BestHub
Sign in
Cloud Native 9 min read

Deploy JumpServer on Kubernetes with Helm, MySQL, Redis, and Istio

This guide walks through installing the open‑source JumpServer bastion host on a Kubernetes cluster using Helm, configuring external MySQL and Redis databases, customizing Helm values, and exposing the web UI through an Istio gateway for secure access.

MaGe Linux Operations
MaGe Linux Operations
MaGe Linux Operations
Deploy JumpServer on Kubernetes with Helm, MySQL, Redis, and Istio

Introduction

JumpServer is a free, open‑source bastion host that helps enterprises securely manage and log into various assets.

It supports pre‑authorization, real‑time monitoring, and post‑audit to meet compliance requirements.

Install JumpServer with Helm

Deploy MySQL on K8s

JumpServer requires an external MySQL instance, so you must set it up first.

helm repo add bitnami https://charts.bitnami.com/bitnami
helm fetch bitnami/mysql
tar -xf mysql-9.12.3.tgz
# Edit values.yaml (excerpt)
global:
  imageRegistry: ""
  imagePullSecrets: []
  storageClass: "csi-rbd-sc"
auth:
  rootPassword: "mysql_password"
  createDatabase: true
  database: "jumpserver"
  username: "jms"
  password: "jms_password"
livenessProbe:
  enabled: true
  initialDelaySeconds: 60
  periodSeconds: 60
  timeoutSeconds: 10
  failureThreshold: 3
  successThreshold: 1
readinessProbe:
  enabled: true
  initialDelaySeconds: 60
  periodSeconds: 60
  timeoutSeconds: 10
  failureThreshold: 3
  successThreshold: 1
startupProbe:
  enabled: true
  initialDelaySeconds: 60
  periodSeconds: 60
  timeoutSeconds: 10
  failureThreshold: 10
  successThreshold: 1
kubectl create ns jms
helm install jms-mysql . -f values.yaml -n jms

Deploy Redis on K8s

JumpServer also needs an external Redis instance.

helm fetch bitnami/redis
tar -xf redis-18.0.4.tgz
# Edit values.yaml (excerpt)
global:
  imageRegistry: ""
  imagePullSecrets: []
  storageClass: "csi-rbd-sc"
redis:
  password: "redis_password"
helm install jms-redis . -f values.yaml -n jms

Verify Pods

NAME                     READY   STATUS    RESTARTS   AGE
jms-mysql-0              1/1     Running   0          14m
jms-redis-master-0      1/1     Running   0          3m5s
jms-redis-replicas-0     1/1     Running   0          3m5s
jms-redis-replicas-1     1/1     Running   0          119s
jms-redis-replicas-2     1/1     Running   0          77s

Deploy JumpServer

Add Helm Repository

helm repo add jumpserver https://jumpserver.github.io/helm-charts
helm search repo jumpserver
NAME                CHART VERSION   APP VERSION   DESCRIPTION
jumpserver/jumpserver   3.8.1          v3.8.1        A Helm chart for Deploying JumpServer on K8s
# If the chart download is slow, clone the repo instead
git clone https://github.com/jumpserver/helm-charts.git

Modify values.yaml

global:
  imageRegistry: "docker.io"
  imageTag: v3.8.1
  imagePullSecrets: []
  storageClass: "csi-rbd-sc"
externalDatabase:
  engine: mysql
  host: jms-mysql
  port: 3306
  user: jms
  password: "jms_password"
  database: jumpserver
externalRedis:
  host: localhost
  port: 6379
  password: "redis_password"
core:
  enabled: true
  labels:
    app.jumpserver.org/name: jms-core
  config:
    secretKey: "2c8jbQPosNKb2pC1iGkFwMHwYwg0XYaykCPiAeO8PccHAixbih"
    bootstrapToken: "wF3NSIDTGGtO22cUNwBRV808"
accessModes:
  - ReadWriteOnce

Apply the Chart

helm install jumpserver . -f values.yaml -n jms

Check Services

NAME                     TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                         AGE
jms-mysql               ClusterIP   10.96.211.71    <none>        3306/TCP                        146m
jms-redis-master        ClusterIP   10.96.40.37     <none>        6379/TCP                        135m
jumpserver-jms-web      ClusterIP   10.96.209.160   <none>        80/TCP                         31m

Expose JumpServer Web UI with Istio

Create an Istio Gateway:

apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: jumpserver-gateway
  namespace: istio-system
spec:
  selector:
    app: istio-ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "jumpserver.myk8s.cn"
kubectl apply -f jumpserver-gateway.yaml

Create a VirtualService:

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: jumpserver-virtualservice
  namespace: jms
spec:
  hosts:
  - "jumpserver.myk8s.cn"
  gateways:
  - istio-system/jumpserver-gateway
  http:
  - match:
    - uri:
        prefix: "/"
    route:
    - destination:
        host: jumpserver-jms-web
        port:
          number: 80
kubectl apply -f jumpserver-virtualservice.yaml

Find the external IP of the Istio ingressgateway and add a host entry on the client machine:

# Example external IP: 192.168.0.111
# Add to /etc/hosts
192.168.0.111   jumpserver.myk8s.cn

After updating DNS, access the JumpServer UI via the configured domain.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

Cloud NativeKubernetesRedismysqlIstiohelmJumpServer
MaGe Linux Operations
Written by

MaGe Linux Operations

Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment