网站导航
> 文档中心 > JumpServer-v2.20.0迁移到K8S运行

JumpServer-v2.20.0迁移到K8S运行

网友: 文档中心 2022-03-26 14:37:09

JumpServer-v2.20.0迁移K8S运行

yaml: 相关链接:https://gitee.com/jiayu997/kubernetes/blob/master/Jumpserver-v2.20.0/Jumpserver.tar.gz

测试环境

主机
k8s-master-1 192.168.0.10 MASTER节点
k8s-node-1 192.168.0.11 WORK节点
k8s-nfs 192.168.0.55 提供NFS存储

实际效果

在这里插入图片描述
在这里插入图片描述

jms_configmap

[root@k8s-master-1 yaml]# cat jms_configmap.yaml apiVersion: v1kind: Namespacemetadata:  name: jms---apiVersion: v1kind: ConfigMapmetadata:  name: jms-config  namespace: jmsdata:  MYSQL_DATABASE: "jumpserver"  my.cnf: |    [mysqld]    basedir=/usr/    datadir=/var/lib/mysql    pid-file=/var/run/mysqld/mysqld.pid    socket=/var/run/mysqld/mysqld.sock    port=3306    user=mysql    log_error=/var/lib/mysql/mysql-error.log    slow-query-log-file=/var/lib/mysql/mysql-slow.log    log_bin=/var/lib/mysql/mysql-bin.log    relay-log=/var/lib/mysql/mysql-relay-bin    server-id=1    innodb_buffer_pool_size=1024M    innodb_log_buffer_size=16M    key_buffer_size=128M    query_cache_size=256M    tmp_table_size=128M    binlog_format=mixed     skip-external-locking    skip-name-resolve    character-set-server=utf8    collation-server=utf8_bin    max_allowed_packet=16M    thread_cache_size=256    table_open_cache=4096    back_log=1024    max_connect_errors=100000    interactive_timeout=1800    wait_timeout=1800    max_connections=2048    sort_buffer_size=16M    join_buffer_size=4M    read_buffer_size=4M    read_rnd_buffer_size=16M    binlog_cache_size=2M    thread_stack=192K    max_heap_table_size=128M    myisam_sort_buffer_size=128M    bulk_insert_buffer_size=256M    open_files_limit=65535    query_cache_limit=2M    slow-query-log    long_query_time=2    expire_logs_days=3    max_binlog_size=1000M    slave_parallel_workers=4    log-slave-updates    binlog_ignore_db=mysql    replicate_wild_ignore_table=mysql.%    sync_binlog=1    innodb_file_per_table=1    innodb_flush_method=O_DIRECT    innodb_buffer_pool_instances=4    innodb_log_file_size=512M    innodb_log_files_in_group=3    innodb_open_files=4000    innodb_read_io_threads=8    innodb_write_io_threads=8    innodb_thread_concurrency=8    innodb_io_capacity=2000    innodb_io_capacity_max=6000    innodb_lru_scan_depth=2000    innodb_max_dirty_pages_pct=85    innodb_flush_log_at_trx_commit=2    sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES    [mysqldump]    quick    quote-names    max_allowed_packet=16M    [client]    default-character-set=utf8    [mysql]    default-character-set=utf8    [isamchk]    key_buffer=128M    sort_buffer_size=4M    read_buffer=2M    write_buffer=2M    [myisamchk]    key_buffer=128M    sort_buffer_size=4M    read_buffer=2M    write_buffer=2M  redis.conf: |    daemonize no    bind 0.0.0.0    port 6379    timeout 300    loglevel notice    databases 16    save 900 1    save 300 10    save 60 10000    dbfilename dump.rdb    rdbcompression yes    dir /data    loglevel warning    logfile "/data/redis.log"    maxclients 20480    maxmemory 2g    maxmemory-policy allkeys-lru    appendonly no    appendfilename "appendonly.aof"    appendfsync no  nginx.conf: |    server {      listen 80;      client_max_body_size 4096m; location /ui/ { try_files $uri / /index.html; alias /opt/lina/;      }     location /luna/ { try_files $uri / /index.html; alias /opt/luna/;      } location /download/ {  alias /opt/download/;      } location /media/replay/ { add_header Content-Encoding gzip; root /opt/jumpserver/data/;      } location /media/ { root /opt/jumpserver/data/;      } location /static/ { root /opt/jumpserver/data/;      } location /koko/ { proxy_pass http://jms-koko.jms.svc.cluster.local:5000;  proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;      }      location /lion/ {   proxy_pass http://jms-lion.jms.svc.cluster.local:8081;   proxy_buffering off;   proxy_request_buffering off;   proxy_http_version 1.1;   proxy_set_header Upgrade $http_upgrade;   proxy_set_header Connection $http_connection;   proxy_set_header X-Real-IP $remote_addr;   proxy_set_header Host $host;   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;   proxy_ignore_client_abort on;   proxy_connect_timeout 600;   proxy_send_timeout 600;   proxy_read_timeout 600;   send_timeout 6000;      } # 企业版才有该功能      #location /omnidb/ {      #    resolver 127.0.0.11 valid=30s;      #    set $upstream http://omnidb:8082;      #    proxy_pass $upstream$request_uri;      #    proxy_buffering off;      #    proxy_http_version 1.1;      #    proxy_set_header Upgrade $http_upgrade;      #    proxy_set_header Connection $http_connection;      #    proxy_set_header X-Real-IP $remote_addr;      #    proxy_set_header Host $host;      #    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;      #} location /ws/ {   proxy_pass http://jms-core.jms.svc.cluster.local:8070;   proxy_buffering off;   proxy_http_version 1.1;   proxy_set_header Upgrade $http_upgrade;   proxy_set_header Connection "upgrade";   proxy_set_header X-Real-IP $remote_addr;   proxy_set_header Host $host;   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;      } location /api/ {   proxy_pass http://jms-core.jms.svc.cluster.local:8080;   proxy_set_header X-Real-IP $remote_addr;   proxy_set_header Host $host;   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;      } location /core/ {   proxy_pass http://jms-core.jms.svc.cluster.local:8080;   proxy_set_header X-Real-IP $remote_addr;   proxy_set_header Host $host;   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;      } location / {   rewrite ^/(.*)$ /ui/$1 last;      }    }---apiVersion: v1kind: ConfigMapmetadata:  name: jms-core-config  namespace: jmsdata:  SECRET_KEY: "ZWNjNzRkNTYtYWVmOS1jMjE3LWRlNmEtNDI0Zjk2ZWMxYzJk"  BOOTSTRAP_TOKEN: "ZWNjNzRkNTYtYWVmOS1jMjE3"  LOG_LEVEL: "ERROR"  #  MySQL 配置, USE_EXTERNAL_MYSQL=1 表示使用外置 MySQL, 请输入正确的 MySQL 信息  USE_EXTERNAL_MYSQL: "1"  DB_HOST: "jms-mysql.jms.svc.cluster.local"  DB_PORT: "3306"  DB_USER: "root"  DB_PASSWORD: "jumpserver"  DB_NAME: "jumpserver"  ##  Redis 配置, USE_EXTERNAL_REDIS: 1 表示使用外置 Redis, 请输入正确的 Redis 信息  USE_EXTERNAL_REDIS: "1"  REDIS_HOST: "jms-redis.jms.svc.cluster.local"  REDIS_PORT: "6379"  REDIS_PASSWORD: "jumpserver"  # Nginx 配置  HTTP_PORT: "80"  SSH_PORT: "2222"  RDP_PORT: "3389"  # Task 配置, 是否启动 jms_celery 容器, 单节点必须开启  USE_TASK: "1"  # XPack, USE_XPACK: 1 表示开启, 开源版本设置无效  USE_XPACK: "0"  # Core 配置, Session 定义, SESSION_COOKIE_AGE 表示闲置多少秒后 session 过期, SESSION_EXPIRE_AT_BROWSER_CLOSE: true 表示关闭浏览器即 session 过期  # SESSION_COOKIE_AGE: 86400  SESSION_EXPIRE_AT_BROWSER_CLOSE: "true"  # Koko Lion XRDP 组件配置  CORE_HOST: "http://jms-core.jms.svc.cluster.local:8080"  # Lion 开启字体平滑  JUMPSERVER_ENABLE_FONT_SMOOTHING: "true"  # Nginx 文件上传大小  CLIENT_MAX_BODY_SIZE: "4096m"  # 终端使用宿主 HOSTNAME 标识  SERVER_HOSTNAME: "${HOSTNAME}"  # 额外的配置  CURRENT_VERSION: "v2.20.0"

jms_secret

[root@k8s-master-1 yaml]# cat jms_secret.yaml apiVersion: v1kind: Secretmetadata:  name: jms-secret  namespace: jmsdata:    #密码:echo -n "jumpserver" | base64  MYSQL_ROOT_PASSWORD: "anVtcHNlcnZlcg=="  REDIS_PASSWORD: "anVtcHNlcnZlcg=="---

jms_mysql

[root@k8s-master-1 yaml]# cat jms_mysql.yaml apiVersion: apps/v1kind: Deploymentmetadata:   name: jms-mysql  namespace: jmsspec:  minReadySeconds: 30  replicas: 1  selector:    matchLabels:      app: jms-mysql  template:    metadata:      name: jms-mysql      labels: app: jms-mysql    spec:      restartPolicy: Always      terminationGracePeriodSeconds: 30      containers:      - name: jms-mysql image: jumpserver/mysql:5 imagePullPolicy: Never env: - name: MYSQL_DATABASE   valueFrom:     configMapKeyRef:name: jms-configkey: MYSQL_DATABASE - name: MYSQL_ROOT_PASSWORD   valueFrom:     secretKeyRef:name: jms-secretkey: MYSQL_ROOT_PASSWORD command: ["docker-entrypoint.sh"] args: ["--character-set-server=utf8"] readinessProbe:   periodSeconds: 10   failureThreshold: 3   successThreshold: 1   timeoutSeconds: 5   initialDelaySeconds: 30   exec:      command: ["/bin/bash","-c","mysql -h127.0.0.1 -P$DB_PORT -uroot -p$MYSQL_ROOT_PASSWORD -e 'SHOW DATABASES;'"] volumeMounts: - name: jms-nfs   mountPath: /var/lib/mysql - name: jms-my-cnf   mountPath: /etc/mysql      volumes:      - name: jms-nfs nfs:   path: /Jumpserver/mysql   server: 192.168.0.55      - name: jms-my-cnf configMap:   name: jms-config   items:   - key: my.cnf     path: my.cnf---apiVersion: v1kind: Servicemetadata:  name: jms-mysql  namespace: jmsspec:  type: ClusterIP  clusterIP: None  selector:    app: jms-mysql  ports:  - name: jms-mysql-3306    protocol: TCP    port: 3306    targetPort: 3306    - name: jms-mysql-33060    protocol: TCP    port: 33060    targetPort: 33060

jms_redis

[root@k8s-master-1 yaml]# cat jms_redis.yaml apiVersion: apps/v1kind: Deploymentmetadata:  name: jms-redis  namespace: jmsspec:  minReadySeconds: 30  replicas: 1  selector:    matchLabels:      app: jms-redis  template:    metadata:      name: jms-redis      labels: app: jms-redis    spec:      restartPolicy: Always      terminationGracePeriodSeconds: 30      containers:      - name: jms-redis image: jumpserver/redis:6-alpine imagePullPolicy: Never env: - name: REDIS_PASSWORD   valueFrom:     secretKeyRef:name: jms-secretkey: REDIS_PASSWORD command: ["/bin/sh","-c","redis-server /etc/redis.conf --requirepass $REDIS_PASSWORD"] readinessProbe:   periodSeconds: 10   failureThreshold: 3   successThreshold: 1   timeoutSeconds: 5   initialDelaySeconds: 10   exec:     command: ["/bin/sh","-c","redis-cli -h 127.0.0.1 -p 6379 -a $REDIS_PASSWORD info Replication"] volumeMounts: - name: jms-nfs   mountPath: /data - name: jms-redis-config   mountPath: /etc/redis.conf   subPath: redis.conf      volumes:      - name: jms-nfs nfs:   path: /Jumpserver/redis   server: 192.168.0.55      - name: jms-redis-config configMap:   name: jms-config---apiVersion: v1kind: Servicemetadata:  name: jms-redis  namespace: jmsspec:  type: ClusterIP  clusterIP: None  selector:    app: jms-redis  ports:  - protocol: TCP    port: 6379    targetPort: 6379

jms_core

[root@k8s-master-1 yaml]# cat jms_core.yaml apiVersion: apps/v1kind: Deploymentmetadata:   name: jms-core  namespace: jmsspec:  minReadySeconds: 90  replicas: 1  selector:    matchLabels:      app: jms-core  template:    metadata:      name: jms-core      labels: app: jms-core    spec:      restartPolicy: Always      terminationGracePeriodSeconds: 30      containers:      - name: jms-core image: jumpserver/core:v2.20.0 imagePullPolicy: Never tty: true envFrom: - configMapRef:     name: jms-core-config command: ["/bin/bash","-c","python jms start web"] #command默认没带shell环境 readinessProbe:   periodSeconds: 10   failureThreshold: 3   successThreshold: 1   timeoutSeconds: 5   initialDelaySeconds: 90   exec:      command: ["/bin/sh","-c","curl -fsL http://localhost:8080/api/health/ > /dev/null"] volumeMounts: - name: jms-nfs-data   mountPath: /opt/jumpserver/data - name: jms-nfs-logs   mountPath: /opt/jumpserver/logs      volumes:      - name: jms-nfs-data nfs:   path: /Jumpserver/core/data   server: 192.168.0.55      - name: jms-nfs-logs nfs:   path: /Jumpserver/core/logs   server: 192.168.0.55---apiVersion: v1kind: Servicemetadata:  name: jms-core  namespace: jmsspec:  type: ClusterIP  clusterIP: None  selector:    app: jms-core  ports:  - name: jms-core-8070    protocol: TCP    port: 8070    targetPort: 8070  - name: jms-core-8080    protocol: TCP    port: 8080    targetPort: 8080

jms_celery

[root@k8s-master-1 yaml]# cat jms_celery.yaml apiVersion: apps/v1kind: Deploymentmetadata:  name: jms-celery  namespace: jmsspec:  minReadySeconds: 30  replicas: 1  selector:    matchLabels:      app: jms-celery  template:    metadata:      name: jms-celery      labels: app: jms-celery    spec:      restartPolicy: Always      terminationGracePeriodSeconds: 30      containers:      - name: jms-celery image: jumpserver/core:v2.20.0 imagePullPolicy: Never tty: true envFrom: - configMapRef:     name: jms-core-config command: ["/bin/bash","-c","python jms start task"] #command默认没带shell环境 readinessProbe:   periodSeconds: 10   failureThreshold: 3   successThreshold: 1   timeoutSeconds: 5   initialDelaySeconds: 30   exec:     command: ["/bin/bash","-c","bash /opt/jumpserver/utils/check_celery.sh"] volumeMounts: - name: jms-nfs-data   mountPath: /opt/jumpserver/data - name: jms-nfs-logs   mountPath: /opt/jumpserver/logs      volumes:      - name: jms-nfs-data nfs:   path: /Jumpserver/core/data   server: 192.168.0.55      - name: jms-nfs-logs nfs:   path: /Jumpserver/core/logs   server: 192.168.0.55---apiVersion: v1kind: Servicemetadata:  name: jms-celery  namespace: jmsspec:  type: ClusterIP  clusterIP: None  selector:    app: jms-celery  ports:  - name: jms-celery-8070    protocol: TCP    port: 8070    targetPort: 8070  - name: jms-celery-8080    protocol: TCP    port: 8080    targetPort: 8080

jms_koko

[root@k8s-master-1 yaml]# cat jms_koko.yaml apiVersion: apps/v1kind: Deploymentmetadata:  name: jms-koko  namespace: jmsspec:  minReadySeconds: 10  replicas: 1  selector:    matchLabels:      app: jms-koko  template:    metadata:      name: jms-koko      labels: app: jms-koko    spec:      restartPolicy: Always      terminationGracePeriodSeconds: 30      containers:      - name: jms-koko image: jumpserver/koko:v2.20.0 imagePullPolicy: Never tty: true envFrom: - configMapRef:     name: jms-core-config readinessProbe:   periodSeconds: 10   failureThreshold: 3   successThreshold: 1   timeoutSeconds: 5   initialDelaySeconds: 10   exec:     command: ["/bin/sh","-c","curl -fsL http://localhost:5000/koko/health/ > /dev/null"] volumeMounts: - name: jms-nfs-koko   mountPath: /opt/koko/data      volumes:      - name: jms-nfs-koko nfs:   path: /Jumpserver/koko/data   server: 192.168.0.55---apiVersion: v1kind: Servicemetadata:  name: jms-koko  namespace: jmsspec:  type: ClusterIP  clusterIP: None  selector:    app: jms-koko  ports:  - name: jms-koko-2222    protocol: TCP    port: 2222    targetPort: 2222  - name: jms-koko-5000    port: 5000    targetPort: 5000

jms_lion

[root@k8s-master-1 yaml]# cat jms_lion.yaml apiVersion: apps/v1kind: Deploymentmetadata:  name: jms-lion  namespace: jmsspec:  minReadySeconds: 10  replicas: 1  selector:    matchLabels:      app: jms-lion  template:    metadata:      name: jms-lion      labels: app: jms-lion    spec:      restartPolicy: Always      terminationGracePeriodSeconds: 30      containers:      - name: jms-lion image: jumpserver/lion:v2.20.0 imagePullPolicy: Never tty: true envFrom: - configMapRef:     name: jms-core-config readinessProbe:   periodSeconds: 10   failureThreshold: 3   successThreshold: 1   timeoutSeconds: 5   initialDelaySeconds: 10   exec:     command: ["/bin/sh","-c","curl -fsL http://localhost:8081/lion/health/ > /dev/null"] volumeMounts: - name: jms-nfs-lion   mountPath: /opt/lion/data      volumes:      - name: jms-nfs-lion nfs:   path: /Jumpserver/lion/data   server: 192.168.0.55---apiVersion: v1kind: Servicemetadata:  name: jms-lion  namespace: jmsspec:  type: ClusterIP  clusterIP: None  selector:    app: jms-lion  ports:  - name: jms-lion-4822    protocol: TCP    port: 4822    targetPort: 4822  - name: jms-lion-8081 #dockerfile本身没有暴露该端口,但是由于nginx有流量转发到这里,所以开端口了    protocol: TCP    port: 8081    targetPort: 8081

jms_nginx

[root@k8s-master-1 yaml]# cat jms_nginx.yaml apiVersion: apps/v1kind: Deploymentmetadata:  name: jms-nginx  namespace: jmsspec:  minReadySeconds: 180  replicas: 1  selector:    matchLabels:      app: jms-nginx  template:    metadata:      name: jms-nginx      labels: app: jms-nginx    spec:      restartPolicy: Always      terminationGracePeriodSeconds: 30      containers:      - name: jms-nginx image: jumpserver/web:v2.20.0 imagePullPolicy: Never tty: true readinessProbe:   periodSeconds: 10   failureThreshold: 3   successThreshold: 1   timeoutSeconds: 5   initialDelaySeconds: 50   exec:     command: ["/bin/sh","-c","curl -fsL http://localhost/ > /dev/null"] volumeMounts: - name: jms-core-data   mountPath: /opt/jumpserver/data - name: jms-nginx-logs   mountPath: /var/log/nginx - name: jms-nginx-config   mountPath: /etc/nginx/conf.d/default.conf   subPath: nginx.conf      volumes:      - name: jms-core-data nfs:   path: /Jumpserver/core/data   server: 192.168.0.55      - name: jms-nginx-logs nfs:   path: /Jumpserver/nginx/data/logs   server: 192.168.0.55      - name: jms-nginx-config configMap:   name: jms-config---apiVersion: v1kind: Servicemetadata:  name: jms-nginx  namespace: jmsspec:  type: ClusterIP  clusterIP: None  selector:    app: jms-nginx  ports:  - name: jms-nginx    protocol: TCP    port: 80    targetPort: 80

jms_ingress

[root@k8s-master-1 yaml]# cat jms_ingress.yaml apiVersion: networking.k8s.io/v1kind: Ingressmetadata:  name: jms-ingress  namespace: jms  annotations:    kubernetes.io/ingress.class: "nginx"    nginx.ingress.kubernetes.io/ssl-redirect: "true"    nginx.ingress.kubernetes.io/proxy-body-size: "4096m"    nginx.ingress.kubernetes.io/ssl-ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"spec:  tls:  - hosts:    - www.jumpserver.com    secretName: jms-ingress  rules:  - host: www.jumpserver.com    http:      paths:      - backend:   service:     name: jms-nginx     port:number: 80 path: / pathType: Prefix

运行

[root@k8s-master-1 yaml]# kubectl apply -f jms_configmap.yaml namespace/jms createdconfigmap/jms-config createdconfigmap/jms-core-config created[root@k8s-master-1 yaml]# kubectl apply -f jms_secret.yaml secret/jms-secret created[root@k8s-master-1 yaml]# kubectl apply -f jms_mysql.yaml deployment.apps/jms-mysql createdservice/jms-mysql created[root@k8s-master-1 yaml]# kubectl apply -f jms_redis.yaml deployment.apps/jms-redis createdservice/jms-redis created[root@k8s-master-1 yaml]# kubectl apply -f jms_core.yaml deployment.apps/jms-core createdservice/jms-core created[root@k8s-master-1 yaml]# kubectl apply -f jms_celery.yaml deployment.apps/jms-celery createdservice/jms-celery created[root@k8s-master-1 yaml]# kubectl apply -f jms_koko.yaml deployment.apps/jms-koko createdservice/jms-koko created[root@k8s-master-1 yaml]# kubectl apply -f jms_lion.yaml deployment.apps/jms-lion createdservice/jms-lion created[root@k8s-master-1 yaml]# kubectl apply -f jms_nginx.yaml deployment.apps/jms-nginx createdservice/jms-nginx created[root@k8s-master-1 yaml]# kubectl apply -f jms_ingress.yaml ingress.networking.k8s.io/jms-ingress created# 查看状态[root@k8s-master-1 yaml]# kubectl get pods -n jmsNAME    READY   STATUS    RESTARTS   AGEjms-celery-b59bd98f8-m8wsz   1/1     Running   0   7m14sjms-core-67ffc475b6-6hgps    1/1     Running   0   7m18sjms-koko-69c9557bd6-4mzsz    1/1     Running   0   7m5sjms-lion-7b57997486-n445g    1/1     Running   0   6m59sjms-mysql-5898bb7d79-947gg   1/1     Running   0   7m27sjms-nginx-cf4bf56f6-pfbv5    1/1     Running   4   6m52sjms-redis-57b8b7b9f-8nchq    1/1     Running   0   7m23s

k歌软件

网络标签:

相关问题