-
Notifications
You must be signed in to change notification settings - Fork 37
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
6 changed files
with
282 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
allow_k8s_contexts('docker-desktop') | ||
load('ext://execute_in_pod', 'execute_in_pod') | ||
load('ext://helm_resource', 'helm_resource', 'helm_repo') | ||
load('ext://secret','secret_create_generic') | ||
load('ext://uibutton', 'cmd_button', 'text_input', 'location') | ||
## Add the Bitnami Helm Repo | ||
helm_repo('bitnami','https://charts.bitnami.com/bitnami') | ||
# Set up a PVC for Nexus | ||
k8s_yaml('nexuspvc.yaml') | ||
# Provision Nexus itself | ||
k8s_yaml('nexus3.yaml') | ||
# Bind the PVC to the Nexus object in Tilt | ||
k8s_resource(objects=['nexus3:persistentvolumeclaim'], new_name='nexus3-pvc', labels=['nexus3'],trigger_mode=TRIGGER_MODE_MANUAL) | ||
# NGINX | ||
helm_resource( | ||
'nginx', | ||
'bitnami/nginx', | ||
flags=[ | ||
'--values=./nginx/values.yaml' | ||
], | ||
resource_deps=[ | ||
'nexus3', | ||
'nexus3-pvc' | ||
], | ||
port_forwards=[8443, 8080] | ||
) | ||
k8s_resource(workload='nexus3',port_forwards=8083) | ||
local_resource( | ||
name="nexus3 password reset", | ||
cmd="./nexusPassword.sh", | ||
resource_deps=[ | ||
'nexus3', | ||
'nginx' | ||
], | ||
labels=['nexus3'], | ||
) | ||
local_resource( | ||
name="nexus3 setup", | ||
cmd="./nexusSetup.sh", | ||
resource_deps=[ | ||
"nexus3 password reset" | ||
], | ||
labels=['nexus3'] | ||
) | ||
# At this point you'll need to: | ||
# 1. add kubernetes.docker.internal to your insecure docker registries | ||
# 2. docker login kubernetes.docker.internal admin:admin123 | ||
# 3. docker push 127.0.0.1 kubernetes.docker.internal/<repo>/<img>:<tag> | ||
# 4. attempt import | ||
helm_resource( | ||
'snyk-broker', | ||
'../../charts/snyk-broker', | ||
release_name='snyk-general', | ||
flags=[ | ||
'--set=brokerToken=<broker-token-goes-here>', | ||
'--set=brokerServerUrl=https://broker.dev.snyk.io', | ||
'--set=brokerDispatcherUrl=https://api.dev.snyk.io', | ||
'--set=brokerResources.requests.cpu=256m', | ||
'--set=brokerResources.requests.memory=128Mi', | ||
'--set=scmType=container-registry-agent', | ||
'--set=crType=nexus-cr', | ||
'--set=crBase=nginx.default.svc.cluster.local', | ||
'--set=crResources.requests.memory=256Mi', | ||
'--set=crResources.requests.cpu=128m', | ||
'--set=crUsername=admin', | ||
'--set=crPassword=admin123', | ||
'--set=tlsRejectUnauthorized=disable', | ||
'--set=service.brokerType=LoadBalancer', | ||
'--set=service.crType=LoadBalancer', | ||
'--set=disableSuffixes=false' | ||
] | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: nexus3 | ||
spec: | ||
selector: | ||
matchLabels: | ||
app: nexus3 | ||
template: | ||
metadata: | ||
labels: | ||
app: nexus3 | ||
spec: | ||
volumes: | ||
- name: nexus3-vol | ||
persistentVolumeClaim: | ||
claimName: nexus3 | ||
initContainers: | ||
- name: nexus3-init | ||
image: registry.hub.docker.com/library/alpine:3.12.0 | ||
command: ["chown", "-R", "200:200", "/nexus-data"] | ||
volumeMounts: | ||
- mountPath: /nexus-data | ||
name: nexus3-vol | ||
containers: | ||
- name: nexus3 | ||
image: sonatype/nexus3 | ||
resources: | ||
requests: | ||
memory: "2048Mi" | ||
cpu: "1000m" | ||
limits: | ||
memory: "4096Mi" | ||
cpu: "2000m" | ||
volumeMounts: | ||
- mountPath: /nexus-data | ||
name: nexus3-vol | ||
ports: | ||
- containerPort: 8081 | ||
name: ui | ||
- containerPort: 8083 | ||
name: docker | ||
livenessProbe: | ||
httpGet: | ||
path: /service/rest/v1/status/writable | ||
port: 8081 | ||
failureThreshold: 5 | ||
periodSeconds: 30 | ||
readinessProbe: | ||
httpGet: | ||
path: /service/rest/v1/status/writable | ||
port: 8081 | ||
failureThreshold: 5 | ||
periodSeconds: 30 | ||
startupProbe: | ||
httpGet: | ||
path: /service/rest/v1/status/writable | ||
port: 8081 | ||
failureThreshold: 30 | ||
periodSeconds: 10 | ||
--- | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: nexus3 | ||
spec: | ||
selector: | ||
app: nexus3 | ||
ports: | ||
- port: 8081 | ||
targetPort: 8081 | ||
name: ui | ||
- port: 8083 | ||
targetPort: 8083 | ||
name: docker |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
#!/bin/bash | ||
|
||
## Get the nexus3 admin password and write to disk | ||
if ! [ -f "admin.txt" ]; then | ||
ADMIN_PASSWORD=$(kubectl exec "$(tilt get kd nexus3 -ojsonpath='{.status.pods[0].name}')" -- cat /nexus-data/admin.password) | ||
echo "$ADMIN_PASSWORD" > admin.txt | ||
# Change the initial password to admin123 | ||
curl -ifu "admin:$ADMIN_PASSWORD" \ | ||
-X PUT \ | ||
-H 'Content-Type: text/plain' \ | ||
--data "admin123" \ | ||
http://localhost:80/service/rest/v1/security/users/admin/change-password | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
#!/bin/bash | ||
|
||
if ! [ -f "admin.txt" ]; then | ||
echo "Ensure admin password is updated" | ||
exit 1 | ||
fi | ||
|
||
## Anonymous Access | ||
curl -X PUT \ | ||
'http://localhost/service/rest/v1/security/anonymous' \ | ||
-H 'accept: application/json' \ | ||
-H 'Content-Type: application/json' \ | ||
-u admin:admin123 \ | ||
-d '{ | ||
"enabled": true, | ||
"userId": "admin", | ||
"realmName": "NexusAuthenticatingRealm" | ||
}' | ||
|
||
# Create a docker repo | ||
curl -X POST \ | ||
http://localhost:80/service/rest/v1/repositories/docker/hosted \ | ||
-H "Content-Type: application/json" \ | ||
-u admin:admin123 \ | ||
-d '{ | ||
"name": "docker", | ||
"online": true, | ||
"storage": { | ||
"blobStoreName": "default", | ||
"strictContentTypeValidation": true, | ||
"writePolicy": "allow_once", | ||
"latestPolicy": true | ||
}, | ||
"docker": { | ||
"v1Enabled": true, | ||
"forceBasicAuth": true, | ||
"httpPort": 8083 | ||
} | ||
}' | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
--- | ||
apiVersion: v1 | ||
kind: PersistentVolumeClaim | ||
metadata: | ||
name: nexus3 | ||
spec: | ||
resources: | ||
requests: | ||
storage: 1Gi | ||
volumeMode: Filesystem | ||
accessModes: | ||
- ReadWriteOnce |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
serverBlock: |- | ||
server { | ||
listen 8443 ssl; | ||
resolver 10.96.0.10 valid=10s; | ||
server_name nginx | ||
ssl on; | ||
ssl_certificate /certs/server.crt; | ||
ssl_certificate_key /certs/server.key; | ||
# Docker /v2 and /v1 (for search) requests | ||
location /v2 { | ||
proxy_set_header Host $host:$server_port; | ||
proxy_set_header X-Real-IP $remote_addr; | ||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
proxy_set_header X-Forwarded-Proto "https"; | ||
proxy_pass http://nexus3.default.svc.cluster.local:8081/repository/docker/$request_uri; | ||
} | ||
location /v1 { | ||
proxy_set_header Host $host:$server_port; | ||
proxy_set_header X-Real-IP $remote_addr; | ||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
proxy_set_header X-Forwarded-Proto "https"; | ||
proxy_pass http://nexus3.default.svc.cluster.local:8081/repository/docker/$request_uri; | ||
} | ||
# Regular Nexus requests | ||
location / { | ||
proxy_set_header Host $host:$server_port; | ||
proxy_set_header X-Real-IP $remote_addr; | ||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
proxy_set_header X-Forwarded-Proto "https"; | ||
proxy_pass http://nexus3.default.svc.cluster.local:8081; | ||
} | ||
} | ||
server { | ||
listen 8080; | ||
resolver 10.96.0.10 valid=10s; | ||
server_name nginx | ||
ssl off; | ||
# Docker /v2 and /v1 (for search) requests | ||
location /v2 { | ||
proxy_set_header Host $host:$server_port; | ||
proxy_set_header X-Real-IP $remote_addr; | ||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
proxy_set_header X-Forwarded-Proto "http"; | ||
proxy_pass http://nexus3.default.svc.cluster.local:8081/repository/docker/$request_uri; | ||
} | ||
location /v1 { | ||
proxy_set_header Host $host:$server_port; | ||
proxy_set_header X-Real-IP $remote_addr; | ||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
proxy_set_header X-Forwarded-Proto "http"; | ||
proxy_pass http://nexus3.default.svc.cluster.local:8081/repository/docker/$request_uri; | ||
} | ||
# Regular Nexus requests | ||
location / { | ||
proxy_set_header Host $host:$server_port; | ||
proxy_set_header X-Real-IP $remote_addr; | ||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
proxy_set_header X-Forwarded-Proto "http"; | ||
proxy_pass http://nexus3.default.svc.cluster.local:8081; | ||
} | ||
} | ||
tls: | ||
enabled: true |