K8s/Nexus: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
← Older editNewer edit →
VisualWikitext
Line 547: Line 547:
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
kubectl -n nexus get secret nexus -o json|jq -r '.data."NEXUS_SECURITY_INITIAL_PASSWORD"'|base64 -d;echo
kubectl -n nexus get secret nexus -o json|jq -r '.data."NEXUS_SECURITY_INITIAL_PASSWORD"'|base64 -d;echo
kubectl -n nexus get secret nexus -o json|jq -r '.data."DB_USERNAME"'|base64 -d;echo
kubectl -n nexus get secret nexus -o json|jq -r '.data."DB_PASSWORD"'|base64 -d;echo
kubectl -n nexus get secret nexus -o json|jq -r '.data."DB_NAME"'    |base64 -d;echo
</syntaxhighlight>
</syntaxhighlight>


Revision as of 23:21, 15 July 2025

K8s » Config

K8s » Config 

export KUBECONFIG=${HOME}/.kube/aws-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/dev-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/gcp-kubeconfig.yaml

export KUBECONFIG=${HOME}/.kube/shahed-aa-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/shahed-ab-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/shahed-ac-kubeconfig.yaml

export KUBECONFIG=${HOME}/.kube/shahed-ae-kubeconfig.yaml
kubectl config get-contexts
kubectl config view

K8s » Storage

K8s » Storage 

cat <<'EXE'| sudo bash
mkdir -p         /var/minikube/pvc/nexus/data-nexus-0/home/log/
chown -R 200:200 /var/minikube/pvc/nexus/
chmod -R 750     /var/minikube/pvc/nexus/
EXE

cat <<'YML'| kubectl apply -f -
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: nexus-data-nexus-0
spec:
  capacity:
    storage: 50Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  storageClassName: hostpath
  hostPath:
    path: /var/hostpath_pv/nexus/data-nexus-0
    type: DirectoryOrCreate
YML

K8s » Database

K8s » Database 

ssh -qt shahed@shahed-ae.local.or.tunnel.ip bash
echo -n 'Password: ';read -s NEXUS_PASSWORD;export NEXUS_PASSWORD;echo
# Password: sadaqah!

cat << DDL | sudo -i -u postgres psql
\! printf '\n'
SELECT 'CREATE DATABASE shahed_nexus' 
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'shahed_nexus')\gexec
CREATE USER shahed_nexus WITH ENCRYPTED PASSWORD   '${NEXUS_PASSWORD}';
GRANT ALL PRIVILEGES ON DATABASE shahed_nexus TO shahed_nexus;
ALTER DATABASE shahed_nexus OWNER TO shahed_nexus;
DDL

echo -n 'Password: ';read -s PGBOUNCER_PASSWORD;export PGBOUNCER_PASSWORD;echo
# Password: sadaqah!

cat << DDL | sudo -i -u postgres psql
\! printf '\n'
SELECT 'CREATE DATABASE bouncer' 
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'bouncer')\gexec
CREATE USER bouncer WITH ENCRYPTED PASSWORD '${PGBOUNCER_PASSWORD}';
GRANT ALL PRIVILEGES ON DATABASE bouncer TO bouncer;
ALTER DATABASE bouncer OWNER TO bouncer;
DDL

echo -n 'Password: ';read -s PGPASSWORD; export PGPASSWORD; echo
# Password: sadaqah!

psql -U shahed_nexus -d shahed_nexus -p 5432 -h 192.168.49.103
psql -U shahed_nexus -d shahed_nexus -p 5432 -h localhost
psql -U bouncer      -d bouncer      -p 5432 -h 192.168.49.103
psql -U bouncer      -d bouncer      -p 5432 -h localhost

K8s » Deploy

K8s » Deploy 

kubectl config get-contexts
kubectl config view

kubectl create ns   nexus
kubectl get ns|grep nexus

cat <<ENV | kubectl -n nexus create configmap nexus --from-env-file=/dev/stdin
INSTALL4J_ADD_VM_PARAMS="-Xms512m -Xmx2g\
 -XX:MaxDirectMemorySize=2g\
 -XX:+UnlockExperimentalVMOptions\
 -Djava.util.prefs.userRoot=/nexus-data/javaprefs\
 -XX:LogFile=/nexus-data/home/log/jvm.log\
 -Dnexus.datastore.enabled=true\
 -Dnexus.datastore.nexus.type=jdbc\
 -Dnexus.datastore.nexus.name=\${DB_NAME}\
 -Dnexus.datastore.nexus.username=\${DB_USERNAME}\
 -Dnexus.datastore.nexus.password=\${DB_PASSWORD}\
 -Dnexus.datastore.nexus.jdbcUrl=jdbc:postgresql://pgbouncer.pgbouncer:5432/\${DB_NAME}"
NEXUS_SECURITY_RANDOMPASSWORD=false
NEXUS_SERVICE_PORT=8081
NEXUS_CONTEXT=/
ENV

cat <<ENV | kubectl -n nexus create secret generic nexus --from-env-file=/dev/stdin
NEXUS_SECURITY_INITIAL_PASSWORD=sadaqah!
DB_USERNAME=shahed_nexus
DB_PASSWORD=sadaqah!
DB_NAME=shahed_nexus
ENV

cat <<'YML'| kubectl apply -n nexus -f -
---
apiVersion: v1
kind: Service
metadata:
  name: nexus
  namespace: nexus
  labels:
    app.kubernetes.io/name: nexus
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/instance: nexus
    app.kubernetes.io/managed-by: kubectl
spec:
  selector:
    app: nexus
  ports:
    - targetPort: 8081
      protocol: TCP
      port: 8081
      name: nexus
  type: ClusterIP
YML

cat <<'YML'| kubectl apply -n nexus -f -
---
apiVersion: v1
kind: Service
metadata:
  name: docker
  namespace: nexus
  labels:
    app.kubernetes.io/name: nexus
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/instance: nexus
    app.kubernetes.io/managed-by: kubectl
spec:
  selector:
    app: nexus
  ports:
    - targetPort: 5000
      protocol: TCP
      port: 5000
      name: docker
  type: ClusterIP
YML

cat <<'YML'| kubectl apply -n nexus -f -
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: data-nexus-0
  namespace: nexus
  labels:
    app.kubernetes.io/name: nexus
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/instance: nexus
    app.kubernetes.io/managed-by: kubectl
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 50Gi
  storageClassName: hostpath
  volumeName: nexus-data-nexus-0
YML

cat <<'YML'| kubectl apply -n nexus -f -
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nexus
  namespace: nexus
  labels:
    app: nexus
    app.kubernetes.io/name: nexus
    app.kubernetes.io/instance: nexus
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: kubectl
  annotations:
    kubernetes.io/change-cause: "CKI-1| Initial Deployment"
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nexus
  template:
    metadata:
      labels:
        app: nexus
    spec:
      securityContext:
        runAsUser: 200
        fsGroup: 200
      containers:
        - name: nexus
          image: sonatype/nexus3:3.82.0-alpine
          ports:
          - containerPort: 8081
            protocol: TCP
            name: nexus
          - containerPort: 5000
            protocol: TCP
            name: docker
          resources:
            limits:
              cpu: 1000m
              memory: 2Gi
            requests:
              cpu: 300m
              memory: 1Gi
          envFrom:
            - secretRef:
                name: nexus
            - configMapRef:
                name: nexus
          volumeMounts:
          - mountPath: /nexus-data
            name: data-nexus-0
      volumes:
        - name: data-nexus-0
          persistentVolumeClaim:
            claimName: data-nexus-0
YML

K8s » Ingress

K8s » Ingress 

cat << YML | kubectl apply -n nexus -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nexus
  namespace: nexus
  labels:
    app.kubernetes.io/name: nexus
    app.kubernetes.io/instance: nexus
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: kubectl
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
  ingressClassName: nginx
  rules:
    - host: nexus.shahed.biz
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              service:
                name: nexus
                port:
                  number: 8081
YML

cat << YML | kubectl apply -n nexus -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: docker
  namespace: nexus
  labels:
    app.kubernetes.io/name: nexus
    app.kubernetes.io/instance: nexus
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: kubectl
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
  ingressClassName: nginx
  rules:
    - host: docker.shahed.biz
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              service:
                name: docker
                port:
                  number: 5000
YML

K8s » Verify

K8s » Verify 

xdg-open https://www.cdn77.com/tls-test/result?domain=docker.shahed.biz
xdg-open https://docker.shahed.biz

xdg-open https://www.cdn77.com/tls-test/result?domain=nexus.shahed.biz
xdg-open https://nexus.shahed.biz

kubectl -n nexus exec -it svc/nexus -c nexus -- ash
kubectl -n nexus exec -it svc/nexus -- ash
kubectl -n nexus exec -it svc/nexus -- id
kubectl -n nexus logs -f  svc/nexus

---
Page: https://nexus.shahed.biz
user: tool.tech@shahed.biz
pass: sadaqah!

K8s » Scaling

K8s » Scaling 

cat <<YML | kubectl -n nexus patch deploy/nexus --patch-file=/dev/stdin
---
spec:
  replicas: 0
YML

cat <<YML | kubectl -n nexus patch deploy/nexus --patch-file=/dev/stdin
---
spec:
  replicas: 1
YML

cat <<YML | kubectl -n nexus patch deploy/nexus --patch-file=/dev/stdin
---
metadata:
  annotations:
    kubernetes.io/change-cause: "CKI-2| Resources Updated"
spec:
  template:
    spec:
      containers:
        - name: nexus
          resources:
            requests:
              cpu: 500m
              memory: 2Gi
            limits:
              cpu: 1000m
              memory: 4Gi
YML

K8s » Rolling

K8s » Rollout 

kubectl -n nexus rollout history deploy/nexus
kubectl -n nexus rollout pause   deploy/nexus

cat <<YML | kubectl -n nexus patch deploy/nexus --patch-file=/dev/stdin
---
metadata:
  annotations:
    kubernetes.io/change-cause: "CKI-2| Container Updated"
spec:
  template:
    spec:
      containers:
        - name: nexus
          resources:
            requests:
              cpu: 500m
              memory: 2Gi
            limits:
              cpu: 1000m
              memory: 4Gi
YML

kubectl -n nexus annotate        deploy/nexus --overwrite \
 kubernetes.io/change-cause="CKI-2| Resources Updated"

kubectl -n nexus rollout resume  deploy/nexus
kubectl -n nexus rollout history deploy/nexus

kubectl -n nexus rollout undo    deploy/nexus --to-revision=1
kubectl -n nexus rollout history deploy/nexus

kubectl -n nexus annotate        deploy/nexus --overwrite \
 kubernetes.io/change-cause="CKI-3| Revert Back to CKI-1"

kubectl -n nexus rollout history deploy/nexus

K8s » Delete

K8s » Delete 

kubectl delete svc    --all -n nexus
kubectl delete deploy --all -n nexus
kubectl delete pvc    --all -n nexus

kubectl delete pv     nexus-data-nexus-0
kubectl delete all    --all -n nexus
kubectl delete ns     nexus

Playground

Playground 

kubectl -n nexus get secret nexus -o json|jq -r '.data."NEXUS_SECURITY_INITIAL_PASSWORD"'|base64 -d;echo
kubectl -n nexus get secret nexus -o json|jq -r '.data."DB_USERNAME"'|base64 -d;echo
kubectl -n nexus get secret nexus -o json|jq -r '.data."DB_PASSWORD"'|base64 -d;echo
kubectl -n nexus get secret nexus -o json|jq -r '.data."DB_NAME"'    |base64 -d;echo

kubectl -n nexus rollout history deploy/nexus
kubectl -n nexus rollout restart deploy/nexus
kubectl -n nexus rollout undo    deploy/nexus

kubectl -n nexus rollout pause   deploy/nexus
kubectl -n nexus rollout resume  deploy/nexus
kubectl -n nexus rollout status  deploy/nexus

kubectl delete svc    --all -n nexus
kubectl delete deploy --all -n nexus
kubectl delete pvc    --all -n nexus

kubectl delete pv     nexus-data-nexus-0
kubectl delete all    --all -n nexus
kubectl delete ns     nexus

kubectl -n nexus exec -it svc/nexus -c nexus -- ash
kubectl -n nexus exec -it svc/nexus -- ash
kubectl -n nexus exec -it svc/nexus -- id

kubectl -n nexus logs -f  svc/nexus -c nexus
kubectl -n nexus logs -f  svc/nexus

References

References

Retrieved from "https://wiki.chorke.org/index.php?title=K8s/Nexus&oldid=15462"