Accessing Nexus repository manager password in a kubernetes pod

8/24/2021

I have installed Sonatype nexus repository manager in my Kubernetes Cluster using the helm chart.

I am using the Kyma installation.

Nexus repository manager got installed properly and I can access the application.

But it seems the login password file is in a pv volume claim /nexus-data attached in the pod.

Now whenever I am trying to access the pod with kubectl exec command:

kubectl exec -i -t $POD_NAME -n dev -- /bin/sh

I am getting the following error:

OCI runtime exec failed: exec failed: container_linux.go:367: starting container process caused: exec: "/bin/sh": stat /bin/sh: no such file or directory: unknown

I understand that this issue is because of the image does not offer shell functionality. Is there any other way i can access the password file present in the pvc?

-- saurav
kubectl
kubernetes
nexus3

1 Answer

8/25/2021

You can try kubectl cp command but probably it won't work as the there is no shell inside the container.

You can't really access the pv used by pvc directly in Kubernetes, but there is a simple work-around - just create another pod (with shell) with this pvc mounted and access it. To avoid errors like Volume is already used by pod(s) / node(s) I suggest to schedule this pod on the same node as nexus pod.

  1. Check on which node is located your nexus pod: NODE=$(kubectl get pod <your-nexus-pod-name> -o jsonpath='{.spec.nodeName}')
  2. Set nexus label for node: kubectl label node $NODE nexus=here (avoid using "yes" or "true" instead of "here"; Kubernetes will read it as boolean, not as the string)
  3. Get your nexus pvc name mounted on the pod by running kubectl describe pod <your-nexus-pod-name>
  4. Create simple pod definition refereeing to nexus pvc from previous step:
apiVersion: v1
kind: Pod
metadata:
  name: access-nexus-data
spec:
  containers:
    - name: access-nexus-data-container
      image: busybox:latest
      command: ["sleep", "999999"]
      volumeMounts:
        - name: nexus-data
          mountPath: /nexus-data
          readOnly: true
  volumes:
    - name: nexus-data
      persistentVolumeClaim:
        claimName: <your-pvc-name>
  nodeSelector:
    nexus: here
  1. Access to the pod using kubectl exec access-nexus-data -it -- sh and read data. You can also use earlier mentioned kubectl cp command.

If you are using some cloud provided Kubernetes solution, you can try to mount pv volume used by pvc to VM hosted on the cloud.

Source: similar Stackoverflow topic

-- Mikolaj S.
Source: StackOverflow