This is a solution of a common problem with Nexus Docker repositories. The administrator has to expose port for "pull", another port for "push", other ports for each hosted repository. This solution is about leveraging Nginx reverse proxy to avoid using these ports.
Given :
| # $1: vault namespace | |
| # $2: Vault Token Reviewer Service Account | |
| vault_namespace=${1:-"vault"} | |
| token_reviewer_sa=${2:-"vault"} | |
| if [ -z "${VAULT_TOKEN}" ] || [ -z "${VAULT_ADDR}" ]; then | |
| echo "ERROR: VAULT_TOKEN and VAULT_ADDR env vars are required" | |
| exit 404 | |
| fi | |
| cat <<EOF | kubectl apply -f - |
| oc -n stackrox delete securedcluster --all | |
| oc -n stackrox delete pvc --all | |
| oc delete ns stackrox | |
| oc get clusterrole,clusterrolebinding,role,rolebinding -o name | grep stackrox | xargs oc delete --wait | |
| oc delete ValidatingWebhookConfiguration stackrox | |
| oc delete scc -l "app.kubernetes.io/name=stackrox" | |
| oc project rhacs-operator | |
| oc delete sub rhacs-operator |
chmod +x ab;
./ab -n 10000 -c 900 -s 300 ${url}
-n : total number of requests -c : concurrent requests ( 900 simultaneously ) -s : timeout in second
| kind: Ingress | |
| metadata: | |
| name: kubeapi | |
| namespace: default | |
| annotations: | |
| nginx.ingress.kubernetes.io/secure-backends: "true" | |
| nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" | |
| spec: | |
| rules: | |
| - host: "api.devops.example.com" |
| <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAysAAAFUCAYAAAAkvKNhAAAAAXNSR0IArs4c6QAAQABJREFUeAHsnQeAFMXSgIuckyJJRESfAUQUlIwkQREUJUlQAUHMOef0zPmZE4qBjAqKJFEQJCmKYlYEURAVERAkM3997d/L3HJ3XNi9292r1mVnZ3o6fDM309UVulCgSSwZASNgBIyAETACRsAIGAEjYAQSjEDhBGuPNccIGAEjYASMgBEwAkbACBgBI+AImLBiN4IRMAJGwAgYASNgBIyAETACCUnAhJWEvCzWKCNgBIyAETACRsAIGAEjYARMWLF7wAgYASNgBIyAETACRsAIGIGEJGDCSkJeFmuUETACRsAIGAEjYASMgBEwAias2D1gBIyAETACRsAIGAEjYASMQEISMGElIS9LajXq119/le+++0527NiRWh3T3vz222/y9ddfy/bt2+Patz/++EO++uor2bZtW0zq2bRpk8yePVumTJki33zzjezcuTMm5VohRsAIGAEjYASMgBGIJYGisSwskcv6+eef3WDvhx9+kH79+knFihVj0lzK/fDDD+Wzzz6T33//Xfbaay857LDD5Oijj5b69etLoUKFYlJPMhfy4IMPyoQJExynffbZR7Zu3SpTp06VGjVqSMOGDZO5a/LUU0/Jc889JwsXLpRq1arFrS/Dhg2Tu+66S7744gvHLTcVrV69Wvr06ePu2UqVKsl+++0nr7/+upQvXz43xdq5RsAIGAEjYASMgBGIOYGUF1YYGA8YMEDmzJkjzPAzODv11FNzLawwE/3aa6/J1Vdf7QbfCCYVKlSQzz//XJ555hmpXbu2zJs3T0qXLh3zi5ZegcyUFy9eXIoUKZLe4Xzd988//8i6devErz/6999/S+/evaV79+7CIDyZE9zXrl0bd83E5s2bY1bP2LFj5d1335WZM2fKkUceKWvWrMmz+zSZr7W13QgYASNgBIyAEch7Aikv |
| src=$1 | |
| dest=$2 | |
| cd ${src} | |
| for i in * | |
| do | |
| ( | |
| if [ -d "$i" ];then | |
| tar czvf "${dest}/$i.tar.gz" -C "$i" . | |
| else | |
| echo skiping $i as it is not folder |
| - name: k3s readiness | |
| hosts: localhost | |
| become: yes | |
| tasks: | |
| - name: firewalld is installed | |
| yum: | |
| name: firewalld | |
| state: latest | |
| - name: service is started | |
| service: |
| #!/bin/bash | |
| sudo apt-get update -y | |
| sudo apt-get install ubuntu-desktop -y | |
| sudo apt-get install tightvncserver -y | |
| sudo apt-get install gnome-panel gnome-settings-daemon -y | |
| sudo apt-get install metacity nautilus gnome-terminal gnome-shell -y | |
| # sudo apt-get install ubuntu-gnome-desktop -y | |
| cat > ~/.vnc/xstartup <<EOF | |
| #!/bin/sh | |
| export XKL_XMODMAP_DISABLE=1 |