参考文献:
- https://help.sonatype.com/en/single-data-center-on-premises-deployment-example-using-kubernetes.html
- https://github.com/sonatype/helm3-charts
- https://support.sonatype.com/hc/en-us/articles/7706583820691-How-to-install-Nexus-Pro-instance-using-Sonatype-helm3-chart
Nexus3简介
Nexus 是 Maven 仓库管理器,通过 nexus 可以搭建 Maven仓库,极大的简化了本地内部仓库的维护和外部仓库的访问,同时是一套开箱即用的系统不需要数据库,并且还提供强大的仓库管理、构建、搜索等功能
优点
- 节省外网带宽
- 加速Maven构建
- 可以为本地建立本地内部仓库
- 方便项目组存放各种jar的管理
部署 PVC
准备命名空间
kubectl create ns ops-nexus
创建PVC
cat > nexus-volume.yaml <<EOF
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-nexus-storage
spec:
accessModes:
- ReadWriteMany
# 指定 storageClass 的名字,这里使用默认的 standard
storageClassName: nfs-storage
resources:
requests:
storage: 1000Gi
EOF
kubectl apply -f nexus-volume.yaml -n ops-nexus
华为云SFS配置
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: pv-efs-ops-nexus
annotations:
everest.io/reclaim-policy: retain-volume-only
pv.kubernetes.io/bound-by-controller: 'yes'
pv.kubernetes.io/provisioned-by: everest-csi-provisioner
finalizers:
- kubernetes.io/pv-protection
spec:
capacity:
storage: 1000Gi
csi:
driver: sfsturbo.csi.everest.io
volumeHandle: pv-efs-ops-nexus
fsType: nfs
volumeAttributes:
everest.io/enterprise-project-id: cfxxxx4d-16c4-4206-a3cb-111xxxxbyyy
everest.io/sfsturbo-share-id: 73xxxx6a-6xxx-xxx0-8xxx-fxxxxx6cxxxx
storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
everest.io/share-export-location: 73xxxx6a-6xxx-xxx0-8xxx-fxxxxx6cxxxx.sfsturbo.internal:/Nexus
everest.io/volume-as: absolute-path
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
storageClassName: csi-sfsturbo
mountOptions:
- vers=3
- timeo=600
- nolock
- hard
volumeMode: Filesystem
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc-nexus-storage
annotations:
everest.io/enterprise-project-id: cfxxxx4d-16c4-4206-a3cb-111xxxxbyyy
pv.kubernetes.io/bind-completed: 'yes'
volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisioner
finalizers:
- kubernetes.io/pvc-protection
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1000Gi
volumeName: pv-efs-ops-nexus
storageClassName: csi-sfsturbo
volumeMode: Filesystem
获取Chart配置
将 Sonatype Repo 添加到你的 Helm
helm repo add sonatype https://sonatype.github.io/helm3-charts/
获取图表的values.yaml默认值。
- Nexus 存储库管理器 OSS/Pro:
helm show values sonatype/nexus-repository-manager > nexus-repo-values.yaml
- Nexus IQ:
helm show values sonatype/nexus-iq-server > iq-values.yaml
- AWS 弹性 Nexus 存储库管理器:
helm show values sonatype/nxrm-aws-resiliency > aws-resiliency-values.yaml
将该输出捕获为您自己的values.yaml文件,并将其helm install 与-f选项一起提供给命令。
配置Nexus3
配置案例
---
statefulset:
# This is not supported
enabled: false
# Nexus 不支持使用同一 pvc 运行多个实例。请参阅:https://help.sonatype.com/repomanager3/planning-your-implementation/resiliency-and-high-availability/single-data-center-on-residential-deployment-example-using-kubernetes
replicaCount: 1
deploymentStrategy: Recreate
image:
# Sonatype Official Public Image
repository: sonatype/nexus3
tag: 3.64.0
pullPolicy: IfNotPresent
imagePullSecrets:
# for image registries that require login, specify the name of the existing
# kubernetes secret
# - name: <pull-secret-name>
nexus:
docker:
enabled: false
# registries:
# - host: chart.local
# port: 5000
# secretName: registry-secret
env:
# minimum recommended memory settings for a small, person instance from
# https://help.sonatype.com/repomanager3/product-information/system-requirements
- name: INSTALL4J_ADD_VM_PARAMS
value: "-Xms2703M -Xmx2703M -XX:MaxDirectMemorySize=2703M -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Djava.util.prefs.userRoot=/nexus-data/javaprefs"
- name: NEXUS_SECURITY_RANDOMPASSWORD
value: "true"
properties:
override: false
data:
nexus.scripts.allowCreation: true
# See this article for ldap configuratioon options https://support.sonatype.com/hc/en-us/articles/216597138-Setting-Advanced-LDAP-Connection-Properties-in-Nexus-Repository-Manager
# nexus.ldap.env.java.naming.security.authentication: simple
# nodeSelector:
# cloud.google.com/gke-nodepool: default-pool
nodeSelector:
dependable: "true"
env: ops
resources:
# minimum recommended memory settings for a small, person instance from
# https://help.sonatype.com/repomanager3/product-information/system-requirements
# requests:
# cpu: 4
# memory: 8Gi
# limits:
# cpu: 4
# memory: 8Gi
requests:
cpu: 1
memory: 512Mi
limits:
cpu: 4
memory: 8Gi
# The ports should only be changed if the nexus image uses a different port
nexusPort: 8081
# Default the pods UID and GID to match the nexus3 container.
# Customize or remove these values from the securityContext as appropriate for
# your deployment environment.
securityContext:
runAsUser: 200
runAsGroup: 200
fsGroup: 200
podAnnotations: {}
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 30
failureThreshold: 6
timeoutSeconds: 10
path: /
readinessProbe:
initialDelaySeconds: 30
periodSeconds: 30
failureThreshold: 6
timeoutSeconds: 10
path: /
# hostAliases allows the modification of the hosts file inside a container
hostAliases: []
# - ip: "192.168.1.10"
# hostnames:
# - "example.com"
# - "www.example.com"
nameOverride: "nexus-repository"
fullnameOverride: "nexus-repository"
deployment:
# # Add annotations in deployment to enhance deployment configurations
annotations: {}
# # Add init containers. e.g. to be used to give specific permissions for nexus-data.
# # Add your own init container or uncomment and modify the given example.
initContainers:
## 如果因文件权限启动异常,请打开以下容器配置
#- name: fmp-volume-permission
# image: busybox
# imagePullPolicy: IfNotPresent
# command: ['chown','-R', '200', '/nexus-data']
# volumeMounts:
# - name: nexus-repository-data
# mountPath: /nexus-data
# Uncomment and modify this to run a command after starting the nexus container.
postStart:
command: # '["/bin/sh", "-c", "ls"]'
preStart:
command: # '["/bin/rm", "-f", "/path/to/lockfile"]'
terminationGracePeriodSeconds: 120
additionalContainers:
additionalVolumes:
additionalVolumeMounts:
ingress:
#enabled: false
enabled: true
ingressClassName: nginx-ingress
annotations:
nginx.ingress.kubernetes.io/connection-proxy-header: ""
nginx.ingress.kubernetes.io/keep-alive: "650"
nginx.ingress.kubernetes.io/keep-alive-requests: "10000"
nginx.ingress.kubernetes.io/proxy-buffering: "off"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "7200"
nginx.ingress.kubernetes.io/proxy-http-version: "1.1"
nginx.ingress.kubernetes.io/proxy-next-upstream: error timeout invalid_header http_500 http_502 http_503 http_504
nginx.ingress.kubernetes.io/proxy-read-timeout: "7200"
nginx.ingress.kubernetes.io/proxy-send-timeout: "7200"
nginx.ingress.kubernetes.io/proxy-tcp-nodelay: "on"
nginx.ingress.kubernetes.io/proxy-tcp-nopush: "off"
nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
hostPath: /
hostRepo: nexus.qshtest.com
# tls:
# - secretName: nexus-local-tls
# hosts:
# - repo.demo
service:
name: nexus3
enabled: true
labels: {}
annotations: {}
type: ClusterIP
route:
enabled: false
name: docker
portName: docker
labels:
annotations:
# path: /docker
nexusProxyRoute:
enabled: false
labels:
annotations:
# path: /nexus
persistence:
enabled: true
accessMode: ReadWriteOnce
## If defined, storageClass: <storageClass>
## If set to "-", storageClass: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClass spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# existingClaim:
# annotations:
# "helm.sh/resource-policy": keep
# 如果你已经有一个现有的 PVC,可以在此处引用它。
existingClaim: pvc-nexus-storage
# 如果你想在 Helm 升级时保留资源,添加如下注释:
annotations:
"helm.sh/resource-policy": keep
# storageClass: "-"
storageSize: 500Gi
# If PersistentDisk already exists you can create a PV for it by including the 2 following keypairs.
# pdName: nexus-data-disk
# fsType: ext4
#tolerations: []
tolerations:
- key: "core"
operator: "Equal"
value: "true"
effect: "NoSchedule"
# Enable configmap and add data in configmap
config:
enabled: false
mountPath: /sonatype-nexus-conf
data: []
# # To use an additional secret, set enable to true and add data
secret:
enabled: false
mountPath: /etc/secret-volume
readOnly: true
data: []
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
部署Nexus3
创建命名空间
kubectl create ns ops-nexus
部署服务
Nexus 存储库管理器 OSS/Pro:
helm install nexus-repo -f nexus-repo-values.yaml sonatype/nexus-repository-manager -n ops-nexus
更新服务
helm upgrade nexus-repo -f ./nexus-repo-values.yaml sonatype/nexus-repository-manager -n ops-nexus
迁移现有 Nexus 存储库
- https://help.sonatype.com/en/migrating-an-existing-nexus-repository-instance-to-a-resiliency-architecture.html