AllardDCS/kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
allard
2025-11-23 18:58:51 +01:00
commit 376a944abc
1553 changed files with 314731 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
riscv/nexus/catalog-info.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: backstage.io/v1alpha1
kind: Component
metadata:
name: riscv-nexus
title: Nexus (riscv)
spec:
type: service
lifecycle: production
owner: platform-team
partOf:
- ../catalog-info.yaml

23
riscv/nexus/keytool/allarddcs.nl.cert Normal file
View File

@@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIID1TCCAr2gAwIBAgIIVTEAVNvb6f8wDQYJKoZIhvcNAQELBQAweDELMAkGA1UE
BhMCVVMxFDASBgNVBAgTC1Vuc3BlY2lmaWVkMRQwEgYDVQQHEwtVbnNwZWNpZmll
ZDERMA8GA1UEChMIU29uYXR5cGUxETAPBgNVBAsTCFNvbmF0eXBlMRcwFQYDVQQD
DA4qLmFsbGFyZGRjcy5ubDAeFw0yNTEwMjYwOTExMzRaFw0zOTA3MDUwOTExMzRa
MHgxCzAJBgNVBAYTAlVTMRQwEgYDVQQIEwtVbnNwZWNpZmllZDEUMBIGA1UEBxML
VW5zcGVjaWZpZWQxETAPBgNVBAoTCFNvbmF0eXBlMREwDwYDVQQLEwhTb25hdHlw
ZTEXMBUGA1UEAwwOKi5hbGxhcmRkY3MubmwwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCkVO2YgFo4sTybZaG4YHCsDHTL2WyAYggnW+yUDei5pnrFTYFk
F7k87xSxs0WeJtf0kiZhjj8dBMqfvSNf0VNKEIw1EBUXcn/R/ymE5aAraQOAsBhu
HPWCnbTZdplUwDR64B9+pn8uZ/qSkfJZ6pCsGcTa/hvl1inWMZJQgiKnkn17WMP9
CSt8BOwy9HpadfSdLt1wkfyNQs5vHsPFwadCfXIgwxhN7NnN4Z9iPU1asfZa6Y2d
ndIocLNIB4YfMfZ15TX/dPGqiJ9qdcsdGMgcqFIC4e+N1reHNubnGKh/CdvP6LGC
IzorF83F81CoMjTKNGTZQ6WBM7qP36Y2NFuxAgMBAAGjYzBhMB0GA1UdDgQWBBQn
IWPFZINR46eiDT4GB4qB+hI/mTBABgNVHREEOTA3ghhuZXh1cy1yaXNjdi5hbGxh
cmRkY3MubmyCG3JlZ2lzdHJ5LXJpc2N2LmFsbGFyZGRjcy5ubDANBgkqhkiG9w0B
AQsFAAOCAQEAD+wcG658hrsu7M5rrKDK7U1qYJMliu6nnU/vl84YRwPHmWgcbrS3
5Q2EudR0PyS1/YsNJH5HAANmu6K6My7/f+l6DBeiONs0FCZAqobgpHy5V8PCIOTt
tIP/lGoZe+USojc8VydTYzdG70AASF5R5No4w0vozDFuQptaVI0AmOH/7WMYjNlW
PSZGKZt/m/9Fd//kDjUvwLvYnGYKTx49GU3ZHyiDLxFdPl9lyLMq9M0jdx2BzLVz
HTtBJ6Rz5WtL1e7cUQclYugNlJoqRrnMNz/M8gVXzTqiqg4AEQYQHZHK1FFhuz55
qUDjUDlP2psKFiKLXzKKyP1ugF/5Pm0/lw==
-----END CERTIFICATE-----

32
riscv/nexus/keytool/allarddcs.nl.key Normal file
View File

@@ -0,0 +1,32 @@
Bag Attributes
friendlyName: allarddcs.nl
localKeyID: 54 69 6D 65 20 31 37 36 31 34 36 39 39 37 35 39 30 37
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCkVO2YgFo4sTyb
ZaG4YHCsDHTL2WyAYggnW+yUDei5pnrFTYFkF7k87xSxs0WeJtf0kiZhjj8dBMqf
vSNf0VNKEIw1EBUXcn/R/ymE5aAraQOAsBhuHPWCnbTZdplUwDR64B9+pn8uZ/qS
kfJZ6pCsGcTa/hvl1inWMZJQgiKnkn17WMP9CSt8BOwy9HpadfSdLt1wkfyNQs5v
HsPFwadCfXIgwxhN7NnN4Z9iPU1asfZa6Y2dndIocLNIB4YfMfZ15TX/dPGqiJ9q
dcsdGMgcqFIC4e+N1reHNubnGKh/CdvP6LGCIzorF83F81CoMjTKNGTZQ6WBM7qP
36Y2NFuxAgMBAAECggEAAPNppiA+ZWWUVctyWObCwCJ/HbU8WeHQ7XYsTQ8BJOtz
RzQtM3vcdOwznabNfrf3nlENXjMi5yZ7JafdtIg5h/KTw4E8UTTQZVHco6NqGDyb
UJTnda7YaZ3cyTiIDcpIg3PlVFsSRIQSTX00S2Dk3wBz9/BqD08vhS9apJMClrjR
fbJQjuhDJzOdoIbs3+pwCTLJdBDip8QQ6b6WwbSnYBb8yoAofR/GBZUP4Q6EoFER
WrXRaiwAS97KtJO0QrJap7VnC8JBR79irzJ/6C1ZOSomP2NJu571AetLPlSZBNo/
LQcdOTOktV90eYwD6wVEqcHhl99seonH6beDYHO0oQKBgQDEwRbbXFc9gf48Iufh
N8GMGG6oUVhLqib4cGWjIrU6MnpSdE3C/AOkVZqhlhO6Aqwh311pFfhLazdfkqcc
wuaMJhxCNsG8rzOT1zUuiJlTe3Le19TR31qmQtLQ+tsENWrCxL939n5jf470zo0o
9/dgeUKA8hqps6ZgvZVW06C06wKBgQDV0Ig3vDm4VILjRjmPHcSktrF0i9Lbp3uD
OE7uwBItXuO+iLZJHM49vGgHtXsSgqA/B3Kso1Cv31Mh6CNbUVkVvwDht56FuP4R
7s638AE1502cQcc6gKbZlkfBpzeZlkTicdnuzPLw/PoZGaIyD5BgUNjx11nk4AKD
vzwR1sY60wKBgBhUaCcn/AG3GWEGT/YhluVkAAsARBLXL4p5G5hYqmBP7aBUkWkT
EMA5da2ViUrvGan2nO5psRJiZ66By/hagXfDHqtxafOTFqWpbwIaEhuooEO+HKr3
G5aDnN4KpxqWIGWFPsfuyyIym9LZ18rBHu3nELoxNerWNDSyPM1Hzg+RAoGBAMXQ
tYYjPZ+diK7utKgFGX5ujAVQq5eO/0Wq3dQjnW2egcQwxb0kymbxnamsLJ42fj1y
DZVNT4Q3cLlJBRUiUPI+kXlDIYWEXoOG1nf0s5oEUpiDfuhQSI28bMzsgRM2pKqA
POmjcgylcFmyjo4UOjXx9pTg8Yk/+vObBN9YPnQDAoGAO4u2kpFG9n9EkUOpbr8f
x7VLpublPyWaL8PxqPR/816eaQwibf++Kd8d5pc8ILhCLGljbUIysR7DcfFOKaTU
qkMS699oq/zRD+VzeS5DxQhCAEzBezYf1+SYwJ9kCw4kduS+jgLgzpZTjlnZt65W
FyIeu0701aGQIYPMHjetBAE=
-----END PRIVATE KEY-----

BIN
riscv/nexus/keytool/allarddcs.nl.p12 Normal file
View File

Binary file not shown.

4
riscv/nexus/keytool/create-cert-secret.sh Executable file
View File

@@ -0,0 +1,4 @@
kubectl create secret tls nexus-cert \
--cert=allarddcs.nl.cert \
--key=allarddcs.nl.key \
-n nexus

10
riscv/nexus/keytool/create-keystore.sh Executable file
View File

@@ -0,0 +1,10 @@
keytool -genkeypair -keystore keystore.jks -storepass password -alias allarddcs.nl \
-keyalg RSA -keysize 2048 -validity 5000 -keypass password \
-dname 'CN=*.allarddcs.nl, OU=Sonatype, O=Sonatype, L=Unspecified, ST=Unspecified, C=US' \
-ext 'SAN=DNS:nexus-riscv.allarddcs.nl,DNS:registry-riscv.allarddcs.nl'
keytool -exportcert -keystore keystore.jks -alias allarddcs.nl -rfc > allarddcs.nl.cert
keytool -importkeystore -srckeystore keystore.jks -destkeystore allarddcs.nl.p12 -deststoretype PKCS12
openssl pkcs12 -nocerts -nodes -in allarddcs.nl.p12 -out allarddcs.nl.key

BIN
riscv/nexus/keytool/keystore.jks Normal file
View File

Binary file not shown.

156
riscv/nexus/nexus-passthrough.yaml Executable file
View File

@@ -0,0 +1,156 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: nexus
namespace: nexus
labels:
app: nexus
spec:
replicas: 1
selector:
matchLabels:
app: nexus
template:
metadata:
labels:
app: nexus
spec:
containers:
- name: nexus
image: allardkrings/riscv64-nexus
resources:
requests:
memory: "2Gi"
cpu: "1000m"
limits:
memory: "4Gi"
cpu: "2000m"
ports:
- containerPort: 8081
name: web
- containerPort: 8443
name: websecure
- containerPort: 8444
name: docker
volumeMounts:
# Nexus work directory
- mountPath: /opt/sonatype/sonatype-work/nexus3
name: nexus-data
subPath: data-dir
# SSL keystore
- mountPath: /opt/sonatype/nexus/etc/ssl
name: nexus-data
subPath: ssl
env:
- name: INSTALL4J_ADD_VM_PARAMS
value: "-XX:ActiveProcessorCount=4 -Djava.util.prefs.userRoot=/opt/sonatype/sonatype-work/nexus3/javaprefs"
- name: NEXUS_SECURITY_SSL_KEYSTORE_PATH
value: /opt/sonatype/nexus/etc/ssl/allarddcs.nl.p12
- name: NEXUS_SECURITY_SSL_KEYSTORE_PASSWORD
value: "password"
volumes:
- name: nexus-data
persistentVolumeClaim:
claimName: nexus-pvc
---
apiVersion: v1
kind: Service
metadata:
name: nexus
namespace: nexus
spec:
ports:
- name: web
targetPort: 8081
port: 8081
- name: websecure
targetPort: 8443
port: 8443
- name: docker
targetPort: 8444
port: 8444
selector:
app: nexus
type: ClusterIP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nexus-http
namespace: nexus
spec:
entryPoints:
- web
routes:
- match: Host(`nexus-riscv.allarddcs.nl`)
kind: Rule
services:
- name: nexus
port: 8081
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: nexus-tls
namespace: nexus
spec:
entryPoints:
- websecure
routes:
- match: HostSNI(`nexus-riscv.allarddcs.nl`)
services:
- name: nexus
port: 8443
tls:
passthrough: true
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: registry-tcp-tls
namespace: nexus
spec:
entryPoints:
- docker
routes:
- match: HostSNI(`registry-riscv.allarddcs.nl`)
services:
- name: nexus
port: 8444
tls:
passthrough: true
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nexus-pv
spec:
storageClassName: ""
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/nexus/riscv
readOnly: false
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nexus-pvc
namespace: nexus
spec:
storageClassName: ""
volumeName: nexus-pv
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 1Gi

126
riscv/nexus/nexus-passthrough2.yaml Normal file
View File

@@ -0,0 +1,126 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: nexus
namespace: nexus
labels:
app: nexus
spec:
replicas: 1
selector:
matchLabels:
app: nexus
template:
metadata:
labels:
app: nexus
spec:
containers:
- name: nexus
image: allardkrings/riscv64-nexus
resources:
requests:
memory: "2Gi"
cpu: "1000m"
limits:
memory: "4Gi"
cpu: "2000m"
ports:
- containerPort: 8081
name: web
- containerPort: 8443
name: websecure
- containerPort: 8444
name: docker
volumeMounts:
# Nexus work directory
- mountPath: /opt/sonatype/sonatype-work/nexus3
name: nexus-data
subPath: data-dir
env:
- name: INSTALL4J_ADD_VM_PARAMS
value: "-XX:ActiveProcessorCount=4 -Djava.util.prefs.userRoot=/opt/sonatype/sonatype-work/nexus3/javaprefs"
volumes:
- name: nexus-data
persistentVolumeClaim:
claimName: nexus-pvc
---
apiVersion: v1
kind: Service
metadata:
name: nexus
namespace: nexus
spec:
ports:
- name: web
targetPort: 8081
port: 8081
selector:
app: nexus
type: ClusterIP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nexus-http
namespace: nexus
spec:
entryPoints:
- web
routes:
- match: Host(`nexus-riscv.allarddcs.nl`)
kind: Rule
services:
- name: nexus
port: 8081
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: nexus-tls
namespace: nexus
spec:
entryPoints:
- websecure
routes:
- match: HostSNI(`nexus-riscv.allarddcs.nl`)
services:
- name: nexus
port: 8081
tls:
passthrough: true
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nexus-pv
spec:
storageClassName: ""
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/nexus/riscv
readOnly: false
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nexus-pvc
namespace: nexus
spec:
storageClassName: ""
volumeName: nexus-pv
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 1Gi

123
riscv/nexus/nexus.yaml Executable file
View File

@@ -0,0 +1,123 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: nexus
namespace: nexus
labels:
app: nexus
spec:
replicas: 1
selector:
matchLabels:
app: nexus
template:
metadata:
labels:
app: nexus
spec:
containers:
- name: nexus
image: allardkrings/riscv64-nexus
resources:
requests:
memory: "1Gi"
cpu: "500m"
limits:
memory: "2Gi"
cpu: "1000m"
ports:
- containerPort: 8081
name: web
volumeMounts:
# Nexus work directory
- mountPath: /opt/sonatype/sonatype-work/nexus3
name: nexus-data
subPath: data-dir
env:
- name: INSTALL4J_ADD_VM_PARAMS
value: "-XX:ActiveProcessorCount=4 -Djava.util.prefs.userRoot=/opt/sonatype/sonatype-work/nexus3/javaprefs"
volumes:
- name: nexus-data
persistentVolumeClaim:
claimName: nexus-pvc
---
apiVersion: v1
kind: Service
metadata:
name: nexus
namespace: nexus
spec:
ports:
- name: web
targetPort: 8081
port: 8081
selector:
app: nexus
type: ClusterIP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nexus-http
namespace: nexus
spec:
entryPoints:
- web
routes:
- match: Host(`nexus-riscv.allarddcs.nl`)
kind: Rule
services:
- name: nexus
port: 8081
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nexus-tls
namespace: nexus
spec:
entryPoints:
- websecure
routes:
- match: Host(`nexus-riscv.allarddcs.nl`)
kind: Rule
services:
- name: nexus
port: 8081
tls:
secretName: nexus-cert
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nexus-pv
spec:
storageClassName: ""
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/nexus/riscv
readOnly: false
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nexus-pvc
namespace: nexus
spec:
storageClassName: ""
volumeName: nexus-pv
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 1Gi