diff --git a/charts/jumpserver/Chart.yaml b/charts/jumpserver/Chart.yaml index c26875a..795e973 100644 --- a/charts/jumpserver/Chart.yaml +++ b/charts/jumpserver/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: "v2.20.3" +appVersion: "v2.21.0" description: A Helm chart for Deploying Jumpserver on Kubernetes engine: gotpl home: https://jumpserver.org @@ -10,4 +10,4 @@ maintainers: sources: - https://github.com/jumpserver/ name: jumpserver -version: 2.20.3 +version: 2.21.0 diff --git a/charts/jumpserver/README.md b/charts/jumpserver/README.md index 59488d4..db5b707 100644 --- a/charts/jumpserver/README.md +++ b/charts/jumpserver/README.md @@ -30,13 +30,14 @@ helm repo add jumpserver https://jumpserver.github.io/helm-charts | `nameOveride` | name override | `nil` | | `fullNameOveride` | full name override | `nil` | | `global.imageRegistry` | 仓库地址 | `docker.io` | -| `global.imageTag` | 版本号 | `v2.20.3 ` | -| `global.imagePullSecrets` | 私有仓库认证凭据 | `nil` +| `global.imageTag` | 版本号 | `v2.21.0 ` | +| `global.imagePullSecrets` | 私有仓库认证凭据 | `nil` | | `global.storageClass` | 存储 sc | `nil` | | `ingress.enabled` | 开启 ingress | `true` | | `core.enabled` | 开启 core | `true` | | `koko.enabled` | 开启 koko | `true` | | `lion.enabled` | 开启 lion | `true` | +| `magnus.enabled` | 开启 magnus | `true` | | `web.enabled` | 开启 web | `true` | | `xpack.enable` | 开启 xpack | `false` | diff --git a/charts/jumpserver/templates/_helpers.tpl b/charts/jumpserver/templates/_helpers.tpl index 9dd1396..f206186 100644 --- a/charts/jumpserver/templates/_helpers.tpl +++ b/charts/jumpserver/templates/_helpers.tpl @@ -137,6 +137,14 @@ Define JumpServer StorageClass {{- end -}} {{- end -}} +{{- define "jumpserver.magnus.storageClass" -}} +{{- if .Values.global.storageClass }} +{{- .Values.global.storageClass }} +{{- else -}} +{{- .Values.magnus.persistence.storageClassName -}} +{{- end -}} +{{- end -}} + {{- define "jumpserver.omnidb.storageClass" -}} {{- if .Values.global.storageClass }} {{- .Values.global.storageClass }} diff --git a/charts/jumpserver/templates/_images.tpl b/charts/jumpserver/templates/_images.tpl index 00c457b..c3046ec 100644 --- a/charts/jumpserver/templates/_images.tpl +++ b/charts/jumpserver/templates/_images.tpl @@ -50,6 +50,13 @@ Return the proper JumpServer lion image name {{- include "common.images.image" ( dict "imageRoot" .Values.lion.image "global" .Values.global ) -}} {{- end -}} +{{/* +Return the proper JumpServer magnus image name +*/}} +{{- define "jumpserver.magnusImage" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.magnus.image "global" .Values.global ) -}} +{{- end -}} + {{/* Return the proper JumpServer xrdp image name */}} diff --git a/charts/jumpserver/templates/magnus/deployment-magnus.yaml b/charts/jumpserver/templates/magnus/deployment-magnus.yaml new file mode 100644 index 0000000..c75cd8e --- /dev/null +++ b/charts/jumpserver/templates/magnus/deployment-magnus.yaml @@ -0,0 +1,100 @@ +{{- if .Values.magnus.enabled }} +{{- with .Values.magnus }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-magnus" }} +{{- $containerName := "jms-magnus" }} +{{- $image := printf "%s" (include "jumpserver.magnusImage" $) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $fullName }} + labels: + {{- include "jumpserver.labels" $ | nindent 4 }} + {{- toYaml .labels | nindent 4 }} +spec: + replicas: {{ .replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "jumpserver.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + {{- toYaml .labels | nindent 6 }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "jumpserver.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + {{- toYaml .labels | nindent 8 }} + spec: + {{- if $.Values.global.imagePullSecrets }} + imagePullSecrets: + {{ toYaml $.Values.global.imagePullSecrets }} + {{- end }} + serviceAccountName: {{ template "jumpserver.serviceAccountName" $ }} + securityContext: + {{- toYaml .podSecurityContext | nindent 8 }} + containers: + - name: {{ $containerName }} + securityContext: + {{- toYaml .securityContext | nindent 12 }} + image: {{ $image }} + imagePullPolicy: {{ .image.pullPolicy }} + {{- with .command }} + command: + {{- tpl (toYaml .) $ | nindent 12 }} + {{- end }} + env: + - name: CORE_HOST + value: "http://{{ include "jumpserver.fullname" $ }}-jms-core:{{ $.Values.core.service.web.port }}" + - name: BOOTSTRAP_TOKEN + value: {{ $.Values.core.config.bootstrapToken | quote }} + - name: LOG_LEVEL + value: {{ .config.log.level | quote }} + {{- range $key, $val := .env }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} + ports: + - name: mysql + containerPort: {{ .service.mysql.port }} + protocol: TCP + - name: mariadb + containerPort: {{ .service.mariadb.port }} + protocol: TCP + {{- if $.Values.xpack.enabled }} + - name: postgre + containerPort: {{ .service.postgre.port }} + protocol: TCP + {{- end }} + livenessProbe: + {{- toYaml .livenessProbe | nindent 12}} + readinessProbe: + {{- toYaml .readinessProbe | nindent 12}} + resources: + {{- toYaml .resources | nindent 12 }} + volumeMounts: + - mountPath: "/opt/magnus/data" + name: "jms-magnus-data" + {{- with .volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + restartPolicy: Always + volumes: + - persistentVolumeClaim: + claimName: '{{ include "jumpserver.fullname" $ }}-jms-magnus-data' + name: "jms-magnus-data" + {{- with .volumes }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/jumpserver/templates/magnus/pvc-magnus-data.yaml b/charts/jumpserver/templates/magnus/pvc-magnus-data.yaml new file mode 100644 index 0000000..ca27a8f --- /dev/null +++ b/charts/jumpserver/templates/magnus/pvc-magnus-data.yaml @@ -0,0 +1,29 @@ +{{- if .Values.magnus.enabled }} +{{- with .Values.magnus }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-magnus-data" }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ $fullName }} + labels: + {{- include "jumpserver.labels" $ | nindent 4 }} + {{- toYaml .labels | nindent 4 }} + {{- with .persistence.annotations }} + annotations: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .persistence.finalizers }} + finalizers: +{{ toYaml . | indent 4 }} + {{- end }} +spec: + accessModes: + {{- range .persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .persistence.size | quote }} + {{- end }} + storageClassName: {{ include "jumpserver.magnus.storageClass" . }} +{{- end }} diff --git a/charts/jumpserver/templates/magnus/service-magnus.yaml b/charts/jumpserver/templates/magnus/service-magnus.yaml new file mode 100644 index 0000000..0672eee --- /dev/null +++ b/charts/jumpserver/templates/magnus/service-magnus.yaml @@ -0,0 +1,39 @@ +{{- if .Values.magnus.enabled }} +{{- with .Values.magnus }} +{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-magnus" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ $fullName }} + labels: + {{- include "jumpserver.labels" $ | nindent 4 }} + {{- toYaml .labels | nindent 4 }} + annotations: + {{- toYaml .service.annotations | nindent 4 }} +spec: + type: {{ .service.type }} + ports: + - port: {{ .service.mysql.port }} + targetPort: mysql + protocol: TCP + name: mysql + - port: {{ .service.mariadb.port }} + targetPort: mariadb + protocol: TCP + name: mariadb + {{- if $.Values.xpack.enabled }} + - port: {{ .service.postgre.port }} + targetPort: postgre + protocol: TCP + name: postgre + {{- end }} + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 + selector: + app.kubernetes.io/name: {{ include "jumpserver.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + {{- toYaml .labels | nindent 4 }} +{{- end }} +{{- end }} diff --git a/charts/jumpserver/values.yaml b/charts/jumpserver/values.yaml index 681bcfd..67f44bf 100644 --- a/charts/jumpserver/values.yaml +++ b/charts/jumpserver/values.yaml @@ -12,7 +12,7 @@ fullnameOverride: "" ## global: imageRegistry: "docker.io" - imageTag: v2.20.3 + imageTag: v2.21.0 ## E.g. # imagePullSecrets: # - myRegistryKeySecretName @@ -85,7 +85,7 @@ core: image: registry: docker.io repository: jumpserver/core - tag: v2.20.3 + tag: v2.21.0 pullPolicy: IfNotPresent command: [] @@ -142,7 +142,7 @@ core: storageClassName: jumpserver-data accessModes: - ReadWriteMany - size: 10Gi + size: 100Gi # annotations: {} finalizers: - kubernetes.io/pvc-protection @@ -174,7 +174,7 @@ koko: image: registry: docker.io repository: jumpserver/koko - tag: v2.20.3 + tag: v2.21.0 pullPolicy: IfNotPresent command: [] @@ -263,7 +263,7 @@ lion: image: registry: docker.io repository: jumpserver/lion - tag: v2.20.3 + tag: v2.21.0 pullPolicy: IfNotPresent command: [] @@ -318,6 +318,89 @@ lion: # cpu: 100m # memory: 512Mi + persistence: + storageClassName: jumpserver-data + accessModes: + - ReadWriteMany + size: 50Gi + # annotations: {} + finalizers: + - kubernetes.io/pvc-protection + + volumeMounts: [] + + volumes: [] + + nodeSelector: {} + + tolerations: [] + + affinity: {} + +magnus: + enabled: true + + labels: + app.jumpserver.org/name: jms-magnus + + config: + log: + level: ERROR + + replicaCount: 1 + + image: + registry: docker.io + repository: jumpserver/magnus + tag: v2.21.0 + pullPolicy: IfNotPresent + + command: [] + + env: [] + + livenessProbe: + failureThreshold: 30 + tcpSocket: + port: mysql + + readinessProbe: + failureThreshold: 30 + tcpSocket: + port: mysql + + podSecurityContext: {} + # fsGroup: 2000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + service: + type: ClusterIP + mysql: + port: 33060 + mariadb: + port: 33061 + postgre: + port: 54320 + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 512Mi + # requests: + # cpu: 100m + # memory: 512Mi + persistence: storageClassName: jumpserver-data accessModes: @@ -353,7 +436,7 @@ omnidb: image: registry: registry.fit2cloud.com repository: jumpserver/omnidb - tag: v2.20.3 + tag: v2.21.0 pullPolicy: IfNotPresent command: [] @@ -430,7 +513,7 @@ xrdp: image: registry: registry.fit2cloud.com repository: jumpserver/xrdp - tag: v2.20.3 + tag: v2.21.0 pullPolicy: IfNotPresent command: [] @@ -488,7 +571,7 @@ xrdp: storageClassName: jumpserver-data accessModes: - ReadWriteMany - size: 10Gi + size: 50Gi # annotations: {} finalizers: - kubernetes.io/pvc-protection @@ -514,7 +597,7 @@ web: image: registry: docker.io repository: jumpserver/web - tag: v2.20.3 + tag: v2.21.0 pullPolicy: IfNotPresent command: []