K8s/Nexus: Difference between revisions
Jump to navigation
Jump to search
| Line 548: | Line 548: | ||
namespace: nexus | namespace: nexus | ||
labels: | labels: | ||
app.kubernetes.io/name: | app.kubernetes.io/name: nexus | ||
app.kubernetes.io/instance: nexus | |||
app.kubernetes.io/version: 1.0.0 | app.kubernetes.io/version: 1.0.0 | ||
app.kubernetes.io/managed-by: kubectl | app.kubernetes.io/managed-by: kubectl | ||
annotations: | |||
nginx.ingress.kubernetes.io/proxy-body-size: "0" | |||
spec: | spec: | ||
ingressClassName: nginx | ingressClassName: nginx | ||
| Line 562: | Line 564: | ||
backend: | backend: | ||
service: | service: | ||
name: | name: nexus | ||
port: | port: | ||
number: | number: 8081 | ||
YML | YML | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 581: | Line 583: | ||
app.kubernetes.io/instance: haproxy | app.kubernetes.io/instance: haproxy | ||
app.kubernetes.io/managed-by: kubectl | app.kubernetes.io/managed-by: kubectl | ||
annotations: | |||
nginx.ingress.kubernetes.io/proxy-body-size: "0" | |||
spec: | spec: | ||
ingressClassName: nginx | ingressClassName: nginx | ||
Revision as of 13:27, 25 July 2025
K8s » Config
|
K8s » Config | |
|---|---|
export KUBECONFIG=${HOME}/.kube/aws-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/dev-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/gcp-kubeconfig.yaml
|
export KUBECONFIG=${HOME}/.kube/shahed-aa-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/shahed-ab-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/shahed-ac-kubeconfig.yaml
|
export KUBECONFIG=${HOME}/.kube/shahed-ae-kubeconfig.yaml
kubectl config get-contexts
kubectl config view
| |
K8s » MinIO
|
K8s » MinIO |
|---|
cat << EXE | bash
mc ready s3_minio_shahed_shahed_biz_admin
mc ping -c=3 s3_minio_shahed_shahed_biz_admin
mc admin info s3_minio_shahed_shahed_biz_admin
mc mb s3_minio_shahed_shahed_biz_admin/shahed-ae-nexus-docker-group
mc mb s3_minio_shahed_shahed_biz_admin/shahed-ae-nexus-docker-private
mc ls s3_minio_shahed_shahed_biz_admin --json | jq -r '.key|sub("/$"; "")'
EXE
|
|
K8s » MinIO » Policy |
yq -o=json <<'YML'| \
mc admin policy create s3_minio_shahed_shahed_biz_admin shahed-ae-nexus-rw /dev/stdin
---
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- s3:*
Resource:
- arn:aws:s3:::shahed-ae-nexus-docker-group
- arn:aws:s3:::shahed-ae-nexus-docker-private
YML
mc admin policy ls s3_minio_shahed_shahed_biz_admin --json|jq -r '.policy'
mc admin policy info s3_minio_shahed_shahed_biz_admin shahed-ae-nexus-rw --json|jq -r
|
|
K8s » MinIO » Service Account |
mc admin policy info s3_minio_shahed_shahed_biz_admin shahed-ae-nexus-rw --json|jq -r '.policyInfo.Policy'|\
mc admin user svcacct add s3_minio_shahed_shahed_biz_admin admin \
--description 'shahed-ae-nexus-rw' \
--name shahed-ae-nexus-rw \
--policy /dev/stdin
:'
Access Key: 3BD9PQS397ZLN8YLCZM7
Expiration: no-expiry
'
mc admin policy info s3_minio_shahed_shahed_biz_admin shahed-ae-nexus-rw --json|jq -r '.policyInfo.Policy'|\
mc admin user svcacct edit s3_minio_shahed_shahed_biz_admin/ '3BD9PQS397ZLN8YLCZM7' \
--policy /dev/stdin
:'
Edited service account `3BD9PQS397ZLN8YLCZM7` successfully.
'
mc admin user svcacct disable s3_minio_shahed_shahed_biz_admin '3BD9PQS397ZLN8YLCZM7'
mc admin user svcacct enable s3_minio_shahed_shahed_biz_admin '3BD9PQS397ZLN8YLCZM7'
mc admin user svcacct ls s3_minio_shahed_shahed_biz_admin admin
mc admin user svcacct ls s3_minio_shahed_shahed_biz_admin admin --json|jq -r '.accessKey'
|
|
K8s » MinIO » Service Account » Debug |
echo -n 'SecretKey: ';read -s MC_SECRET_KEY;export MC_SECRET_KEY;echo
# SecretKey: TkbFQXTXZjYquDhzfdFBUyguZF15s0W+OYrb3LXQ
mc alias set shahed_ae_nexus_admin https://s3.minio.shahed.shahed.biz '3BD9PQS397ZLN8YLCZM7' ${MC_SECRET_KEY}
mc ping shahed_ae_nexus_admin -c=3
mc ls shahed_ae_nexus_admin
mc alias rm shahed_ae_nexus_admin
|
K8s » Storage
|
K8s » Storage | |
|---|---|
cat <<'EXE'| sudo bash
mkdir -p /var/minikube/pvc/nexus/data-nexus-0/log/jvm/
chown -R 200:200 /var/minikube/pvc/nexus/
chmod -R 750 /var/minikube/pvc/nexus/
EXE
| |
cat <<'YML'| kubectl apply -f -
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nexus-data-nexus-0
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: hostpath
hostPath:
path: /var/hostpath_pv/nexus/data-nexus-0
type: DirectoryOrCreate
YML
|
|
K8s » Database
|
K8s » Database |
|---|
ssh -qt shahed@shahed-ae.local.or.tunnel.ip bash
echo -n 'Password: ';read -s NEXUS_PASSWORD;export NEXUS_PASSWORD;echo
# Password: sadaqah!
cat << DDL | sudo -i -u postgres psql
\! printf '\n'
SELECT 'CREATE DATABASE shahed_nexus'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'shahed_nexus')\gexec
CREATE USER shahed_nexus WITH ENCRYPTED PASSWORD '${NEXUS_PASSWORD}';
GRANT ALL PRIVILEGES ON DATABASE shahed_nexus TO shahed_nexus;
ALTER DATABASE shahed_nexus OWNER TO shahed_nexus;
DDL
|
echo -n 'Password: ';read -s PGBOUNCER_PASSWORD;export PGBOUNCER_PASSWORD;echo
# Password: sadaqah!
cat << DDL | sudo -i -u postgres psql
\! printf '\n'
SELECT 'CREATE DATABASE bouncer'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'bouncer')\gexec
CREATE USER bouncer WITH ENCRYPTED PASSWORD '${PGBOUNCER_PASSWORD}';
GRANT ALL PRIVILEGES ON DATABASE bouncer TO bouncer;
ALTER DATABASE bouncer OWNER TO bouncer;
DDL
echo -n 'Password: ';read -s PGPASSWORD; export PGPASSWORD; echo
# Password: sadaqah!
psql -U shahed_nexus -d shahed_nexus -p 5432 -h 192.168.49.103
psql -U shahed_nexus -d shahed_nexus -p 5432 -h localhost
psql -U bouncer -d bouncer -p 5432 -h 192.168.49.103
psql -U bouncer -d bouncer -p 5432 -h localhost
|
K8s » Deploy
|
K8s » Deploy | |
|---|---|
kubectl config get-contexts
kubectl config view
|
kubectl create ns nexus
kubectl get ns|grep nexus
|
cat <<ENV | kubectl -n nexus create configmap nexus --from-env-file=/dev/stdin
INSTALL4J_ADD_VM_PARAMS="-Xms512m -Xmx2g\
-XX:MaxDirectMemorySize=2g\
-XX:+UnlockExperimentalVMOptions\
-Djava.util.prefs.userRoot=/nexus-data/javaprefs\
-XX:LogFile=/nexus-data/log/jvm/jvm.log\
-Dnexus.datastore.enabled=true\
-Dnexus.datastore.nexus.type=jdbc\
-Dnexus.datastore.nexus.name=\${DB_NAME}\
-Dnexus.datastore.nexus.username=\${DB_USERNAME}\
-Dnexus.datastore.nexus.password=\${DB_PASSWORD}\
-Dnexus.datastore.nexus.jdbcUrl=jdbc:postgresql://pgbouncer.pgbouncer:5432/\${DB_NAME}"
NEXUS_SECURITY_RANDOMPASSWORD=false
NEXUS_SERVICE_PORT=8081
NEXUS_CONTEXT=/
ENV
cat <<ENV | kubectl -n nexus create secret generic nexus --from-env-file=/dev/stdin
NEXUS_SECURITY_INITIAL_PASSWORD=sadaqah!
DB_USERNAME=shahed_nexus
DB_PASSWORD=sadaqah!
DB_NAME=shahed_nexus
ENV
cat <<'CFG'| kubectl -n nexus create configmap haproxy --from-file=haproxy.cfg=/dev/stdin
global
log stdout format raw local0
maxconn 3000
defaults
log global
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
# ##############################################################################
# http frontend config for nexus.shahed.biz & docker.shahed.biz
# this config added by chorke academia, inc
frontend fnt_shahed_biz
bind *:80
mode http
acl host-is-shahed-biz-docker hdr(host) -i docker.shahed.biz
acl host-is-shahed-biz-nexus hdr(host) -i nexus.shahed.biz
acl path-is-v2-api path_beg /v2
use_backend bck_shahed_biz_docker if host-is-shahed-biz-docker path-is-v2-api
use_backend bck_shahed_biz_nexus if host-is-shahed-biz-nexus
default_backend bck_shahed_biz_nexus
backend bck_shahed_biz_nexus
server nexus_nexus nexus:8081
mode http
backend bck_shahed_biz_docker
http-request set-path "%[path,regsub(^/v2/,/)]"
server nexus_docker docker:5000
mode http
CFG
| |
cat <<'YML'| kubectl apply -n nexus -f -
---
apiVersion: v1
kind: Service
metadata:
name: nexus
namespace: nexus
labels:
app.kubernetes.io/name: nexus
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: nexus
app.kubernetes.io/managed-by: kubectl
spec:
selector:
app: nexus
ports:
- targetPort: 8081
protocol: TCP
port: 8081
name: nexus
type: ClusterIP
YML
|
cat <<'YML'| kubectl apply -n nexus -f -
---
apiVersion: v1
kind: Service
metadata:
name: docker
namespace: nexus
labels:
app.kubernetes.io/name: nexus
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: nexus
app.kubernetes.io/managed-by: kubectl
spec:
selector:
app: nexus
ports:
- targetPort: 5000
protocol: TCP
port: 5000
name: docker
type: ClusterIP
YML
|
cat <<'YML'| kubectl apply -n nexus -f -
---
apiVersion: v1
kind: Service
metadata:
name: haproxy
namespace: nexus
labels:
app.kubernetes.io/name: haproxy
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: haproxy
app.kubernetes.io/managed-by: kubectl
spec:
selector:
app: haproxy
ports:
- targetPort: 80
name: haproxy
protocol: TCP
port: 80
type: ClusterIP
YML
|
|
cat <<'YML'| kubectl apply -n nexus -f -
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data-nexus-0
namespace: nexus
labels:
app.kubernetes.io/name: nexus
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: nexus
app.kubernetes.io/managed-by: kubectl
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
storageClassName: hostpath
volumeName: nexus-data-nexus-0
YML
|
|
cat <<'YML'| kubectl apply -n nexus -f -
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nexus
namespace: nexus
labels:
app: nexus
app.kubernetes.io/name: nexus
app.kubernetes.io/instance: nexus
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/managed-by: kubectl
annotations:
kubernetes.io/change-cause: "CKI-1| Initial Deployment"
spec:
replicas: 1
selector:
matchLabels:
app: nexus
template:
metadata:
labels:
app: nexus
spec:
securityContext:
runAsUser: 200
fsGroup: 200
containers:
- name: nexus
image: sonatype/nexus3:3.82.0-alpine
ports:
- containerPort: 8081
protocol: TCP
name: nexus
- containerPort: 5000
protocol: TCP
name: docker
resources:
limits:
cpu: 1000m
memory: 2Gi
requests:
cpu: 300m
memory: 1Gi
envFrom:
- secretRef:
name: nexus
- configMapRef:
name: nexus
volumeMounts:
- mountPath: /nexus-data
name: data-nexus-0
volumes:
- name: data-nexus-0
persistentVolumeClaim:
claimName: data-nexus-0
YML
| |
cat <<'YML'| kubectl apply -n nexus -f -
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: haproxy
namespace: nexus
labels:
app.kubernetes.io/name: haproxy
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: haproxy
app.kubernetes.io/managed-by: kubectl
spec:
replicas: 1
selector:
matchLabels:
app: haproxy
template:
metadata:
labels:
app: haproxy
spec:
securityContext:
runAsNonRoot: true
runAsGroup: 99
runAsUser: 99
containers:
- name: haproxy
image: haproxy:2.8-alpine
ports:
- containerPort: 80
name: haproxy
protocol: TCP
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi
volumeMounts:
- mountPath: /usr/local/etc/haproxy
name: haproxy
volumes:
- name: haproxy
configMap:
name: haproxy
YML
| |
K8s » Ingress
|
K8s » Ingress |
|---|
cat << YML | kubectl apply -n nexus -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nexus
namespace: nexus
labels:
app.kubernetes.io/name: nexus
app.kubernetes.io/instance: nexus
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/managed-by: kubectl
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
ingressClassName: nginx
rules:
- host: nexus.shahed.biz
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: nexus
port:
number: 8081
YML
cat << YML | kubectl apply -n nexus -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: docker
namespace: nexus
labels:
app.kubernetes.io/name: haproxy
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: haproxy
app.kubernetes.io/managed-by: kubectl
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
ingressClassName: nginx
rules:
- host: docker.shahed.biz
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: haproxy
port:
number: 80
YML
|
K8s » Verify
|
K8s » Verify | |
|---|---|
xdg-open https://www.cdn77.com/tls-test/result?domain=docker.shahed.biz
xdg-open https://docker.shahed.biz
xdg-open https://www.cdn77.com/tls-test/result?domain=nexus.shahed.biz
xdg-open https://nexus.shahed.biz
| |
kubectl -n nexus exec -it svc/nexus -c nexus -- ash
kubectl -n nexus exec -it svc/nexus -- ash
kubectl -n nexus exec -it svc/nexus -- id
kubectl -n nexus logs -f svc/nexus
|
---
Page: https://nexus.shahed.biz
user: tool.tech@shahed.biz
pass: sadaqah!
|
cat ~/.docker/config.json|jq -r '.auths."docker.shahed.biz".auth'|base64 --decode && echo
docker login docker.shahed.biz -u admin
docker login docker.shahed.biz
docker tag nginx:1.27-alpine-slim \
docker.shahed.biz/library/nginx:1.27-alpine-slim
docker push docker.shahed.biz/library/nginx:1.27-alpine-slim
docker tag nginx:alpine \
docker.shahed.biz/library/nginx:alpine
docker push docker.shahed.biz/library/nginx:alpine
docker tag nginx:1.27 \
docker.shahed.biz/library/nginx:1.27
docker push docker.shahed.biz/library/nginx:1.27
cat ~/.docker/config.json|yq -P
cat ~/.docker/config.json|yq -P 'del(.auths["docker.shahed.biz"])'
cat ~/.docker/config.json|jq -r 'del(.auths["docker.shahed.biz"])'|sponge ~/.docker/config.json
| |
K8s » Scaling
|
K8s » Scaling |
|---|
cat <<YML | kubectl -n nexus patch deploy/nexus --patch-file=/dev/stdin
---
spec:
replicas: 0
YML
cat <<YML | kubectl -n nexus patch deploy/nexus --patch-file=/dev/stdin
---
spec:
replicas: 1
YML
cat <<YML | kubectl -n nexus patch deploy/nexus --patch-file=/dev/stdin
---
metadata:
annotations:
kubernetes.io/change-cause: "CKI-2| Resources Updated"
spec:
template:
spec:
containers:
- name: nexus
resources:
requests:
cpu: 500m
memory: 2Gi
limits:
cpu: 1000m
memory: 4Gi
YML
|
K8s » Rolling
|
K8s » Rollout |
|---|
kubectl -n nexus rollout history deploy/nexus
kubectl -n nexus rollout pause deploy/nexus
cat <<YML | kubectl -n nexus patch deploy/nexus --patch-file=/dev/stdin
---
metadata:
annotations:
kubernetes.io/change-cause: "CKI-2| Container Updated"
spec:
template:
spec:
containers:
- name: nexus
resources:
requests:
cpu: 500m
memory: 2Gi
limits:
cpu: 1000m
memory: 4Gi
YML
kubectl -n nexus annotate deploy/nexus --overwrite \
kubernetes.io/change-cause="CKI-2| Resources Updated"
kubectl -n nexus rollout resume deploy/nexus
kubectl -n nexus rollout history deploy/nexus
|
kubectl -n nexus rollout undo deploy/nexus --to-revision=1
kubectl -n nexus rollout history deploy/nexus
kubectl -n nexus annotate deploy/nexus --overwrite \
kubernetes.io/change-cause="CKI-3| Revert Back to CKI-1"
kubectl -n nexus rollout history deploy/nexus
|
K8s » Delete
|
K8s » Delete | |
|---|---|
kubectl delete svc --all -n nexus
kubectl delete deploy --all -n nexus
kubectl delete pvc --all -n nexus
|
kubectl delete pv nexus-data-nexus-0
kubectl delete all --all -n nexus
kubectl delete ns nexus
|
Playground
|
Playground | |
|---|---|
kubectl -n nexus get secret nexus -o json|jq -r '.data."NEXUS_SECURITY_INITIAL_PASSWORD"'|base64 -d;echo
kubectl -n nexus get secret nexus -o json|jq -r '.data."DB_USERNAME"'|base64 -d;echo
kubectl -n nexus get secret nexus -o json|jq -r '.data."DB_PASSWORD"'|base64 -d;echo
kubectl -n nexus get secret nexus -o json|jq -r '.data."DB_NAME"' |base64 -d;echo
kubectl -n nexus exec -it svc/nexus -- cat /nexus-data/keystores/secret-key
kubectl -n nexus exec -it svc/nexus -- cat /nexus-data/admin.password
| |
kubectl -n nexus rollout history deploy/nexus
kubectl -n nexus rollout restart deploy/nexus
kubectl -n nexus rollout undo deploy/nexus
|
kubectl -n nexus rollout pause deploy/nexus
kubectl -n nexus rollout resume deploy/nexus
kubectl -n nexus rollout status deploy/nexus
|
kubectl delete svc --all -n nexus
kubectl delete deploy --all -n nexus
kubectl delete pvc --all -n nexus
|
kubectl delete pv nexus-data-nexus-0
kubectl delete all --all -n nexus
kubectl delete ns nexus
|
kubectl -n nexus exec -it svc/nexus -c nexus -- ash
kubectl -n nexus exec -it svc/nexus -- ash
kubectl -n nexus exec -it svc/nexus -- id
kubectl -n nexus logs -f svc/nexus -c nexus
kubectl -n nexus logs -f svc/nexus
| |
References
|
References | ||
|---|---|---|