Install and use nexus in k8s

Life belongs to everyone's own feelings, not to anyone else's views. ——Yu Hua, "Alive"

I. Overview

Before learning to use a tool, we need to know how to install it. This article records my own learning process. On the one hand, it consolidates the content of learning, and on the other hand, I hope to provide some help to small partners who have the same needs.

The above table lists the official installation addresses. If you need a quick experience and use, it is recommended to install directly using docker, and you can start the application with one line of command:

docker run -d -p 8081:8081 --name nexus sonatype/nexus3

The following will introduce the installation and use of nexus in k8s, here will be installed in two ways:

• Write your own deployment checklist nexus-deploy.yaml installation
• Install using helm

Installation Environment

Here, minikube is used for installation, which is basically the same in k8s cluster

• minikube : v1.18.1
• helm : v3.5.3

2. Prepare the deployment list nexus-deploy.yaml installation

As the nexus need persistent data, so we need to create PVC , recommended storageClass dynamically created PVC , in minikube there is a default in storageClass , the name is: standard , you can use the following command to see:

# kubectl get sc
NAME                 PROVISIONER                RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
standard (default)   k8s.io/minikube-hostpath   Delete          Immediate           false                  50m

The use of storageClass can be viewed on the official website: https://kubernetes.io/zh/docs/concepts/storage/storage-classes/

Create a nexus-deploy.yaml file, the content of the file is as follows:

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nexus-data-pvc
  namespace: default
spec:
  accessModes:
    - ReadWriteMany
  # 指定 storageClass 的名字，这里使用默认的 standard
  storageClassName: "standard"
  resources:
    requests:
      storage: 10Gi

---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: default
  name: nexus3
  labels:
    app: nexus3
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nexus3
  template:
    metadata:
      labels:
        app: nexus3
    spec:
      containers:
      - name: nexus3
        image: sonatype/nexus3:3.32.0
        imagePullPolicy: IfNotPresent
        ports:
          - containerPort: 8081
            name: web
            protocol: TCP
        livenessProbe:
          httpGet:
            path: /
            port: 8081
          initialDelaySeconds: 100
          periodSeconds: 30
          failureThreshold: 6
        readinessProbe:
          httpGet:
            path: /
            port: 8081
          initialDelaySeconds: 100
          periodSeconds: 30
          failureThreshold: 6
        resources:
          limits:
            cpu: 4000m
            memory: 2Gi
          requests:
            cpu: 500m
            memory: 512Mi
        volumeMounts:
        - name: nexus-data
          mountPath: /nexus-data
      volumes:
        - name: nexus-data
          persistentVolumeClaim:
            claimName: nexus-data-pvc


apiVersion: v1
kind: Service
metadata:
  name: nexus3
  namespace: default
  labels:
    app: nexus3
spec:
  selector:
    app: nexus3
  type: ClusterIP
  ports:
    - name: web
      protocol: TCP
      port: 8081
      targetPort: 8081

Use the following command to deploy the application:

# kubectl apply -f nexus-deploy.yaml

deployment.apps/nexus3 created
persistentvolumeclaim/nexus-data-pvc created
service/nexus3 created

Use the following command to check whether the pod is running normally:

# kubectl get pod
NAME                      READY   STATUS    RESTARTS   AGE
nexus3-6c75965bcf-6tj5w   1/1     Running   0          5m37s

Use the following command to view the pod log:

kubectl logs -f nexus3-6c75965bcf-6tj5w -n default

If you see the following content, it means that the application started successfully:

Use the following command to expose the pod port to the local machine for external access:

# 使用说明： kubectl port-forward TYPE/NAME [options] [LOCAL_PORT:]REMOTE_PORT
kubectl port-forward service/nexus3 8081:8081

For production use, it is recommended to expose the service through ingress, where the service is temporarily exposed through port-forward

Visit address: http://localhost:8081/

The default account and password for logging in to nexus are as follows:

• Username: admin
• Password: The default initial password is in the file /nexus-data/admin.password

Use the following command to get the default password:

kubectl exec nexus3-6c75965bcf-6tj5w -- cat /nexus-data/admin.password

Log in to nexus:

After successful login, you need to set a new password:

After updating the password, configure whether to enable anonymous access. Enabling anonymous access means that by default, users can search, browse, and download components from the repository without credentials. Taking into account security issues, here choose to disable anonymous access.

After the installation is complete, the following figure:

You can use the following command to delete the installed nexus-related resources:

# kubectl delete -f nexus-deploy.yaml

deployment.apps "nexus3" deleted
persistentvolumeclaim "nexus-data-pvc" deleted
service "nexus3" deleted

3. Use helm to install nexus

You can go to the helm official package management warehouse to find the applications that need to be installed.

helm package management address: https://artifacthub.io/

Here I choose to install the nexus shown in the figure below: (You can choose to install more stars according to your needs, and the charts that are updated more frequently)

The following will be installed according to the documentation:

Use the following command to add the helm repository:

helm repo add sonatype https://sonatype.github.io/helm3-charts/

Use the following command to update the repository:

helm repo update

Use the following command to search for nexus:

helm search repo nexus

Use the following command to download the chart to the local:

helm pull sonatype/nexus-repository-manager

The downloaded package is a compressed package, which can be tar -zxvf command. Modify the values.yaml file as needed. After the modification is completed, you can install nexus through the following command:

helm install sonatype-nexus ./

If you don't need to customize the configuration, you can install it directly with the following command:

helm install nexus-rm sonatype/nexus-repository-manager

4. Basic configuration and use of nexus

1. nexus configuration instructions

Click the Repositories button on the left to see the contents of the warehouse as shown in the figure below:

warehouse description:

Name column

• maven-central: maven central library, which pulls jars https://repo1.maven.org/maven2/
• maven-releases: private library release jar.
• maven-snapshots: private library snapshot version (debug version) jar.
• maven-public: Warehouse grouping, which combines the above three warehouses to provide external services, and is used in the local maven basic configuration settings.xml .

Type column (the default warehouse types of Nexus have the following four types):

• group (warehouse group type): also called group warehouse, which is used to facilitate developers to choose warehouses and set the order of warehouses;
• hosted (host type): the release warehouse of the internal project (the warehouse where the internal developers release the jar package);
• proxy (proxy type): the warehouse to find data from the remote central warehouse (you can click the Configuration tab of the corresponding warehouse, where Remote Storage Location attribute is the path of the remote warehouse being proxied);
• virtual (virtual type): virtual warehouse (this is basically not used, focus on the use of the above three warehouses);

2. Create a custom private warehouse

Custom release (release) private library

Click Create repository create a custom release private library, select maven2 (hosted) , as shown in the following figure:

The custom warehouse configuration is as follows:

The main configuration is as follows:

Name : custom name, must be unique, usually the release version warehouse xxx-release , and the snapshot version warehouse ends xxx-snapshots

Version policy：

• Release is generally the release version of the jar
• Snapshot is generally a snapshot version of the jar
• Mixed

Deployment policy：Allow redeploy

Keep the other configurations as default.

Custom snapshot version (snapshot) private library

To create a snapshot private library is the same as above, only need to modify the Name to xxx-snapshots and Version policy to Snapshot , as shown in the following figure:

Custom proxy (proxy) warehouse

By default https://repo1.maven.org/maven2/ . Due to network reasons, it is often impossible to download related resources, so here is how to configure Alibaba Cloud's maven warehouse proxy.

Cloud maven warehouse proxy configuration: 16108cd6138239 https://maven.aliyun.com/mvn/guide

Create an agent warehouse:

The configuration content is as follows:

Configuration instructions:

Name : The name of the warehouse must be unique, the configuration here is aliyun-proxy

Version policy ：Release

Remote storage : remote warehouse address, configure the https://maven.aliyun.com/repository/public

Customize the order of group warehouses

You can use the default maven-public , or you can customize a maven2 (group) type 06108cd6138383 for setting. Here, choose to customize a maven2 (group) type 06108cd6138385 for easy learning and understanding.

The configuration is as follows:

3. Create nexus user

Five. Maven configuration nexus instructions

Click maven2 (group) view its URL address, as shown in the figure below:

1. Configure in the settings.xml file (globally effective)

Open the maven configuration file (Windows machines are generally conf/settings.xml in the maven installation directory), <mirrors></mirrors> tag, copy the address above, and add the following content to the settings.xml

  <servers>
    <!-- 这里配置 nexus 的认证信息，注意这里的 id 需要和 mirros 中的 id 相同才能够匹配认证 -->
    <server>
      <id>my-maven</id>
      <username>test</username>
      <password>maven123456</password>
    </server>
  </servers>
  <mirrors>
    <mirror>
      <id>my-maven</id>
      <!--mirrorof配置为 * 时，所有的请求都走这个mirror的url，
      mirrorof配置是某个repositoryid时，若构建找不到，则会到maven默认中央仓库去获取的。-->
      <mirrorOf>*</mirrorOf>
      <name>自定义私有仓库</name>
      <url>http://localhost:8081/repository/my-group/</url>
    </mirror>
  </mirrors>

After the configuration is complete, you can specify the settings.xml file in idea, as shown in the following figure:

After specifying the configuration file, you can see that idea downloads the jar package from the nexus private warehouse:

Go to the nexus warehouse to view the contents of the warehouse, as shown in the following figure:

2. Configure the private warehouse address in the pom.xml file (the project is valid)

In pom.xml the repositories The tag is used to configure maven remote repository items, for example:

    <repositories>
        <repository>
            <!--定义仓库 id ,必须唯一，需要 server 中的id对应，以便认证-->
            <id>my-maven</id>
            <!--仓库描述-->
            <name>自定义私有仓库</name>
            <!--仓库地址-->
            <url>http://localhost:8081/repository/my-group/</url>
            <!--是否可以从这个仓库下载releases版本的构件，默认为 true-->
            <releases>
                <enabled>true</enabled>
            </releases>
            <!--是否可以从这个仓库下载snapshots版本的构件，默认为 true
            禁止从公共仓库下载snapshot构件是推荐的做法，因为这些构件不稳定
            -->
            <snapshots>
                <enabled>true</enabled>
            </snapshots>
        </repository>
    </repositories>

It is recommended to configure the private warehouse address in the settings.xml file so that all projects can use that address.

3. Publish local jar package to nexus warehouse

Check the customized snapshot warehouse. There is no related jar package resource at present. Here is how to publish the local jar package to the private warehouse.

Add the following configuration in the pom.xml file:

    <distributionManagement>
        <repository>
            <!--定义仓库 id ,必须唯一，需要 server 中的id对应，以便认证-->
            <id>my-maven</id>
            <!--仓库描述-->
            <name>自定义发行版仓库</name>
            <!--仓库地址-->
            <url>http://localhost:8081/repository/my-release/</url>
        </repository>
        <snapshotRepository>
            <!--定义仓库 id ,必须唯一，需要 server 中的id对应，以便认证-->
            <id>my-maven</id>
            <!--仓库描述-->
            <name>自定义快照版仓库</name>
            <!--仓库地址-->
            <url>http://localhost:8081/repository/my-snapshots/</url>
        </snapshotRepository>
    </distributionManagement>

Execute the following command to publish the project to the nexus warehouse:

mvn clean deploy

After the build is successful, you can view the contents of the nexus warehouse as follows:

There is a point worth noting here, how to publish the jar package to the release warehouse?

In fact, it's very simple. Just change <version>1.0.0-SNAPSHOT</version> in 1.0.0-SNAPSHOT to 1.0.0 mvn clean deploy is executed again, the jar package will be released to the release warehouse.

You can also upload the jar package to the private warehouse directly through the nexus console: