K8s/Nexus: Difference between revisions
Jump to navigation
Jump to search
| (17 intermediate revisions by the same user not shown) | |||
| Line 24: | Line 24: | ||
kubectl config get-contexts | kubectl config get-contexts | ||
kubectl config view | kubectl config view | ||
</syntaxhighlight> | |||
|} | |||
==K8s » MinIO== | |||
{|class='wikitable mw-collapsible mw-collapsed' | |||
!scope='col' style='width:1000px'| | |||
K8s » MinIO | |||
|- | |||
|valign='top'| | |||
<syntaxhighlight lang="bash"> | |||
cat << EXE | bash | |||
mc ready s3_minio_shahed_shahed_biz_admin | |||
mc ping -c=3 s3_minio_shahed_shahed_biz_admin | |||
mc admin info s3_minio_shahed_shahed_biz_admin | |||
mc mb s3_minio_shahed_shahed_biz_admin/shahed-ae-nexus-docker-group | |||
mc mb s3_minio_shahed_shahed_biz_admin/shahed-ae-nexus-docker-private | |||
mc ls s3_minio_shahed_shahed_biz_admin --json | jq -r '.key|sub("/$"; "")' | |||
EXE | |||
</syntaxhighlight> | |||
|- | |||
!scope='col'| | |||
K8s » MinIO » Policy | |||
|- | |||
|valign='top'| | |||
<syntaxhighlight lang="yaml"> | |||
yq -o=json <<'YML'| \ | |||
mc admin policy create s3_minio_shahed_shahed_biz_admin shahed-ae-nexus-rw /dev/stdin | |||
--- | |||
Version: "2012-10-17" | |||
Statement: | |||
- Effect: Allow | |||
Action: | |||
- s3:* | |||
Resource: | |||
- arn:aws:s3:::shahed-ae-nexus-docker-group | |||
- arn:aws:s3:::shahed-ae-nexus-docker-private | |||
YML | |||
</syntaxhighlight> | |||
---- | |||
<syntaxhighlight lang="bash"> | |||
mc admin policy ls s3_minio_shahed_shahed_biz_admin --json|jq -r '.policy' | |||
mc admin policy info s3_minio_shahed_shahed_biz_admin shahed-ae-nexus-rw --json|jq -r | |||
</syntaxhighlight> | |||
|- | |||
!scope='col'| | |||
K8s » MinIO » Service Account | |||
|- | |||
|valign='top'| | |||
<syntaxhighlight lang="bash"> | |||
mc admin policy info s3_minio_shahed_shahed_biz_admin shahed-ae-nexus-rw --json|jq -r '.policyInfo.Policy'|\ | |||
mc admin user svcacct add s3_minio_shahed_shahed_biz_admin admin \ | |||
--description 'shahed-ae-nexus-rw' \ | |||
--name shahed-ae-nexus-rw \ | |||
--policy /dev/stdin | |||
:' | |||
Access Key: 3BD9PQS397ZLN8YLCZM7 | |||
Expiration: no-expiry | |||
' | |||
</syntaxhighlight> | |||
---- | |||
<syntaxhighlight lang="bash"> | |||
mc admin policy info s3_minio_shahed_shahed_biz_admin shahed-ae-nexus-rw --json|jq -r '.policyInfo.Policy'|\ | |||
mc admin user svcacct edit s3_minio_shahed_shahed_biz_admin/ '3BD9PQS397ZLN8YLCZM7' \ | |||
--policy /dev/stdin | |||
:' | |||
Edited service account `3BD9PQS397ZLN8YLCZM7` successfully. | |||
' | |||
</syntaxhighlight> | |||
---- | |||
<syntaxhighlight lang="bash"> | |||
mc admin user svcacct disable s3_minio_shahed_shahed_biz_admin '3BD9PQS397ZLN8YLCZM7' | |||
mc admin user svcacct enable s3_minio_shahed_shahed_biz_admin '3BD9PQS397ZLN8YLCZM7' | |||
</syntaxhighlight> | |||
---- | |||
<syntaxhighlight lang="bash"> | |||
mc admin user svcacct ls s3_minio_shahed_shahed_biz_admin admin | |||
mc admin user svcacct ls s3_minio_shahed_shahed_biz_admin admin --json|jq -r '.accessKey' | |||
</syntaxhighlight> | |||
|- | |||
!scope='col'| | |||
K8s » MinIO » Service Account » Debug | |||
|- | |||
|valign='top'| | |||
<syntaxhighlight lang="bash"> | |||
echo -n 'SecretKey: ';read -s MC_SECRET_KEY;export MC_SECRET_KEY;echo | |||
# SecretKey: TkbFQXTXZjYquDhzfdFBUyguZF15s0W+OYrb3LXQ | |||
mc alias set shahed_ae_nexus_admin https://s3.minio.shahed.shahed.biz '3BD9PQS397ZLN8YLCZM7' ${MC_SECRET_KEY} | |||
mc ping shahed_ae_nexus_admin -c=3 | |||
mc ls shahed_ae_nexus_admin | |||
mc alias rm shahed_ae_nexus_admin | |||
</syntaxhighlight> | </syntaxhighlight> | ||
|} | |} | ||
==K8s » Storage== | ==K8s » Storage== | ||
{|class='wikitable mw-collapsible | {|class='wikitable mw-collapsible' | ||
!scope='col' colspan='2' style='width:1000px'| | !scope='col' colspan='2' style='width:1000px'| | ||
K8s » Storage | K8s » Storage | ||
| Line 36: | Line 127: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
cat <<'EXE'| sudo bash | cat <<'EXE'| sudo bash | ||
mkdir -p /var/minikube/pvc/nexus/data-nexus-0/ | mkdir -p /var/minikube/pvc/nexus/data-nexus-0/log/jvm/ | ||
chown -R 200:200 /var/minikube/pvc/nexus/ | chown -R 200:200 /var/minikube/pvc/nexus/ | ||
chmod -R 750 /var/minikube/pvc/nexus/ | chmod -R 750 /var/minikube/pvc/nexus/ | ||
| Line 147: | Line 238: | ||
-XX:+UnlockExperimentalVMOptions\ | -XX:+UnlockExperimentalVMOptions\ | ||
-Djava.util.prefs.userRoot=/nexus-data/javaprefs\ | -Djava.util.prefs.userRoot=/nexus-data/javaprefs\ | ||
-XX:LogFile=/nexus-data/ | -XX:LogFile=/nexus-data/log/jvm/jvm.log\ | ||
-Dnexus.datastore.enabled=true\ | -Dnexus.datastore.enabled=true\ | ||
-Dnexus.datastore.nexus.type=jdbc\ | -Dnexus.datastore.nexus.type=jdbc\ | ||
| Line 168: | Line 259: | ||
ENV | ENV | ||
</syntaxhighlight> | </syntaxhighlight> | ||
---- | |||
<syntaxhighlight lang="bash"> | |||
cat <<'CFG'| kubectl -n nexus create configmap haproxy --from-file=haproxy.cfg=/dev/stdin | |||
global | |||
log stdout format raw local0 | |||
maxconn 3000 | |||
tune.maxrewrite 1024 | |||
tune.bufsize 32768 | |||
defaults | |||
mode http | |||
log global | |||
option httplog | |||
option dontlognull | |||
timeout connect 60s | |||
timeout client 30m | |||
timeout server 30m | |||
timeout http-request 60s | |||
option http-server-close | |||
# ############################################################################## | |||
# http frontend config for nexus.shahed.biz & docker.shahed.biz | |||
# this config added by chorke academia, inc | |||
frontend fnt_shahed_biz | |||
bind *:80 | |||
mode http | |||
acl host-is-shahed-biz-docker hdr(host) -i docker.shahed.biz | |||
acl host-is-shahed-biz-nexus hdr(host) -i nexus.shahed.biz | |||
acl path-is-v2-api path_beg /v2/ | |||
acl path-is-root path -i / | |||
# http-request redirect location /v2/ if host-is-shahed-biz-docker path-is-root | |||
# use_backend bck_shahed_biz_docker_v2 if host-is-shahed-biz-docker path-is-v2-api | |||
use_backend bck_shahed_biz_docker if host-is-shahed-biz-docker | |||
use_backend bck_shahed_biz_nexus if host-is-shahed-biz-nexus | |||
default_backend bck_shahed_biz_nexus | |||
backend bck_shahed_biz_nexus | |||
server nexus_nexus nexus:8081 | |||
mode http | |||
backend bck_shahed_biz_docker | |||
server nexus_docker docker:5000 | |||
mode http | |||
backend bck_shahed_biz_docker_v2 | |||
http-request set-path "%[path,regsub(^/v2/,/)]" | |||
server nexus_docker docker:5000 | |||
mode http | |||
CFG | |||
</syntaxhighlight> | |||
|- | |- | ||
|valign='top'| | |valign='top'| | ||
| Line 218: | Line 362: | ||
port: 5000 | port: 5000 | ||
name: docker | name: docker | ||
type: ClusterIP | |||
YML | |||
</syntaxhighlight> | |||
|- | |||
|valign='top'| | |||
<syntaxhighlight lang="yaml"> | |||
cat <<'YML'| kubectl apply -n nexus -f - | |||
--- | |||
apiVersion: v1 | |||
kind: Service | |||
metadata: | |||
name: haproxy | |||
namespace: nexus | |||
labels: | |||
app.kubernetes.io/name: haproxy | |||
app.kubernetes.io/version: 1.0.0 | |||
app.kubernetes.io/instance: haproxy | |||
app.kubernetes.io/managed-by: kubectl | |||
spec: | |||
selector: | |||
app: haproxy | |||
ports: | |||
- targetPort: 80 | |||
name: haproxy | |||
protocol: TCP | |||
port: 80 | |||
type: ClusterIP | type: ClusterIP | ||
YML | YML | ||
</syntaxhighlight> | </syntaxhighlight> | ||
|valign='top'| | |||
|- | |- | ||
| Line 316: | Line 488: | ||
persistentVolumeClaim: | persistentVolumeClaim: | ||
claimName: data-nexus-0 | claimName: data-nexus-0 | ||
YML | |||
</syntaxhighlight> | |||
|- | |||
|valign='top' colspan='2'| | |||
<syntaxhighlight lang="yaml"> | |||
cat <<'YML'| kubectl apply -n nexus -f - | |||
--- | |||
apiVersion: apps/v1 | |||
kind: Deployment | |||
metadata: | |||
name: haproxy | |||
namespace: nexus | |||
labels: | |||
app.kubernetes.io/name: haproxy | |||
app.kubernetes.io/version: 1.0.0 | |||
app.kubernetes.io/instance: haproxy | |||
app.kubernetes.io/managed-by: kubectl | |||
spec: | |||
replicas: 1 | |||
selector: | |||
matchLabels: | |||
app: haproxy | |||
template: | |||
metadata: | |||
labels: | |||
app: haproxy | |||
spec: | |||
securityContext: | |||
runAsNonRoot: true | |||
runAsGroup: 99 | |||
runAsUser: 99 | |||
containers: | |||
- name: haproxy | |||
image: haproxy:2.8-alpine | |||
ports: | |||
- containerPort: 80 | |||
name: haproxy | |||
protocol: TCP | |||
resources: | |||
limits: | |||
cpu: 500m | |||
memory: 512Mi | |||
requests: | |||
cpu: 250m | |||
memory: 256Mi | |||
volumeMounts: | |||
- mountPath: /usr/local/etc/haproxy | |||
name: haproxy | |||
volumes: | |||
- name: haproxy | |||
configMap: | |||
name: haproxy | |||
YML | YML | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 336: | Line 561: | ||
labels: | labels: | ||
app.kubernetes.io/name: nexus | app.kubernetes.io/name: nexus | ||
app.kubernetes.io/version: 1.0.0 | |||
app.kubernetes.io/instance: nexus | app.kubernetes.io/instance: nexus | ||
app.kubernetes.io/managed-by: kubectl | app.kubernetes.io/managed-by: kubectl | ||
annotations: | annotations: | ||
| Line 367: | Line 592: | ||
labels: | labels: | ||
app.kubernetes.io/name: nexus | app.kubernetes.io/name: nexus | ||
app.kubernetes.io/version: 1.0.0 | |||
app.kubernetes.io/instance: nexus | app.kubernetes.io/instance: nexus | ||
app.kubernetes.io/managed-by: kubectl | app.kubernetes.io/managed-by: kubectl | ||
annotations: | annotations: | ||
| Line 385: | Line 610: | ||
port: | port: | ||
number: 5000 | number: 5000 | ||
YML | |||
</syntaxhighlight> | |||
|- | |||
!scope='col' style='width:1000px'| | |||
K8s » Ingress » HAProxy | |||
|- | |||
|valign='top'| | |||
<syntaxhighlight lang="yaml"> | |||
cat << YML | kubectl apply -n nexus -f - | |||
--- | |||
apiVersion: networking.k8s.io/v1 | |||
kind: Ingress | |||
metadata: | |||
name: nexus | |||
namespace: nexus | |||
labels: | |||
app.kubernetes.io/name: haproxy | |||
app.kubernetes.io/version: 1.0.0 | |||
app.kubernetes.io/instance: haproxy | |||
app.kubernetes.io/managed-by: kubectl | |||
annotations: | |||
nginx.ingress.kubernetes.io/proxy-body-size: "0" | |||
spec: | |||
ingressClassName: nginx | |||
rules: | |||
- host: nexus.shahed.biz | |||
http: | |||
paths: | |||
- path: / | |||
pathType: ImplementationSpecific | |||
backend: | |||
service: | |||
name: haproxy | |||
port: | |||
number: 80 | |||
YML | |||
</syntaxhighlight> | |||
---- | |||
<syntaxhighlight lang="yaml"> | |||
cat << YML | kubectl apply -n nexus -f - | |||
--- | |||
apiVersion: networking.k8s.io/v1 | |||
kind: Ingress | |||
metadata: | |||
name: docker | |||
namespace: nexus | |||
labels: | |||
app.kubernetes.io/name: haproxy | |||
app.kubernetes.io/version: 1.0.0 | |||
app.kubernetes.io/instance: haproxy | |||
app.kubernetes.io/managed-by: kubectl | |||
annotations: | |||
nginx.ingress.kubernetes.io/proxy-body-size: "0" | |||
spec: | |||
ingressClassName: nginx | |||
rules: | |||
- host: docker.shahed.biz | |||
http: | |||
paths: | |||
- path: / | |||
pathType: ImplementationSpecific | |||
backend: | |||
service: | |||
name: haproxy | |||
port: | |||
number: 80 | |||
YML | YML | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 418: | Line 709: | ||
user: tool.tech@shahed.biz | user: tool.tech@shahed.biz | ||
pass: sadaqah! | pass: sadaqah! | ||
</syntaxhighlight> | |||
|- | |||
|valign='top' colspan='2'| | |||
<syntaxhighlight lang="bash"> | |||
cat ~/.docker/config.json|jq -r '.auths."docker.shahed.biz".auth'|base64 --decode && echo | |||
docker login docker.shahed.biz -u admin | |||
docker login docker.shahed.biz | |||
</syntaxhighlight> | |||
---- | |||
<syntaxhighlight lang="bash"> | |||
docker tag nginx:1.27-alpine-slim \ | |||
docker.shahed.biz/library/nginx:1.27-alpine-slim | |||
docker push docker.shahed.biz/library/nginx:1.27-alpine-slim | |||
docker tag nginx:alpine \ | |||
docker.shahed.biz/library/nginx:alpine | |||
docker push docker.shahed.biz/library/nginx:alpine | |||
docker tag nginx:1.27 \ | |||
docker.shahed.biz/library/nginx:1.27 | |||
docker push docker.shahed.biz/library/nginx:1.27 | |||
</syntaxhighlight> | |||
---- | |||
<syntaxhighlight lang="bash"> | |||
cat ~/.docker/config.json|yq -P | |||
cat ~/.docker/config.json|yq -P 'del(.auths["docker.shahed.biz"])' | |||
cat ~/.docker/config.json|jq -r 'del(.auths["docker.shahed.biz"])'|sponge ~/.docker/config.json | |||
</syntaxhighlight> | </syntaxhighlight> | ||
|} | |} | ||
| Line 474: | Line 792: | ||
kubectl -n nexus rollout history deploy/nexus | kubectl -n nexus rollout history deploy/nexus | ||
kubectl -n nexus rollout pause deploy/nexus | kubectl -n nexus rollout pause deploy/nexus | ||
</syntaxhighlight> | |||
---- | |||
<syntaxhighlight lang="yaml"> | |||
cat <<'YML'| \ | |||
kubectl -n nexus patch configmap nexus --type merge --patch-file=/dev/stdin | |||
--- | |||
data: | |||
INSTALL4J_ADD_VM_PARAMS: >- | |||
"-Xms2g -Xmx4g -XX:MaxDirectMemorySize=4g -XX:+UnlockExperimentalVMOptions | |||
-Djava.util.prefs.userRoot=/nexus-data/javaprefs | |||
-XX:LogFile=/nexus-data/log/jvm/jvm.log -Dnexus.datastore.enabled=true | |||
-Dnexus.datastore.nexus.type=jdbc -Dnexus.datastore.nexus.name=${DB_NAME} | |||
-Dnexus.datastore.nexus.username=${DB_USERNAME} | |||
-Dnexus.datastore.nexus.password=${DB_PASSWORD} | |||
-Dnexus.datastore.nexus.jdbcUrl=jdbc:postgresql://pgbouncer.pgbouncer:5432/${DB_NAME}" | |||
YML | |||
</syntaxhighlight> | </syntaxhighlight> | ||
---- | ---- | ||
| Line 547: | Line 881: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
kubectl -n nexus get secret nexus -o json|jq -r '.data."NEXUS_SECURITY_INITIAL_PASSWORD"'|base64 -d;echo | kubectl -n nexus get secret nexus -o json|jq -r '.data."NEXUS_SECURITY_INITIAL_PASSWORD"'|base64 -d;echo | ||
kubectl -n nexus get secret nexus -o json|jq -r '.data."DB_USERNAME"'|base64 -d;echo | |||
kubectl -n nexus get secret nexus -o json|jq -r '.data."DB_PASSWORD"'|base64 -d;echo | |||
kubectl -n nexus get secret nexus -o json|jq -r '.data."DB_NAME"' |base64 -d;echo | |||
</syntaxhighlight> | |||
---- | |||
<syntaxhighlight lang="bash"> | |||
kubectl -n nexus exec -it svc/nexus -- cat /nexus-data/keystores/secret-key | |||
kubectl -n nexus exec -it svc/nexus -- cat /nexus-data/admin.password | |||
</syntaxhighlight> | </syntaxhighlight> | ||
|- | |- | ||
|valign='top'| | |valign='top'| | ||
| Line 609: | Line 950: | ||
|valign='top'| | |valign='top'| | ||
* [https://help.sonatype.com/en/user-tokens.html K8s » Nexus » User Tokens] | |||
* [[K8s/PgBouncer|K8s » PgBouncer]] | * [[K8s/PgBouncer|K8s » PgBouncer]] | ||
* [[K8s/N8N|K8s » N8N]] | * [[K8s/N8N|K8s » N8N]] | ||
Latest revision as of 05:46, 26 July 2025
K8s » Config
|
K8s » Config | |
|---|---|
export KUBECONFIG=${HOME}/.kube/aws-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/dev-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/gcp-kubeconfig.yaml
|
export KUBECONFIG=${HOME}/.kube/shahed-aa-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/shahed-ab-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/shahed-ac-kubeconfig.yaml
|
export KUBECONFIG=${HOME}/.kube/shahed-ae-kubeconfig.yaml
kubectl config get-contexts
kubectl config view
| |
K8s » MinIO
|
K8s » MinIO |
|---|
cat << EXE | bash
mc ready s3_minio_shahed_shahed_biz_admin
mc ping -c=3 s3_minio_shahed_shahed_biz_admin
mc admin info s3_minio_shahed_shahed_biz_admin
mc mb s3_minio_shahed_shahed_biz_admin/shahed-ae-nexus-docker-group
mc mb s3_minio_shahed_shahed_biz_admin/shahed-ae-nexus-docker-private
mc ls s3_minio_shahed_shahed_biz_admin --json | jq -r '.key|sub("/$"; "")'
EXE
|
|
K8s » MinIO » Policy |
yq -o=json <<'YML'| \
mc admin policy create s3_minio_shahed_shahed_biz_admin shahed-ae-nexus-rw /dev/stdin
---
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- s3:*
Resource:
- arn:aws:s3:::shahed-ae-nexus-docker-group
- arn:aws:s3:::shahed-ae-nexus-docker-private
YML
mc admin policy ls s3_minio_shahed_shahed_biz_admin --json|jq -r '.policy'
mc admin policy info s3_minio_shahed_shahed_biz_admin shahed-ae-nexus-rw --json|jq -r
|
|
K8s » MinIO » Service Account |
mc admin policy info s3_minio_shahed_shahed_biz_admin shahed-ae-nexus-rw --json|jq -r '.policyInfo.Policy'|\
mc admin user svcacct add s3_minio_shahed_shahed_biz_admin admin \
--description 'shahed-ae-nexus-rw' \
--name shahed-ae-nexus-rw \
--policy /dev/stdin
:'
Access Key: 3BD9PQS397ZLN8YLCZM7
Expiration: no-expiry
'
mc admin policy info s3_minio_shahed_shahed_biz_admin shahed-ae-nexus-rw --json|jq -r '.policyInfo.Policy'|\
mc admin user svcacct edit s3_minio_shahed_shahed_biz_admin/ '3BD9PQS397ZLN8YLCZM7' \
--policy /dev/stdin
:'
Edited service account `3BD9PQS397ZLN8YLCZM7` successfully.
'
mc admin user svcacct disable s3_minio_shahed_shahed_biz_admin '3BD9PQS397ZLN8YLCZM7'
mc admin user svcacct enable s3_minio_shahed_shahed_biz_admin '3BD9PQS397ZLN8YLCZM7'
mc admin user svcacct ls s3_minio_shahed_shahed_biz_admin admin
mc admin user svcacct ls s3_minio_shahed_shahed_biz_admin admin --json|jq -r '.accessKey'
|
|
K8s » MinIO » Service Account » Debug |
echo -n 'SecretKey: ';read -s MC_SECRET_KEY;export MC_SECRET_KEY;echo
# SecretKey: TkbFQXTXZjYquDhzfdFBUyguZF15s0W+OYrb3LXQ
mc alias set shahed_ae_nexus_admin https://s3.minio.shahed.shahed.biz '3BD9PQS397ZLN8YLCZM7' ${MC_SECRET_KEY}
mc ping shahed_ae_nexus_admin -c=3
mc ls shahed_ae_nexus_admin
mc alias rm shahed_ae_nexus_admin
|
K8s » Storage
|
K8s » Storage | |
|---|---|
cat <<'EXE'| sudo bash
mkdir -p /var/minikube/pvc/nexus/data-nexus-0/log/jvm/
chown -R 200:200 /var/minikube/pvc/nexus/
chmod -R 750 /var/minikube/pvc/nexus/
EXE
| |
cat <<'YML'| kubectl apply -f -
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nexus-data-nexus-0
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: hostpath
hostPath:
path: /var/hostpath_pv/nexus/data-nexus-0
type: DirectoryOrCreate
YML
|
|
K8s » Database
|
K8s » Database |
|---|
ssh -qt shahed@shahed-ae.local.or.tunnel.ip bash
echo -n 'Password: ';read -s NEXUS_PASSWORD;export NEXUS_PASSWORD;echo
# Password: sadaqah!
cat << DDL | sudo -i -u postgres psql
\! printf '\n'
SELECT 'CREATE DATABASE shahed_nexus'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'shahed_nexus')\gexec
CREATE USER shahed_nexus WITH ENCRYPTED PASSWORD '${NEXUS_PASSWORD}';
GRANT ALL PRIVILEGES ON DATABASE shahed_nexus TO shahed_nexus;
ALTER DATABASE shahed_nexus OWNER TO shahed_nexus;
DDL
|
echo -n 'Password: ';read -s PGBOUNCER_PASSWORD;export PGBOUNCER_PASSWORD;echo
# Password: sadaqah!
cat << DDL | sudo -i -u postgres psql
\! printf '\n'
SELECT 'CREATE DATABASE bouncer'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'bouncer')\gexec
CREATE USER bouncer WITH ENCRYPTED PASSWORD '${PGBOUNCER_PASSWORD}';
GRANT ALL PRIVILEGES ON DATABASE bouncer TO bouncer;
ALTER DATABASE bouncer OWNER TO bouncer;
DDL
echo -n 'Password: ';read -s PGPASSWORD; export PGPASSWORD; echo
# Password: sadaqah!
psql -U shahed_nexus -d shahed_nexus -p 5432 -h 192.168.49.103
psql -U shahed_nexus -d shahed_nexus -p 5432 -h localhost
psql -U bouncer -d bouncer -p 5432 -h 192.168.49.103
psql -U bouncer -d bouncer -p 5432 -h localhost
|
K8s » Deploy
|
K8s » Deploy | |
|---|---|
kubectl config get-contexts
kubectl config view
|
kubectl create ns nexus
kubectl get ns|grep nexus
|
cat <<ENV | kubectl -n nexus create configmap nexus --from-env-file=/dev/stdin
INSTALL4J_ADD_VM_PARAMS="-Xms512m -Xmx2g\
-XX:MaxDirectMemorySize=2g\
-XX:+UnlockExperimentalVMOptions\
-Djava.util.prefs.userRoot=/nexus-data/javaprefs\
-XX:LogFile=/nexus-data/log/jvm/jvm.log\
-Dnexus.datastore.enabled=true\
-Dnexus.datastore.nexus.type=jdbc\
-Dnexus.datastore.nexus.name=\${DB_NAME}\
-Dnexus.datastore.nexus.username=\${DB_USERNAME}\
-Dnexus.datastore.nexus.password=\${DB_PASSWORD}\
-Dnexus.datastore.nexus.jdbcUrl=jdbc:postgresql://pgbouncer.pgbouncer:5432/\${DB_NAME}"
NEXUS_SECURITY_RANDOMPASSWORD=false
NEXUS_SERVICE_PORT=8081
NEXUS_CONTEXT=/
ENV
cat <<ENV | kubectl -n nexus create secret generic nexus --from-env-file=/dev/stdin
NEXUS_SECURITY_INITIAL_PASSWORD=sadaqah!
DB_USERNAME=shahed_nexus
DB_PASSWORD=sadaqah!
DB_NAME=shahed_nexus
ENV
cat <<'CFG'| kubectl -n nexus create configmap haproxy --from-file=haproxy.cfg=/dev/stdin
global
log stdout format raw local0
maxconn 3000
tune.maxrewrite 1024
tune.bufsize 32768
defaults
mode http
log global
option httplog
option dontlognull
timeout connect 60s
timeout client 30m
timeout server 30m
timeout http-request 60s
option http-server-close
# ##############################################################################
# http frontend config for nexus.shahed.biz & docker.shahed.biz
# this config added by chorke academia, inc
frontend fnt_shahed_biz
bind *:80
mode http
acl host-is-shahed-biz-docker hdr(host) -i docker.shahed.biz
acl host-is-shahed-biz-nexus hdr(host) -i nexus.shahed.biz
acl path-is-v2-api path_beg /v2/
acl path-is-root path -i /
# http-request redirect location /v2/ if host-is-shahed-biz-docker path-is-root
# use_backend bck_shahed_biz_docker_v2 if host-is-shahed-biz-docker path-is-v2-api
use_backend bck_shahed_biz_docker if host-is-shahed-biz-docker
use_backend bck_shahed_biz_nexus if host-is-shahed-biz-nexus
default_backend bck_shahed_biz_nexus
backend bck_shahed_biz_nexus
server nexus_nexus nexus:8081
mode http
backend bck_shahed_biz_docker
server nexus_docker docker:5000
mode http
backend bck_shahed_biz_docker_v2
http-request set-path "%[path,regsub(^/v2/,/)]"
server nexus_docker docker:5000
mode http
CFG
| |
cat <<'YML'| kubectl apply -n nexus -f -
---
apiVersion: v1
kind: Service
metadata:
name: nexus
namespace: nexus
labels:
app.kubernetes.io/name: nexus
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: nexus
app.kubernetes.io/managed-by: kubectl
spec:
selector:
app: nexus
ports:
- targetPort: 8081
protocol: TCP
port: 8081
name: nexus
type: ClusterIP
YML
|
cat <<'YML'| kubectl apply -n nexus -f -
---
apiVersion: v1
kind: Service
metadata:
name: docker
namespace: nexus
labels:
app.kubernetes.io/name: nexus
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: nexus
app.kubernetes.io/managed-by: kubectl
spec:
selector:
app: nexus
ports:
- targetPort: 5000
protocol: TCP
port: 5000
name: docker
type: ClusterIP
YML
|
cat <<'YML'| kubectl apply -n nexus -f -
---
apiVersion: v1
kind: Service
metadata:
name: haproxy
namespace: nexus
labels:
app.kubernetes.io/name: haproxy
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: haproxy
app.kubernetes.io/managed-by: kubectl
spec:
selector:
app: haproxy
ports:
- targetPort: 80
name: haproxy
protocol: TCP
port: 80
type: ClusterIP
YML
|
|
cat <<'YML'| kubectl apply -n nexus -f -
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data-nexus-0
namespace: nexus
labels:
app.kubernetes.io/name: nexus
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: nexus
app.kubernetes.io/managed-by: kubectl
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
storageClassName: hostpath
volumeName: nexus-data-nexus-0
YML
|
|
cat <<'YML'| kubectl apply -n nexus -f -
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nexus
namespace: nexus
labels:
app: nexus
app.kubernetes.io/name: nexus
app.kubernetes.io/instance: nexus
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/managed-by: kubectl
annotations:
kubernetes.io/change-cause: "CKI-1| Initial Deployment"
spec:
replicas: 1
selector:
matchLabels:
app: nexus
template:
metadata:
labels:
app: nexus
spec:
securityContext:
runAsUser: 200
fsGroup: 200
containers:
- name: nexus
image: sonatype/nexus3:3.82.0-alpine
ports:
- containerPort: 8081
protocol: TCP
name: nexus
- containerPort: 5000
protocol: TCP
name: docker
resources:
limits:
cpu: 1000m
memory: 2Gi
requests:
cpu: 300m
memory: 1Gi
envFrom:
- secretRef:
name: nexus
- configMapRef:
name: nexus
volumeMounts:
- mountPath: /nexus-data
name: data-nexus-0
volumes:
- name: data-nexus-0
persistentVolumeClaim:
claimName: data-nexus-0
YML
| |
cat <<'YML'| kubectl apply -n nexus -f -
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: haproxy
namespace: nexus
labels:
app.kubernetes.io/name: haproxy
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: haproxy
app.kubernetes.io/managed-by: kubectl
spec:
replicas: 1
selector:
matchLabels:
app: haproxy
template:
metadata:
labels:
app: haproxy
spec:
securityContext:
runAsNonRoot: true
runAsGroup: 99
runAsUser: 99
containers:
- name: haproxy
image: haproxy:2.8-alpine
ports:
- containerPort: 80
name: haproxy
protocol: TCP
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 250m
memory: 256Mi
volumeMounts:
- mountPath: /usr/local/etc/haproxy
name: haproxy
volumes:
- name: haproxy
configMap:
name: haproxy
YML
| |
K8s » Ingress
|
K8s » Ingress |
|---|
cat << YML | kubectl apply -n nexus -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nexus
namespace: nexus
labels:
app.kubernetes.io/name: nexus
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: nexus
app.kubernetes.io/managed-by: kubectl
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
ingressClassName: nginx
rules:
- host: nexus.shahed.biz
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: nexus
port:
number: 8081
YML
cat << YML | kubectl apply -n nexus -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: docker
namespace: nexus
labels:
app.kubernetes.io/name: nexus
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: nexus
app.kubernetes.io/managed-by: kubectl
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
ingressClassName: nginx
rules:
- host: docker.shahed.biz
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: docker
port:
number: 5000
YML
|
|
K8s » Ingress » HAProxy |
cat << YML | kubectl apply -n nexus -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nexus
namespace: nexus
labels:
app.kubernetes.io/name: haproxy
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: haproxy
app.kubernetes.io/managed-by: kubectl
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
ingressClassName: nginx
rules:
- host: nexus.shahed.biz
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: haproxy
port:
number: 80
YML
cat << YML | kubectl apply -n nexus -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: docker
namespace: nexus
labels:
app.kubernetes.io/name: haproxy
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: haproxy
app.kubernetes.io/managed-by: kubectl
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
ingressClassName: nginx
rules:
- host: docker.shahed.biz
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: haproxy
port:
number: 80
YML
|
K8s » Verify
|
K8s » Verify | |
|---|---|
xdg-open https://www.cdn77.com/tls-test/result?domain=docker.shahed.biz
xdg-open https://docker.shahed.biz
xdg-open https://www.cdn77.com/tls-test/result?domain=nexus.shahed.biz
xdg-open https://nexus.shahed.biz
| |
kubectl -n nexus exec -it svc/nexus -c nexus -- ash
kubectl -n nexus exec -it svc/nexus -- ash
kubectl -n nexus exec -it svc/nexus -- id
kubectl -n nexus logs -f svc/nexus
|
---
Page: https://nexus.shahed.biz
user: tool.tech@shahed.biz
pass: sadaqah!
|
cat ~/.docker/config.json|jq -r '.auths."docker.shahed.biz".auth'|base64 --decode && echo
docker login docker.shahed.biz -u admin
docker login docker.shahed.biz
docker tag nginx:1.27-alpine-slim \
docker.shahed.biz/library/nginx:1.27-alpine-slim
docker push docker.shahed.biz/library/nginx:1.27-alpine-slim
docker tag nginx:alpine \
docker.shahed.biz/library/nginx:alpine
docker push docker.shahed.biz/library/nginx:alpine
docker tag nginx:1.27 \
docker.shahed.biz/library/nginx:1.27
docker push docker.shahed.biz/library/nginx:1.27
cat ~/.docker/config.json|yq -P
cat ~/.docker/config.json|yq -P 'del(.auths["docker.shahed.biz"])'
cat ~/.docker/config.json|jq -r 'del(.auths["docker.shahed.biz"])'|sponge ~/.docker/config.json
| |
K8s » Scaling
|
K8s » Scaling |
|---|
cat <<YML | kubectl -n nexus patch deploy/nexus --patch-file=/dev/stdin
---
spec:
replicas: 0
YML
cat <<YML | kubectl -n nexus patch deploy/nexus --patch-file=/dev/stdin
---
spec:
replicas: 1
YML
cat <<YML | kubectl -n nexus patch deploy/nexus --patch-file=/dev/stdin
---
metadata:
annotations:
kubernetes.io/change-cause: "CKI-2| Resources Updated"
spec:
template:
spec:
containers:
- name: nexus
resources:
requests:
cpu: 500m
memory: 2Gi
limits:
cpu: 1000m
memory: 4Gi
YML
|
K8s » Rolling
|
K8s » Rollout |
|---|
kubectl -n nexus rollout history deploy/nexus
kubectl -n nexus rollout pause deploy/nexus
cat <<'YML'| \
kubectl -n nexus patch configmap nexus --type merge --patch-file=/dev/stdin
---
data:
INSTALL4J_ADD_VM_PARAMS: >-
"-Xms2g -Xmx4g -XX:MaxDirectMemorySize=4g -XX:+UnlockExperimentalVMOptions
-Djava.util.prefs.userRoot=/nexus-data/javaprefs
-XX:LogFile=/nexus-data/log/jvm/jvm.log -Dnexus.datastore.enabled=true
-Dnexus.datastore.nexus.type=jdbc -Dnexus.datastore.nexus.name=${DB_NAME}
-Dnexus.datastore.nexus.username=${DB_USERNAME}
-Dnexus.datastore.nexus.password=${DB_PASSWORD}
-Dnexus.datastore.nexus.jdbcUrl=jdbc:postgresql://pgbouncer.pgbouncer:5432/${DB_NAME}"
YML
cat <<YML | kubectl -n nexus patch deploy/nexus --patch-file=/dev/stdin
---
metadata:
annotations:
kubernetes.io/change-cause: "CKI-2| Container Updated"
spec:
template:
spec:
containers:
- name: nexus
resources:
requests:
cpu: 500m
memory: 2Gi
limits:
cpu: 1000m
memory: 4Gi
YML
kubectl -n nexus annotate deploy/nexus --overwrite \
kubernetes.io/change-cause="CKI-2| Resources Updated"
kubectl -n nexus rollout resume deploy/nexus
kubectl -n nexus rollout history deploy/nexus
|
kubectl -n nexus rollout undo deploy/nexus --to-revision=1
kubectl -n nexus rollout history deploy/nexus
kubectl -n nexus annotate deploy/nexus --overwrite \
kubernetes.io/change-cause="CKI-3| Revert Back to CKI-1"
kubectl -n nexus rollout history deploy/nexus
|
K8s » Delete
|
K8s » Delete | |
|---|---|
kubectl delete svc --all -n nexus
kubectl delete deploy --all -n nexus
kubectl delete pvc --all -n nexus
|
kubectl delete pv nexus-data-nexus-0
kubectl delete all --all -n nexus
kubectl delete ns nexus
|
Playground
|
Playground | |
|---|---|
kubectl -n nexus get secret nexus -o json|jq -r '.data."NEXUS_SECURITY_INITIAL_PASSWORD"'|base64 -d;echo
kubectl -n nexus get secret nexus -o json|jq -r '.data."DB_USERNAME"'|base64 -d;echo
kubectl -n nexus get secret nexus -o json|jq -r '.data."DB_PASSWORD"'|base64 -d;echo
kubectl -n nexus get secret nexus -o json|jq -r '.data."DB_NAME"' |base64 -d;echo
kubectl -n nexus exec -it svc/nexus -- cat /nexus-data/keystores/secret-key
kubectl -n nexus exec -it svc/nexus -- cat /nexus-data/admin.password
| |
kubectl -n nexus rollout history deploy/nexus
kubectl -n nexus rollout restart deploy/nexus
kubectl -n nexus rollout undo deploy/nexus
|
kubectl -n nexus rollout pause deploy/nexus
kubectl -n nexus rollout resume deploy/nexus
kubectl -n nexus rollout status deploy/nexus
|
kubectl delete svc --all -n nexus
kubectl delete deploy --all -n nexus
kubectl delete pvc --all -n nexus
|
kubectl delete pv nexus-data-nexus-0
kubectl delete all --all -n nexus
kubectl delete ns nexus
|
kubectl -n nexus exec -it svc/nexus -c nexus -- ash
kubectl -n nexus exec -it svc/nexus -- ash
kubectl -n nexus exec -it svc/nexus -- id
kubectl -n nexus logs -f svc/nexus -c nexus
kubectl -n nexus logs -f svc/nexus
| |
References
|
References | ||
|---|---|---|