From 862f1792515a537108a53ffadb029cc6bb8d08d2 Mon Sep 17 00:00:00 2001
From: Olu Shiyanbade <oshiyanbade@sonatype.com>
Date: Fri, 26 Aug 2022 20:47:16 +0100
Subject: [PATCH 1/8] Configure external-dns to create docker sub domain rcords
 and https listener

---
 nexus-repository-manager/.DS_Store            | Bin 6148 -> 0 bytes
 .../templates/external-dns-rbac.yml           |  66 ++++++++++++++++
 nxrm-aws-resiliency/templates/fluent-bit.yaml |   2 +-
 nxrm-aws-resiliency/templates/namespaces.yaml |   5 ++
 .../templates/serviceaccount.yaml             |   9 +++
 nxrm-aws-resiliency/values.yaml               |  74 ++++++++++--------
 6 files changed, 122 insertions(+), 34 deletions(-)
 delete mode 100644 nexus-repository-manager/.DS_Store
 create mode 100644 nxrm-aws-resiliency/templates/external-dns-rbac.yml

diff --git a/nexus-repository-manager/.DS_Store b/nexus-repository-manager/.DS_Store
deleted file mode 100644
index 0823931f60d2d50324a9bd03ba8e9d484c4aadf3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6148
zcmeHKF-`+P475p*f@o4w?icvMDhe;)0|Y{MC`f_+D&ED@n6a&d=mH%L8cX)<`aHY3
zDb8mz^VR$I)@*5J3pmj}7^cSO^od<mhUjs|U>ke0XWMW0lj`#ca<78(Vz2g%|1>=A
zb^}S5c_bo^J*Ll}r>qo^0#ZN<NC7GEy8`Ihw8eFzq7;w<QsAHfzYh&g?1f`ud^!+f
z1OU#F4#PTT31DLa*bB!*WMH0DU{bwC3{N`pt?GK=n3#0)xEbfv&0Z6V$L+|sC^zqk
zic&xdoGLKO?UMcf4*tXZe@fC$3P^!}rGU@Z_v;m2se0?=<=AT*`~l9IPdE+hpdds$
k21Yx^hVA$!in6Y8jpw~^Obj~mK?mw*fV#+}z+Wry1xKwLGynhq

diff --git a/nxrm-aws-resiliency/templates/external-dns-rbac.yml b/nxrm-aws-resiliency/templates/external-dns-rbac.yml
new file mode 100644
index 0000000..948c200
--- /dev/null
+++ b/nxrm-aws-resiliency/templates/external-dns-rbac.yml
@@ -0,0 +1,66 @@
+# comment out sa if it was previously created
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: external-dns
+  namespace: {{ .Values.namespaces.externaldnsNs }}
+  labels:
+    app.kubernetes.io/name: external-dns
+rules:
+  - apiGroups: [""]
+    resources: ["services","endpoints","pods","nodes"]
+    verbs: ["get","watch","list"]
+  - apiGroups: ["extensions","networking.k8s.io"]
+    resources: ["ingresses"]
+    verbs: ["get","watch","list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: external-dns-viewer
+  namespace: {{ .Values.namespaces.externaldnsNs }}  
+  labels:
+    app.kubernetes.io/name: external-dns
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: external-dns
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.externaldns.name }}
+    namespace: {{ .Values.namespaces.externaldnsNs }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: external-dns
+  namespace: {{ .Values.namespaces.externaldnsNs }}  
+  labels:
+    app.kubernetes.io/name: external-dns
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: external-dns
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: external-dns
+    spec:
+      serviceAccountName: external-dns
+      containers:
+        - name: external-dns
+          image: k8s.gcr.io/external-dns/external-dns:v0.11.0
+          args:
+            - --source=service
+            - --source=ingress
+            - --domain-filter={{ .Values.externaldns.domainFilter }} # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
+            - --provider=aws
+            - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
+            - --aws-zone-type=public # only look at public hosted zones (valid values are public, private or no value for both)
+            - --registry=txt
+            - --txt-owner-id=external-dns
+          env:
+            - name: AWS_DEFAULT_REGION
+              value: {{ .Values.deployment.clusterRegion }}
diff --git a/nxrm-aws-resiliency/templates/fluent-bit.yaml b/nxrm-aws-resiliency/templates/fluent-bit.yaml
index 8556edf..8fd98c3 100644
--- a/nxrm-aws-resiliency/templates/fluent-bit.yaml
+++ b/nxrm-aws-resiliency/templates/fluent-bit.yaml
@@ -263,7 +263,7 @@ spec:
     spec:
       containers:
         - name: fluent-bit
-          image: amazon/aws-for-fluent-bit:2.10.0
+          image: amazon/aws-for-fluent-bit:{{ .Values.deployment.fluentBitVersion }}
           imagePullPolicy: Always
           env:
             - name: AWS_REGION
diff --git a/nxrm-aws-resiliency/templates/namespaces.yaml b/nxrm-aws-resiliency/templates/namespaces.yaml
index 5bfb6df..6c72ee7 100644
--- a/nxrm-aws-resiliency/templates/namespaces.yaml
+++ b/nxrm-aws-resiliency/templates/namespaces.yaml
@@ -8,3 +8,8 @@ kind: Namespace
 metadata:
   name: {{ .Values.namespaces.cloudwatchNs }}
 ---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .Values.namespaces.externaldnsNs }}
+---
diff --git a/nxrm-aws-resiliency/templates/serviceaccount.yaml b/nxrm-aws-resiliency/templates/serviceaccount.yaml
index 9c0e499..bca6cf4 100644
--- a/nxrm-aws-resiliency/templates/serviceaccount.yaml
+++ b/nxrm-aws-resiliency/templates/serviceaccount.yaml
@@ -5,3 +5,12 @@ metadata:
   namespace: {{ .Values.namespaces.nexusNs }}
   annotations:
     eks.amazonaws.com/role-arn: {{ .Values.serviceAccount.role }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.externaldns.name }}
+  namespace: {{ .Values.namespaces.externaldnsNs }}
+  annotations:
+    eks.amazonaws.com/role-arn: {{ .Values.serviceAccount.externaldns.role }}
+---
diff --git a/nxrm-aws-resiliency/values.yaml b/nxrm-aws-resiliency/values.yaml
index 55dd3fa..ea8f593 100644
--- a/nxrm-aws-resiliency/values.yaml
+++ b/nxrm-aws-resiliency/values.yaml
@@ -1,41 +1,49 @@
 # Declare variables to be passed into your templates.
 namespaces:
-    nexusNs: nexusrepo
-    cloudwatchNs: amazon-cloudwatch
+  nexusNs: nexusrepo
+  cloudwatchNs: amazon-cloudwatch
+  externaldnsNs: nexus-externaldns
+externaldns:
+  domainFilter: example.com #your root domain e.g example.com
 deployment:
-   name: nxrm.deployment
-   clusterName: nxrm-nexus
-   logsRegion: us-east-1
-   initContainer:
-        image:
-          repository: busybox
-          tag: 1.33.1
-   container:
-        image:
-          repository: sonatype/nexus3
-          tag: 3.41.1
-        containerPort: 8081
-        pullPolicy: IfNotPresent
-        env:
-          nexusDBName: nexus
-          nexusDBPort: 3306
-   requestLogContainer:
-        image:
-          repository: busybox
-          tag: 1.33.1
-   auditLogContainer:
-        image:
-          repository: busybox
-          tag: 1.33.1
-   taskLogContainer:
-        image:
-          repository: busybox
-          tag: 1.33.1
+  clusterRegion: us-east-1
+  name: nxrm.deployment
+  clusterName: nxrm-nexus
+  logsRegion: us-east-1
+  fluentBitVersion: 2.28.0
+  initContainer:
+    image:
+      repository: busybox
+      tag: 1.33.1
+  container:
+    image:
+      repository: sonatype/nexus3
+      tag: 3.41.1
+    containerPort: 8081
+    pullPolicy: IfNotPresent
+    env:
+      nexusDBName: nexus
+      nexusDBPort: 3306
+  requestLogContainer:
+    image:
+      repository: busybox
+      tag: 1.33.1
+  auditLogContainer:
+    image:
+      repository: busybox
+      tag: 1.33.1
+  taskLogContainer:
+    image:
+      repository: busybox
+      tag: 1.33.1
 serviceAccount:
-     name: nexus-repository-deployment-sa #This SA is created as part of steps under "AWS Secrets Manager"
-     role: arn:aws:iam::000000000000:role/nxrm-nexus-role #Role with secretsmanager permissions
+  name: nexus-repository-deployment-sa #This SA is created as part of steps under "AWS Secrets Manager"
+  role: arn:aws:iam::000000000000:role/nxrm-nexus-role #Role with secretsmanager permissions
+  externaldns:
+    name: external-dns
+    role: arn:aws:iam::000000000000:role/nexusrepo-external-dns-irsa-role #Role with route53 permissions needed by external-dns     
 ingress:
-  #host: "nexus.ingress.rule.host" #host to apply this ingress rule to. Uncomment this in your values.yaml and set it as you wish
+  #host: "example.com" #host to apply this ingress rule to. Uncomment this in your values.yaml and set it as you wish
   annotations:
     kubernetes.io/ingress.class: alb
     alb.ingress.kubernetes.io/scheme: internal # scheme

From 1e5ce73111db745400c30da8ca435cf38eb1e39e Mon Sep 17 00:00:00 2001
From: Olu Shiyanbade <oshiyanbade@sonatype.com>
Date: Fri, 26 Aug 2022 21:01:10 +0100
Subject: [PATCH 2/8] specify examples for docker subdomain and cert manager
 arn

---
 nxrm-aws-resiliency/values.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/nxrm-aws-resiliency/values.yaml b/nxrm-aws-resiliency/values.yaml
index ea8f593..1f3863a 100644
--- a/nxrm-aws-resiliency/values.yaml
+++ b/nxrm-aws-resiliency/values.yaml
@@ -48,6 +48,9 @@ ingress:
     kubernetes.io/ingress.class: alb
     alb.ingress.kubernetes.io/scheme: internal # scheme
     alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2 #comma separated list of subnet ids
+    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
+    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444  # The AWS Certificate Manager ARN for your HTTPS certificate
+    external-dns.alpha.kubernetes.io/hostname: example.com, dockerrepo1.example.com, dockerrepo2.example.com, dockerrepo3.example.com # Add more docker subdomains using dockerrepoName.example.com
   dockerIngress:  #Ingress for Docker Connector
     #host: "docker.ingress.rule.host" #host to apply this ingress rule to. Uncomment this in your values.yaml and set it as you wish
     annotations:

From 10ee4a5efb154131285246dcfb8f9e0ec7c680df Mon Sep 17 00:00:00 2001
From: Olu Shiyanbade <oshiyanbade@sonatype.com>
Date: Fri, 26 Aug 2022 21:33:53 +0100
Subject: [PATCH 3/8] parameterise hosted zone

---
 nxrm-aws-resiliency/templates/external-dns-rbac.yml | 2 +-
 nxrm-aws-resiliency/values.yaml                     | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/nxrm-aws-resiliency/templates/external-dns-rbac.yml b/nxrm-aws-resiliency/templates/external-dns-rbac.yml
index 948c200..70edb95 100644
--- a/nxrm-aws-resiliency/templates/external-dns-rbac.yml
+++ b/nxrm-aws-resiliency/templates/external-dns-rbac.yml
@@ -58,7 +58,7 @@ spec:
             - --domain-filter={{ .Values.externaldns.domainFilter }} # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
             - --provider=aws
             - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
-            - --aws-zone-type=public # only look at public hosted zones (valid values are public, private or no value for both)
+            - --aws-zone-type={{ .Values.externaldns.awsZoneType }} # only look at public hosted zones (valid values are public, private or no value for both)
             - --registry=txt
             - --txt-owner-id=external-dns
           env:
diff --git a/nxrm-aws-resiliency/values.yaml b/nxrm-aws-resiliency/values.yaml
index 1f3863a..ae754c5 100644
--- a/nxrm-aws-resiliency/values.yaml
+++ b/nxrm-aws-resiliency/values.yaml
@@ -5,6 +5,7 @@ namespaces:
   externaldnsNs: nexus-externaldns
 externaldns:
   domainFilter: example.com #your root domain e.g example.com
+  awsZoneType: private # only look at public hosted zones (valid values are public, private or no value for both)
 deployment:
   clusterRegion: us-east-1
   name: nxrm.deployment

From 97dfe39202b2afb38c8930897bebfe2eb9be672e Mon Sep 17 00:00:00 2001
From: Olu Shiyanbade <oshiyanbade@sonatype.com>
Date: Fri, 26 Aug 2022 21:35:49 +0100
Subject: [PATCH 4/8] parameterise hosted zone

---
 nxrm-aws-resiliency/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nxrm-aws-resiliency/values.yaml b/nxrm-aws-resiliency/values.yaml
index ae754c5..6f889e6 100644
--- a/nxrm-aws-resiliency/values.yaml
+++ b/nxrm-aws-resiliency/values.yaml
@@ -5,7 +5,7 @@ namespaces:
   externaldnsNs: nexus-externaldns
 externaldns:
   domainFilter: example.com #your root domain e.g example.com
-  awsZoneType: private # only look at public hosted zones (valid values are public, private or no value for both)
+  awsZoneType: private # hosted zone to look at (valid values are public, private or no value for both)
 deployment:
   clusterRegion: us-east-1
   name: nxrm.deployment

From 595db96ef1cca360ed69ab3553d1e8d116f73388 Mon Sep 17 00:00:00 2001
From: Olu Shiyanbade <oshiyanbade@sonatype.com>
Date: Fri, 26 Aug 2022 22:07:25 +0100
Subject: [PATCH 5/8] license

---
 LICENSE | 28 ++++++++++------------------
 1 file changed, 10 insertions(+), 18 deletions(-)

diff --git a/LICENSE b/LICENSE
index 19c6e7d..84cbff0 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,21 +1,13 @@
-MIT License
+Copyright (c) 2020-present Sonatype, Inc.
 
-Copyright (c) 2020 Sonatype
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
 
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
+    http://www.apache.org/licenses/LICENSE-2.0
 
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

From c7c527174f3c68cc3ca198b39483a028c6eaf087 Mon Sep 17 00:00:00 2001
From: Olu Shiyanbade <oshiyanbade@sonatype.com>
Date: Sat, 27 Aug 2022 00:38:36 +0100
Subject: [PATCH 6/8] Associate sub domains with docker ingress

---
 nxrm-aws-resiliency/templates/fluent-bit.yaml |  8 ++++----
 nxrm-aws-resiliency/templates/ingress.yaml    |  2 +-
 nxrm-aws-resiliency/templates/services.yaml   |  2 +-
 nxrm-aws-resiliency/values.yaml               | 11 ++++++-----
 4 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/nxrm-aws-resiliency/templates/fluent-bit.yaml b/nxrm-aws-resiliency/templates/fluent-bit.yaml
index 8fd98c3..4a5ce7a 100644
--- a/nxrm-aws-resiliency/templates/fluent-bit.yaml
+++ b/nxrm-aws-resiliency/templates/fluent-bit.yaml
@@ -77,7 +77,7 @@ data:
     [INPUT]
         Name                tail
         Tag                 nexus.nexus-log
-        Path                /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment-*-*_{{ .Values.namespaces.nexusNs }}_nxrm-app-*.log
+        Path                /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment*{{ .Values.namespaces.nexusNs }}_nxrm-app-*.log
         Parser              docker
         DB                  /var/fluent-bit/state/flb_container.db
         Mem_Buf_Limit       5MB
@@ -112,7 +112,7 @@ data:
     [INPUT]
         Name                tail
         Tag                 nexus.request-log
-        Path                /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment-*-*_{{ .Values.namespaces.nexusNs }}_request-log-*.log
+        Path                /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment*{{ .Values.namespaces.nexusNs }}_request-log-*.log
         Parser              docker
         DB                  /var/fluent-bit/state/flb_container.db
         Mem_Buf_Limit       5MB
@@ -147,7 +147,7 @@ data:
     [INPUT]
         Name                tail
         Tag                 nexus.audit-log
-        Path                /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment-*-*_{{ .Values.namespaces.nexusNs }}_audit-log-*.log
+        Path                /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment*{{ .Values.namespaces.nexusNs }}_audit-log-*.log
         Parser              docker
         DB                  /var/fluent-bit/state/flb_container.db
         Mem_Buf_Limit       5MB
@@ -182,7 +182,7 @@ data:
     [INPUT]
         Name                tail
         Tag                 nexus.tasks-log
-        Path                /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment-*-*_{{ .Values.namespaces.nexusNs }}_tasks-log-*.log
+        Path                /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment*{{ .Values.namespaces.nexusNs }}_tasks-log-*.log
         Parser              docker
         DB                  /var/fluent-bit/state/flb_container.db
         Mem_Buf_Limit       5MB
diff --git a/nxrm-aws-resiliency/templates/ingress.yaml b/nxrm-aws-resiliency/templates/ingress.yaml
index 3b75be4..40a6043 100644
--- a/nxrm-aws-resiliency/templates/ingress.yaml
+++ b/nxrm-aws-resiliency/templates/ingress.yaml
@@ -48,4 +48,4 @@ spec:
               service:
                 name: {{ .Chart.Name }}-docker-service
                 port:
-                  number: {{ .Values.ingress.dockerIngress.port }}
+                  number: {{ .Values.service.docker.port }}
diff --git a/nxrm-aws-resiliency/templates/services.yaml b/nxrm-aws-resiliency/templates/services.yaml
index 5061ea5..5192e85 100644
--- a/nxrm-aws-resiliency/templates/services.yaml
+++ b/nxrm-aws-resiliency/templates/services.yaml
@@ -26,7 +26,7 @@ spec:
   selector:
     app: nxrm
   ports:
-    - name: docker-connector
+    - name: docker-service
       protocol: {{ .Values.service.docker.protocol }}
       port: {{ .Values.service.docker.port }}
       targetPort: {{ .Values.service.docker.targetPort }}
diff --git a/nxrm-aws-resiliency/values.yaml b/nxrm-aws-resiliency/values.yaml
index 6f889e6..e7e403d 100644
--- a/nxrm-aws-resiliency/values.yaml
+++ b/nxrm-aws-resiliency/values.yaml
@@ -50,15 +50,16 @@ ingress:
     alb.ingress.kubernetes.io/scheme: internal # scheme
     alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2 #comma separated list of subnet ids
     alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
-    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444  # The AWS Certificate Manager ARN for your HTTPS certificate
-    external-dns.alpha.kubernetes.io/hostname: example.com, dockerrepo1.example.com, dockerrepo2.example.com, dockerrepo3.example.com # Add more docker subdomains using dockerrepoName.example.com
+    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444  # The AWS Certificate Manager ARN for your HTTPS certificate    
   dockerIngress:  #Ingress for Docker Connector
     #host: "docker.ingress.rule.host" #host to apply this ingress rule to. Uncomment this in your values.yaml and set it as you wish
     annotations:
       kubernetes.io/ingress.class: alb
       alb.ingress.kubernetes.io/scheme: internal # scheme
       alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2 #comma separated list of subnet ids
-    port: 9090
+      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
+      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444  # The AWS Certificate Manager ARN for your HTTPS certificate
+      external-dns.alpha.kubernetes.io/hostname: dockerrepo1.example.com, dockerrepo2.example.com, dockerrepo3.example.com # Add more docker subdomains using dockerrepoName.example.com
 pv:
   storage: 120Gi
   volumeMode: Filesystem
@@ -78,11 +79,11 @@ service:  #Nexus Repo NodePort Service
    protocol: TCP
    port: 80
    targetPort: 8081
-  docker:  #Nodeport Service for Docker connector
+  docker:  #Nodeport Service for Docker Service
    type: NodePort
    protocol: TCP
    port: 9090
-   targetPort: 9090
+   targetPort: 8081
 secret:
   license:
    arn: arn:aws:secretsmanager:us-east-1:000000000000:secret:nxrm-nexus-license

From 0734d746ebbd12e1256b102cabaa13c2f9a18f24 Mon Sep 17 00:00:00 2001
From: Olu Shiyanbade <oshiyanbade@sonatype.com>
Date: Sat, 27 Aug 2022 00:59:07 +0100
Subject: [PATCH 7/8] Associate sub domains with docker ingress

---
 nxrm-aws-resiliency/values.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/nxrm-aws-resiliency/values.yaml b/nxrm-aws-resiliency/values.yaml
index e7e403d..e0f65bd 100644
--- a/nxrm-aws-resiliency/values.yaml
+++ b/nxrm-aws-resiliency/values.yaml
@@ -52,7 +52,6 @@ ingress:
     alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
     alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444  # The AWS Certificate Manager ARN for your HTTPS certificate    
   dockerIngress:  #Ingress for Docker Connector
-    #host: "docker.ingress.rule.host" #host to apply this ingress rule to. Uncomment this in your values.yaml and set it as you wish
     annotations:
       kubernetes.io/ingress.class: alb
       alb.ingress.kubernetes.io/scheme: internal # scheme

From 4902991b0ce654d2dd50901597fcd3f20bcc7851 Mon Sep 17 00:00:00 2001
From: Olu Shiyanbade <oshiyanbade@sonatype.com>
Date: Tue, 30 Aug 2022 15:49:21 +0100
Subject: [PATCH 8/8] Add more comments to values.yaml

---
 nxrm-aws-resiliency/values.yaml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/nxrm-aws-resiliency/values.yaml b/nxrm-aws-resiliency/values.yaml
index e0f65bd..6eba08e 100644
--- a/nxrm-aws-resiliency/values.yaml
+++ b/nxrm-aws-resiliency/values.yaml
@@ -51,14 +51,14 @@ ingress:
     alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2 #comma separated list of subnet ids
     alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
     alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444  # The AWS Certificate Manager ARN for your HTTPS certificate    
-  dockerIngress:  #Ingress for Docker Connector
+  dockerIngress:  #Ingress for Docker Connector - comment out if you don't use docker repositories
     annotations:
-      kubernetes.io/ingress.class: alb
-      alb.ingress.kubernetes.io/scheme: internal # scheme
-      alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2 #comma separated list of subnet ids
-      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
-      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444  # The AWS Certificate Manager ARN for your HTTPS certificate
-      external-dns.alpha.kubernetes.io/hostname: dockerrepo1.example.com, dockerrepo2.example.com, dockerrepo3.example.com # Add more docker subdomains using dockerrepoName.example.com
+      kubernetes.io/ingress.class: alb # comment out if you don't use docker repositories
+      alb.ingress.kubernetes.io/scheme: internal # scheme comment out if you don't use docker repositories
+      alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2 #comma separated list of subnet ids, comment out if you don't use docker repositories
+      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' #comment out if you don't use docker repositories
+      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444  # Comment out if you don't use docker repositories - The AWS Certificate Manager ARN for your HTTPS certificate
+      external-dns.alpha.kubernetes.io/hostname: dockerrepo1.example.com, dockerrepo2.example.com, dockerrepo3.example.com # Add more docker subdomains using dockerrepoName.example.com othereise comment out if you don't use docker repositories
 pv:
   storage: 120Gi
   volumeMode: Filesystem