github/jumpserver-charts
1
0
Fork 0
mirror of https://github.com/jumpserver/helm-charts.git synced 2025-08-19 23:47:54 +00:00
Code Issues Projects Releases Wiki Activity

Revert "feat: 更新 v3.1.1"

Browse Source 
This reverts commit fc776bd9b3.
This commit is contained in:
吴小白 2023-03-29 11:50:06 +08:00
parent fc776bd9b3
commit ccfc1a6482
9 changed files with 11 additions and 1605 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.history/charts/jumpserver/Chart_20230329114604.yaml
View File

@ -1,13 +0,0 @@
apiVersion: v1
appVersion: "v3.1.0"
description: A Helm chart for Deploying Jumpserver on Kubernetes
engine: gotpl
home: https://jumpserver.org
icon: https://jumpserver.org/images/logo/favicon.ico
maintainers:
- email: support@fit2cloud.com
name: jumpserver
sources:
- https://github.com/jumpserver/
name: jumpserver
version: 3.1.0

13
.history/charts/jumpserver/Chart_20230329114712.yaml
View File

@ -1,13 +0,0 @@
apiVersion: v1
appVersion: "v3.1.1"
description: A Helm chart for Deploying Jumpserver on Kubernetes
engine: gotpl
home: https://jumpserver.org
icon: https://jumpserver.org/images/logo/favicon.ico
maintainers:
- email: support@fit2cloud.com
name: jumpserver
sources:
- https://github.com/jumpserver/
name: jumpserver
version: 3.1.1

113
.history/charts/jumpserver/README_20230329114604.md
View File

@ -1,113 +0,0 @@
# Jumpserver
[Jumpserver](http://www.jumpserver.org/) 是全球首款完全开源的堡垒机, 使用 GNU GPL v2.0 开源协议, 是符合 4A 的专业运维审计系统。
## 使用方法
```bash
helm repo add jumpserver https://jumpserver.github.io/helm-charts
```
## 介绍
当前 Chart 包含了 Jumpserver 所需的基本组件
## 依赖
- Kubernetes 1.20+
- Helm 3.0
**Tip**: List all releases using `helm repo list`
## 参数
下面的表格中列出了一些必要的参数,发布前请先阅读并设置
### 总览
| 参数 | 描述 | 默认值 |
| ------------------------- | ------------------ | ----------- |
| `nameOveride` | name override | `nil` |
| `fullNameOveride` | full name override | `nil` |
| `global.imageRegistry` | 仓库地址 | `docker.io` |
| `global.imageTag` | 版本号 | `v3.1.0 ` |
| `global.imagePullSecrets` | 私有仓库认证凭据 | `nil` |
| `global.storageClass` | 存储 sc | `nil` |
| `ingress.enabled` | 开启 ingress | `true` |
| `core.enabled` | 开启 core | `true` |
| `koko.enabled` | 开启 koko | `true` |
| `lion.enabled` | 开启 lion | `true` |
| `magnus.enabled` | 开启 magnus | `true` |
| `web.enabled` | 开启 web | `true` |
| `xpack.enable` | 开启 xpack | `false` |
### 必填
| 参数 | 描述 | 默认值 |
| ------------------------------ | ---------------------------------------------| ---------------------- |
| `global.storageClass` | 持久化存储 | `nil` |
| `core.config.secretKey` | 加密秘钥 生产环境中请修改为随机字符串,请勿外泄 | `nil` |
| `core.config.bootstrapToken` | 预共享 Token 组件注册需要使用 | `nil` |
| `externalDatabase.engine` | 数据库引擎 | `mysql` |
| `externalDatabase.host` | 数据库 IP 地址 | `nil` |
| `externalDatabase.port` | 数据库端口 | `3306` |
| `externalDatabase.user` | 数据库用户名 | `jumpserver` |
| `externalDatabase.password` | 数据库密码 | `nil` |
| `externalDatabase.database` | 数据库名称 | `nil` |
| `externalRedis.host` | redisIP 地址 | `nil` |
| `externalRedis.port` | redis 端口 | `6379` |
| `externalRedis.password` | redis 密码 | `nil` |
### 其他
| 参数 | 描述 | 默认值 |
| --------------------- | --------------------------------------------------------- | ------- |
| `log.level` | 日志等级 | `INFO` |
| `replicaCount` | 副本数量 | `1` |
| `tag` | 版本号 | `nil` |
| `persistence` | 持久化存储相关设置 | `nil` |
`helm install` 时通过 `--set key=value[,key=value]` 指定参数. 举例:
```bash
helm install jumpserver ./ \
--set ingress.enabled=true
```
上条命令开启了 ingress.
**注**: 默认使用 [values.yaml](values.yaml)
## 示例
```bash
helm install jms-k8s jumpserver/jumpserver -n default \
--set core.config.secretKey=GxrLH7rewfsRN8B9Zl6MEGD50Uou4LF6UVsEIayGMhYll8dqmn \
--set core.config.bootstrapToken=ilR8RvAbK7lgRTxs \
--set global.storageClass=jms-data \
--set externalDatabase.engine=mysql \
--set externalDatabase.host=jms-mysql \
--set externalDatabase.port=3306 \
--set externalDatabase.user=jms \
--set externalDatabase.password=Password131 \
--set externalDatabase.database=jumpserver \
--set externalRedis.host=jms-redis-master \
--set externalRedis.port=6379 \
--set koko.service.type=NodePort \
--set web.service.type=NodePort \
--set externalRedis.password=PasswordRedis
```
## 卸载
删除 `jms-k8s` release:
```bash
$ helm delete jms-k8s -n default
```
上条命令删除了所有包含在 release 中的组件
## 鸣谢说明
本项目初始代码是由 [xiaomaimuchanyiyiba](https://github.com/xiaomaimuchanyiyiba) 贡献。[原仓库地址](https://github.com/xiaomaimuchanyiyiba/jumpserver)

113
.history/charts/jumpserver/README_20230329114712.md
View File

@ -1,113 +0,0 @@
# Jumpserver
[Jumpserver](http://www.jumpserver.org/) 是全球首款完全开源的堡垒机, 使用 GNU GPL v2.0 开源协议, 是符合 4A 的专业运维审计系统。
## 使用方法
```bash
helm repo add jumpserver https://jumpserver.github.io/helm-charts
```
## 介绍
当前 Chart 包含了 Jumpserver 所需的基本组件
## 依赖
- Kubernetes 1.20+
- Helm 3.0
**Tip**: List all releases using `helm repo list`
## 参数
下面的表格中列出了一些必要的参数,发布前请先阅读并设置
### 总览
| 参数 | 描述 | 默认值 |
| ------------------------- | ------------------ | ----------- |
| `nameOveride` | name override | `nil` |
| `fullNameOveride` | full name override | `nil` |
| `global.imageRegistry` | 仓库地址 | `docker.io` |
| `global.imageTag` | 版本号 | `v3.1.1 ` |
| `global.imagePullSecrets` | 私有仓库认证凭据 | `nil` |
| `global.storageClass` | 存储 sc | `nil` |
| `ingress.enabled` | 开启 ingress | `true` |
| `core.enabled` | 开启 core | `true` |
| `koko.enabled` | 开启 koko | `true` |
| `lion.enabled` | 开启 lion | `true` |
| `magnus.enabled` | 开启 magnus | `true` |
| `web.enabled` | 开启 web | `true` |
| `xpack.enable` | 开启 xpack | `false` |
### 必填
| 参数 | 描述 | 默认值 |
| ------------------------------ | ---------------------------------------------| ---------------------- |
| `global.storageClass` | 持久化存储 | `nil` |
| `core.config.secretKey` | 加密秘钥 生产环境中请修改为随机字符串,请勿外泄 | `nil` |
| `core.config.bootstrapToken` | 预共享 Token 组件注册需要使用 | `nil` |
| `externalDatabase.engine` | 数据库引擎 | `mysql` |
| `externalDatabase.host` | 数据库 IP 地址 | `nil` |
| `externalDatabase.port` | 数据库端口 | `3306` |
| `externalDatabase.user` | 数据库用户名 | `jumpserver` |
| `externalDatabase.password` | 数据库密码 | `nil` |
| `externalDatabase.database` | 数据库名称 | `nil` |
| `externalRedis.host` | redisIP 地址 | `nil` |
| `externalRedis.port` | redis 端口 | `6379` |
| `externalRedis.password` | redis 密码 | `nil` |
### 其他
| 参数 | 描述 | 默认值 |
| --------------------- | --------------------------------------------------------- | ------- |
| `log.level` | 日志等级 | `INFO` |
| `replicaCount` | 副本数量 | `1` |
| `tag` | 版本号 | `nil` |
| `persistence` | 持久化存储相关设置 | `nil` |
`helm install` 时通过 `--set key=value[,key=value]` 指定参数. 举例:
```bash
helm install jumpserver ./ \
--set ingress.enabled=true
```
上条命令开启了 ingress.
**注**: 默认使用 [values.yaml](values.yaml)
## 示例
```bash
helm install jms-k8s jumpserver/jumpserver -n default \
--set core.config.secretKey=GxrLH7rewfsRN8B9Zl6MEGD50Uou4LF6UVsEIayGMhYll8dqmn \
--set core.config.bootstrapToken=ilR8RvAbK7lgRTxs \
--set global.storageClass=jms-data \
--set externalDatabase.engine=mysql \
--set externalDatabase.host=jms-mysql \
--set externalDatabase.port=3306 \
--set externalDatabase.user=jms \
--set externalDatabase.password=Password131 \
--set externalDatabase.database=jumpserver \
--set externalRedis.host=jms-redis-master \
--set externalRedis.port=6379 \
--set koko.service.type=NodePort \
--set web.service.type=NodePort \
--set externalRedis.password=PasswordRedis
```
## 卸载
删除 `jms-k8s` release:
```bash
$ helm delete jms-k8s -n default
```
上条命令删除了所有包含在 release 中的组件
## 鸣谢说明
本项目初始代码是由 [xiaomaimuchanyiyiba](https://github.com/xiaomaimuchanyiyiba) 贡献。[原仓库地址](https://github.com/xiaomaimuchanyiyiba/jumpserver)

671
.history/charts/jumpserver/values_20230329114604.yaml
View File

@ -1,671 +0,0 @@
# Default values for jumpserver.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
nameOverride: ""
fullnameOverride: ""
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.storageClass Global StorageClass for Persistent Volume(s)
## @param global.redis.password Global Redis™ password (overrides `auth.password`)
##
global:
imageRegistry: "ghcr.io"
imageTag: v3.1.0
## E.g.
# imagePullSecrets:
# - myRegistryKeySecretName
##
imagePullSecrets: []
storageClass: ""
## Please configure your MySQL server first
## Jumpserver will not start the external MySQL server.
##
externalDatabase:
engine: mysql
host: localhost
port: 3306
user: root
password: ""
database: jumpserver
## Please configure your Redis server first
## Jumpserver will not start the external Redis server.
##
externalRedis:
host: localhost
port: 6379
password: ""
serviceAccount:
# Specifies whether a service account should be created
create: false
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
ingress:
enabled: true
annotations:
# kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-body-size: "4096m"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Upgrade "websocket";
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
hosts:
- "test.jumpserver.org"
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
core:
enabled: true
labels:
app.jumpserver.org/name: jms-core
config:
# Generate a new random secret key by execute `cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
secretKey: ""
# Generate a new random bootstrap token by execute `cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`
bootstrapToken: ""
# Enabled it for debug
debug: false
log:
level: ERROR
replicaCount: 1
image:
registry: docker.io
repository: jumpserver/core
tag: v3.1.0
pullPolicy: IfNotPresent
command: []
env:
# See: https://docs.jumpserver.org/zh/master/admin-guide/env/#core
SESSION_EXPIRE_AT_BROWSER_CLOSE: true
# SESSION_COOKIE_AGE: 86400
# SECURITY_VIEW_AUTH_NEED_MFA: true
livenessProbe:
failureThreshold: 30
httpGet:
path: /api/health/
port: web
readinessProbe:
failureThreshold: 30
httpGet:
path: /api/health/
port: web
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
web:
port: 8080
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 1000m
# memory: 2048Mi
# requests:
# cpu: 500m
# memory: 1024Mi
persistence:
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany
size: 100Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
# subPath: ""
# existingClaim: ""
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
koko:
enabled: true
labels:
app.jumpserver.org/name: jms-koko
config:
log:
level: ERROR
replicaCount: 1
image:
registry: docker.io
repository: jumpserver/koko
tag: v3.1.0
pullPolicy: IfNotPresent
command: []
env: []
# See: https://docs.jumpserver.org/zh/master/admin-guide/env/#koko
# LANGUAGE_CODE: zh
# REUSE_CONNECTION: true
# ENABLE_LOCAL_PORT_FORWARD: true
# ENABLE_VSCODE_SUPPORT: true
livenessProbe:
failureThreshold: 30
httpGet:
path: /koko/health/
port: web
readinessProbe:
failureThreshold: 30
httpGet:
path: /koko/health/
port: web
podSecurityContext: {}
# fsGroup: 2000
securityContext:
privileged: true
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
web:
port: 5000
ssh:
port: 2222
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
persistence:
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany
size: 10Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
# subPath: ""
# existingClaim: ""
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
lion:
enabled: true
labels:
app.jumpserver.org/name: jms-lion
config:
log:
level: ERROR
replicaCount: 1
image:
registry: docker.io
repository: jumpserver/lion
tag: v3.1.0
pullPolicy: IfNotPresent
command: []
env:
# See: https://docs.jumpserver.org/zh/master/admin-guide/env/#lion
JUMPSERVER_ENABLE_FONT_SMOOTHING: true
# JUMPSERVER_COLOR_DEPTH: 32
# JUMPSERVER_ENABLE_WALLPAPER: true
# JUMPSERVER_ENABLE_THEMING: true
# JUMPSERVER_ENABLE_FULL_WINDOW_DRAG: true
# JUMPSERVER_ENABLE_DESKTOP_COMPOSITION: true
# JUMPSERVER_ENABLE_MENU_ANIMATIONS: true
livenessProbe:
failureThreshold: 30
httpGet:
path: /lion/health/
port: web
readinessProbe:
failureThreshold: 30
httpGet:
path: /lion/health/
port: web
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
web:
port: 8081
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 512Mi
# requests:
# cpu: 100m
# memory: 512Mi
persistence:
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany
size: 50Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
# subPath: ""
# existingClaim: ""
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
magnus:
enabled: true
labels:
app.jumpserver.org/name: jms-magnus
config:
log:
level: ERROR
replicaCount: 1
image:
registry: docker.io
repository: jumpserver/magnus
tag: v3.1.0
pullPolicy: IfNotPresent
command: []
env: []
livenessProbe:
failureThreshold: 30
tcpSocket:
port: 9090
readinessProbe:
failureThreshold: 30
tcpSocket:
port: 9090
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
mysql:
port: 33061
mariadb:
port: 33062
redis:
port: 63790
postgresql:
port: 54320
oracle:
ports: 30000-30100
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 512Mi
# requests:
# cpu: 100m
# memory: 512Mi
persistence:
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany
size: 10Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
# subPath: ""
# existingClaim: ""
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
xpack:
enabled: false
omnidb:
labels:
app.jumpserver.org/name: jms-omnidb
config:
log:
level: ERROR
replicaCount: 1
image:
registry: registry.fit2cloud.com
repository: jumpserver/omnidb
tag: v3.1.0
pullPolicy: IfNotPresent
command: []
env: []
livenessProbe:
failureThreshold: 30
tcpSocket:
port: web
readinessProbe:
failureThreshold: 30
tcpSocket:
port: web
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
web:
port: 8082
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
persistence:
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany
size: 10Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
# subPath: ""
# existingClaim: ""
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
razor:
labels:
app.jumpserver.org/name: jms-razor
config:
log:
level: ERROR
replicaCount: 1
image:
registry: registry.fit2cloud.com
repository: jumpserver/razor
tag: v3.1.0
pullPolicy: IfNotPresent
command: []
env: []
livenessProbe:
failureThreshold: 30
tcpSocket:
port: rdp
readinessProbe:
failureThreshold: 30
tcpSocket:
port: rdp
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
rdp:
port: 3389
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
persistence:
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany
size: 50Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
# subPath: ""
# existingClaim: ""
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
web:
enabled: true
labels:
app.jumpserver.org/name: jms-web
replicaCount: 1
image:
registry: docker.io
repository: jumpserver/web
tag: v3.1.0
pullPolicy: IfNotPresent
command: []
env: []
# nginx client_max_body_size, default 4G
# CLIENT_MAX_BODY_SIZE: 4096m
livenessProbe:
failureThreshold: 30
httpGet:
path: /api/health/
port: web
readinessProbe:
failureThreshold: 30
httpGet:
path: /api/health/
port: web
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
web:
port: 80
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
persistence:
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany
size: 1Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
# subPath: ""
# existingClaim: ""
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}

671
.history/charts/jumpserver/values_20230329114712.yaml
View File

@ -1,671 +0,0 @@
# Default values for jumpserver.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
nameOverride: ""
fullnameOverride: ""
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.storageClass Global StorageClass for Persistent Volume(s)
## @param global.redis.password Global Redis™ password (overrides `auth.password`)
##
global:
imageRegistry: "ghcr.io"
imageTag: v3.1.1
## E.g.
# imagePullSecrets:
# - myRegistryKeySecretName
##
imagePullSecrets: []
storageClass: ""
## Please configure your MySQL server first
## Jumpserver will not start the external MySQL server.
##
externalDatabase:
engine: mysql
host: localhost
port: 3306
user: root
password: ""
database: jumpserver
## Please configure your Redis server first
## Jumpserver will not start the external Redis server.
##
externalRedis:
host: localhost
port: 6379
password: ""
serviceAccount:
# Specifies whether a service account should be created
create: false
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
ingress:
enabled: true
annotations:
# kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-body-size: "4096m"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Upgrade "websocket";
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
hosts:
- "test.jumpserver.org"
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
core:
enabled: true
labels:
app.jumpserver.org/name: jms-core
config:
# Generate a new random secret key by execute `cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
secretKey: ""
# Generate a new random bootstrap token by execute `cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`
bootstrapToken: ""
# Enabled it for debug
debug: false
log:
level: ERROR
replicaCount: 1
image:
registry: docker.io
repository: jumpserver/core
tag: v3.1.1
pullPolicy: IfNotPresent
command: []
env:
# See: https://docs.jumpserver.org/zh/master/admin-guide/env/#core
SESSION_EXPIRE_AT_BROWSER_CLOSE: true
# SESSION_COOKIE_AGE: 86400
# SECURITY_VIEW_AUTH_NEED_MFA: true
livenessProbe:
failureThreshold: 30
httpGet:
path: /api/health/
port: web
readinessProbe:
failureThreshold: 30
httpGet:
path: /api/health/
port: web
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
web:
port: 8080
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 1000m
# memory: 2048Mi
# requests:
# cpu: 500m
# memory: 1024Mi
persistence:
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany
size: 100Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
# subPath: ""
# existingClaim: ""
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
koko:
enabled: true
labels:
app.jumpserver.org/name: jms-koko
config:
log:
level: ERROR
replicaCount: 1
image:
registry: docker.io
repository: jumpserver/koko
tag: v3.1.1
pullPolicy: IfNotPresent
command: []
env: []
# See: https://docs.jumpserver.org/zh/master/admin-guide/env/#koko
# LANGUAGE_CODE: zh
# REUSE_CONNECTION: true
# ENABLE_LOCAL_PORT_FORWARD: true
# ENABLE_VSCODE_SUPPORT: true
livenessProbe:
failureThreshold: 30
httpGet:
path: /koko/health/
port: web
readinessProbe:
failureThreshold: 30
httpGet:
path: /koko/health/
port: web
podSecurityContext: {}
# fsGroup: 2000
securityContext:
privileged: true
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
web:
port: 5000
ssh:
port: 2222
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
persistence:
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany
size: 10Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
# subPath: ""
# existingClaim: ""
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
lion:
enabled: true
labels:
app.jumpserver.org/name: jms-lion
config:
log:
level: ERROR
replicaCount: 1
image:
registry: docker.io
repository: jumpserver/lion
tag: v3.1.1
pullPolicy: IfNotPresent
command: []
env:
# See: https://docs.jumpserver.org/zh/master/admin-guide/env/#lion
JUMPSERVER_ENABLE_FONT_SMOOTHING: true
# JUMPSERVER_COLOR_DEPTH: 32
# JUMPSERVER_ENABLE_WALLPAPER: true
# JUMPSERVER_ENABLE_THEMING: true
# JUMPSERVER_ENABLE_FULL_WINDOW_DRAG: true
# JUMPSERVER_ENABLE_DESKTOP_COMPOSITION: true
# JUMPSERVER_ENABLE_MENU_ANIMATIONS: true
livenessProbe:
failureThreshold: 30
httpGet:
path: /lion/health/
port: web
readinessProbe:
failureThreshold: 30
httpGet:
path: /lion/health/
port: web
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
web:
port: 8081
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 512Mi
# requests:
# cpu: 100m
# memory: 512Mi
persistence:
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany
size: 50Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
# subPath: ""
# existingClaim: ""
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
magnus:
enabled: true
labels:
app.jumpserver.org/name: jms-magnus
config:
log:
level: ERROR
replicaCount: 1
image:
registry: docker.io
repository: jumpserver/magnus
tag: v3.1.1
pullPolicy: IfNotPresent
command: []
env: []
livenessProbe:
failureThreshold: 30
tcpSocket:
port: 9090
readinessProbe:
failureThreshold: 30
tcpSocket:
port: 9090
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
mysql:
port: 33061
mariadb:
port: 33062
redis:
port: 63790
postgresql:
port: 54320
oracle:
ports: 30000-30100
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 512Mi
# requests:
# cpu: 100m
# memory: 512Mi
persistence:
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany
size: 10Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
# subPath: ""
# existingClaim: ""
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
xpack:
enabled: false
omnidb:
labels:
app.jumpserver.org/name: jms-omnidb
config:
log:
level: ERROR
replicaCount: 1
image:
registry: registry.fit2cloud.com
repository: jumpserver/omnidb
tag: v3.1.1
pullPolicy: IfNotPresent
command: []
env: []
livenessProbe:
failureThreshold: 30
tcpSocket:
port: web
readinessProbe:
failureThreshold: 30
tcpSocket:
port: web
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
web:
port: 8082
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
persistence:
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany
size: 10Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
# subPath: ""
# existingClaim: ""
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
razor:
labels:
app.jumpserver.org/name: jms-razor
config:
log:
level: ERROR
replicaCount: 1
image:
registry: registry.fit2cloud.com
repository: jumpserver/razor
tag: v3.1.1
pullPolicy: IfNotPresent
command: []
env: []
livenessProbe:
failureThreshold: 30
tcpSocket:
port: rdp
readinessProbe:
failureThreshold: 30
tcpSocket:
port: rdp
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
rdp:
port: 3389
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
persistence:
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany
size: 50Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
# subPath: ""
# existingClaim: ""
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}
web:
enabled: true
labels:
app.jumpserver.org/name: jms-web
replicaCount: 1
image:
registry: docker.io
repository: jumpserver/web
tag: v3.1.1
pullPolicy: IfNotPresent
command: []
env: []
# nginx client_max_body_size, default 4G
# CLIENT_MAX_BODY_SIZE: 4096m
livenessProbe:
failureThreshold: 30
httpGet:
path: /api/health/
port: web
readinessProbe:
failureThreshold: 30
httpGet:
path: /api/health/
port: web
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
web:
port: 80
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
persistence:
storageClassName: jumpserver-data
accessModes:
- ReadWriteMany
size: 1Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
# subPath: ""
# existingClaim: ""
volumeMounts: []
volumes: []
nodeSelector: {}
tolerations: []
affinity: {}

4
charts/jumpserver/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1 apiVersion: v1
appVersion: "v3.1.1" appVersion: "v3.1.0"
description: A Helm chart for Deploying Jumpserver on Kubernetes description: A Helm chart for Deploying Jumpserver on Kubernetes
engine: gotpl engine: gotpl
home: https://jumpserver.org home: https://jumpserver.org
@ -10,4 +10,4 @@ maintainers:
sources: sources:
- https://github.com/jumpserver/ - https://github.com/jumpserver/
name: jumpserver name: jumpserver
version: 3.1.1 version: 3.1.0

2
charts/jumpserver/README.md
View File

@ -30,7 +30,7 @@ helm repo add jumpserver https://jumpserver.github.io/helm-charts
| `nameOveride` | name override | `nil` | | `nameOveride` | name override | `nil` |
| `fullNameOveride` | full name override | `nil` | | `fullNameOveride` | full name override | `nil` |
| `global.imageRegistry` | 仓库地址 | `docker.io` | | `global.imageRegistry` | 仓库地址 | `docker.io` |
| `global.imageTag` | 版本号 | `v3.1.1 ` | | `global.imageTag` | 版本号 | `v3.1.0 ` |
| `global.imagePullSecrets` | 私有仓库认证凭据 | `nil` | | `global.imagePullSecrets` | 私有仓库认证凭据 | `nil` |
| `global.storageClass` | 存储 sc | `nil` | | `global.storageClass` | 存储 sc | `nil` |
| `ingress.enabled` | 开启 ingress | `true` | | `ingress.enabled` | 开启 ingress | `true` |

16
charts/jumpserver/values.yaml
View File

@ -12,7 +12,7 @@ fullnameOverride: ""
## ##
global: global:
imageRegistry: "ghcr.io" imageRegistry: "ghcr.io"
imageTag: v3.1.1 imageTag: v3.1.0
## E.g. ## E.g.
# imagePullSecrets: # imagePullSecrets:
# - myRegistryKeySecretName # - myRegistryKeySecretName
@ -85,7 +85,7 @@ core:
image: image:
registry: docker.io registry: docker.io
repository: jumpserver/core repository: jumpserver/core
tag: v3.1.1 tag: v3.1.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: [] command: []
@ -172,7 +172,7 @@ koko:
image: image:
registry: docker.io registry: docker.io
repository: jumpserver/koko repository: jumpserver/koko
tag: v3.1.1 tag: v3.1.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: [] command: []
@ -263,7 +263,7 @@ lion:
image: image:
registry: docker.io registry: docker.io
repository: jumpserver/lion repository: jumpserver/lion
tag: v3.1.1 tag: v3.1.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: [] command: []
@ -354,7 +354,7 @@ magnus:
image: image:
registry: docker.io registry: docker.io
repository: jumpserver/magnus repository: jumpserver/magnus
tag: v3.1.1 tag: v3.1.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: [] command: []
@ -444,7 +444,7 @@ omnidb:
image: image:
registry: registry.fit2cloud.com registry: registry.fit2cloud.com
repository: jumpserver/omnidb repository: jumpserver/omnidb
tag: v3.1.1 tag: v3.1.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: [] command: []
@ -523,7 +523,7 @@ razor:
image: image:
registry: registry.fit2cloud.com registry: registry.fit2cloud.com
repository: jumpserver/razor repository: jumpserver/razor
tag: v3.1.1 tag: v3.1.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: [] command: []
@ -600,7 +600,7 @@ web:
image: image:
registry: docker.io registry: docker.io
repository: jumpserver/web repository: jumpserver/web
tag: v3.1.1 tag: v3.1.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: [] command: []