revert

.gitignore

@@ -4,4 +4,3 @@
 **/test-output.xml
 
 .DS_Store
-*/.DS_Store

nxrm-aws-resiliency/templates/external-dns-rbac.yml

@@ -1,66 +0,0 @@
-# comment out sa if it was previously created
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: external-dns
-  namespace: {{ .Values.namespaces.externaldnsNs }}
-  labels:
-    app.kubernetes.io/name: external-dns
-rules:
-  - apiGroups: [""]
-    resources: ["services","endpoints","pods","nodes"]
-    verbs: ["get","watch","list"]
-  - apiGroups: ["extensions","networking.k8s.io"]
-    resources: ["ingresses"]
-    verbs: ["get","watch","list"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: external-dns-viewer
-  namespace: {{ .Values.namespaces.externaldnsNs }}  
-  labels:
-    app.kubernetes.io/name: external-dns
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: external-dns
-subjects:
-  - kind: ServiceAccount
-    name: {{ .Values.serviceAccount.externaldns.name }}
-    namespace: {{ .Values.namespaces.externaldnsNs }}
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: external-dns
-  namespace: {{ .Values.namespaces.externaldnsNs }}  
-  labels:
-    app.kubernetes.io/name: external-dns
-spec:
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: external-dns
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: external-dns
-    spec:
-      serviceAccountName: external-dns
-      containers:
-        - name: external-dns
-          image: k8s.gcr.io/external-dns/external-dns:v0.11.0
-          args:
-            - --source=service
-            - --source=ingress
-            - --domain-filter={{ .Values.externaldns.domainFilter }} # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
-            - --provider=aws
-            - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
-            - --aws-zone-type=public # only look at public hosted zones (valid values are public, private or no value for both)
-            - --registry=txt
-            - --txt-owner-id=external-dns
-          env:
-            - name: AWS_DEFAULT_REGION
-              value: {{ .Values.deployment.clusterRegion }}

nxrm-aws-resiliency/templates/fluent-bit.yaml

@@ -263,7 +263,7 @@ spec:
     spec:
       containers:
         - name: fluent-bit
-          image: amazon/aws-for-fluent-bit:{{ .Values.deployment.fluentBitVersion }}
+          image: amazon/aws-for-fluent-bit:2.10.0
           imagePullPolicy: Always
           env:
             - name: AWS_REGION

nxrm-aws-resiliency/templates/namespaces.yaml

@@ -8,8 +8,3 @@ kind: Namespace
 metadata:
   name: {{ .Values.namespaces.cloudwatchNs }}
 ---
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: {{ .Values.namespaces.externaldnsNs }}
----

nxrm-aws-resiliency/templates/serviceaccount.yaml

@@ -5,12 +5,3 @@ metadata:
   namespace: {{ .Values.namespaces.nexusNs }}
   annotations:
     eks.amazonaws.com/role-arn: {{ .Values.serviceAccount.role }}
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ .Values.serviceAccount.externaldns.name }}
-  namespace: {{ .Values.namespaces.externaldnsNs }}
-  annotations:
-    eks.amazonaws.com/role-arn: {{ .Values.serviceAccount.externaldns.role }}
----

nxrm-aws-resiliency/values.yaml

@@ -1,49 +1,41 @@
 # Declare variables to be passed into your templates.
 namespaces:
-  nexusNs: nexusrepo
+    nexusNs: nexusrepo
-  cloudwatchNs: amazon-cloudwatch
+    cloudwatchNs: amazon-cloudwatch
-  externaldnsNs: nexus-externaldns
-externaldns:
-  domainFilter: example.com #your root domain e.g example.com
 deployment:
-  clusterRegion: us-east-1
+   name: nxrm.deployment
-  name: nxrm.deployment
+   clusterName: nxrm-nexus
-  clusterName: nxrm-nexus
+   logsRegion: us-east-1
-  logsRegion: us-east-1
+   initContainer:
-  fluentBitVersion: 2.28.0
+        image:
-  initContainer:
+          repository: busybox
-    image:
+          tag: 1.33.1
-      repository: busybox
+   container:
-      tag: 1.33.1
+        image:
-  container:
+          repository: sonatype/nexus3
-    image:
+          tag: 3.41.1
-      repository: sonatype/nexus3
+        containerPort: 8081
-      tag: 3.41.1
+        pullPolicy: IfNotPresent
-    containerPort: 8081
+        env:
-    pullPolicy: IfNotPresent
+          nexusDBName: nexus
-    env:
+          nexusDBPort: 3306
-      nexusDBName: nexus
+   requestLogContainer:
-      nexusDBPort: 3306
+        image:
-  requestLogContainer:
+          repository: busybox
-    image:
+          tag: 1.33.1
-      repository: busybox
+   auditLogContainer:
-      tag: 1.33.1
+        image:
-  auditLogContainer:
+          repository: busybox
-    image:
+          tag: 1.33.1
-      repository: busybox
+   taskLogContainer:
-      tag: 1.33.1
+        image:
-  taskLogContainer:
+          repository: busybox
-    image:
+          tag: 1.33.1
-      repository: busybox
-      tag: 1.33.1
 serviceAccount:
-  name: nexus-repository-deployment-sa #This SA is created as part of steps under "AWS Secrets Manager"
+     name: nexus-repository-deployment-sa #This SA is created as part of steps under "AWS Secrets Manager"
-  role: arn:aws:iam::000000000000:role/nxrm-nexus-role #Role with secretsmanager permissions
+     role: arn:aws:iam::000000000000:role/nxrm-nexus-role #Role with secretsmanager permissions
-  externaldns:
-    name: external-dns
-    role: arn:aws:iam::000000000000:role/nexusrepo-external-dns-irsa-role #Role with route53 permissions needed by external-dns     
 ingress:
-  #host: "example.com" #host to apply this ingress rule to. Uncomment this in your values.yaml and set it as you wish
+  #host: "nexus.ingress.rule.host" #host to apply this ingress rule to. Uncomment this in your values.yaml and set it as you wish
   annotations:
     kubernetes.io/ingress.class: alb
     alb.ingress.kubernetes.io/scheme: internal # scheme