diff --git a/charts/jumpserver/README.md b/charts/jumpserver/README.md index 59a5dd6..c0ee0a1 100644 --- a/charts/jumpserver/README.md +++ b/charts/jumpserver/README.md @@ -39,9 +39,7 @@ helm repo add jumpserver https://jumpserver.github.io/helm-charts | `core.enabled` | 开启 core | `true` | | `koko.enabled` | 开启 koko | `true` | | `lion.enabled` | 开启 lion | `true` | -| `magnus.enabled` | 开启 magnus | `true` | | `chen.enabled` | 开启 chen | `true` | -| `kael.enabled` | 开启 kael | `true` | | `web.enabled` | 开启 web | `true` | | `xpack.enable` | 开启 xpack | `false` | diff --git a/charts/jumpserver/configs/jms-web/default.conf b/charts/jumpserver/configs/jms-web/default.conf index dce5c3c..357af3e 100644 --- a/charts/jumpserver/configs/jms-web/default.conf +++ b/charts/jumpserver/configs/jms-web/default.conf @@ -1,15 +1,25 @@ +{{ $core := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-core" ($.Values.core.service.web.port | toString) }} {{ $koko := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-koko" ($.Values.koko.service.web.port | toString) }} {{ $lion := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-lion" ($.Values.lion.service.web.port | toString) }} -{{ $core := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-core" ($.Values.core.service.web.port | toString) }} {{ $chen := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-chen" ($.Values.chen.service.web.port | toString) }} -{{ $kael := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-kael" ($.Values.kael.service.web.port | toString) }} +{{ $razor := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-razor" ($.Values.razor.service.web.port | toString) }} server { listen {{ $.Values.web.service.web.port }}; server_name _; server_tokens off; - client_max_body_size 4096m; # 录像及文件上传大小限制 + client_max_body_size 4096m; + location = /robots.txt { + default_type text/html; + add_header Content-Type "text/plain; charset=UTF-8"; + return 200 "User-agent: *\nDisallow: /\n"; + } + location /web/health/ { + access_log off; + add_header Content-Type 'application/json'; + return 200 '{"status": "ok"}'; + } location /ui/ { try_files $uri / /index.html; alias /opt/lina/; @@ -21,13 +31,25 @@ server { location /download/ { alias /opt/download/; } - location /media/replay/ { - add_header Content-Encoding gzip; - root /opt/jumpserver/data/; - } location /static/ { root /opt/jumpserver/data/; } + location /private-media/ { + internal; + alias /opt/jumpserver/data/media/; + } + {{- if .Values.xpack.enabled }} + location /razor/ { + proxy_pass {{ $razor }}; + proxy_buffering off; + proxy_http_version 1.1; + proxy_request_buffering off; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_ignore_client_abort on; + {{- end }} {{- if .Values.koko.enabled }} location /koko/ { proxy_pass {{ $koko }}; @@ -66,18 +88,6 @@ server { proxy_ignore_client_abort on; } {{- end }} - {{- if .Values.kael.enabled }} - location /kael/ { - proxy_pass {{ $kael }}; - proxy_buffering off; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_ignore_client_abort on; - } - {{- end }} {{ if .Values.core.enabled }} location /ws/ { proxy_pass {{ $core }}; diff --git a/charts/jumpserver/templates/_helpers.tpl b/charts/jumpserver/templates/_helpers.tpl index e0d6a21..7a6fada 100644 --- a/charts/jumpserver/templates/_helpers.tpl +++ b/charts/jumpserver/templates/_helpers.tpl @@ -181,14 +181,6 @@ Define JumpServer StorageClass. {{- end -}} {{- end -}} -{{- define "jumpserver.kael.storageClass" -}} -{{- if .Values.global.storageClass }} -{{- .Values.global.storageClass }} -{{- else -}} -{{- .Values.kael.persistence.storageClassName -}} -{{- end -}} -{{- end -}} - {{- define "jumpserver.razor.storageClass" -}} {{- if .Values.global.storageClass }} {{- .Values.global.storageClass }} diff --git a/charts/jumpserver/templates/kael/deployment-kael.yaml b/charts/jumpserver/templates/kael/deployment-kael.yaml deleted file mode 100644 index 0a2e6eb..0000000 --- a/charts/jumpserver/templates/kael/deployment-kael.yaml +++ /dev/null @@ -1,131 +0,0 @@ -{{- if .Values.kael.enabled }} -{{- with .Values.kael }} -{{- $fullName := include "jumpserver.fullname" $ }} -{{- $containerName := "jms-kael" }} -{{- $registryName := $.Values.global.imageRegistry | default .image.registry }} -{{- $imageOwner := $.Values.global.imageOwner | default "jumpserver" }} -{{- $imageName := "kael" }} -{{- $imageTag := $.Chart.AppVersion }} -{{- $imageWithTag := printf "%s/%s/%s:%s" $registryName $imageOwner $imageName $imageTag | quote }} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: "{{ $fullName }}-{{ $containerName }}" - labels: - {{- include "jumpserver.labels" $ | nindent 4 }} - {{- toYaml .labels | nindent 4 }} -spec: - replicas: {{ .replicaCount }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "jumpserver.name" $ }} - app.kubernetes.io/instance: {{ $.Release.Name }} - {{- toYaml .labels | nindent 6 }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "jumpserver.name" $ }} - app.kubernetes.io/instance: {{ $.Release.Name }} - {{- toYaml .labels | nindent 8 }} - spec: - {{- if $.Values.global.imagePullSecrets }} - imagePullSecrets: - {{ toYaml $.Values.global.imagePullSecrets }} - {{- end }} - serviceAccountName: {{ template "jumpserver.serviceAccountName" $ }} - securityContext: - {{- toYaml .podSecurityContext | nindent 8 }} - containers: - - name: {{ $containerName }} - securityContext: - {{- toYaml .securityContext | nindent 12 }} - image: {{ $imageWithTag }} - imagePullPolicy: {{ .image.pullPolicy | quote }} - {{- with .command }} - command: {{ toYaml . | nindent 12 }} - {{- end }} - ports: - - name: web - containerPort: {{ .service.web.port }} - protocol: TCP - env: - - name: CORE_HOST - value: "http://{{ $fullName }}-jms-core:{{ $.Values.core.service.web.port }}" - - name: BOOTSTRAP_TOKEN - value: {{ $.Values.core.config.bootstrapToken | quote }} - - name: LOG_LEVEL - value: {{ .config.log.level | quote }} - - name: HTTPD_PORT - value: {{ .service.web.port | quote }} - - name: SHARE_ROOM_TYPE - value: "redis" - {{- if include "jumpserver.sentinel.hosts" $ }} - - name: REDIS_SENTINEL_HOSTS - value: {{ include "jumpserver.sentinel.hosts" $ | quote }} - {{- end }} - {{- if include "jumpserver.sentinel.password" $ }} - - name: REDIS_SENTINEL_PASSWORD - value: {{ include "jumpserver.sentinel.password" $ | quote }} - {{- end }} - {{- if include "jumpserver.sentinel.socketTimeout" $ }} - - name: REDIS_SENTINEL_SOCKET_TIMEOUT - value: {{ include "jumpserver.sentinel.socketTimeout" $ | quote }} - {{- end }} - {{- if include "jumpserver.redis.host" $ }} - - name: REDIS_HOST - value: {{ include "jumpserver.redis.host" $ | quote }} - {{- end }} - {{- if include "jumpserver.redis.port" $ }} - - name: REDIS_PORT - value: {{ include "jumpserver.redis.port" $ | quote }} - {{- end }} - {{- if include "jumpserver.redis.password" $ }} - - name: REDIS_PASSWORD - value: {{ include "jumpserver.redis.password" $ | quote }} - {{- end }} - {{- range $key, $val := .env }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - livenessProbe: - {{- toYaml .livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .readinessProbe | nindent 12 }} - resources: - {{- toYaml .resources | nindent 12 }} - volumeMounts: - - mountPath: "/opt/kael/data" - name: "jms-kael-data" - {{- if .persistence.subPath }} - subPath: {{ .persistence.subPath | quote }} - {{- end }} - {{- with .volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - restartPolicy: Always - volumes: - - persistentVolumeClaim: - {{- if .persistence.existingClaim }} - claimName: {{ .persistence.existingClaim | quote }} - {{- else }} - claimName: '{{ $fullName }}-jms-kael-data' - {{- end }} - name: "jms-kael-data" - {{- with .volumes }} - {{- tpl (toYaml .) $ | nindent 8 }} - {{- end }} - {{- with .nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/jumpserver/templates/kael/pvc-kael-data.yaml b/charts/jumpserver/templates/kael/pvc-kael-data.yaml deleted file mode 100644 index 6c492a0..0000000 --- a/charts/jumpserver/templates/kael/pvc-kael-data.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if and .Values.kael.enabled (not .Values.kael.persistence.existingClaim)}} -{{- with .Values.kael }} -{{- $fullName := include "jumpserver.fullname" $ }} - -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: "{{ $fullName }}-jms-kael-data" - labels: - {{- include "jumpserver.labels" $ | nindent 4 }} - {{- toYaml .labels | nindent 4 }} - {{- with .persistence.annotations }} - annotations: -{{ toYaml . | indent 4 }} - {{- end }} - {{- with .persistence.finalizers }} - finalizers: -{{ toYaml . | indent 4 }} - {{- end }} -spec: - accessModes: - {{- range .persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .persistence.size | quote }} - {{- end }} - storageClassName: {{ include "jumpserver.kael.storageClass" . }} -{{- end }} diff --git a/charts/jumpserver/templates/kael/service-kael.yaml b/charts/jumpserver/templates/kael/service-kael.yaml deleted file mode 100644 index 706df24..0000000 --- a/charts/jumpserver/templates/kael/service-kael.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if .Values.kael.enabled }} -{{- with .Values.kael }} -{{- $fullName := include "jumpserver.fullname" $ }} - -apiVersion: v1 -kind: Service -metadata: - name: "{{ $fullName }}-jms-kael" - labels: - {{- include "jumpserver.labels" $ | nindent 4 }} - {{- toYaml .labels | nindent 4 }} - annotations: - {{- toYaml .service.annotations | nindent 4 }} -spec: - type: {{ .service.type }} - ports: - - port: {{ .service.web.port }} - targetPort: web - protocol: TCP - name: web - sessionAffinity: ClientIP - sessionAffinityConfig: - clientIP: - timeoutSeconds: 10800 - selector: - app.kubernetes.io/name: {{ include "jumpserver.name" $ }} - app.kubernetes.io/instance: {{ $.Release.Name }} - {{- toYaml .labels | nindent 4 }} -{{- end }} -{{- end }} diff --git a/charts/jumpserver/templates/magnus/deployment-magnus.yaml b/charts/jumpserver/templates/magnus/deployment-magnus.yaml index 7053e76..5f44d94 100644 --- a/charts/jumpserver/templates/magnus/deployment-magnus.yaml +++ b/charts/jumpserver/templates/magnus/deployment-magnus.yaml @@ -1,4 +1,4 @@ -{{- if .Values.magnus.enabled }} +{{- if .Values.xpack.enabled }} {{- with .Values.magnus }} {{- $fullName := include "jumpserver.fullname" $ }} {{- $containerName := "jms-magnus" }} @@ -109,13 +109,11 @@ spec: - name: postgresql containerPort: {{ $postgresqlPort }} protocol: TCP - {{- if $.Values.xpack.enabled }} {{- range $port := untilStep $oraclePortStart $oraclePortEnd 1 }} - name: oracle-{{ $port }} containerPort: {{ $port }} protocol: TCP {{- end }} - {{- end }} livenessProbe: {{- toYaml .livenessProbe | nindent 12 }} readinessProbe: diff --git a/charts/jumpserver/templates/magnus/pvc-magnus-data.yaml b/charts/jumpserver/templates/magnus/pvc-magnus-data.yaml index bfce585..84b7df9 100644 --- a/charts/jumpserver/templates/magnus/pvc-magnus-data.yaml +++ b/charts/jumpserver/templates/magnus/pvc-magnus-data.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.magnus.enabled (not .Values.magnus.persistence.existingClaim)}} +{{- if and .Values.xpack.enabled (not .Values.magnus.persistence.existingClaim)}} {{- with .Values.magnus }} {{- $fullName := include "jumpserver.fullname" $ }} diff --git a/charts/jumpserver/templates/magnus/service-magnus.yaml b/charts/jumpserver/templates/magnus/service-magnus.yaml index 7eef9d3..5836858 100644 --- a/charts/jumpserver/templates/magnus/service-magnus.yaml +++ b/charts/jumpserver/templates/magnus/service-magnus.yaml @@ -1,4 +1,4 @@ -{{- if .Values.magnus.enabled }} +{{- if .Values.xpack.enabled }} {{- with .Values.magnus }} {{- $fullName := include "jumpserver.fullname" $ }} {{- $mysqlPort := printf "%s" (include "jumpserver.magnus.mysql.port" $) }} @@ -32,12 +32,10 @@ spec: targetPort: redis protocol: TCP name: redis - {{- if $.Values.xpack.enabled }} - port: {{ .service.postgresql.port }} targetPort: postgresql protocol: TCP name: postgresql - {{- if $.Values.xpack.enabled }} {{- range $port := untilStep $oraclePortStart $oraclePortEnd 1 }} - port: {{ $port }} {{- if eq $.Values.magnus.service.type "NodePort" }} @@ -47,8 +45,6 @@ spec: protocol: TCP name: oracle-{{ $port }} {{- end }} - {{- end }} - {{- end }} sessionAffinity: ClientIP sessionAffinityConfig: clientIP: diff --git a/charts/jumpserver/templates/razor/deployment-razor.yaml b/charts/jumpserver/templates/razor/deployment-razor.yaml index 05f09b8..44f10bf 100644 --- a/charts/jumpserver/templates/razor/deployment-razor.yaml +++ b/charts/jumpserver/templates/razor/deployment-razor.yaml @@ -49,6 +49,10 @@ spec: value: {{ $.Values.core.config.bootstrapToken | quote }} - name: LOG_LEVEL value: {{ .config.log.level | quote }} + - name: RAZOR_HTTP_PORT + value: {{ .service.web.port | quote }} + - name: RDP_PORT + value: {{ .service.rdp.port | quote }} {{- if include "jumpserver.sentinel.hosts" $ }} - name: REDIS_SENTINEL_HOSTS value: {{ include "jumpserver.sentinel.hosts" $ | quote }} @@ -78,6 +82,9 @@ spec: value: {{ $val | quote }} {{- end }} ports: + - name: web + containerPort: {{ .service.web.port }} + protocol: TCP - name: rdp containerPort: {{ .service.rdp.port }} protocol: TCP diff --git a/charts/jumpserver/templates/razor/service-razor.yaml b/charts/jumpserver/templates/razor/service-razor.yaml index baa3c4b..20c3931 100644 --- a/charts/jumpserver/templates/razor/service-razor.yaml +++ b/charts/jumpserver/templates/razor/service-razor.yaml @@ -14,6 +14,10 @@ metadata: spec: type: {{ .service.type }} ports: + - port: {{ .service.web.port }} + targetPort: web + protocol: TCP + name: web - port: {{ .service.rdp.port }} targetPort: rdp {{- if eq .service.type "NodePort" }} diff --git a/charts/jumpserver/values.yaml b/charts/jumpserver/values.yaml index 7425885..b5d4336 100644 --- a/charts/jumpserver/values.yaml +++ b/charts/jumpserver/values.yaml @@ -329,9 +329,85 @@ lion: affinity: {} -magnus: +chen: enabled: true + labels: + app.jumpserver.org/name: jms-chen + + config: + log: + level: ERROR + + replicaCount: 1 + + image: + registry: docker.io + pullPolicy: IfNotPresent + + env: [] + + livenessProbe: + initialDelaySeconds: 60 + failureThreshold: 3 + timeoutSeconds: 5 + tcpSocket: + port: web + + podSecurityContext: {} + # fsGroup: 2000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + service: + type: ClusterIP + web: + port: 8082 + + resources: {} + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + persistence: + storageClassName: jumpserver-data + accessModes: + - ReadWriteMany + size: 10Gi + annotations: + "helm.sh/resource-policy": keep + finalizers: + - kubernetes.io/pvc-protection + # subPath: "" + # existingClaim: "" + + volumeMounts: [] + + volumes: [] + + nodeSelector: {} + + tolerations: [] + + affinity: {} + +xpack: + enabled: false + +magnus: labels: app.jumpserver.org/name: jms-magnus @@ -414,160 +490,6 @@ magnus: affinity: {} -chen: - enabled: true - - labels: - app.jumpserver.org/name: jms-chen - - config: - log: - level: ERROR - - replicaCount: 1 - - image: - registry: docker.io - pullPolicy: IfNotPresent - - env: [] - - livenessProbe: - initialDelaySeconds: 60 - failureThreshold: 3 - timeoutSeconds: 5 - tcpSocket: - port: web - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - web: - port: 8082 - - resources: {} - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 10Gi - annotations: - "helm.sh/resource-policy": keep - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} - -kael: - enabled: true - - labels: - app.jumpserver.org/name: jms-kael - - config: - log: - level: ERROR - - replicaCount: 1 - - image: - registry: docker.io - pullPolicy: IfNotPresent - - env: [] - - livenessProbe: - initialDelaySeconds: 10 - failureThreshold: 3 - timeoutSeconds: 5 - httpGet: - path: /kael/health/ - port: web - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - web: - port: 8083 - - resources: {} - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 10Gi - annotations: - "helm.sh/resource-policy": keep - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} - -xpack: - enabled: false - xrdp: labels: app.jumpserver.org/name: jms-xrdp @@ -677,6 +599,8 @@ razor: service: type: ClusterIP + web: + port: 8084 rdp: port: 3389