Helm/Nexus: Difference between revisions
Jump to navigation
Jump to search
(13 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
helm repo add sonatype https://sonatype.github.io/helm3-charts | helm repo add sonatype https://sonatype.github.io/helm3-charts | ||
helm repo update && helm repo list | helm repo update && helm repo list | ||
kubectl config get-contexts | |||
==Config== | ==Config== | ||
Line 11: | Line 12: | ||
==Install== | ==Install== | ||
{| | {| | ||
|valign='top'| | |||
<syntaxhighlight lang="sql"> | |||
kubectl -n postgresql exec -it svc/postgresql -c postgresql -- bash | |||
echo -n password: ;read -s PGPASSWORD;export PGPASSWORD;echo | |||
# -- drop if schema exists | |||
cat << DDL | psql -U postgres | |||
DROP DATABASE IF EXISTS nexus; | |||
DROP USER IF EXISTS nexus; | |||
DDL | |||
# -- create nexus schema | |||
cat << DDL | psql -U postgres | |||
CREATE DATABASE nexus; | |||
CREATE USER nexus WITH ENCRYPTED PASSWORD 'sadaqah!'; | |||
GRANT ALL PRIVILEGES ON DATABASE nexus TO nexus; | |||
ALTER USER nexus WITH SUPERUSER; | |||
DDL | |||
</syntaxhighlight> | |||
---- | |||
<syntaxhighlight lang="bash"> | |||
kubectl delete namespace nexus | |||
helm show values sonatype/nexus-repository-manager --version 64.2.0|less | |||
</syntaxhighlight> | |||
|valign='top'| | |||
<syntaxhighlight lang="bash"> | |||
kubectl get ns|grep nexus | |||
kubectl create namespace nexus | |||
</syntaxhighlight> | |||
---- | |||
<syntaxhighlight lang="yaml"> | |||
cat << YML | kubectl -n nexus apply -f - | |||
--- | |||
apiVersion: v1 | |||
kind: PersistentVolumeClaim | |||
metadata: | |||
labels: | |||
app.kubernetes.io/name: nexus | |||
name: nexus-pvc | |||
spec: | |||
storageClassName: standard | |||
accessModes: | |||
- ReadWriteOnce | |||
resources: | |||
requests: | |||
storage: 10Gi | |||
YML | |||
</syntaxhighlight> | |||
|- | |||
|colspan="2"| | |||
---- | |||
|- | |||
|colspan="2"| | |colspan="2"| | ||
<syntaxhighlight lang="yaml" highlight="25" line> | <syntaxhighlight lang="yaml" highlight="25" line> | ||
cat <<YML | helm -n nexus install nexus sonatype/nexus-repository-manager --version 64.2.0 -f - | cat <<YML | helm -n nexus install nexus sonatype/nexus-repository-manager --version 64.2.0 -f - | ||
--- | |||
ingress: | ingress: | ||
enabled: true | enabled: true | ||
Line 24: | Line 77: | ||
hostPath: / | hostPath: / | ||
hostRepo: nexus.k8s.local | hostRepo: nexus.k8s.local | ||
fullnameOverride: nexus | |||
nexus: | nexus: | ||
docker: | |||
enabled: false | |||
registries: | |||
- host: docker.k8s.local | |||
port: 8082 | |||
env: | env: | ||
- name: INSTALL4J_ADD_VM_PARAMS | - name: INSTALL4J_ADD_VM_PARAMS | ||
Line 41: | Line 95: | ||
- name: NEXUS_SECURITY_RANDOMPASSWORD | - name: NEXUS_SECURITY_RANDOMPASSWORD | ||
value: "true" | value: "true" | ||
resources: | |||
requests: | |||
cpu: 2 | |||
memory: 2Gi | |||
limits: | |||
cpu: 4 | |||
memory: 4Gi | |||
persistence: | |||
enabled: true | |||
storageSize: 10Gi | |||
storageClass: standard | |||
existingClaim: nexus-pvc | |||
accessMode: ReadWriteOnce | |||
serviceAccount: | |||
create: true | |||
name: nexsu-sa | |||
YML | YML | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 84: | Line 154: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
NEXUS_POD_NAME="$(kubectl -n nexus get pod -l 'app.kubernetes.io/name=nexus-repository-manager' -o json|jq -r '.items[0].metadata.name')" | NEXUS_POD_NAME="$(kubectl -n nexus get pod -l 'app.kubernetes.io/name=nexus-repository-manager' -o json|jq -r '.items[0].metadata.name')" | ||
kubectl -n nexus exec -it svc/nexus | kubectl -n nexus exec -it svc/nexus -c nexus-repository-manager -- cat /nexus-data/admin.password;echo | ||
kubectl -n nexus exec -it svc/nexus | kubectl -n nexus exec -it svc/nexus -c nexus-repository-manager -- bash | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 131: | Line 201: | ||
| valign="top" | | | valign="top" | | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
kubectl -n nexus | kubectl -n nexus exec -it svc/nexus -- cat /nexus-data/admin.password;echo | ||
kubectl -n nexus | kubectl -n nexus logs -f svc/nexus -c nexus-repository-manager | ||
kubectl -n nexus logs -f ${NEXUS_POD_NAME} | kubectl -n nexus logs -f ${NEXUS_POD_NAME} | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 142: | Line 212: | ||
| valign="top" | | | valign="top" | | ||
* [https://stackoverflow.com/questions/75596795/ Helm » Pass YAML/JSON using <code>stdin</code>] | * [https://stackoverflow.com/questions/75596795/ Helm » Pass YAML/JSON using <code>stdin</code>] | ||
* [https://github.com/sonatype/nxrm3-ha-repository/tree/main/nxrm-ha Helm » Nexus HA & Resilient] | |||
* [[Helm/Prometheus Stack|Helm » Prometheus Stack]] | * [[Helm/Prometheus Stack|Helm » Prometheus Stack]] | ||
* [[Helm/Cert Manager|Helm » Cert Manager]] | * [[Helm/Cert Manager|Helm » Cert Manager]] | ||
* [https://artifacthub.io/packages/helm/sonatype/nexus-repository-manager | * [[Helm/Nexus HA|Helm » Nexus HA]] | ||
* [https://artifacthub.io/packages/helm/sonatype/nexus-repository-manager Helm » Nexus] | |||
* [[Helm]] | * [[Helm]] | ||
Line 156: | Line 228: | ||
|- | |- | ||
| valign="top" | | | valign="top" | | ||
* [https://support.sonatype.com/hc/en-us/articles/29412417068819-Mitigations-for-CVE-2024-4956-Nexus-Repository-3-Vulnerability Nexus » 🪲 » CVE-2024-4956 » Fix] | |||
* [https://support.sonatype.com/hc/en-us/articles/29416509323923-CVE-2024-4956-Nexus-Repository-3-Path-Traversal-2024-05-16 Nexus » 🐞 » CVE-2024-4956] | * [https://support.sonatype.com/hc/en-us/articles/29416509323923-CVE-2024-4956-Nexus-Repository-3-Path-Traversal-2024-05-16 Nexus » 🐞 » CVE-2024-4956] | ||
* [https://github.com/sonatype/nexus-public/releases Nexus » Releases] | * [https://github.com/sonatype/nexus-public/releases Nexus » Releases] | ||
Line 182: | Line 255: | ||
| valign="top" | | | valign="top" | | ||
* [https://kubernetes.io/docs/reference/kubectl/generated/kubectl_rollout/ K8s » <code>kubectl rollout</code>] | * [https://kubernetes.io/docs/reference/kubectl/generated/kubectl_rollout/ K8s » <code>kubectl rollout</code>] | ||
* [[K8s/CSI Hostpath Driver|K8s » CSI Hostpath Driver]] | |||
| valign="top" | | | valign="top" | | ||
|} | |} |
Latest revision as of 06:41, 9 September 2024
helm repo add sonatype https://sonatype.github.io/helm3-charts helm repo update && helm repo list kubectl config get-contexts
Config
export KUBECONFIG="${HOME}/.kube/dev-kubeconfig.yaml"
export KUBECONFIG="${HOME}/.kube/gcp-kubeconfig.yaml"
export KUBECONFIG="${HOME}/.kube/config"
Install
kubectl -n postgresql exec -it svc/postgresql -c postgresql -- bash
echo -n password: ;read -s PGPASSWORD;export PGPASSWORD;echo
# -- drop if schema exists
cat << DDL | psql -U postgres
DROP DATABASE IF EXISTS nexus;
DROP USER IF EXISTS nexus;
DDL
# -- create nexus schema
cat << DDL | psql -U postgres
CREATE DATABASE nexus;
CREATE USER nexus WITH ENCRYPTED PASSWORD 'sadaqah!';
GRANT ALL PRIVILEGES ON DATABASE nexus TO nexus;
ALTER USER nexus WITH SUPERUSER;
DDL
kubectl delete namespace nexus
helm show values sonatype/nexus-repository-manager --version 64.2.0|less
|
kubectl get ns|grep nexus
kubectl create namespace nexus
cat << YML | kubectl -n nexus apply -f -
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/name: nexus
name: nexus-pvc
spec:
storageClassName: standard
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
YML
|
| |
cat <<YML | helm -n nexus install nexus sonatype/nexus-repository-manager --version 64.2.0 -f -
---
ingress:
enabled: true
ingressClassName: nginx
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
hostPath: /
hostRepo: nexus.k8s.local
fullnameOverride: nexus
nexus:
docker:
enabled: false
registries:
- host: docker.k8s.local
port: 8082
env:
- name: INSTALL4J_ADD_VM_PARAMS
value: |-
-Xms2703M -Xmx2703M
-XX:MaxDirectMemorySize=2703M
-XX:+UnlockExperimentalVMOptions
-XX:+UseCGroupMemoryLimitForHeap
-Djava.util.prefs.userRoot=/nexus-data/javaprefs
-XX:LogFile=/nexus-data/home/log/jvm.log
- name: NEXUS_SECURITY_RANDOMPASSWORD
value: "true"
resources:
requests:
cpu: 2
memory: 2Gi
limits:
cpu: 4
memory: 4Gi
persistence:
enabled: true
storageSize: 10Gi
storageClass: standard
existingClaim: nexus-pvc
accessMode: ReadWriteOnce
serviceAccount:
create: true
name: nexsu-sa
YML
| |
| |
xdg-open http://nexus.k8s.local &>/dev/null &
gnome-open http://nexus.k8s.local &>/dev/null &
|
x-www-browser http://nexus.k8s.local &>/dev/null &
sensible-browser http://nexus.k8s.local &>/dev/null &
|
Uninstall
helm uninstall -n nexus nexus
kubectl delete namespace nexus
Playground
helm -n nexus install nexus sonatype/nexus-repository-manager --version 64.2.0
helm -n nexus upgrade -i nexus sonatype/nexus-repository-manager --version 64.2.0
helm show values sonatype/nexus-repository-manager --version 64.2.0|less
| |
| |
NEXUS_POD_NAME="$(kubectl -n nexus get pod -l 'app.kubernetes.io/name=nexus-repository-manager' -o json|jq -r '.items[0].metadata.name')"
kubectl -n nexus exec -it svc/nexus -c nexus-repository-manager -- cat /nexus-data/admin.password;echo
kubectl -n nexus exec -it svc/nexus -c nexus-repository-manager -- bash
| |
| |
kubectl config --kubeconfig=${HOME}/.kube/aws-kubeconfig.yaml view --flatten
kubectl config --kubeconfig=${HOME}/.kube/dev-kubeconfig.yaml view --flatten
kubectl config --kubeconfig=${HOME}/.kube/gcp-kubeconfig.yaml view --flatten
kubectl config --kubeconfig=${HOME}/.kube/config view --flatten
| |
| |
kubectl -n nexus delete all --all
kubectl -n nexus delete ing --all
kubectl -n nexus delete sts --all
|
kubectl -n nexus delete svc --all
kubectl -n nexus delete pvc --all
kubectl -n nexus delete pv --all
|
| |
kubectl -n nexus rollout history deploy nexus-repository-manager
kubectl -n nexus rollout restart deploy nexus-repository-manager
kubectl -n nexus rollout status deploy nexus-repository-manager
|
kubectl -n nexus exec -it svc/nexus -- cat /nexus-data/admin.password;echo
kubectl -n nexus logs -f svc/nexus -c nexus-repository-manager
kubectl -n nexus logs -f ${NEXUS_POD_NAME}
|
References
| ||
| ||