
- port: {{ $port }}
{{- if eq $.Values.magnus.service.type "NodePort" }}
@ -47,8 +45,6 @@ spec:
protocol: TCP
name: oracle-{{ $port }}
{{- end }}
{{- end }}
{{- end }}
sessionAffinity: ClientIP
sessionAffinityConfig:
clientIP:

7
charts/jumpserver/templates/razor/deployment-razor.yaml
View File

@ -49,6 +49,10 @@ spec:
value: {{ $.Values.core.config.bootstrapToken | quote }}
- name: LOG_LEVEL
value: {{ .config.log.level | quote }}
- name: RAZOR_HTTP_PORT
value: {{ .service.web.port | quote }}
- name: RDP_PORT
value: {{ .service.rdp.port | quote }}
{{- if include "jumpserver.sentinel.hosts" $ }}
- name: REDIS_SENTINEL_HOSTS
value: {{ include "jumpserver.sentinel.hosts" $ | quote }}
@ -78,6 +82,9 @@ spec:
value: {{ $val | quote }}
{{- end }}
ports:
- name: web
containerPort: {{ .service.web.port }}
protocol: TCP
- name: rdp
containerPort: {{ .service.rdp.port }}
protocol: TCP

4
charts/jumpserver/templates/razor/service-razor.yaml
View File

@ -14,6 +14,10 @@ metadata:
spec:
type: {{ .service.type }}
ports:
- port: {{ .service.web.port }}
targetPort: web
protocol: TCP
name: web
- port: {{ .service.rdp.port }}
targetPort: rdp
{{- if eq .service.type "NodePort" }}

234
charts/jumpserver/values.yaml
View File

@ -329,9 +329,85 @@ lion:
affinity: {}
magnus:
chen:
enabled: true
labels:
app.jumpserver.org/name: jms-chen
config:
log:
level: ERROR
replicaCount: 1
image:
registry: docker.io
pullPolicy: IfNotPresent
env: []
livenessProbe:
initialDelaySeconds: 60
failureThreshold: 3
timeoutSeconds: 5
tcpSocket:
port: web
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
web:
port: 8082
resources: {}
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
persistence:
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany
size: 10Gi
annotations:
"helm.sh/resource-policy": keep
finalizers:
- kubernetes.io/pvc-protection
# subPath: ""
# existingClaim: ""
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
xpack:
enabled: false
magnus:
labels:
app.jumpserver.org/name: jms-magnus
@ -414,160 +490,6 @@ magnus:
affinity: {}
chen:
enabled: true
labels:
app.jumpserver.org/name: jms-chen
config:
log:
level: ERROR
replicaCount: 1
image:
registry: docker.io
pullPolicy: IfNotPresent
env: []
livenessProbe:
initialDelaySeconds: 60
failureThreshold: 3
timeoutSeconds: 5
tcpSocket:
port: web
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
web:
port: 8082
resources: {}
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
persistence:
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany
size: 10Gi
annotations:
"helm.sh/resource-policy": keep
finalizers:
- kubernetes.io/pvc-protection
# subPath: ""
# existingClaim: ""
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
kael:
enabled: true
labels:
app.jumpserver.org/name: jms-kael
config:
log:
level: ERROR
replicaCount: 1
image:
registry: docker.io
pullPolicy: IfNotPresent
env: []
livenessProbe:
initialDelaySeconds: 10
failureThreshold: 3
timeoutSeconds: 5
httpGet:
path: /kael/health/
port: web
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
web:
port: 8083
resources: {}
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
persistence:
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany
size: 10Gi
annotations:
"helm.sh/resource-policy": keep
finalizers:
- kubernetes.io/pvc-protection
# subPath: ""
# existingClaim: ""
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
xpack:
enabled: false
xrdp:
labels:
app.jumpserver.org/name: jms-xrdp
@ -677,6 +599,8 @@ razor:
service:
type: ClusterIP
web:
port: 8084
rdp:
port: 3389