k8s部署jumpserver

k8s部署jumpserver

Scroll Down

jumpserver的官方文档
搭建过程主要分三步:

  • 部署mysql
  • 部署redis
  • 部署jumpserver

部署mysql

k8s单节点部署

[root@k8s01 mysql]# cat mysql-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: mysql-config
  namespace: test-env
  labels:
    app: mysql
data:
  my.cnf: |-
    [client]
    default-character-set=utf8mb4
    [mysql]
    default-character-set=utf8mb4
    [mysqld] 
    max_connections = 2000
    secure_file_priv=/var/lib/mysql
    sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION
    log-bin = /var/lib/mysql/mysql-bin.log
    expire-logs-days = 14
    max-binlog-size = 500M
    server-id = 1
    
[root@k8s01 mysql]# cat mysql-deploy.yaml
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: mysql-data
  namespace: test-env
  labels:
    app: mysql
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 10Gi
  storageClassName: managed-nfs-storage
---
apiVersion: v1
kind: Service
metadata:
  name: mysql
  namespace: test-env
  labels:
    app: mysql
spec:
  type: NodePort
  ports:
  - name: mysql
    port: 3306
    targetPort: 3306
    nodePort: 30336
  selector:
    app: mysql
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mysql
  namespace: test-env
  labels:
    app: mysql
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:     
      containers:
      - name: mysql
        image: mysql:5.7.27
        ports:
        - containerPort: 3306
        env:
        - name: MYSQL_ROOT_PASSWORD    ## 配置Root用户默认密码
          value: "mysql@123456"     ## 密码不要设置纯数字,否则jumpserver报错
        resources:
          limits:
            cpu: 2000m
            memory: 512Mi
          requests:
            cpu: 2000m
            memory: 512Mi
        livenessProbe:
          initialDelaySeconds: 30
          periodSeconds: 10
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 3
          exec:
            command: ["mysqladmin", "-uroot", "-p${MYSQL_ROOT_PASSWORD}", "ping"]
        readinessProbe:  
          initialDelaySeconds: 10
          periodSeconds: 10
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 3
          exec:
            command: ["mysqladmin", "-uroot", "-p${MYSQL_ROOT_PASSWORD}", "ping"]
        volumeMounts:
        - name: data
          mountPath: /var/lib/mysql
        - name: localtime
          readOnly: true
          mountPath: /etc/localtime
        - name: config
          mountPath: /etc/mysql/my.cnf
          subPath: my.cnf
      volumes:
      - name: data
        persistentVolumeClaim:
          claimName: mysql-data
      - name: localtime
        hostPath:
          type: File
          path: /etc/localtime
      - name: config
        configMap:
          name: mysql-config    
                
[root@k8s01 mysql]# kubectl apply -f mysql-config.yaml
configmap/mysql-config create
[root@k8s01 mysql]# kubectl apply -f mysql-deploy.yaml        
deployment/mysql-deploy create
[root@k8s01 mysql]# kubectl get -n test-env po
NAME                          READY   STATUS    RESTARTS   AGE
mysql-5f758789c9-dvqbk        1/1     Running   0          22h

helm一键部署

[root@k8s-master home]# helm repo update
[root@k8s-master home]# helm fetch stable/mysql
#修改values.yaml三处:image改为:5.7.27, 添加pvc的storageclass: managed-nfs-storage, NodePort:30336
[root@k8s-master home]# helm install -name mysql --namespace=test-env .
[root@k8s-master mysql]# kubectl get -n test-env po
NAME                     READY   STATUS    RESTARTS   AGE
mysql-79b4688d45-4k4bj   1/1     Running   0          10m
[root@k8s-master mysql]# kubectl get secret --namespace test-env mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo
JlbEGT1HhM
#可进入容器修改密码,密码不要纯数字,否则jumpserver报错

部署redis

[root@k8s-master jumpserver]# cat redis.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: redis
  name: redis
  namespace: test-env
spec:
  replicas: 1
  selector:
    matchLabels:
      app: redis
  template:
    metadata:
      labels:
        app: redis
    spec:
      containers:
      - image: redis:5.0.2
        imagePullPolicy: IfNotPresent
        name: redis
        ports:
        - containerPort: 6379
          protocol: TCP
      - image: oliver006/redis_exporter:latest
        imagePullPolicy: IfNotPresent
        name: redis-exporter
        resources:
          requests:
            cpu: 100m
            memory: 100Mi
        ports:
        - containerPort: 9121 
        volumeMounts:
        - mountPath: /etc/localtime
          name: host-time
        - mountPath: /etc/timezone
          name: time-zone
      volumes:
      - hostPath:
          path: /etc/localtime
          type: ""
        name: host-time
      - hostPath:
          path: /etc/timezone
          type: ""
        name: time-zone
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: redis
  name: redis
  namespace: test-env
spec:
  ports:
  - name: redis-data
    port: 6379
    protocol: TCP
    targetPort: 6379
    nodePort: 30014
  - name: metrics
    port: 9121
    targetPort: 9121
    nodePort: 32258
  selector:
    app: redis
  type: NodePort
  
[root@k8s-master jumpserver]# kubectl apply -f redis.yaml
deployment.extensions/redis created
service/redis created
[root@k8s-master jumpserver]# kubectl get -n test-env po
NAME                     READY   STATUS    RESTARTS   AGE
mysql-5f758789c9-dvqbk   1/1     Running   0          22h
redis-586c48c7cb-rmp8m   2/2     Running   0          23s

部署jumpserver

[root@k8s01 jumpserver]# cat jumpserver.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: jumpserver-data
  namespace: test-env
  annotations:
    volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 20Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: jumpserver
  namespace: test-env
  labels:
    app.kubernetes.io/instance: jumpserver
    app.kubernetes.io/name: jumpserver
spec:
    replicas: 1
    strategy:
      rollingUpdate:
        maxSurge: 1
        maxUnavailable: 0
      type: RollingUpdate
    selector:
      matchLabels:
        app.kubernetes.io/instance: jumpserver
        app.kubernetes.io/name: jumpserver
    template:
      metadata:
        labels:
          app.kubernetes.io/instance: jumpserver
          app.kubernetes.io/name: jumpserver
      spec:
        containers:
        - env:
          - name: SECRET_KEY
            value: "veDMhBkZHdfjlsafdjaslfbfiewfbiabjfdakwiafndiawbfjwZ"
          - name: BOOTSTRAP_TOKEN
            value: "F9HUa5nfksd532ndsaR"
          - name: DB_ENGINE
            value: "mysql"
          - name: DB_HOST
            value: "192.168.50.205"
          - name: DB_PORT
            value: "30336"
          - name: DB_USER
            value: "root"
          - name: DB_PASSWORD
            value: "mysql@123456"
          - name: DB_NAME
            value: "jumpserver"
          - name: REDIS_HOST
            value: "192.168.50.205"
          - name: REDIS_PORT
            value: "30014"
          - name: REDIS_PASSWORD
            value: ""
          image: jumpserver/jms_all:latest
          imagePullPolicy: IfNotPresent
          name: jumpserver
          ports:
          - containerPort: 80
            name: http
            protocol: TCP
          - containerPort: 2222
            name: ssh
            protocol: TCP
          volumeMounts:
          - mountPath: /opt/jumpserver/data/media
            name: datadir
        volumes:
        - name: datadir
          persistentVolumeClaim:
            claimName: jumpserver-data
---
apiVersion: v1
kind: Service
metadata:
  name: jumpserver-svc
  namespace: test-env
  labels:
    app.kubernetes.io/instance: jumpserver
    app.kubernetes.io/name: jumpserver
spec:
  ports:
  - name: http
    port: 80
    targetPort: 80
    protocol: TCP
  - name: ssh
    port: 2222
    targetPort: 2222
    protocol: TCP
    nodePort: 32222
  type: NodePort
  selector:
    app.kubernetes.io/instance: jumpserver
    app.kubernetes.io/name: jumpserver
    
[root@k8s-master jumpserver]# kubectl apply -f jumpserver.yaml
[root@k8s-master jumpserver]# kubectl get -n test-env po
NAME                          READY   STATUS    RESTARTS   AGE
jumpserver-57dc8c5f6b-r6h6v   1/1     Running   0          10m
mysql-79b4688d45-4k4bj        1/1     Running   0          57m
redis-586c48c7cb-rmp8m        2/2     Running   0          42m
[root@k8s-master jumpserver]# kubectl get -n test-env svc
NAME         TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)                         AGE
jumpserver-svc   NodePort   10.102.202.72   <none>        80:30108/TCP,2222:32222/TCP     10s
mysql        NodePort   10.105.190.92   <none>        3306:30336/TCP                  57m
redis        NodePort   10.111.98.52    <none>        6379:30014/TCP,9121:32258/TCP   42m

为了方便访问,可以添加ingress域名来访问

[root@k8s01 home]# cat test-ing.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ing
  namespace: test-env
  annotations:
    kubernetes.io/ingress.class: traefik            
    traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
  rules:
  - host: jumpserver.k8s.com                           
    http:
      paths:
      - path: /              
        backend:
          serviceName: jumpserver-svc
          servicePort: 80

本地host添加相应解析即可

登录测试

jumpserver.k8s.com,初始账号/密码:admin/admin
k8sjump1.png

k8sjump2.png