kubernetes部署Nexus（Helm3）

参考文献：

• https://help.sonatype.com/en/single-data-center-on-premises-deployment-example-using-kubernetes.html
• https://github.com/sonatype/helm3-charts
• https://support.sonatype.com/hc/en-us/articles/7706583820691-How-to-install-Nexus-Pro-instance-using-Sonatype-helm3-chart

Nexus3简介

Nexus 是 Maven 仓库管理器，通过 nexus 可以搭建 Maven仓库，极大的简化了本地内部仓库的维护和外部仓库的访问，同时是一套开箱即用的系统不需要数据库，并且还提供强大的仓库管理、构建、搜索等功能

优点

• 节省外网带宽
• 加速Maven构建
• 可以为本地建立本地内部仓库
• 方便项目组存放各种jar的管理

部署 PVC

准备命名空间

kubectl create ns ops-nexus

创建PVC

cat > nexus-volume.yaml <<EOF
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: pvc-nexus-storage
spec:accessModes:- ReadWriteMany# 指定 storageClass 的名字，这里使用默认的 standardstorageClassName: nfs-storageresources:requests:storage: 1000Gi
EOF

kubectl apply -f nexus-volume.yaml -n ops-nexus

华为云SFS配置

---
kind: PersistentVolume
apiVersion: v1
metadata:name: pv-efs-ops-nexusannotations:everest.io/reclaim-policy: retain-volume-onlypv.kubernetes.io/bound-by-controller: 'yes'pv.kubernetes.io/provisioned-by: everest-csi-provisionerfinalizers:- kubernetes.io/pv-protection
spec:capacity:storage: 1000Gicsi:driver: sfsturbo.csi.everest.iovolumeHandle: pv-efs-ops-nexusfsType: nfsvolumeAttributes:everest.io/enterprise-project-id: cfxxxx4d-16c4-4206-a3cb-111xxxxbyyyeverest.io/sfsturbo-share-id: 73xxxx6a-6xxx-xxx0-8xxx-fxxxxx6cxxxxstorage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisionereverest.io/share-export-location: 73xxxx6a-6xxx-xxx0-8xxx-fxxxxx6cxxxx.sfsturbo.internal:/Nexuseverest.io/volume-as: absolute-pathaccessModes:- ReadWriteManypersistentVolumeReclaimPolicy: RetainstorageClassName: csi-sfsturbomountOptions:- vers=3- timeo=600- nolock- hardvolumeMode: Filesystem---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:name: pvc-nexus-storageannotations:everest.io/enterprise-project-id: cfxxxx4d-16c4-4206-a3cb-111xxxxbyyypv.kubernetes.io/bind-completed: 'yes'volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisionerfinalizers:- kubernetes.io/pvc-protection
spec:accessModes:- ReadWriteManyresources:requests:storage: 1000GivolumeName: pv-efs-ops-nexusstorageClassName: csi-sfsturbovolumeMode: Filesystem

获取Chart配置

将 Sonatype Repo 添加到你的 Helm

helm repo add sonatype https://sonatype.github.io/helm3-charts/

获取图表的values.yaml默认值。

• Nexus 存储库管理器 OSS/Pro：

helm show values sonatype/nexus-repository-manager > nexus-repo-values.yaml

• Nexus IQ：

helm show values sonatype/nexus-iq-server > iq-values.yaml

• AWS 弹性 Nexus 存储库管理器：

helm show values sonatype/nxrm-aws-resiliency  > aws-resiliency-values.yaml

将该输出捕获为您自己的values.yaml文件，并将其helm install 与-f选项一起提供给命令。

配置Nexus3

配置案例

---
statefulset:# This is not supportedenabled: false
# Nexus 不支持使用同一 pvc 运行多个实例。请参阅：https://help.sonatype.com/repomanager3/planning-your-implementation/resiliency-and-high-availability/single-data-center-on-residential-deployment-example-using-kubernetes
replicaCount: 1
deploymentStrategy: Recreate
image:# Sonatype Official Public Imagerepository: sonatype/nexus3tag: 3.64.0pullPolicy: IfNotPresent
imagePullSecrets:
# for image registries that require login, specify the name of the existing
# kubernetes secret
#   - name: <pull-secret-name>nexus:docker:enabled: false# registries:#   - host: chart.local#     port: 5000#     secretName: registry-secretenv:# minimum recommended memory settings for a small, person instance from# https://help.sonatype.com/repomanager3/product-information/system-requirements- name: INSTALL4J_ADD_VM_PARAMSvalue: "-Xms2703M -Xmx2703M -XX:MaxDirectMemorySize=2703M -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Djava.util.prefs.userRoot=/nexus-data/javaprefs"- name: NEXUS_SECURITY_RANDOMPASSWORDvalue: "true"properties:override: falsedata:nexus.scripts.allowCreation: true# See this article for ldap configuratioon options https://support.sonatype.com/hc/en-us/articles/216597138-Setting-Advanced-LDAP-Connection-Properties-in-Nexus-Repository-Manager# nexus.ldap.env.java.naming.security.authentication: simple# nodeSelector:#   cloud.google.com/gke-nodepool: default-poolnodeSelector:dependable: "true"env: opsresources:# minimum recommended memory settings for a small, person instance from# https://help.sonatype.com/repomanager3/product-information/system-requirements#   requests:#     cpu: 4#     memory: 8Gi#   limits:#     cpu: 4#     memory: 8Girequests:cpu: 1memory: 512Milimits:cpu: 4memory: 8Gi# The ports should only be changed if the nexus image uses a different portnexusPort: 8081# Default the pods UID and GID to match the nexus3 container.# Customize or remove these values from the securityContext as appropriate for# your deployment environment.securityContext:runAsUser: 200runAsGroup: 200fsGroup: 200podAnnotations: {}livenessProbe:initialDelaySeconds: 30periodSeconds: 30failureThreshold: 6timeoutSeconds: 10path: /readinessProbe:initialDelaySeconds: 30periodSeconds: 30failureThreshold: 6timeoutSeconds: 10path: /# hostAliases allows the modification of the hosts file inside a containerhostAliases: []# - ip: "192.168.1.10"#   hostnames:#   - "example.com"#   - "www.example.com"nameOverride: "nexus-repository"
fullnameOverride: "nexus-repository"deployment:# # Add annotations in deployment to enhance deployment configurationsannotations: {}# # Add init containers. e.g. to be used to give specific permissions for nexus-data.# # Add your own init container or uncomment and modify the given example.initContainers:## 如果因文件权限启动异常，请打开以下容器配置#- name: fmp-volume-permission#  image: busybox#  imagePullPolicy: IfNotPresent#  command: ['chown','-R', '200', '/nexus-data']#  volumeMounts:#    - name: nexus-repository-data#      mountPath: /nexus-data# Uncomment and modify this to run a command after starting the nexus container.postStart:command:    # '["/bin/sh", "-c", "ls"]'preStart:command:    # '["/bin/rm", "-f", "/path/to/lockfile"]'terminationGracePeriodSeconds: 120additionalContainers:additionalVolumes:additionalVolumeMounts:ingress:#enabled: falseenabled: trueingressClassName: nginx-ingressannotations:nginx.ingress.kubernetes.io/connection-proxy-header: ""nginx.ingress.kubernetes.io/keep-alive: "650"nginx.ingress.kubernetes.io/keep-alive-requests: "10000"nginx.ingress.kubernetes.io/proxy-buffering: "off"nginx.ingress.kubernetes.io/proxy-connect-timeout: "7200"nginx.ingress.kubernetes.io/proxy-http-version: "1.1"nginx.ingress.kubernetes.io/proxy-next-upstream: error timeout invalid_header http_500 http_502 http_503 http_504nginx.ingress.kubernetes.io/proxy-read-timeout: "7200"nginx.ingress.kubernetes.io/proxy-send-timeout: "7200"nginx.ingress.kubernetes.io/proxy-tcp-nodelay: "on"nginx.ingress.kubernetes.io/proxy-tcp-nopush: "off"nginx.ingress.kubernetes.io/proxy-request-buffering: "off"nginx.ingress.kubernetes.io/proxy-body-size: "0"hostPath: /hostRepo: nexus.qshtest.com# tls:#   - secretName: nexus-local-tls#     hosts:#       - repo.demoservice:name: nexus3enabled: truelabels: {}annotations: {}type: ClusterIProute:enabled: falsename: dockerportName: dockerlabels:annotations:# path: /dockernexusProxyRoute:enabled: falselabels:annotations:# path: /nexuspersistence:enabled: trueaccessMode: ReadWriteOnce## If defined, storageClass: <storageClass>## If set to "-", storageClass: "", which disables dynamic provisioning## If undefined (the default) or set to null, no storageClass spec is##   set, choosing the default provisioner.  (gp2 on AWS, standard on##   GKE, AWS & OpenStack)### existingClaim:# annotations:#  "helm.sh/resource-policy": keep# 如果你已经有一个现有的 PVC，可以在此处引用它。existingClaim: pvc-nexus-storage# 如果你想在 Helm 升级时保留资源，添加如下注释：annotations:"helm.sh/resource-policy": keep# storageClass: "-"storageSize: 500Gi# If PersistentDisk already exists you can create a PV for it by including the 2 following keypairs.# pdName: nexus-data-disk# fsType: ext4#tolerations: []
tolerations:
- key: "core"operator: "Equal"value: "true"effect: "NoSchedule"# Enable configmap and add data in configmap
config:enabled: falsemountPath: /sonatype-nexus-confdata: []# # To use an additional secret, set enable to true and add data
secret:enabled: falsemountPath: /etc/secret-volumereadOnly: truedata: []serviceAccount:# Specifies whether a service account should be createdcreate: true# Annotations to add to the service accountannotations: {}# The name of the service account to use.# If not set and create is true, a name is generated using the fullname templatename: ""

部署Nexus3

创建命名空间

kubectl create ns ops-nexus

部署服务

Nexus 存储库管理器 OSS/Pro：

helm install nexus-repo -f nexus-repo-values.yaml sonatype/nexus-repository-manager -n ops-nexus

更新服务

helm upgrade nexus-repo -f ./nexus-repo-values.yaml sonatype/nexus-repository-manager -n ops-nexus

迁移现有 Nexus 存储库

• https://help.sonatype.com/en/migrating-an-existing-nexus-repository-instance-to-a-resiliency-architecture.html