如何在K8s上部署MySQL
描述
简介
JumpServer是一款免费开源的堡垒机,可以帮助企业以更安全的方式管控和登录各种类型的资产。
JumpServer 堡垒机支持事前授权、事中监察、事后审计,满足等保合规要求。
使用Helm安装JumpServer
在K8s上部署MySQL
由于JumpServer需要使用外部MySQL,因此需要自己配置
添加Helm源 helm repo add bitnami https://charts.bitnami.com/bitnami
下载MySQL Helm Chart
helm fetch bitnami/mysql
tar -xf mysql-9.12.3.tgz [root@node1 jumpserver] [root@node1 mysql] Chart.lock charts Chart.yaml README.md templates values.schema.json values.yaml
修改其中的values.yaml文件,内容如下
global:
imageRegistry: ""
imagePullSecrets: []
storageClass: "csi-rbd-sc"
auth:
rootPassword: "mysql_password"
createDatabase: true
database: "jumpserver"
username: "jms"
password: "jms_password"
livenessProbe:
enabled: true
initialDelaySeconds: 60
periodSeconds: 60
timeoutSeconds: 10
failureThreshold: 3
successThreshold: 1
readinessProbe:
enabled: true
initialDelaySeconds: 60
periodSeconds: 60
timeoutSeconds: 10
failureThreshold: 3
successThreshold: 1
startupProbe:
enabled: true
initialDelaySeconds: 60
periodSeconds: 60
timeoutSeconds: 10
failureThreshold: 10
successThreshold: 1
创建名称空间
创建名称空间kms,后面的服务都部署在该名称空间下
kubectl create ns jms
部署MySQL
helm install jms-mysql . -f values.yaml -n jms
在k8s上部署redis
由于JumpServer需要使用外部redis,因此也需要自己配置
下载Redis Helm Chart
helm fetch bitnami/redis
tar -xf redis-18.0.4.tgz [root@node1 jumpserver] [root@node1 redis] Chart.lock charts Chart.yaml img README.md templates values.schema.json values.yaml
修改values.yaml文件内容如下
global:
imageRegistry: ""
imagePullSecrets: []
storageClass: "csi-rbd-sc"
redis:
password: "redis_password"
应用Chart
helm install jms-redis . -f values.yaml -n jms
查看Pod
[root@node1 redis] NAME READY STATUS RESTARTS AGE jms-mysql-0 1/1 Running 0 14m jms-redis-master-0 1/1 Running 0 3m5s jms-redis-replicas-0 1/1 Running 0 3m5s jms-redis-replicas-1 1/1 Running 0 119s jms-redis-replicas-2 1/1 Running 0 77s
部署JumpServer
添加Helm源
helm repo add jumpserver https://jumpserver.github.io/helm-charts
搜索JumpServer Helm Chart
[root@node1 jumpserver] NAME CHART VERSION APP VERSION DESCRIPTION jumpserver/jumpserver 3.8.1 v3.8.1 A Helm chart for Deploying Jumpserver on K
ubern...
下载Helm Chart 以便修改其中的values.yml
helm fetch jumpserver/jumpserver
如果上一步下载网速慢无法下载的话可以克隆github项目
git clone https://github.com/jumpserver/helm-charts.git
修改values.yaml
[root@node1 jumpserver] /root/jumpserver/helm-charts/charts/jumpserver [root@node1 jumpserver] Chart.yaml configs README.md templates values.yaml
修改values.yaml内容如下
[root@node1 ~]
2c8jbQPosNKb2pC1iGkFwMHwYwg0XYaykCPiAeO8PccHAixbih
[root@node1 ~]
wF3NSIDTGGtO22cUNwBRV808
global:
imageRegistry: "docker.io"
imageTag: v3.8.1
imagePullSecrets: []
storageClass: "csi-rbd-sc"
externalDatabase:
engine: mysql
host: jms-mysql
port: 3306
user: jms
password: "jms_password"
database: jumpserver
externalRedis:
host: localhost
port: 6379
password: "redis_password"
core:
enabled: true
labels:
app.jumpserver.org/name: jms-core
config:
secretKey: "2c8jbQPosNKb2pC1iGkFwMHwYwg0XYaykCPiAeO8PccHAixbih"
bootstrapToken: "wF3NSIDTGGtO22cUNwBRV808"
accessModes:
- ReadWriteOnce
应用Chart
该步骤时间可能会较长
helm install jumpserver . -f values.yaml -n jms
查看Pod
[root@node1 ~] NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE jms-mysql ClusterIP 10.96.211.713306/TCP 146m jms-mysql-headless ClusterIP None 3306/TCP 146m jms-redis-headless ClusterIP None 6379/TCP 135m jms-redis-master ClusterIP 10.96.40.37 6379/TCP 135m jms-redis-replicas ClusterIP 10.96.237.101 6379/TCP 135m jumpserver-jms-chen ClusterIP 10.96.66.253 8082/TCP 31m jumpserver-jms-core ClusterIP 10.96.204.210 8080/TCP 31m jumpserver-jms-kael ClusterIP 10.96.236.163 8083/TCP 31m jumpserver-jms-koko ClusterIP 10.96.68.28 5000/TCP,2222/TCP 31m jumpserver-jms-lion ClusterIP 10.96.26.169 8081/TCP 31m jumpserver-jms-magnus ClusterIP 10.96.238.16 33061/TCP,33062/TCP,63790/TCP 31m jumpserver-jms-web ClusterIP 10.96.209.160 80/TCP
31m
查看service
[root@node1 ~] NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE jms-mysql ClusterIP 10.96.211.713306/TCP 131m jms-mysql-headless ClusterIP None 3306/TCP 131m jms-redis-headless ClusterIP None 6379/TCP 120m jms-redis-master ClusterIP 10.96.40.37 6379/TCP 120m jms-redis-replicas ClusterIP 10.96.237.101 6379/TCP 120m jumpserver-jms-chen ClusterIP 10.96.66.253 8082/TCP 16m jumpserver-jms-core ClusterIP 10.96.204.210 8080/TCP 16m jumpserver-jms-kael ClusterIP 10.96.236.163 8083/TCP 16m jumpserver-jms-koko ClusterIP 10.96.68.28 5000/TCP,2222/TCP 16m jumpserver-jms-lion ClusterIP 10.96.26.169 8081/TCP 16m jumpserver-jms-magnus ClusterIP 10.96.238.16 33061/TCP,33062/TCP,63790/TCP 16m jumpserver-jms-web ClusterIP 10.96.209.160 80/TCP
16m
使用Istio暴露jumpserver web服务
创建gateway
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: jumpserver-gateway
namespace: istio-system
spec:
selector:
app: istio-ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "jumpserver.myk8s.cn"
应用yaml文件
kubectl apply -f jumpserver-gateway.yaml
创建VirtualService
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: jumpserver-virtualservice
namespace: jms
spec:
hosts:
- "jumpserver.myk8s.cn"
gateways:
- istio-system/jumpserver-gateway
http:
- match:
- uri:
prefix: /
route:
- destination:
host: jumpserver-jms-web
port:
number: 80
应用yaml文件
[root@node1 jumpserver]
virtualservice.networking.istio.io/jumpserver-virtualservice created
测试
查看istio ingressgateway的external-ip
[root@node1 jumpserver] NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE grafana ClusterIP 10.96.234.933000/TCP 13d istio-egressgateway ClusterIP 10.96.24.219 80/TCP,443/TCP 14d istio-ingressgateway LoadBalancer 10.96.174.147 192.168.0.111,192.168.0.222 15021:31848/TCP,80:31657/TCP,20001:31775/TCP,443:30425/TCP,31400:31780/TCP,15443:30671/TCP 14d istiod ClusterIP 10.96.49.69 15010/TCP,15012/TCP,443/TCP,15014/TCP 14d jaeger-collector ClusterIP 10.96.63.79 14268/TCP,14250/TCP,9411/TCP,4317/TCP,4318/TCP 13d kiali ClusterIP 10.96.202.30 20001/TCP,9090/TCP 13d loki-headless ClusterIP None 3100/TCP 13d prometheus ClusterIP 10.96.109.177 9090/TCP 13d tracing ClusterIP 10.96.141.120 80/TCP,16685/TCP 13d zipkin ClusterIP 10.96.225.164 9411/TCP
13d
在需要访问jumpserver服务的主机上修改hosts,将jumpserver.myk8s.cn解析为external-ip地址,这里解析为192.168.0.111
访问服务
审核编辑:黄飞
声明:本文内容及配图由入驻作者撰写或者入驻合作网站授权转载。文章观点仅代表作者本人,不代表电子发烧友网立场。文章及其配图仅供工程师学习之用,如有内容侵权或者其他违规问题,请联系本站处理。
举报投诉
-
全面提升,阿里云Docker/Kubernetes(K8S) 日志解决方案与选型对比2018-02-28 0
-
OpenStack与K8s结合的两种方案的详细介绍和比较2018-10-14 27323
-
Docker不香吗为什么还要用K8s2021-06-02 3445
-
简单说明k8s和Docker之间的关系2021-06-24 3416
-
K8S集群服务访问失败怎么办 K8S故障处理集锦2021-09-01 15703
-
K8S(kubernetes)学习指南2022-06-29 574
-
mysql部署在k8s上的实现方案2022-09-26 2513
-
k8s是什么意思?kubeadm部署k8s集群(k8s部署)|PetaExpres2023-07-19 1116
-
什么是K3s和K8s?K3s和K8s有什么区别?2023-08-03 7561
-
k8s生态链包含哪些技术2023-08-07 1242
-
k8s架构篇:服务部署模式是如何变迁的2023-10-15 654
-
K8S落地实践经验分享2024-01-02 1163
-
k8s可以部署私有云吗?私有云部署全攻略2024-10-25 168
-
混合云部署k8s集群方法有哪些?2024-11-07 150
-
k8s和docker区别对比,哪个更强?2024-12-11 103
全部0条评论
快来发表一下你的评论吧 !
