Compare commits

...

57 Commits

Author SHA1 Message Date
Olu Shiyanbade
96b919241d resolve conflict 2022-08-30 20:04:28 +01:00
Olu Shiyanbade
5410733d72 Update README.md 2022-08-30 20:00:37 +01:00
Sonatype Zion
02c19b39ee Release Update for 41.1.3 2022-08-30 15:16:56 +00:00
Olu Shiyanbade
f351b8e244 Merge pull request #14 from sonatype/NEXUS-34871-configure-external-dns-to-create-docker-sub-domain-records-and-https-listener
NEXUS-34871 - Create A records for docker sub domain and configure HTTPS listener for ALB
2022-08-30 15:49:43 +01:00
Olu Shiyanbade
4902991b0c Add more comments to values.yaml 2022-08-30 15:49:21 +01:00
Olu Shiyanbade
0734d746eb Associate sub domains with docker ingress 2022-08-27 00:59:07 +01:00
Olu Shiyanbade
c7c527174f Associate sub domains with docker ingress 2022-08-27 00:38:36 +01:00
Olu Shiyanbade
595db96ef1 license 2022-08-26 22:07:25 +01:00
Olu Shiyanbade
97dfe39202 parameterise hosted zone 2022-08-26 21:35:49 +01:00
Olu Shiyanbade
10ee4a5efb parameterise hosted zone 2022-08-26 21:33:53 +01:00
Olu Shiyanbade
1e5ce73111 specify examples for docker subdomain and cert manager arn 2022-08-26 21:01:10 +01:00
Olu Shiyanbade
862f179251 Configure external-dns to create docker sub domain rcords and https listener 2022-08-26 20:47:16 +01:00
Olu Shiyanbade
769c3b7f7c revert 2022-08-26 20:44:42 +01:00
Olu Shiyanbade
e3af231002 Configure external-dns to create docker sub domain rcords and https listener 2022-08-26 20:42:13 +01:00
Olu Shiyanbade
a0318927b0 Merge pull request #13 from sonatype/fix-typo
fix numbering
2022-08-26 12:33:05 +01:00
Olu Shiyanbade
702f846cb2 fix numbering 2022-08-26 12:31:05 +01:00
Olu Shiyanbade
53b1ba9fcb Merge pull request #12 from sonatype/NEXUS-34129-Update-Broken-links-and-readme
NEXUS-34129 - Update-Broken-links-and-readme
2022-08-26 12:28:54 +01:00
Olu Shiyanbade
1cddb6982b Update Broken links and readme 2022-08-26 11:48:48 +01:00
Sonatype Zion
cc34987953 Release Update for 41.1.2 2022-08-25 22:04:51 +00:00
Olu Shiyanbade
d6ac3edf71 Merge pull request #11 from sonatype/Don't-specify-a-default-for-host-in-sample-values
dont set default value for host
2022-08-25 23:02:11 +01:00
Olu Shiyanbade
9c80534bd0 dont set default value for host 2022-08-25 23:00:51 +01:00
Sonatype Zion
d90c7f36e8 Release Update for 41.1.1 2022-08-25 21:30:11 +00:00
Olu Shiyanbade
6e1c74c877 Merge pull request #10 from sonatype/fix-license
license should be apache not mit
2022-08-25 22:23:41 +01:00
Olu Shiyanbade
b3785cf228 license should be apache not mit 2022-08-25 22:20:00 +01:00
Sonatype Zion
6dd1b3c662 Release Update for 41.1.0 2022-08-25 19:06:09 +00:00
Sonatype Zion
a40171ae42 Release Update for 41.1.0 2022-08-25 19:00:58 +00:00
Olu Shiyanbade
c55540bcc7 Merge pull request #9 from sonatype/NEXUS-34129-single-jenkins-job-for-resiliency-and-non-resiliency-helm-charts
NEXUS-34129 - Combined Jenkins job to publish AWS resilient and non resilient helm charts
2022-08-25 19:59:57 +01:00
Olu Shiyanbade
5c359b9c2c fix commit message 2022-08-25 19:57:48 +01:00
Sonatype Zion
737c1fdc07 Release Update for null 41.1.0 2022-08-25 18:53:31 +00:00
Olu Shiyanbade
662f32ab62 Use chart version for tag name 2022-08-25 19:52:34 +01:00
Sonatype Zion
694a919144 Release Update for null 41.1.0 2022-08-25 18:47:13 +00:00
Olu Shiyanbade
4f6f86c972 remove chart from tag name 2022-08-25 19:46:01 +01:00
Olu Shiyanbade
073dc3d51d set tag name to both charts 2022-08-25 19:43:22 +01:00
Sonatype Zion
526fb55499 Release Update for null 41.1.0 2022-08-25 18:36:12 +00:00
Olu Shiyanbade
a7feecb463 remove unneeded checks 2022-08-25 19:35:18 +01:00
Sonatype Zion
e5abf26148 Release Update for null 41.1.0 2022-08-25 18:26:16 +00:00
Olu Shiyanbade
6238cb0609 Remove check for chart param 2022-08-25 19:25:11 +01:00
Olu Shiyanbade
80cbc2c1b2 fix license 2022-08-25 19:16:06 +01:00
Olu Shiyanbade
dce7ce20b4 header.txt 2022-08-25 19:08:20 +01:00
Olu Shiyanbade
e1a1b9baed Update license 2022-08-25 19:03:44 +01:00
Olu Shiyanbade
af6729642c Update build notifications call 2022-08-25 18:13:27 +01:00
Olu Shiyanbade
e33e0077b2 Fix file 2022-08-25 18:08:39 +01:00
Olu Shiyanbade
93553957c5 Newline 2022-08-25 17:51:41 +01:00
Olu Shiyanbade
5ee93839e4 git ignore 2022-08-25 17:44:42 +01:00
Olu Shiyanbade
6ec044c09b Removed .DS dir file 2022-08-25 17:42:57 +01:00
Olu Shiyanbade
24ee4fc9ed Address review comments 2022-08-25 17:38:44 +01:00
Olu Shiyanbade
9979f3623f Address review comments 2022-08-25 17:38:44 +01:00
Olu Shiyanbade
b5ef7c6481 Remove sources since nexus-internal is the source but it's a private repo 2022-08-25 17:38:44 +01:00
Olu Shiyanbade
191c271e35 Address review comments 2022-08-25 17:38:44 +01:00
Olu Shiyanbade
f60bc6237d Combined Jenkins job to publish aws resilient and non resilient helm charts 2022-08-25 17:38:44 +01:00
Olu Shiyanbade
4c6584ed83 Merge pull request #8 from sonatype/NEXUS-34871-Make-Ingress-Host-Configurable
NEXUS-34871 - Make ingress host configurable
2022-08-24 21:31:33 +01:00
Olu Shiyanbade
5c5e88f8f1 Make ingress host configurable 2022-08-24 12:13:04 +01:00
Olu Shiyanbade
3ddd0ba925 Make ingress host configurable 2022-08-24 12:08:28 +01:00
Dawid Sawa
9e7106f9d1 Fix links in README 2022-08-23 13:43:07 +01:00
Oleksii Rudyk
a6a8a3c60f Merge pull request #5 from sonatype/NEXUS-34843_update_the_AWS_resiliency_helm_chart_version 2022-08-22 19:44:13 +03:00
Brzozova
9fd454a8dd Fixing paths to proper destination in main README
Old paths lead to 404. Paths have been updated to proper ones.
2022-08-22 17:21:45 +02:00
Lisa Durant
f3c87e8d32 NEXUS-34212 - Update README
Update README with info about adding annotations and labels
2022-07-29 12:05:29 -04:00
62 changed files with 542 additions and 226 deletions

6
.gitignore vendored Normal file
View File

@@ -0,0 +1,6 @@
.vs/**
.idea/**
**/test-output.xml
.DS_Store

View File

@@ -1,17 +1,20 @@
#
# Copyright (c) 2019-present Sonatype, Inc. All rights reserved.
# Includes the third-party code listed at http://links.sonatype.com/products/clm/attributions.
# "Sonatype" is a trademark of Sonatype, Inc.
# Sonatype Nexus (TM) Open Source Version
# Copyright (c) 2008-present Sonatype, Inc.
# All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
#
# This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
# which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
#
# Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
# of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
# Eclipse Foundation. All other trademarks are the property of their respective owners.
#
# FROM docker-all.repo.sonatype.com/alpine:latest
# LABEL maintainer="operations-group@sontype.com"
FROM docker-all.repo.sonatype.com/alpine/helm:3.9.3
# RUN apk update
RUN apk update && apk upgrade && \
apk add --no-cache bash git openssh
# WORKDIR /app
# COPY ./src ./
RUN mkdir /.local /.cache && chmod 777 /.local /.cache
# EXPOSE 8080
# CMD ["./runit"]

31
Jenkinsfile vendored Normal file
View File

@@ -0,0 +1,31 @@
/*
* Sonatype Nexus (TM) Open Source Version
* Copyright (c) 2008-present Sonatype, Inc.
* All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
*
* This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
* which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
*
* Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
* of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
* Eclipse Foundation. All other trademarks are the property of their respective owners.
*/
@Library(['private-pipeline-library', 'jenkins-shared', 'nxrm-jenkins-shared']) _
dockerizedBuildPipeline(
prepare: {
githubStatusUpdate('pending')
},
buildAndTest: {
sh './build.sh'
},
skipVulnerabilityScan: true,
archiveArtifacts: 'docs/*',
testResults: ['**/test-output.xml'],
onSuccess: {
nxrmBuildNotifications(currentBuild, env)
},
onFailure: {
nxrmBuildNotifications(currentBuild, env)
}
)

106
Jenkinsfile-Release Normal file
View File

@@ -0,0 +1,106 @@
/*
* Copyright (c) 2020-present Sonatype, Inc. All rights reserved.
*
* This program is licensed to you under the Apache License Version 2.0,
* and you may not use this file except in compliance with the Apache License Version 2.0.
* You may obtain a copy of the Apache License Version 2.0 at http://www.apache.org/licenses/LICENSE-2.0.
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the Apache License Version 2.0 is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Apache License Version 2.0 for the specific language governing permissions and limitations there under.
*/
@Library(['private-pipeline-library', 'jenkins-shared', 'nxrm-jenkins-shared']) _
final jira = [
versionPrefix: '', project: 'NEXUS', projectId: '12410',
credentialId : 'jenkins-jira', autoRelease: true, failOnError: true
]
final jiraVersionMappings = [
'nexus-repository-manager': 'helm-nxrm',
'nxrm-aws-resiliency': 'helm-nxrm-aws-resiliency'
]
final chartLocation = [
'nexus-repository-manager': 'nexus-repository-manager',
'nxrm-aws-resiliency': 'nxrm-aws-resiliency'
]
properties([
parameters([
string(
name: 'appVersion',
description: 'Version of the application image, like "3.41.0"',
),
string(
name: 'chartVersion',
description: '(Optional) Version of the Chart, like "41.0.0". If omitted, it will be calculated from the appVersion.',
),
])
])
final chartVersion = calculateChartVersion(params.chartVersion, params.appVersion)
dockerizedBuildPipeline(
prepare: {
if (! params.appVersion) {
error('The appVersion is required.')
}
githubStatusUpdate('pending')
},
buildAndTest: {
sonatypeZionGitConfig()
runSafely "git checkout ${gitBranch(env)}"
runSafely "./upgrade.sh ./nexus-repository-manager ${chartVersion} ${params.appVersion}"
runSafely "./upgrade.sh ./nxrm-aws-resiliency ${chartVersion} ${params.appVersion}"
runSafely './build.sh'
runSafely 'git add nxrm-aws-resiliency nexus-repository-manager'
},
skipVulnerabilityScan: true,
archiveArtifacts: 'docs/*',
testResults: [],
deployCondition: { true },
deploy: {
runSafely 'git add docs'
runSafely "git commit -m 'Release Update for ${chartVersion}'"
sshagent(credentials: [sonatypeZionCredentialsId()]) {
runSafely 'git push'
}
},
postDeploy: {
// Create tags
String tagName = "${chartVersion}"
runSafely "git tag -a ${tagName} -m 'Release Update: ${chartVersion}'"
sshagent(credentials: [sonatypeZionCredentialsId()]) {
runSafely "git push origin ${tagName}"
}
},
onSuccess: {
nxrmBuildNotifications(currentBuild, env)
},
onFailure: {
nxrmBuildNotifications(currentBuild, env)
}
)
String calculateChartVersion(final String chartVersion, final String appVersion) {
if (chartVersion) {
return chartVersion
}
if (! appVersion) {
error 'Failed to calculate chartVersion with no appVersion.'
}
final versionParts = parseVersionString(appVersion)
final chartMajor = versionParts[1]
final chartMinor = versionParts[2]
if (! chartMajor || ! chartMinor) {
error "Failed to calculate chartVersion from appVersion: ${appVersion}"
}
return [chartMajor, chartMinor, '0'].join('.')
}

28
LICENSE
View File

@@ -1,21 +1,13 @@
MIT License
Copyright (c) 2020-present Sonatype, Inc.
Copyright (c) 2020 Sonatype
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
http://www.apache.org/licenses/LICENSE-2.0
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

View File

@@ -1,65 +0,0 @@
<!--
Copyright (c) 2019-present Sonatype, Inc. All rights reserved.
Includes the third-party code listed at http://links.sonatype.com/products/clm/attributions.
"Sonatype" is a trademark of Sonatype, Inc.
-->
## Overview
Overview of the service: what is it, why do we have it, who are the primary
contacts, how to report bugs, links to design docs and other relevant
information.
### Public Facing Endpoints
The URLs (or IPs) and ports used by the service and what they are used for
(ALB? SSH? FTP?) and notes about any certificates and their location.
## Monitoring
Monitoring dashboards / logging / introspection & obseverbility info.
### Runbooks
A list of every alert your monitoring system may generate for this service and
a step-by-step "what do to when..." for each of them.
### SLO
Service Level Objectives in a succinct format: a target value or range of
values for a service level that is measured by an SLI. A natural structure for
SLOs is thus SLI ≤ target, or lower bound ≤ SLI ≤ upper bound. For example, we
might decide that we will return Shakespeare search results "quickly," adopting
an SLO that our average search request latency should be less than 100
milliseconds.
For more detailed information, please check out the Service Level Objectives
doc. If you're still unsure of what your SLOs should be, please reach out to
the SREs at #ops-sre-chat.
Optionally but recommended, have a section of monitoring and dashboards for SLO
tracking (see the auth-service OpsDoc for examples of dashboards).
## Build
How to build the software that makes the service. Where to download it from,
where the source code repository is, steps for building and making a package or
other distribution mechanisms. If it is software that you modify in any way
(open source project you contribute to or a local project) include instructions
for how a new developer gets started. Ideally the end result is a package that
can be copied to other machines for installation.
## Deploy
How to deploy the service. How to build something from scratch: RAM/disk
requirements, OS version and configuration, what packages to install, and so
on. If this is automated with a configuration management tool like ansible/etc,
then say so.
## Common Tasks
Step-by-step instructions for common things like provisioning
(add/change/delete), common problems and their solutions, and so on.
## DR
Where are backups of data stored? What are disaster / data recovery
procedures?

View File

@@ -1,13 +1,28 @@
<!--
Sonatype Nexus (TM) Open Source Version
Copyright (c) 2008-present Sonatype, Inc.
All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
Eclipse Foundation. All other trademarks are the property of their respective owners.
-->
## Helm Charts for Sonatype Nexus Repository Manager 3
We provide Helm charts for two different deployment scenarios:
See the [AWS Single-Instance Resiliency Chart](./https://github.com/sonatype/nxrm3-helm-repository/tree/main/aws-single-instance-resiliency) if you are doing the following:
See the [AWS Single-Instance Resiliency Chart](https://github.com/sonatype/nxrm3-helm-repository/tree/main/nxrm-aws-resiliency) if you are doing the following:
* Deploying Nexus Repository Pro to an AWS cloud environment with the desire for automatic failover across Availability Zones (AZs) within a single region
* Planning to configure a single Nexus Repository Pro instance within your Kubernetes/EKS cluster with two or more nodes spread across different AZs within an AWS region
* Using an external PostgreSQL database (required)
See the [Single-Instance OSS/Pro Kubernetes Chart](./https://github.com/sonatype/nxrm3-helm-repository/tree/main/single-inst-oss-pro-kubernetes) if you are doing the following:
See the [Single-Instance OSS/Pro Kubernetes Chart](https://github.com/sonatype/nxrm3-helm-repository/tree/main/nexus-repository-manager) if you are doing the following:
* Using embedded OrientDB (required)
* Deploying either Nexus Repository Pro or OSS to an on-premises environment with bare metal/VM server (Node)
* Deploying a single Nexus Repository instance within a Kubernetes cluster that has a single Node configured

View File

@@ -1,11 +1,17 @@
<!--
Copyright (c) 2019-present Sonatype, Inc. All rights reserved.
Includes the third-party code listed at http://links.sonatype.com/products/clm/attributions.
"Sonatype" is a trademark of Sonatype, Inc.
Sonatype Nexus (TM) Open Source Version
Copyright (c) 2008-present Sonatype, Inc.
All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
Eclipse Foundation. All other trademarks are the property of their respective owners.
-->
# Reporting Security Vulnerabilities
## When to report

View File

@@ -1,21 +0,0 @@
MIT License
Copyright (c) 2020 Sonatype
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

View File

@@ -1,7 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.serviceAccount.name }}
namespace: {{ .Values.namespaces.nexusNs }}
annotations:
eks.amazonaws.com/role-arn: {{ .Values.serviceAccount.role }}

View File

@@ -1,79 +0,0 @@
# Declare variables to be passed into your templates.
namespaces:
nexusNs: nexusrepo
cloudwatchNs: amazon-cloudwatch
deployment:
name: nxrm.deployment
clusterName: nxrm-nexus
logsRegion: us-east-1
initContainer:
image:
repository: busybox
tag: 1.33.1
container:
image:
repository: sonatype/nexus3
tag: 3.41.1
containerPort: 8081
pullPolicy: IfNotPresent
env:
nexusDBName: nexus
nexusDBPort: 3306
requestLogContainer:
image:
repository: busybox
tag: 1.33.1
auditLogContainer:
image:
repository: busybox
tag: 1.33.1
taskLogContainer:
image:
repository: busybox
tag: 1.33.1
serviceAccount:
name: nexus-repository-deployment-sa #This SA is created as part of steps under "AWS Secrets Manager"
role: arn:aws:iam::000000000000:role/nxrm-nexus-role #Role with secretsmanager permissions
ingress:
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internal # scheme
alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2 #comma separated list of subnet ids
dockerIngress: #Ingress for Docker Connector
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internal # scheme
alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2 #comma separated list of subnet ids
port: 9090
pv:
storage: 120Gi
volumeMode: Filesystem
accessModes: ReadWriteOnce
reclaimPolicy: Retain
path: /mnt
zones:
zone1: us-east-1a
zone2: us-east-1b
pvc:
accessModes: ReadWriteOnce
storage: 100Gi
service: #Nexus Repo NodePort Service
nexus:
type: NodePort
protocol: TCP
port: 80
targetPort: 8081
docker: #Nodeport Service for Docker connector
type: NodePort
protocol: TCP
port: 9090
targetPort: 9090
secret:
license:
arn: arn:aws:secretsmanager:us-east-1:000000000000:secret:nxrm-nexus-license
alias: nxrm-license.lic
rds:
arn: arn:aws:secretsmanager:us-east-1:000000000000:secret:nxrmrds-cred-nexus
adminpassword:
arn: arn:aws:secretsmanager:us-east-1:000000000000:secret:admin-nxrm-password

29
build.sh Executable file
View File

@@ -0,0 +1,29 @@
#!/bin/sh
#
# Sonatype Nexus (TM) Open Source Version
# Copyright (c) 2008-present Sonatype, Inc.
# All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
#
# This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
# which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
#
# Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
# of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
# Eclipse Foundation. All other trademarks are the property of their respective owners.
#
helm plugin install https://github.com/quintush/helm-unittest
set -e
# lint yaml of charts
helm lint ./nxrm-aws-resiliency
helm lint ./nexus-repository-manager
# unit test
(cd ./nxrm-aws-resiliency; helm unittest -3 -t junit -o test-output.xml .)
(cd ./nexus-repository-manager; helm unittest -3 -t junit -o test-output.xml .)
# package the charts into tgz archives
helm package ./nxrm-aws-resiliency --destination docs
helm package ./nexus-repository-manager --destination docs

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@@ -1,3 +1,10 @@
Copyright (c) 2019-present Sonatype, Inc. All rights reserved.
Includes the third-party code listed at http://links.sonatype.com/products/clm/attributions.
"Sonatype" is a trademark of Sonatype, Inc.
Sonatype Nexus (TM) Open Source Version
Copyright (c) 2008-present Sonatype, Inc.
All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
Eclipse Foundation. All other trademarks are the property of their respective owners.

View File

@@ -3,10 +3,10 @@ name: nexus-repository-manager
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
version: 38.1.0
version: 41.1.3
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application.
appVersion: 3.38.1
appVersion: 3.41.1
description: Sonatype Nexus Repository Manager - Universal Binary repository

View File

@@ -1,3 +1,18 @@
<!--
Sonatype Nexus (TM) Open Source Version
Copyright (c) 2008-present Sonatype, Inc.
All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
Eclipse Foundation. All other trademarks are the property of their respective owners.
-->
# Nexus Repository
[Nexus Repository OSS](https://www.sonatype.com/nexus-repository-oss) provides universal support for all major build tools.

View File

@@ -7,7 +7,7 @@ deploymentStrategy: Recreate
image:
# Sonatype Official Public Image
repository: sonatype/nexus3
tag: 3.38.1
tag: 3.41.1
pullPolicy: IfNotPresent
nexus:

View File

@@ -1,6 +1,6 @@
apiVersion: v2
name: nxrm-aws-resiliency
description: Helm chart for a Resilient Nexus Repository deployment in AWS
description: Resilient AWS Deployment of Sonatype Nexus Repository Manager - Universal Binary repository
# A chart can be either an 'application' or a 'library' chart.
#
@@ -15,10 +15,27 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 41.1.0
version: 41.1.3
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "3.41.1"
appVersion: 3.41.1
keywords:
- artifacts
- dependency
- management
- sonatype
- nexus
- repository
- quickstart
- ci
- repository-manager
- nexus3
home: https://www.sonatype.com/nexus-repository-oss
icon: https://sonatype.github.io/helm3-charts/NexusRepo_Vertical.svg
maintainers:
- name: Sonatype

View File

@@ -0,0 +1,13 @@
Copyright (c) 2020-present Sonatype, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

View File

@@ -1,3 +1,18 @@
<!--
Sonatype Nexus (TM) Open Source Version
Copyright (c) 2008-present Sonatype, Inc.
All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
Eclipse Foundation. All other trademarks are the property of their respective owners.
-->
# Helm Chart for a Resilient Nexus Repository Deployment in AWS
This Helm chart configures the Kubernetes resources that are needed for a resilient Nexus Repository deployment on AWS as described in our documented [single-node cloud resilient deployment example using AWS](https://help.sonatype.com/repomanager3/planning-your-implementation/resiliency-and-high-availability/single-node-cloud-resilient-deployment-example-using-aws).
@@ -48,13 +63,17 @@ You will also need to complete the steps below. See the referenced AWS documenta
---
## Deployment
1. Pull the [nxrm-resiliency-aws-helmchart](https://github.com/sonatype/nxrm3-helm-repository/blob/main/aws-single-instance-resiliency/Chart.yaml).
1. Add the sonatype repo to your helm:
```helm repo add sonatype https://sonatype.github.io/helm3-charts/ ```
2. Ensure you have updated your values.yaml with appropriate values for your environment.
- Note that you can specify Ingress annotations via the values.yaml.
- If you wish to add [Labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/), you can do so via kubectl. See the [kubectl Cheat Sheet](https://kubernetes.io/docs/reference/kubectl/cheatsheet/) for specific commands.
3. Install the chart using the following:
```helm install nxrm nexus/nxrm-aws-resiliency --values values.yaml```
```helm install nxrm sonatype/nxrm-aws-resiliency -f values.yaml```
3. Get the Nexus Repository link using the following:
4. Get the Nexus Repository link using the following:
```kubectl get ingresses -n nexusrepo```

View File

@@ -0,0 +1,66 @@
# comment out sa if it was previously created
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: external-dns
namespace: {{ .Values.namespaces.externaldnsNs }}
labels:
app.kubernetes.io/name: external-dns
rules:
- apiGroups: [""]
resources: ["services","endpoints","pods","nodes"]
verbs: ["get","watch","list"]
- apiGroups: ["extensions","networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get","watch","list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: external-dns-viewer
namespace: {{ .Values.namespaces.externaldnsNs }}
labels:
app.kubernetes.io/name: external-dns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: external-dns
subjects:
- kind: ServiceAccount
name: {{ .Values.serviceAccount.externaldns.name }}
namespace: {{ .Values.namespaces.externaldnsNs }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: external-dns
namespace: {{ .Values.namespaces.externaldnsNs }}
labels:
app.kubernetes.io/name: external-dns
spec:
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: external-dns
template:
metadata:
labels:
app.kubernetes.io/name: external-dns
spec:
serviceAccountName: external-dns
containers:
- name: external-dns
image: k8s.gcr.io/external-dns/external-dns:v0.11.0
args:
- --source=service
- --source=ingress
- --domain-filter={{ .Values.externaldns.domainFilter }} # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
- --provider=aws
- --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
- --aws-zone-type={{ .Values.externaldns.awsZoneType }} # only look at public hosted zones (valid values are public, private or no value for both)
- --registry=txt
- --txt-owner-id=external-dns
env:
- name: AWS_DEFAULT_REGION
value: {{ .Values.deployment.clusterRegion }}

View File

@@ -77,7 +77,7 @@ data:
[INPUT]
Name tail
Tag nexus.nexus-log
Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment-*-*_{{ .Values.namespaces.nexusNs }}_nxrm-app-*.log
Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment*{{ .Values.namespaces.nexusNs }}_nxrm-app-*.log
Parser docker
DB /var/fluent-bit/state/flb_container.db
Mem_Buf_Limit 5MB
@@ -112,7 +112,7 @@ data:
[INPUT]
Name tail
Tag nexus.request-log
Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment-*-*_{{ .Values.namespaces.nexusNs }}_request-log-*.log
Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment*{{ .Values.namespaces.nexusNs }}_request-log-*.log
Parser docker
DB /var/fluent-bit/state/flb_container.db
Mem_Buf_Limit 5MB
@@ -147,7 +147,7 @@ data:
[INPUT]
Name tail
Tag nexus.audit-log
Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment-*-*_{{ .Values.namespaces.nexusNs }}_audit-log-*.log
Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment*{{ .Values.namespaces.nexusNs }}_audit-log-*.log
Parser docker
DB /var/fluent-bit/state/flb_container.db
Mem_Buf_Limit 5MB
@@ -182,7 +182,7 @@ data:
[INPUT]
Name tail
Tag nexus.tasks-log
Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment-*-*_{{ .Values.namespaces.nexusNs }}_tasks-log-*.log
Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment*{{ .Values.namespaces.nexusNs }}_tasks-log-*.log
Parser docker
DB /var/fluent-bit/state/flb_container.db
Mem_Buf_Limit 5MB
@@ -263,7 +263,7 @@ spec:
spec:
containers:
- name: fluent-bit
image: amazon/aws-for-fluent-bit:2.10.0
image: amazon/aws-for-fluent-bit:{{ .Values.deployment.fluentBitVersion }}
imagePullPolicy: Always
env:
- name: AWS_REGION

View File

@@ -9,7 +9,12 @@ metadata:
{{- end }}
spec:
rules:
{{- if .Values.ingress.host }}
- host: {{ .Values.ingress.host }}
http:
{{- else }}
- http:
{{- end }}
paths:
- path: /
pathType: Prefix
@@ -30,7 +35,12 @@ metadata:
{{- end }}
spec:
rules:
{{- if .Values.ingress.dockerIngress.host }}
- host: {{ .Values.ingress.dockerIngress.host }}
http:
{{- else}}
- http:
{{- end }}
paths:
- path: /
pathType: Prefix
@@ -38,4 +48,4 @@ spec:
service:
name: {{ .Chart.Name }}-docker-service
port:
number: {{ .Values.ingress.dockerIngress.port }}
number: {{ .Values.service.docker.port }}

View File

@@ -8,3 +8,8 @@ kind: Namespace
metadata:
name: {{ .Values.namespaces.cloudwatchNs }}
---
apiVersion: v1
kind: Namespace
metadata:
name: {{ .Values.namespaces.externaldnsNs }}
---

View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.serviceAccount.name }}
namespace: {{ .Values.namespaces.nexusNs }}
annotations:
eks.amazonaws.com/role-arn: {{ .Values.serviceAccount.role }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.serviceAccount.externaldns.name }}
namespace: {{ .Values.namespaces.externaldnsNs }}
annotations:
eks.amazonaws.com/role-arn: {{ .Values.serviceAccount.externaldns.role }}
---

View File

@@ -26,7 +26,7 @@ spec:
selector:
app: nxrm
ports:
- name: docker-connector
- name: docker-service
protocol: {{ .Values.service.docker.protocol }}
port: {{ .Values.service.docker.port }}
targetPort: {{ .Values.service.docker.targetPort }}

View File

@@ -0,0 +1,93 @@
# Declare variables to be passed into your templates.
namespaces:
nexusNs: nexusrepo
cloudwatchNs: amazon-cloudwatch
externaldnsNs: nexus-externaldns
externaldns:
domainFilter: example.com #your root domain e.g example.com
awsZoneType: private # hosted zone to look at (valid values are public, private or no value for both)
deployment:
clusterRegion: us-east-1
name: nxrm.deployment
clusterName: nxrm-nexus
logsRegion: us-east-1
fluentBitVersion: 2.28.0
initContainer:
image:
repository: busybox
tag: 1.33.1
container:
image:
repository: sonatype/nexus3
tag: 3.41.1
containerPort: 8081
pullPolicy: IfNotPresent
env:
nexusDBName: nexus
nexusDBPort: 3306
requestLogContainer:
image:
repository: busybox
tag: 1.33.1
auditLogContainer:
image:
repository: busybox
tag: 1.33.1
taskLogContainer:
image:
repository: busybox
tag: 1.33.1
serviceAccount:
name: nexus-repository-deployment-sa #This SA is created as part of steps under "AWS Secrets Manager"
role: arn:aws:iam::000000000000:role/nxrm-nexus-role #Role with secretsmanager permissions
externaldns:
name: external-dns
role: arn:aws:iam::000000000000:role/nexusrepo-external-dns-irsa-role #Role with route53 permissions needed by external-dns
ingress:
#host: "example.com" #host to apply this ingress rule to. Uncomment this in your values.yaml and set it as you wish
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internal # scheme
alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2 #comma separated list of subnet ids
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444 # The AWS Certificate Manager ARN for your HTTPS certificate
dockerIngress: #Ingress for Docker Connector - comment out if you don't use docker repositories
annotations:
kubernetes.io/ingress.class: alb # comment out if you don't use docker repositories
alb.ingress.kubernetes.io/scheme: internal # scheme comment out if you don't use docker repositories
alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2 #comma separated list of subnet ids, comment out if you don't use docker repositories
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' #comment out if you don't use docker repositories
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444 # Comment out if you don't use docker repositories - The AWS Certificate Manager ARN for your HTTPS certificate
external-dns.alpha.kubernetes.io/hostname: dockerrepo1.example.com, dockerrepo2.example.com, dockerrepo3.example.com # Add more docker subdomains using dockerrepoName.example.com othereise comment out if you don't use docker repositories
pv:
storage: 120Gi
volumeMode: Filesystem
accessModes: ReadWriteOnce
reclaimPolicy: Retain
path: /mnt
zones:
zone1: us-east-1a
zone2: us-east-1b
pvc:
accessModes: ReadWriteOnce
storage: 100Gi
service: #Nexus Repo NodePort Service
nexus:
type: NodePort
protocol: TCP
port: 80
targetPort: 8081
docker: #Nodeport Service for Docker Service
type: NodePort
protocol: TCP
port: 9090
targetPort: 8081
secret:
license:
arn: arn:aws:secretsmanager:us-east-1:000000000000:secret:nxrm-nexus-license
alias: nxrm-license.lic
rds:
arn: arn:aws:secretsmanager:us-east-1:000000000000:secret:nxrmrds-cred-nexus
adminpassword:
arn: arn:aws:secretsmanager:us-east-1:000000000000:secret:admin-nxrm-password

Binary file not shown.

39
upgrade.sh Executable file
View File

@@ -0,0 +1,39 @@
#!/bin/sh
#
# Sonatype Nexus (TM) Open Source Version
# Copyright (c) 2008-present Sonatype, Inc.
# All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
#
# This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
# which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
#
# Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
# of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
# Eclipse Foundation. All other trademarks are the property of their respective owners.
#
if [ $# != 3 ]; then
echo "Usage: $0 <dir> <chart-version> <app-version>"
exit 1
fi
DIR="$1"
CHART_VERSION="$2"
APP_VERSION="$3"
OUTPUT_FILE=$(mktemp)
cat "$DIR/Chart.yaml" \
| sed -E "s/version: .+/version: $CHART_VERSION/" \
| sed -E "s/appVersion: .+/appVersion: $APP_VERSION/" \
> "$OUTPUT_FILE"
mv "$OUTPUT_FILE" "$DIR/Chart.yaml"
cat "$DIR/values.yaml" \
| sed -E "s/^ tag: .+$/ tag: $APP_VERSION/" \
> "$OUTPUT_FILE"
mv "$OUTPUT_FILE" "$DIR/values.yaml"
git diff "$DIR"