nhyatt/nxrm3-helm-repository
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: nhyatt:41.1.2
Branches Tags
nhyatt:main nhyatt:update-readme nhyatt:NEXUS-40550-update-archive-project nhyatt:README-Updates-Lisa nhyatt:remove-orient-chart nhyatt:NEXUS-39410-Make-fluentbit-docker-and-external-dns-optional nhyatt:NEXUS-38174 nhyatt:NEXUS-37860_allow_scripts nhyatt:specify-custom-folder-for-nexus-data nhyatt:ArchiveNoticeUpdate nhyatt:NEXUS-36200_stateful-set-nxrm-ha nhyatt:NEXUS-34974-publish-nxrm-helm-charts nhyatt:lisadurant-patch-2 nhyatt:NEXUS-34843_update_the_AWS_resiliency_helm_chart_version
nhyatt:64.2.0 nhyatt:64.1.0 nhyatt:64.0.0 nhyatt:63.0.0 nhyatt:62.0.0 nhyatt:61.0.2 nhyatt:61.0.0 nhyatt:60.0.0 nhyatt:59.0.0 nhyatt:58.1.0 nhyatt:57.1.0 nhyatt:58.0.0 nhyatt:57.0.0 nhyatt:56.0.0 nhyatt:55.0.0 nhyatt:54.1.0 nhyatt:54.0.0 nhyatt:53.1.0 nhyatt:53.0.0 nhyatt:52.0.0 nhyatt:51.0.0 nhyatt:50.0.0 nhyatt:49.0.0 nhyatt:48.0.0 nhyatt:47.1.0 nhyatt:47.0.0 nhyatt:46.0.0 nhyatt:45.1.0 nhyatt:45.0.0 nhyatt:44.0.0 nhyatt:43.0.0 nhyatt:42.0.1 nhyatt:42.0.0 nhyatt:41.1.3 nhyatt:41.1.2 nhyatt:41.1.1
..
compare: nhyatt:42.0.1
Branches Tags
nhyatt:main nhyatt:update-readme nhyatt:NEXUS-40550-update-archive-project nhyatt:README-Updates-Lisa nhyatt:remove-orient-chart nhyatt:NEXUS-39410-Make-fluentbit-docker-and-external-dns-optional nhyatt:NEXUS-38174 nhyatt:NEXUS-37860_allow_scripts nhyatt:specify-custom-folder-for-nexus-data nhyatt:ArchiveNoticeUpdate nhyatt:NEXUS-36200_stateful-set-nxrm-ha nhyatt:NEXUS-34974-publish-nxrm-helm-charts nhyatt:lisadurant-patch-2 nhyatt:NEXUS-34843_update_the_AWS_resiliency_helm_chart_version
nhyatt:64.2.0 nhyatt:64.1.0 nhyatt:64.0.0 nhyatt:63.0.0 nhyatt:62.0.0 nhyatt:61.0.2 nhyatt:61.0.0 nhyatt:60.0.0 nhyatt:59.0.0 nhyatt:58.1.0 nhyatt:57.1.0 nhyatt:58.0.0 nhyatt:57.0.0 nhyatt:56.0.0 nhyatt:55.0.0 nhyatt:54.1.0 nhyatt:54.0.0 nhyatt:53.1.0 nhyatt:53.0.0 nhyatt:52.0.0 nhyatt:51.0.0 nhyatt:50.0.0 nhyatt:49.0.0 nhyatt:48.0.0 nhyatt:47.1.0 nhyatt:47.0.0 nhyatt:46.0.0 nhyatt:45.1.0 nhyatt:45.0.0 nhyatt:44.0.0 nhyatt:43.0.0 nhyatt:42.0.1 nhyatt:42.0.0 nhyatt:41.1.3 nhyatt:41.1.2 nhyatt:41.1.1

38 Commits
41.1.2 ... 42.0.1

Author SHA1 Message Date
Sonatype Zion
4b4bbd13f3 Release Update for 42.0.1 2022-09-28 15:38:44 +00:00
Sonatype Zion
77aac91a9f Release Update for 42.0.0 2022-09-28 14:28:27 +00:00
Sergii Pryhoda
0c51e4c7be Merge pull request #22 from sonatype/NEXUS-34974-publish-nxrm-helm-charts 2022-09-28 16:35:17 +03:00
spryhoda
0adb4a9fc7 uncomment the tests related code in Jenkinsfile 2022-09-20 10:43:08 +03:00
spryhoda
1a821d1032 uncomment the tests 2022-09-19 12:41:25 +03:00
spryhoda
1fa72df38c license header added to README.md 2022-09-14 11:26:56 +03:00
spryhoda
8123c3db21 NEXUS-34974 Publish nxrm helm charts to Sonatype helm repo and Artifact Hub 2022-09-13 15:33:07 +03:00
Olu Shiyanbade
595206fdc9 Merge pull request #21 from sonatype/fix-build 
fix build
 2022-09-02 16:12:52 +01:00
Lisa Durant
7d1dfaa1bd Update README.md 2022-09-02 10:43:11 -04:00
Olu Shiyanbade
de46a3ca1f fix build 2022-09-02 13:06:18 +01:00
Olu Shiyanbade
298a49e994 Merge pull request #20 from sonatype/fix-build 
fix build
 2022-09-02 12:53:26 +01:00
Olu Shiyanbade
786e5717d2 fix build 2022-09-02 12:50:47 +01:00
Olu Shiyanbade
6ed696ec15 Merge pull request #19 from sonatype/NEXUS-35078-Remove-nexus-repository-manager-helm3-charts 
Remove non resiliency helm3-charts
 2022-09-02 12:41:59 +01:00
Olu Shiyanbade
e82e7a3208 Remove non resiliency helm3-charts 2022-09-02 11:23:27 +01:00
Lisa Durant
d9da79bb8d Update README.md 
wording cleanup
 2022-08-30 15:29:11 -04:00
Lisa Durant
670344d45a Merge pull request #15 from sonatype/update-readme 
NEXUS-34871 - readme update
 2022-08-30 15:15:32 -04:00
Lisa Durant
b5168a2dc3 Merge pull request #16 from sonatype/lisadurant-patch-2 
readme update
 2022-08-30 15:09:58 -04:00
Olu Shiyanbade
96b919241d resolve conflict 2022-08-30 20:04:28 +01:00
Olu Shiyanbade
5410733d72 Update README.md 2022-08-30 20:00:37 +01:00
Olu Shiyanbade
1b4585d89c readme update 2022-08-30 19:32:36 +01:00
Olu Shiyanbade
4b91e48ef5 readme update 2022-08-30 19:30:05 +01:00
Sonatype Zion
02c19b39ee Release Update for 41.1.3 2022-08-30 15:16:56 +00:00
Olu Shiyanbade
f351b8e244 Merge pull request #14 from sonatype/NEXUS-34871-configure-external-dns-to-create-docker-sub-domain-records-and-https-listener 
NEXUS-34871 - Create A records for docker sub domain and configure HTTPS listener for ALB
 2022-08-30 15:49:43 +01:00
Olu Shiyanbade
4902991b0c Add more comments to values.yaml 2022-08-30 15:49:21 +01:00
Olu Shiyanbade
0734d746eb Associate sub domains with docker ingress 2022-08-27 00:59:07 +01:00
Olu Shiyanbade
c7c527174f Associate sub domains with docker ingress 2022-08-27 00:38:36 +01:00
Olu Shiyanbade
595db96ef1 license 2022-08-26 22:07:25 +01:00
Olu Shiyanbade
97dfe39202 parameterise hosted zone 2022-08-26 21:35:49 +01:00
Olu Shiyanbade
10ee4a5efb parameterise hosted zone 2022-08-26 21:33:53 +01:00
Olu Shiyanbade
1e5ce73111 specify examples for docker subdomain and cert manager arn 2022-08-26 21:01:10 +01:00
Olu Shiyanbade
862f179251 Configure external-dns to create docker sub domain rcords and https listener 2022-08-26 20:47:16 +01:00
Olu Shiyanbade
769c3b7f7c revert 2022-08-26 20:44:42 +01:00
Olu Shiyanbade
e3af231002 Configure external-dns to create docker sub domain rcords and https listener 2022-08-26 20:42:13 +01:00
Olu Shiyanbade
a0318927b0 Merge pull request #13 from sonatype/fix-typo 
fix numbering
 2022-08-26 12:33:05 +01:00
Olu Shiyanbade
702f846cb2 fix numbering 2022-08-26 12:31:05 +01:00
Olu Shiyanbade
53b1ba9fcb Merge pull request #12 from sonatype/NEXUS-34129-Update-Broken-links-and-readme 
NEXUS-34129 - Update-Broken-links-and-readme
 2022-08-26 12:28:54 +01:00
Olu Shiyanbade
1cddb6982b Update Broken links and readme 2022-08-26 11:48:48 +01:00
Lisa Durant
f3c87e8d32 NEXUS-34212 - Update README 
Update README with info about adding annotations and labels
 2022-07-29 12:05:29 -04:00
29 changed files with 470 additions and 116 deletions
Expand all files Collapse all files

13
Jenkinsfile-Release
View File

@ -17,16 +17,6 @@ final jira = [
credentialId : 'jenkins-jira', autoRelease: true, failOnError: true credentialId : 'jenkins-jira', autoRelease: true, failOnError: true
] ]
final jiraVersionMappings = [
'nexus-repository-manager': 'helm-nxrm',
'nxrm-aws-resiliency': 'helm-nxrm-aws-resiliency'
]
final chartLocation = [
'nexus-repository-manager': 'nexus-repository-manager',
'nxrm-aws-resiliency': 'nxrm-aws-resiliency'
]
properties([ properties([
parameters([ parameters([
string( string(
@ -55,7 +45,8 @@ dockerizedBuildPipeline(
runSafely "./upgrade.sh ./nexus-repository-manager ${chartVersion} ${params.appVersion}" runSafely "./upgrade.sh ./nexus-repository-manager ${chartVersion} ${params.appVersion}"
runSafely "./upgrade.sh ./nxrm-aws-resiliency ${chartVersion} ${params.appVersion}" runSafely "./upgrade.sh ./nxrm-aws-resiliency ${chartVersion} ${params.appVersion}"
runSafely './build.sh' runSafely './build.sh'
runSafely 'git add nxrm-aws-resiliency nexus-repository-manager' runSafely 'git add nxrm-aws-resiliency'
runSafely 'git add nexus-repository-manager'
}, },
skipVulnerabilityScan: true, skipVulnerabilityScan: true,
archiveArtifacts: 'docs/*', archiveArtifacts: 'docs/*',

28
LICENSE
View File

@ -1,21 +1,13 @@
MIT License Copyright (c) 2020-present Sonatype, Inc.
Copyright (c) 2020 Sonatype Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
Permission is hereby granted, free of charge, to any person obtaining a copy http://www.apache.org/licenses/LICENSE-2.0
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all Unless required by applicable law or agreed to in writing, software
copies or substantial portions of the Software. distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR See the License for the specific language governing permissions and
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, limitations under the License.
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

4
README.md
View File

@ -17,12 +17,12 @@
We provide Helm charts for two different deployment scenarios: We provide Helm charts for two different deployment scenarios:
See the [AWS Single-Instance Resiliency Chart](https://github.com/sonatype/nxrm3-helm-repository/tree/main/aws-single-instance-resiliency) if you are doing the following: See the [AWS Single-Instance Resiliency Chart](https://github.com/sonatype/nxrm3-helm-repository/tree/main/nxrm-aws-resiliency) if you are doing the following:
* Deploying Nexus Repository Pro to an AWS cloud environment with the desire for automatic failover across Availability Zones (AZs) within a single region * Deploying Nexus Repository Pro to an AWS cloud environment with the desire for automatic failover across Availability Zones (AZs) within a single region
* Planning to configure a single Nexus Repository Pro instance within your Kubernetes/EKS cluster with two or more nodes spread across different AZs within an AWS region * Planning to configure a single Nexus Repository Pro instance within your Kubernetes/EKS cluster with two or more nodes spread across different AZs within an AWS region
* Using an external PostgreSQL database (required) * Using an external PostgreSQL database (required)
See the [Single-Instance OSS/Pro Kubernetes Chart](https://github.com/sonatype/nxrm3-helm-repository/tree/main/single-inst-oss-pro-kubernetes) if you are doing the following: See the [Single-Instance OSS/Pro Kubernetes Chart](https://github.com/sonatype/helm3-charts/tree/main/charts/nexus-repository-manager) if you are doing the following:
* Using embedded OrientDB (required) * Using embedded OrientDB (required)
* Deploying either Nexus Repository Pro or OSS to an on-premises environment with bare metal/VM server (Node) * Deploying either Nexus Repository Pro or OSS to an on-premises environment with bare metal/VM server (Node)
* Deploying a single Nexus Repository instance within a Kubernetes cluster that has a single Node configured * Deploying a single Nexus Repository instance within a Kubernetes cluster that has a single Node configured

BIN
docs/nexus-repository-manager-41.1.0.tgz
View File

Binary file not shown.

BIN
docs/nexus-repository-manager-41.1.1.tgz
View File

Binary file not shown.

BIN
docs/nexus-repository-manager-41.1.2.tgz
View File

Binary file not shown.

BIN
docs/nexus-repository-manager-42.0.0.tgz Normal file
View File

Binary file not shown.

BIN
docs/nexus-repository-manager-42.0.1.tgz Normal file
View File

Binary file not shown.

BIN
docs/nxrm-aws-resiliency-41.1.3.tgz Normal file
View File

Binary file not shown.

BIN
docs/nxrm-aws-resiliency-42.0.0.tgz Normal file
View File

Binary file not shown.

BIN
docs/nxrm-aws-resiliency-42.0.1.tgz Normal file
View File

Binary file not shown.

BIN
nexus-repository-manager/.DS_Store vendored
View File

Binary file not shown.

24
nexus-repository-manager/.helmignore Normal file
View File

@ -0,0 +1,24 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
# OWNERS file for Kubernetes
OWNERS
*.tar

4
nexus-repository-manager/Chart.yaml
View File

@ -3,10 +3,10 @@ name: nexus-repository-manager
# This is the chart version. This version number should be incremented each time you make changes # This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version. # to the chart and its templates, including the app version.
version: 41.1.2 version: 42.0.1
# This is the version number of the application being deployed. This version number should be # This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. # incremented each time you make changes to the application.
appVersion: 3.41.1 appVersion: 3.42.0
description: Sonatype Nexus Repository Manager - Universal Binary repository description: Sonatype Nexus Repository Manager - Universal Binary repository

60
nexus-repository-manager/README.md
View File

@ -67,14 +67,9 @@ Do not use this Helm chart and, instead, refer to our [resiliency documentation]
By default, this Chart uses Sonatype's Public Docker image. If you want to use a different image, run with the following: `--set nexus.imageName=<my>/<image>`. By default, this Chart uses Sonatype's Public Docker image. If you want to use a different image, run with the following: `--set nexus.imageName=<my>/<image>`.
### With Red Hat Certified container ## Adding the Sonatype Repository to your Helm
If you're looking run our Certified Red Hat image in an OpenShift4 environment, there is a Certified Operator in OperatorHub. To add as a Helm Repo
---
## Adding the repo
To add as a Helm Repo, use the following:
```helm repo add sonatype https://sonatype.github.io/helm3-charts/``` ```helm repo add sonatype https://sonatype.github.io/helm3-charts/```
--- ---
@ -111,6 +106,7 @@ The default login is randomized and can be found in `/nexus-data/admin.password`
by setting the environment variable `NEXUS_SECURITY_RANDOMPASSWORD` to `false` in your `values.yaml`. by setting the environment variable `NEXUS_SECURITY_RANDOMPASSWORD` to `false` in your `values.yaml`.
--- ---
## Uninstalling the Chart ## Uninstalling the Chart
To uninstall/delete the deployment, use the following: To uninstall/delete the deployment, use the following:
@ -133,16 +129,16 @@ The following table lists the configurable parameters of the Nexus chart and the
| Parameter | Description | Default | | Parameter | Description | Default |
|--------------------------------------------|----------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------| |--------------------------------------------|----------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------|
| `deploymentStrategy` | Deployment Strategy | `Recreate` | | `deploymentStrategy` | Deployment Strategy | `Recreate` |
| `nexus.imagePullPolicy` | Nexus Repository image pull policy | `IfNotPresent` | | `nexus.imagePullPolicy` | Nexus Repository image pull policy | `IfNotPresent` |
| `nexus.imagePullSecrets` | Secret to download Nexus Repository image from private registry | `nil` | | `imagePullSecrets` | The names of the kubernetes secrets with credentials to login to a registry | `[]` |
| `nexus.docker.enabled` | Enable/disable Docker support | `false` | | `nexus.docker.enabled` | Enable/disable Docker support | `false` |
| `nexus.docker.registries` | Support multiple Docker registries | (see below) | | `nexus.docker.registries` | Support multiple Docker registries | (see below) |
| `nexus.docker.registries[0].host` | Host for the Docker registry | `cluster.local` | | `nexus.docker.registries[0].host` | Host for the Docker registry | `cluster.local` |
| `nexus.docker.registries[0].port` | Port for the Docker registry | `5000` | | `nexus.docker.registries[0].port` | Port for the Docker registry | `5000` |
| `nexus.docker.registries[0].secretName` | TLS Secret Name for the ingress | `registrySecret` | | `nexus.docker.registries[0].secretName` | TLS Secret Name for the ingress | `registrySecret` |
| `nexus.env` | Nexus Repository environment variables | `[{INSTALL4J_ADD_VM_PARAMS: -Xms1200M -Xmx1200M -XX:MaxDirectMemorySize=2G -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap}]` | | `nexus.env` | Nexus Repository environment variables | `[{INSTALL4J_ADD_VM_PARAMS: -Xms1200M -Xmx1200M -XX:MaxDirectMemorySize=2G -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap}]` |
| `nexus.resources` | Nexus Repository resource requests and limits | `{}` | | `nexus.resources` | Nexus Repository resource requests and limits | `{}` |
| `nexus.nexusPort` | Internal port for Nexus Repository service | `8081` | | `nexus.nexusPort` | Internal port for Nexus Repository service | `8081` |
| `nexus.securityContext` | Security Context (for enabling official image use `fsGroup: 2000`) | `{}` | | `nexus.securityContext` | Security Context (for enabling official image use `fsGroup: 2000`) | `{}` |
| `nexus.labels` | Service labels | `{}` | | `nexus.labels` | Service labels | `{}` |
| `nexus.podAnnotations` | Pod Annotations | `{}` | | `nexus.podAnnotations` | Pod Annotations | `{}` |
@ -159,17 +155,17 @@ The following table lists the configurable parameters of the Nexus chart and the
| `nexus.hostAliases` | Aliases for IPs in /etc/hosts | [] | | `nexus.hostAliases` | Aliases for IPs in /etc/hosts | [] |
| `nexus.properties.override` | Set to true to override default nexus.properties | `false` | | `nexus.properties.override` | Set to true to override default nexus.properties | `false` |
| `nexus.properties.data` | A map of custom nexus properties if `override` is set to true | `nexus.scripts.allowCreation: true` | | `nexus.properties.data` | A map of custom nexus properties if `override` is set to true | `nexus.scripts.allowCreation: true` |
| `ingress.enabled` | Create an ingress for Nexus Repository | `true` | | `ingress.enabled` | Create an ingress for Nexus Repository | `false` |
| `ingress.annotations` | Annotations to enhance ingress configuration | `{kubernetes.io/ingress.class: nginx}` | | `ingress.annotations` | Annotations to enhance ingress configuration | `{kubernetes.io/ingress.class: nginx}` |
| `ingress.tls.secretName` | Name of the secret storing TLS cert, `false` to use the Ingress' default certificate | `nexus-tls` | | `ingress.tls.secretName` | Name of the secret storing TLS cert, `false` to use the Ingress' default certificate | `nexus-tls` |
| `ingress.path` | Path for ingress rules. GCP users should set to `/*`. | `/` | | `ingress.path` | Path for ingress rules. GCP users should set to `/*`. | `/` |
| `tolerations` | tolerations list | `[]` | | `tolerations` | tolerations list | `[]` |
| `config.enabled` | Enable configmap | `false` | | `config.enabled` | Enable configmap | `false` |
| `config.mountPath` | Path to mount the config | `/sonatype-nexus-conf` | | `config.mountPath` | Path to mount the config | `/sonatype-nexus-conf` |
| `config.data` | Configmap data | `nil` | | `config.data` | Configmap data | `nil` |
| `deployment.annotations` | Annotations to enhance deployment configuration | `{}` | | `deployment.annotations` | Annotations to enhance deployment configuration | `{}` |
| `deployment.initContainers` | Init containers to run before main containers | `nil` | | `deployment.initContainers` | Init containers to run before main containers | `nil` |
| `deployment.postStart.command` | Command to run after starting the container | `nil` | | `deployment.postStart.command` | Command to run after starting the container | `nil` |
| `deployment.terminationGracePeriodSeconds` | Update termination grace period (in seconds) | 120s | | `deployment.terminationGracePeriodSeconds` | Update termination grace period (in seconds) | 120s |
| `deployment.additionalContainers` | Add additional Container | `nil` | | `deployment.additionalContainers` | Add additional Container | `nil` |
| `deployment.additionalVolumes` | Add additional Volumes | `nil` | | `deployment.additionalVolumes` | Add additional Volumes | `nil` |
@ -188,16 +184,44 @@ The following table lists the configurable parameters of the Nexus chart and the
| `route.portName` | Target port name of service | `docker` | | `route.portName` | Target port name of service | `docker` |
| `route.labels` | Labels to be added to route | `{}` | | `route.labels` | Labels to be added to route | `{}` |
| `route.annotations` | Annotations to be added to route | `{}` | | `route.annotations` | Annotations to be added to route | `{}` |
| `route.path` | Host name of Route e.g. jenkins.example.com | nil | | `route.path` | Host name of Route e.g. jenkins.example.com | nil |
| `serviceAccount.create` | Set to true to create ServiceAccount | `true` | | `serviceAccount.create` | Set to true to create ServiceAccount | `true` |
| `serviceAccount.annotations` | Set annotations for ServiceAccount | `{}` | | `serviceAccount.annotations` | Set annotations for ServiceAccount | `{}` |
| `serviceAccount.name` | The name of the service account to use. Auto-generate if not set and create is true. | `{}` | | `serviceAccount.name` | The name of the service account to use. Auto-generate if not set and create is true. | `{}` |
| `persistence.enabled` | Set false to eliminate persistent storage | `true` | | `persistence.enabled` | Set false to eliminate persistent storage | `true` |
| `persistence.existingClaim` | Specify the name of an existing persistent volume claim to use instead of creating a new one | nil | | `persistence.existingClaim` | Specify the name of an existing persistent volume claim to use instead of creating a new one | nil |
| `persistence.storageSize` | Size of the storage the chart will request | `8Gi` | | `persistence.storageSize` | Size of the storage the chart will request | `8Gi` |
### Persistence ### Persistence
By default, a `PersistentVolumeClaim` is created and mounted into the `/nexus-data` directory. In order to disable this functionality, you can change the `values.yaml` to disable persistence, which will use an `emptyDir` instead. By default, a `PersistentVolumeClaim` is created and mounted into the `/nexus-data` directory. In order to disable this functionality, you can change the `values.yaml` to disable persistence, which will use an `emptyDir` instead.
> *"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."* > *"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."*
## Using the Image from the Red Hat Registry
To use the [Nexus Repository Manager image available from Red Hat's registry](https://catalog.redhat.com/software/containers/sonatype/nexus-repository-manager/594c281c1fbe9847af657690),
you'll need to:
* Load the credentials for the registry as a secret in your cluster
```shell
kubectl create secret docker-registry redhat-pull-secret \
--docker-server=registry.connect.redhat.com \
--docker-username=<user_name> \
--docker-password=<password> \
--docker-email=<email>
```
See Red Hat's [Registry Authentication documentation](https://access.redhat.com/RegistryAuthentication)
for further details.
* Provide the name of the secret in `imagePullSecrets` in this chart's `values.yaml`
```yaml
imagePullSecrets:
- name: redhat-pull-secret
```
* Set `image.name` and `image.tag` in `values.yaml`
```yaml
image:
repository: registry.connect.redhat.com/sonatype/nexus-repository-server
tag: 3.39.0-ubi-1
```
---

2
nexus-repository-manager/templates/deployment.yaml
View File

@ -48,7 +48,7 @@ spec:
hostAliases: hostAliases:
{{ toYaml .Values.nexus.hostAliases | nindent 8 }} {{ toYaml .Values.nexus.hostAliases | nindent 8 }}
{{- end }} {{- end }}
{{- if .Values.nexus.imagePullSecrets }} {{- with .Values.imagePullSecrets }}
imagePullSecrets: imagePullSecrets:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}

3
nexus-repository-manager/templates/ingress.yaml
View File

@ -62,6 +62,9 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
spec: spec:
{{- if $.Values.ingress.ingressClassName }}
ingressClassName: {{ $.Values.ingress.ingressClassName }}
{{- end }}
tls: tls:
- hosts: - hosts:
- {{ $registry.host | quote }} - {{ $registry.host | quote }}

30
nexus-repository-manager/tests/deployment_test.yaml
View File

@ -44,7 +44,12 @@ tests:
path: spec.template.spec.containers[0].env path: spec.template.spec.containers[0].env
value: value:
- name: INSTALL4J_ADD_VM_PARAMS - name: INSTALL4J_ADD_VM_PARAMS
value: -Xms2703M -Xmx2703M -XX:MaxDirectMemorySize=2703M -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap value: |-
-Xms2703M -Xmx2703M
-XX:MaxDirectMemorySize=2703M
-XX:+UnlockExperimentalVMOptions
-XX:+UseCGroupMemoryLimitForHeap
-Djava.util.prefs.userRoot=/nexus-data/javaprefs
- name: NEXUS_SECURITY_RANDOMPASSWORD - name: NEXUS_SECURITY_RANDOMPASSWORD
value: "true" value: "true"
- equal: - equal:
@ -83,3 +88,26 @@ tests:
- name: nexus-repository-manager-data - name: nexus-repository-manager-data
persistentVolumeClaim: persistentVolumeClaim:
claimName: RELEASE-NAME-nexus-repository-manager-data claimName: RELEASE-NAME-nexus-repository-manager-data
- equal:
path: spec.template.spec.securityContext
value:
fsGroup: 200
runAsGroup: 200
runAsUser: 200
- it: should use our simple values
template: deployment.yaml
set:
deploymentStrategy: my-strategy
imagePullSecrets:
- name: top-secret
asserts:
- hasDocuments:
count: 1
- equal:
path: spec.strategy.type
value: my-strategy
- equal:
path: spec.template.spec.imagePullSecrets
value:
- name: top-secret

102
nexus-repository-manager/tests/ingress_test.yaml
View File

@ -1,3 +1,4 @@
---
suite: ingress suite: ingress
templates: templates:
- ingress.yaml - ingress.yaml
@ -97,7 +98,105 @@ tests:
equal: equal:
path: metadata.name path: metadata.name
value: RELEASE-NAME-nexus-repository-manager value: RELEASE-NAME-nexus-repository-manager
- documentIndex: 0
equal:
path: spec
value:
ingressClassName: nginx
rules:
- host: repo.demo
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: RELEASE-NAME-nexus-repository-manager
port:
number: 8081
- documentIndex: 1
equal:
path: metadata.name
value: RELEASE-NAME-nexus-repository-manager-docker-5000
- documentIndex: 1
equal:
path: spec
value:
ingressClassName: nginx
rules:
- host: docker.repo.demo
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: RELEASE-NAME-nexus-repository-manager-docker-5000
port:
number: 5000
tls:
- hosts:
- docker.repo.demo
secretName: registry-secret
- it: we can exclude ingressClassName for repo ingress and docker ingress
set:
ingress:
enabled: true
ingressClassName: {}
nexus:
docker:
enabled: true
registries:
- host: docker.repo.demo
port: 5000
secretName: registry-secret
asserts:
- hasDocuments:
count: 2
- isKind:
of: Ingress
- equal:
path: apiVersion
value: networking.k8s.io/v1
- equal:
path: metadata.labels.[app.kubernetes.io/instance]
value: RELEASE-NAME
- equal:
path: metadata.labels.[app.kubernetes.io/managed-by]
value: Helm
- matchRegex:
path: metadata.labels.[app.kubernetes.io/version]
pattern: \d+\.\d+\.\d+
- matchRegex:
path: metadata.labels.[helm.sh/chart]
pattern: nexus-repository-manager-\d+\.\d+\.\d+
- equal:
path: metadata.labels.[app.kubernetes.io/name]
value: nexus-repository-manager
- equal:
path: metadata.annotations
value:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
- documentIndex: 0
equal:
path: metadata.name
value: RELEASE-NAME-nexus-repository-manager
- documentIndex: 0
equal:
path: spec
value:
rules:
- host: repo.demo
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: RELEASE-NAME-nexus-repository-manager
port:
number: 8081
- documentIndex: 1 - documentIndex: 1
equal: equal:
path: metadata.name path: metadata.name
@ -119,9 +218,8 @@ tests:
number: 5000 number: 5000
tls: tls:
- hosts: - hosts:
- docker.repo.demo - docker.repo.demo
secretName: registry-secret secretName: registry-secret
- it: is disabled by default - it: is disabled by default
asserts: asserts:
- hasDocuments: - hasDocuments:

18
nexus-repository-manager/values.yaml
View File

@ -2,13 +2,16 @@
statefulset: statefulset:
# This is not supported # This is not supported
enabled: false enabled: false
# By default deploymentStrategy is set to rollingUpdate with maxSurge of 25% and maxUnavailable of 25% . you can change type to `Recreate` or can uncomment `rollingUpdate` specification and adjust them to your usage.
deploymentStrategy: Recreate deploymentStrategy: Recreate
image: image:
# Sonatype Official Public Image # Sonatype Official Public Image
repository: sonatype/nexus3 repository: sonatype/nexus3
tag: 3.41.1 tag: 3.42.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
imagePullSecrets:
# for image registries that require login, specify the name of the existing
# kubernetes secret
# - name: <pull-secret-name>
nexus: nexus:
docker: docker:
@ -16,12 +19,17 @@ nexus:
# registries: # registries:
# - host: chart.local # - host: chart.local
# port: 5000 # port: 5000
# secretName: registrySecret # secretName: registry-secret
env: env:
# minimum recommended memory settings for a small, person instance from # minimum recommended memory settings for a small, person instance from
# https://help.sonatype.com/repomanager3/product-information/system-requirements # https://help.sonatype.com/repomanager3/product-information/system-requirements
- name: INSTALL4J_ADD_VM_PARAMS - name: INSTALL4J_ADD_VM_PARAMS
value: "-Xms2703M -Xmx2703M -XX:MaxDirectMemorySize=2703M -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap" value: |-
-Xms2703M -Xmx2703M
-XX:MaxDirectMemorySize=2703M
-XX:+UnlockExperimentalVMOptions
-XX:+UseCGroupMemoryLimitForHeap
-Djava.util.prefs.userRoot=/nexus-data/javaprefs
- name: NEXUS_SECURITY_RANDOMPASSWORD - name: NEXUS_SECURITY_RANDOMPASSWORD
value: "true" value: "true"
properties: properties:
@ -72,8 +80,6 @@ nexus:
# - "example.com" # - "example.com"
# - "www.example.com" # - "www.example.com"
imagePullSecrets: []
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""

4
nxrm-aws-resiliency/Chart.yaml
View File

@ -15,13 +15,13 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes # This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version. # to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/) # Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 41.1.2 version: 42.0.1
# This is the version number of the application being deployed. This version number should be # This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to # incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using. # follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes. # It is recommended to use it with quotes.
appVersion: 3.41.1 appVersion: 3.42.0
keywords: keywords:
- artifacts - artifacts

102
nxrm-aws-resiliency/README.md
View File

@ -62,14 +62,110 @@ You will also need to complete the steps below. See the referenced AWS documenta
--- ---
## External-dns
This helm chart uses [external-dns](https://github.com/kubernetes-sigs/external-dns) to create 'A' records in AWS Route 53 for our [Docker subdomain feature](https://help.sonatype.com/repomanager3/nexus-repository-administration/formats/docker-registry/docker-subdomain-connector).
See the ```external-dns.alpha.kubernetes.io/hostname``` annotation in the dockerIngress resource in the values.yaml.
### Permissions for external-dns
Open a terminal that has connectivity to your EKS cluster and run the following commands:
```
cat <<'EOF' >> external-dns-r53-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/*"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones",
"route53:ListResourceRecordSets"
],
"Resource": [
"*"
]
}
]
}
EOF
aws iam create-policy --policy-name "AllowExternalDNSUpdates" --policy-document file://external-dns-r53-policy.json
POLICY_ARN=$(aws iam list-policies --query 'Policies[?PolicyName==`AllowExternalDNSUpdates`].Arn' --output text)
EKS_CLUSTER_NAME=<Your EKS Cluster Name>
aws eks describe-cluster --name $EKS_CLUSTER_NAME --query "cluster.identity.oidc.issuer" --output text
eksctl utils associate-iam-oidc-provider --cluster $EKS_CLUSTER_NAME --approve
ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text)
OIDC_PROVIDER=$(aws eks describe-cluster --name $EKS_CLUSTER_NAME --query "cluster.identity.oidc.issuer" --output text | sed -e 's|^https://||')
```
Note: The value you assign to the 'EXTERNALDNS_NS' variable below should be the same as the one you specify in your values.yaml for namespaces.externaldnsNs
```
EXTERNALDNS_NS=nexus-externaldns
cat <<-EOF > externaldns-trust.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::$ACCOUNT_ID:oidc-provider/$OIDC_PROVIDER"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"$OIDC_PROVIDER:sub": "system:serviceaccount:${EXTERNALDNS_NS}:external-dns",
"$OIDC_PROVIDER:aud": "sts.amazonaws.com"
}
}
}
]
}
EOF
IRSA_ROLE="nexusrepo-external-dns-irsa-role"
aws iam create-role --role-name $IRSA_ROLE --assume-role-policy-document file://externaldns-trust.json
aws iam attach-role-policy --role-name $IRSA_ROLE --policy-arn $POLICY_ARN
ROLE_ARN=$(aws iam get-role --role-name $IRSA_ROLE --query Role.Arn --output text)
echo $ROLE_ARN
```
2. Take note of the ROLE_ARN outputted last above and specify it in your values.yaml for serviceAccount.externaldns.role
## Deployment ## Deployment
1. Pull the [nxrm-resiliency-aws-helmchart](https://github.com/sonatype/nxrm3-helm-repository/blob/main/aws-single-instance-resiliency/Chart.yaml). 1. Add the sonatype repo to your helm:
```helm repo add sonatype https://sonatype.github.io/helm3-charts/ ```
2. Ensure you have updated your values.yaml with appropriate values for your environment. 2. Ensure you have updated your values.yaml with appropriate values for your environment.
- Note that you can specify Ingress annotations via the values.yaml.
- If you wish to add [Labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/), you can do so via kubectl. See the [kubectl Cheat Sheet](https://kubernetes.io/docs/reference/kubectl/cheatsheet/) for specific commands.
3. Install the chart using the following: 3. Install the chart using the following:
```helm install nxrm nexus/nxrm-aws-resiliency --values values.yaml``` ```helm install nxrm sonatype/nxrm-aws-resiliency -f values.yaml```
3. Get the Nexus Repository link using the following: 4. Get the Nexus Repository link using the following:
```kubectl get ingresses -n nexusrepo``` ```kubectl get ingresses -n nexusrepo```

66
nxrm-aws-resiliency/templates/external-dns-rbac.yml Normal file
View File

@ -0,0 +1,66 @@
# comment out sa if it was previously created
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: external-dns
namespace: {{ .Values.namespaces.externaldnsNs }}
labels:
app.kubernetes.io/name: external-dns
rules:
- apiGroups: [""]
resources: ["services","endpoints","pods","nodes"]
verbs: ["get","watch","list"]
- apiGroups: ["extensions","networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get","watch","list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: external-dns-viewer
namespace: {{ .Values.namespaces.externaldnsNs }}
labels:
app.kubernetes.io/name: external-dns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: external-dns
subjects:
- kind: ServiceAccount
name: {{ .Values.serviceAccount.externaldns.name }}
namespace: {{ .Values.namespaces.externaldnsNs }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: external-dns
namespace: {{ .Values.namespaces.externaldnsNs }}
labels:
app.kubernetes.io/name: external-dns
spec:
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: external-dns
template:
metadata:
labels:
app.kubernetes.io/name: external-dns
spec:
serviceAccountName: external-dns
containers:
- name: external-dns
image: k8s.gcr.io/external-dns/external-dns:v0.11.0
args:
- --source=service
- --source=ingress
- --domain-filter={{ .Values.externaldns.domainFilter }} # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
- --provider=aws
- --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
- --aws-zone-type={{ .Values.externaldns.awsZoneType }} # only look at public hosted zones (valid values are public, private or no value for both)
- --registry=txt
- --txt-owner-id=external-dns
env:
- name: AWS_DEFAULT_REGION
value: {{ .Values.deployment.clusterRegion }}

10
nxrm-aws-resiliency/templates/fluent-bit.yaml
View File

@ -77,7 +77,7 @@ data:
[INPUT] [INPUT]
Name tail Name tail
Tag nexus.nexus-log Tag nexus.nexus-log
Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment-*-*_{{ .Values.namespaces.nexusNs }}_nxrm-app-*.log Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment*{{ .Values.namespaces.nexusNs }}_nxrm-app-*.log
Parser docker Parser docker
DB /var/fluent-bit/state/flb_container.db DB /var/fluent-bit/state/flb_container.db
Mem_Buf_Limit 5MB Mem_Buf_Limit 5MB
@ -112,7 +112,7 @@ data:
[INPUT] [INPUT]
Name tail Name tail
Tag nexus.request-log Tag nexus.request-log
Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment-*-*_{{ .Values.namespaces.nexusNs }}_request-log-*.log Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment*{{ .Values.namespaces.nexusNs }}_request-log-*.log
Parser docker Parser docker
DB /var/fluent-bit/state/flb_container.db DB /var/fluent-bit/state/flb_container.db
Mem_Buf_Limit 5MB Mem_Buf_Limit 5MB
@ -147,7 +147,7 @@ data:
[INPUT] [INPUT]
Name tail Name tail
Tag nexus.audit-log Tag nexus.audit-log
Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment-*-*_{{ .Values.namespaces.nexusNs }}_audit-log-*.log Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment*{{ .Values.namespaces.nexusNs }}_audit-log-*.log
Parser docker Parser docker
DB /var/fluent-bit/state/flb_container.db DB /var/fluent-bit/state/flb_container.db
Mem_Buf_Limit 5MB Mem_Buf_Limit 5MB
@ -182,7 +182,7 @@ data:
[INPUT] [INPUT]
Name tail Name tail
Tag nexus.tasks-log Tag nexus.tasks-log
Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment-*-*_{{ .Values.namespaces.nexusNs }}_tasks-log-*.log Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment*{{ .Values.namespaces.nexusNs }}_tasks-log-*.log
Parser docker Parser docker
DB /var/fluent-bit/state/flb_container.db DB /var/fluent-bit/state/flb_container.db
Mem_Buf_Limit 5MB Mem_Buf_Limit 5MB
@ -263,7 +263,7 @@ spec:
spec: spec:
containers: containers:
- name: fluent-bit - name: fluent-bit
image: amazon/aws-for-fluent-bit:2.10.0 image: amazon/aws-for-fluent-bit:{{ .Values.deployment.fluentBitVersion }}
imagePullPolicy: Always imagePullPolicy: Always
env: env:
- name: AWS_REGION - name: AWS_REGION

2
nxrm-aws-resiliency/templates/ingress.yaml
View File

@ -48,4 +48,4 @@ spec:
service: service:
name: {{ .Chart.Name }}-docker-service name: {{ .Chart.Name }}-docker-service
port: port:
number: {{ .Values.ingress.dockerIngress.port }} number: {{ .Values.service.docker.port }}

5
nxrm-aws-resiliency/templates/namespaces.yaml
View File

@ -8,3 +8,8 @@ kind: Namespace
metadata: metadata:
name: {{ .Values.namespaces.cloudwatchNs }} name: {{ .Values.namespaces.cloudwatchNs }}
--- ---
apiVersion: v1
kind: Namespace
metadata:
name: {{ .Values.namespaces.externaldnsNs }}
---

9
nxrm-aws-resiliency/templates/serviceaccount.yaml
View File

@ -5,3 +5,12 @@ metadata:
namespace: {{ .Values.namespaces.nexusNs }} namespace: {{ .Values.namespaces.nexusNs }}
annotations: annotations:
eks.amazonaws.com/role-arn: {{ .Values.serviceAccount.role }} eks.amazonaws.com/role-arn: {{ .Values.serviceAccount.role }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.serviceAccount.externaldns.name }}
namespace: {{ .Values.namespaces.externaldnsNs }}
annotations:
eks.amazonaws.com/role-arn: {{ .Values.serviceAccount.externaldns.role }}
---

2
nxrm-aws-resiliency/templates/services.yaml
View File

@ -26,7 +26,7 @@ spec:
selector: selector:
app: nxrm app: nxrm
ports: ports:
- name: docker-connector - name: docker-service
protocol: {{ .Values.service.docker.protocol }} protocol: {{ .Values.service.docker.protocol }}
port: {{ .Values.service.docker.port }} port: {{ .Values.service.docker.port }}
targetPort: {{ .Values.service.docker.targetPort }} targetPort: {{ .Values.service.docker.targetPort }}

94
nxrm-aws-resiliency/values.yaml
View File

@ -1,52 +1,64 @@
# Declare variables to be passed into your templates. # Declare variables to be passed into your templates.
namespaces: namespaces:
nexusNs: nexusrepo nexusNs: nexusrepo
cloudwatchNs: amazon-cloudwatch cloudwatchNs: amazon-cloudwatch
externaldnsNs: nexus-externaldns
externaldns:
domainFilter: example.com #your root domain e.g example.com
awsZoneType: private # hosted zone to look at (valid values are public, private or no value for both)
deployment: deployment:
name: nxrm.deployment clusterRegion: us-east-1
clusterName: nxrm-nexus name: nxrm.deployment
logsRegion: us-east-1 clusterName: nxrm-nexus
initContainer: logsRegion: us-east-1
image: fluentBitVersion: 2.28.0
repository: busybox initContainer:
tag: 1.33.1 image:
container: repository: busybox
image: tag: 1.33.1
repository: sonatype/nexus3 container:
tag: 3.41.1 image:
containerPort: 8081 repository: sonatype/nexus3
pullPolicy: IfNotPresent tag: 3.41.1
env: containerPort: 8081
nexusDBName: nexus pullPolicy: IfNotPresent
nexusDBPort: 3306 env:
requestLogContainer: nexusDBName: nexus
image: nexusDBPort: 3306
repository: busybox requestLogContainer:
tag: 1.33.1 image:
auditLogContainer: repository: busybox
image: tag: 1.33.1
repository: busybox auditLogContainer:
tag: 1.33.1 image:
taskLogContainer: repository: busybox
image: tag: 1.33.1
repository: busybox taskLogContainer:
tag: 1.33.1 image:
repository: busybox
tag: 1.33.1
serviceAccount: serviceAccount:
name: nexus-repository-deployment-sa #This SA is created as part of steps under "AWS Secrets Manager" name: nexus-repository-deployment-sa #This SA is created as part of steps under "AWS Secrets Manager"
role: arn:aws:iam::000000000000:role/nxrm-nexus-role #Role with secretsmanager permissions role: arn:aws:iam::000000000000:role/nxrm-nexus-role #Role with secretsmanager permissions
externaldns:
name: external-dns
role: arn:aws:iam::000000000000:role/nexusrepo-external-dns-irsa-role #Role with route53 permissions needed by external-dns
ingress: ingress:
#host: "nexus.ingress.rule.host" #host to apply this ingress rule to. Uncomment this in your values.yaml and set it as you wish #host: "example.com" #host to apply this ingress rule to. Uncomment this in your values.yaml and set it as you wish
annotations: annotations:
kubernetes.io/ingress.class: alb kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internal # scheme alb.ingress.kubernetes.io/scheme: internal # scheme
alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2 #comma separated list of subnet ids alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2 #comma separated list of subnet ids
dockerIngress: #Ingress for Docker Connector alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
#host: "docker.ingress.rule.host" #host to apply this ingress rule to. Uncomment this in your values.yaml and set it as you wish alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444 # The AWS Certificate Manager ARN for your HTTPS certificate
dockerIngress: #Ingress for Docker Connector - comment out if you don't use docker repositories
annotations: annotations:
kubernetes.io/ingress.class: alb kubernetes.io/ingress.class: alb # comment out if you don't use docker repositories
alb.ingress.kubernetes.io/scheme: internal # scheme alb.ingress.kubernetes.io/scheme: internal # scheme comment out if you don't use docker repositories
alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2 #comma separated list of subnet ids alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2 #comma separated list of subnet ids, comment out if you don't use docker repositories
port: 9090 alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' #comment out if you don't use docker repositories
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444 # Comment out if you don't use docker repositories - The AWS Certificate Manager ARN for your HTTPS certificate
external-dns.alpha.kubernetes.io/hostname: dockerrepo1.example.com, dockerrepo2.example.com, dockerrepo3.example.com # Add more docker subdomains using dockerrepoName.example.com othereise comment out if you don't use docker repositories
pv: pv:
storage: 120Gi storage: 120Gi
volumeMode: Filesystem volumeMode: Filesystem
@ -66,11 +78,11 @@ service: #Nexus Repo NodePort Service
protocol: TCP protocol: TCP
port: 80 port: 80
targetPort: 8081 targetPort: 8081
docker: #Nodeport Service for Docker connector docker: #Nodeport Service for Docker Service
type: NodePort type: NodePort
protocol: TCP protocol: TCP
port: 9090 port: 9090
targetPort: 9090 targetPort: 8081
secret: secret:
license: license:
arn: arn:aws:secretsmanager:us-east-1:000000000000:secret:nxrm-nexus-license arn: arn:aws:secretsmanager:us-east-1:000000000000:secret:nxrm-nexus-license