From c149241ee37848c513bf5ce2ff3a07c6234c9911 Mon Sep 17 00:00:00 2001 From: Matt Rogers Date: Thu, 22 Aug 2024 10:04:12 +0100 Subject: [PATCH] fix: update nexus setup scripts, nginx config, portforwards --- .gitignore | 3 +++ tilt/nexus-cr/Tiltfile | 37 ++++++++++++++++----------------- tilt/nexus-cr/nexusPassword.sh | 22 ++++++++++---------- tilt/nexus-cr/nexusSetup.sh | 8 +++++-- tilt/nexus-cr/nginx/values.yaml | 20 ++---------------- 5 files changed, 40 insertions(+), 50 deletions(-) diff --git a/.gitignore b/.gitignore index 791bd40..c52be21 100644 --- a/.gitignore +++ b/.gitignore @@ -47,3 +47,6 @@ bitbucket.crt # Helm Unittest Debug charts/snyk-broker/.debug + +# Tiltfile local resources +tilt/nexus-cr/admin.txt diff --git a/tilt/nexus-cr/Tiltfile b/tilt/nexus-cr/Tiltfile index 39c32c9..17c97b7 100644 --- a/tilt/nexus-cr/Tiltfile +++ b/tilt/nexus-cr/Tiltfile @@ -1,7 +1,6 @@ allow_k8s_contexts('docker-desktop') load('ext://execute_in_pod', 'execute_in_pod') load('ext://helm_resource', 'helm_resource', 'helm_repo') -load('ext://uibutton', 'cmd_button', 'text_input', 'location') ## Add the Bitnami Helm Repo helm_repo('bitnami','https://charts.bitnami.com/bitnami') # Set up a PVC for Nexus @@ -23,24 +22,24 @@ helm_resource( ], port_forwards=[8443, 8080] ) -k8s_resource(workload='nexus3',port_forwards=8083) -local_resource( - name="nexus3 password reset", - cmd="./nexusPassword.sh", - resource_deps=[ - 'nexus3', - 'nginx' - ], - labels=['nexus3'], -) -local_resource( - name="nexus3 setup", - cmd="./nexusSetup.sh", - resource_deps=[ - "nexus3 password reset" - ], - labels=['nexus3'] -) +if config.tilt_subcommand == 'up': + local_resource( + name="nexus3 password reset", + cmd="./nexusPassword.sh", + resource_deps=[ + 'nexus3', + 'nginx' + ], + labels=['nexus3'], + ) + local_resource( + name="nexus3 setup", + cmd="./nexusSetup.sh", + resource_deps=[ + "nexus3 password reset" + ], + labels=['nexus3'] + ) # At this point you'll need to: # 1. add kubernetes.docker.internal to your insecure docker registries # 2. docker login kubernetes.docker.internal admin:admin123 diff --git a/tilt/nexus-cr/nexusPassword.sh b/tilt/nexus-cr/nexusPassword.sh index 17f482a..1391352 100755 --- a/tilt/nexus-cr/nexusPassword.sh +++ b/tilt/nexus-cr/nexusPassword.sh @@ -1,13 +1,13 @@ #!/bin/bash - +set -x ## Get the nexus3 admin password and write to disk -if ! [ -f "admin.txt" ]; then - ADMIN_PASSWORD=$(kubectl exec "$(tilt get kd nexus3 -ojsonpath='{.status.pods[0].name}')" -- cat /nexus-data/admin.password) - echo "$ADMIN_PASSWORD" > admin.txt - # Change the initial password to admin123 - curl -ifu "admin:$ADMIN_PASSWORD" \ - -X PUT \ - -H 'Content-Type: text/plain' \ - --data "admin123" \ - http://localhost:80/service/rest/v1/security/users/admin/change-password -fi +ADMIN_PASSWORD=$(kubectl exec "$(tilt get kd nexus3 -ojsonpath='{.status.pods[0].name}')" -- cat /nexus-data/admin.password) +echo "$ADMIN_PASSWORD" > admin.txt +# Change the initial password to admin123 +curl -ifu "admin:$ADMIN_PASSWORD" \ + --fail \ + -k \ + -X PUT \ + -H 'Content-Type: text/plain' \ + --data "admin123" \ + https://localhost:8443/service/rest/v1/security/users/admin/change-password diff --git a/tilt/nexus-cr/nexusSetup.sh b/tilt/nexus-cr/nexusSetup.sh index de375b2..2af8266 100755 --- a/tilt/nexus-cr/nexusSetup.sh +++ b/tilt/nexus-cr/nexusSetup.sh @@ -7,10 +7,12 @@ fi ## Anonymous Access curl -X PUT \ - 'http://localhost/service/rest/v1/security/anonymous' \ + 'https://localhost:8443/service/rest/v1/security/anonymous' \ -H 'accept: application/json' \ -H 'Content-Type: application/json' \ -u admin:admin123 \ + -k \ + --fail-with-body \ -d '{ "enabled": true, "userId": "admin", @@ -19,9 +21,11 @@ curl -X PUT \ # Create a docker repo curl -X POST \ - http://localhost:80/service/rest/v1/repositories/docker/hosted \ + https://localhost:8443/service/rest/v1/repositories/docker/hosted \ -H "Content-Type: application/json" \ + -k \ -u admin:admin123 \ + --fail-with-body \ -d '{ "name": "docker", "online": true, diff --git a/tilt/nexus-cr/nginx/values.yaml b/tilt/nexus-cr/nginx/values.yaml index 0bad2a0..1f95a8f 100644 --- a/tilt/nexus-cr/nginx/values.yaml +++ b/tilt/nexus-cr/nginx/values.yaml @@ -35,29 +35,13 @@ serverBlock: |- } server { - listen 8080; + listen 8081; resolver 10.96.0.10 valid=10s; server_name nginx ssl off; - # Docker /v2 and /v1 (for search) requests - location /v2 { - proxy_set_header Host $host:$server_port; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto "http"; - proxy_pass http://nexus3.default.svc.cluster.local:8081/repository/docker/$request_uri; - } - location /v1 { - proxy_set_header Host $host:$server_port; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto "http"; - proxy_pass http://nexus3.default.svc.cluster.local:8081/repository/docker/$request_uri; - } - - # Regular Nexus requests + # Simulates a Docker registry exposed on port 8081 location / { proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr;