参考文献：

• https://help.sonatype.com/en/single-data-center-on-premises-deployment-example-using-kubernetes.html
• https://github.com/sonatype/helm3-charts
• https://support.sonatype.com/hc/en-us/articles/7706583820691-How-to-install-Nexus-Pro-instance-using-Sonatype-helm3-chart

Nexus3简介

Nexus 是 Maven 仓库管理器，通过 nexus 可以搭建 Maven仓库，极大的简化了本地内部仓库的维护和外部仓库的访问，同时是一套开箱即用的系统不需要数据库，并且还提供强大的仓库管理、构建、搜索等功能

优点

• 节省外网带宽
• 加速Maven构建
• 可以为本地建立本地内部仓库
• 方便项目组存放各种jar的管理

部署 PVC

准备命名空间

kubectl create ns ops-nexus

创建PVC

cat > nexus-volume.yaml <<EOF
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pvc-nexus-storage
spec:
  accessModes:
    - ReadWriteMany
  # 指定 storageClass 的名字，这里使用默认的 standard
  storageClassName: nfs-storage
  resources:
    requests:
      storage: 1000Gi
EOF

kubectl apply -f nexus-volume.yaml -n ops-nexus

华为云SFS配置

---
kind: PersistentVolume
apiVersion: v1
metadata:
  name: pv-efs-ops-nexus
  annotations:
    everest.io/reclaim-policy: retain-volume-only
    pv.kubernetes.io/bound-by-controller: 'yes'
    pv.kubernetes.io/provisioned-by: everest-csi-provisioner
  finalizers:
    - kubernetes.io/pv-protection
spec:
  capacity:
    storage: 1000Gi
  csi:
    driver: sfsturbo.csi.everest.io
    volumeHandle: pv-efs-ops-nexus
    fsType: nfs
    volumeAttributes:
      everest.io/enterprise-project-id: cfxxxx4d-16c4-4206-a3cb-111xxxxbyyy
      everest.io/sfsturbo-share-id: 73xxxx6a-6xxx-xxx0-8xxx-fxxxxx6cxxxx
      storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
      everest.io/share-export-location: 73xxxx6a-6xxx-xxx0-8xxx-fxxxxx6cxxxx.sfsturbo.internal:/Nexus
      everest.io/volume-as: absolute-path
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  storageClassName: csi-sfsturbo
  mountOptions:
    - vers=3
    - timeo=600
    - nolock
    - hard
  volumeMode: Filesystem

---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: pvc-nexus-storage
  annotations:
    everest.io/enterprise-project-id: cfxxxx4d-16c4-4206-a3cb-111xxxxbyyy
    pv.kubernetes.io/bind-completed: 'yes'
    volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisioner
  finalizers:
    - kubernetes.io/pvc-protection
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1000Gi
  volumeName: pv-efs-ops-nexus
  storageClassName: csi-sfsturbo
  volumeMode: Filesystem

获取Chart配置

将 Sonatype Repo 添加到你的 Helm

helm repo add sonatype https://sonatype.github.io/helm3-charts/

获取图表的values.yaml默认值。

• Nexus 存储库管理器 OSS/Pro：

helm show values sonatype/nexus-repository-manager > nexus-repo-values.yaml

• Nexus IQ：

helm show values sonatype/nexus-iq-server > iq-values.yaml

• AWS 弹性 Nexus 存储库管理器：

helm show values sonatype/nxrm-aws-resiliency  > aws-resiliency-values.yaml

将该输出捕获为您自己的values.yaml文件，并将其helm install 与-f选项一起提供给命令。

配置Nexus3

配置案例

---
statefulset:
  # This is not supported
  enabled: false
# Nexus 不支持使用同一 pvc 运行多个实例。请参阅：https://help.sonatype.com/repomanager3/planning-your-implementation/resiliency-and-high-availability/single-data-center-on-residential-deployment-example-using-kubernetes
replicaCount: 1
deploymentStrategy: Recreate
image:
  # Sonatype Official Public Image
  repository: sonatype/nexus3
  tag: 3.64.0
  pullPolicy: IfNotPresent
imagePullSecrets:
# for image registries that require login, specify the name of the existing
# kubernetes secret
#   - name: <pull-secret-name>

nexus:
  docker:
    enabled: false
    # registries:
    #   - host: chart.local
    #     port: 5000
    #     secretName: registry-secret
  env:
    # minimum recommended memory settings for a small, person instance from
    # https://help.sonatype.com/repomanager3/product-information/system-requirements
    - name: INSTALL4J_ADD_VM_PARAMS
      value: "-Xms2703M -Xmx2703M -XX:MaxDirectMemorySize=2703M -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Djava.util.prefs.userRoot=/nexus-data/javaprefs"
    - name: NEXUS_SECURITY_RANDOMPASSWORD
      value: "true"
  properties:
    override: false
    data:
      nexus.scripts.allowCreation: true
      # See this article for ldap configuratioon options https://support.sonatype.com/hc/en-us/articles/216597138-Setting-Advanced-LDAP-Connection-Properties-in-Nexus-Repository-Manager
      # nexus.ldap.env.java.naming.security.authentication: simple
  # nodeSelector:
  #   cloud.google.com/gke-nodepool: default-pool
  nodeSelector:
    dependable: "true"
    env: ops
  resources:
  # minimum recommended memory settings for a small, person instance from
  # https://help.sonatype.com/repomanager3/product-information/system-requirements
  #   requests:
  #     cpu: 4
  #     memory: 8Gi
  #   limits:
  #     cpu: 4
  #     memory: 8Gi
     requests:
       cpu: 1
       memory: 512Mi
     limits:
       cpu: 4
       memory: 8Gi

  # The ports should only be changed if the nexus image uses a different port
  nexusPort: 8081

  # Default the pods UID and GID to match the nexus3 container.
  # Customize or remove these values from the securityContext as appropriate for
  # your deployment environment.
  securityContext:
    runAsUser: 200
    runAsGroup: 200
    fsGroup: 200
  podAnnotations: {}
  livenessProbe:
    initialDelaySeconds: 30
    periodSeconds: 30
    failureThreshold: 6
    timeoutSeconds: 10
    path: /
  readinessProbe:
    initialDelaySeconds: 30
    periodSeconds: 30
    failureThreshold: 6
    timeoutSeconds: 10
    path: /
  # hostAliases allows the modification of the hosts file inside a container
  hostAliases: []
  # - ip: "192.168.1.10"
  #   hostnames:
  #   - "example.com"
  #   - "www.example.com"

nameOverride: "nexus-repository"
fullnameOverride: "nexus-repository"

deployment:
  # # Add annotations in deployment to enhance deployment configurations
  annotations: {}
  # # Add init containers. e.g. to be used to give specific permissions for nexus-data.
  # # Add your own init container or uncomment and modify the given example.
  initContainers:
  ## 如果因文件权限启动异常，请打开以下容器配置
  #- name: fmp-volume-permission
  #  image: busybox
  #  imagePullPolicy: IfNotPresent
  #  command: ['chown','-R', '200', '/nexus-data']
  #  volumeMounts:
  #    - name: nexus-repository-data
  #      mountPath: /nexus-data

  # Uncomment and modify this to run a command after starting the nexus container.
  postStart:
    command:    # '["/bin/sh", "-c", "ls"]'
  preStart:
    command:    # '["/bin/rm", "-f", "/path/to/lockfile"]'
  terminationGracePeriodSeconds: 120
  additionalContainers:
  additionalVolumes:
  additionalVolumeMounts:

ingress:
  #enabled: false
  enabled: true
  ingressClassName: nginx-ingress
  annotations:
    nginx.ingress.kubernetes.io/connection-proxy-header: ""
    nginx.ingress.kubernetes.io/keep-alive: "650"
    nginx.ingress.kubernetes.io/keep-alive-requests: "10000"
    nginx.ingress.kubernetes.io/proxy-buffering: "off"
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "7200"
    nginx.ingress.kubernetes.io/proxy-http-version: "1.1"
    nginx.ingress.kubernetes.io/proxy-next-upstream: error timeout invalid_header http_500 http_502 http_503 http_504
    nginx.ingress.kubernetes.io/proxy-read-timeout: "7200"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "7200"
    nginx.ingress.kubernetes.io/proxy-tcp-nodelay: "on"
    nginx.ingress.kubernetes.io/proxy-tcp-nopush: "off"
    nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
  hostPath: /
  hostRepo: nexus.qshtest.com
  # tls:
  #   - secretName: nexus-local-tls
  #     hosts:
  #       - repo.demo


service:
  name: nexus3
  enabled: true
  labels: {}
  annotations: {}
  type: ClusterIP


route:
  enabled: false
  name: docker
  portName: docker
  labels:
  annotations:
  # path: /docker

nexusProxyRoute:
  enabled: false
  labels:
  annotations:
  # path: /nexus

persistence:
  enabled: true
  accessMode: ReadWriteOnce
  ## If defined, storageClass: <storageClass>
  ## If set to "-", storageClass: "", which disables dynamic provisioning
  ## If undefined (the default) or set to null, no storageClass spec is
  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
  ##   GKE, AWS & OpenStack)
  ##
  # existingClaim:
  # annotations:
  #  "helm.sh/resource-policy": keep

  # 如果你已经有一个现有的 PVC，可以在此处引用它。
  existingClaim: pvc-nexus-storage
  # 如果你想在 Helm 升级时保留资源，添加如下注释：
  annotations:
    "helm.sh/resource-policy": keep
  # storageClass: "-"
  storageSize: 500Gi
  # If PersistentDisk already exists you can create a PV for it by including the 2 following keypairs.
  # pdName: nexus-data-disk
  # fsType: ext4

#tolerations: []
tolerations:
- key: "core"
  operator: "Equal"
  value: "true"
  effect: "NoSchedule"

# Enable configmap and add data in configmap
config:
  enabled: false
  mountPath: /sonatype-nexus-conf
  data: []

# # To use an additional secret, set enable to true and add data
secret:
  enabled: false
  mountPath: /etc/secret-volume
  readOnly: true
  data: []

serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""

部署Nexus3

创建命名空间

kubectl create ns ops-nexus

部署服务

Nexus 存储库管理器 OSS/Pro：

helm install nexus-repo -f nexus-repo-values.yaml sonatype/nexus-repository-manager -n ops-nexus

更新服务

helm upgrade nexus-repo -f ./nexus-repo-values.yaml sonatype/nexus-repository-manager -n ops-nexus

迁移现有 Nexus 存储库

• https://help.sonatype.com/en/migrating-an-existing-nexus-repository-instance-to-a-resiliency-architecture.html