jms_all版本:v3.8.1
架构模式:
当节点为1时:
部署架构:
sftp功能正常:
当节点为1个以上时:
部署架构:
sftp功能报错:
查看日志:
补充说明:
- sftp功能不能正常使用,但是ssh功能是正常的
- 在两台机器使用jmsctl.sh安装jumpserver并连接到同一数据库时不会出现该问题
补充部署yaml文件:
- jumpserver-svc.yaml:
---
apiVersion: v1
kind: Service
metadata:
name: jumpserver-hs
namespace: jumpserver
labels:
app: jumpserver
spec:
selector:
app: jumpserver
clusterIP: None
ports:
- port: 80
name: jumpserver-web
- port: 2222
name: jumpserver-connect
---
apiVersion: v1
kind: Service
metadata:
name: jumpserver
namespace: jumpserver
labels:
app: jumpserver
spec:
selector:
app: jumpserver
clusterIP: 10.97.2.1
ports:
- port: 80
targetPort: 80
name: jumpserver-web
- port: 2222
targetPort: 2222
name: jumpserver-connect
---
apiVersion: v1
kind: Service
metadata:
name: jumpserver-np
namespace: jumpserver
labels:
app: jumpserver
spec:
selector:
app: jumpserver
type: NodePort
ports:
- port: 80
targetPort: 80
nodePort: 30200
name: jumpserver-web
- port: 2222
targetPort: 2222
nodePort: 30201
name: jumpserver-connect
- jumpserver.yaml
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: jumpserver
namespace: jumpserver
spec:
serviceName: jumpserver-hs
replicas: 2
selector:
matchLabels:
app: jumpserver
template:
metadata:
name: jumpserver
namespace: jumpserver
labels:
app: jumpserver
spec:
# 解决pvc卷覆盖问题
initContainers:
- name: init-jumpserver-1
image: jumpserver/jms_all:v3.8.1
command:
- /bin/sh
- -c
- if [ -z "$(ls -A /temp-volume-core-data)" ]; then cp -R /opt/jumpserver/data/* /temp-volume-core-data/; fi;
volumeMounts:
- name: jumpserver-data
subPath: core-data
mountPath: /temp-volume-core-data
# 解决pvc卷覆盖的问题
- name: init-jumpserver-2
image: jumpserver/jms_all:v3.8.1
command:
- /bin/sh
- -c
- if [ -z "$(ls -A /temp-volume-nginx-log)" ]; then cp -R /var/log/nginx/* /temp-volume-nginx-log/; fi;
volumeMounts:
- name: jumpserver-data
subPath: nginx-log
mountPath: /temp-volume-nginx-log
containers:
- name: jumpserver
image: jumpserver/jms_all:v3.8.1
ports:
- containerPort: 80
- containerPort: 2222
- containerPort: 30000
securityContext:
privileged: true
# 就绪探针
readinessProbe:
httpGet:
path: /api/health
port: 8080
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
failureThreshold: 2
env:
# 自行生成的随机字符串,不能包含特殊字符,长度推荐大于等于50
- name: SECRET_KEY
value: "66666666666666666666666666666666666666666666666666"
# 自行生成的随机字符串,不能包含特殊字符,长度推荐大于等于24
- name: BOOTSTRAP_TOKEN
value: "666666666666666666666666"
# 日志等级,测试环境推荐设置为DEBUG
- name: LOG_LEVEL
value: DEBUG
# mysql地址
- name: DB_HOST
value: "192.xxx.xxx.xxx"
# mysql端口
- name: DB_PORT
value: "30250"
# mysql用户名
- name: DB_USER
value: jumpserver
# mysql密码
- name: DB_PASSWORD
value: jumpserver
# mysql数据库名称
- name: DB_NAME
value: jumpserver
# redis
- name: REDIS_HOST
value: "192.xxx.xxx.xxx"
# 自行生成的随机字符串,不能包含特殊字符,长度推荐大于等于24
- name: REDIS_PORT
value: "30251"
# 自行生成的随机字符串,不能包含特殊字符,长度推荐大于等于50
- name: REDIS_PASSWORD
value: jumpserver
# 防止跨域设置访问地址
- name: DOMAINS
value: 192.xxx.xxx.xxx:30200
# koko lion使用redis共享
# - name: SHARE_ROOM_TYPE
# value: redis
volumeMounts:
# Core持久化目录,存储录像日志
- name: jumpserver-data
subPath: core-data
mountPath: /opt/jumpserver/data
# Koko持久化目录
- name: jumpserver-data
subPath: koko-data
mountPath: /opt/koko/data
# Lion持久化目录
- name: jumpserver-data
subPath: lion-data
mountPath: /opt/lion/data
# Magnus持久化目录
- name: jumpserver-data
subPath: magnus-data
mountPath: /opt/magnus/data
# Kael持久化目录
- name: jumpserver-data
subPath: kael-data
mountPath: /opt/kael/data
# Chen持久化目录
- name: jumpserver-data
subPath: chen-data
mountPath: /opt/chen/data
# Nginx日志持久化目录
- name: jumpserver-data
subPath: nginx-log
mountPath: /var/log/nginx
# ssh密钥持久化目录
- name: jumpserver-data
subPath: ssh-data
mountPath: /root/.ssh
volumeClaimTemplates:
- metadata:
name: jumpserver-data
spec:
accessModes: ["ReadWriteMany"]
storageClassName: managed-nfs-storage-retain
resources:
requests:
storage: 100Gi
