Introduction
Nexus Repository OSS is an open source repository that supports many artifact formats, including Docker, Java™, and npm. With the Nexus tool integration, pipelines in your toolchain can publish and retrieve versioned apps and their dependencies by using central repositories that are accessible from other environments.
Why Nexus on Kubernetes?
The deployment allows you to control the range of available and excess pods through maxSurge and maxUnavailable fields. With a rolling update strategy there is no downtime during the update process and serving/exposing it outside the cluster.
Why Custom Docker Registry?
A Docker registry is organized into Docker repositories , where a repository holds all the versions of a specific image. The registry allows Docker users to pull images locally, as well as push new images to the registry (given adequate access permissions when applicable). Nowadays most companies focus on having their code deployed on private and publicly restricted servers that’s why we are creating a custom docker registry on nexus.
Helm Charts
Helm helps in managing Kubernetes apps. Helm Charts define, install, and upgrade even the most complex Kubernetes application. The charts are easy to create, version, share, and publish.
Let us see how we can use Nexus Helm Chart on Kubernetes Cluster as a Custom Docker Registry
Prerequisites
- Docker v19.03.13
- Kubernetes cluster v1.19.3
- Helm installed v3.4.1
- Nexus Helm Chart which can be downloaded from here : https://github.com/helm/charts/tree/master/stable/sonatype-nexus
Procedure
Install Nexus Over Kubernetes Cluster
- Download the helm chart for nexus from the above mentioned git repository
- Change the following values in values.yaml for configuration and accessing nexus outside the kubernetes cluster.
nexusProxy: enabled: false # svcName: pro persistence: enabled: false # # To use an additional service, set enable to true service: # name: additional-svc # targetPort defines the port where the nexus service will be exposed enabled: true labels: {} annotations: {} serviceType: NodePort ports: - name: nexus-service port: 8081 nodePort: 30000 - name: nexus-docker-snapshots port: 8082 nodePort: 30001 - name: nexus-docker-releases port: 8083 nodePort: 30002 - name: nexus-docker-group port: 8084 nodePort: 30003
- Edit the service.yaml inside templates add nodePort to it
Service.yaml spec: ports: {{- if .Values.service.portName }} - name: {{ .Values.service.portName }} port: {{ .Values.service.port }} targetPort: {{ .Values.service.targetPort }} nodePort: {{ .Values.service.nodePort }}
- After that we need to install the helm chart by moving into the sonatype-nexus directory and running the command in terminal:
C:\Users\Admin\Desktop\nexus\sonatype-nexus>helm install nexus
You can check the helm chart installed by using command:
PS C:\Users\Admin> helm ls NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION nexus default 1 2020-12-10 02:07:28.7174933 +0530 IST deployed sonatype-nexus-1.23.1 3.20.1-01
- Once the chart is install wait until the deployment get in ready state you can keep checking for the deployment state by command:
Not Ready State C:\Users\Admin\Desktop\nexus\sonatype-nexus>kubectl get deployments NAME READY UP-TO-DATE AVAILABLE AGE nexus-sonatype-nexus 0/1 1 0 33s Ready State C:\Users\Admin\Desktop\nexus\sonatype-nexus>kubectl get deployments NAME READY UP-TO-DATE AVAILABLE AGE nexus-sonatype-nexus 1/1 1 1 2m
- Once the deployment gets ready we can check at which port nexus is running and start accessing nexus at localhost:30000
- Login to Nexus using credentials
admin admin123
Create Docker Repository on nexus
1. Create a new repository named as docker-snapshots with recipe docker(hosted)
2. Repeat the same process again named as docker-releases with recipe docker(hosted)
3. Now we have to create a docker-group repository with recipe of docker group to pull image from any of these docker-repository
4. Add docker hosted repositories to docker group and save the repository
Configure machine to access docker registry
Now we have to add the docker repository URL to insecure registries in docker to start using the docker registry.
For Windows and Mac machine users:
You’ll want to open the docker settings, go to the docker engine tab and add the URL “localhost:30001”,“localhost:30002”,“localhost:30003” into “insecure-registries”
Apply and restart Docker
On Ubuntu 16.x and CentOS:
You’ll need to edit or create /etc/docker/daemon.json and add this to the file: { "insecure-registries" : ["localhost:30001","localhost:30002","localhost:30003"] } Then restart Docker with sudo systemctl restart docker. Now one can pull or push the docker image into these custom registries.
Test pushing and pulling a docker image
1. Login to Docker registries
PS C:\Users\Admin> docker login http://localhost:30001 Username: admin Password: admin123 Login Succeeded PS C:\Users\Admin> docker login http://localhost:30002 Username: admin Password: admin123 Login Succeeded PS C:\Users\Admin> docker login http://localhost:30003 Username: admin Password: admin123 Login Succeeded
2. Pull a sample image from docker hub and tag it for docker-snapshots
PS C:\Users\Admin> docker pull docker/getting-started Using default tag: latest latest: Pulling from docker/getting-started Digest: sha256:b821569034e3b5fae03b40e64a866017067f3bf17effe185b782bdbf02179528 Status: Image is up to date for docker/getting-started:latest docker.io/docker/getting-started:latest PS C:\Users\Admin> docker tag docker/getting-started localhost:30001/docker/getting-started:1.0.0
3. Push the tagged image to docker registry
PS C:\Users\Admin> docker push localhost:30001/docker/getting-started:1.0.0 The push refers to repository [localhost:30001/docker/getting-started] ce83f2c2b3ed: Pushed 231fd12dac65: Pushed 468af79aab10: Pushed fbf82c12d86e: Pushed 4dc20fbc0e8d: Pushed b831cc3ae47e: Pushed ace0eda3e3be: Pushed 1.0.0: digest: sha256:219a0e457a437eba6a09e8d954c9e8ea3b29632a8d1b515285b782713c8fc26b size: 1782
4. Test pulling the image back from registry
PS C:\Users\Admin> docker pull localhost:30001/docker/getting-started:1.0.0 1.0.0: Pulling from docker/getting-started Digest: sha256:219a0e457a437eba6a09e8d954c9e8ea3b29632a8d1b515285b782713c8fc26b Status: Image is up to date for localhost:30001/docker/getting-started:1.0.0 localhost:30001/docker/getting-started:1.0.0
Do check out our other blogs here.