Задача
Нужно развернуть Nexus Repository 3 внутри кластера Kubernetes.
В кластере настроен LoadBalancer и CertManager.
Образ Docker есть на hub.docker.com.
Nexus Namespace
kubectl create ns nexus
Nexus StorageClass PersistentVolumeClaim PersistentVolume
Для работы Nexus нужна директория. где он будет хранить артефакты. Для этого создаим StorageClass, PersistentVolumeСlaim и сам PersistentVolume:
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nexus-storage-class
namespace: nexus
provisioner: kubernetes.io/no-provisioner
reclaimPolicy: Retain
volumeBindingMode: WaitForFirstConsumer
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nexus-data-pv-claim
namespace: nexus
spec:
storageClassName: nexus-storage-class
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
selector:
matchLabels:
app: nexus-server
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nexus-data-pv
namespace: nexus
labels:
app: nexus-server
spec:
capacity:
storage: 20Gi
accessModes:
- ReadWriteOnce
storageClassName: nexus-storage-class
hostPath:
path: "/kubernetes_volumes/nexus-data"
type: Directory
persistentVolumeReclaimPolicy: Retain
Nexus deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: nexus
namespace: nexus
spec:
replicas: 1
selector:
matchLabels:
app: nexus-server
template:
metadata:
labels:
app: nexus-server
spec:
containers:
- name: nexus
image: sonatype/nexus3:latest
resources:
limits:
memory: "4Gi"
cpu: "1000m"
requests:
memory: "1Gi"
cpu: "500m"
ports:
- containerPort: 8081
volumeMounts:
- name: nexus-data
mountPath: /nexus-data
volumes:
- name: nexus-data
persistentVolumeClaim:
claimName: nexus-data-pv-claim
Nexus Service and Ingress
apiVersion: v1
kind: Service
metadata:
name: nexus-svc
namespace: nexus
annotations:
prometheus.io/scrape: 'true'
prometheus.io/path: /
prometheus.io/port: '8081'
spec:
selector:
app: nexus-server
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8081
- name: docker-registry
port: 5000
protocol: TCP
targetPort: 5000
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
nginx.ingress.kubernetes.io/client-max-body-size: "4096m"
name: nexus-ingress
namespace: nexus
spec:
rules:
- host: nexus.domain.com
http:
paths:
- backend:
serviceName: nexus-svc
servicePort: 80
path: /
tls:
- hosts:
- nexus.domain.com
secretName: nexus-domain-com-tls
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
nginx.ingress.kubernetes.io/client-max-body-size: "4096m"
name: nexus-docker-ingress
namespace: nexus
spec:
rules:
- host: registry.autosys.tk
http:
paths:
- backend:
serviceName: nexus-svc
servicePort: 5000
path: /
tls:
- hosts:
- registry.autosys.tk
secretName: registry-autosys-tk-tls
Дефолтный пароль admin
Администативная учетка - admin.
Пароль по-умолчанию от учетки admin генерируется во время deplyment'а и хранится в корневой папке PersistentVolume - в файле admin.password.
Discussion