k8s部署jumpserver
jumpserver的官方文档 搭建过程主要分三步:
- 部署mysql
- 部署redis
- 部署jumpserver
部署mysql
k8s单节点部署
[root@k8s01 mysql]# cat mysql-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: mysql-config
namespace: test-env
labels:
app: mysql
data:
my.cnf: |-
[client]
default-character-set=utf8mb4
[mysql]
default-character-set=utf8mb4
[mysqld]
max_connections = 2000
secure_file_priv=/var/lib/mysql
sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION
log-bin = /var/lib/mysql/mysql-bin.log
expire-logs-days = 14
max-binlog-size = 500M
server-id = 1
[root@k8s01 mysql]# cat mysql-deploy.yaml
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-data
namespace: test-env
labels:
app: mysql
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
storageClassName: managed-nfs-storage
---
apiVersion: v1
kind: Service
metadata:
name: mysql
namespace: test-env
labels:
app: mysql
spec:
type: NodePort
ports:
- name: mysql
port: 3306
targetPort: 3306
nodePort: 30336
selector:
app: mysql
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
namespace: test-env
labels:
app: mysql
spec:
replicas: 1
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql:5.7.27
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD ## 配置Root用户默认密码
value: "mysql@123456" ## 密码不要设置纯数字,否则jumpserver报错
resources:
limits:
cpu: 2000m
memory: 512Mi
requests:
cpu: 2000m
memory: 512Mi
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
exec:
command: ["mysqladmin", "-uroot", "-p${MYSQL_ROOT_PASSWORD}", "ping"]
readinessProbe:
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
exec:
command: ["mysqladmin", "-uroot", "-p${MYSQL_ROOT_PASSWORD}", "ping"]
volumeMounts:
- name: data
mountPath: /var/lib/mysql
- name: localtime
readOnly: true
mountPath: /etc/localtime
- name: config
mountPath: /etc/mysql/my.cnf
subPath: my.cnf
volumes:
- name: data
persistentVolumeClaim:
claimName: mysql-data
- name: localtime
hostPath:
type: File
path: /etc/localtime
- name: config
configMap:
name: mysql-config
[root@k8s01 mysql]# kubectl apply -f mysql-config.yaml
configmap/mysql-config create
[root@k8s01 mysql]# kubectl apply -f mysql-deploy.yaml
deployment/mysql-deploy create
[root@k8s01 mysql]# kubectl get -n test-env po
NAME READY STATUS RESTARTS AGE
mysql-5f758789c9-dvqbk 1/1 Running 0 22h
helm一键部署
[root@k8s-master home]# helm repo update
[root@k8s-master home]# helm fetch stable/mysql
#修改values.yaml三处:image改为:5.7.27, 添加pvc的storageclass: managed-nfs-storage, NodePort:30336
[root@k8s-master home]# helm install -name mysql --namespace=test-env .
[root@k8s-master mysql]# kubectl get -n test-env po
NAME READY STATUS RESTARTS AGE
mysql-79b4688d45-4k4bj 1/1 Running 0 10m
[root@k8s-master mysql]# kubectl get secret --namespace test-env mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo
JlbEGT1HhM
#可进入容器修改密码,密码不要纯数字,否则jumpserver报错
部署redis
[root@k8s-master jumpserver]# cat redis.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: redis
name: redis
namespace: test-env
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- image: redis:5.0.2
imagePullPolicy: IfNotPresent
name: redis
ports:
- containerPort: 6379
protocol: TCP
- image: oliver006/redis_exporter:latest
imagePullPolicy: IfNotPresent
name: redis-exporter
resources:
requests:
cpu: 100m
memory: 100Mi
ports:
- containerPort: 9121
volumeMounts:
- mountPath: /etc/localtime
name: host-time
- mountPath: /etc/timezone
name: time-zone
volumes:
- hostPath:
path: /etc/localtime
type: ""
name: host-time
- hostPath:
path: /etc/timezone
type: ""
name: time-zone
---
apiVersion: v1
kind: Service
metadata:
labels:
app: redis
name: redis
namespace: test-env
spec:
ports:
- name: redis-data
port: 6379
protocol: TCP
targetPort: 6379
nodePort: 30014
- name: metrics
port: 9121
targetPort: 9121
nodePort: 32258
selector:
app: redis
type: NodePort
[root@k8s-master jumpserver]# kubectl apply -f redis.yaml
deployment.extensions/redis created
service/redis created
[root@k8s-master jumpserver]# kubectl get -n test-env po
NAME READY STATUS RESTARTS AGE
mysql-5f758789c9-dvqbk 1/1 Running 0 22h
redis-586c48c7cb-rmp8m 2/2 Running 0 23s
部署jumpserver
[root@k8s01 jumpserver]# cat jumpserver.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: jumpserver-data
namespace: test-env
annotations:
volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 20Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: jumpserver
namespace: test-env
labels:
app.kubernetes.io/instance: jumpserver
app.kubernetes.io/name: jumpserver
spec:
replicas: 1
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/instance: jumpserver
app.kubernetes.io/name: jumpserver
template:
metadata:
labels:
app.kubernetes.io/instance: jumpserver
app.kubernetes.io/name: jumpserver
spec:
containers:
- env:
- name: SECRET_KEY
value: "veDMhBkZHdfjlsafdjaslfbfiewfbiabjfdakwiafndiawbfjwZ"
- name: BOOTSTRAP_TOKEN
value: "F9HUa5nfksd532ndsaR"
- name: DB_ENGINE
value: "mysql"
- name: DB_HOST
value: "192.168.50.205"
- name: DB_PORT
value: "30336"
- name: DB_USER
value: "root"
- name: DB_PASSWORD
value: "mysql@123456"
- name: DB_NAME
value: "jumpserver"
- name: REDIS_HOST
value: "192.168.50.205"
- name: REDIS_PORT
value: "30014"
- name: REDIS_PASSWORD
value: ""
image: jumpserver/jms_all:latest
imagePullPolicy: IfNotPresent
name: jumpserver
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 2222
name: ssh
protocol: TCP
volumeMounts:
- mountPath: /opt/jumpserver/data/media
name: datadir
volumes:
- name: datadir
persistentVolumeClaim:
claimName: jumpserver-data
---
apiVersion: v1
kind: Service
metadata:
name: jumpserver-svc
namespace: test-env
labels:
app.kubernetes.io/instance: jumpserver
app.kubernetes.io/name: jumpserver
spec:
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
- name: ssh
port: 2222
targetPort: 2222
protocol: TCP
nodePort: 32222
type: NodePort
selector:
app.kubernetes.io/instance: jumpserver
app.kubernetes.io/name: jumpserver
[root@k8s-master jumpserver]# kubectl apply -f jumpserver.yaml
[root@k8s-master jumpserver]# kubectl get -n test-env po
NAME READY STATUS RESTARTS AGE
jumpserver-57dc8c5f6b-r6h6v 1/1 Running 0 10m
mysql-79b4688d45-4k4bj 1/1 Running 0 57m
redis-586c48c7cb-rmp8m 2/2 Running 0 42m
[root@k8s-master jumpserver]# kubectl get -n test-env svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
jumpserver-svc NodePort 10.102.202.72 <none> 80:30108/TCP,2222:32222/TCP 10s
mysql NodePort 10.105.190.92 <none> 3306:30336/TCP 57m
redis NodePort 10.111.98.52 <none> 6379:30014/TCP,9121:32258/TCP 42m
为了方便访问,可以添加ingress域名来访问
[root@k8s01 home]# cat test-ing.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: test-ing
namespace: test-env
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
rules:
- host: jumpserver.k8s.com
http:
paths:
- path: /
backend:
serviceName: jumpserver-svc
servicePort: 80
本地host添加相应解析即可
登录测试
jumpserver.k8s.com,初始账号/密码:admin/admin
版权声明:
本站所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自
爱吃可爱多!
喜欢就支持一下吧
打赏
微信
支付宝
微信
支付宝