使用Nexus3搭建Docker私有仓库
很多事情,在于折腾,其实harbor做docker的私有仓库挺好的,然后我折腾一下nexus3,鹅鹅鹅……
1. Nexus的安装(OpenShift)
Nexus3的安装不是本篇要说的内容,略过,但附上在Openshift上部署的yaml文件:
apiVersion: v1
kind: Template
labels:
template: nexus3-template
metadata:
name: nexus3
annotations:
description: Sonatype Nexus 3 template
tags: pipelines
iconClass: icon-nexus3
objects:
- apiVersion: v1
kind: DeploymentConfig
metadata:
labels:
app: ${SERVICE_NAME}
name: ${SERVICE_NAME}
spec:
replicas: 1
selector:
deploymentconfig: ${SERVICE_NAME}
strategy:
type: Recreate
template:
metadata:
labels:
deploymentconfig: ${SERVICE_NAME}
spec:
containers:
- image: docker.io/sonatype/nexus3:${NEXUS_VERSION}
imagePullPolicy: IfNotPresent
livenessProbe:
exec:
command:
- echo
- ok
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: ${SERVICE_NAME}
ports:
- containerPort: 8081
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /
port: 8081
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
limits:
memory: ${MAX_MEMORY}
requests:
memory: 512Mi
terminationMessagePath: /dev/termination-log
volumeMounts:
- mountPath: /nexus-data
name: ${SERVICE_NAME}-data
dnsPolicy: ClusterFirst
restartPolicy: Always
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: ${SERVICE_NAME}-data
persistentVolumeClaim:
claimName: ${SERVICE_NAME}-pv
test: false
triggers:
- type: ConfigChange
- apiVersion: v1
kind: Service
metadata:
labels:
app: ${SERVICE_NAME}
name: ${SERVICE_NAME}
spec:
ports:
- name: 8081-tcp
port: 8081
protocol: TCP
targetPort: 8081
selector:
deploymentconfig: ${SERVICE_NAME}
sessionAffinity: None
type: ClusterIP
- apiVersion: v1
kind: Route
metadata:
labels:
app: ${SERVICE_NAME}
name: ${SERVICE_NAME}
spec:
port:
targetPort: 8081-tcp
to:
kind: Service
name: ${SERVICE_NAME}
weight: 100
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app: ${SERVICE_NAME}
name: ${SERVICE_NAME}-pv
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: ${VOLUME_CAPACITY}
parameters:
- displayName: Sonatype Nexus service name
name: SERVICE_NAME
required: true
value: nexus3
- displayName: Sonatype Nexus version
name: NEXUS_VERSION
required: true
value: 3.18.1
- description: Volume space available for Sonatype Nexus e.g. 512Mi, 2Gi
displayName: Volume Space for Nexus
name: VOLUME_CAPACITY
required: true
value: 5Gi
- description: Max memory allocated to the Nexus pod
displayName: Max Memory
name: MAX_MEMORY
required: true
value: 2Gi
2. Nexus上Docker代理仓库的设置
创建hosted类型repository:
创建一个proxy的repository:
创建一个group类型的repository:
添加docker的Realm
3. 设置OpenShift上Nexus的Services和Route
上面创建了两个http的端口,8082和8083,所以需要创建两个对应的services:
apiVersion: v1
kind: Service
metadata:
labels:
app: nexus3
template: nexus3-template
name: nexus3-docker
namespace: cicd
spec:
ports:
- name: 8082-tcp
port: 8082
protocol: TCP
targetPort: 8082
selector:
deploymentconfig: nexus3
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
apiVersion: v1
kind: Service
metadata:
labels:
app: nexus3
template: nexus3-template
name: nexus3-docker-hosted
namespace: cicd
spec:
ports:
- name: 8083-tcp
port: 8083
protocol: TCP
targetPort: 8083
selector:
deploymentconfig: nexus3
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
创建route:
nexus3-docker:http://nexus3-docker-cicd.apps.test.openshift.com,对应nexus3-docker services
Nexus3-docker-hosted:http://nexus3-docker-hosted-cicd.apps.test.openshift.com,对应nexus3-docker-hosted services
4. Docker客户端的设置:
在/etc/docker/daemon.json里添加insecure-registries、registry-mirrors两项。
{
"insecure-registries": ["nexus3-docker-cicd.apps.test.openshift.com:80", "nexus3-docker-hosted-cicd.apps.test.openshift.com:80"],
"registry-mirrors": ["nexus3-docker-cicd.apps.test.openshift.com:80"]
}
# systemctl damon-reload
# systemctl restart docker
文档结束。
