Skip to content

Commit

Permalink
chore: nexus3 tilt setup
Browse files Browse the repository at this point in the history
  • Loading branch information
soniqua committed Aug 1, 2024
1 parent d56ea94 commit 36b5c69
Show file tree
Hide file tree
Showing 6 changed files with 282 additions and 0 deletions.
72 changes: 72 additions & 0 deletions tilt/nexus-cr/Tiltfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
allow_k8s_contexts('docker-desktop')
load('ext://execute_in_pod', 'execute_in_pod')
load('ext://helm_resource', 'helm_resource', 'helm_repo')
load('ext://secret','secret_create_generic')
load('ext://uibutton', 'cmd_button', 'text_input', 'location')
## Add the Bitnami Helm Repo
helm_repo('bitnami','https://charts.bitnami.com/bitnami')
# Set up a PVC for Nexus
k8s_yaml('nexuspvc.yaml')
# Provision Nexus itself
k8s_yaml('nexus3.yaml')
# Bind the PVC to the Nexus object in Tilt
k8s_resource(objects=['nexus3:persistentvolumeclaim'], new_name='nexus3-pvc', labels=['nexus3'],trigger_mode=TRIGGER_MODE_MANUAL)
# NGINX
helm_resource(
'nginx',
'bitnami/nginx',
flags=[
'--values=./nginx/values.yaml'
],
resource_deps=[
'nexus3',
'nexus3-pvc'
],
port_forwards=[8443, 8080]
)
k8s_resource(workload='nexus3',port_forwards=8083)
local_resource(
name="nexus3 password reset",
cmd="./nexusPassword.sh",
resource_deps=[
'nexus3',
'nginx'
],
labels=['nexus3'],
)
local_resource(
name="nexus3 setup",
cmd="./nexusSetup.sh",
resource_deps=[
"nexus3 password reset"
],
labels=['nexus3']
)
# At this point you'll need to:
# 1. add kubernetes.docker.internal to your insecure docker registries
# 2. docker login kubernetes.docker.internal admin:admin123
# 3. docker push 127.0.0.1 kubernetes.docker.internal/<repo>/<img>:<tag>
# 4. attempt import
helm_resource(
'snyk-broker',
'../../charts/snyk-broker',
release_name='snyk-general',
flags=[
'--set=brokerToken=<broker-token-goes-here>',
'--set=brokerServerUrl=https://broker.dev.snyk.io',
'--set=brokerDispatcherUrl=https://api.dev.snyk.io',
'--set=brokerResources.requests.cpu=256m',
'--set=brokerResources.requests.memory=128Mi',
'--set=scmType=container-registry-agent',
'--set=crType=nexus-cr',
'--set=crBase=nginx.default.svc.cluster.local',
'--set=crResources.requests.memory=256Mi',
'--set=crResources.requests.cpu=128m',
'--set=crUsername=admin',
'--set=crPassword=admin123',
'--set=tlsRejectUnauthorized=disable',
'--set=service.brokerType=LoadBalancer',
'--set=service.crType=LoadBalancer',
'--set=disableSuffixes=false'
]
)
75 changes: 75 additions & 0 deletions tilt/nexus-cr/nexus3.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: nexus3
spec:
selector:
matchLabels:
app: nexus3
template:
metadata:
labels:
app: nexus3
spec:
volumes:
- name: nexus3-vol
persistentVolumeClaim:
claimName: nexus3
initContainers:
- name: nexus3-init
image: registry.hub.docker.com/library/alpine:3.12.0
command: ["chown", "-R", "200:200", "/nexus-data"]
volumeMounts:
- mountPath: /nexus-data
name: nexus3-vol
containers:
- name: nexus3
image: sonatype/nexus3
resources:
requests:
memory: "2048Mi"
cpu: "1000m"
limits:
memory: "4096Mi"
cpu: "2000m"
volumeMounts:
- mountPath: /nexus-data
name: nexus3-vol
ports:
- containerPort: 8081
name: ui
- containerPort: 8083
name: docker
livenessProbe:
httpGet:
path: /service/rest/v1/status/writable
port: 8081
failureThreshold: 5
periodSeconds: 30
readinessProbe:
httpGet:
path: /service/rest/v1/status/writable
port: 8081
failureThreshold: 5
periodSeconds: 30
startupProbe:
httpGet:
path: /service/rest/v1/status/writable
port: 8081
failureThreshold: 30
periodSeconds: 10
---
apiVersion: v1
kind: Service
metadata:
name: nexus3
spec:
selector:
app: nexus3
ports:
- port: 8081
targetPort: 8081
name: ui
- port: 8083
targetPort: 8083
name: docker
13 changes: 13 additions & 0 deletions tilt/nexus-cr/nexusPassword.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
#!/bin/bash

## Get the nexus3 admin password and write to disk
if ! [ -f "admin.txt" ]; then
ADMIN_PASSWORD=$(kubectl exec "$(tilt get kd nexus3 -ojsonpath='{.status.pods[0].name}')" -- cat /nexus-data/admin.password)
echo "$ADMIN_PASSWORD" > admin.txt
# Change the initial password to admin123
curl -ifu "admin:$ADMIN_PASSWORD" \
-X PUT \
-H 'Content-Type: text/plain' \
--data "admin123" \
http://localhost:80/service/rest/v1/security/users/admin/change-password
fi
40 changes: 40 additions & 0 deletions tilt/nexus-cr/nexusSetup.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
#!/bin/bash

if ! [ -f "admin.txt" ]; then
echo "Ensure admin password is updated"
exit 1
fi

## Anonymous Access
curl -X PUT \
'http://localhost/service/rest/v1/security/anonymous' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-u admin:admin123 \
-d '{
"enabled": true,
"userId": "admin",
"realmName": "NexusAuthenticatingRealm"
}'

# Create a docker repo
curl -X POST \
http://localhost:80/service/rest/v1/repositories/docker/hosted \
-H "Content-Type: application/json" \
-u admin:admin123 \
-d '{
"name": "docker",
"online": true,
"storage": {
"blobStoreName": "default",
"strictContentTypeValidation": true,
"writePolicy": "allow_once",
"latestPolicy": true
},
"docker": {
"v1Enabled": true,
"forceBasicAuth": true,
"httpPort": 8083
}
}'

12 changes: 12 additions & 0 deletions tilt/nexus-cr/nexuspvc.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nexus3
spec:
resources:
requests:
storage: 1Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
70 changes: 70 additions & 0 deletions tilt/nexus-cr/nginx/values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
serverBlock: |-
server {
listen 8443 ssl;
resolver 10.96.0.10 valid=10s;
server_name nginx
ssl on;
ssl_certificate /certs/server.crt;
ssl_certificate_key /certs/server.key;
# Docker /v2 and /v1 (for search) requests
location /v2 {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://nexus3.default.svc.cluster.local:8081/repository/docker/$request_uri;
}
location /v1 {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://nexus3.default.svc.cluster.local:8081/repository/docker/$request_uri;
}
# Regular Nexus requests
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://nexus3.default.svc.cluster.local:8081;
}
}
server {
listen 8080;
resolver 10.96.0.10 valid=10s;
server_name nginx
ssl off;
# Docker /v2 and /v1 (for search) requests
location /v2 {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "http";
proxy_pass http://nexus3.default.svc.cluster.local:8081/repository/docker/$request_uri;
}
location /v1 {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "http";
proxy_pass http://nexus3.default.svc.cluster.local:8081/repository/docker/$request_uri;
}
# Regular Nexus requests
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "http";
proxy_pass http://nexus3.default.svc.cluster.local:8081;
}
}
tls:
enabled: true

0 comments on commit 36b5c69

Please sign in to comment.