feat: 更新 v2.21.0

charts/jumpserver/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: "v2.20.3"
+appVersion: "v2.21.0"
 description: A Helm chart for Deploying Jumpserver on Kubernetes
 engine: gotpl
 home: https://jumpserver.org
@@ -10,4 +10,4 @@ maintainers:
 sources:
 - https://github.com/jumpserver/
 name: jumpserver
-version: 2.20.3
+version: 2.21.0

charts/jumpserver/README.md

@@ -30,13 +30,14 @@ helm repo add jumpserver https://jumpserver.github.io/helm-charts
 | `nameOveride`             | name override      | `nil`       |
 | `fullNameOveride`         | full name override | `nil`       |
 | `global.imageRegistry`    | 仓库地址           | `docker.io` |
-| `global.imageTag`         | 版本号             | `v2.20.3  ` |
+| `global.imageTag`         | 版本号             | `v2.21.0  ` |
-| `global.imagePullSecrets` | 私有仓库认证凭据    | `nil`
+| `global.imagePullSecrets` | 私有仓库认证凭据    | `nil`       |
 | `global.storageClass`     | 存储 sc            | `nil`       |
 | `ingress.enabled`         | 开启 ingress       | `true`      |
 | `core.enabled`            | 开启 core          | `true`      |
 | `koko.enabled`            | 开启 koko          | `true`      |
 | `lion.enabled`            | 开启 lion          | `true`      |
+| `magnus.enabled`          | 开启 magnus        | `true`      |
 | `web.enabled`             | 开启 web           | `true`      |
 | `xpack.enable`            | 开启 xpack         | `false`     |
 

charts/jumpserver/templates/_helpers.tpl

@@ -137,6 +137,14 @@ Define JumpServer StorageClass
 {{- end -}}
 {{- end -}}
 
+{{- define "jumpserver.magnus.storageClass" -}}
+{{- if .Values.global.storageClass }}
+{{- .Values.global.storageClass }}
+{{- else -}}
+{{- .Values.magnus.persistence.storageClassName -}}
+{{- end -}}
+{{- end -}}
+
 {{- define "jumpserver.omnidb.storageClass" -}}
 {{- if .Values.global.storageClass }}
 {{- .Values.global.storageClass }}

charts/jumpserver/templates/_images.tpl

@@ -50,6 +50,13 @@ Return the proper JumpServer lion image name
 {{- include "common.images.image" ( dict "imageRoot" .Values.lion.image "global" .Values.global ) -}}
 {{- end -}}
 
+{{/*
+Return the proper JumpServer magnus image name
+*/}}
+{{- define "jumpserver.magnusImage" -}}
+{{- include "common.images.image" ( dict "imageRoot" .Values.magnus.image "global" .Values.global ) -}}
+{{- end -}}
+
 {{/*
 Return the proper JumpServer xrdp image name
 */}}

charts/jumpserver/templates/magnus/deployment-magnus.yaml

@@ -0,0 +1,100 @@
+{{- if .Values.magnus.enabled }}
+{{- with .Values.magnus }}
+{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-magnus" }}
+{{- $containerName := "jms-magnus" }}
+{{- $image := printf "%s" (include "jumpserver.magnusImage" $) }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "jumpserver.labels" $ | nindent 4 }}
+    {{- toYaml .labels | nindent 4 }}
+spec:
+  replicas: {{ .replicaCount }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "jumpserver.name" $ }}
+      app.kubernetes.io/instance: {{ $.Release.Name }}
+      {{- toYaml .labels | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ include "jumpserver.name" $ }}
+        app.kubernetes.io/instance: {{ $.Release.Name }}
+        {{- toYaml .labels | nindent 8 }}
+    spec:
+      {{- if $.Values.global.imagePullSecrets }}
+      imagePullSecrets:
+        {{ toYaml $.Values.global.imagePullSecrets }}
+      {{- end }}
+      serviceAccountName: {{ template "jumpserver.serviceAccountName" $ }}
+      securityContext:
+        {{- toYaml .podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ $containerName }}
+          securityContext:
+            {{- toYaml .securityContext | nindent 12 }}
+          image: {{ $image }}
+          imagePullPolicy: {{ .image.pullPolicy }}
+          {{- with .command }}
+          command:
+            {{- tpl (toYaml .) $ | nindent 12 }}
+          {{- end }}
+          env:
+            - name: CORE_HOST
+              value: "http://{{ include "jumpserver.fullname" $ }}-jms-core:{{ $.Values.core.service.web.port }}"
+            - name: BOOTSTRAP_TOKEN
+              value: {{ $.Values.core.config.bootstrapToken | quote }}
+            - name: LOG_LEVEL
+              value: {{ .config.log.level | quote }}
+            {{- range $key, $val := .env }}
+            - name: {{ $key }}
+              value: {{ $val | quote }}
+            {{- end }}
+          ports:
+            - name: mysql
+              containerPort: {{ .service.mysql.port }}
+              protocol: TCP
+            - name: mariadb
+              containerPort: {{ .service.mariadb.port }}
+              protocol: TCP
+            {{- if $.Values.xpack.enabled }}
+            - name: postgre
+              containerPort: {{ .service.postgre.port }}
+              protocol: TCP
+            {{- end }}
+          livenessProbe:
+            {{- toYaml .livenessProbe | nindent 12}}
+          readinessProbe:
+            {{- toYaml .readinessProbe | nindent 12}}
+          resources:
+            {{- toYaml .resources | nindent 12 }}
+          volumeMounts:
+            - mountPath: "/opt/magnus/data"
+              name: "jms-magnus-data"
+          {{- with .volumeMounts }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      restartPolicy: Always
+      volumes:
+        - persistentVolumeClaim:
+            claimName: '{{ include "jumpserver.fullname" $ }}-jms-magnus-data'
+          name: "jms-magnus-data"
+      {{- with .volumes }}
+        {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
+      {{- with .nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+{{- end }}
+{{- end }}

charts/jumpserver/templates/magnus/pvc-magnus-data.yaml

@@ -0,0 +1,29 @@
+{{- if .Values.magnus.enabled }}
+{{- with .Values.magnus }}
+{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-magnus-data" }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "jumpserver.labels" $ | nindent 4 }}
+    {{- toYaml .labels | nindent 4 }}
+  {{- with .persistence.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+  {{- end }}
+  {{- with .persistence.finalizers }}
+  finalizers:
+{{ toYaml . | indent 4 }}
+  {{- end }}
+spec:
+  accessModes:
+    {{- range .persistence.accessModes }}
+    - {{ . | quote }}
+    {{- end }}
+  resources:
+    requests:
+      storage: {{ .persistence.size | quote }}
+      {{- end }}
+  storageClassName: {{ include "jumpserver.magnus.storageClass" . }}
+{{- end }}

charts/jumpserver/templates/magnus/service-magnus.yaml

@@ -0,0 +1,39 @@
+{{- if .Values.magnus.enabled }}
+{{- with .Values.magnus }}
+{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-magnus" }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "jumpserver.labels" $ | nindent 4 }}
+    {{- toYaml .labels | nindent 4 }}
+  annotations:
+    {{- toYaml .service.annotations | nindent 4 }}
+spec:
+  type: {{ .service.type }}
+  ports:
+    - port: {{ .service.mysql.port }}
+      targetPort: mysql
+      protocol: TCP
+      name: mysql
+    - port: {{ .service.mariadb.port }}
+      targetPort: mariadb
+      protocol: TCP
+      name: mariadb
+    {{- if $.Values.xpack.enabled }}
+    - port: {{ .service.postgre.port }}
+      targetPort: postgre
+      protocol: TCP
+      name: postgre
+    {{- end }}
+  sessionAffinity: ClientIP
+  sessionAffinityConfig:
+    clientIP:
+      timeoutSeconds: 10800
+  selector:
+    app.kubernetes.io/name: {{ include "jumpserver.name" $ }}
+    app.kubernetes.io/instance: {{ $.Release.Name }}
+    {{- toYaml .labels | nindent 4 }}
+{{- end }}
+{{- end }}

charts/jumpserver/values.yaml

@@ -12,7 +12,7 @@ fullnameOverride: ""
 ##
 global:
   imageRegistry: "docker.io"
-  imageTag: v2.20.3
+  imageTag: v2.21.0
   ## E.g.
   #  imagePullSecrets:
   #  - myRegistryKeySecretName
@@ -85,7 +85,7 @@ core:
   image:
     registry: docker.io
     repository: jumpserver/core
-    tag: v2.20.3
+    tag: v2.21.0
     pullPolicy: IfNotPresent
 
   command: []
@@ -142,7 +142,7 @@ core:
     storageClassName: jumpserver-data
     accessModes:
       - ReadWriteMany
-    size: 10Gi
+    size: 100Gi
     # annotations: {}
     finalizers:
       - kubernetes.io/pvc-protection
@@ -174,7 +174,7 @@ koko:
   image:
     registry: docker.io
     repository: jumpserver/koko
-    tag: v2.20.3
+    tag: v2.21.0
     pullPolicy: IfNotPresent
 
   command: []
@@ -263,7 +263,7 @@ lion:
   image:
     registry: docker.io
     repository: jumpserver/lion
-    tag: v2.20.3
+    tag: v2.21.0
     pullPolicy: IfNotPresent
 
   command: []
@@ -318,6 +318,89 @@ lion:
     #   cpu: 100m
     #   memory: 512Mi
 
+  persistence:
+    storageClassName: jumpserver-data
+    accessModes:
+      - ReadWriteMany
+    size: 50Gi
+    # annotations: {}
+    finalizers:
+      - kubernetes.io/pvc-protection
+
+  volumeMounts: []
+
+  volumes: []
+
+  nodeSelector: {}
+
+  tolerations: []
+
+  affinity: {}
+
+magnus:
+  enabled: true
+
+  labels:
+    app.jumpserver.org/name: jms-magnus
+
+  config:
+    log:
+      level: ERROR
+
+  replicaCount: 1
+
+  image:
+    registry: docker.io
+    repository: jumpserver/magnus
+    tag: v2.21.0
+    pullPolicy: IfNotPresent
+
+  command: []
+
+  env: []
+
+  livenessProbe:
+    failureThreshold: 30
+    tcpSocket:
+      port: mysql
+
+  readinessProbe:
+    failureThreshold: 30
+    tcpSocket:
+      port: mysql
+
+  podSecurityContext: {}
+    # fsGroup: 2000
+
+  securityContext: {}
+    # capabilities:
+    #   drop:
+    #   - ALL
+    # readOnlyRootFilesystem: true
+    # runAsNonRoot: true
+    # runAsUser: 1000
+
+  service:
+    type: ClusterIP
+    mysql:
+      port: 33060
+    mariadb:
+      port: 33061
+    postgre:
+      port: 54320
+
+  resources: {}
+    # We usually recommend not to specify default resources and to leave this as a conscious
+    # choice for the user. This also increases chances charts run on environments with little
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    # limits:
+    #   cpu: 100m
+    #   memory: 512Mi
+    # requests:
+    #   cpu: 100m
+    #   memory: 512Mi
+
   persistence:
     storageClassName: jumpserver-data
     accessModes:
@@ -353,7 +436,7 @@ omnidb:
   image:
     registry: registry.fit2cloud.com
     repository: jumpserver/omnidb
-    tag: v2.20.3
+    tag: v2.21.0
     pullPolicy: IfNotPresent
 
   command: []
@@ -430,7 +513,7 @@ xrdp:
   image:
     registry: registry.fit2cloud.com
     repository: jumpserver/xrdp
-    tag: v2.20.3
+    tag: v2.21.0
     pullPolicy: IfNotPresent
 
   command: []
@@ -488,7 +571,7 @@ xrdp:
     storageClassName: jumpserver-data
     accessModes:
       - ReadWriteMany
-    size: 10Gi
+    size: 50Gi
     # annotations: {}
     finalizers:
       - kubernetes.io/pvc-protection
@@ -514,7 +597,7 @@ web:
   image:
     registry: docker.io
     repository: jumpserver/web
-    tag: v2.20.3
+    tag: v2.21.0
     pullPolicy: IfNotPresent
 
   command: []