alexsun/helm-anything
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add support for Apache Airflow, ArgoCD, Jenkins, and Nexus with corresponding configurations

Browse Source 
- Added Apache Airflow with Makefile, README, and values.yaml for deployment.
- Introduced ArgoCD with Makefile, README, and values.yaml for GitOps management.
- Implemented Jenkins with Makefile, README, and values.yaml for CI/CD automation.
- Included Nexus Repository Manager with Makefile, README, and values.yaml for artifact management.
- Updated Gitea and Vault configurations for consistency and improved documentation.
- Enhanced README files with installation instructions, usage, and configuration details in both English and Chinese.
This commit is contained in:
Sun-ZhenXing
2026-02-20 17:25:14 +08:00
parent 990b40d730
commit bfa41fb903
25 changed files with 1322 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
README.md
View File

@@ -10,27 +10,72 @@ This project provides a collection of Helm chart configurations for popular serv
The following services are currently supported:
### Databases & Storage
- ClickHouse
- DuckDB
- Elasticsearch
- etcd
- HBase
- Kafka
- Keycloak
- Kibana
- Langfuse
- MariaDB
- Milvus
- MinIO
- MongoDB
- Nginx
- OpenTelemetry Collector
- Phoenix
- MySQL
- Neo4j
- PostgreSQL
- Pulsar
- RabbitMQ
- RabbitMQ Cluster Operator
- Redis
- Valkey
- Vault
- ZooKeeper
### DevOps & CI/CD
- ArgoCD
- Gitea
- Gitea Runner
- GitLab
- GitLab Runner
- Harbor
- Jenkins
- Nexus
### Data & Analytics
- Airflow
- Apache Flink
### Observability & Monitoring
- Grafana
- Kibana
- Langfuse
- Loki
- OpenTelemetry Collector
- Phoenix
- Prometheus
### Streaming & API Gateway
- Apache Pulsar
- Kong
- Nginx
### AI & ML
- LiteLLM
- MLflow
- Open WebUI
### Identity & Service Mesh
- Keycloak
- Nacos
Each service has its own directory under `src/`, containing:
- `Makefile`: Service-specific configuration

16
src/airflow/Makefile Normal file
View File

@@ -0,0 +1,16 @@
HELM_RELEASE_NAME ?= airflow
HELM_APPLICATION_NAME ?= airflow
HELM_NAMESPACE ?= airflow
HELM_DIR ?= ./helm
HELM_CHART_VERSION ?=
HELM_VALUES_FILE ?= ./values.yaml
HELM_OCI_REGISTRY ?=
HELM_OCI_NAMESPACE ?=
HELM_OCI_USERNAME ?=
HELM_OCI_PASSWORD ?=
HELM_REPO_NAME ?= apache-airflow
HELM_REPO_URL ?= https://airflow.apache.org
HELM_CHART_REPO ?= $(HELM_REPO_NAME)/$(HELM_APPLICATION_NAME)
HELM_LANE ?=
include ../_template/base.mk

61
src/airflow/README.md Normal file
View File

@@ -0,0 +1,61 @@
# Apache Airflow
## Introduction
Apache Airflow is a platform to programmatically author, schedule, and monitor workflows. It uses directed acyclic graphs (DAGs) to manage workflow orchestration.
## Installation
To install Airflow, run:
```bash
make install
```
## Usage
After installation, access Airflow:
```bash
# Port forward to access web UI
kubectl port-forward svc/airflow-webserver -n airflow 8080:8080
```
Then open <http://localhost:8080> in your browser.
Default credentials:
- Username: `admin`
- Password: `admin`
## Configuration
The default configuration includes:
- CeleryExecutor for distributed task execution
- Built-in PostgreSQL for metadata database
- Built-in Redis for Celery broker
- Single replicas for webserver, scheduler, workers, and triggerer
- 10Gi for logs persistence
## Components
- **Webserver**: Serves the UI and API
- **Scheduler**: Schedules and triggers tasks
- **Workers**: Execute tasks (CeleryExecutor)
- **Triggerer**: Runs event-based triggers
- **Flower**: Celery monitoring tool
## Adding DAGs
To add your DAGs:
1. Enable `dags.gitSync` and configure your Git repository, OR
2. Mount a persistent volume with your DAG files, OR
3. Use the Airflow UI to upload DAG files (not recommended for production)
## Customization
- Edit `values.yaml` to configure connections, variables, and pools
- Scale workers by increasing `workers.replicas`
- Enable ingress for external access

61
src/airflow/README.zh.md Normal file
View File

@@ -0,0 +1,61 @@
# Apache Airflow
## 简介
Apache Airflow 是一个以编程方式编写、调度和监控工作流的平台。它使用有向无环图 (DAG) 来管理工作流编排。
## 安装
安装 Airflow
```bash
make install
```
## 使用
安装完成后,访问 Airflow
```bash
# 端口转发以访问 Web UI
kubectl port-forward svc/airflow-webserver -n airflow 8080:8080
```
然后在浏览器中打开 <http://localhost:8080>。
默认凭据:
- 用户名:`admin`
- 密码:`admin`
## 配置
默认配置包括:
- CeleryExecutor 用于分布式任务执行
- 内置 PostgreSQL 作为元数据库
- 内置 Redis 作为 Celery 代理
- Webserver、Scheduler、Workers 和 Triggerer 均为单副本
- 10Gi 日志持久化存储
## 组件
- **Webserver**: 提供 UI 和 API
- **Scheduler**: 调度和触发任务
- **Workers**: 执行任务 (CeleryExecutor)
- **Triggerer**: 运行基于事件的触发器
- **Flower**: Celery 监控工具
## 添加 DAG
添加您的 DAG
1. 启用 `dags.gitSync` 并配置 Git 仓库,或
2. 挂载包含 DAG 文件的持久卷,或
3. 使用 Airflow UI 上传 DAG 文件(不推荐用于生产环境)
## 自定义
- 编辑 `values.yaml` 配置连接、变量和池
- 增加 `workers.replicas` 扩展 Workers
- 启用 ingress 用于外部访问

118
src/airflow/values.yaml Normal file
View File

@@ -0,0 +1,118 @@
# Apache Airflow Configuration
# https://github.com/apache/airflow/blob/main/chart/values.yaml
# Default airflow repository
defaultAirflowRepository: apache/airflow
# Default airflow tag
defaultAirflowTag: 2.9.0
# Airflow version
airflowVersion: 2.9.0
# Executor type
executor: CeleryExecutor
# Environment variables
env:
- name: AIRFLOW__CORE__LOAD_EXAMPLES
value: 'False'
- name: AIRFLOW__WEBSERVER__EXPOSE_CONFIG
value: 'True'
# Webserver configuration
webserver:
replicas: 1
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: 1000m
memory: 2Gi
service:
type: ClusterIP
# Scheduler configuration
scheduler:
replicas: 1
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: 1000m
memory: 2Gi
# Worker configuration (for CeleryExecutor)
workers:
replicas: 1
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: 1000m
memory: 2Gi
# Triggerer configuration
triggerer:
enabled: true
replicas: 1
resources:
requests:
cpu: 250m
memory: 512Mi
limits:
cpu: 500m
memory: 1Gi
# DAGs configuration
dags:
persistence:
enabled: true
size: 5Gi
accessMode: ReadWriteOnce
gitSync:
enabled: false
# Logs configuration
logs:
persistence:
enabled: true
size: 10Gi
# PostgreSQL configuration (subchart)
postgresql:
enabled: true
auth:
username: postgres
database: airflow
primary:
persistence:
enabled: true
size: 10Gi
# Redis configuration (subchart for Celery)
redis:
enabled: true
architecture: standalone
auth:
enabled: false
master:
persistence:
enabled: true
size: 5Gi
# Flower configuration
flower:
enabled: true
service:
type: ClusterIP
# Ingress configuration
ingress:
web:
enabled: false
flower:
enabled: false

16
src/argocd/Makefile Normal file
View File

@@ -0,0 +1,16 @@
HELM_RELEASE_NAME ?= argocd
HELM_APPLICATION_NAME ?= argo-cd
HELM_NAMESPACE ?= argocd
HELM_DIR ?= ./helm
HELM_CHART_VERSION ?=
HELM_VALUES_FILE ?= ./values.yaml
HELM_OCI_REGISTRY ?=
HELM_OCI_NAMESPACE ?=
HELM_OCI_USERNAME ?=
HELM_OCI_PASSWORD ?=
HELM_REPO_NAME ?= argo
HELM_REPO_URL ?= https://argoproj.github.io/argo-helm
HELM_CHART_REPO ?= $(HELM_REPO_NAME)/$(HELM_APPLICATION_NAME)
HELM_LANE ?=
include ../_template/base.mk

43
src/argocd/README.md Normal file
View File

@@ -0,0 +1,43 @@
# ArgoCD
## Introduction
ArgoCD is a declarative, GitOps continuous delivery tool for Kubernetes. It follows the GitOps pattern of using Git repositories as the source of truth for defining the desired application state.
## Installation
To install ArgoCD, run:
```bash
make install
```
Default credentials:
- Username: `admin`
- Password: `admin`
## Usage
After installation, access ArgoCD:
```bash
# Port forward to access UI
kubectl port-forward svc/argocd-server -n argocd 8080:443
# Get admin password
kubectl get secret argocd-initial-admin-secret -n argocd -o jsonpath="{.data.password}" | base64 -d
```
Then open <https://localhost:8080> in your browser.
## Configuration
The default configuration includes:
- Single Redis instance
- Single controller replica
- Single repo server
- Dex enabled for SSO
For production, consider enabling HA mode with multiple replicas.

43
src/argocd/README.zh.md Normal file
View File

@@ -0,0 +1,43 @@
# ArgoCD
## 简介
ArgoCD 是一个用于 Kubernetes 的声明式、GitOps 持续交付工具。它遵循 GitOps 模式,使用 Git 仓库作为定义期望应用状态的单一事实来源。
## 安装
安装 ArgoCD
```bash
make install
```
默认凭据:
- 用户名:`admin`
- 密码:`admin`
## 使用
安装完成后,访问 ArgoCD
```bash
# 端口转发以访问 UI
kubectl port-forward svc/argocd-server -n argocd 8080:443
# 获取管理员密码
kubectl get secret argocd-initial-admin-secret -n argocd -o jsonpath="{.data.password}" | base64 -d
```
然后在浏览器中打开 <https://localhost:8080>。
## 配置
默认配置包括:
- 单 Redis 实例
- 单控制器副本
- 单仓库服务器
- 启用 Dex 用于 SSO
生产环境建议启用 HA 模式,使用多副本部署。

31
src/argocd/values.yaml Normal file
View File

@@ -0,0 +1,31 @@
# Argo CD Configuration
# https://github.com/argoproj/argo-helm/blob/main/charts/argo-cd/values.yaml
configs:
secret:
argocdServerAdminPassword: $2a$10$m9ZR7FP.6zSFhjDHndyeJuruTzZNjf7qCkybF7N7sNCGBqDXm7vwK # admin
argocdServerAdminPasswordMtime: '2024-01-01T00:00:00Z'
server:
service:
type: ClusterIP
ingress:
enabled: false
dex:
enabled: true
redis:
enabled: true
repoServer:
replicas: 1
controller:
replicas: 1
applicationSet:
enabled: true
notifications:
enabled: false

2
src/gitea-runner/Makefile
View File

@@ -8,7 +8,7 @@ HELM_OCI_REGISTRY ?=
HELM_OCI_NAMESPACE ?=
HELM_OCI_USERNAME ?=
HELM_OCI_PASSWORD ?=
HELM_REPO_NAME ?= gitea-charts
HELM_REPO_NAME ?= gitea
HELM_REPO_URL ?= https://dl.gitea.com/charts
HELM_CHART_REPO ?= $(HELM_REPO_NAME)/actions
HELM_LANE ?=

122
src/gitea/README.md
View File

@@ -9,9 +9,18 @@ Gitea is a community managed lightweight code hosting solution written in Go. It
To install Gitea, run:
```bash
make repo-add
make install
```
Or directly:
```bash
helm repo add gitea https://dl.gitea.com/charts
helm repo update
helm install gitea gitea/gitea -f values.yaml
```
## Usage
After installation, verify the deployment:
@@ -28,7 +37,116 @@ kubectl port-forward svc/gitea-http 3000:3000 -n gitea
Then open <http://localhost:3000> in your browser.
Default admin credentials:
- Username: `gitea_admin`
- Password: `r8sA8CPHD9!bt6d`
## Configuration
### Current Configuration (Development)
当前配置为单实例开发环境,使用 SQLite 数据库。
### Production Configuration (High Availability)
生产环境建议使用以下配置(需取消注释并配置):
```yaml
# 1. 禁用 SQLite启用 PostgreSQL
valkey-cluster:
enabled: true # 启用 Valkey 集群(缓存/会话/队列)
postgresql-ha:
enabled: true # 启用 PostgreSQL HA
gitea:
config:
database:
DB_TYPE: postgres
```
### Single-Pod Production (Non-HA)
如需单机生产环境(非高可用):
```yaml
valkey-cluster:
enabled: false
valkey:
enabled: true
postgresql:
enabled: true
postgresql-ha:
enabled: false
gitea:
config:
database:
DB_TYPE: postgres
```
### External Database
使用外部数据库:
```yaml
postgresql:
enabled: false
postgresql-ha:
enabled: false
gitea:
config:
database:
DB_TYPE: postgres # or mysql
HOST: my-db-host:5432
NAME: gitea
USER: gitea
PASSWD: secret
```
### Ingress Configuration
```yaml
ingress:
enabled: true
hosts:
- host: git.example.com
paths:
- path: /
tls:
- secretName: gitea-tls
hosts:
- git.example.com
```
## Helm Chart Values
查看所有可配置参数:
```bash
make values
# 或
helm show values gitea/gitea > gitea-values.yaml
```
## Important Changes (v12.x)
- **Redis → Valkey**: Chart v12.x 从 Redis 迁移到 Valkey/Valkey-cluster 作为缓存
- **Rootless by default**: 默认使用 rootless 镜像(更安全)
- **PostgreSQL-HA by default**: 默认使用 PostgreSQL HA高可用
## Documentation
- [Official Gitea Documentation](https://docs.gitea.com/)
- [Helm Chart Source](https://gitea.com/gitea/helm-chart)
- [Gitea Documentation](https://docs.gitea.com/)
- [Gitea Chinese Documentation](https://docs.gitea.cn/)
- [Gitea Helm Chart Source](https://gitea.com/gitea/helm-gitea)
- [Kubernetes Installation Guide](https://docs.gitea.cn/installation/install-on-kubernetes)
- [Gitea Configuration Cheat Sheet](https://docs.gitea.com/administration/config-cheat-sheet)
## Upgrade Notes
从旧版本升级时请参考:
- [Helm Chart Upgrading Guide](https://gitea.com/gitea/helm-gitea#upgrading)

122
src/gitea/README.zh.md
View File

@@ -9,9 +9,18 @@ Gitea 是一个社区管理的轻量级代码托管解决方案,使用 Go 语
要安装 Gitea请运行
```bash
make repo-add
make install
```
或者直接使用 Helm
```bash
helm repo add gitea https://dl.gitea.com/charts
helm repo update
helm install gitea gitea/gitea -f values.yaml
```
## 使用
安装完成后,验证部署:
@@ -28,7 +37,114 @@ kubectl port-forward svc/gitea-http 3000:3000 -n gitea
然后在浏览器中打开 <http://localhost:3000>。
## 文档
默认管理员账户:
- [官方 Gitea 文档](https://docs.gitea.com/)
- [Helm Chart 源码](https://gitea.com/gitea/helm-chart)
- 用户名:`gitea_admin`
- 密码:`r8sA8CPHD9!bt6d`
## 配置说明
### 当前配置(开发环境)
当前配置为单实例开发环境,使用 SQLite 数据库,适合快速测试和开发。
### 生产环境配置(高可用)
生产环境建议使用以下配置:
```yaml
# 启用 Valkey 集群和 PostgreSQL HA
valkey-cluster:
enabled: true # 启用 Valkey 集群作为缓存/会话/队列存储
postgresql-ha:
enabled: true # 启用 PostgreSQL 高可用
gitea:
config:
database:
DB_TYPE: postgres
```
### 单机生产环境(非高可用)
如需单机生产环境:
```yaml
valkey-cluster:
enabled: false
valkey:
enabled: true
postgresql:
enabled: true
postgresql-ha:
enabled: false
gitea:
config:
database:
DB_TYPE: postgres
```
### 使用外部数据库
如需使用外部数据库:
```yaml
postgresql:
enabled: false
postgresql-ha:
enabled: false
gitea:
config:
database:
DB_TYPE: postgres # 或 mysql
HOST: my-db-host:5432
NAME: gitea
USER: gitea
PASSWD: secret
```
### Ingress 配置
```yaml
ingress:
enabled: true
hosts:
- host: git.example.com
paths:
- path: /
tls:
- secretName: gitea-tls
hosts:
- git.example.com
```
## 查看所有配置参数
```bash
make values
# 或
helm show values gitea/gitea > gitea-values.yaml
```
## v12.x 重要变更
- **Redis → Valkey**: Chart v12.x 从 Redis 迁移到 Valkey/Valkey-cluster 作为缓存组件
- **默认使用 rootless 镜像**: 更安全,但 SSH 监听端口改为 2222
- **默认使用 PostgreSQL HA**: 高可用数据库配置
## 文档链接
- [Gitea 文档](https://docs.gitea.com/)
- [Gitea 中文文档](https://docs.gitea.cn/)
- [Gitea Helm Chart 源码](https://gitea.com/gitea/helm-gitea)
- [Kubernetes 安装指南](https://docs.gitea.cn/installation/install-on-kubernetes)
- [Gitea 配置速查表](https://docs.gitea.com/administration/config-cheat-sheet)
## 升级注意事项
从旧版本升级时请参考:
- [Helm Chart 升级指南](https://gitea.com/gitea/helm-gitea#upgrading)

3
src/gitea/values.yaml
View File

@@ -7,8 +7,7 @@
replicaCount: 1
image:
repository: gitea/gitea
tag: latest
repository: gitea
pullPolicy: IfNotPresent
service:

16
src/jenkins/Makefile Normal file
View File

@@ -0,0 +1,16 @@
HELM_RELEASE_NAME ?= jenkins
HELM_APPLICATION_NAME ?= jenkins
HELM_NAMESPACE ?= jenkins
HELM_DIR ?= ./helm
HELM_CHART_VERSION ?=
HELM_VALUES_FILE ?= ./values.yaml
HELM_OCI_REGISTRY ?=
HELM_OCI_NAMESPACE ?=
HELM_OCI_USERNAME ?=
HELM_OCI_PASSWORD ?=
HELM_REPO_NAME ?= jenkins
HELM_REPO_URL ?= https://charts.jenkins.io
HELM_CHART_REPO ?= $(HELM_REPO_NAME)/$(HELM_APPLICATION_NAME)
HELM_LANE ?=
include ../_template/base.mk

54
src/jenkins/README.md Normal file
View File

@@ -0,0 +1,54 @@
# Jenkins
## Introduction
Jenkins is an open-source automation server that enables developers to build, test, and deploy their software reliably. It supports thousands of plugins for various CI/CD pipelines.
## Installation
To install Jenkins, run:
```bash
make install
```
## Usage
After installation, access Jenkins:
```bash
# Port forward to access Jenkins
kubectl port-forward svc/jenkins -n jenkins 8080:8080
# Get admin password
kubectl get secret jenkins -n jenkins -o jsonpath="{.data.jenkins-admin-password}" | base64 -d
```
Then open <http://localhost:8080> and complete the setup wizard.
## Configuration
The default configuration includes:
- Pre-installed plugins for Kubernetes, Git, Pipeline, and Blue Ocean
- 1 controller replica with 2Gi memory limit
- 1Gi persistent volume for build data
- Configuration as Code (CasC) enabled
## Installed Plugins
- kubernetes - Kubernetes plugin for dynamic agents
- workflow-aggregator - Pipeline plugin suite
- git - Git integration
- configuration-as-code - CasC support
- blue-ocean - Modern UI
- docker-workflow - Docker pipeline support
- pipeline-stage-view - Pipeline visualization
## Customization
To customize Jenkins:
1. Edit `values.yaml` to add more plugins
2. Configure CasC scripts for pre-configured jobs
3. Adjust resource limits based on your workload

54
src/jenkins/README.zh.md Normal file
View File

@@ -0,0 +1,54 @@
# Jenkins
## 简介
Jenkins 是一个开源自动化服务器,使开发人员能够可靠地构建、测试和部署软件。它支持数千个插件,用于各种 CI/CD 流水线。
## 安装
安装 Jenkins
```bash
make install
```
## 使用
安装完成后,访问 Jenkins
```bash
# 端口转发以访问 Jenkins
kubectl port-forward svc/jenkins -n jenkins 8080:8080
# 获取管理员密码
kubectl get secret jenkins -n jenkins -o jsonpath="{.data.jenkins-admin-password}" | base64 -d
```
然后打开 <http://localhost:8080> 完成设置向导。
## 配置
默认配置包括:
- 预装 Kubernetes、Git、Pipeline 和 Blue Ocean 插件
- 1 个控制器副本,内存限制 2Gi
- 1Gi 持久卷用于构建数据
- 启用配置即代码 (CasC)
## 已安装插件
- kubernetes - Kubernetes 动态代理插件
- workflow-aggregator - Pipeline 插件套件
- git - Git 集成
- configuration-as-code - CasC 支持
- blue-ocean - 现代化 UI
- docker-workflow - Docker 流水线支持
- pipeline-stage-view - 流水线可视化
## 自定义
自定义 Jenkins
1. 编辑 `values.yaml` 添加更多插件
2. 配置 CasC 脚本用于预配置任务
3. 根据工作负载调整资源限制

85
src/jenkins/values.yaml Normal file
View File

@@ -0,0 +1,85 @@
# Jenkins Configuration
# https://github.com/jenkinsci/helm-charts/blob/main/charts/jenkins/values.yaml
controller:
image:
repository: jenkins/jenkins
tag: lts
pullPolicy: IfNotPresent
# Resource configuration
resources:
requests:
cpu: 1000m
memory: 2Gi
limits:
cpu: 2000m
memory: 4Gi
# Java options
javaOpts: '-XX:MaxRAMPercentage=75.0'
# Service configuration
serviceType: ClusterIP
servicePort: 8080
targetPort: 8080
# Ingress configuration
ingress:
enabled: false
# Number of Jenkins controllers
replicaCount: 1
# Install plugins
installPlugins:
- kubernetes:3937.vd7b_82db_e347b_
- workflow-aggregator:596.v8c21c963d92d
- git:5.2.1
- configuration-as-code:1775.v810dc950b_514
- blue-ocean:1.27.13
- docker-workflow:572.v950f58993843
- pipeline-stage-view:2.34
- credentials-binding:642.v737c34dea_6c2
- credentials:1319.v7eb_51b_3a_c97b_
# Initialize configuration as code
JCasC:
enabled: true
defaultConfig: true
configScripts: {}
# Sidecars
sidecars:
configAutoReload:
enabled: true
image: kiwigrid/k8s-sidecar:1.26.1
# Agent configuration
agent:
enabled: true
image:
repository: jenkins/inbound-agent
tag: latest
# Resource configuration for agents
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: 1000m
memory: 2Gi
# Working directory
workingDir: /home/jenkins/agent
# Pod template configuration
podName: default
customJenkinsLabels: []
# Persistence
persistence:
enabled: true
size: 10Gi
accessMode: ReadWriteOnce

16
src/nexus/Makefile Normal file
View File

@@ -0,0 +1,16 @@
HELM_RELEASE_NAME ?= nexus
HELM_APPLICATION_NAME ?= nexus-repository-manager
HELM_NAMESPACE ?= nexus
HELM_DIR ?= ./helm
HELM_CHART_VERSION ?=
HELM_VALUES_FILE ?= ./values.yaml
HELM_OCI_REGISTRY ?=
HELM_OCI_NAMESPACE ?=
HELM_OCI_USERNAME ?=
HELM_OCI_PASSWORD ?=
HELM_REPO_NAME ?= sonatype
HELM_REPO_URL ?= https://sonatype.github.io/helm3-charts/
HELM_CHART_REPO ?= $(HELM_REPO_NAME)/$(HELM_APPLICATION_NAME)
HELM_LANE ?=
include ../_template/base.mk

70
src/nexus/README.md Normal file
View File

@@ -0,0 +1,70 @@
# Nexus Repository Manager
## Introduction
Nexus Repository Manager is a powerful artifact repository manager that supports various formats including Maven, npm, NuGet, Docker, and more. It acts as a central hub for storing and managing software artifacts.
## Installation
To install Nexus, run:
```bash
make install
```
## Usage
After installation, access Nexus:
```bash
# Port forward to access Nexus
kubectl port-forward svc/nexus-repository-manager -n nexus 8081:8081
```
Then open <http://localhost:8081> in your browser.
Default credentials:
- Username: `admin`
- Password: Retrieve from pod
```bash
# Get admin password
kubectl exec -it deployment/nexus-repository-manager -n nexus -- cat /nexus-data/admin.password
```
## Configuration
The default configuration includes:
- 100Gi persistent storage for artifacts
- 4Gi memory limit
- Single replica deployment
- JVM heap size: 2g
## Repository Types
Nexus supports various repository formats:
- **Maven** (Java artifacts)
- **npm** (Node.js packages)
- **NuGet** (.NET packages)
- **Docker** (Container images)
- **PyPI** (Python packages)
- **Raw** (Generic files)
- **Yum/APT** (Linux packages)
## Docker Registry
To enable Docker registry support:
1. Edit `values.yaml` and set `nexus.docker.enabled: true`
2. Configure registries with ports
3. Expose via NodePort or Ingress
## Backup
Consider enabling scheduled backups:
1. Configure `backup.enabled: true`
2. Set up backup schedule and storage

70
src/nexus/README.zh.md Normal file
View File

@@ -0,0 +1,70 @@
# Nexus Repository Manager
## 简介
Nexus Repository Manager 是一个强大的制品仓库管理器,支持多种格式,包括 Maven、npm、NuGet、Docker 等。它充当存储和管理软件制品的中心枢纽。
## 安装
安装 Nexus
```bash
make install
```
## 使用
安装完成后,访问 Nexus
```bash
# 端口转发以访问 Nexus
kubectl port-forward svc/nexus-repository-manager -n nexus 8081:8081
```
然后在浏览器中打开 <http://localhost:8081>。
默认凭据:
- 用户名:`admin`
- 密码:从 Pod 获取
```bash
# 获取管理员密码
kubectl exec -it deployment/nexus-repository-manager -n nexus -- cat /nexus-data/admin.password
```
## 配置
默认配置包括:
- 100Gi 持久化存储用于制品
- 4Gi 内存限制
- 单副本部署
- JVM 堆大小2g
## 仓库类型
Nexus 支持多种仓库格式:
- **Maven** (Java 制品)
- **npm** (Node.js 包)
- **NuGet** (.NET 包)
- **Docker** (容器镜像)
- **PyPI** (Python 包)
- **Raw** (通用文件)
- **Yum/APT** (Linux 包)
## Docker 仓库
启用 Docker 仓库支持:
1. 编辑 `values.yaml` 设置 `nexus.docker.enabled: true`
2. 配置带端口的仓库
3. 通过 NodePort 或 Ingress 暴露
## 备份
建议启用定时备份:
1. 配置 `backup.enabled: true`
2. 设置备份计划和存储

84
src/nexus/values.yaml Normal file
View File

@@ -0,0 +1,84 @@
# Nexus Repository Manager Configuration
# https://github.com/sonatype/helm3-charts/blob/main/charts/nexus-repository-manager/values.yaml
image:
repository: sonatype/nexus3
tag: 3.68.1
pullPolicy: IfNotPresent
# Resource configuration
resources:
requests:
cpu: 500m
memory: 2Gi
limits:
cpu: 2000m
memory: 4Gi
# JVM options
env:
- name: INSTALL4J_ADD_VM_PARAMS
value: '-Xms2g -Xmx2g -XX:MaxDirectMemorySize=2g -XX:+UseG1GC'
# Service configuration
service:
type: ClusterIP
port: 8081
# Ingress configuration
ingress:
enabled: false
# Persistence
persistence:
enabled: true
storageSize: 100Gi
accessMode: ReadWriteOnce
# Nexus configuration
nexus:
# Security context
securityContext:
runAsUser: 200
# Additional volumes
extraVolumes: []
# Additional volume mounts
extraVolumeMounts: []
# Service configuration
service:
type: ClusterIP
port: 8081
# Docker registries configuration
docker:
enabled: false
registries: []
# ConfigMap for initial configuration
config:
enabled: false
mountPath: /sonatype-nexus-conf
# License configuration (for Nexus Pro)
license:
enabled: false
secretFilePath:
# Backup configuration
backup:
enabled: false
# Route configuration (OpenShift)
route:
enabled: false
# ServiceAccount configuration
serviceAccount:
create: true
# RBAC configuration
rbac:
create: true

16
src/vault/Makefile Normal file
View File

@@ -0,0 +1,16 @@
HELM_RELEASE_NAME ?= vault
HELM_APPLICATION_NAME ?= vault
HELM_NAMESPACE ?= vault
HELM_DIR ?= ./helm
HELM_CHART_VERSION ?=
HELM_VALUES_FILE ?= ./values.yaml
HELM_OCI_REGISTRY ?=
HELM_OCI_NAMESPACE ?=
HELM_OCI_USERNAME ?=
HELM_OCI_PASSWORD ?=
HELM_REPO_NAME ?= hashicorp
HELM_REPO_URL ?= https://helm.releases.hashicorp.com
HELM_CHART_REPO ?= $(HELM_REPO_NAME)/$(HELM_APPLICATION_NAME)
HELM_LANE ?=
include ../_template/base.mk

60
src/vault/README.md Normal file
View File

@@ -0,0 +1,60 @@
# Vault
## Introduction
HashiCorp Vault is an identity-based secrets and encryption management system. It provides secure secret storage, dynamic secrets, data encryption, and identity-based access.
## Installation
To install Vault, run:
```bash
make install
```
## Usage
After installation, initialize and unseal Vault:
```bash
# Port forward to access Vault
kubectl port-forward svc/vault -n vault 8200:8200
# Initialize Vault (save the unseal keys!)
vault operator init
# Unseal Vault (run 3 times with different keys)
vault operator unseal
# Login with root token
vault login
```
Access the UI at <http://localhost:8200>.
## Configuration
The default configuration runs Vault in standalone mode with:
- File storage backend
- 10Gi data storage
- 10Gi audit storage
- Kubernetes auth method enabled
For production, consider using:
- Integrated Raft storage with HA mode
- Auto-unseal with cloud KMS
- External PostgreSQL/MySQL backend
## Security Notes
⚠️ **Important**: The default configuration is suitable for development only.
For production deployments:
1. Enable TLS for all communications
2. Use auto-unseal with cloud KMS
3. Configure proper RBAC policies
4. Enable audit logging
5. Use HA mode with multiple replicas

60
src/vault/README.zh.md Normal file
View File

@@ -0,0 +1,60 @@
# Vault
## 简介
HashiCorp Vault 是一个基于身份的秘密和加密管理系统。它提供安全的秘密存储、动态秘密、数据加密和基于身份的访问控制。
## 安装
安装 Vault
```bash
make install
```
## 使用
安装完成后,初始化并解封 Vault
```bash
# 端口转发以访问 Vault
kubectl port-forward svc/vault -n vault 8200:8200
# 初始化 Vault保存解封密钥
vault operator init
# 解封 Vault使用不同的密钥运行 3 次)
vault operator unseal
# 使用根令牌登录
vault login
```
在 <http://localhost:8200> 访问 UI。
## 配置
默认配置以单机模式运行 Vault包括
- 文件存储后端
- 10Gi 数据存储
- 10Gi 审计存储
- 启用 Kubernetes 认证方法
生产环境建议使用:
- 集成 Raft 存储的 HA 模式
- 使用云 KMS 自动解封
- 外部 PostgreSQL/MySQL 后端
## 安全注意事项
⚠️ **重要**:默认配置仅适用于开发环境。
生产环境部署需要:
1. 为所有通信启用 TLS
2. 使用云 KMS 自动解封
3. 配置适当的 RBAC 策略
4. 启用审计日志
5. 使用多副本 HA 模式

56
src/vault/values.yaml Normal file
View File

@@ -0,0 +1,56 @@
# HashiCorp Vault Configuration
# https://github.com/hashicorp/vault-helm/blob/main/values.yaml
server:
enabled: true
# Run Vault in standalone mode with file storage
# For production, consider using Raft or Consul backend
ha:
enabled: false
# Resource configuration
resources:
requests:
memory: 256Mi
cpu: 250m
limits:
memory: 512Mi
cpu: 500m
# Data storage configuration
dataStorage:
enabled: true
size: 10Gi
mountPath: /vault/data
auditStorage:
enabled: true
size: 10Gi
mountPath: /vault/audit
# Service configuration
service:
enabled: true
type: ClusterIP
port: 8200
targetPort: 8200
# Ingress configuration
ingress:
enabled: false
# Enable dev mode for testing only
dev:
enabled: false
devRootToken: root
# UI configuration
ui:
enabled: true
serviceType: ClusterIP
# Injector configuration
injector:
enabled: true
replicas: 1