From 8396c0de20202077a14129104ef848ab7c3c12e1 Mon Sep 17 00:00:00 2001
From: Olu Shiyanbade <oshiyanbade@sonatype.com>
Date: Fri, 27 Jan 2023 11:33:08 +0000
Subject: [PATCH 1/3] Don't use mnt for nexus-data

---
 .../templates/workdir-configmap.yaml          | 11 ++++
 .../templates/workdir-daemonset.yaml          | 51 +++++++++++++++++++
 nxrm-aws-resiliency/values.yaml               | 22 ++++----
 3 files changed, 75 insertions(+), 9 deletions(-)
 create mode 100644 nxrm-aws-resiliency/templates/workdir-configmap.yaml
 create mode 100644 nxrm-aws-resiliency/templates/workdir-daemonset.yaml

diff --git a/nxrm-aws-resiliency/templates/workdir-configmap.yaml b/nxrm-aws-resiliency/templates/workdir-configmap.yaml
new file mode 100644
index 0000000..2e78b78
--- /dev/null
+++ b/nxrm-aws-resiliency/templates/workdir-configmap.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Chart.Name }}-{{ .Chart.Version }}-{{ .Release.Name }}-create-nexus-workdir-config
+  namespace: {{ .Values.namespaces.nexusNs }}
+data:
+   create-nexus-work-dir.sh: |
+    #!/bin/bash
+    # Make Nexus Repository Manager work directory
+    mkdir -p /nexus-repo-mgr-work-dir/work
+
diff --git a/nxrm-aws-resiliency/templates/workdir-daemonset.yaml b/nxrm-aws-resiliency/templates/workdir-daemonset.yaml
new file mode 100644
index 0000000..e20de01
--- /dev/null
+++ b/nxrm-aws-resiliency/templates/workdir-daemonset.yaml
@@ -0,0 +1,51 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name:  {{ .Chart.Name }}-{{ .Chart.Version }}-{{ .Release.Name }}-create-nexus-work-dir
+  namespace: {{ .Values.namespaces.nexusNs }}
+spec:
+  selector:
+    matchLabels:
+      job: dircreator
+  template:
+    metadata:
+      labels:
+        job: dircreator
+    spec:
+      hostPID: true
+      restartPolicy: Always
+      initContainers:
+        # Copy file for creating nexus work directory over and execute it on host 
+        - name: create-nexus-work-dir
+          image: ubuntu:latest
+          command: [/bin/sh]
+          args:
+            - -c
+            - >-
+              cp /tmp/create-nexus-work-dir.sh /host-dir && 
+              /usr/bin/nsenter -m/proc/1/ns/mnt -- chmod u+x /tmp/install/create-nexus-work-dir.sh && 
+              /usr/bin/nsenter -m/proc/1/ns/mnt /tmp/install/create-nexus-work-dir.sh
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - name: create-nexus-work-dir-script
+              mountPath: /tmp
+            - name: host-mnt
+              mountPath: /host-dir            
+      containers:
+      - name: directory-creator
+        image: busybox:1.33.1
+        command: ["/bin/sh"]
+        args:
+            - -c
+            - >-
+              tail -f /dev/null
+        securityContext:
+          privileged: true 
+      volumes:
+      - name: create-nexus-work-dir-script
+        configMap:
+          name: {{ .Chart.Name }}-{{ .Chart.Version }}-{{ .Release.Name }}-create-nexus-workdir-config
+      - name: host-mnt
+        hostPath:
+          path: /tmp/install
diff --git a/nxrm-aws-resiliency/values.yaml b/nxrm-aws-resiliency/values.yaml
index 3849961..c82349f 100644
--- a/nxrm-aws-resiliency/values.yaml
+++ b/nxrm-aws-resiliency/values.yaml
@@ -12,6 +12,7 @@ deployment:
   clusterName: nxrm-nexus
   logsRegion: us-east-1
   fluentBitVersion: 2.28.0
+  replicaCount: 1
   initContainer:
     image:
       repository: busybox
@@ -19,7 +20,7 @@ deployment:
   container:
     image:
       repository: sonatype/nexus3
-      tag: 3.41.1
+      tag: 3.45.1
     containerPort: 8081
     pullPolicy: IfNotPresent
     env:
@@ -48,27 +49,30 @@ ingress:
   #host: "example.com" #host to apply this ingress rule to. Uncomment this in your values.yaml and set it as you wish
   annotations:
     kubernetes.io/ingress.class: alb
+    alb.ingress.kubernetes.io/healthcheck-path: /service/rest/v1/status
     alb.ingress.kubernetes.io/scheme: internal # scheme
     alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2 #comma separated list of subnet ids
-    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
-    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444  # The AWS Certificate Manager ARN for your HTTPS certificate    
+    #alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' uncomment for https
+    #alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444  # Uncomment for https. The AWS Certificate Manager ARN for your HTTPS certificate    
   dockerIngress:  #Ingress for Docker Connector - comment out if you don't use docker repositories
     annotations:
       kubernetes.io/ingress.class: alb # comment out if you don't use docker repositories
       alb.ingress.kubernetes.io/scheme: internal # scheme comment out if you don't use docker repositories
       alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2 #comma separated list of subnet ids, comment out if you don't use docker repositories
-      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' #comment out if you don't use docker repositories
-      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444  # Comment out if you don't use docker repositories - The AWS Certificate Manager ARN for your HTTPS certificate
-      external-dns.alpha.kubernetes.io/hostname: dockerrepo1.example.com, dockerrepo2.example.com, dockerrepo3.example.com # Add more docker subdomains using dockerrepoName.example.com othereise comment out if you don't use docker repositories
+#      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' #uncomment if you use docker repositories
+#      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444  #  Uncomment if you use docker repositories - The AWS Certificate Manager ARN for your HTTPS certificate
+#      external-dns.alpha.kubernetes.io/hostname: dockerrepo1.example.com, dockerrepo2.example.com, dockerrepo3.example.com # Add more docker subdomains using dockerrepoName.example.com othereise comment out if you don't use docker repositories
+storageClass:
+  iopsPerGB: "10" #Note: aws plugin multiplies this by the size of the requested volumne to compute IOPS of the volumne and caps it a 20, 000 IOPS
 pv:
   storage: 120Gi
   volumeMode: Filesystem
   accessModes: ReadWriteOnce
   reclaimPolicy: Retain
-  path: /mnt
+  path: /nexus-repo-mgr-work-dir/work
   zones:
-    zone1: us-east-1a
-    zone2: us-east-1b
+    - us-east-1a
+    - us-east-1b
 pvc:
   accessModes: ReadWriteOnce
   storage: 100Gi

From 35fb1119fb025a37ef8acd8ed029b7d3fa06d55e Mon Sep 17 00:00:00 2001
From: Olu Shiyanbade <olushiyanbade@Olus-MacBook-Pro.local>
Date: Fri, 27 Jan 2023 12:26:36 +0000
Subject: [PATCH 2/3] trunc to 63 characters

---
 nxrm-aws-resiliency/templates/workdir-configmap.yaml | 2 +-
 nxrm-aws-resiliency/templates/workdir-daemonset.yaml | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/nxrm-aws-resiliency/templates/workdir-configmap.yaml b/nxrm-aws-resiliency/templates/workdir-configmap.yaml
index 2e78b78..72d54be 100644
--- a/nxrm-aws-resiliency/templates/workdir-configmap.yaml
+++ b/nxrm-aws-resiliency/templates/workdir-configmap.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ .Chart.Name }}-{{ .Chart.Version }}-{{ .Release.Name }}-create-nexus-workdir-config
+  name: {{ .Chart.Name }}-{{ .Chart.Version }}-{{ .Release.Name }}-create-nexus-workdir-config | trunc 63 | trimSuffix "-"
   namespace: {{ .Values.namespaces.nexusNs }}
 data:
    create-nexus-work-dir.sh: |
diff --git a/nxrm-aws-resiliency/templates/workdir-daemonset.yaml b/nxrm-aws-resiliency/templates/workdir-daemonset.yaml
index e20de01..5260789 100644
--- a/nxrm-aws-resiliency/templates/workdir-daemonset.yaml
+++ b/nxrm-aws-resiliency/templates/workdir-daemonset.yaml
@@ -1,7 +1,7 @@
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
-  name:  {{ .Chart.Name }}-{{ .Chart.Version }}-{{ .Release.Name }}-create-nexus-work-dir
+  name:  {{ .Chart.Name }}-{{ .Chart.Version }}-{{ .Release.Name }}-create-nexus-work-dir | trunc 63 | trimSuffix "-"
   namespace: {{ .Values.namespaces.nexusNs }}
 spec:
   selector:
@@ -17,7 +17,7 @@ spec:
       initContainers:
         # Copy file for creating nexus work directory over and execute it on host 
         - name: create-nexus-work-dir
-          image: ubuntu:latest
+          image: ubuntu:23.04
           command: [/bin/sh]
           args:
             - -c
@@ -45,7 +45,7 @@ spec:
       volumes:
       - name: create-nexus-work-dir-script
         configMap:
-          name: {{ .Chart.Name }}-{{ .Chart.Version }}-{{ .Release.Name }}-create-nexus-workdir-config
+          name: {{ .Chart.Name }}-{{ .Chart.Version }}-{{ .Release.Name }}-create-nexus-workdir-config | trunc 63 | trimSuffix "-"
       - name: host-mnt
         hostPath:
           path: /tmp/install

From 00dfee338c1006071fb5feca1d2b6d6cec086d1b Mon Sep 17 00:00:00 2001
From: Olu Shiyanbade <olushiyanbade@Olus-MacBook-Pro.local>
Date: Tue, 31 Jan 2023 11:04:24 +0000
Subject: [PATCH 3/3] externalise config map name

---
 nxrm-aws-resiliency/templates/workdir-configmap.yaml | 2 +-
 nxrm-aws-resiliency/templates/workdir-daemonset.yaml | 4 ++--
 nxrm-aws-resiliency/values.yaml                      | 5 +++++
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/nxrm-aws-resiliency/templates/workdir-configmap.yaml b/nxrm-aws-resiliency/templates/workdir-configmap.yaml
index 72d54be..1048e82 100644
--- a/nxrm-aws-resiliency/templates/workdir-configmap.yaml
+++ b/nxrm-aws-resiliency/templates/workdir-configmap.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ .Chart.Name }}-{{ .Chart.Version }}-{{ .Release.Name }}-create-nexus-workdir-config | trunc 63 | trimSuffix "-"
+  name: {{ .Values.workdir.configmap.name }}
   namespace: {{ .Values.namespaces.nexusNs }}
 data:
    create-nexus-work-dir.sh: |
diff --git a/nxrm-aws-resiliency/templates/workdir-daemonset.yaml b/nxrm-aws-resiliency/templates/workdir-daemonset.yaml
index 5260789..b03a4a8 100644
--- a/nxrm-aws-resiliency/templates/workdir-daemonset.yaml
+++ b/nxrm-aws-resiliency/templates/workdir-daemonset.yaml
@@ -1,7 +1,7 @@
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
-  name:  {{ .Chart.Name }}-{{ .Chart.Version }}-{{ .Release.Name }}-create-nexus-work-dir | trunc 63 | trimSuffix "-"
+  name:  {{ .Values.workdir.daemonset.name }}
   namespace: {{ .Values.namespaces.nexusNs }}
 spec:
   selector:
@@ -45,7 +45,7 @@ spec:
       volumes:
       - name: create-nexus-work-dir-script
         configMap:
-          name: {{ .Chart.Name }}-{{ .Chart.Version }}-{{ .Release.Name }}-create-nexus-workdir-config | trunc 63 | trimSuffix "-"
+          name: {{ .Values.workdir.configmap.name }}
       - name: host-mnt
         hostPath:
           path: /tmp/install
diff --git a/nxrm-aws-resiliency/values.yaml b/nxrm-aws-resiliency/values.yaml
index c82349f..89a553e 100644
--- a/nxrm-aws-resiliency/values.yaml
+++ b/nxrm-aws-resiliency/values.yaml
@@ -62,6 +62,11 @@ ingress:
 #      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' #uncomment if you use docker repositories
 #      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444  #  Uncomment if you use docker repositories - The AWS Certificate Manager ARN for your HTTPS certificate
 #      external-dns.alpha.kubernetes.io/hostname: dockerrepo1.example.com, dockerrepo2.example.com, dockerrepo3.example.com # Add more docker subdomains using dockerrepoName.example.com othereise comment out if you don't use docker repositories
+workdir:
+  configmap:
+    name: create-nexus-workdir-config
+  daemonset:
+    name: create-nexus-work-dir
 storageClass:
   iopsPerGB: "10" #Note: aws plugin multiplies this by the size of the requested volumne to compute IOPS of the volumne and caps it a 20, 000 IOPS
 pv: