背景:
java程序员们想弄一个公有maven仓库,嗯 失常的是用nexus or artfactory? artfactory是两三年前听jfrog的讲座晓得的,程序说他原来用的nexus。那就搞一个nexus了。
根底环境参照:https://cloud.tencent.com/developer/article/1806089–kubernetes集群1.20.5版本(当然了进行了小版本升级1.21了,系列笔记中有提)
https://cloud.tencent.com/developer/article/1806896–网关层的代理traefik
https://cloud.tencent.com/developer/article/1806549–存储块腾讯云cbs
all on kubernetes 是集体的准则。就在kubernetes的环境上搭建一个公有maven仓库了。
1. nexus3 on kubernetes
注: 不做非凡阐明,工具类软件我都装置在kube-ops namespace命名空间下
1. 创立pv,pvc
嗯 存储用的都是腾讯云的cbs存储
[root@sh-master-01 ~]# kubectl get storageclass
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
cbs-csi com.tencent.cloud.csi.cbs Delete Immediate false 70dcat pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
namespace: kube-ops
name: sonatype-nexus
labels:
app: sonatype-nexus
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
storageClassName: cbs-csi
selector:
matchLabels:
app: sonatype-nexuskubectl apply -f pvc.yaml
嗯 好吧cbs-csi 不反对selector的标签….将就的用吧…腾讯始终讲本人往年的开源我的项目是最多的,然而如kubernetes-csi-tencentcloud这样的我的项目,三年了吧 提交了issue也没有敞开呢也没有人回复。所以能用就行了…还是适应它吧……
kubectl delete -f pvc.yaml cat pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
namespace: kube-ops
name: sonatype-nexus
labels:
app: sonatype-nexus
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
storageClassName: cbs-csi
kubectl apply -f pvc.yaml
kubectl describe pvc sonatype-nexus -n kube-ops
kubectl get pvc -n kube-ops
2、部署 Sonatype Nexus3
cat nexus.yaml
apiVersion: v1
kind: Service
metadata:
name: sonatype-nexus
labels:
app: sonatype-nexus
spec:
type: ClusterIP
ports:
- name: sonatype-nexus
port: 8081
targetPort: 8081
protocol: TCP
selector:
app: sonatype-nexus
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sonatype-nexus
labels:
app: sonatype-nexus
spec:
replicas: 1
selector:
matchLabels:
app: sonatype-nexus
template:
metadata:
labels:
app: sonatype-nexus
spec:
containers:
- name: sonatype-nexus
image: sonatype/nexus3:3.30.0
imagePullPolicy: IfNotPresent
ports:
- name: server
containerPort: 8081
livenessProbe: #存活探针
httpGet:
path: /
port: 8081
initialDelaySeconds: 30
periodSeconds: 30
failureThreshold: 6
readinessProbe: #就绪探针
httpGet:
path: /
port: 8081
initialDelaySeconds: 30
periodSeconds: 30
failureThreshold: 6
env:
- name: INSTALL4J_ADD_VM_PARAMS #设置分配资源大小,肯定要等于或小于resources设置的值
value: "
-Xms1200M
-Xmx1200M
-XX:MaxDirectMemorySize=2G
-XX:+UnlockExperimentalVMOptions
-XX:+UseCGroupMemoryLimitForHeap
"
resources: #资源限度
limits:
cpu: 1000m #举荐设置为4000m以上cpu,因为资源无限,所以都是设置的最小值
memory: 2048Mi
requests:
cpu: 500m
memory: 1024Mi
volumeMounts:
- name: sonatype-nexus-data
mountPath: /nexus-data
volumes:
- name: sonatype-nexus-data
persistentVolumeClaim:
claimName: sonatype-nexus #设置为下面创立的 PVC
[root@sh-master-01 qa]# kubectl get pods -n kube-ops
NAME READY STATUS RESTARTS AGE
gitlab-b9d95f784-7h8dt 1/1 Running 0 49d
gitlab-redis-cd56f5cc9-g9gm8 1/1 Running 0 61d
jenkins-0 2/2 Running 0 49d
postgresql-5bd6b44d45-wzkwr 1/1 Running 1 61d
sonatype-nexus-5d98d78b86-nk75v 0/1 CrashLoopBackOff 6 9m5s查看报错如下:
嗯权限不够 咋整….嗯 因为pvc只能挂载单个pod,先执行:
kubectl delete -f nexus.yaml -n kube-ops而后批改nexus.yaml如下:
cat nexus.yaml
apiVersion: v1
kind: Service
metadata:
name: sonatype-nexus
labels:
app: sonatype-nexus
spec:
type: ClusterIP
ports:
- name: sonatype-nexus
port: 8081
targetPort: 8081
protocol: TCP
selector:
app: sonatype-nexus
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sonatype-nexus
labels:
app: sonatype-nexus
spec:
replicas: 1
selector:
matchLabels:
app: sonatype-nexus
template:
metadata:
labels:
app: sonatype-nexus
spec:
initContainers:
- name: init
image: busybox
command: ["sh", "-c", "chown -R 200:200 /nexus-data"]
volumeMounts:
- name: sonatype-nexus-data
mountPath: /nexus-data
containers:
- name: sonatype-nexus
image: sonatype/nexus3:3.30.0
imagePullPolicy: IfNotPresent
ports:
- name: server
containerPort: 8081
livenessProbe: #存活探针
httpGet:
path: /
port: 8081
initialDelaySeconds: 30
periodSeconds: 30
failureThreshold: 6
readinessProbe: #就绪探针
httpGet:
path: /
port: 8081
initialDelaySeconds: 30
periodSeconds: 30
failureThreshold: 6
env:
- name: INSTALL4J_ADD_VM_PARAMS #设置分配资源大小,肯定要等于或小于resources设置的值
value: "
-Xms1200M
-Xmx1200M
-XX:MaxDirectMemorySize=2G
-XX:+UnlockExperimentalVMOptions
-XX:+UseCGroupMemoryLimitForHeap
"
resources: #资源限度
limits:
cpu: 1000m #举荐设置为4000m以上cpu,因为资源无限,所以都是设置的最小值
memory: 2048Mi
requests:
cpu: 500m
memory: 1024Mi
volumeMounts:
- name: sonatype-nexus-data
mountPath: /nexus-data
volumes:
- name: sonatype-nexus-data
persistentVolumeClaim:
claimName: sonatype-nexus #设置为下面创立的 PVC
[root@sh-master-01 nexus]# kubectl apply -f nexus.yaml -n kube-ops
service/sonatype-nexus created
deployment.apps/sonatype-nexus created
[root@sh-master-01 nexus]# kubectl get pods -n kube-ops
NAME READY STATUS RESTARTS AGE
gitlab-b9d95f784-7h8dt 1/1 Running 0 49d
gitlab-redis-cd56f5cc9-g9gm8 1/1 Running 0 61d
jenkins-0 2/2 Running 0 49d
postgresql-5bd6b44d45-wzkwr 1/1 Running 1 61d
sonatype-nexus-79f85cc57c-scb9b 0/1 Init:0/1 0 28s
[root@sh-master-01 nexus]# kubectl get pods -n kube-ops
NAME READY STATUS RESTARTS AGE
gitlab-b9d95f784-7h8dt 1/1 Running 0 49d
gitlab-redis-cd56f5cc9-g9gm8 1/1 Running 0 61d
jenkins-0 2/2 Running 0 49d
postgresql-5bd6b44d45-wzkwr 1/1 Running 1 61d
sonatype-nexus-79f85cc57c-scb9b 0/1 PodInitializing 0 2m
kubectl describe pods sonatype-nexus-79f85cc57c-scb9b -n kube-ops
嗯能够running了
而后获取一下用户名 明码:
3. ingress代理对外裸露利用
做一个ingress 代理?
cat ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nexus-ingress
namespace: kube-ops
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
rules:
- host: nexus.sainaihe.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: sonatype-nexus
port:
number: 8081
kubectl apply -f ingress.yaml4. 浏览器拜访 nexus服务,并批改nexus初始密码:
嗯跨域了可咋整? 我的两个主域名都泛域名强制跳转https了,短时间没有想好怎么解决….我就间接用了另外一个独自域名。不强跳能够间接拜访了。同理我是不是能够加一个https的独自的设置….有工夫了再试一下。先跑通一下nexus的代理利用……
http拜访:
如下。第一次是要批改明码的对于初始密码的获取能够参照:1.2中获取初始密码的形式
嗯 对了呢 记得敞开匿名拜访。anonymous
2. 增加一个aliyun maven代理跑一下
1. 增加一个aliyun maven 代理
关上 Repositories->Create repository->maven2(proxy) 并设置要代理的 Maven 仓库名称与地址
设置“仓库名称”与“仓库地址”。
- aliyun 仓库地址:http://maven.aliyun.com/nexus…
保留下面设置后回到仓库页面,能够看到曾经增加了一个新的仓库 aliyun.
2. 设置aliyun maven优先级
关上 Repositories->maven public 并设置代理仓库优先级置顶
3. 本地maven私服仓库配置
设置 maven 的 Settings.xml 文件,依照上面配置进行设置私服地址和验证的用户名、明码。
3 .创立一个maven我的项目测试
1. 拉取测试
顺手关上一个idea我的项目增加了一个<dependency>进行拉取测试
更新maven我的项目:
ok如下能够从集体配置的maven代理仓库更新了!
2. 推送设置
我是盗用了下程序的ava maven我的项目,pom.xml增加如下配置:
<distributionManagement>
<!-- Maven 上传设置 -->
<repository>
<id>nexus</id> <!-- 放弃和Settings.xml中配置的Server ID统一 -->
<name>releases</name>
<url>http://http://nexus.xxx.com//repository/maven-releases/</url> <!-- 推送到Maven仓库的maven-releases下 -->
</repository>
</distributionManagement>.当然了仓库本人新建了两个:zhangpeng-releases对应release
zhangpeng-snapshots 对应snapshots
、
mvn deploy打包:
登陆nexus:
嗯对我来说这就算是胜利了……
发表回复