K8s/Nexus: Difference between revisions
Jump to navigation
Jump to search
| Line 30: | Line 30: | ||
{|class='wikitable mw-collapsible mw-collapsed' | {|class='wikitable mw-collapsible mw-collapsed' | ||
!scope='col' style='width:1000px'| | !scope='col' style='width:1000px'| | ||
K8s » MinIO | |||
|- | |- | ||
|valign='top'| | |valign='top'| | ||
| Line 45: | Line 45: | ||
|- | |- | ||
!scope='col'| | !scope='col'| | ||
K8s » MinIO » Policy | |||
|- | |- | ||
|valign='top'| | |valign='top'| | ||
| Line 69: | Line 69: | ||
|- | |- | ||
!scope='col'| | !scope='col'| | ||
K8s » MinIO » Service Account | |||
|- | |- | ||
|valign='top'| | |valign='top'| | ||
| Line 101: | Line 101: | ||
mc admin user svcacct ls s3_minio_shahed_shahed_biz_admin admin | mc admin user svcacct ls s3_minio_shahed_shahed_biz_admin admin | ||
mc admin user svcacct ls s3_minio_shahed_shahed_biz_admin admin --json|jq -r '.accessKey' | mc admin user svcacct ls s3_minio_shahed_shahed_biz_admin admin --json|jq -r '.accessKey' | ||
</syntaxhighlight> | |||
|- | |||
!scope='col'| | |||
K8s » MinIO » Service Account » Debug | |||
|- | |||
|valign='top'| | |||
<syntaxhighlight lang="bash"> | |||
echo -n 'SecretKey: ';read -s MC_SECRET_KEY;export MC_SECRET_KEY;echo | |||
# SecretKey: TkbFQXTXZjYquDhzfdFBUyguZF15s0W+OYrb3LXQ | |||
mc alias set shahed_ae_nexus_admin https://s3.minio.shahed.shahed.biz '3BD9PQS397ZLN8YLCZM7' ${MC_SECRET_KEY} | |||
mc ping shahed_ae_nexus_admin -c=3 | |||
mc ls shahed_ae_nexus_admin | |||
mc alias rm shahed_ae_nexus_admin | |||
</syntaxhighlight> | </syntaxhighlight> | ||
|} | |} | ||
Revision as of 03:23, 25 July 2025
K8s » Config
|
K8s » Config | |
|---|---|
export KUBECONFIG=${HOME}/.kube/aws-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/dev-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/gcp-kubeconfig.yaml
|
export KUBECONFIG=${HOME}/.kube/shahed-aa-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/shahed-ab-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/shahed-ac-kubeconfig.yaml
|
export KUBECONFIG=${HOME}/.kube/shahed-ae-kubeconfig.yaml
kubectl config get-contexts
kubectl config view
| |
K8s » MinIO
|
K8s » MinIO |
|---|
cat << EXE | bash
mc ready s3_minio_shahed_shahed_biz_admin
mc ping -c=3 s3_minio_shahed_shahed_biz_admin
mc admin info s3_minio_shahed_shahed_biz_admin
mc mb s3_minio_shahed_shahed_biz_admin/shahed-ae-nexus-docker-group
mc mb s3_minio_shahed_shahed_biz_admin/shahed-ae-nexus-docker-private
mc ls s3_minio_shahed_shahed_biz_admin --json | jq -r '.key|sub("/$"; "")'
EXE
|
|
K8s » MinIO » Policy |
yq -o=json <<'YML'| \
mc admin policy create s3_minio_shahed_shahed_biz_admin shahed-ae-nexus-rw /dev/stdin
---
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- s3:*
Resource:
- arn:aws:s3:::shahed-ae-nexus-docker-group
- arn:aws:s3:::shahed-ae-nexus-docker-private
YML
mc admin policy ls s3_minio_shahed_shahed_biz_admin --json|jq -r '.policy'
mc admin policy info s3_minio_shahed_shahed_biz_admin shahed-ae-nexus-rw --json|jq -r
|
|
K8s » MinIO » Service Account |
mc admin policy info s3_minio_shahed_shahed_biz_admin shahed-ae-nexus-rw --json|jq -r '.policyInfo.Policy'|\
mc admin user svcacct add s3_minio_shahed_shahed_biz_admin admin \
--description 'shahed-ae-nexus-rw' \
--name shahed-ae-nexus-rw \
--policy /dev/stdin
:'
Access Key: 3BD9PQS397ZLN8YLCZM7
Expiration: no-expiry
'
mc admin policy info s3_minio_shahed_shahed_biz_admin shahed-ae-nexus-rw --json|jq -r '.policyInfo.Policy'|\
mc admin user svcacct edit s3_minio_shahed_shahed_biz_admin/ '3BD9PQS397ZLN8YLCZM7' \
--policy /dev/stdin
:'
Edited service account `3BD9PQS397ZLN8YLCZM7` successfully.
'
mc admin user svcacct disable s3_minio_shahed_shahed_biz_admin '3BD9PQS397ZLN8YLCZM7'
mc admin user svcacct enable s3_minio_shahed_shahed_biz_admin '3BD9PQS397ZLN8YLCZM7'
mc admin user svcacct ls s3_minio_shahed_shahed_biz_admin admin
mc admin user svcacct ls s3_minio_shahed_shahed_biz_admin admin --json|jq -r '.accessKey'
|
|
K8s » MinIO » Service Account » Debug |
echo -n 'SecretKey: ';read -s MC_SECRET_KEY;export MC_SECRET_KEY;echo
# SecretKey: TkbFQXTXZjYquDhzfdFBUyguZF15s0W+OYrb3LXQ
mc alias set shahed_ae_nexus_admin https://s3.minio.shahed.shahed.biz '3BD9PQS397ZLN8YLCZM7' ${MC_SECRET_KEY}
mc ping shahed_ae_nexus_admin -c=3
mc ls shahed_ae_nexus_admin
mc alias rm shahed_ae_nexus_admin
|
K8s » Storage
|
K8s » Storage | |
|---|---|
cat <<'EXE'| sudo bash
mkdir -p /var/minikube/pvc/nexus/data-nexus-0/log/jvm/
chown -R 200:200 /var/minikube/pvc/nexus/
chmod -R 750 /var/minikube/pvc/nexus/
EXE
| |
cat <<'YML'| kubectl apply -f -
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nexus-data-nexus-0
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: hostpath
hostPath:
path: /var/hostpath_pv/nexus/data-nexus-0
type: DirectoryOrCreate
YML
|
|
K8s » Database
|
K8s » Database |
|---|
ssh -qt shahed@shahed-ae.local.or.tunnel.ip bash
echo -n 'Password: ';read -s NEXUS_PASSWORD;export NEXUS_PASSWORD;echo
# Password: sadaqah!
cat << DDL | sudo -i -u postgres psql
\! printf '\n'
SELECT 'CREATE DATABASE shahed_nexus'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'shahed_nexus')\gexec
CREATE USER shahed_nexus WITH ENCRYPTED PASSWORD '${NEXUS_PASSWORD}';
GRANT ALL PRIVILEGES ON DATABASE shahed_nexus TO shahed_nexus;
ALTER DATABASE shahed_nexus OWNER TO shahed_nexus;
DDL
|
echo -n 'Password: ';read -s PGBOUNCER_PASSWORD;export PGBOUNCER_PASSWORD;echo
# Password: sadaqah!
cat << DDL | sudo -i -u postgres psql
\! printf '\n'
SELECT 'CREATE DATABASE bouncer'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'bouncer')\gexec
CREATE USER bouncer WITH ENCRYPTED PASSWORD '${PGBOUNCER_PASSWORD}';
GRANT ALL PRIVILEGES ON DATABASE bouncer TO bouncer;
ALTER DATABASE bouncer OWNER TO bouncer;
DDL
echo -n 'Password: ';read -s PGPASSWORD; export PGPASSWORD; echo
# Password: sadaqah!
psql -U shahed_nexus -d shahed_nexus -p 5432 -h 192.168.49.103
psql -U shahed_nexus -d shahed_nexus -p 5432 -h localhost
psql -U bouncer -d bouncer -p 5432 -h 192.168.49.103
psql -U bouncer -d bouncer -p 5432 -h localhost
|
K8s » Deploy
|
K8s » Deploy | |
|---|---|
kubectl config get-contexts
kubectl config view
|
kubectl create ns nexus
kubectl get ns|grep nexus
|
cat <<ENV | kubectl -n nexus create configmap nexus --from-env-file=/dev/stdin
INSTALL4J_ADD_VM_PARAMS="-Xms512m -Xmx2g\
-XX:MaxDirectMemorySize=2g\
-XX:+UnlockExperimentalVMOptions\
-Djava.util.prefs.userRoot=/nexus-data/javaprefs\
-XX:LogFile=/nexus-data/log/jvm/jvm.log\
-Dnexus.datastore.enabled=true\
-Dnexus.datastore.nexus.type=jdbc\
-Dnexus.datastore.nexus.name=\${DB_NAME}\
-Dnexus.datastore.nexus.username=\${DB_USERNAME}\
-Dnexus.datastore.nexus.password=\${DB_PASSWORD}\
-Dnexus.datastore.nexus.jdbcUrl=jdbc:postgresql://pgbouncer.pgbouncer:5432/\${DB_NAME}"
NEXUS_SECURITY_RANDOMPASSWORD=false
NEXUS_SERVICE_PORT=8081
NEXUS_CONTEXT=/
ENV
cat <<ENV | kubectl -n nexus create secret generic nexus --from-env-file=/dev/stdin
NEXUS_SECURITY_INITIAL_PASSWORD=sadaqah!
DB_USERNAME=shahed_nexus
DB_PASSWORD=sadaqah!
DB_NAME=shahed_nexus
ENV
| |
cat <<'YML'| kubectl apply -n nexus -f -
---
apiVersion: v1
kind: Service
metadata:
name: nexus
namespace: nexus
labels:
app.kubernetes.io/name: nexus
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: nexus
app.kubernetes.io/managed-by: kubectl
spec:
selector:
app: nexus
ports:
- targetPort: 8081
protocol: TCP
port: 8081
name: nexus
type: ClusterIP
YML
|
cat <<'YML'| kubectl apply -n nexus -f -
---
apiVersion: v1
kind: Service
metadata:
name: docker
namespace: nexus
labels:
app.kubernetes.io/name: nexus
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: nexus
app.kubernetes.io/managed-by: kubectl
spec:
selector:
app: nexus
ports:
- targetPort: 5000
protocol: TCP
port: 5000
name: docker
type: ClusterIP
YML
|
cat <<'YML'| kubectl apply -n nexus -f -
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data-nexus-0
namespace: nexus
labels:
app.kubernetes.io/name: nexus
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: nexus
app.kubernetes.io/managed-by: kubectl
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
storageClassName: hostpath
volumeName: nexus-data-nexus-0
YML
|
|
cat <<'YML'| kubectl apply -n nexus -f -
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nexus
namespace: nexus
labels:
app: nexus
app.kubernetes.io/name: nexus
app.kubernetes.io/instance: nexus
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/managed-by: kubectl
annotations:
kubernetes.io/change-cause: "CKI-1| Initial Deployment"
spec:
replicas: 1
selector:
matchLabels:
app: nexus
template:
metadata:
labels:
app: nexus
spec:
securityContext:
runAsUser: 200
fsGroup: 200
containers:
- name: nexus
image: sonatype/nexus3:3.82.0-alpine
ports:
- containerPort: 8081
protocol: TCP
name: nexus
- containerPort: 5000
protocol: TCP
name: docker
resources:
limits:
cpu: 1000m
memory: 2Gi
requests:
cpu: 300m
memory: 1Gi
envFrom:
- secretRef:
name: nexus
- configMapRef:
name: nexus
volumeMounts:
- mountPath: /nexus-data
name: data-nexus-0
volumes:
- name: data-nexus-0
persistentVolumeClaim:
claimName: data-nexus-0
YML
| |
K8s » Ingress
|
K8s » Ingress |
|---|
cat << YML | kubectl apply -n nexus -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nexus
namespace: nexus
labels:
app.kubernetes.io/name: nexus
app.kubernetes.io/instance: nexus
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/managed-by: kubectl
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
ingressClassName: nginx
rules:
- host: nexus.shahed.biz
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: nexus
port:
number: 8081
YML
cat << YML | kubectl apply -n nexus -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: docker
namespace: nexus
labels:
app.kubernetes.io/name: nexus
app.kubernetes.io/instance: nexus
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/managed-by: kubectl
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
ingressClassName: nginx
rules:
- host: docker.shahed.biz
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: docker
port:
number: 5000
YML
|
K8s » Verify
|
K8s » Verify | |
|---|---|
xdg-open https://www.cdn77.com/tls-test/result?domain=docker.shahed.biz
xdg-open https://docker.shahed.biz
xdg-open https://www.cdn77.com/tls-test/result?domain=nexus.shahed.biz
xdg-open https://nexus.shahed.biz
| |
kubectl -n nexus exec -it svc/nexus -c nexus -- ash
kubectl -n nexus exec -it svc/nexus -- ash
kubectl -n nexus exec -it svc/nexus -- id
kubectl -n nexus logs -f svc/nexus
|
---
Page: https://nexus.shahed.biz
user: tool.tech@shahed.biz
pass: sadaqah!
|
K8s » Scaling
|
K8s » Scaling |
|---|
cat <<YML | kubectl -n nexus patch deploy/nexus --patch-file=/dev/stdin
---
spec:
replicas: 0
YML
cat <<YML | kubectl -n nexus patch deploy/nexus --patch-file=/dev/stdin
---
spec:
replicas: 1
YML
cat <<YML | kubectl -n nexus patch deploy/nexus --patch-file=/dev/stdin
---
metadata:
annotations:
kubernetes.io/change-cause: "CKI-2| Resources Updated"
spec:
template:
spec:
containers:
- name: nexus
resources:
requests:
cpu: 500m
memory: 2Gi
limits:
cpu: 1000m
memory: 4Gi
YML
|
K8s » Rolling
|
K8s » Rollout |
|---|
kubectl -n nexus rollout history deploy/nexus
kubectl -n nexus rollout pause deploy/nexus
cat <<YML | kubectl -n nexus patch deploy/nexus --patch-file=/dev/stdin
---
metadata:
annotations:
kubernetes.io/change-cause: "CKI-2| Container Updated"
spec:
template:
spec:
containers:
- name: nexus
resources:
requests:
cpu: 500m
memory: 2Gi
limits:
cpu: 1000m
memory: 4Gi
YML
kubectl -n nexus annotate deploy/nexus --overwrite \
kubernetes.io/change-cause="CKI-2| Resources Updated"
kubectl -n nexus rollout resume deploy/nexus
kubectl -n nexus rollout history deploy/nexus
|
kubectl -n nexus rollout undo deploy/nexus --to-revision=1
kubectl -n nexus rollout history deploy/nexus
kubectl -n nexus annotate deploy/nexus --overwrite \
kubernetes.io/change-cause="CKI-3| Revert Back to CKI-1"
kubectl -n nexus rollout history deploy/nexus
|
K8s » Delete
|
K8s » Delete | |
|---|---|
kubectl delete svc --all -n nexus
kubectl delete deploy --all -n nexus
kubectl delete pvc --all -n nexus
|
kubectl delete pv nexus-data-nexus-0
kubectl delete all --all -n nexus
kubectl delete ns nexus
|
Playground
|
Playground | |
|---|---|
kubectl -n nexus get secret nexus -o json|jq -r '.data."NEXUS_SECURITY_INITIAL_PASSWORD"'|base64 -d;echo
kubectl -n nexus get secret nexus -o json|jq -r '.data."DB_USERNAME"'|base64 -d;echo
kubectl -n nexus get secret nexus -o json|jq -r '.data."DB_PASSWORD"'|base64 -d;echo
kubectl -n nexus get secret nexus -o json|jq -r '.data."DB_NAME"' |base64 -d;echo
kubectl -n nexus exec -it svc/nexus -- cat /nexus-data/keystores/secret-key
kubectl -n nexus exec -it svc/nexus -- cat /nexus-data/admin.password
| |
kubectl -n nexus rollout history deploy/nexus
kubectl -n nexus rollout restart deploy/nexus
kubectl -n nexus rollout undo deploy/nexus
|
kubectl -n nexus rollout pause deploy/nexus
kubectl -n nexus rollout resume deploy/nexus
kubectl -n nexus rollout status deploy/nexus
|
kubectl delete svc --all -n nexus
kubectl delete deploy --all -n nexus
kubectl delete pvc --all -n nexus
|
kubectl delete pv nexus-data-nexus-0
kubectl delete all --all -n nexus
kubectl delete ns nexus
|
kubectl -n nexus exec -it svc/nexus -c nexus -- ash
kubectl -n nexus exec -it svc/nexus -- ash
kubectl -n nexus exec -it svc/nexus -- id
kubectl -n nexus logs -f svc/nexus -c nexus
kubectl -n nexus logs -f svc/nexus
| |
References
|
References | ||
|---|---|---|