remove allow scripts

Create directory for nexus-data on node (i.e. ec2) startup

nexus-repository-manager/Chart.yaml

@@ -3,10 +3,10 @@ name: nexus-repository-manager
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 44.0.0
+version: 49.0.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: 3.44.0
+appVersion: 3.49.0
 
 description: Sonatype Nexus Repository Manager - Universal Binary repository
 

nexus-repository-manager/values.yaml

@@ -6,7 +6,7 @@ deploymentStrategy: Recreate
 image:
   # Sonatype Official Public Image
   repository: sonatype/nexus3
-  tag: 3.44.0
+  tag: 3.49.0
   pullPolicy: IfNotPresent
 imagePullSecrets:
 # for image registries that require login, specify the name of the existing
@@ -35,7 +35,6 @@ nexus:
   properties:
     override: false
     data:
-      nexus.scripts.allowCreation: true
       # See this article for ldap configuratioon options https://support.sonatype.com/hc/en-us/articles/216597138-Setting-Advanced-LDAP-Connection-Properties-in-Nexus-Repository-Manager
       # nexus.ldap.env.java.naming.security.authentication: simple
   # nodeSelector:

nxrm-aws-resiliency/Chart.yaml

@@ -15,13 +15,13 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 44.0.0
+version: 49.0.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: 3.44.0
+appVersion: 3.49.0
 
 keywords:
   - artifacts

nxrm-aws-resiliency/templates/workdir-configmap.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Values.workdir.configmap.name }}
+  namespace: {{ .Values.namespaces.nexusNs }}
+data:
+   create-nexus-work-dir.sh: |
+    #!/bin/bash
+    # Make Nexus Repository Manager work directory
+    mkdir -p /nexus-repo-mgr-work-dir/work
+

nxrm-aws-resiliency/templates/workdir-daemonset.yaml

@@ -0,0 +1,51 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name:  {{ .Values.workdir.daemonset.name }}
+  namespace: {{ .Values.namespaces.nexusNs }}
+spec:
+  selector:
+    matchLabels:
+      job: dircreator
+  template:
+    metadata:
+      labels:
+        job: dircreator
+    spec:
+      hostPID: true
+      restartPolicy: Always
+      initContainers:
+        # Copy file for creating nexus work directory over and execute it on host 
+        - name: create-nexus-work-dir
+          image: ubuntu:23.04
+          command: [/bin/sh]
+          args:
+            - -c
+            - >-
+              cp /tmp/create-nexus-work-dir.sh /host-dir && 
+              /usr/bin/nsenter -m/proc/1/ns/mnt -- chmod u+x /tmp/install/create-nexus-work-dir.sh && 
+              /usr/bin/nsenter -m/proc/1/ns/mnt /tmp/install/create-nexus-work-dir.sh
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - name: create-nexus-work-dir-script
+              mountPath: /tmp
+            - name: host-mnt
+              mountPath: /host-dir            
+      containers:
+      - name: directory-creator
+        image: busybox:1.33.1
+        command: ["/bin/sh"]
+        args:
+            - -c
+            - >-
+              tail -f /dev/null
+        securityContext:
+          privileged: true 
+      volumes:
+      - name: create-nexus-work-dir-script
+        configMap:
+          name: {{ .Values.workdir.configmap.name }}
+      - name: host-mnt
+        hostPath:
+          path: /tmp/install

nxrm-aws-resiliency/values.yaml

@@ -12,6 +12,7 @@ deployment:
   clusterName: nxrm-nexus
   logsRegion: us-east-1
   fluentBitVersion: 2.28.0
+  replicaCount: 1
   initContainer:
     image:
       repository: busybox
@@ -19,7 +20,7 @@ deployment:
   container:
     image:
       repository: sonatype/nexus3
-      tag: 3.41.1
+      tag: 3.45.1
     containerPort: 8081
     pullPolicy: IfNotPresent
     env:
@@ -48,27 +49,35 @@ ingress:
   #host: "example.com" #host to apply this ingress rule to. Uncomment this in your values.yaml and set it as you wish
   annotations:
     kubernetes.io/ingress.class: alb
+    alb.ingress.kubernetes.io/healthcheck-path: /service/rest/v1/status
     alb.ingress.kubernetes.io/scheme: internal # scheme
     alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2 #comma separated list of subnet ids
-    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
+    #alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' uncomment for https
-    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444  # The AWS Certificate Manager ARN for your HTTPS certificate    
+    #alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444  # Uncomment for https. The AWS Certificate Manager ARN for your HTTPS certificate    
   dockerIngress:  #Ingress for Docker Connector - comment out if you don't use docker repositories
     annotations:
       kubernetes.io/ingress.class: alb # comment out if you don't use docker repositories
       alb.ingress.kubernetes.io/scheme: internal # scheme comment out if you don't use docker repositories
       alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2 #comma separated list of subnet ids, comment out if you don't use docker repositories
-      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' #comment out if you don't use docker repositories
+#      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' #uncomment if you use docker repositories
-      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444  # Comment out if you don't use docker repositories - The AWS Certificate Manager ARN for your HTTPS certificate
+#      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444  #  Uncomment if you use docker repositories - The AWS Certificate Manager ARN for your HTTPS certificate
-      external-dns.alpha.kubernetes.io/hostname: dockerrepo1.example.com, dockerrepo2.example.com, dockerrepo3.example.com # Add more docker subdomains using dockerrepoName.example.com othereise comment out if you don't use docker repositories
+#      external-dns.alpha.kubernetes.io/hostname: dockerrepo1.example.com, dockerrepo2.example.com, dockerrepo3.example.com # Add more docker subdomains using dockerrepoName.example.com othereise comment out if you don't use docker repositories
+workdir:
+  configmap:
+    name: create-nexus-workdir-config
+  daemonset:
+    name: create-nexus-work-dir
+storageClass:
+  iopsPerGB: "10" #Note: aws plugin multiplies this by the size of the requested volumne to compute IOPS of the volumne and caps it a 20, 000 IOPS
 pv:
   storage: 120Gi
   volumeMode: Filesystem
   accessModes: ReadWriteOnce
   reclaimPolicy: Retain
-  path: /mnt
+  path: /nexus-repo-mgr-work-dir/work
   zones:
-    zone1: us-east-1a
+    - us-east-1a
-    zone2: us-east-1b
+    - us-east-1b
 pvc:
   accessModes: ReadWriteOnce
   storage: 100Gi