fix: update nexus setup scripts, nginx config, portforwards

snyk · Aug 22, 2024 · c149241 · c149241
1 parent 4048c70
commit c149241
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 50 deletions.
diff --git a/.gitignore b/.gitignore
@@ -47,3 +47,6 @@ bitbucket.crt
 
 # Helm Unittest Debug
 charts/snyk-broker/.debug
+
+# Tiltfile local resources
+tilt/nexus-cr/admin.txt
diff --git a/tilt/nexus-cr/Tiltfile b/tilt/nexus-cr/Tiltfile
@@ -1,7 +1,6 @@
 allow_k8s_contexts('docker-desktop')
 load('ext://execute_in_pod', 'execute_in_pod')
 load('ext://helm_resource', 'helm_resource', 'helm_repo')
-load('ext://uibutton', 'cmd_button', 'text_input', 'location')
 ## Add the Bitnami Helm Repo
 helm_repo('bitnami','https://charts.bitnami.com/bitnami')
 # Set up a PVC for Nexus
@@ -23,24 +22,24 @@ helm_resource(
   ],
   port_forwards=[8443, 8080]
 )
-k8s_resource(workload='nexus3',port_forwards=8083)
-local_resource(
-  name="nexus3 password reset",
-  cmd="./nexusPassword.sh",
-  resource_deps=[
-    'nexus3',
-    'nginx'
-  ],
-  labels=['nexus3'],
-)
-local_resource(
-  name="nexus3 setup",
-  cmd="./nexusSetup.sh",
-  resource_deps=[
-    "nexus3 password reset"
-  ],
-  labels=['nexus3']
-)
+if config.tilt_subcommand == 'up':
+  local_resource(
+    name="nexus3 password reset",
+    cmd="./nexusPassword.sh",
+    resource_deps=[
+      'nexus3',
+      'nginx'
+    ],
+    labels=['nexus3'],
+  )
+  local_resource(
+    name="nexus3 setup",
+    cmd="./nexusSetup.sh",
+    resource_deps=[
+      "nexus3 password reset"
+    ],
+    labels=['nexus3']
+  )
 # At this point you'll need to:
 # 1. add kubernetes.docker.internal to your insecure docker registries
 # 2. docker login kubernetes.docker.internal admin:admin123

diff --git a/tilt/nexus-cr/nexusPassword.sh b/tilt/nexus-cr/nexusPassword.sh
@@ -1,13 +1,13 @@
 #!/bin/bash
-
+set -x
 ## Get the nexus3 admin password and write to disk
-if ! [ -f "admin.txt" ]; then
-  ADMIN_PASSWORD=$(kubectl exec "$(tilt get kd nexus3 -ojsonpath='{.status.pods[0].name}')" -- cat /nexus-data/admin.password)
-  echo "$ADMIN_PASSWORD" > admin.txt
-  # Change the initial password to admin123
-  curl -ifu "admin:$ADMIN_PASSWORD" \
-    -X PUT \
-    -H 'Content-Type: text/plain' \
-    --data "admin123" \
-    http://localhost:80/service/rest/v1/security/users/admin/change-password
-fi
+ADMIN_PASSWORD=$(kubectl exec "$(tilt get kd nexus3 -ojsonpath='{.status.pods[0].name}')" -- cat /nexus-data/admin.password)
+echo "$ADMIN_PASSWORD" > admin.txt
+# Change the initial password to admin123
+curl -ifu "admin:$ADMIN_PASSWORD" \
+  --fail \
+  -k \
+  -X PUT \
+  -H 'Content-Type: text/plain' \
+  --data "admin123" \
+  https://localhost:8443/service/rest/v1/security/users/admin/change-password
diff --git a/tilt/nexus-cr/nexusSetup.sh b/tilt/nexus-cr/nexusSetup.sh
@@ -7,10 +7,12 @@ fi
 
 ## Anonymous Access
 curl -X PUT \
-  'http://localhost/service/rest/v1/security/anonymous' \
+  'https://localhost:8443/service/rest/v1/security/anonymous' \
   -H 'accept: application/json' \
   -H 'Content-Type: application/json' \
   -u admin:admin123 \
+  -k \
+  --fail-with-body \
   -d '{
   "enabled": true,
   "userId": "admin",
@@ -19,9 +21,11 @@ curl -X PUT \
 
 # Create a docker repo
 curl -X POST \
-  http://localhost:80/service/rest/v1/repositories/docker/hosted \
+  https://localhost:8443/service/rest/v1/repositories/docker/hosted \
   -H "Content-Type: application/json" \
+  -k \
   -u admin:admin123 \
+  --fail-with-body \
   -d '{
     "name": "docker",
     "online": true,

diff --git a/tilt/nexus-cr/nginx/values.yaml b/tilt/nexus-cr/nginx/values.yaml
@@ -35,29 +35,13 @@ serverBlock: |-
   }
 
   server {
-    listen 8080;
+    listen 8081;
     resolver 10.96.0.10 valid=10s;
     server_name nginx
 
     ssl off;
 
-    # Docker /v2 and /v1 (for search) requests
-    location /v2 {
-      proxy_set_header Host $host:$server_port;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header X-Forwarded-Proto "http";
-      proxy_pass http://nexus3.default.svc.cluster.local:8081/repository/docker/$request_uri;
-    }
-    location /v1 {
-      proxy_set_header Host $host:$server_port;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header X-Forwarded-Proto "http";
-      proxy_pass http://nexus3.default.svc.cluster.local:8081/repository/docker/$request_uri;
-    }
-
-    # Regular Nexus requests
+    # Simulates a Docker registry exposed on port 8081
     location / {
       proxy_set_header Host $host:$server_port;
       proxy_set_header X-Real-IP $remote_addr;