下载nexus镜像
docker pull sonatype/nexus3:3.30.0
docker tag sonatype/nexus3:3.30.0 harbor.uat.wuxingge.com.cn/uat/nexus3:3.30.0
docker push harbor.uat.wuxingge.com.cn/uat/nexus3:3.30.0
创建nexus数据目录
mkdir /devops/nexus
chmod 777 /devops/nexus
资源配置清单
vim configmap.yaml
---
apiVersion: v1
kind: ConfigMap
metadata:
name: docker-proxy
namespace: devops
data:
nginx.conf: |
upstream nexus_docker {
server 127.0.0.1:8082;
}
server {
listen 80;
server_name localhost;
client_max_body_size 0;
chunked_transfer_encoding on;
index index.html index.htm index.php;
location / {
proxy_pass http://nexus_docker;
proxy_connect_timeout 3600;
proxy_send_timeout 3600;
proxy_read_timeout 3600;
proxy_buffering off;
proxy_request_buffering off;
# 修复nginx位于ingress之后导致镜像推送上传失败问题https://docs.docker.com/registry/recipes/nginx/
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto http;
}
}
vim nexus_deploy_servive.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sonatype-nexus
namespace: devops
labels:
app: sonatype-nexus
spec:
replicas: 1
selector:
matchLabels:
app: sonatype-nexus
template:
metadata:
labels:
app: sonatype-nexus
spec:
containers:
- name: sonatype-nexus
image: harbor.uat.wuxingge.com.cn/uat/nexus3:3.30.0
imagePullPolicy: IfNotPresent
ports:
- name: server
containerPort: 8081
env:
- name: INSTALL4J_ADD_VM_PARAMS
value: "
-Xms1G
-Xmx2G
-XX:MaxDirectMemorySize=4G
-XX:+UnlockExperimentalVMOptions
-XX:+UseCGroupMemoryLimitForHeap
"
resources:
limits:
cpu: 4
memory: 2048Mi
requests:
cpu: 4
memory: 2048Mi
volumeMounts:
- name: nexus-data
mountPath: /nexus-data
- name: docker-proxy
image: harbor.uat.wuxingge.com.cn/uat/nginx:alpine
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
volumeMounts:
- name: docker-proxy
mountPath: /etc/nginx/conf.d/default.conf
subPath: nginx.conf
volumes:
- name: nexus-data
nfs:
server: 10.10.98.32
path: /devops/nexus
- name: docker-proxy
configMap:
name: docker-proxy
---
apiVersion: v1
kind: Service
metadata:
name: sonatype-nexus
namespace: devops
labels:
app: sonatype-nexus
spec:
ports:
- name: sonatype-nexus
port: 8081
targetPort: 8081
protocol: TCP
- name: docker-registry
port: 80
targetPort: 80
protocol: TCP
selector:
app: sonatype-nexus
vim ingress.yaml
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: sonatype-nexus
namespace: devops
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/proxy-body-size: "10000m"
spec:
rules:
- host: nexus.uat.wuxingge.com.cn
http:
paths:
- path:
backend:
serviceName: sonatype-nexus
servicePort: 8081
- host: docker-registry.uat.wuxingge.com.cn
http:
paths:
- path:
backend:
serviceName: sonatype-nexus
servicePort: 80
初始密码
cat /nexus-data/admin.password
配置ldap认证
Real name attribute: displayName、cn
创建Docker镜像仓库
点击“设置”——“Repositories”——“Create repository”,并选择“docker(hosted)”创建名称为docker-hosted的docker镜像仓库,在http中填入端口号8082等信息后保存
nginx ingress cotroller设置
kubectl -n ingress-nginx get configmaps nginx-configuration -o yaml
apiVersion: v1
data:
client-max-body-size: 20000m #设置这里
compute-full-forwarded-for: "true"
forwarded-for-header: X-Forwarded-For
proxy-body-size: 20m
use-forwarded-headers: "true"
kind: ConfigMap
metadata:
annotations:
...
注:每层代理都设置 client_max_body_size,否则上传镜像大小会限制
547
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
