Merge pull request #7 from wojiushixiaobai/main

feat: 更新 v2.12.2

.github/workflows/release.yml

@@ -0,0 +1,27 @@
+name: Release Charts
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - 'v*'
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.1.0
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: "v2.12.1"
+appVersion: "v2.12.2"
 description: A Helm chart for Deploying Jumpserver on Kubernetes
 name: jumpserver
 version: 0.1.0

configs/jms-core/config.yml

@@ -19,7 +19,7 @@ LOG_LEVEL: {{ $.Values.core.config.log.level }}
 # Session expiration setting, Default 24 hour, Also set expired on on browser close
 # 浏览器Session过期时间，默认24小时, 也可以设置浏览器关闭则过期
 # SESSION_COOKIE_AGE: 86400
-# SESSION_EXPIRE_AT_BROWSER_CLOSE: false
+SESSION_EXPIRE_AT_BROWSER_CLOSE: true
 
 # Database setting, Support sqlite3, mysql, postgres ....
 # 数据库设置

configs/jms-nginx/nginx.conf

@@ -1,101 +1,75 @@
 {{- $koko := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-koko" ($.Values.koko.service.web.port | toString) }}
 {{- $lion := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-lion" ($.Values.lion.service.web.port | toString) }}
-{{- $core := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-core" ($.Values.core.service.web.port | toString) }}
+{{- $web := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-core" ($.Values.core.service.web.port | toString) }}
-user nginx;
+{{- $ws := printf "http://%s-%s:%s" (include "jumpserver.fullname" $) "jms-core" ($.Values.core.service.ws.port | toString) }}
-worker_processes auto;
+server {
-error_log /var/log/nginx/error.log;
+    listen {{ $.Values.nginx.service.web.port }};
-pid /run/nginx.pid;
+    server_name  _;
+    server_tokens off;
 
-include /usr/share/nginx/modules/*.conf;
+    client_max_body_size 4096m;  # 录像及文件上传大小限制
 
-events {
+    location /ui/ {
-    worker_connections 1024;
+        try_files $uri / /index.html;
-}
+        alias /opt/lina/;
-
+    }
-http {
+    location /luna/ {
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+        try_files $uri / /index.html;
-                      '$status $body_bytes_sent "$http_referer" '
+        alias /opt/luna/;
-                      '"$http_user_agent" "$http_x_forwarded_for" "$upstream_addr"';
+    }
-
+    location /media/ {
-    access_log  /var/log/nginx/access.log  main;
+        add_header Content-Encoding gzip;
-    # access_log off;
+        root /opt/jumpserver/data/;
-
+    }
-    sendfile            on;
+    location /static/ {
-    tcp_nopush          on;
+        root /opt/jumpserver/data/;
-    tcp_nodelay         on;
+    }
-    keepalive_timeout   65;
+    location /koko/ {
-    types_hash_max_size 2048;
+        proxy_pass {{$koko}};
-
+        proxy_buffering off;
-    include             /etc/nginx/mime.types;
+        proxy_http_version 1.1;
-    default_type        application/octet-stream;
+        proxy_set_header Upgrade $http_upgrade;
-    # include /etc/nginx/conf.d/*.conf;
+        proxy_set_header Connection "upgrade";
-
+        proxy_set_header X-Real-IP $remote_addr;
-    server {
+        proxy_set_header Host $host;
-        listen {{ $.Values.nginx.service.web.port }};
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        server_name  _;
+    }
-
+    location /lion/ {
-        client_max_body_size 4096m;  # 录像及文件上传大小限制
+        proxy_pass {{$lion}};
-
+        proxy_buffering off;
-        location /ui/ {
+        proxy_http_version 1.1;
-            try_files $uri / /index.html;
+        proxy_request_buffering off;
-            alias /opt/lina/;
+        proxy_set_header Upgrade $http_upgrade;
-        }
+        proxy_set_header Connection $http_connection;
-        location /luna/ {
+        proxy_set_header X-Real-IP $remote_addr;
-            try_files $uri / /index.html;
+        proxy_set_header Host $host;
-            alias /opt/luna/;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        }
+    }
-        location /media/ {
+    location /ws/ {
-            add_header Content-Encoding gzip;
+        proxy_pass {{$ws}};
-            root /opt/jumpserver/data/;
+        proxy_buffering off;
-        }
+        proxy_http_version 1.1;
-        location /static/ {
+        proxy_set_header Upgrade $http_upgrade;
-            root /opt/jumpserver/data/;
+        proxy_set_header Connection "upgrade";
-        }
+        proxy_set_header X-Real-IP $remote_addr;
-        location /koko/ {
+        proxy_set_header Host $host;
-            proxy_pass {{$koko}};
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_buffering off;
+    }
-            proxy_http_version 1.1;
+    location /api/ {
-            proxy_set_header Upgrade $http_upgrade;
+        proxy_pass {{$web}};
-            proxy_set_header Connection "upgrade";
+        proxy_buffering off;
-            proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header Host $host;
+        proxy_set_header Host $host;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        }
+    }
-        location /lion/ {
+    location /core/ {
-            proxy_pass {{$lion}};
+        proxy_pass {{$web}};
-            proxy_buffering off;
+        proxy_buffering off;
-            proxy_http_version 1.1;
+        proxy_set_header X-Real-IP $remote_addr;
-            proxy_request_buffering off;
+        proxy_set_header Host $host;
-            proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header Connection $http_connection;
+    }
-            proxy_set_header X-Real-IP $remote_addr;
+    location / {
-            proxy_set_header Host $host;
+        rewrite ^/(.*)$ /ui/$1 last;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        }
-        location /ws/ {
-            proxy_pass {{$core}};
-            proxy_buffering off;
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection "upgrade";
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header Host $host;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        }
-        location /api/ {
-            proxy_pass {{$core}};
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header Host $host;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        }
-        location /core/ {
-            proxy_pass {{$core}};
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header Host $host;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        }
-        location / {
-            rewrite ^/(.*)$ /ui/$1 last;
-        }
     }
 }

templates/deployment-nginx.yaml

@@ -52,7 +52,7 @@ spec:
           resources:
             {{- toYaml .resources | nindent 12 }}
           volumeMounts:
-            - mountPath: "/etc/nginx/nginx.conf"
+            - mountPath: "/etc/nginx/conf.d/default.conf"
               name: "jms-nginx-config"
               subPath: "nginx.conf"
             - mountPath: "/opt/jumpserver/data"

templates/pre-install-initdb.yaml

@@ -0,0 +1,63 @@
+{{- if .Values.core.enabled }}
+{{- with .Values.core }}
+{{- $fullName := printf "%s-%s" (include "jumpserver.fullname" $) "jms-init-db" }}
+{{- $containerName := "jms-init-db" }}
+{{- $image := printf "%s:%s" .image.repository .image.tag }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ $fullName }}
+  labels:
+    app.jumpserver.org/name: {{ $containerName }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+spec:
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ include "jumpserver.name" $ }}
+        app.kubernetes.io/instance: {{ $.Release.Name }}
+        {{- toYaml .labels | nindent 8 }}
+    spec:
+      serviceAccountName: {{ template "jumpserver.serviceAccountName" $ }}
+      securityContext:
+        {{- toYaml .podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ $containerName }}
+          securityContext:
+            {{- toYaml .securityContext | nindent 12 }}
+          image: "{{$image}}"
+          imagePullPolicy: {{ .image.pullPolicy }}
+          command:
+            - /bin/bash
+            - "-c"
+            - cd /opt/jumpserver && ./jms upgrade_db
+          env:
+            - name: "SECRET_KEY"
+              value: "{{.config.secretKey}}"
+            - name: "BOOTSTRAP_TOKEN"
+              value: "{{.config.bootstrapToken}}"
+            - name: "DB_HOST"
+              value: "{{.config.db.host}}"
+            - name: "DB_PORT"
+              value: "{{.config.db.port}}"
+            - name: "DB_USER"
+              value: "{{.config.db.user}}"
+            - name: "DB_PASSWORD"
+              value: "{{.config.db.password}}"
+            - name: "DB_NAME"
+              value: "{{.config.db.name}}"
+            - name: "REDIS_HOST"
+              value: "{{.config.redis.host}}"
+            - name: "REDIS_PORT"
+              value: "{{.config.redis.port}}"
+            - name: "REDIS_PASSWORD"
+              value: "{{.config.redis.password}}"
+          {{- with .env }}
+            {{- tpl (toYaml .) $ | nindent 12 }}
+          {{- end }}
+      restartPolicy: Never
+{{- end }}
+{{- end }}

values.yaml

@@ -21,6 +21,10 @@ ingress:
     # kubernetes.io/tls-acme: "true"
     compute-full-forwarded-for: "true"
     use-forwarded-headers: "true"
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+       proxy_set_header Upgrade "websocket";
+       proxy_set_header Connection "Upgrade";
 
   hosts:
     - "test.jumpserver.org"
@@ -62,7 +66,7 @@ core:
 
   image:
     repository: docker.io/jumpserver/core
-    tag: v2.12.1
+    tag: v2.12.2
     pullPolicy: IfNotPresent
 
   command: []
@@ -152,7 +156,7 @@ koko:
 
   image:
     repository: docker.io/jumpserver/koko
-    tag: v2.12.1
+    tag: v2.12.2
     pullPolicy: IfNotPresent
 
   command: []
@@ -240,7 +244,7 @@ lion:
 
   image:
     repository: docker.io/jumpserver/lion
-    tag: v2.12.1
+    tag: v2.12.2
     pullPolicy: IfNotPresent
 
   command: []
@@ -317,7 +321,7 @@ nginx:
 
   image:
     repository: docker.io/jumpserver/nginx
-    tag: v2.12.1
+    tag: v2.12.2
     pullPolicy: IfNotPresent
 
   command: []