Background:

Java programmers who want to create a private Maven repository, well normally use Nexus or ArtFactory? ArtFactory was introduced two or three years ago by Jfrog, and the program says he used to use a Nexus. Let’s get a Nexus. Basic environmental reference: https://cloud.tencent.com/developer/article/1806089 – kubernetes cluster 1.20.5 version (1.21 a small version upgrades, of course, Series of notes) https://cloud.tencent.com/developer/article/1806896 – agent traefik gateway layer https://cloud.tencent.com/developer/article/1806549 – storage blocks tencent cloud CBS all on the principle of kubernetes is a person. Set up a private Maven repository on the Kubernetes environment.

1. nexus3 on kubernetes

Note: Without special instructions, I install all tools in the kube-ops namespace

1. Create pv, PVC

Well, all the storage is CBS storage of Tencent Cloud

[root@sh-master-01 ~]# kubectl get storageclass
NAME      PROVISIONER                 RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
cbs-csi   com.tencent.cloud.csi.cbs   Delete          Immediate           false                  70d

cat pvc.yaml

APIVersion: V1 Kind: PersistentVolumeClaim metadata: Namesource: Kube-ops Name: Sonatype-Nexus Labels: app: sonatype-nexus spec: accessModes: - ReadWriteOnce resources: requests: storage: 50Gi storageClassName: cbs-csi selector: matchLabels: app: sonatype-nexus
kubectl apply -f pvc.yaml



Well, CBS-CSI doesn’t support selector tags…. Make do with it… Tencent has always said that it has the most open source projects this year, but such as Kubernetes-CSI-TencentCloud, it has been three years since it submitted its issue, but it has not been closed, and no one replied. So it works… Get used to it……

kubectl delete -f pvc.yaml

cat pvc.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  namespace: kube-ops
  name: sonatype-nexus
  labels:
    app: sonatype-nexus
  
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 50Gi
  storageClassName: cbs-csi

kubectl apply -f pvc.yaml
kubectl describe pvc sonatype-nexus -n kube-ops
kubectl get pvc -n kube-ops

2. Deploy Sonatype Nexus3

cat nexus.yaml

apiVersion: v1 kind: Service metadata: name: sonatype-nexus labels: app: sonatype-nexus spec: type: ClusterIP ports: - name: sonatype-nexus port: 8081 targetPort: 8081 protocol: TCP selector: app: sonatype-nexus --- apiVersion: apps/v1 kind: Deployment metadata: name: sonatype-nexus labels: app: sonatype-nexus spec: replicas: 1 selector: matchLabels: app: sonatype-nexus template: metadata: labels: app: sonatype-nexus spec: containers: - name: Sonatype - Nexus Image: Sonatype/Nexus3 :3.30.0 ImagePullPolicy: ifNotPresent Ports: -Name: Server ContainerPort: HttpGet: Path: / Port: 8081 InitialDelaySeconds: 30 Periodseconds: 30 FailureThreshold: 6 ReadInessProbe: # Ready Probe httpGet: path: / port: 8081 InitialDelaySeconds: 30 Periodseconds: 30 FailureThreshold: 6 Env: -name: INSTALL4J_ADD_VM_PARAMS # Set the size of the allocated resource, which must be equal to or less than the value set by resources: " -Xms1200M -Xmx1200M -XX:MaxDirectMemorySize=2G -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap " Resources: # Limits: CPU: 500M # Limits: CPU: 500M # Limits: Memory: 2048MI Requests: CPU: 500M # Limits: CPU: 500M 1024Mi volumeMounts: - name: sonatype-nexus-data mountPath: /nexus-data volumes: - name: Sonatype - Nexus-Data PersistentVolumeClaim: ClaimName: Sonatype - Nexus # Set to the PVC created above
[root@sh-master-01 qa]# kubectl get pods -n kube-ops NAME READY STATUS RESTARTS AGE gitlab-b9d95f784-7h8dt 1/1 Running 0  49d gitlab-redis-cd56f5cc9-g9gm8 1/1 Running 0 61d jenkins-0 2/2 Running 0 49d postgresql-5bd6b44d45-wzkwr 1/1 Running 1 61d sonatype-nexus-5d98d78b86-nk75v 0/1 CrashLoopBackOff 6 9m5s

Check the error report as follows:



Hmmm permissions not enough how to do…. Well, since PVC can only mount a single POD, first do:

kubectl delete -f nexus.yaml -n kube-ops

Then modify nexus.yaml as follows: cat nexus.yaml

apiVersion: v1 kind: Service metadata: name: sonatype-nexus labels: app: sonatype-nexus spec: type: ClusterIP ports: - name: sonatype-nexus port: 8081 targetPort: 8081 protocol: TCP selector: app: sonatype-nexus --- apiVersion: apps/v1 kind: Deployment metadata: name: sonatype-nexus labels: app: sonatype-nexus spec: replicas: 1 selector: matchLabels: app: sonatype-nexus template: metadata: labels: app: sonatype-nexus spec: initContainers: - name: init image: busybox command: ["sh", "-c", "chown -R 200:200 /nexus-data"] volumeMounts: - name: sonatype-nexus-data mountPath: /nexus-data containers: - name: sonatype-nexus image: Sonatype/Nexus3 :3.30.0 ImagePullPolicy: ifNotPresent Ports: -Name: Server ContainerPort: 8081 Livenessprobe: # httpGet: path: / port: 8081 InitialDelaySeconds: 30 curdate seconds: 30 failureThreshold: 6 ReadInessProbe: # Ready Probe httpGet: path: / port: 8081 InitialDelaySeconds: 30 curdate seconds: 30 failureThreshold: 6 env: -name: INSTALL4J_ADD_VM_PARAMS # Set the size of the allocated resource, which must be equal to or less than the value set by resources: " -Xms1200M -Xmx1200M -XX:MaxDirectMemorySize=2G -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap " Resources: # Limits: CPU: 500M # Limits: CPU: 500M # Limits: Memory: 2048MI Requests: CPU: 500M # Limits: CPU: 500M 1024Mi volumeMounts: - name: sonatype-nexus-data mountPath: /nexus-data volumes: - name: Sonatype - Nexus-Data PersistentVolumeClaim: ClaimName: Sonatype - Nexus # Set to the PVC created above

[root@sh-master-01 nexus]# kubectl apply -f nexus.yaml -n kube-ops service/sonatype-nexus created deployment.apps/sonatype-nexus created [root@sh-master-01 nexus]# kubectl get pods -n kube-ops NAME READY STATUS RESTARTS AGE gitlab-b9d95f784-7h8dt 1/1 Running 0 49d gitlab-redis-cd56f5cc9-g9gm8 1/1 Running 0 61d jenkins-0 2/2 Running 0 49d postgresql-5bd6b44d45-wzkwr 1/1 Running 1 61d sonatype-nexus-79f85cc57c-scb9b 0/1 Init:0/1 0 28s [root@sh-master-01 nexus]# kubectl get pods -n kube-ops NAME READY STATUS RESTARTS AGE gitlab-b9d95f784-7h8dt 1/1 Running 0 49d gitlab-redis-cd56f5cc9-g9gm8 1/1 Running 0 61d jenkins-0 2/2 Running 0 49d postgresql-5bd6b44d45-wzkwr 1/1  Running 1 61d sonatype-nexus-79f85cc57c-scb9b 0/1 PodInitializing 0 2m
kubectl describe pods sonatype-nexus-79f85cc57c-scb9b -n kube-ops



Yeah, we’re running

Then get the username and password:

3. Ingress agent exposes the application to the outside

Be an Ingress agent? cat ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nexus-ingress
  namespace: kube-ops
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: / 
    kubernetes.io/ingress.class: traefik  
    traefik.ingress.kubernetes.io/router.entrypoints: web
    nginx.ingress.kubernetes.io/ssl-redirect: 'true'

spec:
  rules:
  - host: nexus.sainaihe.com
    http:
      paths:
      - pathType: Prefix
        path: /
        backend:
          service:
            name: sonatype-nexus
            port:
              number: 8081


kubectl apply -f ingress.yaml

4. Browser access Nexus service and change Nexus initial password:





Well, what if we cross domains? My two main domain name are pan-domain forced to jump HTTPS, short time did not think good how to solve…. I just used a separate domain name. Not strong jump can be accessed directly now. Similarly can I add a separate setting for HTTPS…. Try again when you have time. Start with the Nexus agent app at……

The HTTP access:

As follows. The first time is to change the password about the initial password can refer to: 1.2 to get the initial password



Well, remember to turn off anonymous access. anonymous

2. Add an Aliyun Maven agent for a run

1. Add an Aliyun Maven agent

Open Repositories->Create Repository -> Maven2 (Proxy) and set the name and address of the Maven repository that you want to delegate



Sets Warehouse Name and Warehouse Address.

  • Aliyun warehouse address: http://maven.aliyun.com/nexus…



When you go back to the warehouse page after saving the above Settings, you can see that a new warehouse aliyun has been added.

2. Set Aliyun Maven priority

Open Repositories-> Maven Public and set the top priority of the proxy repository



3. Local Maven private server repository configuration

Set up the Maven settings.xml file and set the private server address and authenticated user name and password according to the following configuration.



3. Create a Maven project test

1. Pull test

Open an IDEA project and add a <dependency> for the pull test



Update the Maven project:



OK, the following can be updated from the personal configuration of the Maven agent repository!

2. Push Settings

I stole the AVA Maven project of the following program, and added the following configuration to the pom. XML:

<distributionManagement> <! > <repository> <id>nexus</id> <! > <name> Releases </name> <url>http://http://nexus.xxx.com//repository/maven-releases/</url> <! Releases -> </ Repository > </ DistributionManagement >

/ / releases/releases/releases/releases/releases/releases/releases

Zhangpeng – snapshots for snapshots



,

MVN deploy package:



Log in the nexus:



Well that counts as a success to me……

Conclusion:

1. Tencent cloud open source CBS component does not support selector.

2. When PV and PVC need to run authority, it can use InitContainers to execute script command.

Special thanks to Mr. Beanhttp://www.mydlq.club/article/26