如何在K8s上部署MySQL
简介
jumpserver是一款免费开源的堡垒机,可以帮助企业以更安全的方式管控和登录各种类型的资产。
jumpserver 堡垒机支持事前授权、事中监察、事后审计,满足等保合规要求。
使用helm安装jumpserver
在k8s上部署mysql
由于jumpserver需要使用外部mysql,因此需要自己配置
添加helm源helm repo add bitnami https://charts.bitnami.com/bitnami 下载mysql helm chart
helm fetch bitnami/mysql
tar -xf mysql-9.12.3.tgz[root@node1 jumpserver][root@node1 mysql]chart.lock charts chart.yaml readme.md templates values.schema.json values.yaml 修改其中的values.yaml文件,内容如下
global: imageregistry: imagepullsecrets: [] storageclass: csi-rbd-sc auth: rootpassword: mysql_password createdatabase: true database: jumpserver username: jms password: jms_password livenessprobe: enabled: true initialdelayseconds: 60 periodseconds: 60 timeoutseconds: 10 failurethreshold: 3 successthreshold: 1 readinessprobe: enabled: true initialdelayseconds: 60 periodseconds: 60 timeoutseconds: 10 failurethreshold: 3 successthreshold: 1 startupprobe: enabled: true initialdelayseconds: 60 periodseconds: 60 timeoutseconds: 10 failurethreshold: 10 successthreshold: 1 创建名称空间
创建名称空间kms,后面的服务都部署在该名称空间下
kubectl create ns jms
部署mysql
helm install jms-mysql . -f values.yaml -n jms在k8s上部署redis 由于jumpserver需要使用外部redis,因此也需要自己配置
下载redis helm chart
helm fetch bitnami/redis
tar -xf redis-18.0.4.tgz[root@node1 jumpserver][root@node1 redis]chart.lock charts chart.yaml img readme.md templates values.schema.json values.yaml 修改values.yaml文件内容如下
global: imageregistry: imagepullsecrets: [] storageclass: csi-rbd-sc redis: password: redis_password应用charthelm install jms-redis . -f values.yaml -n jms 查看pod
[root@node1 redis]name ready status restarts agejms-mysql-0 1/1 running 0 14mjms-redis-master-0 1/1 running 0 3m5sjms-redis-replicas-0 1/1 running 0 3m5sjms-redis-replicas-1 1/1 running 0 119sjms-redis-replicas-2 1/1 running 0 77s 部署jumpserver
添加helm源
helm repo add jumpserver https://jumpserver.github.io/helm-charts
搜索jumpserver helm chart
[root@node1 jumpserver]name chart version app version description jumpserver/jumpserver 3.8.1 v3.8.1 a helm chart for deploying jumpserver on kubern... 下载helm chart 以便修改其中的values.yml
helm fetch jumpserver/jumpserver
如果上一步下载网速慢无法下载的话可以克隆github项目
git clone https://github.com/jumpserver/helm-charts.git
修改values.yaml
[root@node1 jumpserver]/root/jumpserver/helm-charts/charts/jumpserver[root@node1 jumpserver]chart.yaml configs readme.md templates values.yaml 修改values.yaml内容如下
[root@node1 ~]2c8jbqposnkb2pc1igkfwmhwywg0xyaykcpiaeo8pcchaixbih[root@node1 ~]wf3nsidtggto22cunwbrv808global: imageregistry: docker.io imagetag: v3.8.1 imagepullsecrets: [] storageclass: csi-rbd-sc externaldatabase: engine: mysql host: jms-mysql port: 3306 user: jms password: jms_password database: jumpserverexternalredis: host: localhost port: 6379 password: redis_passwordcore: enabled: true labels: app.jumpserver.org/name: jms-core config: secretkey: 2c8jbqposnkb2pc1igkfwmhwywg0xyaykcpiaeo8pcchaixbih bootstraptoken: wf3nsidtggto22cunwbrv808 accessmodes: - readwriteonce 应用chart
该步骤时间可能会较长
helm install jumpserver . -f values.yaml -n jms
查看pod
[root@node1 ~]name type cluster-ip external-ip port(s) agejms-mysql clusterip 10.96.211.71 3306/tcp 146mjms-mysql-headless clusterip none 3306/tcp 146mjms-redis-headless clusterip none 6379/tcp 135mjms-redis-master clusterip 10.96.40.37 6379/tcp 135mjms-redis-replicas clusterip 10.96.237.101 6379/tcp 135mjumpserver-jms-chen clusterip 10.96.66.253 8082/tcp 31mjumpserver-jms-core clusterip 10.96.204.210 8080/tcp 31mjumpserver-jms-kael clusterip 10.96.236.163 8083/tcp 31mjumpserver-jms-koko clusterip 10.96.68.28 5000/tcp,2222/tcp 31mjumpserver-jms-lion clusterip 10.96.26.169 8081/tcp 31mjumpserver-jms-magnus clusterip 10.96.238.16 33061/tcp,33062/tcp,63790/tcp 31mjumpserver-jms-web clusterip 10.96.209.160 80/tcp 31m 查看service
[root@node1 ~]name type cluster-ip external-ip port(s) agejms-mysql clusterip 10.96.211.71 3306/tcp 131mjms-mysql-headless clusterip none 3306/tcp 131mjms-redis-headless clusterip none 6379/tcp 120mjms-redis-master clusterip 10.96.40.37 6379/tcp 120mjms-redis-replicas clusterip 10.96.237.101 6379/tcp 120mjumpserver-jms-chen clusterip 10.96.66.253 8082/tcp 16mjumpserver-jms-core clusterip 10.96.204.210 8080/tcp 16mjumpserver-jms-kael clusterip 10.96.236.163 8083/tcp 16mjumpserver-jms-koko clusterip 10.96.68.28 5000/tcp,2222/tcp 16mjumpserver-jms-lion clusterip 10.96.26.169 8081/tcp 16mjumpserver-jms-magnus clusterip 10.96.238.16 33061/tcp,33062/tcp,63790/tcp 16mjumpserver-jms-web clusterip 10.96.209.160 80/tcp 16m 使用istio暴露jumpserver web服务
创建gatewayapiversion: networking.istio.io/v1beta1kind: gatewaymetadata: name: jumpserver-gateway namespace: istio-systemspec: selector: app: istio-ingressgateway servers: - port: number: 80 name: http protocol: http hosts: - jumpserver.myk8s.cn应用yaml文件kubectl apply -f jumpserver-gateway.yaml创建virtualserviceapiversion: networking.istio.io/v1beta1kind: virtualservicemetadata: name: jumpserver-virtualservice namespace: jmsspec: hosts: - jumpserver.myk8s.cn gateways: - istio-system/jumpserver-gateway http: - match: - uri: prefix: / route: - destination: host: jumpserver-jms-web port: number: 80应用yaml文件[root@node1 jumpserver]virtualservice.networking.istio.io/jumpserver-virtualservice created 测试
查看istio ingressgateway的external-ip
[root@node1 jumpserver]name type cluster-ip external-ip port(s) agegrafana clusterip 10.96.234.93 3000/tcp 13distio-egressgateway clusterip 10.96.24.219 80/tcp,443/tcp 14distio-ingressgateway loadbalancer 10.96.174.147 192.168.0.111,192.168.0.222 15021:31848/tcp,80:31657/tcp,20001:31775/tcp,443:30425/tcp,31400:31780/tcp,15443:30671/tcp 14distiod clusterip 10.96.49.69 15010/tcp,15012/tcp,443/tcp,15014/tcp 14djaeger-collector clusterip 10.96.63.79 14268/tcp,14250/tcp,9411/tcp,4317/tcp,4318/tcp 13dkiali clusterip 10.96.202.30 20001/tcp,9090/tcp 13dloki-headless clusterip none 3100/tcp 13dprometheus clusterip 10.96.109.177 9090/tcp 13dtracing clusterip 10.96.141.120 80/tcp,16685/tcp 13dzipkin clusterip 10.96.225.164 9411/tcp 13d 在需要访问jumpserver服务的主机上修改hosts,将jumpserver.myk8s.cn解析为external-ip地址,这里解析为192.168.0.111
访问服务
虫情测报灯的作用是什么
AMD技术转型模式处理方案
如何判断发电机调节器是否为坏掉状态
简述医用红外测温仪的工作原理
新能源车保险的三个注意点
如何在K8s上部署MySQL
大族激光如何建立自身的核心竞争力和护城河,应对市场的挑战和竞争?
全自动清洁机器人 使用时长是普通清洁机器人的三倍
怎么样才能减少网络安全对人工智能在数据中心的影响?
Java代码编写技巧
欧盟与ACEA达成协议,共同发展智能网联交通
NFC刷卡手机支付优缺点
三星有望在今年IFA大展上亮相推出Galaxy Tab Active Pro
Tdk-lambda公司推出1x1吋的15W DC-DC转换
调谐中频放大器应用
Android4.4的SELinux即将从授权模式更改为强制模式你能使用的习惯吗
三相异步电动常见故障的判断及常见故障的解决处理方法
Qorvo推出行业首款集成前端模块Wi-Fi 6 iFEM
全栈工程师在生活中的真实状态
南亚科通过今年资本支出预算案 92亿新台币上限较去年增幅31.4%
jumpserver是一款免费开源的堡垒机,可以帮助企业以更安全的方式管控和登录各种类型的资产。
jumpserver 堡垒机支持事前授权、事中监察、事后审计,满足等保合规要求。
使用helm安装jumpserver
在k8s上部署mysql
由于jumpserver需要使用外部mysql,因此需要自己配置
添加helm源helm repo add bitnami https://charts.bitnami.com/bitnami 下载mysql helm chart
helm fetch bitnami/mysql
tar -xf mysql-9.12.3.tgz[root@node1 jumpserver][root@node1 mysql]chart.lock charts chart.yaml readme.md templates values.schema.json values.yaml 修改其中的values.yaml文件,内容如下
global: imageregistry: imagepullsecrets: [] storageclass: csi-rbd-sc auth: rootpassword: mysql_password createdatabase: true database: jumpserver username: jms password: jms_password livenessprobe: enabled: true initialdelayseconds: 60 periodseconds: 60 timeoutseconds: 10 failurethreshold: 3 successthreshold: 1 readinessprobe: enabled: true initialdelayseconds: 60 periodseconds: 60 timeoutseconds: 10 failurethreshold: 3 successthreshold: 1 startupprobe: enabled: true initialdelayseconds: 60 periodseconds: 60 timeoutseconds: 10 failurethreshold: 10 successthreshold: 1 创建名称空间
创建名称空间kms,后面的服务都部署在该名称空间下
kubectl create ns jms
部署mysql
helm install jms-mysql . -f values.yaml -n jms在k8s上部署redis 由于jumpserver需要使用外部redis,因此也需要自己配置
下载redis helm chart
helm fetch bitnami/redis
tar -xf redis-18.0.4.tgz[root@node1 jumpserver][root@node1 redis]chart.lock charts chart.yaml img readme.md templates values.schema.json values.yaml 修改values.yaml文件内容如下
global: imageregistry: imagepullsecrets: [] storageclass: csi-rbd-sc redis: password: redis_password应用charthelm install jms-redis . -f values.yaml -n jms 查看pod
[root@node1 redis]name ready status restarts agejms-mysql-0 1/1 running 0 14mjms-redis-master-0 1/1 running 0 3m5sjms-redis-replicas-0 1/1 running 0 3m5sjms-redis-replicas-1 1/1 running 0 119sjms-redis-replicas-2 1/1 running 0 77s 部署jumpserver
添加helm源
helm repo add jumpserver https://jumpserver.github.io/helm-charts
搜索jumpserver helm chart
[root@node1 jumpserver]name chart version app version description jumpserver/jumpserver 3.8.1 v3.8.1 a helm chart for deploying jumpserver on kubern... 下载helm chart 以便修改其中的values.yml
helm fetch jumpserver/jumpserver
如果上一步下载网速慢无法下载的话可以克隆github项目
git clone https://github.com/jumpserver/helm-charts.git
修改values.yaml
[root@node1 jumpserver]/root/jumpserver/helm-charts/charts/jumpserver[root@node1 jumpserver]chart.yaml configs readme.md templates values.yaml 修改values.yaml内容如下
[root@node1 ~]2c8jbqposnkb2pc1igkfwmhwywg0xyaykcpiaeo8pcchaixbih[root@node1 ~]wf3nsidtggto22cunwbrv808global: imageregistry: docker.io imagetag: v3.8.1 imagepullsecrets: [] storageclass: csi-rbd-sc externaldatabase: engine: mysql host: jms-mysql port: 3306 user: jms password: jms_password database: jumpserverexternalredis: host: localhost port: 6379 password: redis_passwordcore: enabled: true labels: app.jumpserver.org/name: jms-core config: secretkey: 2c8jbqposnkb2pc1igkfwmhwywg0xyaykcpiaeo8pcchaixbih bootstraptoken: wf3nsidtggto22cunwbrv808 accessmodes: - readwriteonce 应用chart
该步骤时间可能会较长
helm install jumpserver . -f values.yaml -n jms
查看pod
[root@node1 ~]name type cluster-ip external-ip port(s) agejms-mysql clusterip 10.96.211.71 3306/tcp 146mjms-mysql-headless clusterip none 3306/tcp 146mjms-redis-headless clusterip none 6379/tcp 135mjms-redis-master clusterip 10.96.40.37 6379/tcp 135mjms-redis-replicas clusterip 10.96.237.101 6379/tcp 135mjumpserver-jms-chen clusterip 10.96.66.253 8082/tcp 31mjumpserver-jms-core clusterip 10.96.204.210 8080/tcp 31mjumpserver-jms-kael clusterip 10.96.236.163 8083/tcp 31mjumpserver-jms-koko clusterip 10.96.68.28 5000/tcp,2222/tcp 31mjumpserver-jms-lion clusterip 10.96.26.169 8081/tcp 31mjumpserver-jms-magnus clusterip 10.96.238.16 33061/tcp,33062/tcp,63790/tcp 31mjumpserver-jms-web clusterip 10.96.209.160 80/tcp 31m 查看service
[root@node1 ~]name type cluster-ip external-ip port(s) agejms-mysql clusterip 10.96.211.71 3306/tcp 131mjms-mysql-headless clusterip none 3306/tcp 131mjms-redis-headless clusterip none 6379/tcp 120mjms-redis-master clusterip 10.96.40.37 6379/tcp 120mjms-redis-replicas clusterip 10.96.237.101 6379/tcp 120mjumpserver-jms-chen clusterip 10.96.66.253 8082/tcp 16mjumpserver-jms-core clusterip 10.96.204.210 8080/tcp 16mjumpserver-jms-kael clusterip 10.96.236.163 8083/tcp 16mjumpserver-jms-koko clusterip 10.96.68.28 5000/tcp,2222/tcp 16mjumpserver-jms-lion clusterip 10.96.26.169 8081/tcp 16mjumpserver-jms-magnus clusterip 10.96.238.16 33061/tcp,33062/tcp,63790/tcp 16mjumpserver-jms-web clusterip 10.96.209.160 80/tcp 16m 使用istio暴露jumpserver web服务
创建gatewayapiversion: networking.istio.io/v1beta1kind: gatewaymetadata: name: jumpserver-gateway namespace: istio-systemspec: selector: app: istio-ingressgateway servers: - port: number: 80 name: http protocol: http hosts: - jumpserver.myk8s.cn应用yaml文件kubectl apply -f jumpserver-gateway.yaml创建virtualserviceapiversion: networking.istio.io/v1beta1kind: virtualservicemetadata: name: jumpserver-virtualservice namespace: jmsspec: hosts: - jumpserver.myk8s.cn gateways: - istio-system/jumpserver-gateway http: - match: - uri: prefix: / route: - destination: host: jumpserver-jms-web port: number: 80应用yaml文件[root@node1 jumpserver]virtualservice.networking.istio.io/jumpserver-virtualservice created 测试
查看istio ingressgateway的external-ip
[root@node1 jumpserver]name type cluster-ip external-ip port(s) agegrafana clusterip 10.96.234.93 3000/tcp 13distio-egressgateway clusterip 10.96.24.219 80/tcp,443/tcp 14distio-ingressgateway loadbalancer 10.96.174.147 192.168.0.111,192.168.0.222 15021:31848/tcp,80:31657/tcp,20001:31775/tcp,443:30425/tcp,31400:31780/tcp,15443:30671/tcp 14distiod clusterip 10.96.49.69 15010/tcp,15012/tcp,443/tcp,15014/tcp 14djaeger-collector clusterip 10.96.63.79 14268/tcp,14250/tcp,9411/tcp,4317/tcp,4318/tcp 13dkiali clusterip 10.96.202.30 20001/tcp,9090/tcp 13dloki-headless clusterip none 3100/tcp 13dprometheus clusterip 10.96.109.177 9090/tcp 13dtracing clusterip 10.96.141.120 80/tcp,16685/tcp 13dzipkin clusterip 10.96.225.164 9411/tcp 13d 在需要访问jumpserver服务的主机上修改hosts,将jumpserver.myk8s.cn解析为external-ip地址,这里解析为192.168.0.111
访问服务
虫情测报灯的作用是什么
AMD技术转型模式处理方案
如何判断发电机调节器是否为坏掉状态
简述医用红外测温仪的工作原理
新能源车保险的三个注意点
如何在K8s上部署MySQL
大族激光如何建立自身的核心竞争力和护城河,应对市场的挑战和竞争?
全自动清洁机器人 使用时长是普通清洁机器人的三倍
怎么样才能减少网络安全对人工智能在数据中心的影响?
Java代码编写技巧
欧盟与ACEA达成协议,共同发展智能网联交通
NFC刷卡手机支付优缺点
三星有望在今年IFA大展上亮相推出Galaxy Tab Active Pro
Tdk-lambda公司推出1x1吋的15W DC-DC转换
调谐中频放大器应用
Android4.4的SELinux即将从授权模式更改为强制模式你能使用的习惯吗
三相异步电动常见故障的判断及常见故障的解决处理方法
Qorvo推出行业首款集成前端模块Wi-Fi 6 iFEM
全栈工程师在生活中的真实状态
南亚科通过今年资本支出预算案 92亿新台币上限较去年增幅31.4%