K8s/Nexus
K8s » Config
|
K8s » Config | |
|---|---|
export KUBECONFIG=${HOME}/.kube/aws-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/dev-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/gcp-kubeconfig.yaml
|
export KUBECONFIG=${HOME}/.kube/shahed-aa-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/shahed-ab-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/shahed-ac-kubeconfig.yaml
|
export KUBECONFIG=${HOME}/.kube/shahed-ae-kubeconfig.yaml
kubectl config get-contexts
kubectl config view
| |
K8s » Storage
|
K8s » Storage | |
|---|---|
cat <<'EXE'| sudo bash
mkdir -p /var/minikube/pvc/nexus/data-nexus-0/home/log/
chown -R 200:200 /var/minikube/pvc/nexus/
chmod -R 750 /var/minikube/pvc/nexus/
EXE
| |
cat <<'YML'| kubectl apply -f -
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nexus-data-nexus-0
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: hostpath
hostPath:
path: /var/hostpath_pv/nexus/data-nexus-0
type: DirectoryOrCreate
YML
|
|
K8s » Database
|
K8s » Database |
|---|
ssh -qt shahed@shahed-ae.local.or.tunnel.ip bash
echo -n 'Password: ';read -s NEXUS_PASSWORD;export NEXUS_PASSWORD;echo
# Password: sadaqah!
cat << DDL | sudo -i -u postgres psql
\! printf '\n'
SELECT 'CREATE DATABASE shahed_nexus'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'shahed_nexus')\gexec
CREATE USER shahed_nexus WITH ENCRYPTED PASSWORD '${NEXUS_PASSWORD}';
GRANT ALL PRIVILEGES ON DATABASE shahed_nexus TO shahed_nexus;
ALTER DATABASE shahed_nexus OWNER TO shahed_nexus;
DDL
|
echo -n 'Password: ';read -s PGBOUNCER_PASSWORD;export PGBOUNCER_PASSWORD;echo
# Password: sadaqah!
cat << DDL | sudo -i -u postgres psql
\! printf '\n'
SELECT 'CREATE DATABASE bouncer'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'bouncer')\gexec
CREATE USER bouncer WITH ENCRYPTED PASSWORD '${PGBOUNCER_PASSWORD}';
GRANT ALL PRIVILEGES ON DATABASE bouncer TO bouncer;
ALTER DATABASE bouncer OWNER TO bouncer;
DDL
echo -n 'Password: ';read -s PGPASSWORD; export PGPASSWORD; echo
# Password: sadaqah!
psql -U shahed_nexus -d shahed_nexus -p 5432 -h 192.168.49.103
psql -U shahed_nexus -d shahed_nexus -p 5432 -h localhost
psql -U bouncer -d bouncer -p 5432 -h 192.168.49.103
psql -U bouncer -d bouncer -p 5432 -h localhost
|
K8s » Deploy
|
K8s » Deploy | |
|---|---|
kubectl config get-contexts
kubectl config view
|
kubectl create ns nexus
kubectl get ns|grep nexus
|
cat <<ENV | kubectl -n nexus create configmap nexus --from-env-file=/dev/stdin
INSTALL4J_ADD_VM_PARAMS="-Xms512m -Xmx2g\
-XX:MaxDirectMemorySize=2g\
-XX:+UnlockExperimentalVMOptions\
-Djava.util.prefs.userRoot=/nexus-data/javaprefs\
-XX:LogFile=/nexus-data/home/log/jvm.log\
-Dnexus.datastore.enabled=true\
-Dnexus.datastore.nexus.type=jdbc\
-Dnexus.datastore.nexus.name=\${DB_NAME}\
-Dnexus.datastore.nexus.username=\${DB_USERNAME}\
-Dnexus.datastore.nexus.password=\${DB_PASSWORD}\
-Dnexus.datastore.nexus.jdbcUrl=jdbc:postgresql://pgbouncer.pgbouncer:5432/\${DB_NAME}"
NEXUS_SECURITY_RANDOMPASSWORD=false
NEXUS_SERVICE_PORT=8081
NEXUS_CONTEXT=/
ENV
cat <<ENV | kubectl -n nexus create secret generic nexus --from-env-file=/dev/stdin
NEXUS_SECURITY_INITIAL_PASSWORD=sadaqah!
DB_USERNAME=shahed_nexus
DB_PASSWORD=sadaqah!
DB_NAME=shahed_nexus
ENV
| |
cat <<'YML'| kubectl apply -n nexus -f -
---
apiVersion: v1
kind: Service
metadata:
name: nexus
namespace: nexus
labels:
app.kubernetes.io/name: nexus
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: nexus
app.kubernetes.io/managed-by: kubectl
spec:
selector:
app: nexus
ports:
- targetPort: 8081
protocol: TCP
port: 8081
name: nexus
type: ClusterIP
YML
|
cat <<'YML'| kubectl apply -n nexus -f -
---
apiVersion: v1
kind: Service
metadata:
name: docker
namespace: nexus
labels:
app.kubernetes.io/name: nexus
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: nexus
app.kubernetes.io/managed-by: kubectl
spec:
selector:
app: nexus
ports:
- targetPort: 5000
protocol: TCP
port: 5000
name: docker
type: ClusterIP
YML
|
cat <<'YML'| kubectl apply -n nexus -f -
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data-nexus-0
namespace: nexus
labels:
app.kubernetes.io/name: nexus
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: nexus
app.kubernetes.io/managed-by: kubectl
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
storageClassName: hostpath
volumeName: nexus-data-nexus-0
YML
|
|
cat <<'YML'| kubectl apply -n nexus -f -
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nexus
namespace: nexus
labels:
app: nexus
app.kubernetes.io/name: nexus
app.kubernetes.io/instance: nexus
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/managed-by: kubectl
annotations:
kubernetes.io/change-cause: "CKI-1| Initial Deployment"
spec:
replicas: 1
selector:
matchLabels:
app: nexus
template:
metadata:
labels:
app: nexus
spec:
securityContext:
runAsUser: 200
fsGroup: 200
containers:
- name: nexus
image: sonatype/nexus3:3.82.0-alpine
ports:
- containerPort: 8081
protocol: TCP
name: nexus
- containerPort: 5000
protocol: TCP
name: docker
resources:
limits:
cpu: 1000m
memory: 2Gi
requests:
cpu: 300m
memory: 1Gi
envFrom:
- secretRef:
name: nexus
- configMapRef:
name: nexus
volumeMounts:
- mountPath: /nexus-data
name: data-nexus-0
volumes:
- name: data-nexus-0
persistentVolumeClaim:
claimName: data-nexus-0
YML
| |
K8s » Ingress
|
K8s » Ingress |
|---|
cat << YML | kubectl apply -n nexus -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nexus
namespace: nexus
labels:
app.kubernetes.io/name: nexus
app.kubernetes.io/instance: nexus
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/managed-by: kubectl
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
ingressClassName: nginx
rules:
- host: nexus.shahed.biz
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: nexus
port:
number: 8081
YML
cat << YML | kubectl apply -n nexus -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: docker
namespace: nexus
labels:
app.kubernetes.io/name: nexus
app.kubernetes.io/instance: nexus
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/managed-by: kubectl
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
ingressClassName: nginx
rules:
- host: docker.shahed.biz
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: docker
port:
number: 5000
YML
|
K8s » Verify
|
K8s » Verify | |
|---|---|
xdg-open https://www.cdn77.com/tls-test/result?domain=docker.shahed.biz
xdg-open https://docker.shahed.biz
xdg-open https://www.cdn77.com/tls-test/result?domain=nexus.shahed.biz
xdg-open https://nexus.shahed.biz
| |
kubectl -n nexus exec -it svc/nexus -c nexus -- ash
kubectl -n nexus exec -it svc/nexus -- ash
kubectl -n nexus exec -it svc/nexus -- id
kubectl -n nexus logs -f svc/nexus
|
---
Page: https://nexus.shahed.biz
user: tool.tech@shahed.biz
pass: sadaqah!
|
K8s » Scaling
|
K8s » Scaling |
|---|
cat <<YML | kubectl -n nexus patch deploy/nexus --patch-file=/dev/stdin
---
spec:
replicas: 0
YML
cat <<YML | kubectl -n nexus patch deploy/nexus --patch-file=/dev/stdin
---
spec:
replicas: 1
YML
cat <<YML | kubectl -n nexus patch deploy/nexus --patch-file=/dev/stdin
---
metadata:
annotations:
kubernetes.io/change-cause: "CKI-2| Resources Updated"
spec:
template:
spec:
containers:
- name: nexus
resources:
requests:
cpu: 500m
memory: 2Gi
limits:
cpu: 1000m
memory: 4Gi
YML
|
K8s » Rolling
|
K8s » Rollout |
|---|
kubectl -n nexus rollout history deploy/nexus
kubectl -n nexus rollout pause deploy/nexus
cat <<YML | kubectl -n nexus patch deploy/nexus --patch-file=/dev/stdin
---
metadata:
annotations:
kubernetes.io/change-cause: "CKI-2| Container Updated"
spec:
template:
spec:
containers:
- name: nexus
resources:
requests:
cpu: 500m
memory: 2Gi
limits:
cpu: 1000m
memory: 4Gi
YML
kubectl -n nexus annotate deploy/nexus --overwrite \
kubernetes.io/change-cause="CKI-2| Resources Updated"
kubectl -n nexus rollout resume deploy/nexus
kubectl -n nexus rollout history deploy/nexus
|
kubectl -n nexus rollout undo deploy/nexus --to-revision=1
kubectl -n nexus rollout history deploy/nexus
kubectl -n nexus annotate deploy/nexus --overwrite \
kubernetes.io/change-cause="CKI-3| Revert Back to CKI-1"
kubectl -n nexus rollout history deploy/nexus
|
K8s » Delete
|
K8s » Delete | |
|---|---|
kubectl delete svc --all -n nexus
kubectl delete deploy --all -n nexus
kubectl delete pvc --all -n nexus
|
kubectl delete pv nexus-data-nexus-0
kubectl delete all --all -n nexus
kubectl delete ns nexus
|
Playground
|
Playground | |
|---|---|
kubectl -n nexus get secret nexus -o json|jq -r '.data."NEXUS_SECURITY_INITIAL_PASSWORD"'|base64 -d;echo
| |
kubectl -n nexus rollout history deploy/nexus
kubectl -n nexus rollout restart deploy/nexus
kubectl -n nexus rollout undo deploy/nexus
|
kubectl -n nexus rollout pause deploy/nexus
kubectl -n nexus rollout resume deploy/nexus
kubectl -n nexus rollout status deploy/nexus
|
kubectl delete svc --all -n nexus
kubectl delete deploy --all -n nexus
kubectl delete pvc --all -n nexus
|
kubectl delete pv nexus-data-nexus-0
kubectl delete all --all -n nexus
kubectl delete ns nexus
|
kubectl -n nexus exec -it svc/nexus -c nexus -- ash
kubectl -n nexus exec -it svc/nexus -- ash
kubectl -n nexus exec -it svc/nexus -- id
kubectl -n nexus logs -f svc/nexus -c nexus
kubectl -n nexus logs -f svc/nexus
| |
References
|
References | ||
|---|---|---|