diff --git a/.history/charts/jumpserver/Chart_20230329114604.yaml b/.history/charts/jumpserver/Chart_20230329114604.yaml deleted file mode 100644 index b09d69a..0000000 --- a/.history/charts/jumpserver/Chart_20230329114604.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: "v3.1.0" -description: A Helm chart for Deploying Jumpserver on Kubernetes -engine: gotpl -home: https://jumpserver.org -icon: https://jumpserver.org/images/logo/favicon.ico -maintainers: -- email: support@fit2cloud.com - name: jumpserver -sources: -- https://github.com/jumpserver/ -name: jumpserver -version: 3.1.0 diff --git a/.history/charts/jumpserver/Chart_20230329114712.yaml b/.history/charts/jumpserver/Chart_20230329114712.yaml deleted file mode 100644 index 0f5e5b9..0000000 --- a/.history/charts/jumpserver/Chart_20230329114712.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -appVersion: "v3.1.1" -description: A Helm chart for Deploying Jumpserver on Kubernetes -engine: gotpl -home: https://jumpserver.org -icon: https://jumpserver.org/images/logo/favicon.ico -maintainers: -- email: support@fit2cloud.com - name: jumpserver -sources: -- https://github.com/jumpserver/ -name: jumpserver -version: 3.1.1 diff --git a/.history/charts/jumpserver/README_20230329114604.md b/.history/charts/jumpserver/README_20230329114604.md deleted file mode 100644 index e2e28bf..0000000 --- a/.history/charts/jumpserver/README_20230329114604.md +++ /dev/null @@ -1,113 +0,0 @@ -# Jumpserver - -[Jumpserver](http://www.jumpserver.org/) 是全球首款完全开源的堡垒机, 使用 GNU GPL v2.0 开源协议, 是符合 4A 的专业运维审计系统。 - -## 使用方法 - -```bash -helm repo add jumpserver https://jumpserver.github.io/helm-charts -``` - -## 介绍 - -当前 Chart 包含了 Jumpserver 所需的基本组件 - -## 依赖 - -- Kubernetes 1.20+ -- Helm 3.0 - -**Tip**: List all releases using `helm repo list` - -## 参数 - -下面的表格中列出了一些必要的参数,发布前请先阅读并设置 - -### 总览 - -| 参数 | 描述 | 默认值 | -| ------------------------- | ------------------ | ----------- | -| `nameOveride` | name override | `nil` | -| `fullNameOveride` | full name override | `nil` | -| `global.imageRegistry` | 仓库地址 | `docker.io` | -| `global.imageTag` | 版本号 | `v3.1.0 ` | -| `global.imagePullSecrets` | 私有仓库认证凭据 | `nil` | -| `global.storageClass` | 存储 sc | `nil` | -| `ingress.enabled` | 开启 ingress | `true` | -| `core.enabled` | 开启 core | `true` | -| `koko.enabled` | 开启 koko | `true` | -| `lion.enabled` | 开启 lion | `true` | -| `magnus.enabled` | 开启 magnus | `true` | -| `web.enabled` | 开启 web | `true` | -| `xpack.enable` | 开启 xpack | `false` | - -### 必填 - -| 参数 | 描述 | 默认值 | -| ------------------------------ | ---------------------------------------------| ---------------------- | -| `global.storageClass` | 持久化存储 | `nil` | -| `core.config.secretKey` | 加密秘钥 生产环境中请修改为随机字符串,请勿外泄 | `nil` | -| `core.config.bootstrapToken` | 预共享 Token 组件注册需要使用 | `nil` | -| `externalDatabase.engine` | 数据库引擎 | `mysql` | -| `externalDatabase.host` | 数据库 IP 地址 | `nil` | -| `externalDatabase.port` | 数据库端口 | `3306` | -| `externalDatabase.user` | 数据库用户名 | `jumpserver` | -| `externalDatabase.password` | 数据库密码 | `nil` | -| `externalDatabase.database` | 数据库名称 | `nil` | -| `externalRedis.host` | redisIP 地址 | `nil` | -| `externalRedis.port` | redis 端口 | `6379` | -| `externalRedis.password` | redis 密码 | `nil` | - -### 其他 - -| 参数 | 描述 | 默认值 | -| --------------------- | --------------------------------------------------------- | ------- | -| `log.level` | 日志等级 | `INFO` | -| `replicaCount` | 副本数量 | `1` | -| `tag` | 版本号 | `nil` | -| `persistence` | 持久化存储相关设置 | `nil` | - -在 `helm install` 时通过 `--set key=value[,key=value]` 指定参数. 举例: - -```bash -helm install jumpserver ./ \ ---set ingress.enabled=true -``` - -上条命令开启了 ingress. - -**注**: 默认使用 [values.yaml](values.yaml) - -## 示例 - -```bash -helm install jms-k8s jumpserver/jumpserver -n default \ ---set core.config.secretKey=GxrLH7rewfsRN8B9Zl6MEGD50Uou4LF6UVsEIayGMhYll8dqmn \ ---set core.config.bootstrapToken=ilR8RvAbK7lgRTxs \ ---set global.storageClass=jms-data \ ---set externalDatabase.engine=mysql \ ---set externalDatabase.host=jms-mysql \ ---set externalDatabase.port=3306 \ ---set externalDatabase.user=jms \ ---set externalDatabase.password=Password131 \ ---set externalDatabase.database=jumpserver \ ---set externalRedis.host=jms-redis-master \ ---set externalRedis.port=6379 \ ---set koko.service.type=NodePort \ ---set web.service.type=NodePort \ ---set externalRedis.password=PasswordRedis -``` - -## 卸载 - -删除 `jms-k8s` release: - -```bash -$ helm delete jms-k8s -n default -``` - -上条命令删除了所有包含在 release 中的组件 - -## 鸣谢说明 - -本项目初始代码是由 [xiaomaimuchanyiyiba](https://github.com/xiaomaimuchanyiyiba) 贡献。[原仓库地址](https://github.com/xiaomaimuchanyiyiba/jumpserver) diff --git a/.history/charts/jumpserver/README_20230329114712.md b/.history/charts/jumpserver/README_20230329114712.md deleted file mode 100644 index a1d7c95..0000000 --- a/.history/charts/jumpserver/README_20230329114712.md +++ /dev/null @@ -1,113 +0,0 @@ -# Jumpserver - -[Jumpserver](http://www.jumpserver.org/) 是全球首款完全开源的堡垒机, 使用 GNU GPL v2.0 开源协议, 是符合 4A 的专业运维审计系统。 - -## 使用方法 - -```bash -helm repo add jumpserver https://jumpserver.github.io/helm-charts -``` - -## 介绍 - -当前 Chart 包含了 Jumpserver 所需的基本组件 - -## 依赖 - -- Kubernetes 1.20+ -- Helm 3.0 - -**Tip**: List all releases using `helm repo list` - -## 参数 - -下面的表格中列出了一些必要的参数,发布前请先阅读并设置 - -### 总览 - -| 参数 | 描述 | 默认值 | -| ------------------------- | ------------------ | ----------- | -| `nameOveride` | name override | `nil` | -| `fullNameOveride` | full name override | `nil` | -| `global.imageRegistry` | 仓库地址 | `docker.io` | -| `global.imageTag` | 版本号 | `v3.1.1 ` | -| `global.imagePullSecrets` | 私有仓库认证凭据 | `nil` | -| `global.storageClass` | 存储 sc | `nil` | -| `ingress.enabled` | 开启 ingress | `true` | -| `core.enabled` | 开启 core | `true` | -| `koko.enabled` | 开启 koko | `true` | -| `lion.enabled` | 开启 lion | `true` | -| `magnus.enabled` | 开启 magnus | `true` | -| `web.enabled` | 开启 web | `true` | -| `xpack.enable` | 开启 xpack | `false` | - -### 必填 - -| 参数 | 描述 | 默认值 | -| ------------------------------ | ---------------------------------------------| ---------------------- | -| `global.storageClass` | 持久化存储 | `nil` | -| `core.config.secretKey` | 加密秘钥 生产环境中请修改为随机字符串,请勿外泄 | `nil` | -| `core.config.bootstrapToken` | 预共享 Token 组件注册需要使用 | `nil` | -| `externalDatabase.engine` | 数据库引擎 | `mysql` | -| `externalDatabase.host` | 数据库 IP 地址 | `nil` | -| `externalDatabase.port` | 数据库端口 | `3306` | -| `externalDatabase.user` | 数据库用户名 | `jumpserver` | -| `externalDatabase.password` | 数据库密码 | `nil` | -| `externalDatabase.database` | 数据库名称 | `nil` | -| `externalRedis.host` | redisIP 地址 | `nil` | -| `externalRedis.port` | redis 端口 | `6379` | -| `externalRedis.password` | redis 密码 | `nil` | - -### 其他 - -| 参数 | 描述 | 默认值 | -| --------------------- | --------------------------------------------------------- | ------- | -| `log.level` | 日志等级 | `INFO` | -| `replicaCount` | 副本数量 | `1` | -| `tag` | 版本号 | `nil` | -| `persistence` | 持久化存储相关设置 | `nil` | - -在 `helm install` 时通过 `--set key=value[,key=value]` 指定参数. 举例: - -```bash -helm install jumpserver ./ \ ---set ingress.enabled=true -``` - -上条命令开启了 ingress. - -**注**: 默认使用 [values.yaml](values.yaml) - -## 示例 - -```bash -helm install jms-k8s jumpserver/jumpserver -n default \ ---set core.config.secretKey=GxrLH7rewfsRN8B9Zl6MEGD50Uou4LF6UVsEIayGMhYll8dqmn \ ---set core.config.bootstrapToken=ilR8RvAbK7lgRTxs \ ---set global.storageClass=jms-data \ ---set externalDatabase.engine=mysql \ ---set externalDatabase.host=jms-mysql \ ---set externalDatabase.port=3306 \ ---set externalDatabase.user=jms \ ---set externalDatabase.password=Password131 \ ---set externalDatabase.database=jumpserver \ ---set externalRedis.host=jms-redis-master \ ---set externalRedis.port=6379 \ ---set koko.service.type=NodePort \ ---set web.service.type=NodePort \ ---set externalRedis.password=PasswordRedis -``` - -## 卸载 - -删除 `jms-k8s` release: - -```bash -$ helm delete jms-k8s -n default -``` - -上条命令删除了所有包含在 release 中的组件 - -## 鸣谢说明 - -本项目初始代码是由 [xiaomaimuchanyiyiba](https://github.com/xiaomaimuchanyiyiba) 贡献。[原仓库地址](https://github.com/xiaomaimuchanyiyiba/jumpserver) diff --git a/.history/charts/jumpserver/values_20230329114604.yaml b/.history/charts/jumpserver/values_20230329114604.yaml deleted file mode 100644 index d43de0b..0000000 --- a/.history/charts/jumpserver/values_20230329114604.yaml +++ /dev/null @@ -1,671 +0,0 @@ -# Default values for jumpserver. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -nameOverride: "" -fullnameOverride: "" - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## @param global.redis.password Global Redis™ password (overrides `auth.password`) -## -global: - imageRegistry: "ghcr.io" - imageTag: v3.1.0 - ## E.g. - # imagePullSecrets: - # - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## Please configure your MySQL server first -## Jumpserver will not start the external MySQL server. -## -externalDatabase: - engine: mysql - host: localhost - port: 3306 - user: root - password: "" - database: jumpserver - -## Please configure your Redis server first -## Jumpserver will not start the external Redis server. -## -externalRedis: - host: localhost - port: 6379 - password: "" - -serviceAccount: - # Specifies whether a service account should be created - create: false - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: - -ingress: - enabled: true - annotations: - # kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/proxy-body-size: "4096m" - nginx.ingress.kubernetes.io/configuration-snippet: | - proxy_set_header Upgrade "websocket"; - proxy_set_header Connection "Upgrade"; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - hosts: - - "test.jumpserver.org" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -core: - enabled: true - - labels: - app.jumpserver.org/name: jms-core - - config: - # Generate a new random secret key by execute `cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` - secretKey: "" - # Generate a new random bootstrap token by execute `cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24` - bootstrapToken: "" - # Enabled it for debug - debug: false - log: - level: ERROR - - replicaCount: 1 - - image: - registry: docker.io - repository: jumpserver/core - tag: v3.1.0 - pullPolicy: IfNotPresent - - command: [] - - env: - # See: https://docs.jumpserver.org/zh/master/admin-guide/env/#core - SESSION_EXPIRE_AT_BROWSER_CLOSE: true - # SESSION_COOKIE_AGE: 86400 - # SECURITY_VIEW_AUTH_NEED_MFA: true - - livenessProbe: - failureThreshold: 30 - httpGet: - path: /api/health/ - port: web - - readinessProbe: - failureThreshold: 30 - httpGet: - path: /api/health/ - port: web - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - web: - port: 8080 - - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 1000m - # memory: 2048Mi - # requests: - # cpu: 500m - # memory: 1024Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 100Gi - # annotations: {} - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} - -koko: - enabled: true - - labels: - app.jumpserver.org/name: jms-koko - - config: - log: - level: ERROR - - replicaCount: 1 - - image: - registry: docker.io - repository: jumpserver/koko - tag: v3.1.0 - pullPolicy: IfNotPresent - - command: [] - - env: [] - # See: https://docs.jumpserver.org/zh/master/admin-guide/env/#koko - # LANGUAGE_CODE: zh - # REUSE_CONNECTION: true - # ENABLE_LOCAL_PORT_FORWARD: true - # ENABLE_VSCODE_SUPPORT: true - - livenessProbe: - failureThreshold: 30 - httpGet: - path: /koko/health/ - port: web - - readinessProbe: - failureThreshold: 30 - httpGet: - path: /koko/health/ - port: web - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: - privileged: true - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - web: - port: 5000 - ssh: - port: 2222 - - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 10Gi - # annotations: {} - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} - -lion: - enabled: true - - labels: - app.jumpserver.org/name: jms-lion - - config: - log: - level: ERROR - - replicaCount: 1 - - image: - registry: docker.io - repository: jumpserver/lion - tag: v3.1.0 - pullPolicy: IfNotPresent - - command: [] - - env: - # See: https://docs.jumpserver.org/zh/master/admin-guide/env/#lion - JUMPSERVER_ENABLE_FONT_SMOOTHING: true - # JUMPSERVER_COLOR_DEPTH: 32 - # JUMPSERVER_ENABLE_WALLPAPER: true - # JUMPSERVER_ENABLE_THEMING: true - # JUMPSERVER_ENABLE_FULL_WINDOW_DRAG: true - # JUMPSERVER_ENABLE_DESKTOP_COMPOSITION: true - # JUMPSERVER_ENABLE_MENU_ANIMATIONS: true - - livenessProbe: - failureThreshold: 30 - httpGet: - path: /lion/health/ - port: web - - readinessProbe: - failureThreshold: 30 - httpGet: - path: /lion/health/ - port: web - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - web: - port: 8081 - - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 512Mi - # requests: - # cpu: 100m - # memory: 512Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 50Gi - # annotations: {} - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} - -magnus: - enabled: true - - labels: - app.jumpserver.org/name: jms-magnus - - config: - log: - level: ERROR - - replicaCount: 1 - - image: - registry: docker.io - repository: jumpserver/magnus - tag: v3.1.0 - pullPolicy: IfNotPresent - - command: [] - - env: [] - - livenessProbe: - failureThreshold: 30 - tcpSocket: - port: 9090 - - readinessProbe: - failureThreshold: 30 - tcpSocket: - port: 9090 - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - mysql: - port: 33061 - mariadb: - port: 33062 - redis: - port: 63790 - postgresql: - port: 54320 - oracle: - ports: 30000-30100 - - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 512Mi - # requests: - # cpu: 100m - # memory: 512Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 10Gi - # annotations: {} - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} - -xpack: - enabled: false - -omnidb: - labels: - app.jumpserver.org/name: jms-omnidb - - config: - log: - level: ERROR - - replicaCount: 1 - - image: - registry: registry.fit2cloud.com - repository: jumpserver/omnidb - tag: v3.1.0 - pullPolicy: IfNotPresent - - command: [] - - env: [] - - livenessProbe: - failureThreshold: 30 - tcpSocket: - port: web - - readinessProbe: - failureThreshold: 30 - tcpSocket: - port: web - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - web: - port: 8082 - - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 10Gi - # annotations: {} - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} - -razor: - labels: - app.jumpserver.org/name: jms-razor - - config: - log: - level: ERROR - - replicaCount: 1 - - image: - registry: registry.fit2cloud.com - repository: jumpserver/razor - tag: v3.1.0 - pullPolicy: IfNotPresent - - command: [] - - env: [] - - livenessProbe: - failureThreshold: 30 - tcpSocket: - port: rdp - - readinessProbe: - failureThreshold: 30 - tcpSocket: - port: rdp - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - rdp: - port: 3389 - - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 50Gi - # annotations: {} - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} - -web: - enabled: true - - labels: - app.jumpserver.org/name: jms-web - - replicaCount: 1 - - image: - registry: docker.io - repository: jumpserver/web - tag: v3.1.0 - pullPolicy: IfNotPresent - - command: [] - - env: [] - # nginx client_max_body_size, default 4G - # CLIENT_MAX_BODY_SIZE: 4096m - - livenessProbe: - failureThreshold: 30 - httpGet: - path: /api/health/ - port: web - - readinessProbe: - failureThreshold: 30 - httpGet: - path: /api/health/ - port: web - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - web: - port: 80 - - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 1Gi - # annotations: {} - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} diff --git a/.history/charts/jumpserver/values_20230329114712.yaml b/.history/charts/jumpserver/values_20230329114712.yaml deleted file mode 100644 index 218e90d..0000000 --- a/.history/charts/jumpserver/values_20230329114712.yaml +++ /dev/null @@ -1,671 +0,0 @@ -# Default values for jumpserver. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -nameOverride: "" -fullnameOverride: "" - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## @param global.redis.password Global Redis™ password (overrides `auth.password`) -## -global: - imageRegistry: "ghcr.io" - imageTag: v3.1.1 - ## E.g. - # imagePullSecrets: - # - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## Please configure your MySQL server first -## Jumpserver will not start the external MySQL server. -## -externalDatabase: - engine: mysql - host: localhost - port: 3306 - user: root - password: "" - database: jumpserver - -## Please configure your Redis server first -## Jumpserver will not start the external Redis server. -## -externalRedis: - host: localhost - port: 6379 - password: "" - -serviceAccount: - # Specifies whether a service account should be created - create: false - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: - -ingress: - enabled: true - annotations: - # kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/proxy-body-size: "4096m" - nginx.ingress.kubernetes.io/configuration-snippet: | - proxy_set_header Upgrade "websocket"; - proxy_set_header Connection "Upgrade"; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - hosts: - - "test.jumpserver.org" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -core: - enabled: true - - labels: - app.jumpserver.org/name: jms-core - - config: - # Generate a new random secret key by execute `cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` - secretKey: "" - # Generate a new random bootstrap token by execute `cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24` - bootstrapToken: "" - # Enabled it for debug - debug: false - log: - level: ERROR - - replicaCount: 1 - - image: - registry: docker.io - repository: jumpserver/core - tag: v3.1.1 - pullPolicy: IfNotPresent - - command: [] - - env: - # See: https://docs.jumpserver.org/zh/master/admin-guide/env/#core - SESSION_EXPIRE_AT_BROWSER_CLOSE: true - # SESSION_COOKIE_AGE: 86400 - # SECURITY_VIEW_AUTH_NEED_MFA: true - - livenessProbe: - failureThreshold: 30 - httpGet: - path: /api/health/ - port: web - - readinessProbe: - failureThreshold: 30 - httpGet: - path: /api/health/ - port: web - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - web: - port: 8080 - - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 1000m - # memory: 2048Mi - # requests: - # cpu: 500m - # memory: 1024Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 100Gi - # annotations: {} - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} - -koko: - enabled: true - - labels: - app.jumpserver.org/name: jms-koko - - config: - log: - level: ERROR - - replicaCount: 1 - - image: - registry: docker.io - repository: jumpserver/koko - tag: v3.1.1 - pullPolicy: IfNotPresent - - command: [] - - env: [] - # See: https://docs.jumpserver.org/zh/master/admin-guide/env/#koko - # LANGUAGE_CODE: zh - # REUSE_CONNECTION: true - # ENABLE_LOCAL_PORT_FORWARD: true - # ENABLE_VSCODE_SUPPORT: true - - livenessProbe: - failureThreshold: 30 - httpGet: - path: /koko/health/ - port: web - - readinessProbe: - failureThreshold: 30 - httpGet: - path: /koko/health/ - port: web - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: - privileged: true - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - web: - port: 5000 - ssh: - port: 2222 - - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 10Gi - # annotations: {} - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} - -lion: - enabled: true - - labels: - app.jumpserver.org/name: jms-lion - - config: - log: - level: ERROR - - replicaCount: 1 - - image: - registry: docker.io - repository: jumpserver/lion - tag: v3.1.1 - pullPolicy: IfNotPresent - - command: [] - - env: - # See: https://docs.jumpserver.org/zh/master/admin-guide/env/#lion - JUMPSERVER_ENABLE_FONT_SMOOTHING: true - # JUMPSERVER_COLOR_DEPTH: 32 - # JUMPSERVER_ENABLE_WALLPAPER: true - # JUMPSERVER_ENABLE_THEMING: true - # JUMPSERVER_ENABLE_FULL_WINDOW_DRAG: true - # JUMPSERVER_ENABLE_DESKTOP_COMPOSITION: true - # JUMPSERVER_ENABLE_MENU_ANIMATIONS: true - - livenessProbe: - failureThreshold: 30 - httpGet: - path: /lion/health/ - port: web - - readinessProbe: - failureThreshold: 30 - httpGet: - path: /lion/health/ - port: web - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - web: - port: 8081 - - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 512Mi - # requests: - # cpu: 100m - # memory: 512Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 50Gi - # annotations: {} - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} - -magnus: - enabled: true - - labels: - app.jumpserver.org/name: jms-magnus - - config: - log: - level: ERROR - - replicaCount: 1 - - image: - registry: docker.io - repository: jumpserver/magnus - tag: v3.1.1 - pullPolicy: IfNotPresent - - command: [] - - env: [] - - livenessProbe: - failureThreshold: 30 - tcpSocket: - port: 9090 - - readinessProbe: - failureThreshold: 30 - tcpSocket: - port: 9090 - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - mysql: - port: 33061 - mariadb: - port: 33062 - redis: - port: 63790 - postgresql: - port: 54320 - oracle: - ports: 30000-30100 - - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 512Mi - # requests: - # cpu: 100m - # memory: 512Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 10Gi - # annotations: {} - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} - -xpack: - enabled: false - -omnidb: - labels: - app.jumpserver.org/name: jms-omnidb - - config: - log: - level: ERROR - - replicaCount: 1 - - image: - registry: registry.fit2cloud.com - repository: jumpserver/omnidb - tag: v3.1.1 - pullPolicy: IfNotPresent - - command: [] - - env: [] - - livenessProbe: - failureThreshold: 30 - tcpSocket: - port: web - - readinessProbe: - failureThreshold: 30 - tcpSocket: - port: web - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - web: - port: 8082 - - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 10Gi - # annotations: {} - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} - -razor: - labels: - app.jumpserver.org/name: jms-razor - - config: - log: - level: ERROR - - replicaCount: 1 - - image: - registry: registry.fit2cloud.com - repository: jumpserver/razor - tag: v3.1.1 - pullPolicy: IfNotPresent - - command: [] - - env: [] - - livenessProbe: - failureThreshold: 30 - tcpSocket: - port: rdp - - readinessProbe: - failureThreshold: 30 - tcpSocket: - port: rdp - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - rdp: - port: 3389 - - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 50Gi - # annotations: {} - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} - -web: - enabled: true - - labels: - app.jumpserver.org/name: jms-web - - replicaCount: 1 - - image: - registry: docker.io - repository: jumpserver/web - tag: v3.1.1 - pullPolicy: IfNotPresent - - command: [] - - env: [] - # nginx client_max_body_size, default 4G - # CLIENT_MAX_BODY_SIZE: 4096m - - livenessProbe: - failureThreshold: 30 - httpGet: - path: /api/health/ - port: web - - readinessProbe: - failureThreshold: 30 - httpGet: - path: /api/health/ - port: web - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - - service: - type: ClusterIP - web: - port: 80 - - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - persistence: - storageClassName: jumpserver-data - accessModes: - - ReadWriteMany - size: 1Gi - # annotations: {} - finalizers: - - kubernetes.io/pvc-protection - # subPath: "" - # existingClaim: "" - - volumeMounts: [] - - volumes: [] - - nodeSelector: {} - - tolerations: [] - - affinity: {} diff --git a/charts/jumpserver/Chart.yaml b/charts/jumpserver/Chart.yaml index 0f5e5b9..b09d69a 100644 --- a/charts/jumpserver/Chart.yaml +++ b/charts/jumpserver/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: "v3.1.1" +appVersion: "v3.1.0" description: A Helm chart for Deploying Jumpserver on Kubernetes engine: gotpl home: https://jumpserver.org @@ -10,4 +10,4 @@ maintainers: sources: - https://github.com/jumpserver/ name: jumpserver -version: 3.1.1 +version: 3.1.0 diff --git a/charts/jumpserver/README.md b/charts/jumpserver/README.md index a1d7c95..e2e28bf 100644 --- a/charts/jumpserver/README.md +++ b/charts/jumpserver/README.md @@ -30,7 +30,7 @@ helm repo add jumpserver https://jumpserver.github.io/helm-charts | `nameOveride` | name override | `nil` | | `fullNameOveride` | full name override | `nil` | | `global.imageRegistry` | 仓库地址 | `docker.io` | -| `global.imageTag` | 版本号 | `v3.1.1 ` | +| `global.imageTag` | 版本号 | `v3.1.0 ` | | `global.imagePullSecrets` | 私有仓库认证凭据 | `nil` | | `global.storageClass` | 存储 sc | `nil` | | `ingress.enabled` | 开启 ingress | `true` | diff --git a/charts/jumpserver/values.yaml b/charts/jumpserver/values.yaml index 218e90d..d43de0b 100644 --- a/charts/jumpserver/values.yaml +++ b/charts/jumpserver/values.yaml @@ -12,7 +12,7 @@ fullnameOverride: "" ## global: imageRegistry: "ghcr.io" - imageTag: v3.1.1 + imageTag: v3.1.0 ## E.g. # imagePullSecrets: # - myRegistryKeySecretName @@ -85,7 +85,7 @@ core: image: registry: docker.io repository: jumpserver/core - tag: v3.1.1 + tag: v3.1.0 pullPolicy: IfNotPresent command: [] @@ -172,7 +172,7 @@ koko: image: registry: docker.io repository: jumpserver/koko - tag: v3.1.1 + tag: v3.1.0 pullPolicy: IfNotPresent command: [] @@ -263,7 +263,7 @@ lion: image: registry: docker.io repository: jumpserver/lion - tag: v3.1.1 + tag: v3.1.0 pullPolicy: IfNotPresent command: [] @@ -354,7 +354,7 @@ magnus: image: registry: docker.io repository: jumpserver/magnus - tag: v3.1.1 + tag: v3.1.0 pullPolicy: IfNotPresent command: [] @@ -444,7 +444,7 @@ omnidb: image: registry: registry.fit2cloud.com repository: jumpserver/omnidb - tag: v3.1.1 + tag: v3.1.0 pullPolicy: IfNotPresent command: [] @@ -523,7 +523,7 @@ razor: image: registry: registry.fit2cloud.com repository: jumpserver/razor - tag: v3.1.1 + tag: v3.1.0 pullPolicy: IfNotPresent command: [] @@ -600,7 +600,7 @@ web: image: registry: docker.io repository: jumpserver/web - tag: v3.1.1 + tag: v3.1.0 pullPolicy: IfNotPresent command: []