update readme

NEXUS-40550 - Deprecate and redirect to nxrm ha helm chart

.gitignore

@@ -0,0 +1,6 @@
+.vs/**
+.idea/**
+
+**/test-output.xml
+
+.DS_Store

Dockerfile

@@ -1,17 +1,20 @@
 #
-# Copyright (c) 2019-present Sonatype, Inc. All rights reserved.
-# Includes the third-party code listed at http://links.sonatype.com/products/clm/attributions.
-# "Sonatype" is a trademark of Sonatype, Inc.
+# Sonatype Nexus (TM) Open Source Version
+# Copyright (c) 2008-present Sonatype, Inc.
+# All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
+#
+# This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
+# which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
+#
+# Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
+# of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
+# Eclipse Foundation. All other trademarks are the property of their respective owners.
 #
 
-# FROM docker-all.repo.sonatype.com/alpine:latest
-# LABEL maintainer="operations-group@sontype.com"
+FROM docker-all.repo.sonatype.com/alpine/helm:3.10.1
 
-# RUN apk update
+RUN apk update && apk upgrade && \
+    apk add --no-cache bash git openssh
 
-# WORKDIR /app
-# COPY ./src ./
+RUN mkdir /.local /.cache && chmod 777 /.local /.cache
 
-# EXPOSE 8080
-
-# CMD ["./runit"]

Jenkinsfile

@@ -0,0 +1,31 @@
+/*
+ * Sonatype Nexus (TM) Open Source Version
+ * Copyright (c) 2008-present Sonatype, Inc.
+ * All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
+ *
+ * This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
+ * which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
+ *
+ * Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
+ * of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
+ * Eclipse Foundation. All other trademarks are the property of their respective owners.
+ */
+@Library(['private-pipeline-library', 'jenkins-shared', 'nxrm-jenkins-shared']) _
+
+dockerizedBuildPipeline(
+  prepare: {
+    githubStatusUpdate('pending')
+  },
+  buildAndTest: {
+    sh './build.sh'
+  },
+  skipVulnerabilityScan: true,
+  archiveArtifacts: 'docs/*',
+  testResults: ['**/test-output.xml'],
+  onSuccess: {
+    nxrmBuildNotifications(currentBuild, env)
+  },
+  onFailure: {
+    nxrmBuildNotifications(currentBuild, env)
+  }
+)

Jenkinsfile-Release

@@ -0,0 +1,97 @@
+/*
+ * Copyright (c) 2020-present Sonatype, Inc. All rights reserved.
+ *
+ * This program is licensed to you under the Apache License Version 2.0,
+ * and you may not use this file except in compliance with the Apache License Version 2.0.
+ * You may obtain a copy of the Apache License Version 2.0 at http://www.apache.org/licenses/LICENSE-2.0.
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the Apache License Version 2.0 is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Apache License Version 2.0 for the specific language governing permissions and limitations there under.
+ */
+@Library(['private-pipeline-library', 'jenkins-shared', 'nxrm-jenkins-shared']) _
+
+final jira = [
+    versionPrefix: '', project: 'NEXUS', projectId: '12410',
+    credentialId : 'jenkins-jira', autoRelease: true, failOnError: true
+]
+
+properties([
+  parameters([
+    string(
+      name: 'appVersion',
+      description: 'Version of the application image, like "3.41.0"',
+    ),
+    string(
+      name: 'chartVersion',
+      description: '(Optional) Version of the Chart, like "41.0.0". If omitted, it will be calculated from the appVersion.',
+    ),
+  ])
+])
+
+final chartVersion = calculateChartVersion(params.chartVersion, params.appVersion)
+
+dockerizedBuildPipeline(
+  prepare: {
+    if (! params.appVersion) {
+      error('The appVersion is required.')
+    }
+    githubStatusUpdate('pending')
+  },
+  buildAndTest: {
+    sonatypeZionGitConfig()
+    runSafely "git checkout ${gitBranch(env)}"
+    runSafely "./upgrade.sh ./nexus-repository-manager ${chartVersion} ${params.appVersion}"
+    runSafely "./upgrade.sh ./nxrm-aws-resiliency ${chartVersion} ${params.appVersion}"
+    runSafely './build.sh'
+    runSafely 'git add nxrm-aws-resiliency'
+    runSafely 'git add nexus-repository-manager'
+  },
+  skipVulnerabilityScan: true,
+  archiveArtifacts: 'docs/*',
+  testResults: [],
+  deployCondition: { true },
+  deploy: {
+    runSafely 'git add docs'
+    runSafely "git commit -m 'Release Update for ${chartVersion}'"
+
+    sshagent(credentials: [sonatypeZionCredentialsId()]) {
+      runSafely 'git push'
+    }
+  },
+  postDeploy: {
+    // Create tags
+    String tagName = "${chartVersion}"
+    runSafely "git tag -a ${tagName} -m 'Release Update: ${chartVersion}'"
+    sshagent(credentials: [sonatypeZionCredentialsId()]) {
+      runSafely "git push origin ${tagName}"
+    }
+  },
+  onSuccess: {
+    nxrmBuildNotifications(currentBuild, env)
+  },
+  onFailure: {
+    nxrmBuildNotifications(currentBuild, env)
+  }
+)
+
+String calculateChartVersion(final String chartVersion, final String appVersion) {
+  if (chartVersion) {
+    return chartVersion
+  }
+
+  if (! appVersion) {
+    error 'Failed to calculate chartVersion with no appVersion.'
+  }
+
+  final versionParts = parseVersionString(appVersion)
+  final chartMajor = versionParts[1]
+  final chartMinor = versionParts[2]
+
+  if (! chartMajor || ! chartMinor) {
+    error "Failed to calculate chartVersion from appVersion: ${appVersion}"
+  }
+
+  return [chartMajor, chartMinor, '0'].join('.')
+}

LICENSE

@@ -1,21 +1,13 @@
-MIT License
+Copyright (c) 2020-present Sonatype, Inc.
 
-Copyright (c) 2020 Sonatype
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
 
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
+    http://www.apache.org/licenses/LICENSE-2.0
 
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

OPSDOC.md

@@ -1,65 +0,0 @@
-<!--
-Copyright (c) 2019-present Sonatype, Inc. All rights reserved.
-Includes the third-party code listed at http://links.sonatype.com/products/clm/attributions.
-"Sonatype" is a trademark of Sonatype, Inc.
--->
-
-## Overview
-Overview of the service: what is it, why do we have it, who are the primary
-contacts, how to report bugs, links to design docs and other relevant
-information.
-
-### Public Facing Endpoints
-The URLs (or IPs) and ports used by the service and what they are used for
-(ALB? SSH? FTP?) and notes about any certificates and their location.
-
-## Monitoring
-
-Monitoring dashboards / logging / introspection & obseverbility info.
-
-### Runbooks
-
-A list of every alert your monitoring system may generate for this service and
-a step-by-step "what do to when..." for each of them.
-
-###  SLO
-Service Level Objectives in a succinct format: a target value or range of
-values for a service level that is measured by an SLI. A natural structure for
-SLOs is thus SLI ≤ target, or lower bound ≤ SLI ≤ upper bound. For example, we
-might decide that we will return Shakespeare search results "quickly," adopting
-an SLO that our average search request latency should be less than 100
-milliseconds.
-
-For more detailed information, please check out the Service Level Objectives
-doc. If you're still unsure of what your SLOs should be, please reach out to
-the SREs at #ops-sre-chat. 
-
-Optionally but recommended, have a section of monitoring and dashboards for SLO
-tracking (see the auth-service OpsDoc for examples of dashboards).
-
-## Build
-
-How to build the software that makes the service. Where to download it from,
-where the source code repository is, steps for building and making a package or
-other distribution mechanisms. If it is software that you modify in any way
-(open source project you contribute to or a local project) include instructions
-for how a new developer gets started. Ideally the end result is a package that
-can be copied to other machines for installation.
-
-## Deploy
-
-How to deploy the service. How to build something from scratch: RAM/disk
-requirements, OS version and configuration, what packages to install, and so
-on. If this is automated with a configuration management tool like ansible/etc,
-then say so.
-
-## Common Tasks
-
-Step-by-step instructions for common things like provisioning
-(add/change/delete), common problems and their solutions, and so on.
-
-## DR
-Where are backups of data stored?  What are disaster / data recovery
-procedures?
-
-

README.md

@@ -1,13 +1,23 @@
+<!--
+
+    Sonatype Nexus (TM) Open Source Version
+    Copyright (c) 2008-present Sonatype, Inc.
+    All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
+
+    This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
+    which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
+
+    Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
+    of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
+    Eclipse Foundation. All other trademarks are the property of their respective owners.
+
+-->
+# ⚠️ Archive Notice
+
+As of October 24, 2023, we will no longer update or support the [Single-Instance OSS/Pro Helm Chart](https://github.com/sonatype/nxrm3-helm-repository/tree/main/nexus-repository-manager). 
+
+Deploying Nexus Repository in containers with an embedded database has been known to corrupt the database under some circumstances. We strongly recommend that you use an external PostgreSQL database for Kubernetes deployments. 
+
 ## Helm Charts for Sonatype Nexus Repository Manager 3
 
-We provide Helm charts for two different deployment scenarios:
-
-See the [AWS Single-Instance Resiliency Chart](./https://github.com/sonatype/nxrm3-helm-repository/tree/main/aws-single-instance-resiliency) if you are doing the following:
-* Deploying Nexus Repository Pro to an AWS cloud environment with the desire for automatic failover across Availability Zones (AZs) within a single region
-* Planning to configure a single Nexus Repository Pro instance within your Kubernetes/EKS cluster with two or more nodes spread across different AZs within an AWS region
-* Using an external PostgreSQL database (required)
-
-See the [Single-Instance OSS/Pro Kubernetes Chart](./https://github.com/sonatype/nxrm3-helm-repository/tree/main/single-inst-oss-pro-kubernetes) if you are doing the following:
-* Using embedded OrientDB (required)
-* Deploying either Nexus Repository Pro or OSS to an on-premises environment with bare metal/VM server (Node)
-* Deploying a single Nexus Repository instance within a Kubernetes cluster that has a single Node configured
+We now provide one [HA/Resiliency Helm Chart](https://github.com/sonatype/nxrm3-ha-repository/tree/main/nxrm-ha) that supports both high availability and resilient deployments in AWS, Azure, or on-premises in a Kubernetes cluster. This is our only supported Helm chart for deploying Sonatype Nexus Repository; it requires a PostgreSQL database.

SECURITY.md

@@ -1,11 +1,17 @@
 <!--
 
-    Copyright (c) 2019-present Sonatype, Inc. All rights reserved.
-    Includes the third-party code listed at http://links.sonatype.com/products/clm/attributions.
-    "Sonatype" is a trademark of Sonatype, Inc.
+    Sonatype Nexus (TM) Open Source Version
+    Copyright (c) 2008-present Sonatype, Inc.
+    All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
+
+    This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
+    which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
+
+    Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
+    of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
+    Eclipse Foundation. All other trademarks are the property of their respective owners.
 
 -->
-
 # Reporting Security Vulnerabilities
 
 ## When to report

aws-single-instance-resiliency/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2020 Sonatype
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

aws-single-instance-resiliency/README.md

@@ -1,101 +0,0 @@
-# Helm Chart for a Resilient Nexus Repository Deployment in AWS
-
-This Helm chart configures the Kubernetes resources that are needed for a resilient Nexus Repository deployment on AWS as described in our documented [single-node cloud resilient deployment example using AWS](https://help.sonatype.com/repomanager3/planning-your-implementation/resiliency-and-high-availability/single-node-cloud-resilient-deployment-example-using-aws).
-
-Use the checklist below to determine if this Helm chart is suitable for your deployment needs.
-
----
-
-## When to Use This Helm Chart
-Use this Helm chart if you are doing any of the following:
-- Deploying Nexus Repository Pro to an AWS cloud environment with the desire for automatic failover across Availability Zones (AZs) within a single region
-- Planning to configure a single Nexus Repository Pro instance within your Kubernetes/EKS cluster with two or more nodes spread across different AZs within an AWS region
-- Using an external PostgreSQL database
-
-> **Note**: A Nexus Repository Pro license is required for our resilient deployment options. Your Nexus Repository Pro license file must be stored externally as mounted from AWS Secrets AWS (required).
-
----
-
-## Prerequisites for This Chart
-In order to set up an environment like the one illustrated above and described in this section, you will need the following:
-
-- Kubernetes 1.19+
-- [kubectl](https://kubernetes.io/docs/tasks/tools/)
-- [Helm 3](https://helm.sh/docs/intro/install/)
-- A Nexus Repository Pro license
-- An AWS account with permissions for accessing the following AWS services:
-  - Elastic Kubernetes Service (EKS)
-  - Relational Database Service (RDS) for PostgreSQL
-  - Application Load Balancer (ALB)
-  - CloudWatch
-  - Simple Storage Service (S3)
-  - Secrets Manager
-
-You will also need to complete the steps below. See the referenced AWS documentation for detailed configuration steps. Also see [our resiliency documentation](https://help.sonatype.com/repomanager3/planning-your-implementation/resiliency-and-high-availability/single-node-cloud-resilient-deployment-example-using-aws) for more details about why these steps are necessary and how each AWS solution functions within a resilient deployment:
-1. Configure an EKS cluster - [AWS documentation for managed nodes (i.e., EC2)](https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html)
-2. Create an Aurora database cluster - [AWS documentation for creating an Aurora database cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.CreateInstance.html)
-3. Deploy the AWS Load Balancer Controller (LBC) to your EKS cluster - [AWS documentation for deploying the AWS LBC to your EKS cluster](https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html)
-4. Install AWS Secrets Store CSI drivers - You need to create an IAM service account using the ```eksctl create iamserviceaccount``` command. Before proceeding, read the points below as they contain important required steps to ensure this helm chart will work for you:  <br>
-  - **You must include two additional command parameters when running the command**: ```--role-only``` and ```--namespace <nexusrepo namespace>```
-    - It is important to include the ```--role-only``` option in the ```eksctl create iamserviceaccount``` command so that the helm chart manages the Kubernetes service account.  <br> 
-  - **The namespace you specify to the ```eksctl create iamserviceaccount``` must be the same namespace into which you will deploy the Nexus Repository pod.**  <br>
-    - Although the namespace does not exist at this point, you must specify it as part of the command. **Do not create that namespace manually beforehand**; the helm chart will create and manage it. 
-    - You should specify this same namespace as the value of ```nexusNs``` in your values.yaml.  <br>
-  - Follow the instructions provided in the [AWS Secrets Store CSI drivers documentation](https://github.com/aws/secrets-store-csi-driver-provider-aws/blob/main/README.md) to install the AWS Secrets Store CSI drivers; ensure that you follow the additional instructions in the bullets above when you reach the ```eksctl create iamserviceaccount``` command on that page.
-5. Ensure that your EKS nodes are granted CloudWatchFullAccess and CloudWatchAgentServerPolicy IAM policies. This Helm chart will configure Fluentbit for log externalisation to CloudWatch.
-  - [AWS documentation for setting up Fluentbit](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/deploy-container-insights-EKS.html)
-
----
-
-## Deployment
-1. Pull the [nxrm-resiliency-aws-helmchart](https://github.com/sonatype/nxrm3-helm-repository/blob/main/aws-single-instance-resiliency/Chart.yaml).
-2. Ensure you have updated your values.yaml with appropriate values for your environment.
-3. Install the chart using the following:
-  
-```helm install nxrm nexus/nxrm-aws-resiliency --values values.yaml```
-  
-3. Get the Nexus Repository link using the following:
-  
-```kubectl get ingresses -n nexusrepo```
-
----
-
-## Health Check
-You can use the following commands to perform various health checks:
-  
-See a list of releases:
-  
-  ```helm list```
-  
- Check pods using the following:
-  
-  ```kubectl get pods -n nexusrepo```
-  
-Check the Nexus Repository logs with the following:
-  
-  ```kubectl logs <pod_name> -n nexusrepo nxrm-app```
-  
-Check if the pod is OK by using the following; you shouldn't see any error/warning messages:
-  
-  ```kubectl describe pod <pod_name> -n nexusrepo```
-  
-Check if ingress is OK using the following:
-  
-  ```kubectl describe ingress <ingress_name> -n nexusrepo```
-  
-Check that the Fluent Bit pod is sending events to CloudWatch using the following:
-
-  ```kubectl logs -n amazon-cloudwatch <fluent-bit pod id>```
-  
-If the above returns without error, then check CloudWatch for the ```/aws/containerinsights/<eks cluster name>/nexus-logs``` log group, which should contain four log streams.
-
----
-
-## Uninstall
-To uninstall the deployment, use the following:
-  
-  ```helm uninstall nxrm```
-  
-After removing the deployment, ensure that the namespace is deleted and that Nexus Repository is not listed when using the following:
-  
-  ```helm list```

aws-single-instance-resiliency/templates/namespaces.yaml

@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: {{ .Values.namespaces.nexusNs }}
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: {{ .Values.namespaces.cloudwatchNs }}
----

aws-single-instance-resiliency/templates/serviceaccount.yaml

@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ .Values.serviceAccount.name }}
-  namespace: {{ .Values.namespaces.nexusNs }}
-  annotations:
-    eks.amazonaws.com/role-arn: {{ .Values.serviceAccount.role }}

aws-single-instance-resiliency/values.yaml

@@ -1,79 +0,0 @@
-# Declare variables to be passed into your templates.
-namespaces:
-    nexusNs: nexusrepo
-    cloudwatchNs: amazon-cloudwatch
-deployment:
-   name: nxrm.deployment
-   clusterName: nxrm-nexus
-   logsRegion: us-east-1
-   initContainer:
-        image:
-          repository: busybox
-          tag: 1.33.1
-   container:
-        image:
-          repository: sonatype/nexus3
-          tag: 3.41.1
-        containerPort: 8081
-        pullPolicy: IfNotPresent
-        env:
-          nexusDBName: nexus
-          nexusDBPort: 3306
-   requestLogContainer:
-        image:
-          repository: busybox
-          tag: 1.33.1
-   auditLogContainer:
-        image:
-          repository: busybox
-          tag: 1.33.1
-   taskLogContainer:
-        image:
-          repository: busybox
-          tag: 1.33.1
-serviceAccount:
-     name: nexus-repository-deployment-sa #This SA is created as part of steps under "AWS Secrets Manager"
-     role: arn:aws:iam::000000000000:role/nxrm-nexus-role #Role with secretsmanager permissions
-ingress:
-  annotations:
-    kubernetes.io/ingress.class: alb
-    alb.ingress.kubernetes.io/scheme: internal # scheme
-    alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2 #comma separated list of subnet ids
-  dockerIngress:  #Ingress for Docker Connector
-    annotations:
-      kubernetes.io/ingress.class: alb
-      alb.ingress.kubernetes.io/scheme: internal # scheme
-      alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2 #comma separated list of subnet ids
-    port: 9090
-pv:
-  storage: 120Gi
-  volumeMode: Filesystem
-  accessModes: ReadWriteOnce
-  reclaimPolicy: Retain
-  path: /mnt
-  zones:
-    zone1: us-east-1a
-    zone2: us-east-1b
-pvc:
-  accessModes: ReadWriteOnce
-  storage: 100Gi
-
-service:  #Nexus Repo NodePort Service
-  nexus:
-   type: NodePort
-   protocol: TCP
-   port: 80
-   targetPort: 8081
-  docker:  #Nodeport Service for Docker connector
-   type: NodePort
-   protocol: TCP
-   port: 9090
-   targetPort: 9090
-secret:
-  license:
-   arn: arn:aws:secretsmanager:us-east-1:000000000000:secret:nxrm-nexus-license
-   alias: nxrm-license.lic
-  rds:
-    arn: arn:aws:secretsmanager:us-east-1:000000000000:secret:nxrmrds-cred-nexus
-  adminpassword:
-    arn: arn:aws:secretsmanager:us-east-1:000000000000:secret:admin-nxrm-password

build.sh

@@ -0,0 +1,29 @@
+#!/bin/sh
+#
+# Sonatype Nexus (TM) Open Source Version
+# Copyright (c) 2008-present Sonatype, Inc.
+# All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
+#
+# This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
+# which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
+#
+# Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
+# of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
+# Eclipse Foundation. All other trademarks are the property of their respective owners.
+#
+
+helm plugin install --version "0.2.11" https://github.com/quintush/helm-unittest
+
+set -e
+
+# lint yaml of charts
+helm lint ./nxrm-aws-resiliency
+helm lint ./nexus-repository-manager
+
+# unit test
+(cd ./nxrm-aws-resiliency; helm unittest -3 -t junit -o test-output.xml .)
+(cd ./nexus-repository-manager; helm unittest -3 -t junit -o test-output.xml .)
+
+# package the charts into tgz archives
+helm package ./nxrm-aws-resiliency --destination docs
+helm package ./nexus-repository-manager --destination docs

header.txt

@@ -1,3 +1,10 @@
-Copyright (c) 2019-present Sonatype, Inc. All rights reserved.
-Includes the third-party code listed at http://links.sonatype.com/products/clm/attributions.
-"Sonatype" is a trademark of Sonatype, Inc.
+Sonatype Nexus (TM) Open Source Version
+Copyright (c) 2008-present Sonatype, Inc.
+All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
+
+This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
+which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
+
+Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
+of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
+Eclipse Foundation. All other trademarks are the property of their respective owners.

nexus-repository-manager/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# OWNERS file for Kubernetes
+OWNERS
+*.tar

nexus-repository-manager/Chart.yaml

@@ -1,14 +1,16 @@
 apiVersion: v2
 name: nexus-repository-manager
+# The nexus-repository-manager chart is deprecated and no longer maintained
+deprecated: true
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 38.1.0
+version: 64.2.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: 3.38.1
+appVersion: 3.64.0
 
-description: Sonatype Nexus Repository Manager - Universal Binary repository
+description: DEPRECATED Sonatype Nexus Repository Manager - Universal Binary repository
 
 # A chart can be either an 'application' or a 'library' chart.
 #
@@ -35,6 +37,3 @@ home: https://www.sonatype.com/nexus-repository-oss
 icon: https://sonatype.github.io/helm3-charts/NexusRepo_Vertical.svg
 sources:
   - https://github.com/sonatype/nexus-public
-maintainers:
-  - email:  support@sonatype.com
-    name: Sonatype

nexus-repository-manager/README.md

@@ -0,0 +1,19 @@
+<!--
+
+    Sonatype Nexus (TM) Open Source Version
+    Copyright (c) 2008-present Sonatype, Inc.
+    All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
+
+    This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
+    which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
+
+    Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
+    of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
+    Eclipse Foundation. All other trademarks are the property of their respective owners.
+
+-->
+# ⚠️ Archive Notice
+
+As of October 24, 2023, we will no longer update or support this Helm chart.
+
+We now provide one [HA/Resiliency Helm Chart](https://github.com/sonatype/nxrm3-ha-repository/tree/main/nxrm-ha) that supports both high availability and resilient deployments in AWS, Azure, or on-premises in a Kubernetes cluster. This is our only supported Helm chart for deploying Sonatype Nexus Repository; it requires a PostgreSQL database.

nexus-repository-manager/templates/deployment.yaml

@@ -48,7 +48,7 @@ spec:
       hostAliases:
         {{ toYaml .Values.nexus.hostAliases | nindent 8 }}
       {{- end }}
-      {{- if .Values.nexus.imagePullSecrets }}
+      {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
@@ -59,7 +59,14 @@ spec:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
-
+          securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            seccompProfile:
+              type: RuntimeDefault
+            capabilities:
+              drop:
+                - ALL
           lifecycle:
           {{- if .Values.deployment.postStart.command }}
             postStart:

nexus-repository-manager/templates/ingress.yaml

@@ -62,6 +62,9 @@ metadata:
       {{- toYaml . | nindent 4 }}
     {{- end }}
 spec:
+  {{- if $.Values.ingress.ingressClassName }}
+  ingressClassName: {{ $.Values.ingress.ingressClassName }}
+  {{- end }}
   tls:
     - hosts:
       - {{ $registry.host | quote }}