安装文档

说明

全新安装的 Linux
需要连接 互联网
使用 root 用户执行

可以使用由 华为云 提供的容器镜像服务 ❤

区域镜像仓库地址配置文件 /opt/jumpserver/config/config.txtKubernetes values.yaml
华北-北京一swr.cn-north-1.myhuaweicloud.comDOCKER_IMAGE_PREFIX=swr.cn-north-1.myhuaweicloud.comrepository: swr.cn-north-1.myhuaweicloud.com
华北-北京四swr.cn-north-4.myhuaweicloud.comDOCKER_IMAGE_PREFIX=swr.cn-north-4.myhuaweicloud.comrepository: swr.cn-north-4.myhuaweicloud.com
华南-广州swr.cn-south-1.myhuaweicloud.comDOCKER_IMAGE_PREFIX=swr.cn-south-1.myhuaweicloud.comrepository: swr.cn-south-1.myhuaweicloud.com
华东-上海一swr.cn-east-3.myhuaweicloud.comDOCKER_IMAGE_PREFIX=swr.cn-east-3.myhuaweicloud.comrepository: swr.cn-east-3.myhuaweicloud.com
亚太-香港swr.ap-southeast-1.myhuaweicloud.comDOCKER_IMAGE_PREFIX=swr.ap-southeast-1.myhuaweicloud.comrepository: swr.ap-southeast-1.myhuaweicloud.com
亚太-新加坡swr.ap-southeast-3.myhuaweicloud.comDOCKER_IMAGE_PREFIX=swr.ap-southeast-3.myhuaweicloud.comrepository: swr.ap-southeast-3.myhuaweicloud.com

安装方式

外置环境要求

  • 推荐使用外置 数据库 和 Redis,方便日后扩展升级
DBVersionCacheVersion
MySQL>= 5.7Redis>= 6.0
MariaDB>= 10.2

一键部署

  1. # 默认会安装到 /opt/jumpserver-installer-v2.13.2 目录
  2. curl -sSL https://github.com/jumpserver/jumpserver/releases/download/v2.13.2/quick_start.sh | bash
  3. cd /opt/jumpserver-installer-v2.13.2
  1. # 安装完成后配置文件 /opt/jumpserver/config/config.txt
  1. cd /opt/jumpserver-installer-v2.13.2
  2. # 启动
  3. ./jmsctl.sh start
  4. # 停止
  5. ./jmsctl.sh down
  6. # 卸载
  7. ./jmsctl.sh uninstall
  8. # 帮助
  9. ./jmsctl.sh -h

手动部署

  1. cd /opt
  2. wget https://github.com/jumpserver/installer/releases/download/v2.13.2/jumpserver-installer-v2.13.2.tar.gz
  3. tar -xf jumpserver-installer-v2.13.2.tar.gz
  4. cd jumpserver-installer-v2.13.2
  1. # 根据需要修改配置文件模板, 如果不清楚用途可以跳过修改
  2. cat config-example.txt
  1. # 以下设置如果为空系统会自动生成随机字符串填入
  2. ## 迁移请修改 SECRET_KEY 和 BOOTSTRAP_TOKEN 为原来的设置
  3. ## 完整参数文档 https://docs.jumpserver.org/zh/master/admin-guide/env/
  4. ## 安装配置, amd64 默认使用华为云加速下载, arm64 请注释掉 DOCKER_IMAGE_PREFIX=swr.cn-south-1.myhuaweicloud.com
  5. # DOCKER_IMAGE_PREFIX=swr.cn-south-1.myhuaweicloud.com
  6. VOLUME_DIR=/opt/jumpserver
  7. DOCKER_DIR=/var/lib/docker
  8. SECRET_KEY=
  9. BOOTSTRAP_TOKEN=
  10. LOG_LEVEL=ERROR
  11. ## MySQL 配置, USE_EXTERNAL_MYSQL=1 表示使用外置数据库, 请输入正确的 MySQL 信息
  12. USE_EXTERNAL_MYSQL=0
  13. DB_HOST=mysql
  14. DB_PORT=3306
  15. DB_USER=root
  16. DB_PASSWORD=
  17. DB_NAME=jumpserver
  18. ## Redis 配置, USE_EXTERNAL_REDIS=1 表示使用外置数据库, 请输入正确的 Redis 信息
  19. USE_EXTERNAL_REDIS=0
  20. REDIS_HOST=redis
  21. REDIS_PORT=6379
  22. REDIS_PASSWORD=
  23. ## Compose 项目设置, 如果 192.168.250.0/24 网段与你现有网段冲突, 请修改然后重启 JumpServer
  24. COMPOSE_PROJECT_NAME=jms
  25. COMPOSE_HTTP_TIMEOUT=3600
  26. DOCKER_CLIENT_TIMEOUT=3600
  27. DOCKER_SUBNET=192.168.250.0/24
  28. ## IPV6 设置, 容器是否开启 ipv6 nat, USE_IPV6=1 表示开启, 为 0 的情况下 DOCKER_SUBNET_IPV6 定义不生效
  29. USE_IPV6=0
  30. DOCKER_SUBNET_IPV6=2001:db8:10::/64
  31. ## Nginx 配置, USE_LB=1 表示开启, 为 0 的情况下, HTTPS_PORT 定义不生效
  32. HTTP_PORT=80
  33. SSH_PORT=2222
  34. RDP_PORT=3389
  35. USE_LB=0
  36. HTTPS_PORT=443
  37. ## Task 配置, 是否启动 jms_celery 容器, 单节点必须开启
  38. USE_TASK=1
  39. ## XPack, USE_XPACK=1 表示开启, 开源版本设置无效
  40. USE_XPACK=0
  41. # Core 配置, Session 定义, SESSION_COOKIE_AGE 表示闲置多少秒后 session 过期, SESSION_EXPIRE_AT_BROWSER_CLOSE=true 表示关闭浏览器即 session 过期
  42. # SESSION_COOKIE_AGE=86400
  43. SESSION_EXPIRE_AT_BROWSER_CLOSE=true
  44. # Koko Lion XRDP 组件配置
  45. CORE_HOST=http://core:8080
  46. # 额外的配置
  47. CURRENT_VERSION=
  1. # 安装
  2. ./jmsctl.sh install
  3. # 启动
  4. ./jmsctl.sh start
  1. # 安装完成后配置文件 /opt/jumpserver/config/config.txt
  1. cd /opt/jumpserver-installer-v2.13.2
  2. # 启动
  3. ./jmsctl.sh start
  4. # 停止
  5. ./jmsctl.sh down
  6. # 卸载
  7. ./jmsctl.sh uninstall
  8. # 帮助
  9. ./jmsctl.sh -h

离线部署(amd64)

从飞致云社区 下载最新的 linux/amd64 离线包, 并上传到部署服务器的 /opt 目录

  1. cd /opt
  2. unzip jumpserver-offline-installer-v2.13.2-amd64-11.tar.gz
  3. cd jumpserver-offline-installer-v2.13.2-amd64-11
  1. # 根据需要修改配置文件模板, 如果不清楚用途可以跳过修改
  2. cat config-example.txt
  1. # 以下设置如果为空系统会自动生成随机字符串填入
  2. ## 迁移请修改 SECRET_KEY 和 BOOTSTRAP_TOKEN 为原来的设置
  3. ## 完整参数文档 https://docs.jumpserver.org/zh/master/admin-guide/env/
  4. ## 安装配置, amd64 默认使用华为云加速下载, arm64 请注释掉 DOCKER_IMAGE_PREFIX=swr.cn-south-1.myhuaweicloud.com
  5. # DOCKER_IMAGE_PREFIX=swr.cn-south-1.myhuaweicloud.com
  6. VOLUME_DIR=/opt/jumpserver
  7. DOCKER_DIR=/var/lib/docker
  8. SECRET_KEY=
  9. BOOTSTRAP_TOKEN=
  10. LOG_LEVEL=ERROR
  11. ## MySQL 配置, USE_EXTERNAL_MYSQL=1 表示使用外置数据库, 请输入正确的 MySQL 信息
  12. USE_EXTERNAL_MYSQL=0
  13. DB_HOST=mysql
  14. DB_PORT=3306
  15. DB_USER=root
  16. DB_PASSWORD=
  17. DB_NAME=jumpserver
  18. ## Redis 配置, USE_EXTERNAL_REDIS=1 表示使用外置数据库, 请输入正确的 Redis 信息
  19. USE_EXTERNAL_REDIS=0
  20. REDIS_HOST=redis
  21. REDIS_PORT=6379
  22. REDIS_PASSWORD=
  23. ## Compose 项目设置, 如果 192.168.250.0/24 网段与你现有网段冲突, 请修改然后重启 JumpServer
  24. COMPOSE_PROJECT_NAME=jms
  25. COMPOSE_HTTP_TIMEOUT=3600
  26. DOCKER_CLIENT_TIMEOUT=3600
  27. DOCKER_SUBNET=192.168.250.0/24
  28. ## IPV6 设置, 容器是否开启 ipv6 nat, USE_IPV6=1 表示开启, 为 0 的情况下 DOCKER_SUBNET_IPV6 定义不生效
  29. USE_IPV6=0
  30. DOCKER_SUBNET_IPV6=2001:db8:10::/64
  31. ## Nginx 配置, USE_LB=1 表示开启, 为 0 的情况下, HTTPS_PORT 定义不生效
  32. HTTP_PORT=80
  33. SSH_PORT=2222
  34. RDP_PORT=3389
  35. USE_LB=0
  36. HTTPS_PORT=443
  37. ## Task 配置, 是否启动 jms_celery 容器, 单节点必须开启
  38. USE_TASK=1
  39. ## XPack, USE_XPACK=1 表示开启, 开源版本设置无效
  40. USE_XPACK=0
  41. # Core 配置, Session 定义, SESSION_COOKIE_AGE 表示闲置多少秒后 session 过期, SESSION_EXPIRE_AT_BROWSER_CLOSE=true 表示关闭浏览器即 session 过期
  42. # SESSION_COOKIE_AGE=86400
  43. SESSION_EXPIRE_AT_BROWSER_CLOSE=true
  44. # Koko Lion XRDP 组件配置
  45. CORE_HOST=http://core:8080
  46. # 额外的配置
  47. CURRENT_VERSION=
  1. # 安装
  2. ./jmsctl.sh install
  3. # 启动
  4. ./jmsctl.sh start
  1. # 安装完成后配置文件 /opt/jumpserver/config/config.txt
  1. cd /opt/jumpserver-installer-v2.13.2
  2. # 启动
  3. ./jmsctl.sh start
  4. # 停止
  5. ./jmsctl.sh down
  6. # 卸载
  7. ./jmsctl.sh uninstall
  8. # 帮助
  9. ./jmsctl.sh -h

离线部署(arm64)

从飞致云社区 下载最新的 linux/arm64 离线包, 并上传到部署服务器的 /opt 目录

  1. cd /opt
  2. unzip jumpserver-offline-installer-v2.13.2-arm64-14.tar.gz
  3. cd jumpserver-offline-installer-v2.13.2-arm64-14
  1. # 根据需要修改配置文件模板, 如果不清楚用途可以跳过修改
  2. cat config-example.txt
  1. # 以下设置如果为空系统会自动生成随机字符串填入
  2. ## 迁移请修改 SECRET_KEY 和 BOOTSTRAP_TOKEN 为原来的设置
  3. ## 完整参数文档 https://docs.jumpserver.org/zh/master/admin-guide/env/
  4. ## 安装配置, amd64 默认使用华为云加速下载, arm64 请注释掉 DOCKER_IMAGE_PREFIX=swr.cn-south-1.myhuaweicloud.com
  5. # DOCKER_IMAGE_PREFIX=swr.cn-south-1.myhuaweicloud.com
  6. VOLUME_DIR=/opt/jumpserver
  7. DOCKER_DIR=/var/lib/docker
  8. SECRET_KEY=
  9. BOOTSTRAP_TOKEN=
  10. LOG_LEVEL=ERROR
  11. ## MySQL 配置, USE_EXTERNAL_MYSQL=1 表示使用外置数据库, 请输入正确的 MySQL 信息
  12. USE_EXTERNAL_MYSQL=0
  13. DB_HOST=mysql
  14. DB_PORT=3306
  15. DB_USER=root
  16. DB_PASSWORD=
  17. DB_NAME=jumpserver
  18. ## Redis 配置, USE_EXTERNAL_REDIS=1 表示使用外置数据库, 请输入正确的 Redis 信息
  19. USE_EXTERNAL_REDIS=0
  20. REDIS_HOST=redis
  21. REDIS_PORT=6379
  22. REDIS_PASSWORD=
  23. ## Compose 项目设置, 如果 192.168.250.0/24 网段与你现有网段冲突, 请修改然后重启 JumpServer
  24. COMPOSE_PROJECT_NAME=jms
  25. COMPOSE_HTTP_TIMEOUT=3600
  26. DOCKER_CLIENT_TIMEOUT=3600
  27. DOCKER_SUBNET=192.168.250.0/24
  28. ## IPV6 设置, 容器是否开启 ipv6 nat, USE_IPV6=1 表示开启, 为 0 的情况下 DOCKER_SUBNET_IPV6 定义不生效
  29. USE_IPV6=0
  30. DOCKER_SUBNET_IPV6=2001:db8:10::/64
  31. ## Nginx 配置, USE_LB=1 表示开启, 为 0 的情况下, HTTPS_PORT 定义不生效
  32. HTTP_PORT=80
  33. SSH_PORT=2222
  34. RDP_PORT=3389
  35. USE_LB=0
  36. HTTPS_PORT=443
  37. ## Task 配置, 是否启动 jms_celery 容器, 单节点必须开启
  38. USE_TASK=1
  39. ## XPack, USE_XPACK=1 表示开启, 开源版本设置无效
  40. USE_XPACK=0
  41. # Core 配置, Session 定义, SESSION_COOKIE_AGE 表示闲置多少秒后 session 过期, SESSION_EXPIRE_AT_BROWSER_CLOSE=true 表示关闭浏览器即 session 过期
  42. # SESSION_COOKIE_AGE=86400
  43. SESSION_EXPIRE_AT_BROWSER_CLOSE=true
  44. # Koko Lion XRDP 组件配置
  45. CORE_HOST=http://core:8080
  46. # 额外的配置
  47. CURRENT_VERSION=
  1. # 安装
  2. ./jmsctl.sh install
  3. # 启动
  4. ./jmsctl.sh start
  1. # 安装完成后配置文件 /opt/jumpserver/config/config.txt
  1. cd /opt/jumpserver-installer-v2.13.2
  2. # 启动
  3. ./jmsctl.sh start
  4. # 停止
  5. ./jmsctl.sh down
  6. # 卸载
  7. ./jmsctl.sh uninstall
  8. # 帮助
  9. ./jmsctl.sh -h

Kubernetes

  1. cd /opt
  2. git clone https://github.com/jumpserver/helm
  3. cd /opt/helm
  4. vi values.yaml
  1. # Default values for jumpserver.
  2. # This is a YAML-formatted file.
  3. # Declare variables to be passed into your templates.
  4. nameOverride: ""
  5. fullnameOverride: ""
  6. serviceAccount:
  7. # Specifies whether a service account should be created
  8. create: false
  9. # The name of the service account to use.
  10. # If not set and create is true, a name is generated using the fullname template
  11. name:
  12. imagePullSecrets: []
  13. # - name: yourImagePullSecret
  14. ingress:
  15. enabled: true
  16. annotations:
  17. # kubernetes.io/tls-acme: "true"
  18. compute-full-forwarded-for: "true"
  19. use-forwarded-headers: "true"
  20. kubernetes.io/ingress.class: nginx
  21. nginx.ingress.kubernetes.io/configuration-snippet: |
  22. proxy_set_header Upgrade "websocket";
  23. proxy_set_header Connection "Upgrade";
  24. hosts:
  25. - "test.jumpserver.org" # 通过 ingress 暴露对外域名, 自行修改成你的域名
  26. tls: []
  27. # - secretName: chart-example-tls
  28. # hosts:
  29. # - chart-example.local
  30. core:
  31. enabled: true
  32. labels:
  33. app.jumpserver.org/name: jms-core
  34. config:
  35. # Generate a new random secret key by execute `cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
  36. secretKey: "*************" # 加密 key, 随机生成保管好
  37. # Generate a new random bootstrap token by execute `cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
  38. bootstrapToken: "********" # 组件组成使用 token
  39. # Enabled it for debug
  40. debug: false
  41. log:
  42. level: ERROR
  43. # Fill it with your mysql config
  44. db:
  45. engine: mysql # mysql 相关, 自行搭建后填写对应信息
  46. host: "192.168.1.1"
  47. port: 3306
  48. user: jumpserver
  49. password: "*******"
  50. name: jumpserver
  51. # Fill it with your redis config
  52. redis:
  53. host: "192.168.1.1" # redis 相关, 自行搭建后填写对应信息
  54. port: 6379
  55. password: "*******"
  56. replicaCount: 1 # 副本数, 可以通过 kebuctl scale 实时扩容
  57. image:
  58. repository: docker.io/jumpserver/core # 镜像地址, 默认使用 docker.io
  59. tag: v2.13.1
  60. pullPolicy: IfNotPresent
  61. command: []
  62. env: []
  63. livenessProbe:
  64. failureThreshold: 30
  65. httpGet:
  66. path: /api/health/
  67. port: web
  68. readinessProbe:
  69. failureThreshold: 30
  70. httpGet:
  71. path: /api/health/
  72. port: web
  73. podSecurityContext: {}
  74. # fsGroup: 2000
  75. securityContext: {}
  76. # capabilities:
  77. # drop:
  78. # - ALL
  79. # readOnlyRootFilesystem: true
  80. # runAsNonRoot: true
  81. # runAsUser: 1000
  82. service:
  83. type: ClusterIP
  84. web:
  85. port: 8080
  86. ws:
  87. port: 8070
  88. resources: {}
  89. # We usually recommend not to specify default resources and to leave this as a conscious
  90. # choice for the user. This also increases chances charts run on environments with little
  91. # resources, such as Minikube. If you do want to specify resources, uncomment the following
  92. # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  93. # limits:
  94. # cpu: 1000m
  95. # memory: 2048Mi
  96. # requests:
  97. # cpu: 500m
  98. # memory: 1024Mi
  99. persistence:
  100. storageClassName: jumpserver-data # 请先自行创建 SC, 然后将名称填入此处, 其他组件也要修改
  101. accessModes:
  102. - ReadWriteMany # 规则必须为 RWM, 多 pod 需要共同读写
  103. size: 10Gi # 生产环境推荐 100G 以上
  104. # annotations: {}
  105. finalizers:
  106. - kubernetes.io/pvc-protection
  107. # subPath: ""
  108. # existingClaim:
  109. volumeMounts: []
  110. volumes: []
  111. nodeSelector: {}
  112. tolerations: []
  113. affinity: {}
  114. koko:
  115. enabled: true
  116. labels:
  117. app.jumpserver.org/name: jms-koko
  118. config:
  119. log:
  120. level: ERROR
  121. replicaCount: 1
  122. image:
  123. repository: docker.io/jumpserver/koko
  124. tag: v2.13.1
  125. pullPolicy: IfNotPresent
  126. command: []
  127. env: []
  128. livenessProbe:
  129. failureThreshold: 30
  130. httpGet:
  131. path: /koko/health/
  132. port: web
  133. readinessProbe:
  134. failureThreshold: 30
  135. httpGet:
  136. path: /koko/health/
  137. port: web
  138. podSecurityContext: {}
  139. # fsGroup: 2000
  140. securityContext:
  141. privileged: true
  142. # capabilities:
  143. # drop:
  144. # - ALL
  145. # readOnlyRootFilesystem: true
  146. # runAsNonRoot: true
  147. # runAsUser: 1000
  148. service:
  149. type: ClusterIP
  150. web:
  151. port: 5000
  152. ssh:
  153. port: 2222
  154. resources: {}
  155. # We usually recommend not to specify default resources and to leave this as a conscious
  156. # choice for the user. This also increases chances charts run on environments with little
  157. # resources, such as Minikube. If you do want to specify resources, uncomment the following
  158. # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  159. # limits:
  160. # cpu: 100m
  161. # memory: 128Mi
  162. # requests:
  163. # cpu: 100m
  164. # memory: 128Mi
  165. persistence:
  166. storageClassName: jumpserver-data # custom
  167. accessModes:
  168. - ReadWriteMany
  169. size: 10Gi
  170. # annotations: {}
  171. finalizers:
  172. - kubernetes.io/pvc-protection
  173. volumeMounts: []
  174. volumes: []
  175. nodeSelector: {}
  176. tolerations: []
  177. affinity: {}
  178. lion:
  179. enabled: true
  180. labels:
  181. app.jumpserver.org/name: jms-lion
  182. config:
  183. log:
  184. level: ERROR
  185. replicaCount: 1
  186. image:
  187. repository: docker.io/jumpserver/lion
  188. tag: v2.13.1
  189. pullPolicy: IfNotPresent
  190. command: []
  191. env: []
  192. livenessProbe:
  193. failureThreshold: 30
  194. httpGet:
  195. path: /lion/health/
  196. port: web
  197. readinessProbe:
  198. failureThreshold: 30
  199. httpGet:
  200. path: /lion/health/
  201. port: web
  202. podSecurityContext: {}
  203. # fsGroup: 2000
  204. securityContext: {}
  205. # capabilities:
  206. # drop:
  207. # - ALL
  208. # readOnlyRootFilesystem: true
  209. # runAsNonRoot: true
  210. # runAsUser: 1000
  211. service:
  212. type: ClusterIP
  213. web:
  214. port: 8081
  215. resources: {}
  216. # We usually recommend not to specify default resources and to leave this as a conscious
  217. # choice for the user. This also increases chances charts run on environments with little
  218. # resources, such as Minikube. If you do want to specify resources, uncomment the following
  219. # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  220. # limits:
  221. # cpu: 100m
  222. # memory: 512Mi
  223. # requests:
  224. # cpu: 100m
  225. # memory: 512Mi
  226. persistence:
  227. storageClassName: jumpserver-data # custom
  228. accessModes:
  229. - ReadWriteMany
  230. size: 10Gi
  231. # annotations: {}
  232. finalizers:
  233. - kubernetes.io/pvc-protection
  234. volumeMounts: []
  235. volumes: []
  236. nodeSelector: {}
  237. tolerations: []
  238. affinity: {}
  239. xpack:
  240. enabled: false # 企业版 xpack, 开源版本修改无效, 请保持默认
  241. omnidb:
  242. labels:
  243. app.jumpserver.org/name: jms-omnidb
  244. config:
  245. log:
  246. level: ERROR
  247. replicaCount: 1
  248. image:
  249. repository: registry.fit2cloud.com/jumpserver/omnidb
  250. tag: v2.13.1
  251. pullPolicy: IfNotPresent
  252. command: []
  253. env: []
  254. livenessProbe:
  255. failureThreshold: 30
  256. tcpSocket:
  257. port: web
  258. readinessProbe:
  259. failureThreshold: 30
  260. tcpSocket:
  261. port: web
  262. podSecurityContext: {}
  263. # fsGroup: 2000
  264. securityContext: {}
  265. # capabilities:
  266. # drop:
  267. # - ALL
  268. # readOnlyRootFilesystem: true
  269. # runAsNonRoot: true
  270. # runAsUser: 1000
  271. service:
  272. type: ClusterIP
  273. web:
  274. port: 8082
  275. ws:
  276. port: 8071
  277. resources: {}
  278. # We usually recommend not to specify default resources and to leave this as a conscious
  279. # choice for the user. This also increases chances charts run on environments with little
  280. # resources, such as Minikube. If you do want to specify resources, uncomment the following
  281. # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  282. # limits:
  283. # cpu: 100m
  284. # memory: 128Mi
  285. # requests:
  286. # cpu: 100m
  287. # memory: 128Mi
  288. persistence:
  289. storageClassName: jumpserver-data
  290. accessModes:
  291. - ReadWriteMany
  292. size: 10Gi
  293. # annotations: {}
  294. finalizers:
  295. - kubernetes.io/pvc-protection
  296. volumeMounts: []
  297. volumes: []
  298. nodeSelector: {}
  299. tolerations: []
  300. affinity: {}
  301. xrdp:
  302. labels:
  303. app.jumpserver.org/name: jms-xrdp
  304. config:
  305. log:
  306. level: ERROR
  307. replicaCount: 1
  308. image:
  309. repository: registry.fit2cloud.com/jumpserver/xrdp
  310. tag: v2.13.1
  311. pullPolicy: IfNotPresent
  312. command: []
  313. env: []
  314. livenessProbe:
  315. failureThreshold: 30
  316. tcpSocket:
  317. port: rdp
  318. readinessProbe:
  319. failureThreshold: 30
  320. tcpSocket:
  321. port: rdp
  322. podSecurityContext: {}
  323. # fsGroup: 2000
  324. securityContext: {}
  325. # capabilities:
  326. # drop:
  327. # - ALL
  328. # readOnlyRootFilesystem: true
  329. # runAsNonRoot: true
  330. # runAsUser: 1000
  331. service:
  332. type: ClusterIP
  333. rdp:
  334. port: 3389
  335. resources: {}
  336. # We usually recommend not to specify default resources and to leave this as a conscious
  337. # choice for the user. This also increases chances charts run on environments with little
  338. # resources, such as Minikube. If you do want to specify resources, uncomment the following
  339. # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  340. # limits:
  341. # cpu: 100m
  342. # memory: 128Mi
  343. # requests:
  344. # cpu: 100m
  345. # memory: 128Mi
  346. persistence:
  347. storageClassName: jumpserver-data
  348. accessModes:
  349. - ReadWriteMany
  350. size: 10Gi
  351. # annotations: {}
  352. finalizers:
  353. - kubernetes.io/pvc-protection
  354. volumeMounts: []
  355. volumes: []
  356. nodeSelector: {}
  357. tolerations: []
  358. affinity: {}
  359. web:
  360. enabled: true
  361. labels:
  362. app.jumpserver.org/name: jms-web
  363. replicaCount: 1
  364. image:
  365. repository: docker.io/jumpserver/web
  366. tag: v2.13.1
  367. pullPolicy: IfNotPresent
  368. command: []
  369. env: []
  370. livenessProbe:
  371. failureThreshold: 30
  372. httpGet:
  373. path: /api/health/
  374. port: web
  375. readinessProbe:
  376. failureThreshold: 30
  377. httpGet:
  378. path: /api/health/
  379. port: web
  380. podSecurityContext: {}
  381. # fsGroup: 2000
  382. securityContext: {}
  383. # capabilities:
  384. # drop:
  385. # - ALL
  386. # readOnlyRootFilesystem: true
  387. # runAsNonRoot: true
  388. # runAsUser: 1000
  389. service:
  390. type: ClusterIP
  391. web:
  392. port: 80
  393. resources: {}
  394. # We usually recommend not to specify default resources and to leave this as a conscious
  395. # choice for the user. This also increases chances charts run on environments with little
  396. # resources, such as Minikube. If you do want to specify resources, uncomment the following
  397. # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  398. # limits:
  399. # cpu: 100m
  400. # memory: 128Mi
  401. # requests:
  402. # cpu: 100m
  403. # memory: 128Mi
  404. persistence:
  405. storageClassName: jumpserver-data
  406. accessModes:
  407. - ReadWriteMany
  408. size: 1Gi
  409. # annotations: {}
  410. finalizers:
  411. - kubernetes.io/pvc-protection
  412. volumeMounts: []
  413. volumes: []
  414. nodeSelector: {}
  415. tolerations: []
  416. affinity: {}
  1. # 安装
  2. helm install jumpserver ./ -n default
  3. # 卸载
  4. helm uninstall jumpserver -n default
  5. # 查看
  6. helm list -n default

源码部署

Allinone

后续的使用请参考 安全建议 快速入门