nexus on k8s最佳实战

nexus on k8s最佳实战

1、helm 安装包

 #添加 helm 仓库
 helm repo add sonatype https://sonatype.github.io/helm3-charts/
# 下载 chart 到本地
 helm pull sonatype/nexus-repository-manager
#copy 到文件服务器方便下载
scp nexus-repository-manager-41.1.2.tgz 10.50.10.25:/www/pigsty
1
2
3
4
5
6

2、修改关键参数

• image

docker pull ninesun0318/sonatype.nexus3:3.41.1
docker tag ninesun0318/sonatype.nexus3:3.41.1 myharbor.com/nexus/sonatype.nexus3:3.41.1
1
2

• 存储

  storageClass: "managed-nfs-storage"
  storageSize: 50Gi
1
2

• service 暴露方式

  需要外部可访问nexus，建议使用nexus.

  service:
    name: nexus3
    enabled: true
    labels: {}
    annotations: {}
    type: NodePort
    port: 31712
  1
  2
  3
  4
  5
  6
  7

3、安装nexus

[root@master2 /opt/helm/nexus-repository-manager]#helm install chot-nexus -n nexus  /opt/helm/nexus-repository-manager
NAME: chot-nexus
LAST DEPLOYED: Fri Sep  2 15:01:33 2022
NAMESPACE: nexus
STATUS: deployed
REVISION: 1
NOTES:
1. Get the application URL by running these commands:
  export NODE_PORT=$(kubectl get --namespace nexus -o jsonpath="{.spec.ports[0].nodePort}" services chot-nexus-nexus-repository-manager)
  export NODE_IP=$(kubectl get nodes --namespace nexus -o jsonpath="{.items[0].status.addresses[0].address}")
  Your application is available at http://$NODE_IP:$NODE_PORT
1
2
3
4
5
6
7
8
9
10
11

4、检查

[root@master1 /opt/ansible]#k get all -n nexus
NAME                                                       READY   STATUS    RESTARTS   AGE
pod/chot-nexus-nexus-repository-manager-6595d7c79b-q7znf   1/1     Running   0          64m

NAME                                          TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)          AGE
service/chot-nexus-nexus-repository-manager   NodePort   10.96.11.171   <none>        8081:31712/TCP   64m

NAME                                                  READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/chot-nexus-nexus-repository-manager   1/1     1            1           64m

NAME                                                             DESIRED   CURRENT   READY   AGE
replicaset.apps/chot-nexus-nexus-repository-manager-6595d7c79b   1         1         1       64m
1
2
3
4
5
6
7
8
9
10
11
12

5、报错处理

### k8s pod has unbound immediate PersistentVolumeClaims

安装nexus，使用nfs sc pod一直报这个错误？

原因:使用kuboard 托管的sc限制了ns在kube-system，因此再nexus中的无法使用. 后面改用managed-nfs-storage解决问题。

### pod readiness probe端口探测失败原因调查？

安装nexus仓库时pod 的8081 端口一直访问不通

​```bash
Readiness probe failed: Get "http://10.244.166.156:8081/": dial tcp 10.244.166.156:8081: connect: connection refused
​```

探测的yaml

​```yaml
 readinessProbe:
            failureThreshold: 6
            httpGet:
              path: /
              port: 8081
              scheme: HTTP
            initialDelaySeconds: 30
            periodSeconds: 30
            successThreshold: 1
            timeoutSeconds: 10
​```

这个问题的原因是超过了initialDelaySeconds的时间导致探测失败，适当调大这个参数，或者重启一下就好了。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

6、访问

默认密码会在首次登录提示，按照提示修改密码。

7、批量上传本地jar包

之前物理机上安装的nexus由于每次打包都有问题，花了好多时间。这次干脆直接搭建一个nexus，并使用脚本把本地的包都上传到仓库中。

报错如下:

[ERROR] Failed to execute goal on project chot-configs: Could not resolve dependencies for project com.lichkin.chot:chot-configs:jar:2.0.0-CHOT: Failure to find javax.interceptor:javax.i
nterceptor-api:jar:1.2 in http://ip:8081/repository/maven-releases/ was cached in the local repository, resolution will not be reattempted until the update interval of nexus has
 elapsed or updates are forced -> [Help 1]
1
2
3

#!/bin/bash
# @date 2022年9月2日11:26:51
# @author ninesun
# nexushttp: http://ip:31712/repository/maven-releases/
# 使用方式: bash uploadJarWithscripts.sh -u admin -p chot123  -r http://ip:31712/repository/maven-releases/

while getopts ":r:u:p:" opt; do
	case $opt in
		r) REPO_URL="$OPTARG"
		;;
		u) USERNAME="$OPTARG"
		;;
		p) PASSWORD="$OPTARG"
		;;
	esac
done

find . -type f -not -path './uploadJarWithscripts\.sh*' -not -path '*/\.*' -not -path '*/\^archetype\-catalog\.xml*' -not -path '*/\^maven\-metadata\-local*\.xml' -not -path '*/\^maven\-metadata\-deployment*\.xml' | sed "s|^\./||" | xargs -I '{}' curl -s -u "$USERNAME:$PASSWORD" -X PUT -v -T {} ${REPO_URL}/{} ;
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

8、编译项目

打包验证

mvn clean -U install

打包方式的尝试

mvn clean package -Dmaven.repo.local=E:\mavn_repo\MavenRepository
	
mvn clean package --settings D:\soft\apache-maven-3.5.2\conf\settings.xml -Dmaven.test.skip=true
	
mvn clean package --settings C:\Users\135\.m2\settings.xml -Dmaven.test.skip=true 	
1
2
3
4
5

不知为何已经指定本地、setting好像都会从nexus拉取，原因未知，感觉像是bug.

9、参考

https://artifacthub.io/packages/helm/sonatype/nexus-repository-manager
1

10、nexus 仓库说明

maven-central：maven中央库，默认从 https://repo1.maven.org/maven2/ 拉取 jar。

maven-releases：私库发行版 jar。

maven-snapshots：私库快照版（调试版本）jar。

maven-public：仓库分组，把上面三个仓库组合在一起对外提供服务，在本地 maven 基础配置 settings.xml中使用。